Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
SecurityWeek
Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say
The Municipal Water Authority of Aliquippa was just one of multiple organizations breached in the U.S. by Iran-linked "Cyber Av3ngers" hackers
Bleeping Computer
US Health Dept urges hospitals to patch critical Citrix Bleed bug
The U.S. Department of Health and Human Services (HHS) warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks.
CSO
Is China waging a cyber war with Taiwan?
Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports.
HACKRead
Cyberattack Defaces Israeli-Made Equipment at US Water Agency, Brewing Firm
The targets included the Equipment used by the Municipal Water Authority of Aliquippa, Pennsylvania and Brewmation, a New York-based company specializing in turnkey brewing and distilling equipment.
Bleeping Computer
Hackers use new Agent Raccoon malware to backdoor US targets
A novel malware named 'Agent Raccoon' (or Agent Racoon) is being used in cyberattacks against organizations in the United States, the Middle East, and Africa.
SecurityWeek
In Other News: Utilities Targeted by Hackers, Aerospace Attacks, Killnet Leader Unmasked
Utilities in the US and Europe targeted in cyberattacks, aerospace hacking, and Killnet Russian leader unmasked.
The Hacker News
Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats
DOJ and FBI dismantle Qakbot malware and botnet, but is the threat really gone? Find out the aftermath and mitigation strategies.
The Cyber Express
The Top 5 Tech Trends to Watch Out for in 2024
Authored by Neelesh Kripalani, Chief Technology Officer, Clover Infotech Once again, we have reached that time of the year, when
The Record
XDSpy hackers attack military-industrial companies in Russia
A cyberespionage group known as XDSpy recently targeted Russian military-industrial enterprises, according to new research.
The Record
60 credit unions facing outages due to ransomware attack on popular tech provider
The ransomware attack targeted the cloud services provider Ongoing Operations, a company owned by credit union technology firm Trellance.
Bleeping Computer
US govt sanctions North Korea’s Kimsuky hacking group
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals.
HACKRead
68% of US Websites Exposed to Bot Attacks
The conclusion was reached after researchers evaluated over 9,500 of the largest transactional websites in terms of traffic, encompassing sectors such as banking, e-commerce, and ticketing businesses.
CyberNews
US car dealer admits data breach
Berglund Management Group has disclosed a data breach that may have affected more than 50,000 people in the US.
Cyber Security News
Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks
Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums for cyberattacks.
SecurityWeek
Five Cybersecurity Predictions for 2024
Cybersecurity predictions for 2024 to help security professionals in prioritizing efforts to navigate the ever-changing threat landscape.
CyberSecurity Dive
CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks
The Unitronics warning follows an Iran-linked hack of a Pennsylvania water treatment facility.
The Cyber Express
Okta Data Breach: Hackers Access Data of All Customer Support Users, Says Firm
In a letter to clients, Okta revealed that hackers who breached the cybersecurity firm's customer support system had obtained data
The Cyber Express
Cyberattack on Japan’s Space Agency JAXA Confirmed!
Japan's space agency, JAXA, confirmed that it had been the subject of a cyberattack. On Wednesday, a spokesperson from Japan's
The Cyber Express
LockBit Ransomware Group Claims Cyberattack on India’s National Aerospace Laboratories
India's National Aerospace Laboratories (NAL) faces a serious threat as the notorious LockBit ransomware group has claimed responsibility for a
The Record
New Jersey, Pennsylvania hospitals affected by cyberattacks
Hospitals in New Jersey and Pennsylvania are dealing with the ramifications of cyberattacks this week following several similar incidents that took place during the Thanksgiving holiday.
The Record
Japan's space agency hit by cyberattack
Japan's aerospace exploration agency (JAXA) was hit by a cyberattack, a government representative said during the briefing on Wednesday.
The Record
Temporary surveillance extension to ride on defense policy bill
U.S. lawmakers are expected to attach a short-term extension of a controversial surveillance tool to this year’s final National Defense Authorization Act.
The Record
CISA warns of attacks on Unitronics tool used by water utilities, wastewater systems
An incident in Pennsylvania motivated the federal government to alert companies about ways hackers can break into Unitronics programmable logic controllers (PLCs).
CyberNews
Almost two million affected by data company Zeroed-In Technologies breach
HR data analytics company Zeroed-In Technologies was hacked in August this year.
The Cyber Wire
Iran hits Pennsylvania water utility.
Iranian hacktivists claim an attack on a Pennsylvania water utility.
The Record
Healthcare manufacturer Henry Schein expects platform restored this week after cyberattack
One of the largest distributors of healthcare products in the U.S. has restored some of its systems this week after more than a month of disruptions related to multiple cyberattacks.
