An anonymous reader quotes a report from The Record: Threat actors are stealing sensitive data from organizations by breaching end-of-life appliances made by cybersecurity company SonicWall. Incident responders from Google Threat Intelligence Group (GTIG) and Mandiant said on Wednesday that they have uncovered an ongoing campaign by an unidentified threat group that leverages credentials and one-time password (OTP) seeds stolen during previous intrusions -- allowing the hackers to regain access to organizations even after security updates are installed. [...]

The campaign is targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances. Google explained that the malware the hackers are using removes log entries, making it difficult to figure out how they initially gained access to a system. Google said the campaign extends beyond the incidents they investigated directly and added that SonicWall has "confirmed reports of other impacted organizations." The company noted that SonicWall updated an advisory for a bug tracked as CVE-2024-38475 in light of Google's findings. "As an added security measure, we strongly advise customers to reset the OTP (One-Time Password) binding for all users. This step ensures that any potentially compromised or stale OTP secrets are invalidated, thereby mitigating unauthorized access risks," SonicWall said in the update to the advisory..

One novel aspect of the campaign is the use of a backdoor called OVERSTEP, which modifies the SonicWall appliance's boot process to maintain persistent access, steal sensitive credentials and conceal the malware's own components. Incident responders struggled to track other activities by the hackers because OVERSTEP allowed them to delete logs and largely cover their tracks. OVERSTEP is specifically designed for SonicWall SMA 100 series appliances, according to Google. In addition to CVE-2024-38475, Google and Mandiant experts floated several potential vulnerabilities the hackers may have used to gain initial access, including CVE-2021-20038, CVE-2024-38475, CVE-2021-20035, CVE-2021-20039 and, CVE-2025-32819. Beyond those, Google theorized that the hackers may have used an unknown zero-day vulnerability to deploy the malware on targeted SonicWall SMA appliances.

[ Read more of this story ]( https://it.slashdot.org/story/25/07/17/2049256/google-spots-tailored-backdoor-malware-aimed-at-sonicwall-appliances?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The House passed a bipartisan bill regulating stablecoins which now heads to President Trump's desk as part of his push to make the U.S. the "crypto capital of the world." Two other crypto-related bills -- one defining digital asset market structure and another banning a U.S. central bank digital currency -- were also approved by the House but face uncertain futures in the Senate amid partisan tensions and concerns over Trump's personal financial ties to crypto ventures. CNBC reports: The stablecoin bill, passed on a 308-122 vote, sets initial guardrails and consumer protections for the cryptocurrency, which is tied to a stable asset, often the U.S. dollar, to reduce price volatility. It passed the Senate with bipartisan support in June. "Around the world, payment systems are undergoing a revolution," said House Financial Services Chair French Hill of Arkansas as lawmakers debated the stablecoin legislation Thursday morning. Hill said the bill will "ensure American competitiveness and strong guardrails for our consumers."

After Trump declared it "crypto week," the bills were stalled for more than a day amid disagreements among House Republicans about how to combine the legislation. In the end, GOP leaders put the three bills for a separate votes, leaving the fate of the other two bills unclear in the Senate. The internal dissent could foreshadow challenges ahead for the more sweeping crypto legislation that Trump has demanded and the industry has poured millions into advancing. The stablecoin measure is seen by lawmakers and the industry as a step toward adding legitimacy and consumer trust to a rapidly growing sector. Treasury Secretary Scott Bessent said in June that the legislation could help that currency "grow into a $3.7 trillion market by the end of the decade."

The bill outlines requirements for stablecoin issuers, including compliance with U.S. anti-money laundering and sanctions laws, and mandates that issuers hold reserves backing the cryptocurrency. Without such a framework, Republicans on the Senate Banking Committee in a statement warned, "consumers face risks like unstable reserves or unclear operations from stablecoin issuers." After the votes, House Republicans strongly urged the Senate to take up the second bill, which would create a new market structure for cryptocurrency.

[ Read more of this story ]( https://yro.slashdot.org/story/25/07/17/2321219/house-passes-historic-crypto-bill-regulating-stablecoins?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Dictionary.com abruptly deleted all user accounts and saved word lists from its premium apps without notice or refunds, leaving long-time logophiles "devastated." "The company deleted all accounts, as well as the only ways to use Dictionary.com without seeing ads -- even if you previously paid for an ad-free experience," reports Ars Technica. From the report: Dictionary.com offers a free dictionary through its website and free Android and iOS apps. It used to offer paid-for mobile apps, called Dictionary.com Pro, that let users set up accounts, use the app without ads, and enabled other features (like grammar tips and science and rhyming dictionaries) that are gone now. Dictionary.com's premium apps also let people download an offline dictionary (its free apps used to let you buy a downloadable dictionary as a one-time purchase), but offline the dictionaries aren't available anymore.

About a year ago, claims of Dictionary.com's apps being buggy surfaced online. We also found at least one person claiming that they were unable to buy an ad-free upgrade at that time. Reports of Dictionary.com accounts being deleted and the apps not working as expected, and with much of its content removed, started appearing online about two months ago. Users reported being unable to log in and access premium features, like saved words. Soon after, Dictionary.com's premium apps were removed from Google Play and Apple's App Store. The premium version was available for download for $6 as recently as March 23, per the Internet Archive's Wayback Machine.

[ Read more of this story ]( https://tech.slashdot.org/story/25/07/17/2329217/dictionarycom-devastated-paid-users-by-abruptly-deleting-saved-word-lists?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Ukrainian hacker group BO Team, with help from the Ukrainian Cyber Alliance and possibly Ukraine's military, claims to have wiped out one of Russia's largest military drone manufacturers, destroying 47TB of production data and even disabling the doors in the facility. "Or, as described by the hacking collective (per Google translate), they 'deeply penetrated' the drone manufacturer 'to the very tonsils of demilitarization and denazification,'" reports The Register. From the report: BO Team (also known as Black Owl) announced the breach on its Telegram channel, and claimed to have carried out the operation alongside fellow hackers the Ukrainian Cyber Alliance "and one very well-known organization, the mention of which makes Vanya's bottle receivers explode," according to a Google translation of the Russian text. While the "very well-known organization" isn't named, BO Team included a link to Ukraine's Ministry of Defence.

The military intelligence agency, working alongside the attackers, "carried out large-scale work to capture the entire network and server infrastructure of Gaskar Group, collect valuable information about the UAVs being produced and prospective, and then destroy the information and disable this infrastructure," the Telegram post continued. This reportedly included 47TB of technical information about the production of Russian drones, and BO Team claims to have destroyed all of the information on Gaskar's servers, including 10TB of backup files. "By the way, from the information we received, China is providing assistance in the production and training of specialists of Gaskar Group," the hackers added via Telegram. BO Team also posted what they claim to be confidential employee questionnaires [PDF].

On their own Telegram channel, the Ukrainian Cyber Alliance said they also stole "all the source code" before destroying everything. "The network went down so thoroughly that the doors in the building were blocked," the pro-Ukraine crew wrote, per Google translate. "To open them, the administration had to turn on the fire alarm. Most likely, the defense order is on the verge of failure, and thousands of drones will not get to the front in the near future."

[ Read more of this story ]( https://tech.slashdot.org/story/25/07/17/2350256/ukrainian-hackers-claim-to-have-destroyed-major-russian-drone-makers-entire-network?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.