9 Vulnerabilities Patched in SEL Power System Management Products. #cybersecurity #vulnerabilities #patched #powermanagement #SELproducts.
https://www.securityweek.com/9-vulnerabilities-patched-in-sel-power-system-management-products/
MITRE and CISA have released an open-source tool called Caldera for OT, which helps security teams emulate attacks against operational technology systems. The tool aims to identify and eliminate weaknesses in critical infrastructure, such as electricity, transportation, and water facilities. This extension can be downloaded from GitHub, and future updates will expand its capabilities. Some potential hashtags for this text could include #OTsecurity, #cybersecurity, #MITRE, #CISA, and #Caldera.
https://www.securityweek.com/mitre-and-cisa-release-open-source-tool-for-ot-attack-emulation/
CISA Hires 'Mudge' to Work on Security-by-Design Principles
#CISA #securitybydesign
Peiter 'Mudge' Zatko joins the US government's cybersecurity agency to promote security-by-design and secure-by-default development principles.
#cybersecurity #government #securitybydefault
Zatko, former CISO at Twitter, will work on shaping a culture of security-by-design everywhere.
#cultureofsecurity #CISO
The CISA security-by-design plan calls for technology manufacturers to prioritize Secure-by-Design and Secure-by-Default in product design and development processes.
#securebydesign #securebydefault #technologymanufacturers
CISA's push for secure-by-default ensures that products are resilient against prevalent exploitation techniques without additional configuration.
#securebydefault #resilience #exploitationtechniques
UK Electoral Commission fails cybersecurity test during data breach. #UK #ElectoralCommission #cybersecurity #data #breach
Hackers breached UK Electoral Commission's systems, compromising the data of 40 million voters. #hacking #data #breach
The Commission received an automatic failure during a Cyber Essentials audit. #CyberEssentials #audit #failure
Breached occurred between August 2021 and October 2022, allowing unauthorized access to email correspondence and sensitive voter databases. #unauthorizedaccess #emailcorrespondence #voterdatabases
Cybersecurity deficiencies highlighted by failed audit potentially contributed to the breach. #cybersecurity #deficiencies #failedaudit
Concerns raised about Commission's cybersecurity readiness as government mandates Cyber Essentials certification for suppliers handling sensitive data. #government #CyberEssentials #certification #dataprivacy #security
UK's Information Commissioner's Office (ICO) urgently investigating implications of breach for data privacy and security. #ICO #investigation #dataprivacy #security
Commission did not reapply for Cyber Essentials certification in 2022 but remains committed to improving cybersecurity measures with NCSC. #NCSC #cybersecurity #improvement
https://www.infosecurity-magazine.com/news/electoral-commission-fails/
Airlines battle surge in loyalty program fraud. Fraudsters exploit vulnerabilities in air miles and customer service systems. Loyalty fraud cases increased by 30% in 2022. Customer service scam involves impersonating airlines' customer service through fake phone numbers. Fraudsters trick victims into sharing banking information. Phishing websites are used to deceive victims into providing personal information. These activities cost airlines over $1 billion annually. Airlines must invest in fraud detection and prevention measures. Constant vigilance and proactive measures are crucial to protect against fraud. #loyaltyprogramfraud #airlinesecurity #cybercrime
https://www.infosecurity-magazine.com/news/airlines-battle-loyalty-program/
Mend.io's SAML vulnerability raises concerns about data privacy and exploitation. The vulnerability allowed unauthorized access to customer data in the same SaaS environment. Mend.io quickly addressed the issue and implemented extra security measures. No active exploitation has been reported, but customers are advised to review logs.
