Cisco's Talos unit warns of mass brute-force attacks targeting multiple VPN services, web application authentication interfaces, and SSH services. These attacks, observed globally since at least March 18, utilize generic and valid usernames, originating from Tor exit nodes and other anonymizing solutions. Source IP addresses associated with Tor, VPN Gate, and various proxy services are identified, with attackers potentially using additional services. Successful attacks may result in unauthorized network access, account lockouts, or denial-of-service conditions. Affected services include Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, SonicWall VPN, RD Web Services, Miktrotik, Draytek, and Ubiquiti, with others potentially impacted. Cisco has witnessed a significant surge in attack traffic, indicating ongoing and escalating activity. While known associated IP addresses are added to block lists, Cisco warns of their likely change. Indicators of compromise (IoCs) containing IPs, usernames, and passwords are published on GitHub. Given the diverse targets, mitigation strategies will vary based on the affected service, emphasizing the need for tailored responses.
Tanto Security has issued a warning regarding three critical-severity vulnerabilities in the Judge0 open-source service, posing a significant risk of sandbox escapes and complete t...
London Drugs, a prominent Canadian pharmacy and retail chain, has temporarily closed all its stores in response to a cybersecurity incident that occurred over the weekend. Initiall...
The Government Accountability Office (GAO) has identified new deficiencies in the Internal Revenue Service's (IRS) security management, access, and configuration management con...