FBI, CISA warn of heightened risk of BEC attacks during holiday season
Source: Cybersecurity Dive
The article details the activities of the "Matrix" botnet, which exploits vulnerabilities in IoT devices like IP cameras and routers for DDoS attacks. Using public tools and weak credentials, the botnet targets devices in multiple countries and offers DDoS-for-hire services via Telegram. It emphasizes the need for basic security practices, such as updating firmware and securing credentials, to mitigate these attacks.
DOJ: Man hacked networks to pitch cybersecurity services
Source: Bleeping Computer
The DOJ has indicted Nicholas Kloster, a Kansas City man, for hacking into networks of organizations to promote his cybersecurity services. He breached a gym's systems and a nonprofit's network, altering data and gaining unauthorized access. Kloster also used stolen credit card information for hacking tools. His actions caused financial damage, and he faces up to 15 years in prison if convicted.
Matrix Botnet Exploits loT Devices in Widespread DDoS Botnet Campaign
Source: The Hacker News
The article details the activities of the "Matrix" botnet, which exploits vulnerabilities in IoT devices like IP cameras and routers for DDoS attacks. Using public tools and weak credentials, the botnet targets devices in multiple countries and offers DDoS-for-hire services via Telegram. It emphasizes the need for basic security practices, such as updating firmware and securing credentials, to mitigate these attacks. The operation is linked to a Russian script kiddie and highlights the accessibility of tools for launching large-scale cyberattacks.
Russian APT Chained Firefox and Windows Zero-Days Against US and European Targets
Source: Securityweek
Russian cyber espionage group RomCom exploited zero-day vulnerabilities in Firefox and Windows, chaining them to deliver backdoor malware targeting U.S. and European organizations, including government and defense sectors. These flaws enabled privilege escalation and remote code execution without user interaction, bypassing security features. The sophisticated attack relied on fake websites hosting malicious code, later patched by Mozilla and Microsoft in October and November 2024, respectively.
Hackers exploit critical bug in Array Networks SSL VPN products
Source: Bleeping Computer
Hackers are actively exploiting a critical vulnerability (CVE-2023-28461) in Array Networks SSL VPN products, which allows remote code execution without authentication. The flaw, rated 9.8/10 in severity, affects AG and vxAG series running ArrayOS 9.4.0.481 and earlier. Though fixed in March 2023, unpatched systems remain vulnerable. CISA advises organizations to apply updates or mitigations by December 16. The vulnerability could impact corporate, government, and enterprise users globally.