The Record
North Texas water utility serving 2 million hit with cyberattack
A water utility serving two million people in North Texas is dealing with a cybersecurity incident that caused operational issues.
DarkReading
General Electric, DARPA Hack Claims Raise National Security Concerns
Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies.
Bleeping Computer
Healthcare giant Henry Schein hit twice by BlackCat ransomware
American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October.
Bleeping Computer
Leveraging Wazuh to combat insider threats
Effective strategies for mitigating insider threats involve a combination of detective and preventive controls. Such controls are provided by the Wazuh SIEM and XDR platform.
SecurityWeek
Henry Schein Again Restoring Systems After Ransomware Group Causes More Disruption
Healthcare solutions giant Henry Schein is once again restoring systems after ransomware group claims it re-encrypted files.
Cyber Security News
Kansas Court Hack: Attackers Stole Sensitive Data From Systems
Kanas Supreme Court released the statement for the cyber incident that stole sensitive data from systems,the cybercriminals also stole data.
SecurityWeek
UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.
CyberScoop
Shadowy hacking group targeting Israel shows outsized capabilities
A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.
CyberNews
Hackers target Europe’s grid, Ukraine to use new Cisco device for protection
Since Russia's invasion of Ukraine, Europe’s energy grids have been targeted by thousands of cyberattacks.
CyberNews
Robeson Health Care admits data breach
A healthcare provider in the US has disclosed a data breach that may have exposed the sensitive data of tens of thousands.
The Record
Pennsylvania water authority hit with cyberattack allegedly tied to pro-Iran group
A water authority in Pennsylvania reportedly suffered a cyberattack, prompting officials to reassure people in the area that drinking water has not been affected by the incident.
The Record
Ukraine claims cyber operation against Russian aviation agency
Ukraine's defense intelligence directorate reported that it had completed a “complex special operation in cyberspace” against Rosaviatsia, which oversees Russian civil aviation.
The Record
Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial
The AlphV/Black Cat group claimed it breached Fidelity National Financial, a Fortune 500 provider of title insurance for property sales.
Bleeping Computer
General Electric investigates claims of cyber attack, data theft
General Electric is investigating claims that a threat actor breached the company's development environment in a cyberattack and leaked allegedly stolen data.
SecurityWeek
In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking
Idaho National Laboratory breach, GPS attacks target airplanes, Russian accuses China and North Korea of hacking.
The Hacker News
Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel
Researchers found a Rust version of SysJoker, a cross-platform backdoor used by Hamas-affiliated threat actor targeting Israel during ongoing conflict
CSO
Cyberattacks on Israel intensify as the war against Hamas rages: Check Point
Cyberattacks have grown in frequency as well as sophistication as the Israel-Hamas conflict intensifies.
Infosecurity News
Why Ensuring Supply Chain Security in the Space Sector is Critical
Cybersecurity challenges facing the space sector are unique and securing the supply chain is a high priority
CyberNews
Thousands of exposed gas pumps invite cyberwarriors
Gas station pump controllers could become vital targets in a cyber war.
CyberNews
MacOS targeted by ClearFake malware campaign
A data-stealing program that targets Mac operating systems (OS) is being distributed by means of fake web browser updates.
The Record
Report claims to reveal identity of Russian hacktivist leader
Killmilk is a 30-year-old Russian citizen, according to the news site Gazeta.ru. The report has drawn extra scrutiny to Killnet, known for DDoS attacks on Western targets.
CyberNews
Ransomware that all the script kiddies want to Play with
The Russian-affiliated threat actor Play ransomware gang is now a service for sale, according to cybersecurity analyst Adlumin.
CSO
MOVEit carnage continues with over 2600 organizations and 77M people impacted so far
The number of companies impacted by one of the biggest cyberattack incidents of the year continues to grow.
CyberScoop
Detailed data on employees of U.S. national security lab leak online
The hacking group SiegedSed released personal data on thousands of employees at the Idaho National Laboratory, the nuclear research lab.
SecurityWeek
Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products
Johnson Controls patches a critical vulnerability that can be exploited to take complete control of Frick industrial refrigeration products
SecurityWeek
5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms
Secure Services Edge (SSE) platforms can introduce loopholes & vulnerabilities; it's crucial to assess the risk profiles of SSE platforms.
The Hacker News
LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique
New LummaC2 malware uses trigonometry-based tactic to differentiate between users and security systems, evading sandboxes and security analyses.
SecurityWeek
K-12 Schools Improve Protection Against Online Attacks, but Many Are Vulnerable to Ransomware Gangs
K-12 schools improve protection against cyberattacks, but many are still vulnerable to ransomware gangs, says Biden administration
CyberNews
Most cyberattacks in Russia come from China and North Korea
China and North Korea were behind most of state-sponsored cyberattacks in Russia, according to the country’s security firm Solar.