#DataPrivacy #Vulnerability #SecurityExploitation #SAML #SSO #ApplicationSecurity
https://www.infosecurity-magazine.com/news/mendios-saml-vulnerability-exposed/
shelLM is an AI-based honeypot created to engage attackers as a real system. It was developed by cybersecurity researchers from various universities and organizations. The researchers aimed to make the honeypot indistinguishable from a real system by using prompts, detailed behavior descriptions, and a Chain of Thought approach. The honeypot was tested with 12 users, and they found that it had a true negative rate of 90% and a false positive rate of 9%. The top ten commands used in the honeypot were cat, ls, sudo, get, echo, pwd, nano, ping, ssh, and whois. The researchers achieved a 92% accuracy in generating synthetic data for the honeypot. #AI #Cybersecurity #honeypot #shelLM
https://cybersecuritynews.com/shellm-ai-based-honeypot-engage-attackers/
Zero Trust Data Access (ZTDA) is a fundamental aspect of the Zero Trust security framework, which prioritizes data protection by constantly verifying access rights. ZTDA emphasizes the "never trust, always verify" principle and focuses on limiting access to approved entities. Companies should adapt ZTDA to secure SaaS apps and data due to changing threats, the increasing use of SaaS, and the need for a data-centric approach. ZTDA offers benefits such as minimizing insider threats, granular access control, continuous monitoring, integration with DLP tools, and compliance with regulations. DoControl's ZTDA solution extends Zero Trust to the SaaS application data layer, ensuring complete visibility and enhanced security. Implementing ZTDA allows organizations to strengthen their security posture, reduce vendor risk, and comply with strict regulations. #cybersecurity #networksecurity #zerotrust #zerotrustdataaccess
Summary:
AttackCrypt is an open-source crypter used by cybercriminals to hide malware binaries and evade antivirus detection. It offers various features to enhance the capabilities of existing malware. The tool is actively used in the wild and has been linked to the protection of VenomRAT. The Attacker-Crypter tool supports functions such as malware encryption, process injection, and file obfuscation. The threat actor behind AttackCrypt has a significant online presence. #AttackCrypt #malware #crypter #antivirus #VenomRAT
Hashtags:
#AttackCrypt #malware #crypter #antivirus #VenomRAT
https://cybersecuritynews.com/attackcrypt-payload-encrypter/
Summary:
- British mesh fencing systems maker Zaun has disclosed a LockBit ransomware attack that potentially led to the compromise of data related to UK military and intelligence sites.
- The cyberattack occurred in early August, but data was not encrypted and services were not interrupted.
- LockBit ransomware group was able to download some data, including historic emails, orders, drawings, and project files.
- No classified documents were stored on the system or compromised.
- The stolen data has since been made public on the internet and appears to be related to UK military, intelligence, and research bases.
Hashtags: #cyberattack #ransomware #Zaun #UKmilitary #datacompromise
Summary:
The non-profit organization Freecycle Network, used by millions, has suffered a data breach. The breach involved the exposure of usernames, User IDs, email addresses, and passwords. Freecycle has already notified the relevant authorities and is taking measures to inform users to change their passwords. The concern is that the compromised credentials could be used for credential stuffing attacks and lead to increased phishing attempts. Freecycle claims to have nearly 11 million members.
Hashtags:
#Freecycle #DataBreach #Cybersecurity #DataProtection #PasswordSecurity
https://www.infosecurity-magazine.com/news/freecycle-breach-hit-millions-of/
UK National Cyber Security Centre appoints Ollie Whitehouse as its new CTO. Whitehouse will help shape the UK's approach to cyber, build cyber-resilience, and improve talent pipeline. Previous roles include positions at NCC Group, Blackberry, and Symantec. #CyberSecurity #CTO #NCSC
https://www.infosecurity-magazine.com/news/national-cyber-security-centre-1/
#Summary:
- A north London school and a Berkshire schools group have been hit by cyber-attacks before the new term begins.
- Highgate Wood School in Crouch End will now start accepting pupils on September 11 instead of September 5.
- The attack has caused a delay, causing inconvenience for working parents who now need to find last-minute childcare.
- Investigations have been carried out, and it is believed that no data has been breached.
- The UK's education sector experienced a higher share of ransomware attacks in 2022 compared to other countries.
- Another UK school, Debenham High School in Suffolk, also suffered a cyber-attack.
- Cybercriminals target schools due to their valuable data and weak cybersecurity practices.
- Security measures, automation, strong access controls, and robust backup solutions are needed to protect students' education.
