Tevora Cybersecurity News

?? Joint Operation Removes PlugX Malware

The U.S. Justice Department and FBI recently announced a law enforcement operation that successfully removed "PlugX" malware from infected computers worldwide. This malware, controlled by Chinese state-sponsored threat actors known as "Mustang Panda," is used to gain control over victim devices and steal sensitive information. Users are encouraged to visit the FBI's Internet Crime Complaint Center (IC3) if there is suspicion of compromise.

More information regarding PlugX and the Justice Department's joint operation can be found here.

?? FTC Sues GoDaddy Over Security Lapses

The FTC has filed a lawsuit against GoDaddy, citing inadequate security practices over several years that exposed customers to fraud and cyberattacks. The complaint outlines breaches and insufficient incident responses, which allowed threat actors to compromise customer websites and data.?As part of a proposed settlement, the FTC is requiring GoDaddy to implement a comprehensive information security program, provide transparency about its security measures to customers, and undergo independent third-party reviews of its security program every two years.

More information regarding the FTC's complaint against GoDaddy can be found here.

?? Wolf Haldenstein Law Firm Confirms Data Breach

Wolf Haldenstein law firm has disclosed a data breach affecting 3.5 million individuals. The breach, which occurred on December 13th, 2023, involved sensitive client and case-related information, including personal and financial data. The firm has issued a notification on its website and is working to obtain contact information for affected individuals. Additionally, Wolf Haldenstein is offering free credit monitoring services to those who believe they may be impacted by the breach.

More information regarding Wolf Haldenstein's data breach can be found here.

?? UEFI Vulnerability Bypasses Secure Boot

Researchers have disclosed a now-patched security vulnerability that could allow threat actors to bypass the Secure Boot mechanism of UEFI systems. Tracked as CVE-2024-7344 and assigned a CVSS score of 6.7, this vulnerability could enable malicious code execution during the system boot process. Users are strongly encouraged to apply the necessary patches for affected systems to mitigate potential security risks.

More information regarding the UEFI Secure Boot vulnerability can be found here.

?? FortiGate Firewalls Exposed to Active Zero-Day

Fortinet has reported active exploitation of a zero-day vulnerability in its FortiGate firewalls, which allows remote attackers to execute arbitrary code and gain unauthorized access. To mitigate the risk, customers are strongly encouraged to disable public management interface access, regularly update firewall firmware, monitor access to firewall interfaces, and implement robust access controls, such as multi-factor authentication. These measures are critical to safeguarding systems from potential threats.

More information regarding FortiGate's active exploitation can be found here.

Stay vigilant, stay alert, and please reach out if you have any questions!