The Record
CISA launches pilot program offering ‘cutting-edge’ services to critical infrastructure orgs
The U.S. government is offering “cutting-edge cybersecurity shared services” to critical infrastructure organizations that need it most.
The Record
In recent interview, ousted Ukrainian cyber official spoke about new Russian attacks, long-term plans
Ukraine's anti-corruption agency sent shockwaves through the country's cybersecurity agencies on Monday morning, when it announced that it had launched an investigation into the procurement practices of a handful of its top cyber officials.
Bleeping Computer
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks.
Cyber Security News
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
Bleeping Computer
The Week in Ransomware - November 17th 2023 - Citrix in the Crosshairs
Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files.
DarkReading
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks
For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enforcement, and others.
SecurityWeek
FCC Tightens Telco Rules to Combat SIM-Swapping
With cyberattacks rising, new FCC rules will require wireless carriers to notify customers of any SIM transfer requests
SecurityWeek
Researchers Dive Into Activities of Indian Hack-for-Hire Firm Appin
Researchers uncover the activities of Appin, a hack-for-hire Indian firm involved in espionage, surveillance, and disruptive attacks.
CyberSecurity Dive
Threat actors behind Las Vegas casino attacks are social-engineering mavens
Scattered Spider threat actors are attacking large companies and their IT help desks to steal data for extortion, according to federal cyber authorities.
CyberSecurity Dive
FCC proposes 3-year cybersecurity pilot for schools, libraries
The agency will seek public comment on the proposal, which will explore how the Universal Service Fund can support school and library cyber concerns.
CyberNews
Change of tactics: ALPHV reports target to SEC for failing to disclose breach
In what’s probably a first, the ALPHV/BlackCat ransomware gang has filed a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims.
The Record
Multiple colleges, K-12 schools facing outages after cyberattacks
North Carolina Central University is investigating a cyberattack this week, as are school districts in Michigan, Oregon and Atlanta.
The Record
Russian analysts point finger at China, North Korea over cyber activity
Despite the countries' warm relationship, Russia is being targeted by North Korean and Chinese state hacking groups, a cybersecurity firm connected to Rostelecom claims.
The Record
Yamaha and WellLife Network confirm cyber incidents after ransomware gang claims attacks
A ransomware group that has been exploiting a vulnerability in Citrix products posted both companies to its leak site.
The Record
‘Sex life data’ stolen from UK government among record number of ransomware attacks
The latest data released by the Information Commissioner’s Office (ICO) includes an attack that breached data on the sex lives of up to 10,000 people, from an unspecific government department.
Security Affairs
Vietnam Post exposes 1.2TB of data, including email addresses
Vietnam Post Corporation, a Vietnamese government-owned postal service, exposed security logs and employee email addresses.
Bleeping Computer
How DDoS attacks are taking down even the largest tech companies
DDoS attacks are increasingly taking down even the largest tech companies. Learn more Specops Software on these types of attacks and how you can protect your devices from being recruited into botnets.
CyberNews
Vietnam Post exposes 1.2TB of data, including email addresses
At the time of discovery, the data store contained 226 million logged events, resulting in 1.2 Terabytes of data, which was being updated in real-time.
Cyber Security News
Best Network Security Vendors for SaaS - 2024
Best Network Security Vendors for SaaS : 1. Perimeter 81 2. Palo Alto Networks 3. Fortinet 4. Symantec 5. Check Point 6. McAfee 7. Okta.
The Hacker News
Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure
Denmark's energy sector hit by massive cyberattack! In May 2023, 22 Danish energy sector companies were simultaneously targeted.
Bleeping Computer
Ransomware gang files SEC complaint over victim’s undisclosed breach
The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.
Cyber Security News
8-Point Security Checklist For Your Storage & Backups - 2024
A ransomware attack is a horrible time to discover that your backups are not secure, so to help, here’s an 8-point checklist.
SecurityWeek
Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation
The rise of AI-powered disinformation presents an immense challenge to society’s ability to discern fact from fiction.
SecurityWeek
State-Backed Hackers a Threat to Australia, Agency Warns
The Australian Signals Directorate singled out Russia and China as among the country's greatest cyber threats in its latest threat report.
CyberNews
Ohio city severely disrupted by ransomware attack
Huber Heights and Bladen County fell victim to disruptive cyberattacks.
Security Affairs
Gamblers’ data compromised after casino giant Strendus fails to set password
Mexican online casino Strendus has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling.
The Record
FCC proposes cybersecurity pilot program for schools, libraries as attacks increase
The Federal Communications Commission proposed on Tuesday the creation of a “Schools and Libraries Cybersecurity Pilot Program” that would allow officials to collect data about the cybersecurity and advanced firewall services that would best help K-12 schools and libraries across the country defend themselves from hackers.
