News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Since 2017: Zero-day exploits in Windows LNK files
Since 2017: Zero-day exploits in Windows LNK files Image: Bing - AI

The Zero Day Initiative (ZDI) has identified ZDI-CAN-25373, a Windows .lnk file vulnerability that has been abused by APT groups with zero-day exploits since 2017. The Zero Day Initiative's threat hunting team has identified nearly 1000 malicious .lnk files that abuse ZDI-CAN-25373, a vulnerability that allows attackers to execute hidden malicious commands on a victim's computer by using crafted shortcut files. The attacks use hidden command-line arguments in .lnk files to execute malicious zero-day exploits. This poses significant risks for organizations of data theft and...

Read more

Mirai botnet: Analysis of DigiEver vulnerabilities
B2B Cyber ​​Security ShortNews

Security researchers discovered bugs in DigiEver in July 2023 and reported them to TWCERT/CC. DigiEver closed the case in August 2023, citing the device as being five years out of date. Now, in 2025, the vulnerabilities are still being exploited—an analysis reveals. Subsequently, two CVE numbers were reserved for these bugs in mid-December 2023. But the story didn't end there, because in December 2024, it was revealed that a botnet called Hail Cock had exploited one of these bugs, meaning the vulnerability was still open. Unknown versions of DigiEver DVRs were...

Read more

Microsoft: UEFI Secure Boot vulnerability discovered
Microsoft: UEFI Secure Boot vulnerability discovered

A security software provider has discovered a security vulnerability that can be used to bypass UEFI Secure Boot. This allows criminals to inject malware when the computer starts up. Microsoft released a security patch in January to close the vulnerability. A newly discovered security vulnerability threatens the integrity of computer systems worldwide: Researchers from IT security manufacturer ESET have identified a vulnerability that can bypass the so-called UEFI Secure Boot. This function, which is intended to ensure secure system startup, is activated on most modern computers. UEFI bootkits can be infiltrated The security vulnerability (CVE-2024-7344)…

Read more

Backdoor in surveillance monitor classified as vulnerability
B2B Cyber ​​Security ShortNews

On January 30, the US cybersecurity agency CISA published an alert about a backdoor in medical monitoring monitors, which was supplemented by a notification from the US Food and Drug Administration (FDA). According to the alert, the Chinese-made Contec CMS8000 medical monitoring monitor and OEM white-label variants contain a backdoor that communicates with a Chinese IP address. Security researchers from Team82, the research division of cyber-physical systems (CPS) security specialist Claroty, examined the firmware and concluded that it is most likely NOT a hidden backdoor, but an insecure/vulnerable design that poses a high risk for...

Read more

Zero-day vulnerability in Ivanti Connect Secure VPN
Zero-day vulnerability in Ivanti Connect Secure VPN

Mandiant has released details of a zero-day vulnerability (CVE-2025-0282) that Ivanti disclosed and simultaneously patched, affecting its Ivanti Connect Secure VPN ("ICS") applications. Ivanti identified the vulnerability based on clues from the company-provided Integrity Checker Tool ("ICT") and other commercial security monitoring tools. As Mandiant notes in its analysis, CVE-2025-0282 was exploited by a suspected Chinese espionage actor as early as December 2024. While Mandiant cannot currently attribute the exploitation of CVE-2025-0282 to a specific threat actor, the security researchers have observed the same malware family (SPAWN) that was exploited back in April…

Read more

Vulnerability in Fortinet's firewall
B2B Cyber ​​Security ShortNews

A threat research team observed a campaign of suspicious activity on Fortinet FortiGate firewall devices in early December 2024. By gaining access to the management interfaces of the affected firewalls, cybercriminals were able to change the firewall configurations, create new accounts, and log into the SSL VPN portals using these user accounts. In the compromised environments, threat actors were observed using DCSync to extract credentials. While the initial access vector used is not yet confirmed, given the compressed time period in the organizations as well as the affected firmware versions, Arctic Wolf Labs estimates that the exploit of a zero-day vulnerability is very likely…

Read more

Moxa industrial switch with critical 9.2 vulnerability
B2B Cyber ​​Security ShortNews

The provider of industrial switches Moxa reports a critical vulnerability with a CVSS base score of 9.2 out of 10 in its security advisory. Hackers could break in using brute force attacks. The currently available security patch should be installed immediately. In mid-January 2025, Moxa published a security notice with the ID MPSA-241407, which concerns a critical security vulnerability in the EDS-508A series. This vulnerability, with the CVE-2024-12297, allows attackers to bypass authentication and gain unauthorized access to the system. All firmware versions up to and including 3.11 are affected. The vulnerability CVE-2024-12297 is classified as critical with a CVSS base score of 9.2...

Read more

BSI: Zero-Day Attacks on Ivanti Connect Secure
B2B Cyber ​​Security ShortNews

The BSI warns: There are critical vulnerabilities in Ivanti products Connect Secure (ICS), Policy Secure and ZTA Gateway. The manufacturer has published a corresponding security advisory. This includes a critical vulnerability with a CVSS score of 9.0 out of 10. At the beginning of January 2025, the manufacturer Ivanti published an advisory on critical vulnerabilities in its products Ivanti Connect Secure (ICS), Policy Secure and ZTA Gateway. The security vulnerability CVE-2025-0282 is particularly serious, allowing an unauthenticated, remote attacker to execute arbitrary code on the affected systems. This vulnerability is classified as "critical" with a CVSS score of 9.0...

Read more

BSI: Critical 9.3 vulnerability in PaloAlto Networks Expedition
B2B Cyber ​​Security ShortNews

The BSI warns urgently about a critical vulnerability in the next-generation firewall (NGFW) platform PaloAlto Networks Expedition with a CVSS score of 9.3 out of 10. PaloAlto itself only rates the threat as 7.8 and as highly dangerous. The BSI writes in its warning about the next-generation firewall (NGFW) platform "PaloAlto Networks Expedition" with a critical CVSS score of 9.3: "A remote, anonymous attacker can exploit several vulnerabilities in PaloAlto Networks Expedition to manipulate data, disclose information, conduct a cross-site scripting attack, or execute commands." PaloAltoNetworks provides security advisory On January 8, 2025, Palo Alto Networks published a security warning...

Read more

Zero-day vulnerability allows remote access 
B2B Cyber ​​Security ShortNews

Arctic Wolf Labs Threat Intelligence Teams have observed new malicious activity related to the zero-day vulnerability in Cleo Managed File Transfer (MFT) software uncovered by Huntress. In December 2024, Arctic Wolf Labs identified a mass exploitation campaign in which attackers leveraged Cleo MFT solutions for unauthorized remote access. The attack chain consisted of an obfuscated PowerShell stager, a Java loader, and a Java-based backdoor that Arctic Wolf refers to as “Cleopatra.” The campaign began on December 7, 2024, and is still active. The Cleopatra backdoor enables in-memory file storage, supports Windows and Linux, and provides specific functionality to access…

Read more