#Hashtags:
#cybersecurity #educationsector #cyberattacks #ransomware #schoolsecurity
https://www.infosecurity-magazine.com/news/second-school-cyberattack-before/
Hackers are exploiting pre-authentication RCE flaws in Adobe ColdFusion. The vulnerabilities pose a risk to Windows and macOS users. Fortinet researchers discovered that attackers inject payloads into the 'argumentCollection' parameter of the URI '/CFIDE/adminapi/accessmanager.cfc.' They use domains like mooo-ng[.]com, redteam[.]tf, and h4ck4fun[.]xyz to validate the vulnerabilities. The attacks originate from IP addresses 81[.]68[.]214[.]122, 81[.]68[.]197[.]3, and 82[.]156[.]147[.]183. Malware variants, including XMRig Miner, DDoS/Lucifer, RudeMiner, and BillGates/Setag, were detected. Despite fixes being introduced, the flaws are still being exploited, so users should upgrade affected systems. #AdobeColdFusion #RCE #vulnerabilities #cybersecurity
https://cybersecuritynews.com/pre-authentication-rce-adobe-coldfusion/
Ayush Jharkhand, the official state website for the Ministry of Ayush in Jharkhand, India, was hacked by the threat actor Tanaka. The leaked database contains over 320,000 patient records and login information of doctors associated with the website. The breach poses risks such as account takeovers, brute force attacks, and phishing campaigns. To mitigate these risks, implement strong security measures and continuous monitoring. #MedicalDataBreach #AyushJharkhand #Hacked #DataLeak
https://www.infosecurity-magazine.com/news/ayush-jharkhand-hacked/
New attack technique called "MalDoc in PDF" eludes detection by embedding a malicious Word file within a harmless PDF document. Raises alarms in cybersecurity community. Malicious behaviors triggered in Microsoft Word, remain dormant in standard PDF viewers. Traditional PDF analysis tools struggle to detect malicious components. OLEVBA tool can identify embedded macros for detection. Yara rules can detect discrepancies in file extensions. Significant challenge to cybersecurity. Use caution when using automated malware analysis tools. #MalDocinPDF #cybersecurity #malwareanalysis
https://www.infosecurity-magazine.com/news/maldoc-pdf-alarms-experts/
Python Package Index Targeted Again By VMConnect #Cybersecurity #Python #PyPI #VMConnect #malware #software #cybercrime #LazarusGroup #threatactor #digitalassets #supplychainattacks
https://www.infosecurity-magazine.com/news/pypi-targeted-vmconnect/
Summary: A new cyber espionage group called Earth Estries, connected to FamousSparrow, has been targeting government and technology organizations since 2020. They use various hacking tools and backdoors, such as Zingdoor and TrillClient, to gain access. They employ PowerShell downgrade attacks and utilize remote control tools like Cobalt Strike. The group archives data in PDF and DDF files and uploads them to platforms like AnonFiles and File.io. They use new malware for each operation and hide their IP using fastlyCDN services. The group targets organizations in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the US.
Hashtags: #EarthEstries #CyberEspionage #Hacking #Malware #DataBreach #CyberSecurity
Hackers have been attacking MSSQL servers to distribute the FreeWorld ransomware. The attack campaign, known as DB#JAMMER, involves the use of enumeration software, RAT payloads, and ransomware payloads. The attackers gain access to the server through brute force attacks and exploit the enabled xp_cmdshell function. They carry out various operations on the host, create new users, and modify registry alterations. The attackers also connect to a remote SMB share to install malicious tools like cobalt strike and distribute the ransomware. Strong passwords are important to prevent such attacks. #cyberattack #cybersecurity #cybersecuritynews #malware
https://cybersecuritynews.com/hackers-attacking-mssql-servers/
Summary: Recent reports indicate that threat actors have been distributing fileless malware through phishing emails. The malware is disguised as an ISO file embedded with a .hta script file, which gets executed without creating a file on the victim's system. The malware executes a Powershell command to request a base64 encoded string data from the server, which then loads a function and executes a DLL file. The DLL file downloads the final malware from the C2 server and injects it into the RegAsm.exe process. The malware can be AgentTesla, Remcos, or LimeRAT.
Hashtags: #filelessmalware #phishing #cybersecurity #malwaredistribution #Powershell #DLL #CyberAttack
https://cybersecuritynews.com/fileless-malware-via-spam-mail/