12 December 2023

■ Sophos Backports RCE Fix for Unsupported Firewalls

Sophos issues a security update for CVE-2022-3236 on end-of-life (EOL) firewall firmware versions after discovering active exploitation by hackers.

■ Ransomware Attack on Ukraine's Largest Mobile Carrier, Kyivstar

Kyivstar, Ukraine's largest telecom provider with over 25 million subscribers, faces disruptions in mobile and data services following a cyberattack.

■ Code Repository Wiping Results in 2-Year Prison Sentence

Miklos Daniel Brody, a cloud engineer, receives a two-year prison term and a substantial restitution amount for wiping his former employer's code repositories in retaliation for being terminated.

■ pfSense and WordPress Exposed to Remote Code Execution (RCE) Attacks

Approximately 1,450 pfSense servers and over 50,000 WordPress sites are susceptible to critical vulnerabilities that allow attackers to execute code remotely, potentially compromising these systems.

■ Lazarus Hackers Exploit Log4j Vulnerability for New RAT Malware

The Lazarus hacking group leverages the Log4Shell (CVE-2021-44228) vulnerability to deploy three previously unseen malware families written in DLang.

■ CS2 HTML Injection Flaw Exposes Players' IP Addresses

Valve addresses an HTML injection vulnerability in Counter-Strike 2 (CS2) that was exploited to inject images into games, exposing other players' IP addresses.

■ Emergency Updates Address Zero-Day Flaws on Older Apple Devices

Apple releases emergency security updates for older iPhones, Apple Watch, and Apple TV models, patching two actively exploited zero-day flaws.

---