MobileIron enterprise MDM servers under attack from DDoS gangs, nation-states

Posted by & filed under Ειδοποιήσεις.

A month after details were published about three severe vulnerabilities in a type of server used to manage fleets of mobile devices, multiple threat actors are now exploiting these bugs to take over crucial enterprise servers and even orchestrate intrusions inside company networks. The targets of these attacks are MDM servers from software maker MobileIron. MDM stands… Read more »

Cisco warns of attacks targeting high severity router vulnerability

Posted by & filed under Ειδοποιήσεις.

Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software. The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers. The vulnerability impacts third-party white box routers and the following Cisco… Read more »

Windows GravityRAT malware now also targets Android, macOS

Posted by & filed under Ειδοποιήσεις.

GravityRAT, a malware strain known for checking the CPU temperature of Windows computers to detect virtual machines or sandboxes, is now multi-platform spyware as it can now also be used to infect Android and macOS devices. The GravityRAT Remote Access Trojan (RAT) has been under active development by what looks like Pakistani hacker groups since at least 2015 and has been… Read more »

Discord desktop app vulnerability chain triggered remote code execution attacks

Posted by & filed under Ειδοποιήσεις.

Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks. Bug bounty hunter Masato Kinugawa developed an exploit chain leading to RCE several months ago and published a blog post over the weekend describing the technical details of the method, which combines multiple… Read more »

Critical SonicWall vulnerability affects 800K firewalls [Patch Now]

Posted by & filed under Ειδοποιήσεις.

A critical stack-based Buffer Overflow vulnerability has been discovered in SonicWall VPNs. When exploited, it allows unauthenticated remote attackers to execute arbitrary code on the impacted devices. Tracked as CVE-2020-5135, the vulnerability impacts multiple versions of SonicOS ran by hundreds of thousands of active VPNs. Craig Young of Tripwire Vulnerability and Exposure Research Team (VERT) and Nikita Abramov of Positive Technologies have been credited with discovering… Read more »