12-Feb-24: In Security News Today

Fortinet and Ivanti VPN Customers Face Critical Security Vulnerabilities

Fortinet and Ivanti have disclosed critical vulnerabilities in their VPN technologies that are under active attack and require immediate action from security teams. Fortinet has disclosed four new vulnerabilities, including a critical out-of-bounds vulnerability in its FortiOS SSL VPN technology that is likely being exploited in the wild. Ivanti has disclosed a critical vulnerability in its Connect Secure and Pulse Secure technologies, which allows an unauthenticated attacker access to restricted resources on affected systems. Both vendors’ customers are already dealing with recently patched bugs that are being actively exploited.

French Data Protection Agency Investigates Massive Data Breach Affecting 33 Million Citizens

The French data protection agency, CNIL, is investigating two data breaches at payment processors that have exposed the personal data of nearly half of the country’s population. The breaches, which occurred at Viamedis and Almerys, compromised data for 33 million French citizens. The attackers gained access through a successful phishing attack on an employee and a breach of a portal used by health professionals. The stolen data includes personally identifiable information, but not banking information or medical data. The CNIL has warned policyholders to be vigilant for follow-on attacks and advised businesses to prioritize employee training to strengthen cybersecurity defenses.

Islamic Charitable Organization in Saudi Arabia Targeted in Prolonged Cyber-Espionage Campaign

An Islamic charitable non-profit organization based in Saudi Arabia has been the target of a sophisticated cyber-espionage campaign since May 2023. The attackers used malware called ‘Zardoor’ to establish persistence within the organization’s network and employed open-source reverse proxy tools to evade detection. The threat actor demonstrated high levels of skill and expertise, making it difficult to attribute the campaign to a known adversary.

China Escalates Media Campaign Alleging US Hacking Operations

China has intensified its media campaign accusing the US of hacking operations, collaborating with cybersecurity firms, government agencies, and state media to amplify these allegations. The campaign lacks substantive technical analysis and relies heavily on state media dissemination. The accusations, without substantial evidence, raise questions about China’s motives and the credibility of its cyber claims.

Rhysida Ransomware Cracked, Free Decryption Tool Released

Researchers have discovered an implementation vulnerability in Rhysida ransomware that allows for the reconstruction of encryption keys and decryption of locked data. This marks the first successful decryption of the ransomware strain, and a recovery tool is being distributed. The ransomware, which utilizes double extortion tactics, has been targeting various sectors, and the findings highlight the importance of acknowledging that certain ransomware can be successfully decrypted.

US Government Offers $10m Reward for Hive Ransomware Group Leaders

The US government is offering a reward of up to $10m for information leading to the identification and location of leaders of the Hive ransomware group. The Department of State will also pay up to $5m for information that leads to the arrest and conviction of any individual involved in Hive ransomware activity. The offer comes more than a year after an international law enforcement operation dismantled the gang’s infrastructure and saved victims an estimated $130m in ransom demands.

US-led operation dismantles Warzone malware operation

The US Department of Justice (DoJ) has announced the dismantling of a sophisticated malware operation called Warzone. The operation, led by the US, involved the purchase and analysis of the malware by the FBI, as well as the cooperation of law enforcement partners in several countries to find and dismantle the servers that comprised its online infrastructure. Two individuals connected to the operation have been arrested and face charges related to computer intrusion offenses.

Microsoft Introduces Linux-Like ‘sudo’ Command to Windows 11

Microsoft has introduced a ‘sudo’ command for Windows 11, allowing users to execute commands with administrator privileges. This feature is available in Windows 11 builds 26045 and later and can be enabled in the settings. Microsoft is also open-sourcing the project on GitHub and encouraging users to contribute and report issues.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.