The Record
CISA's Goldstein: Ukrainian response to Viasat hack proves need for redundancy, resilience
The Ukrainian military’s ability to recover from the Russian attack on satellite company Viasat is an example of the need for redundant systems and resilient organizations, according to a top U.S. government cybersecurity official.
The Record
Critical systems restored at English council following ransomware attack
St Helens Borough Council in northwest England says that about eight weeks after the incident, most services are operating business-as-usual.
DarkReading
Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation
Another two bugs in this month's set of fixes for 63 CVEs were publicly disclosed previously but have not been exploited yet.
SecurityWeek
UK Cybersecurity Center Says ‘Deepfakes’ and Other AI Tools Pose a Threat to the Next Election
Britain’s cybersecurity agency said artificial intelligence and "deepfakes" pose a threat to the country’s next national election
Cyber Security News
10 Best Network Security Companies For CISO - 2024
Best Network Security Companies for CISO: 1. Perimeter81 2. Palo Alto Networks 3. Cisco 4. Check Point 5. IBM 6. Crowdstrike 7. Trend Micro.
CyberNews
Open-source software more resilient, study finds
Software written in the past few years is less error-prone on the whole and therefore more resistant to cyberattacks.
CyberNews
Gamblers’ data compromised after casino giant fails to set password
One of the biggest online casinos in Mexico has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling.
CyberNews
Denmark hit with largest cyberattack on record
Hackers potentially linked to Russia’s military intelligence carried out a series of highly coordinated cyberattacks on Danish energy infrastructure, a report says.
The Record
Cyber-espionage operation on embassies linked to Russia’s Cozy Bear hackers
Targets in Azerbaijan and Italy bore the brunt of the operation by the Kremlin-backed hackers of APT29, also known as Cozy Bear, according to Ukraine's National Cyber Security Coordination Center.
The Record
Cyber incident reports hit ‘all-time high,’ warns UK NCSC
The National Cyber Security Centre said that it received 2,005 voluntary reports over the past year, a 64% increase on last year’s figures. Nearly 400 of those were so serious that the agency's incident management team had to triage the response.
DarkReading
Ducktail Malware Targets the Fashion Industry
Threat actors distributed an archive containing images of new products by major clothing companies, along with a malicious executable disguised with a PDF icon.
CyberSecurity Dive
New York proposes ‘nation-leading’ hospital cybersecurity regulations
The rules, which would require facilities to develop response plans and hire a chief information security officer, aim to safeguard hospitals from growing threats and keep them operating during an attack.
Cyber Security News
BiBi Wiper Attacking Windows Machine to Cause Data Destruction
The ongoing conflict between Israel and Hamas has taken a new turn as cyberattacks have become a prominent weapon for both sides.
CyberSecurity Dive
Dragos again targeted by ransomware group, this time from AlphV
The industrial cybersecurity specialist previously thwarted a shakedown attempt in May and says the current threat has not been substantiated.
SecurityWeek
Yellen Says Ransomware Attack on China's Biggest Bank Minimally Disrupted Treasury Market Trades
A ransomware attack that forced China’s biggest bank to take some systems offline only minimally disrupted the U.S. Treasury market.
CyberNews
Hacking the sky: planes need patching, too – interview
Cyber assaults on the aviation sector carry more serious repercussions than mere data theft or DDoS attacks.
CyberSecurity Dive
4 data-driven priorities for security leaders in 2024
According to a new report, security teams are struggling amid relentless cyberattacks and limited resources. What can leaders do to set their teams up for a more stable 2024?
The Record
Australian ports operator recovering after major cyber incident
One of Australia's largest port operators is resuming operations after being hit by a cyberattack late last week.
Bleeping Computer
Iranian hackers launch malware attacks on Israel’s tech sector
Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms.
Cyber Security News
How Network Detection & Response (NDR) Technology is Used Against Cyber Threats
NDR solutions are becoming indispensable for many organizations in their security architecture due to how they handle threats.
Cyber Security News
10 Best Digital Forensic Investigation Tools - 2024
Best Free Digital Forensic Tools: 1. Sleuth Kit (+Autopsy) 2. Forensic Investigator 3.Autopsy 4. Dumpzilla 5. X-Ways Forensics.
Bleeping Computer
Microsoft: BlueNoroff hackers plan new crypto-theft attacks
Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn.
Bleeping Computer
Microsoft extends Windows Server 2012 ESUs to October 2026
Microsoft provides three more years of Windows Server 2012 Extended Security Updates (ESUs) until October 2026, allowing administrators more time to upgrade or migrate to Azure.
