VPN Configuration Under Attack: Check Point Urges Review
Check Point, a cybersecurity firm, has issued a warning to customers to review their VPN configurations amid a surge in attacks targeting VPNs from various vendors. The company observed attempts to breach its customers' VPNs using outdated local accounts with password-only authentication, which did not exploit software vulnerabilities but leveraged weaker authentication methods. To prevent potential exploitation, Check Point recommends disabling unnecessary local accounts, enhancing security with additional authentication layers, and implementing a solution to automatically prevent unauthorized access via local accounts with password-only authentication.
Fake Pegasus Spyware Strains Populate Clear and Dark Web
CloudSEK, a cloud security provider, has discovered that fake Pegasus spyware strains are being sold on the surface web, dark web, and instant messaging platforms. This following Apple's warning about "mercenary spyware" attacks, CloudSEK investigated and found that approximately 25,000 Telegram posts claimed to sell authentic Pegasus source code, but most were fraudulent and ineffective. Threat actors created their own tools and scripts, distributing them under Pegasus' name for financial gain. The report highlights the importance of staying vigilant and relying on credible sources for information on cyberattacks and malware.
TP-Link Patches Critical Vulnerability in Archer C5400X Gaming Router
TP-Link has resolved a high-stakes vulnerability in its Archer C5400X gaming router, tracked as CVE-2024-5035, which could have allowed remote command execution with elevated privileges. The vulnerability, initially reported on February 16, 2024, affected versions before 1_1.1.7. TP-Link released a patch on May 27, 2024, fixing the issue. Users are advised to upgrade to version 1_1.1.7 to mitigate the risk.
DeFi Protocols Hit with $25 Million in Cyber Attacks
Three DeFi protocols, Sonne Finance, BlockTower, and ALEX Lab, have been targeted in cyber attacks, resulting in a combined loss of approximately $25 million in cryptocurrency. The attacks, which occurred around May 14, exploited vulnerabilities in the protocols, including an "empty market" bug and a private key compromise. Sonne Finance suffered the largest loss, with $20 million stolen via an exploited bug. ALEX Lab lost around $4 million in a suspected private key compromise.
BlockTower Capital saw a loss of approximately $1.5 million in this incident.
The attacks highlight the ongoing security concerns in the DeFi space, with investors calling for improved network-level security and standardized protocols to prevent such breaches. Some are turning to AI-powered security solutions to mitigate these risks.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
New Heights with Jason & Travis Kelce
Football’s funniest family duo — Jason Kelce of the Philadelphia Eagles and Travis Kelce of the Kansas City Chiefs — team up to provide next-level access to life in the league as it unfolds. The two brothers and Super Bowl champions drop weekly insights about the weekly slate of games and share their INSIDE perspectives on trending NFL news and sports headlines. They also endlessly rag on each other as brothers do, chat the latest in pop culture and welcome some very popular and well-known friends to chat with them. Check out new episodes every Wednesday. Follow New Heights on the Wondery App, YouTube or wherever you get your podcasts. You can listen to new episodes early and ad-free, and get exclusive content on Wondery+. Join Wondery+ in the Wondery App, Apple Podcasts or Spotify. And join our new membership for a unique fan experience by going to the New Heights YouTube channel now!
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.