FBI Seized ALPHV/Blackcat Ransomware Dark Web Site. Law enforcement agencies successfully took down the website belonging to the cybercriminal ALPHV/Blackcat. The ransomware group has infected over 1,000 victims worldwide. FBI created a decryption tool to help impacted victims recover their systems. The agency obtained access to the Blackcat ransomware group's computer network and seized their websites. #cyberattack #cybersecurity #ransomware
https://cybersecuritynews.com/fbi-seized-alphv-blackcat-ransomware/
Summary: Iranian fuel supplies have been crippled by a cyber-attack, causing widespread disruption to petrol stations. Iran has blamed the US and Israel for the attack, which impacted 70% of the country's petrol stations. The hacktivist group "Gonjeshke Darande" has claimed responsibility for the attack and warned of more to come. The attack is believed to be a response to Iran's involvement in the Red Sea crisis.
https://www.infosecurity-magazine.com/news/iranian-fuel-supplies-crippled-by/
PikaBot is a malware that exploits Google Ads to infiltrate corporate networks. It started as part of email spam campaigns but has now shifted to search engine ads. PikaBot uses sophisticated techniques like indirect syscalls and JavaScript fingerprinting to conceal its malicious payload. It is part of a larger malvertising ecosystem and signifies the revival of drive-by downloads. Businesses need to go beyond traditional defenses to protect against malvertising. Detecting and reporting PikaBot-laden installers is crucial in this ongoing digital warfare. #cybersecurity #malware
https://cybersecuritynews.com/pikabot-attacking-windows-machine/
Zoom has launched an Open-Source Vulnerability Impact Scoring System. This system provides a standardized method for evaluating the impact of vulnerabilities in open-source software. It helps developers and security researchers identify and prioritize vulnerabilities. The system takes into account the worst-case scenario and evaluates vulnerabilities from an attacker's perspective. Each vulnerability analysis includes thirteen impact characteristics. A VISS score is assigned to assess the severity of the vulnerability. The VISS tool allows for additional analysis beyond basic vulnerability assessment. The system includes built-in variables for rebasing magnitude.#OpenSource #VulnerabilityAssessment #CyberSecurity #Zoom
https://cybersecuritynews.com/zoom-launches-open-source-vulnerability/
Ransomware gangs collaborate to attack financial services, creating a significant challenge for organizations. Proactive cybersecurity strategy, regular system updates, strong threat detection systems, and employee training are crucial. #cybersecurity #ransomware #financialservices #collaboration
https://cybersecuritynews.com/ransomware-gangs-are-collaborating/
Hackers are actively exploiting the Apache Struts 2 vulnerability. #ApacheStruts2 #Vulnerability
https://cybersecuritynews.com/apache-struts-2-vulnerability/
Security Engineer Pleads Guilty For Hacking Crypto Exchange
#cybersecurity #news
https://cybersecuritynews.com/security-engineer-pleads-guilty/
MongoDB experienced a security incident with unauthorized access to its corporate systems. Customer data, including account metadata and contact information, was exposed. No evidence of access to customer system logs was found. MongoDB is investigating the incident with authorities. There was a separate incident involving a high number of login attempts, unrelated to the security incident. It is important for organizations to update and patch their systems to prevent such incidents. #cybersecurity #news #hacked #MongoDB
https://cybersecuritynews.com/mongodb-suffers-security-breach/
MongoDB, a database software company, has confirmed a hack of its corporate systems and customer data has been stolen. The company detected suspicious activity on its network and later discovered the hackers had accessed its systems. MongoDB assures customers that no exposure to their data stored in its MongoDB Atlas product has been identified. However, customers are advised to be vigilant for social engineering and phishing attacks. #MongoDB #DataBreach #Cybersecurity
https://www.securityweek.com/mongodb-confirms-hack-says-customer-data-stolen/
Cloud squatting is a security risk that occurs when cloud assets are deleted but the records pointing to them are not. Attackers can exploit these records to create phishing sites or malware-serving sites. Large enterprises face challenges in identifying and mitigating cloud squatting risks. Organizations can mitigate this risk by using reserved IP addresses, transferring their own IP addresses to the cloud, using private IP addresses, or using DNS names instead of hardcoding IP addresses. Regular maintenance of records and deletion of stale ones is also important.
