Szolgáltatóknak

The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command-and-control servers from Pyongyang.

VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.

Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.

The accused include North Korean citizens Jin Sung-Il and Pak Jin-Song, Mexican national Pedro Ernesto Alonso De Los Reyes, and US citizens Erick Ntekereze Prince and Emanuel Ashtor.

The US Court of Appeals has vacated the original sentence of Conor Brian Fitzpatrick, also known as Pompompurin, who is the founder of the BreachForums cybercrime marketplace.

"A new certificate has already been deployed in OCS, and any server that is updated to any Exchange Server Cumulative Update or Security Update newer than March 2023 will continue to be able to check for new EEMS mitigations," the Exchange Team said.

Eclypsium, the enterprise firmware and hardware security firm that discovered the flaws, analyzed three firewall models: PA-3260, PA-1410, and PA-415, and reported that all were affected by the BootHole vulnerability, a GRUB2 bootloader flaw that could enable attackers to bypass Secure Boot and install persistent malware.

The issue was described as a microcode signature verification vulnerability and could potentially allow unauthorized microcode to bypass verification mechanisms and be loaded into affected CPUs.

The tool's latest features focus on proactive prevention of account compromise and enhanced threat response capabilities, as well ways to make these capabilities available to a broader range of customers.

The new security tool is integrated into the company's Edge browser and uses machine learning and computer vision to identify fraudulent full-screen pop-ups that trick users into installing malware or purchasing unnecessary software.