At a glance.
- I-O Data is still working on patches for two router zero-days.
- Medical device manufacturer hit by ransomware.
- Europol operation shuts down phone phishing gang.
I-O Data is still working on patches for two router zero-days.
Japanese device maker I-O Data is still working on patches for two actively exploited zero-days affecting its routers, SecurityWeek reports. One of the flaws (CVE-2024-45841) can lead to authentication information disclosure, and another (CVE-2024-47133) can "allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands." The company says the fixes won't be available until at least December 18th.
According to BleepingComputer, I-O Data recommends that customers implement the following mitigations until patches are available:
- "Disable the Remote Management feature for all internet connection methods, including WAN Port, Modem, and VPN settings.
- "Restrict access to only VPN-connected networks to prevent unauthorized external access.
- "Change the default "guest" user's password to a more complex one with over 10 characters.
- "Regularly monitor and verify device settings to detect unauthorized changes early, and reset the device to factory defaults and re-configure if a compromise is detected."
Medical device manufacturer hit by ransomware.
US-based medical device manufacturer Artivion sustained a cyberattack on November 21st that resulted in "acquisition and encryption" of data, TechCrunch reports. The company said in an SEC filing that "the incident has caused disruptions to some order and shipping processes, as well as to certain corporate operations, which have largely been mitigated."
Artivion added, "The Company has and will continue to incur expenses related to its response to this incident, and the Company believes it has adequate insurance coverage. However, the Company believes that it will incur additional costs that will not be covered by insurance. The Company remains subject to various risks due to the incident, including the impact of delays in restoration, and, as a result, cannot provide assurances that the incident will not be determined to have a material impact in the future."
Europol operation shuts down phone phishing gang.
Belgian and Dutch authorities have arrested eight individuals accused of conducting phone phishing attacks across at least ten European countries, Infosecurity Magazine reports. Europol notes, "Besides committing large-scale ‘phishing’ campaigns and trying to gain access to financial data by phone or online, the suspects also pretended to be police or banking staff and approached older victims at their doors."
The defendants, most of whom are based in the Netherlands, allegedly stole several million euros and spent all of it on luxury watches and jewelry, then went partying "dressed in designer clothes at expensive clubs."