CyberSecurity Dive
Chinese banking giant’s US arm hit by ransomware attack
The hack reportedly disrupted the trading of U.S. Treasuries. The Industrial and Commercial Bank of China Financial Services said it is investigating the attack and progressing recovery efforts.
Bleeping Computer
The Rise of Ransomware in Healthcare: What IT Leaders Need to Know
Ransomware attacks are rapidly becoming the weapon of choice, making up over half of all attacks in the healthcare industry. Learn more from Specops Software on securing your organization from these attacks.
SecurityWeek
Intel Sued Over 'Downfall' CPU Vulnerability
A class action lawsuit has been filed against Intel over its handling of CPU speculative execution vulnerabilities, with a focus on Downfall.
The Hacker News
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
Iranian hacker group Imperial Kitten launches cyberattacks on transportation, logistics, and tech sectors, including Israel.
The Record
Washington State Department of Transportation working to recover from cyberattack
Washington’s State Department of Transportation is recovering from a cyberattack that is causing a range of issues for local ferries and apps used for maps.
CyberScoop
Cyber ops linked to Israel-Hamas conflict largely improvised, researchers say
Microsoft and Mandiant researchers believe Iranian hackers were not prepared for the initial Hamas attack.
Cyber Security News
Top 6 Cyber Incident Response Plans - 2024
Top Incident Response Plans : 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons learned.
Bleeping Computer
Russian hackers switch to LOTL technique to cause power outage
Russian state hackers have evolved their methods for breaching industrial control systems by adopting living-off-the-land techniques that enable reaching the final stage of the attack quicker and with less resources
CyberScoop
Russian hackers disrupted Ukrainian electrical grid last year
The notorious Russian hacking group known as Sandworm took down a substation that caused a brief outage, according to a new Mandiant report.
The Record
NATO allies express support for collective response to cyberattacks
NATO delegates gathered on Thursday for the alliance’s first annual Cyber Defence Conference, marking a growing acceptance among allies that new methods are needed to tackle cyberattacks beyond resilience.
The Record
Ukraine energy facility took unique Sandworm hit on day of missile strikes, report says
Researchers from Mandiant reported on an October 2022 incident involving Russian nation-state hackers that included multiple rare or previously unseen elements.
The Record
SentinelOne to acquire cybersecurity consulting firm Krebs Stamos Group
Cybersecurity giant SentinelOne said it is acquiring advisory firm Krebs Stamos Group and creating a new entity called PinnacleOne Strategic Advisory Group.
The Record
Iranian Charming Kitten hackers targeted Israeli organizations in October
The Iranian hacking group targeted organizations in Israel’s transportation, logistics and technology sectors amid an uptick in Iranian cyber activity since the start of Israel’s war with Hamas.
CSO
US launches “Shields Ready” campaign to secure critical infrastructure
Shields Ready initiative outlines strategies for preparing critical infrastructure organizations for potential disruption and building more resilience into systems, facilities, and processes.
Cyber Security News
What is Crowdsourced Threat Intelligence?
Crowdsourced threat intelligence is a type of threat intelligence that is gathered and analyzed from a variety of sources.
CyberNews
Despite pledges not to pay, ransoms are here to stay
Cybernews asked more than 30 experts from various fields if they’d be willing to pay a ransom in the event of a cybersecurity breach.
CyberNews
Marina Bay Sands Singapore luxury resort breached
Singapore’s iconic Marina Bay Sands luxury resort and casino says loyalty member's personal information was compromised in a data breach.
The Record
NY AG issues $450k penalty to US Radiology after unpatched bug led to ransomware attack
One of the nation’s largest private radiology companies agreed to pay a $450,000 fine after a 2021 ransomware attack led to the exposure of sensitive information from nearly 200,000 patients.
Bleeping Computer
BlueNoroff hackers backdoor Macs with new ObjCShellz malware
The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices.
CyberNews
Russia teaching students to hack infrastructure, Ukraine says
Students in Russia are now taught to launch cyberattacks against Ukrainian and Western infrastructure, according to Ukraine’s intelligence.
The Record
UK government fails to bring forward promised cyber laws in King’s Speech
Legislation that would have, in the government’s own words, “better protected” essential services in the country — including in the water, energy and transport sectors — is now unlikely to be introduced to Parliament until 2025, and probably won’t take effect until 2026 at the earliest.
The Record
Japan Aviation Electronics says servers accessed during cyberattack
Manufacturing giant Japan Aviation Electronics confirmed that its systems are facing a cyberattack that has forced the company to shut down its website.
The Hacker News
Iranian Hackers Launches Destructive Cyberattacks on Israeli Tech and Education Sectors
Iranian-linked Agonizing Serpens APT group using novel wiper malware and tactics to target Israeli education and tech sectors.
