Hackers Exploiting 7 Year Old Vulnerability, Warns FBI

Russian-linked hackers, known as "Static Tundra," are exploiting a security flaw in old Cisco network devices that haven't been updated or replaced. They have been secretly accessing and taking control of networks used by U.S. organizations involved in critical sectors like manufacturing and telecommunications. By altering device settings, they can explore sensitive systems and gather valuable information, often without detection.

This cyberattack is using a vulnerability called CVE-2018-0171, which dates back seven years. Although it was patched in 2018, many organizations still haven't applied the fix, leaving their systems vulnerable. The flaw allows hackers to cause disruptions or gain control of affected devices remotely. Other threat groups, including China’s Salt Typhoon, have also exploited this vulnerability.

The hackers are highly persistent, using stolen credentials and hidden backdoors to maintain long-term access to compromised systems. They often use specialized tools to automate attacks and keep control, creating new user accounts or enabling remote access options. Experts emphasize the importance of updating and replacing outdated equipment and closely managing device vulnerabilities to prevent such breaches in the future.

Apple Releases Update to Address Zero-Day Flaw

Apple has released urgent security updates to fix a serious vulnerability in its devices that was exploited in a highly sophisticated attack. This flaw, known as CVE-2025-43300, exists in the Image I/O framework, which is used to process image files. When the flaw is exploited, it can cause the affected device's software to crash or even allow hackers to run malicious code remotely, potentially taking control of the device. Apple revealed that the attack was targeted at specific individuals, but the company has addressed the issue across multiple versions of iOS, iPadOS, and macOS.

The vulnerability affects a wide range of devices, including most recent iPhones, iPads, and Macs, some dating back several years. Apple has now fixed this flaw with software updates released immediately, emphasizing the importance for users to install these patches quickly. Since the beginning of the year, Apple has been actively addressing multiple zero-day vulnerabilities — security flaws that are exploited by hackers before companies have a chance to fix them — helping protect users from ongoing targeted threats.

Researchers Discover New Ransomware Strain, Charon

Recently, security researchers discovered a new ransomware strain called Charon, involved in highly targeted attacks mainly in the Middle East's government and aviation sectors. The attackers used a sophisticated technique called DLL sideloading, where they abused legitimate files like the Edge browser to secretly load malicious code. This malicious code then delivered the Charon ransomware, which encrypts files and demands payment for their release. The investigation revealed that the ransomware was carefully customized for each victim, indicating a highly targeted operation rather than random attacks.

Charon operates with advanced encryption methods and employs multiple layers of security evasion and data destruction tactics. It starts by stopping security services, deleting backup copies, and then quickly encrypts large amounts of data across the system using a combination of encryption algorithms. It also spreads across networks, scanning for accessible shared drives to encrypt other connected computers. Interestingly, it contains a built-in driver intended to disable security solutions, although this feature was not active in the current version, hinting at potential future updates.

Protecting against threats like Charon requires a multi-layered security approach. It’s crucial to prevent DLL sideloading by controlling which programs can load DLLs, keep security software active and updated, and monitor unusual process behaviors. Regularly backing up data offline and ensuring these backups can be restored is also key, as well as educating staff on avoiding suspicious links or attachments. Organizations must stay vigilant and prepared, as highly targeted ransomware like Charon can cause significant operational and financial harm if defenses are not robust and proactive.

Defensible Strategies

Learn from those who have been attacked

Workday Breach Highlights Growing Threat of Social Engineering Attacks

Workday, a major provider of HR and finance software, has confirmed a data breach caused by a social engineering attack that targeted a third-party CRM system, not its core platform. Attackers tricked Workday employees through phone calls and text messages by pretending to be internal staff, eventually gaining access to business contact information like names, email addresses, and phone numbers. While no sensitive customer data was exposed, experts warn that even this basic data can be misused to craft convincing phishing scams.

Security professionals emphasize that technical defenses alone aren't enough to stop these kinds of attacks. The breach highlights the importance of employee awareness, especially around social engineering tactics like impersonation and deceptive phone calls (vishing). Companies need to implement stricter security training, phishing-resistant multi-factor authentication, and better oversight of third-party integrations, as these can serve as entry points for attackers if not properly secured.

Although Workday quickly contained the incident and confirmed that customer systems remain unaffected, the breach serves as a warning to all businesses. Even limited data in the wrong hands can lead to larger threats. Experts urge organizations to regularly review access permissions, monitor external platforms, and treat third-party tools as extensions of their own infrastructure. Strong internal processes, ongoing employee training, and a culture of caution are key to staying protected in an era of increasingly sophisticated social engineering attacks.

Cyberattack Hits iiNet: TPG Confirms Data Breach Affecting Thousands of Customers

TPG Telecom, one of Australia's largest telecommunications companies, has confirmed a cyberattack on its subsidiary iiNet. The incident, which was contained on August 16, affected iiNet’s order and tracking system. While the company says only "limited personal information" was accessed, this includes sensitive data such as around 280,000 customer email addresses, 20,000 landline numbers, 10,000 sets of usernames, phone numbers, and addresses, plus approximately 1,700 modem passwords. An unknown number of inactive customer records were also stolen.

TPG has apologized and is reaching out to affected customers with support and guidance, while also reassuring others that their data appears unaffected. They’ve brought in outside experts to help investigate and manage the situation. TPG, which also owns brands like Vodafone, Lebara, and Internode, serves millions of customers across Australia and says there is no current evidence the breach spread beyond iiNet.

Ransomware Attack Disrupts Inotiv Operations and Exposes Sensitive Data

Inotiv, a pharmaceutical research company based in Indiana, has reported a ransomware attack that disrupted its internal systems and operations. The incident occurred on August 8 and involved hackers encrypting parts of the company’s data and internal business applications, making them temporarily inaccessible. Inotiv responded by switching some operations to offline methods while working to contain and fix the damage. The company is unsure when full system access will be restored.

Although Inotiv has not officially named the attackers, a ransomware group called Qilin has claimed responsibility, stating it stole about 176 gigabytes of sensitive business data, including contracts, financial documents, and internal procedures. With around 2,000 employees, Inotiv has informed federal regulators of the ongoing impact and is continuing efforts to recover and secure its systems.