Schneider Electric confirms data accessed in ransomware attack, Cactus ransomware group claims responsibility, major brands impacted, investigation ongoing, division-specific systems taken offline, expect business platforms to resume in two days, cybersecurity firms and authorities involved, energy companies under threat, Cactus group increasingly active.
#SchneiderElectric #ransomwareattack #Cactus #cybersecurity #energycompanies
https://www.infosecurity-magazine.com/news/schneider-electric-data-ransomware/
Blackwood APT hackers use DLL loader to escalate privileges and install backdoors. The loader targets users in Japan and China. The malware is a 32-bit DLL without obfuscation or encryption but has the ability to inject malicious code into legitimate processes. It employs anti-analysis techniques and bypasses User Account Control to establish a persistent backdoor. SonicWall has released a signature to detect and block this loader.
https://cybersecuritynews.com/blackwood-apt-escalate-privileges/
Summary: Phishing emails are a common method used by cybercriminals to trick users into downloading malicious content or giving up personal information. These emails can lead to serious consequences such as ransomware attacks, data theft, and remote access control. To protect yourself, be wary of suspicious emails, check the sender's domain, avoid opening suspicious attachments, and use link scanners and antivirus software to detect viruses. Additionally, using a sandbox like ANY.RUN can help analyze and detect malware in emails.
Hashtags: #Phishing #Cybersecurity #Malware #Sandboxing #EmailSecurity
https://cybersecuritynews.com/how-to-check-an-email-for-viruses-in-a-sandbox/
Aembit announces new workload IAM integration with CrowdStrike to help enterprises secure workload-to-workload access. Aembit becomes the first workload IAM platform to integrate with the industry-leading CrowdStrike Falcon platform. Workload IAM transforms enterprise security by securing workload-to-workload access through policy-driven, identity-based, and secretless access controls. Enterprises can protect their workloads from unauthorized access and minimize security vulnerabilities. The partnership provides managed workload-to-workload access, seamless deployment, a zero-trust security model, and visibility and monitoring. This collaboration reflects the growing demands for securing workload access. Aembit Workload IAM is available in the CrowdStrike Marketplace.
#Aembit #CrowdStrike #WorkloadIAM #ZeroTrust #Cybersecurity
https://cybersecuritynews.com/aembit-announces-new-workload-iam-integration/
Linux Kernel’s IPv6 implementation flaw allows attackers to execute arbitrary code. The flaw is identified as CVE-2023-6200 and has a CVSS score of 7.5. Attackers can transmit an ICMPv6 router advertisement packet to exploit this vulnerability. RedHat has issued an advisory stating that an unauthenticated attacker from an adjacent network can cause arbitrary code execution. Mitigation can be achieved by disabling net.ipv6.conf.[NIC].accept_ra parameter. Upgrading to kernel 6.7-rc7 fixes the flaw. #cybersecurity #IPv6 #vulnerability
https://cybersecuritynews.com/linux-kernels-ipv6-implementationflaw/
Phobos ransomware expands with new FAUST variant. Attackers use an Office document with VBA script to propagate the ransomware. FAUST exhibits persistence mechanisms and encrypts files with a ".faust" extension. User caution and regular updating is crucial. #PhobosRansomware #FAUSTVariant #FilelessAttacks #UserAwareness #Cybersecurity
https://www.infosecurity-magazine.com/news/phobos-ransomware-new-faust-variant/
Russian hackers, known as "Midnight Blizzard," targeted Microsoft and other organizations. They used password spray attacks and malicious OAuth applications to gain access to corporate systems. Midnight Blizzard has been active since 2018 and focuses on espionage of foreign interests. Microsoft has started notifying other targeted organizations about the attack. #cyberattack #cybersecurity #cybersecuritynews
Control D, powered by Windscribe VPN, has launched "Control D for Organizations" to democratize cybersecurity for businesses of all sizes. This DNS service provides advanced protection and tools tailored for companies, schools, and NGOs. It includes features such as malware blocking, multi-tenancy, modern protocols, custom filtering, and actionable insights. Control D aims to make first-rate cybersecurity accessible to all organizations, regardless of their size or financial prowess. #Cybersecurity #ControlD #DNSsecurity
Control D, backed by Windscribe VPN, leverages the largest physical VPN network and an anycast DNS network to deliver unparalleled security and freedom from surveillance on a global scale. It is a pioneer in software security and offers user-centric solutions. Businesses can visit controld.com to learn more and start their journey towards comprehensive digital protection. #ControlD #WindscribeVPN #DigitalProtection