CyberSecurity Dive
Countries pledge to not pay ransoms, but experts question impact
There is no mandate to ban governments or businesses from paying ransom demands, but the pledge could be a step toward that outcome.
The Record
Iran-linked hackers attack Israeli education and tech organizations
Hackers suspected of being tied to Iran’s government have been deploying new destructive malware against Israeli organizations, according to recent research.
The Record
Palo Alto Networks to acquire Israeli enterprise browser security firm Talon
Cybersecurity firm Palo Alto Networks intends to acquire Talon Cyber Security, the company confirmed Monday, in what would be its second purchase of an Israeli startup in the last week.
The Record
Mortgage giant Mr. Cooper using alternative payment options after cyberattack
Customers attempting to log in to Mr. Cooper's website to pay their mortgages or loans were instead greeted with a message stating that the company was suffering a technical outage, later confirmed to be a cyberattack.
The Record
Researchers spot an increase in Jupyter infostealer infections
Education and healthcare institutions seem to be targets in the latest wave of Jupyter infections, according to VMware's Carbon Black team.
Trend Micro
Zero Day Threat Protection for Your Network
Explore the world of zero day threats and gain valuable insight into the importance of proactive detection and remediation.
DarkReading
'KandyKorn' macOS Malware Lures Crypto Engineers
Posing as fellow engineers, the North Korean state-sponsored cybercrime group Lazarus tricked crypto-exchange developers into downloading the hard-to-detect malware.
CSO
UK NCSC issues new guidance on post-quantum cryptography migration
The UK National Cyber Security Centre has refreshed its guidance to help system and risk owners plan their migration to post-quantum cryptography (PQC).
The Hacker News
Predictive AI in Cybersecurity: Outcomes Demonstrate All AI is Not Created Equally
Discover how predictive AI is shaping the future of cybersecurity. Learn how BlackBerry's Cylance AI is outperforming the competition in malware.
CSO
Microsoft pledges cybersecurity overhaul to protect products and services
Microsoft launches the Secure Future Initiative to usher in “next generation” of cybersecurity to better protect customers against escalating cybersecurity threats.
SecurityWeek
After Major Cloud Hacks, Microsoft Unveils ‘Secure Future Initiative’
Redmond's new security initiative promises faster patches, better management of signing keys and products with a higher default security bar.
Bleeping Computer
Microsoft pledges to bolster security as part of ‘Secure Future’ initiative
Microsoft announced today the 'Secure Future Initiative,' pledging to improve the built-in security of its products and platforms to better protect customers against escalating cybersecurity threats.
SecurityWeek
Former SpaceX Engineers Get $8 Million in Funding for AI Security Firm Wraithwatch
Former SpaceX cybersecurity engineers launch Wraithwatch, an AI-based security firm that received $8 million in seed funding.
Cyber Security News
Securing Your SaaS: Best Practices and Proven Strategies
Protecting cloud-based apps and the data they manage is the primary goal of Software as a Service (SaaS) security.
SecurityWeek
AP News Site Hit by Apparent Denial-of-Service Attack
The Associated Press news website experienced an outage that appeared to be consistent with a denial-of-service attack
The Record
Boeing says cyber incident affects parts and distribution business
"We are aware of a cyber incident impacting elements of our parts and distribution business," a spokesperson told Recorded Future News. "This issue does not affect flight safety.”
Bleeping Computer
FSB arrests Russian hackers working for Ukrainian cyber forces
Russia's security agency published a press release on Tuesday saying that its officers detained two hackers who either assisted or joined Ukraine's hackers in cyber operations.
SecurityWeek
Countries at a UK Summit Pledge to Tackle AI’s Potentially ‘Catastrophic’ Risks
The AI Safety Summit focused on cutting-edge “frontier” AI that some scientists warn could pose a risk to humanity’s very existence.
DarkReading
FBI Director Warns of Increased Iranian Attacks
Christopher Wray tells the US Senate that more US infrastructure will be targeted for cyberattacks in the wake of the Gaza conflict.
SecurityWeek
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks
Check Point reports that an Iranian APT has been observed using a new malware framework in targeted attacks in the Middle East.
Infosecurity News
Palo Alto Reveals New Features in Russian APT Turla's Kazuar Backdoor
The sophisticated new variant of Turla's Kazuar backdoor was used to target the Ukrainian defense sector
The Record
Russian security service detains two hackers allegedly working for Ukraine
Russia's security service detained two hackers suspected of carrying out cyberattacks on Russian networks on behalf of Ukraine.
The Record
California community college Río Hondo dealing with cybersecurity incident
The LockBit ransomware gang added the school to its list of victims, giving officials until November 20 to pay an undisclosed ransom.
The Record
Major Mexican airport confirms experts are working to address cyberattack
The Querétaro Intercontinental Airport — about three hours from Mexico City — posted on social media that it was responding to an unspecified incident.
