ZERO-DAY – Cybersecurity News Everyday

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

January 22, 2025 CybersecurityNews

Summary: Threat actors are exploiting a zero-day vulnerability in Cambium Networks cnPilot routers to deploy the AIRASHI variant of the AISURU botnet for DDoS attacks. The botnet has been active since June 2024, leveraging multiple known vulnerabilities and targeting devices primarily in Brazil, Russia, Vietnam, and Indonesia.…

Cyber Security News

Murdoc Botnet Ensnaring Avtech, Huawei Devices

January 22, 2025 CybersecurityNews

Summary: A new variant of the Mirai malware, named Murdoc Botnet, has been identified exploiting vulnerabilities in Avtech cameras and Huawei routers to create a botnet. This malware has been actively targeting these devices for approximately six months, with over 1,300 IPs involved in the campaign.…

Cyber Security News

7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now

January 22, 2025 CybersecurityNews

Summary: A critical vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) security feature, enabling code execution on users’ systems when extracting malicious files from nested archives. This flaw, tracked as CVE-2025-0411, has been patched, but many users may still be vulnerable due to the lack of an auto-update feature.…

Threat Research

Fortinet Zero-Day CVE-2024-55591 Exposed: Super-Admin Access Risk

January 21, 2025 Cyble

Fortinet has issued a critical advisory for a severe authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS and FortiProxy products, enabling attackers to gain super-admin privileges. This flaw is actively exploited and has a high CVSSv3 score of 9.6. Organizations are urged to upgrade their systems immediately to mitigate risks.…

Cyber Security News

New PoC Exploit Code Released for Zero-Day Vulnerability in Windows CLFS Driver

January 20, 2025 Cyware

Summary: Security researcher MrAle_98 has disclosed a proof-of-concept exploit for a zero-day vulnerability, CVE-2024-49138, affecting the Windows Common Log File System (CLFS) Driver. This elevation of privilege flaw, with a CVSS score of 7.8, allows attackers to gain SYSTEM privileges on affected devices. Microsoft confirmed that the vulnerability was actively exploited before a patch was released, emphasizing the urgency for users to update their systems.…

Trash

Weekly Cybersecurity Roundup: January 13, 2025 – January 19, 2025

January 20, 2025January 20, 2025 iocOne

A series of critical vulnerabilities have been reported across various platforms, including Aviatrix Controller and Microsoft 365 applications, leading to significant security risks such as unauthorized access and data breaches. Additionally, a new phishing tactic targeting Apple iMessage users and a malicious PyPi package aimed at Discord developers have emerged, highlighting the evolving threat landscape.…

Trash

10 Most Historic Cyber Attacks That Changed the Internet World

January 19, 2025January 20, 2025 iocOne

This article discusses the evolution of cyber warfare through historical cyberattacks, emphasizing the importance of cybersecurity in the digital age. It highlights ten significant cyber incidents that have shaped our understanding of digital security, the lessons learned, and the ongoing threats organizations face today. Affected: organizations, government, healthcare, energy, transportation, technology sector

Keypoints :

Cyberattacks are malicious attempts to steal, damage, or disrupt computer systems and data.…

Cyber Security News

CL-UNK-0979 Exploit Zero-Day Flaw in Ivanti Connect Secure to Gain Access to Networks

January 19, 2025 CybersecurityNews

Summary: Palo Alto Networks has issued a threat briefing on two critical vulnerabilities in Ivanti products, CVE-2025-0282 and CVE-2025-0283, which could allow attackers to execute remote code and escalate privileges. The vulnerabilities affect Ivanti’s Connect Secure, Policy Secure, and ZTA gateway appliances, widely used for remote network connections.…

Threat Research

If you think you blocked NTLMv1 in your org, think again

January 18, 2025January 18, 2025 admin

Silverfort has uncovered a significant misconfiguration in Active Directory Group Policy that allows NTLMv1 authentications to persist despite attempts to disable it. This flaw poses a security risk for organizations using on-prem applications, as attackers can exploit this vulnerability to gain unauthorized access. Affected: Active Directory, NTLMv1

Keypoints :

Silverfort’s research reveals a misconfiguration in Group Policy that allows NTLMv1 authentications to continue.…

Info Data Leak

15K Fortinet Device Configs Leaked to the Dark Web

January 18, 2025January 18, 2025 DarkReading

Summary: A significant data leak involving configuration data and VPN credentials for over 15,000 Fortinet devices has surfaced on the Dark Web, attributed to the Belsen Group. This incident follows the disclosure of a critical authentication bypass vulnerability in Fortinet’s systems, which was exploited to gather the leaked data.…

Threat Research

Weekly IT Vulnerability Report: Critical Updates for SAP, Microsoft, Fortinet, and Others

January 18, 2025 Cyble

Key vulnerabilities in major platforms such as SAP, Microsoft, and Fortinet have been identified, necessitating immediate attention due to active exploitation by threat actors. The vulnerabilities include privilege escalation, unauthorized access, and critical flaws in widely used applications. Affected: SAP, Microsoft, Fortinet