https://cybersecuritynews.com/control-d-launches-control-d-for-organizations/
Software developers are urged to patch their Jenkins servers due to a critical vulnerability (CVE-2024-23897) that could allow attackers to read arbitrary files on the system. Exploiting this vulnerability could result in the exposure of Jenkins secrets and the execution of arbitrary code. Jenkins is a widely used open source automation server, making it a significant target for attackers. Over 75,000 Jenkins servers worldwide are currently exposed and unpatched. #Jenkins #vulnerability #cybersecurity
https://www.infosecurity-magazine.com/news/exploits-released-critical-jenkins/
#CyberSecurity #GDPRCompliance #DataPrivacy #DataProtection #SecurityCompanies #CyberThreats #DataBreach #CyberAttack #AI #DataManagement
Summary: In the age of cyber threats, organizations must prioritize data privacy and safeguard personal identifiable information (PII). The ever-evolving threat landscape requires a holistic approach to cybersecurity that is tailored to an organization's unique needs and risk profiles. Adopting a 'data reduction and minimization' approach can help businesses protect sensitive information and reduce the risk of data breaches. Small businesses should take extra precautions when dealing with customer data and limit the storage of sensitive information. Active data purging is necessary to minimize risk, and businesses must invest in revising their information storage practices. Without addressing these risks, businesses are more likely to experience cyberattacks and issues with storing PII in the future.
Hashtags: #DataPrivacy #CyberThreats #DataProtection #PII #DataSecurity
https://www.infosecurity-magazine.com/opinions/can-businesses-navigate-the-pii/
Summary:
1. Amazing footage of a black-eyed squid carrying thousands of eggs.
2. The squid tends to hang out about 6,200 feet below sea level.
3. Gen Z men and women are growing more divided on political issues.
4. Computer systems and AI can make errors, posing risks to justice.
5. Tech companies are shifting focus to generative AI.
6. URL spoofing is common and can lead to malicious attacks.
7. Linguist Emily M. Bender emphasizes the need for accountability in AI.
8. EU citizens wrongly fined for driving in London's Ulez clean air zone.
9. Transport for London accused of a massive data breach.
Hashtags:
#squid #blackeyedsquid #oceanlife #genz #genderdivide #technology #AI #computers #security #URLspoofing #accountability #cleanairzone #breach
Summary: Authorities in Australia, the United Kingdom, and the United States have imposed financial sanctions on Aleksandr Ermakov, a Russian man accused of stealing data on nearly 10 million customers of Medibank, an Australian health insurance company. Ermakov is alleged to have worked with the ransomware group REvil. The allegations against Ermakov mark the first time Australia has sanctioned a cybercriminal. The sanctions suggest that Ermakov operated under multiple aliases on Russian cybercrime forums, including GustaveDore, JimJones, and Blade Runner. The connection between Ermakov and Mr. Shefel, also known as Rescator, was revealed through email and domain name registrations. The REvil group was disrupted by law enforcement in 2021, but there is evidence that Ermakov's group was connected to REvil. Ermakov's alleged association with REvil makes him a target as a person likely to possess significant amounts of cryptocurrency.
Hashtags: #Cybercriminal #MedibankHacker #AleksandrErmakov #REvil #Sanctions #RussianCybercrime #Ransomware #Cybersecurity
https://krebsonsecurity.com/2024/01/who-is-alleged-medibank-hacker-aleksandr-ermakov/
Summary:
- GetBusy is a productivity software company founded in 2017 through the merger of SmartVault and Virtual Cabinet.
- Luke Kiely, the CISO of GetBusy, discusses how cybersecurity regulations have influenced their operations.
- Supply chain attacks on commodity software are a major concern, particularly for managed service providers.
- When faced with compromises, it is important to assess the extent of the compromise and the reliance on a particular platform.
- Transparency is crucial in enhancing security measures and compliance.
- GetBusy focuses on compliance requirements when operating in different geographies.
- The role of a CISO varies depending on the organization and the jurisdiction.
- During M&A deals, the security priorities include reviewing and aligning security controls and cultures.
- Concerns in cybersecurity today include upcoming compliance requirements, supply chain risk, and general risk management.
- Successes in the cybersecurity industry include increased compliance levels and a move towards transparency.
- Advice for cybersecurity professionals: be engaged with the workforce, transparent with partners and customers, and adaptable.
