- E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws
- Hackers Breach Argentina’s Airport Security Police Payroll System
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks
- Russian-Speaking Hackers Target Ethereum Developers with Malicious npm Packages
- Critical RCE Flaw in GFI KerioControl Exploited in Active Attacks
- SonicWall Urges Immediate Patching of Critical SonicOS Vulnerability
- Critical Vulnerabilities Identified in Ivanti Products
E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws
The European General Court has fined the European Commission €400 for violating the bloc’s data privacy regulations. This marks the first instance of the Commission being held liable for such an infringement.
The court found that in March 2022, the Commission transferred a German citizen’s personal data, including their IP address and web browser metadata, to Meta’s U.S. servers via the “Sign in with Facebook” option on the now-defunct futureu.europa.eu website.
At the time, there was no decision confirming that the U.S. provided an adequate level of protection for E.U. citizens’ personal data, nor were appropriate safeguards in place. This contravened Article 46 of Regulation 2018/1725, leading to the imposed fine.
View SourceHackers Breach Argentina’s Airport Security Police Payroll System
Argentina’s Airport Security Police (PSA) has suffered a cyberattack compromising the personal and financial data of its officers and employees. Attackers accessed the payroll system, deducting amounts between 2,000 and 5,000 pesos under false labels such as “DD mayor” and “DD seguros.”
The breach is believed to have exploited a vulnerability in Banco Nación’s payroll processing system, potentially involving both foreign and domestic actors.
In response, the PSA has restricted certain services and initiated an internal cybersecurity awareness campaign. Investigations are ongoing to determine the full extent of the breach and to identify those responsible.
View SourceMirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks
A new variant of the Mirai botnet has been exploiting a recently disclosed vulnerability in Four-Faith industrial routers since November 2024 to conduct distributed denial-of-service (DDoS) attacks.
This botnet, active since February 2024 and known as “gayfemboy” due to terminology in its source code, maintains approximately 15,000 daily active IP addresses, with infections primarily in China, Iran, Russia, Turkey, and the United States. It leverages over 20 known security vulnerabilities and weak Telnet credentials for initial access.
Notably, it exploits CVE-2024-12856, an OS command injection flaw in Four-Faith router models F3x24 and F3x36, to deliver its payload. Once deployed, the malware conceals its processes and uses a Mirai-based command format to scan for vulnerable devices, update itself, and launch DDoS attacks.
These attacks, generating traffic around 100 Gbps and lasting between 10 and 30 seconds, have targeted hundreds of entities daily, with activity peaking in October and November 2024.
View SourceRussian-Speaking Hackers Target Ethereum Developers with Malicious npm Packages
Cybersecurity researchers have identified several malicious npm packages impersonating the Nomic Foundation’s Hardhat tool, a development environment for Ethereum software. These counterfeit packages, including “@nomicsfoundation/sdk-test” and “hardhat-gas-optimizer,” are designed to steal sensitive data such as private keys and mnemonic phrases from developers’ systems.
Once installed, they exploit the Hardhat runtime environment to collect confidential information and transmit it to attacker-controlled servers.
This attack highlights the risks associated with the complex dependency chains in open-source ecosystems, where malicious code can be introduced through trusted plugins.
View SourceCritical RCE Flaw in GFI KerioControl Exploited in Active Attacks
A critical remote code execution (RCE) vulnerability, identified as CVE-2024-52875, has been discovered in GFI KerioControl firewalls, affecting versions 9.2.5 through 9.4.5. This flaw arises from improper sanitisation of user input in certain HTTP response headers, enabling attackers to perform HTTP response splitting and cross-site scripting (XSS) attacks. Exploitation of this vulnerability allows adversaries to inject malicious inputs into HTTP response headers, potentially leading to unauthorised system access.
GFI released a patch on December 19, 2024, with version 9.4.5 Patch 1 to address this issue. However, active exploitation attempts have been observed since December 28, 2024, originating from IP addresses in Singapore and Hong Kong. With over 23,800 internet-exposed KerioControl instances worldwide, users are strongly advised to update their systems immediately to mitigate potential threats.
View SourceSonicWall Urges Immediate Patching of Critical SonicOS Vulnerability
SonicWall has issued an urgent advisory concerning a critical authentication bypass vulnerability in its SonicOS firmware, identified as CVE-2024-53704. This flaw affects the SSL-VPN and SSH management systems of various SonicWall devices, including Gen 6/6.5 and Gen 7 firewalls, as well as TZ80 models.
Exploiting this vulnerability could allow remote attackers to bypass authentication mechanisms, potentially leading to unauthorised access.
Administrators are strongly advised to update their devices to the latest firmware versions immediately to mitigate potential risks. As of now, there have been no reports of active exploitation, but prompt action is recommended to ensure network security.
View SourceCritical Vulnerabilities Identified in Ivanti Products
The National Cyber Security Centre (NCSC) has issued an alert regarding multiple vulnerabilities in Ivanti products, notably in Ivanti Endpoint Manager (EPM) versions 2022 and earlier. Among these, CVE-2023-35083 and CVE-2023-35084 are of particular concern, as they could allow unauthorised access to sensitive information.
Additionally, Ivanti Connect Secure (ICS) and Policy Secure products are affected by vulnerabilities such as CVE-2024-21894, CVE-2024-22052, CVE-2024-22053, and CVE-2024-22023, which may lead to remote code execution if exploited.
Administrators are strongly advised to apply the latest security patches provided by Ivanti to mitigate these risks.
View SourceIf you’re ready to learn how we can help protect your business from cyber threats, contact us using the form below 👇.
