2025-01-30 23:45:48 Pacfic
Juniper Routers Targeted by J-Magic Malware - 6d
A sophisticated campaign dubbed ‘J-Magic’ has been discovered targeting enterprise-grade Juniper routers. Attackers are using ‘magic packets’ to trigger a custom cd00r variant, allowing them to establish a reverse shell and gain full access. The J-magic malware was found to be active from 2023 until at least mid-2024. The malware passively monitors the network for these ‘magic packets’, which are specifically designed TCP packets. This allows for data exfiltration, device takeover, and further malware deployment. This malware targeted semiconductor, energy, manufacturing and IT sectors.
Critical Flaws in WGS-804HPT Switches Enable RCE - 10d
Critical flaws in Planet Technology’s WGS-804HPT industrial switches have been discovered, enabling pre-authentication remote code execution. The vulnerabilities can be chained to achieve remote code execution, potentially allowing attackers to gain control over the network. These switches are widely used in building and home automation systems. The vulnerabilities are a major security issue due to their widespread use and the potential impact on critical infrastructure.
Fortinet Firewall Zero-Day Exploitation - 16d
A zero-day vulnerability in Fortinet firewalls is being actively exploited by attackers. The flaw allows attackers to compromise systems with exposed interfaces. There is a mass exploitation campaign against Fortinet firewalls that peaked in December 2024. Fortinet has released a patch (CVE-2024-55591). It is suspected that the attackers may have been exploiting a zero-day vulnerability before the patch was released. Organizations using Fortinet firewalls are strongly advised to apply the patch as soon as possible.
Salt Typhoon Cyber Espionage on Telecoms - 2d
The China-linked Salt Typhoon hacking group successfully launched a cyber espionage campaign targeting major telecommunications companies AT&T and Verizon. The attackers aimed to gather foreign intelligence, although both companies have stated that their networks are now secure. This incident highlights the ongoing threat of state-sponsored cyber espionage targeting critical infrastructure and telecommunications providers. The initial breach was achieved by exploiting vulnerabilities in network infrastructure, and although the networks are now secure, it emphasizes the need for continuous monitoring and robust security measures to detect and mitigate these threats.