Hashtags: #Cybersecurity #Compliance #SupplyChainAttacks #Transparency #MergersAndAcquisitions #RiskManagement #CISO
https://www.infosecurity-magazine.com/interviews/getbusy-ciso-compliance-security/
Summary:
Evidence shows that Iranian intelligence and military services are involved in cyber activities targeting Western countries. Leaks have revealed a network of entities associated with the Islamic Revolutionary Guard Corps (IRGC) engaged in cyber-attacks. Four intelligence and military organizations linked to the IRGC, including the IRGC's Electronic Warfare and Cyber Defense Organization, have been identified. These agencies have relationships with Iran-based cyber contractors and are associated with offensive cyber activities, including targeting major US financial institutions and healthcare providers. The leaks also show that some contractors export their technologies for surveillance and offensive purposes. US government sanctions are making it harder for these cyber companies to evade detection.
Hashtags: #IranianIntelligence #CyberCompanies #OffensiveCyberActivities #USFinancialInstitutions #HealthcareProviders #Surveillance
https://www.infosecurity-magazine.com/news/leaks-iran-intelligence-cyber/
Summary:
- A hacker in Ukraine has been arrested for assisting Russian missile strikes on the city of Kharkiv.
- The hacker spied on military sites and provided information to Russia on the location of Ukrainian air defense and artillery positions.
- The hacker also planned to carry out DDoS attacks on Ukrainian government websites.
- The hacker was recruited by Russia's intelligence service, the FSB, and is now in custody facing up to 12 years in prison.
- In the US, a Russian hacker has been sentenced to five years and four months in prison for their role in developing and deploying the Trickbot malware.
Hashtags:
#Ukraine #Russia #Hacker #MissileStrikes #CyberEspionage #DDoSAttacks #TrickbotMalware #Cybersecurity
https://www.infosecurity-magazine.com/news/ukraine-arrests-hacker-russian/
1. Jenkins is an open-source automation server targeted by threat actors for remote code execution. #Jenkins #vulnerability
2. The critical vulnerability, CVE-2024-23897, allows attackers to execute remote code through the CLI in Jenkins. #CVE-2024-23897 #remoteCodeExecution
3. Jenkins' default-enabled parser feature, 'expandAtFiles,' is responsible for the vulnerability. #expandAtFiles #securityvulnerability
4. Attackers can access the file system through the args4j library, compromising the system's security. #args4j #fileSystemAccess
5. Reading binary files with cryptographic keys is possible with restrictions, leading to potential RCE attacks. #RCE #cryptographicKeys
6. The vulnerability enables remote code execution via different methods such as resource root URLs and build logs. #remoteCodeExecution #buildLogs
7. Jenkins has fixed the vulnerability in version 2.442/LTS 2.426.3 but provides a temporary CLI access block as a workaround. #vulnerabilityFix #tempAccessBlock
8. Other vulnerabilities, CVE-2024-23898, CVE-2024-23899, CVE-2023-6148, CVE-2024-23905, CVE-2024-23904, and CVE-2023-6147, have also been detected. #otherVulnerabilities
https://cybersecuritynews.com/critical-jenkins-vulnerability/
Cisco Unified Communications and Contact Center Solutions have a critical vulnerability. Attackers can execute arbitrary code on affected devices. The flaw comes from improper processing of user-provided data. Multiple Cisco products are affected. Cisco has released software updates to address the vulnerability. No workarounds are available. Access control lists can be established on intermediary devices to mitigate the risk. The vulnerability has not been publicly disclosed or exploited. #cybersecurity #vulnerability
https://cybersecuritynews.com/cisco-unified-communications-flaw/
Summary: 49 unique zero-days were uncovered in the Pwn2Own Automotive event. Synacktiv won the Master of Pwn Trophy, earning 50 Master of Pwn Points and $450,000 for attacking Tesla's infotainment system and modem. Other researchers also earned rewards for exploiting different vulnerabilities in automotive systems.
Hashtags: #Pwn2Own #cybersecurity #zerodays #automotive
Nozomi Networks unveils wireless security sensor for OT, IoT environments. Guardian Air detects wireless threats in OT and IoT. Frequencies monitored include Bluetooth, cellular, Wi-Fi, Zigbee, LoRaWAN, WirelessHART, and drone RF protocols. Data is sent to Nozomi's cloud-based management system for analysis. Guardian Air enhances wireless security and integrates with Nozomi's Vantage platform. Available this spring. #NozomiNetworks #WirelessSecurity #OT #IoT #Cybersecurity
https://www.securityweek.com/nozomi-unveils-wireless-security-sensor-for-ot-iot-environments/