CyberSec Roundup
A synopsis of the Latest Cybersecurity News

Dangerous Games

Gamers use official launchers like Steam to ensure they download games that are virus free, however the PirateFi game on Steam has been caught installing password-stealing malware onto users’ computers. The game was up for a week before Steam detected the game contained a version of Vidar infostealer, which can compromise the user’s credentials, session cookies and browser passwords, and crypto wallets. Approximately 1500 users were affected and Steam advised them to remove the game, run security scans on their devices.

China Targets US Telecoms

Chinese hackers have breached multiple US telecom companies by exploiting unpatched Cisco routers, leaving critical network infrastructure exposed. The attackers leveraged known vulnerabilities in the routers to gain unauthorized access and potentially intercept sensitive communications. This incident highlights the urgent need for telecom operators to promptly patch their devices and strengthen network security against state-sponsored cyberattacks.

More Firewall Attacks

Threat actors are actively exploiting a SonicWall firewall vulnerability (tracked as CVE-2024-53704) after a proof-of-concept exploit was released. The flaw in the SSLVPN authentication mechanism, enables hackers to hijack active SSL VPN sessions and gain unauthorized access to affected networks. SonicWall, who released a patch for this a month before the POC exploit was released, has urged administrators to apply the latest patches and reconfigure their systems to mitigate the risk or disable SSL VPN.

By: David Pinder
IT & Cybersecurity Consultant
Certified Ethical Hacker (Master) | CCSK | AZ-500