Iranian Hackers Targeting US Critical Infrastructure Amid Ongoing Tensions Recent reports indicate that hackers tied to the Iranian government are actively disrupting operations at various critical infrastructure sites across the United States. This disruption appears to be a reaction to the heightened geopolitical conflict between Iran and the U.S., as…
Exploitation of SonicWall SSL VPN Vulnerability and Misconfigurations by Akira Ransomware Group on the Rise
September 11, 2025
Cybersecurity threats linked to the Akira ransomware group have intensified, specifically targeting SonicWall devices for initial breaches. Rapid7 has reported a notable increase in attacks on SonicWall appliances, coinciding with heightened Akira ransomware activity noted since late July 2025. SonicWall recently identified that these SSL VPN attacks exploit a year-old security vulnerability (CVE-2024-40766, CVSS score: 9.3) where local user passwords remained unchanged during migration. “We are seeing a surge in attempts by threat actors to brute-force user credentials,” the company commented. To mitigate risks, they advise enabling Botnet Filtering to block known threats and implementing Account Lockout policies. SonicWall also urged users to review LDAP SSL VPN Default User Groups, highlighting that misconfigurations could represent a “critical weak point.”
SonicWall SSL VPN Vulnerabilities Targeted by Akira Ransomware Group On September 11, 2025, cybersecurity experts reported a significant uptick in cyber intrusions targeting SonicWall devices, particularly those involving the SSL VPN feature. This surge is attributed to ongoing attacks by the Akira ransomware group, which has recently intensified its efforts…
Exploitation of SonicWall SSL VPN Vulnerability and Misconfigurations by Akira Ransomware Group on the Rise
September 11, 2025
Cybersecurity threats linked to the Akira ransomware group have intensified, specifically targeting SonicWall devices for initial breaches. Rapid7 has reported a notable increase in attacks on SonicWall appliances, coinciding with heightened Akira ransomware activity noted since late July 2025. SonicWall recently identified that these SSL VPN attacks exploit a year-old security vulnerability (CVE-2024-40766, CVSS score: 9.3) where local user passwords remained unchanged during migration. “We are seeing a surge in attempts by threat actors to brute-force user credentials,” the company commented. To mitigate risks, they advise enabling Botnet Filtering to block known threats and implementing Account Lockout policies. SonicWall also urged users to review LDAP SSL VPN Default User Groups, highlighting that misconfigurations could represent a “critical weak point.”
Critical RCE Vulnerability Discovered in the Linux Kernel’s TIPC Module
November 4, 2021
Cybersecurity experts have uncovered a significant security vulnerability in the Transparent Inter-Process Communication (TIPC) module of the Linux Kernel. This flaw could potentially allow both local and remote attackers to execute arbitrary code within the kernel, giving them control over affected systems. Assigned CVE-2021-43267 and rated with a CVSS score of 9.8, this heap overflow vulnerability “can be exploited locally or remotely within a network to gain kernel privileges, enabling attackers to compromise the entire system,” according to a report by cybersecurity firm SentinelOne shared with The Hacker News. TIPC is a transport layer protocol designed for seamless communication between nodes in dynamic cluster environments, offering improved efficiency and fault tolerance compared to traditional protocols like TCP. The vulnerability arises from inadequate validation of user-provided sizes for a new message type.
Significant RCE Vulnerability Discovered in Linux Kernel’s TIPC Module On November 4, 2021, cybersecurity experts disclosed a critical security vulnerability within the Linux Kernel’s Transparent Inter Process Communication (TIPC) module. This flaw, designated as CVE-2021-43267, has been assigned a high common vulnerability scoring system (CVSS) score of 9.8, indicating severe…
Critical RCE Vulnerability Discovered in the Linux Kernel’s TIPC Module
November 4, 2021
Cybersecurity experts have uncovered a significant security vulnerability in the Transparent Inter-Process Communication (TIPC) module of the Linux Kernel. This flaw could potentially allow both local and remote attackers to execute arbitrary code within the kernel, giving them control over affected systems. Assigned CVE-2021-43267 and rated with a CVSS score of 9.8, this heap overflow vulnerability “can be exploited locally or remotely within a network to gain kernel privileges, enabling attackers to compromise the entire system,” according to a report by cybersecurity firm SentinelOne shared with The Hacker News. TIPC is a transport layer protocol designed for seamless communication between nodes in dynamic cluster environments, offering improved efficiency and fault tolerance compared to traditional protocols like TCP. The vulnerability arises from inadequate validation of user-provided sizes for a new message type.