The Record
War crimes prosecutor says trials this time might be different
Will there be justice for the atrocities in Bucha, Ukraine? Stephen Rapp, a former U.S. ambassador-at-large for war crimes, talks with the Click Here podcast team about the future of that case and others.
SecurityWeek
Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO
The SEC's lawsuit against the CISO of SolarWinds is leaving CISOs across the industry spooked and reevaluating their roles.
SecurityWeek
Extending ZTNA to Protect Against Insider Threats
Overcoming the failures and challenges of Zero Trust Network Access (ZTNA) for in-office and remote users
CSO
SEC sues SolarWinds and its CISO for fraudulent cybersecurity disclosures
SEC has accused SolarWinds and its CISO of understating cybersecurity risks to stakeholders and said the company missed numerous red flags.
SecurityWeek
SEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity Failures
The SEC filed charges against SolarWinds and its CISO Timothy Brown, over misleading investors about its cybersecurity practices and known risks.
DarkReading
UAE Bolsters Cyber Future With US Treasury Partnership, Collaborations
A determination to be taken seriously as a cyber player sees the United Arab Emirates announce a series of collaborations.
Bleeping Computer
Toronto Public Library services down following weekend cyberattack
The Toronto Public Library (TPL) is warning that many of its online services are offline after suffering a cyberattack over the weekend, on Saturday, October 28.
The Record
Toronto Public Library facing disruptions due to cyberattack
Canada’s largest public library system said it is dealing with a cyberattack that brought down its website, member services pages and limited access to its digital collections.
The Record
Dallas County confirms cybersecurity 'incident' after ransomware gang claims attack
On Saturday, the Play ransomware gang posted the county to its leak site, claiming to have stolen an undisclosed amount of data.
The Record
SEC charges SolarWinds CISO with fraud for misleading investors before major cyberattack
The Securities and Exchange Commission (SEC) announced on Monday evening that it plans to charge SolarWinds Chief Information Security Officer Timothy Brown with fraud for his role in allegedly lying to investors by “overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks.”
Bleeping Computer
The Week in Ransomware - October 27th 2023 - Breaking Records
Ransomware attacks are increasing significantly, with reports indicating that last month was a record month for ransomware attacks in 2023.
Cyber Security News
Most Common AD Misconfigurations Leading to Cyberattacks
Active Directory (AD) is one of the most widely used services that allow organizations to manage users, computers, and other resources inside their internal network.
SecurityWeek
In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding
Noteworthy stories that might have slipped under the radar: Ex-NSA employee spying for Russia, EU threat landscape, cyber education funding
CyberSecurity Dive
How to protect sensitive school data during a cyberattack
The CFO of a Texas school district recommends safer ways to request sensitive employee data and stronger password and verification policies.
The Hacker News
How to Keep Your Business Running in a Contested Environment
Discover real-time threat detection with Fidelis Security's Network Detection and Response solutions.
CyberSecurity Dive
High-profile summer attacks linked to same aggressive ransomware group
Microsoft researchers described Octo Tempest, or Oktapus, as one of the most dangerous financial criminal groups currently in operation.
SecurityWeek
CISA, HHS Release Cybersecurity Healthcare Toolkit
CISA and the HHS have released resources for healthcare and public health organizations to improve their security.
The Hacker News
The Danger of Forgotten Pixels on Websites: A New Case Study
For any company, from healthcare to e-commerce, rogue web elements can lead to massive fines & reputational damage.
CSO
UK Prime Minister announces world’s first AI Safety Institute
AI Safety Institute will examine, evaluate, and test new types of artificial intelligence
CSO
Teleport’s new offering to help reduce attack response times
The identity governance and security offering will automate access requests, detect weak access patterns, and help with incident response.
CSO
Wildfires, cyberattacks, and cheating students turned off the internet in the third quarter
Submarine cable damage, natural disasters and cyberattacks triggered third quarter internet outages worldwide, according to a report from Cloudflare.
SecurityWeek
Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day
Russian APT Winter Vivern exploits a zero-day in the Roundcube webmail server in attacks targeting European governments.
Bleeping Computer
Ransomware isn’t going away – the problem is only getting worse
Ransomware incidents continue to grow at an alarming pace, targeting the enterprise and governments worldwide. Learn more from Specops Software on how ransomware gangs gain initial access to networks and how to protect against attacks.
The Hacker News
The Rise of S3 Ransomware: How to Identify and Combat It
The Rise of S3 Ransomware: How to Identify and Combat It | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
CyberSecurity Dive
Microsoft touts demand for its security services in fiscal Q1, driven by AI appetite
The company said it is gaining market share in the cybersecurity segment and is opening access to its AI-based Security Copilot after an early preview.
