VulnHub

Email continues to be the main entry point for cyber attackers, with significant increases in various types of email threats. Malware delivered through email surged by over 130% year-over-year, while phishing scams rose by more than 20% and other scams increased by 30%. These alarming trends expose vulnerabilities across different industries, indicating that many security teams are still missing critical gaps in their defenses. As attackers increasingly exploit email for impersonation and account takeover, companies must reassess their email security strategies to better protect sensitive information and prevent breaches. The growing reliance on email as a communication tool makes it essential for organizations to prioritize security measures in this area.

Hackers using the RondoDox botnet are exploiting a vulnerability in Next.js known as React2Shell to take control of over 90,000 unpatched devices. This includes a range of products such as routers, smart cameras, and small business websites. The attack is particularly concerning because it targets devices that often lack regular updates or security patches, making them easy targets for cybercriminals. Users of these devices should be vigilant and consider updating their systems to protect against this growing threat. The scale of the devices affected raises alarms about the potential for widespread disruption if left unaddressed.

Over 10,000 Fortinet firewalls are currently at risk due to a two-factor authentication (2FA) bypass vulnerability that has been known for five years. This vulnerability allows attackers to exploit systems that have not implemented proper security measures, potentially granting them unauthorized access to sensitive data and networks. The issue is particularly pressing because it affects devices that are publicly accessible on the internet, increasing the likelihood of exploitation. Organizations using these firewalls need to act quickly to secure their systems and protect against potential breaches. It's crucial for users to verify their configurations and apply any available updates to mitigate this serious risk.

The European Space Agency (ESA) has confirmed a data breach after a hacker, known as '888', attempted to sell stolen data online. The breach involved external science servers, raising concerns about the security of sensitive information related to ESA's projects. This incident highlights the risks that organizations face from cybercriminals looking to exploit vulnerabilities for financial gain. The ESA's acknowledgment of the breach indicates that they are taking steps to address the situation, but the full scope of the data compromised remains unclear. As this breach could potentially affect ongoing scientific research and collaborations, it underscores the need for robust cybersecurity measures in institutions handling critical data.

Fortinet has issued a warning about ongoing attacks that exploit an old vulnerability in its FortiOS software, identified as CVE-2020-12812. This flaw allows attackers to bypass two-factor authentication, which can significantly compromise the security of affected systems. Organizations using FortiOS should be particularly vigilant, as this vulnerability has resurfaced in active attacks. The potential for unauthorized access puts sensitive data at risk, making it critical for users to address this issue promptly. Cybersecurity teams are urged to review their systems and implement necessary updates to safeguard against these threats.

Users of the Trust Wallet Chrome extension have reported significant cryptocurrency losses after a malicious update was released on December 24. This compromised update allowed attackers to drain wallets, leading to millions in losses for affected individuals. In conjunction with this incident, researchers discovered a phishing domain set up by the hackers, further indicating a coordinated effort to exploit Trust Wallet users. The company has responded urgently, advising users to take precautions and remain vigilant to avoid further losses. This incident serves as a stark reminder of the risks associated with browser extensions and the importance of ensuring that software updates are legitimate and secure.

Federal authorities have seized a password database linked to a large-scale bank account takeover scheme that targeted $28 million in funds. The attackers used phishing techniques to compromise bank accounts, putting numerous individuals and financial institutions at risk. This operation illustrates the ongoing threat posed by cybercriminals who exploit user credentials to access sensitive financial information. The seizure of the password database is a significant step in disrupting these criminal activities and protecting potential victims from further financial loss. As phishing remains a prevalent tactic, users must remain vigilant and practice safe online behaviors to safeguard their accounts.

WatchGuard has reported an exploitation of a zero-day vulnerability in its Firebox devices, which are critical components for network security. This vulnerability has caught the attention of attackers, joining a troubling trend where various edge device vendors are targeted. Organizations using WatchGuard Firebox devices should be particularly vigilant, as the flaw could allow unauthorized access to their networks. The situation emphasizes the need for prompt attention to security updates and patches to protect against potential breaches. Users and IT departments are advised to stay updated on any security advisories from WatchGuard to mitigate risks effectively.