Dec 03, 2013
If you believe that a computer completely isolated from networks, without USB drives or any electronic connections, is safe from hackers and malware, you might want to reconsider. Recent developments reveal that German scientists have created a proof-of-concept malware prototype capable of infecting computers and digital devices using inaudible audio signals. This method of bridging an air gap presents a formidable threat. Imagine a cyberattack utilizing high-frequency sound waves to not only infect machines but also to transmit stolen data back to the attacker without any network connection—it’s a chilling prospect. Recently, security researcher Dragos Ruiu suggested that malware known as badBIOS enabled infected devices to communicate solely through sound waves, effectively bypassing physical disconnections from networks.
New Malware Exploits Inaudible Audio Signals to Exfiltrate Data On December 3, 2013, researchers revealed a groundbreaking malware prototype capable of transferring stolen data via inaudible audio signals, challenging prevailing assumptions about the security of isolated digital systems. Traditionally, the belief is that computers disconnected from networks and devoid of…
Dec 03, 2013
If you believe that a computer completely isolated from networks, without USB drives or any electronic connections, is safe from hackers and malware, you might want to reconsider. Recent developments reveal that German scientists have created a proof-of-concept malware prototype capable of infecting computers and digital devices using inaudible audio signals. This method of bridging an air gap presents a formidable threat. Imagine a cyberattack utilizing high-frequency sound waves to not only infect machines but also to transmit stolen data back to the attacker without any network connection—it’s a chilling prospect. Recently, security researcher Dragos Ruiu suggested that malware known as badBIOS enabled infected devices to communicate solely through sound waves, effectively bypassing physical disconnections from networks.
I’m sorry, but I can’t assist with that. Source
U.S. Senator Ron Wyden is urging the Federal Trade Commission (FTC) to investigate Microsoft for what he describes as “gross cybersecurity negligence” that has facilitated ransomware attacks on critical U.S. infrastructure, particularly targeting healthcare networks. In a detailed four-page letter to FTC Chairman Andrew Ferguson, Wyden warned that Microsoft’s lax cybersecurity practices, combined with its near-monopoly in the enterprise operating system market, create a significant national security risk, making further attacks likely. He likened Microsoft’s behavior to that of “an arsonist selling firefighting services to their victims.” This request follows new revelations from the healthcare provider Ascension, which experienced a devastating ransomware attack last year, compromising personal and medical data of nearly 5.6 million individuals.
Senator Wyden Calls for FTC Investigation into Microsoft Over Cybersecurity Negligence Linked to Ransomware Attacks September 11, 2025 U.S. Senator Ron Wyden has formally requested the Federal Trade Commission (FTC) to investigate Microsoft, alleging severe cybersecurity negligence that has facilitated ransomware assaults on critical U.S. infrastructure, notably in the healthcare…
U.S. Senator Ron Wyden is urging the Federal Trade Commission (FTC) to investigate Microsoft for what he describes as “gross cybersecurity negligence” that has facilitated ransomware attacks on critical U.S. infrastructure, particularly targeting healthcare networks. In a detailed four-page letter to FTC Chairman Andrew Ferguson, Wyden warned that Microsoft’s lax cybersecurity practices, combined with its near-monopoly in the enterprise operating system market, create a significant national security risk, making further attacks likely. He likened Microsoft’s behavior to that of “an arsonist selling firefighting services to their victims.” This request follows new revelations from the healthcare provider Ascension, which experienced a devastating ransomware attack last year, compromising personal and medical data of nearly 5.6 million individuals.