Keypoints :

Cyble Research and Intelligence Labs (CRIL) analyzed vulnerabilities disclosed between January 8 and 14, 2025.…

Info Data Leak

Cybersecurity News Review – Week 3 (2025)

January 18, 2025January 18, 2025 iocOne

This week’s cybersecurity newsletter highlights critical vulnerabilities in Fortinet and BeyondTrust products, the exploitation of multiple zero-day flaws by Microsoft, and emerging ransomware tactics targeting AWS. Additionally, it discusses a significant data breach at Stiiizy, the impact of healthcare data breaches in the US, and various government responses to cyber threats.…

Info Data Leak

US sanctions Chinese firm, hacker behind telecom and Treasury hacks

January 18, 2025January 18, 2025 BleepingComputer

Summary: The U.S. Department of the Treasury has sanctioned Yin Kecheng, a Shanghai-based hacker linked to a recent breach of the Treasury’s network, and the Chinese cybersecurity firm Sichuan Juxinhe Network Technology Co. Both are associated with the Salt Typhoon threat group, which has been involved in espionage against U.S.…

Info Data Leak

Industry Reactions to Biden’s Cybersecurity Executive Order: Feedback Friday

January 17, 2025January 18, 2025 SecurityWeek

Summary: President Joe Biden’s recent executive order aims to enhance U.S. cybersecurity by addressing various critical areas, including software supply chains, encryption, and foreign threats. The order has sparked discussions among cybersecurity professionals regarding its future under the incoming Trump administration. Experts express both optimism and concern about the implications of the order for national security and the cybersecurity landscape.…

Info Data Leak

CISA warns of exploited Fortinet bugs as Microsoft issues its biggest Patch Tuesday in years

January 17, 2025January 18, 2025 RecordedFuture

Summary: A zero-day vulnerability in FortiGate firewalls is actively being exploited by hackers, prompting urgent action from the federal government and cybersecurity firms. The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies patch this vulnerability by January 21, highlighting its critical nature. Additionally, concerns have been raised about an older vulnerability that has recently led to the leak of configurations for thousands of FortiGate devices.…

Threat Research

Fortinet firewalls hit with new zero-day attack, older data leak

January 17, 2025 Rapid7

Rapid7 is investigating two significant incidents affecting Fortinet firewall users: a zero-day vulnerability (CVE-2024-55591) that allows remote attackers to gain super-admin privileges and a data leak involving 15,000 FortiGate firewalls. The leaked data, which includes sensitive information, is believed to be from incidents dating back to 2022.…

Cyber Security News

Fortinet Fixes FortiOS Zero-Day Exploited by Attackers for Months

January 16, 2025 Cyware

Summary: Fortinet has addressed a critical authentication bypass vulnerability (CVE-2024-55591) in its FortiOS firewalls and FortiProxy web gateways, which has been actively exploited by attackers as a zero-day. The vulnerability allows remote attackers to gain super-admin privileges, enabling them to execute unauthorized commands. Organizations are urged to upgrade to patched versions and monitor for indicators of compromise due to the ongoing threat from state-sponsored hackers.…

Threat Research

15K Fortigate Firewall Configs Leaked By Belsen Group: Dumped Using Zero-Day in 2022

January 16, 2025 CloudSek

A recent leak of over 15,000 Fortigate firewall configurations has raised concerns about the security of devices vulnerable to CVE-2024-55591 and CVE-2022-40684. The threat actor known as “Belsen_Group” is believed to have exploited these vulnerabilities and subsequently leaked the configurations in January 2025. Organizations are urged to check their exposure and take necessary mitigation steps.…

Info Data Leak

Data From 15,000 Fortinet Firewalls Leaked by Hackers

January 16, 2025January 18, 2025 SecurityWeek

Summary: A hacker group named Belsen Group has leaked data from approximately 15,000 Fortinet firewalls, claiming it is their first official operation. The leaked information includes sensitive data such as IP addresses, passwords, and configurations, likely obtained by exploiting a vulnerability (CVE-2022–40684) back in 2022. Security researcher Kevin Beaumont confirmed the authenticity of the data and warned that it poses ongoing risks to organizations with potentially unpatched devices.…

Threat Research

Securonix Threat Labs 2024 Annual Autonomous Threat Sweeper Intelligence Insights

January 16, 2025 Securonix

The 2024 Annual Cyber Threat Report reveals a significant increase in cyber threats, including advanced persistent threats (APTs) and evolving tactics used by attackers. Key incidents include the resurgence of LockBit ransomware, exploitation of vulnerabilities in widely-used technologies, and notable data breaches affecting major organizations. Affected: Ivanti Connect Secure, GlobalProtect, CrowdStrike, Snowflake, Palo Alto Networks

Keypoints :

Emerging threats exploit vulnerabilities in Ivanti Connect Secure and GlobalProtect VPN.…

Tag: ZERO-DAY