Welcome to this week’s CyberNews! We’re temporarily shifting focus to bring you the best possible analysis of the xy utils backdoor and updates to our cybersecurity guide. In the meantime, here’s a quick roundup of recent news:
The Wall Street Journal uncovered a black market network where legitimate ‘middlemen’ were purchasing Starlink hardware and then would ‘smuggle’ them into Russia.
Officials in Ukraine have confirmed that Russian forces are actively using thousands of Starlink terminals. This discovery has also raised concerns among US lawmakers, who have questioned SpaceX’s compliance with sanctions against Russia.
A newly discovered vulnerability (CVE-2024-28182) in the HTTP/2 protocol could allow attackers to launch Denial of Service (DoS) attacks against web servers. Tech vendors like Arista Networks, Fastly, and the Go Programming Language are affected.
This vulnerability could lead to servers being overwhelmed and taken offline, disrupting web services.
Zero-day exploit firm Crowdfense dramatically expands its acquisition program, now offering up to $30 million for critical exploits targeting Android, iOS, Chrome, and Safari. Top payouts include up to $9 million for zero-click, full-chain exploits.
A hacker known as USDoD claims to have breached the US Environmental Protection Agency (EPA), exposing the contact details of over 8.5 million customers and contractors. The leaked data includes names, emails, phone numbers, and addresses.
A hacker known as USDoD claims to have breached the US Environmental Protection Agency (EPA), exposing the contact details of over 8.5 million customers and contractors. The leaked data includes names, emails, phone numbers, and addresses.