Posts

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

-
Image
  WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process that could allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer," the company said in a Thursday advisory. If the Firebox was previously configured with the mobile user VPN with IKEv2 or a branch office VPN using IKEv2 to a dynamic gateway peer, and both of those configurations have since been deleted, that Firebox may still be vulnerable if a branch office VPN to a static gateway peer is still configured. The vulnerability impacts the following versions of Fireware OS: 2025.1 - Fixed in 2025.1.4 12.x - Fixed in 12.11.6 12.5.x (T15 & T35 models)...
Post a Comment
Read more

GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

-
Image
  A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code, and commit click and ad fraud.The extensions have been collectively downloaded over 50,000 times, according to Koi Security, which discovered the campaign. The add-ons are no longer available. These browser programs were advertised as VPNs, screenshot utilities, ad blockers, and unofficial versions of Google Translate. The oldest add-on, Dark Mode, was published on October 25, 2024, offering the ability to enable a dark theme for all websites. The full list of the browser add-ons : Free VPN,  Screenshot                                                                              ...
Post a Comment
Read more

Strengthening Cyber Resilience Through Supplier Management

-
Image
  Recent data  shows third-party and supply chain breaches — including software supply chain attacks — now cost an average of $4.91 million per incident, and take 267 days to resolve. This isn’t surprising, considering how vendor usage has evolved over the last several years. Many businesses manage sprawling networks of suppliers, each with their own technology partners, security protocols and potential vulnerabilities. A weakness in any part of this extended armor can expose an entire organization to devastating breaches.  But there are actionable steps organizations can take to regain visibility over their supplier ecosystems and proactively manage related cyber risk.   Overall, supply chain and procurement professionals should implement rigorous vetting criteria for supplier partners, in order to maintain oversight of what systems and software connect to their network.  The first step is to ensure suppliers follow established cybersecurity standards, includin...
Post a Comment
Read more

40,000 Phishing Emails Disguised as SharePoint and and e-Signing Services: A New Wave of Finance-Themed Scams

-
Image
  The hyperconnected world has made it easier than ever for businesses and consumers to exchange documents, approve transactions, and complete critical financial workflows with just a click. Digital file sharing and electronic signature platforms used widely across banking, real estate, insurance, and everyday business operations, have become essential to how modern organizations move at speed. But that same convenience creates an opening for cyber criminals. Email security researchers at Check Point have recently uncovered a phishing campaign where attackers impersonate file-sharing and e-signature services to deliver finance-themed lures that look like legitimate notifications. In this incident, attackers sent over  40,000 phishing emails  targeting roughly  6,100 customers  over the past two weeks. All malicious links were funneled through https://url.za.m.mimecastprotect.com, increasing trust by mimicking familiar redirect flows. The hyperconnected world has...
Post a Comment
Read more

Hamas-Linked Hackers Probe Middle Eastern Diplomats

-
Image
  A cyber threat group affiliated with Hamas has been conducting espionage across the Middle East. " Wirte " — tracked by Palo Alto's Unit 42 as "Ashen Lepus" — has been spying on regional government bodies and diplomatic entities since 2018. Lately, it's been expanding its interests into countries less directly associated with the Israel-Palestine conflict, like Oman and Morocco. And to match its broadening scope, Wirte has invented a new malware suite with a variety of features useful for evading cybersecurity programs. "When the group first started they used very simple tools — it didn't seem like the people behind the group had a lot of technical know-how," say Unit 42 researchers, who requested anonymity for this article. "However, over the years we've seen this group evolve their tools and techniques; we're now observing an evolution and enhancement in their capabilities." Hamas's New Malware & TTPs T...
Post a Comment
Read more

Copilot's No-Code AI Agents Liable to Leak Company Data

-
Image
  Artificial intelligence (AI) agents are a breeze to create using Microsoft Copilot Studio, and almost just as easy to manipulate into divulging sensitive corporate data. Despite broad security concerns about AI agents, last year, Microsoft decided to allow even totally nontechnical users to deploy their own autonomous bots. You don't need to know how to code at all now — using a simple graphical interface, employees can spin up robots that automate business processes, integrate with other business platforms, and can perform customer-facing functions. There's a certain lack of shock factor, then, in a new Tenable report detailing just how insecure these agents can be. In a simple experiment, researchers created a basic agent, and then very easily demonstrated how it could be coaxed into spilling private data and granting attackers other silly powers. "These tools can naively become a massive risk due to their level of access, ability to perform actions, a...
Post a Comment
Read more

Malicious VSCode Marketplace extensions hid trojan in fake PNG file

-
Image
  A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders. The malicious activity was uncovered recently, and security researchers found that the operator used a malicious file posing as a .PNG image. The VSCode Market is Microsoft’s official extensions portal for the widely used VSCode integrated development environment (IDE), allowing developers to extend its functionality or add visual customizations. Due to its popularity and potential for high-impact supply-chain attacks, the platform is constantly targeted by threat actors with evolving campaigns. ReversingLabs, a company specializing in file and software supply-chain security, found that the malicious extensions come pre-packaged with a ‘ node_modules ’ folder to prevent VSCode from fetching dependencies from the npm registry when installing them. Inside the bundled folder, th...
Post a Comment
Read more