due

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

Dec 28, 2024 by iHash Leave a Comment

Dec 28, 2024Ravie LakshmananVulnerability / Threat Intelligence A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and … [Read more...] about 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight

Jul 31, 2024 by iHash Leave a Comment

Jul 31, 2024Ravie LakshmananWeb Security / Compliance Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper … [Read more...] about DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight

Global outage of Microsoft clients due to CrowdStrike update

Jul 20, 2024 by iHash Leave a Comment

Ever heard the unspoken rule: “Never release on Friday”? We have, but CrowdStrike hasn’t. They released a tiny driver on an ordinary Friday morning, which became the cause of a huge outage all over the world. An incorrect update for CrowdStrike’s EDR (Endpoint Detection and Response) solution has affected Windows devices around the world — giving corporate users the Blue Screen … [Read more...] about Global outage of Microsoft clients due to CrowdStrike update

Leveraging CrowdStrike Falcon Next-Gen SIEM Against Attacks Targeting Okta

Detecting MFA Fatigue The following rule looks for instances where multiple MFA push notifications are sent to a given user and identifies scenarios where multiple failed push notifications are sent and a successful push notification followed. Note that when a push notification is sent, it’s also transmitted to each registered device, which may result […]

Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers

Jan 21, 2025Ravie LakshmananBotnet / Vulnerability Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity “demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks,” […]

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

Jan 20, 2025Ravie LakshmananNetwork Security / Vulnerability New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. “Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in […]

Biden’s new Cybersecurity Executive Order: What you need to know

President Biden has issued his long-awaited Cybersecurity Executive Order. This directive comes in the final days of the administration and outlines a number of measures to enhance national cybersecurity — placing a strong emphasis on the Cybersecurity and Infrastructure Security Agency (CISA) and its important role in safeguarding federal systems and critical infrastructure. The lengthy […]

Modern Security for Legacy Environments

Many organizations across critical industries such as healthcare, manufacturing and energy rely on legacy Windows operating systems to run essential equipment. These systems, while operationally vital, are notoriously difficult and costly to upgrade — leaving them vulnerable to modern cyber threats. CrowdStrike is addressing this challenge by expanding our legacy support with the general […]

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Jan 17, 2025Ravie LakshmananFirmware Security / Vulnerability Cybersecurity researchers have disclosed three security flaws in Planet Technology’s WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. “These switches are widely used in building and home automation systems for a variety of networking applications,” Claroty’s Tomer Goldschmidt said in […]

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate. Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight

Global outage of Microsoft clients due to CrowdStrike update