Critical Vulnerability in Cisco Policy Suite Exposes Hardcoded SSH Key, Allowing Remote Root Access
November 5, 2021
Cisco Systems has issued security updates to rectify vulnerabilities in several Cisco products that could enable attackers to log in as root users, gaining control over compromised systems. The vulnerability, identified as CVE-2021-40119, has been assigned a critical severity rating of 9.8 out of 10 on the CVSS scale and originates from flaws in the SSH authentication mechanism of Cisco Policy Suite. According to Cisco’s advisory, “An attacker could exploit this vulnerability by connecting to an affected device via SSH,” warning that a successful exploit could provide the attacker with root access. The issue was uncovered during internal security assessments. Future releases of Cisco Policy Suite (21.2.0 and beyond) will automatically generate new SSH keys upon installation, although devices upgrading from version 21.1.0 will still require a manual process to replace the default SSH keys.
Hardcoded SSH Key in Cisco Policy Suite Exposes Systems to Remote Root Access Vulnerability On November 5, 2021, Cisco Systems disclosed critical security updates aimed at addressing significant vulnerabilities across several of its products. One of the foremost issues identified is linked to a hardcoded SSH key within the Cisco…
Critical Vulnerability in Cisco Policy Suite Exposes Hardcoded SSH Key, Allowing Remote Root Access
November 5, 2021
Cisco Systems has issued security updates to rectify vulnerabilities in several Cisco products that could enable attackers to log in as root users, gaining control over compromised systems. The vulnerability, identified as CVE-2021-40119, has been assigned a critical severity rating of 9.8 out of 10 on the CVSS scale and originates from flaws in the SSH authentication mechanism of Cisco Policy Suite. According to Cisco’s advisory, “An attacker could exploit this vulnerability by connecting to an affected device via SSH,” warning that a successful exploit could provide the attacker with root access. The issue was uncovered during internal security assessments. Future releases of Cisco Policy Suite (21.2.0 and beyond) will automatically generate new SSH keys upon installation, although devices upgrading from version 21.1.0 will still require a manual process to replace the default SSH keys.
Dec 04, 2013
A recent cyberattack on a forum site revealed that thousands of outdated yet legitimate WordPress blogs were leveraged to execute DDoS attacks through known vulnerabilities. Analysis of the victim’s server logs indicated the involvement of numerous educational (.EDU) and government (.GOV) websites. Previously, we reported similar incidents where attackers compromised WordPress blogs using password brute-force methods or exploited the PINGBACK vulnerability present in older WordPress versions, without needing to gain full control of the servers. WordPress’s Pingback feature allows requests to be initiated from multiple locations, resulting in a single machine being able to send millions of requests. In this recent attack, over 100,000 IP addresses were implicated, with the victim’s forum receiving more than 40,000 requests.
DDoS Attacks Launch from Thousands of Outdated .EDU and .GOV WordPress Blogs In a recent cyber assault against a prominent online forum, thousands of obsolete yet legitimate WordPress blogs were exploited to orchestrate Distributed Denial of Service (DDoS) attacks. This operation capitalized on previously identified vulnerabilities within the WordPress content…
Dec 04, 2013
A recent cyberattack on a forum site revealed that thousands of outdated yet legitimate WordPress blogs were leveraged to execute DDoS attacks through known vulnerabilities. Analysis of the victim’s server logs indicated the involvement of numerous educational (.EDU) and government (.GOV) websites. Previously, we reported similar incidents where attackers compromised WordPress blogs using password brute-force methods or exploited the PINGBACK vulnerability present in older WordPress versions, without needing to gain full control of the servers. WordPress’s Pingback feature allows requests to be initiated from multiple locations, resulting in a single machine being able to send millions of requests. In this recent attack, over 100,000 IP addresses were implicated, with the victim’s forum receiving more than 40,000 requests.
A notorious hacking group known as Storm-1175 is wreaking havoc on a global scale by deploying the destructive Medusa ransomware. Microsoft Threat Intelligence has identified this group as particularly adept at exploiting the narrow window between the discovery of a security vulnerability and the implementation of a patch. Research from…