The U.S. has charged Chinese national Guan Tianfeng for exploiting a zero-day vulnerability in Sophos firewalls, affecting 81,000 devices globally, including critical U.S. infrastructure. Guan, linked to Sichuan Silence Information Technology, allegedly used the CVE-2020-12271 flaw to execute remote code and steal data. The U.S. Treasury has sanctioned Guan and Sichuan Silence, a contractor for Chinese intelligence, while the State Department offers rewards for information on cyber threats to U.S. infrastructure.
Cybersecurity researchers have discovered that several strains of info-stealing malware can maintain access to compromised Google accounts even after victims change their passwords, due to a zero-day exploit involving Google's OAuth endpoint "MultiLogin." The malware, which targets primarily Windows users, steals session tokens from web browsers, allowing attackers to bypass password changes and continually access victims' emails and cloud storage. The exploit has been adopted by at least six malware families, including Lumma and Rhadamanthys, with Eternity Stealer planning to release an update soon. To prevent exploitation, users must log out completely to invalidate their session tokens. Google has yet to respond to inquiries about their plans to address this security issue.