#cloudsquatting #securityrisks #phishingsites #malwareserving #enterprisescurity #IPaddresses #DNSnames
Underwater sculptures in the Molinière Underwater Sculpture Park are colored with squid ink. #squids #underwatersculptures
Discussion on stolen data from genetic testing company Asper Biogene. #datatheft #genetictesting
Hamas' finances explained, including tunnels of cash and cryptocurrency. #Hamas #finance
Political propaganda pushed from Israeli Gov/Defence Force falls outside blog posting rules. #IsraeliPropaganda #blogrules
Zoom has launched an open-source Vulnerability Impact Scoring System (VISS) to assess and prioritize vulnerabilities based on actual exploitation. The system aims to enhance incident response capabilities. The use of VISS within Zoom's bug bounty program has led to an increase in reports describing critical and high-severity vulnerabilities. The severity of impact is represented by a numerical score ranging from 0 to 100. #Zoom #VulnerabilityScoring #Cybersecurity
https://www.securityweek.com/zoom-unveils-open-source-vulnerability-impact-scoring-system/
Summary:
- Chinese state-sponsored hackers breached the systems of two dozen critical entities in the US, including gas and oil pipelines, a water utility, and a major port. [hashtags: Cyberwarfare, Cybercrime, DataBreaches]
- Ukraine's defense intelligence claims to have wiped over 2,300 servers belonging to Russia's federal tax service, erasing databases and preventing regional servers from connecting. [hashtags: Cyberwarfare, NationState]
- A SIM swapper in Texas was sentenced to prison for using SIM swapping to steal over $600,000 in cryptocurrency. [hashtags: Cybercrime, Cryptocurrency]
- French police apprehended an individual connected to the Hive ransomware gang and found over €570,000 in cryptocurrency on his phone. [hashtags: Cybercrime, Ransomware]
- CISA assigned a CVE identifier to a vulnerability in Unitronics Vision PLC that was exploited in recent attacks on the US water sector. [hashtags: WaterAttacks, Vulnerabilities]
- Akamai identified new DNS spoofing attacks that exploit Microsoft DHCP servers, allowing attackers to access DNS zones without authentication. [hashtags: DNSspoofing, Cybersecurity]
- Tenable discovered vulnerabilities in Edulog's parental portal that exposed K-12 student information and school district details. [hashtags: DataBreaches, Education]
- Fortinet, Zoom, Palo Alto Networks, and Ivanti released patches for various vulnerabilities in their software. [hashtags: Cybersecurity, SoftwarePatches]
- Industrial cybersecurity firm Dragos' CEO joined venture capital firm DataTribe as a venture partner. [hashtags: IndustrialCybersecurity, VentureCapital]
- Bishop Fox released an open-source tool called Swagger Jacker for auditing OpenAPI definition files. [hashtags: OpenSource, APIsecurity]
- Intel launched 5th Gen Xeon processors, bringing improved performance and increased security with features like Intel Trust Domain Extensions. [hashtags: Intel, Cybersecurity]
Hashtags:
#Cyberwarfare #Cybercrime #DataBreaches #NationState #Cryptocurrency #Ransomware #WaterAttacks #Vulnerabilities #DNSspoofing #Cybersecurity #DataBreaches #Education #SoftwarePatches #IndustrialCybersecurity #VentureCapital #OpenSource #APIsecurity #Intel #Cybersecurity
Kansas Courts' computer systems are back online after a cyberattack shut them down for two months. The attack affected courts in 104 counties, and the judicial branch has not disclosed the hackers' demands or if a ransom was paid. The court system is gradually restoring access to online documents and case management systems. #KansasCourts #Cyberattack #Cybersecurity
UK government proposes new rules for datacenters to improve cybersecurity and resilience. Datacenter providers would have a duty to manage security risks and provide relevant information. The government claims that datacenters play a pivotal role in the economy and generate significant revenue. Hashtags: #UKgovernment #cybersecurity #datacenters #resilience
https://www.infosecurity-magazine.com/news/uk-plans-tough-security-rules/
Four individuals have been charged in connection with an $80 million pig butchering scheme. The defendants are accused of money laundering and other fraudulent activities. The scheme involved setting up shell companies and laundering funds through bank accounts. Pig butchering scams target victims through online messages and dating sites. The scammer builds rapport and then convinces the victim to invest in a cryptocurrency scheme, diverting the funds to their own bank account. Investment fraud was the highest earning cybercrime type in 2022. The defendants face up to 20 years in prison if convicted. #PigButcheringScheme #MoneyLaundering #InvestmentFraud #Cybercrime
https://www.infosecurity-magazine.com/news/four-charged-80m-pig-butchering/
Connected devices are becoming more common in our daily lives, raising concerns about their security. Inadequate security in consumer IoT products has led to instances of hackers infiltrating networks and taking control of smart cars. The supply chain plays a crucial role in securing IoT devices, but responsibility needs to be shared across all links. The SolarWinds supply chain attack highlights the risks of compromised updates. Quantum technology poses an even greater threat to IoT security, but adopting post-quantum cryptography can help mitigate this risk. Collaboration between manufacturers, consumers, and regulators is crucial for setting standards and addressing vulnerabilities. Security-by-design is essential for ensuring that IoT devices are secure from the start. Organizations need to prioritize IoT security and implement certified guidelines. The threat of quantum cyber-attacks necessitates the adoption of quantum-proof security measures.
#IoTsecurity #supplychainattack #quantumtechnology #collaboration #securitybydesign
https://www.infosecurity-magazine.com/opinions/kettle-spying-iot-device-security/
Multiple Flaws in Dell PowerProtect Products Let Attackers Execute OS Commands. #PowerProtect #vulnerability #OSCommandInjection #PathTraversal #SQLInjection #CrossSiteScripting #PrivilegeEscalation
https://cybersecuritynews.com/dell-powerprotect-products-flaw/
Summary:
- A cluster of malicious Python projects has been discovered on PyPI, the official Python PyPI package repository.
- These projects target both Windows and Linux systems and often contain a custom backdoor.
- In total, 116 malicious packages were found in 53 projects on PyPI.
- These packages have been downloaded over 10,000 times in the past year.
- The malicious code is bundled into Python packages using three different techniques: a test.py script, PowerShell embedded in the setup.py file, and obfuscated code in the __init__.py file.
- PyPI has already removed most of the malicious packages.
- Python developers should thoroughly vet the code they download before installing it on their systems.
Hashtags:
#CyberSecurity #CyberSecurityNews #Windows
Rhadamanthys is a fast-evolving multi-layer malware sold on the Dark Web. It employs multiple layers of obfuscation and encryption techniques. The latest version, 0.5.0, has been released with new features. The malware utilizes various components and techniques to evade detection and obfuscate API names. Rhadamanthys aims to be a major player in the evolving malware market. #Rhadamanthys #malware #DarkWeb #cybersecurity
https://cybersecuritynews.com/rhadamanthys-malware-sold-dark-web/