The Record
Philadelphia: Hackers spent three months accessing city gov’t email accounts
The government of Philadelphia said hackers spent at least three months inside city email systems, giving them wide access to health information stored in email accounts.
The Record
Espionage group uses webmail server zero-day to target European governments
Researchers at security firm ESET said they have been tracking a new campaign by Winter Vivern, which typically supports Russia and Belarus.
The Record
Kazakhstan-based hackers targeting gov’t websites in Central Asia, Cisco says
Hackers believed to be based in Kazakhstan are targeting other members of the Commonwealth of Independent States in a wide-ranging espionage campaign, according to new research.
The Record
Russian artists’ Spotify accounts defaced by pro-Ukraine hackers
A group of pro-Ukraine hackers recently compromised the Spotify accounts of several well-known Russian musicians, swapping out their profile pictures for images of Ukraine’s flag and a Ukrainian rapper with a call to stop Russia's war in Ukraine.
DarkReading
Cyberattacks on Kenya Drop in Third Quarter
National response team attributes reduction to a cyber workforce with better training.
The Record
Cybersecurity regulations for passenger and freight railroads renewed by TSA
“The renewal is the right thing to do to keep the nation’s railroad systems secure against cyber threats, and these updates sustain the strong cybersecurity measures already in place for the railroad industry,” TSA Administrator David Pekoske said.
DarkReading
Hola Espana: 'Grandoreiro' Trojan Targets Global Banking Customers
Brasileiro cybercrime has been on the rise. Now, one campaign targeting bank customers has reached beyond the Americas, into Europe.
CyberSecurity Dive
Microsoft extends security log retention following State Department hacks
Government and private sector customers will be able to search cloud data records for malicious threat activity by default.
The Record
As Congress idles, key lawmakers retain sense of urgency on surveillance law
Section 702 of the Foreign Intelligence Surveillance Act (FISA) will sunset on January 1 without congressional action. Several committee chairman are pushing ahead with bills to renew the controversial law.
CyberNews
Social media is drowning in misinformation on the Israel-Hamas conflict
No slickly edited five-minute video can explain the Israeli-Palestinian conflict with adequate context, professor Mazza says.
Bleeping Computer
The Week in Ransomware - October 20th 2023 - Fighting Back
This was a bad week for ransomware, with the Trigona ransomware suffering a data breach and law enforcement disrupting the RagnarLocker ransomware operation.
CyberSecurity Dive
Okta attacked again, this time hitting its support system
A threat actor accessed customer support tickets and files containing sensitive data. Okta declined to say how many customers are impacted.
The Hacker News
Unleashing the Power of the Internet of Things and Cyber Security
IoT adoption is on the rise, but it comes with risks. Explore the challenges and opportunities of seamlessly integrating IoT into your business while
CyberSecurity Dive
FAIR Institute wants to quantify just how much a cyberattack costs
The risk-management body is trying to create a standard to estimate material cyber attack costs and help stakeholders better understand risk.
The Record
Exclusive: How a defend-forward operation gave Ukraine’s SBU an edge over Russia
On a recent trip to Kyiv, the Click Here team spoke with Illia Vitiuk, head of the cyber department of the Security Service of Ukraine, about the importance of an early operation with U.S. hunt teams and why he considers attacks on civil infrastructure “to be nothing but a war crime.”
DarkReading
Iran-Linked 'MuddyWater' Spies on Mideast Gov't for 8 Months
The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.
ZDNet
What is ransomware? Everything you need to know and how to reduce your risk
The ransomware business is booming, and really anyone can be the next victim. Here's how to protect yourself and your organization from an attack. Too late for prevention? We'll show you what to do next.
DarkReading
North Korea's Kimsuky Doubles Down on Remote Desktop Control
The sophisticated APT employs various tactics to abuse Windows and other built-in protocols with both custom and public malware to take over victim systems.
SecurityWeek
Lost and Stolen Devices: A Gateway to Data Breaches and Leaks
Strategies to prevent lost and stolen computers from contributing to data breaches and leaks.
The Record
Exclusive: Ukraine says joint mission with US derailed Moscow’s cyberattacks
Ukrainian officials speak with the Click Here podcast team about something they previously kept close to the vest: Their country's hunt forward operations with personnel from U.S. Cyber Command.
The Record
UK warns nuclear power plant operator of cybersecurity failings
EDF failed to “meet its commitment to provide us with a comprehensive and fully resourced cyber security improvement plan,” according to the U.K. chief nuclear inspector’s annual report.
The Record
Lloyd’s of London finds hypothetical cyberattack could cost world economy $3.5 trillion
Researchers found that a global attack would shave off trillions in gross domestic product over a five-year period, with the United States the worst hit, followed by China and Japan.