VulnHub

Fortinet has reported that a five-year-old vulnerability in its FortiOS SSL VPN is being actively exploited. This flaw, identified as CVE-2020-12812, allows attackers to bypass two-factor authentication under specific configurations, enabling unauthorized access to systems. Organizations using affected versions of FortiOS SSL VPN should be particularly vigilant, as this vulnerability could lead to significant security breaches. The issue emphasizes the need for users to ensure their VPN configurations are secure and up-to-date. Fortinet's warning serves as a critical reminder of the importance of addressing known vulnerabilities, even those that have been around for several years.

On Monday, the French national postal service, La Poste, experienced a significant disruption due to a Distributed Denial of Service (DDoS) attack. The attack caused central computer systems to go offline, impacting operations across the postal service. Pro-Russian hacker groups have claimed responsibility for the incident, raising concerns about the motivations behind such attacks amid ongoing geopolitical tensions. This incident not only disrupts postal services but also highlights the vulnerability of critical infrastructure to cyber threats. As La Poste works to restore services, this event serves as a reminder of the increasing frequency and severity of cyberattacks targeting essential services.

The French postal service, La Poste, has been facing significant disruptions due to a major DDoS (Distributed Denial of Service) attack. This incident, which occurred just before Christmas, has rendered their online services largely inaccessible, impacting both customers and businesses that rely on postal services during the holiday season. La Poste acknowledged the situation and described it as a 'major network incident.' As the postal service works to restore functionality, users may experience delays and challenges in sending and receiving packages, which is particularly concerning during this busy time of year. The attack raises important questions about the security of critical infrastructure and the potential for further disruptions in similar sectors.

Kaspersky's GReAT team has released findings on a sophisticated attack by a group known as Evasive Panda APT. This group employs a technique that poisons DNS requests to deploy a malicious implant called MgBot. The attack chain includes the use of shellcode that is encrypted with DPAPI and RC5, making it harder to detect. This method poses a significant risk as it can compromise systems and networks by redirecting legitimate traffic to malicious sites. Organizations need to be aware of these tactics to prevent potential breaches and protect their infrastructure.

A recent breach involving Red Hat’s self-managed GitLab has compromised the data of approximately 21,000 Nissan customers. The Japanese automaker confirmed that attackers accessed their GitLab instance, which is used by Red Hat Consulting. This incident raises significant concerns about data security, especially given the sensitive nature of the information that may have been stolen. Such breaches can lead to identity theft and further exploitation of affected individuals. Companies like Nissan must prioritize their cybersecurity measures to protect customer data and maintain trust.

The Clop ransomware group has claimed responsibility for a significant data breach at the University of Phoenix, affecting approximately 3.5 million people. The breach reportedly exposed sensitive information, although the exact nature of the data compromised has not been detailed. This incident raises serious concerns about the security measures in place at educational institutions and the potential for misuse of the stolen data. Individuals affected by the breach may face risks such as identity theft or phishing attempts. As the investigation continues, it underscores the need for stronger cybersecurity protocols to protect personal information in higher education settings.

Romania's national water authority, Romanian Waters, recently experienced a significant ransomware attack that affected around 1,000 of its systems. Fortunately, the attack did not compromise the safety of the dams, which remain secure. Authorities are actively working to restore operations without paying the ransom demanded by the attackers. This incident is a stark reminder of the vulnerabilities critical infrastructure faces from cyber threats, emphasizing the need for robust cybersecurity measures in public services. The situation is still developing as officials assess the full impact and work on recovery efforts.

Two malicious Chrome extensions called 'Phantom Shuttle' have been discovered in the Chrome Web Store, masquerading as tools for a proxy service. These extensions are designed to hijack user traffic and steal sensitive information, including login credentials. Users who have installed these extensions are at risk of having their personal data compromised. This incident serves as a reminder for users to be cautious when downloading browser extensions and to regularly review their installed plugins. Google has a responsibility to monitor the extensions available in its store to protect users from such threats.