Malware

Flaws in industrial wireless IoT solutions can give attackers deep access into OT networks

It’s common for operational technology (OT) teams to connect industrial control systems (ICS) to remote control and monitoring centers via wireless and cellular solutions that sometimes come with vendor-run, cloud-based management interfaces. These connectivity solutions, also referred to as industrial wireless IoT devices, increase the attack surface of OT networks and can provide remote attackers with a shortcut into previously segmented network segments that contain critical controllers. Industrial cybersecurity firm Otorio released a report this…

Read More

Indigo Bookstore Website Shuts Down After Cyberattack

It is possible that this attack was the result of Info-stealing malware. According to cybersecurity firm Kela, a large amount of data being shared on the Darknet was advertised as login credentials for Indigo that were stolen by info-stealing malware. Such malware looks for sensitive information on the infected system and also collects details about the machine. Threat actors behind the malware can then use stolen information such as credentials to carry out cyberattacks. It…

Read More

Attackers Breach Reddit to Steal Source Code and Internal Data

All organizations should provide phishing awareness and defense training to all of their employees/users. A simple defense technique would be adopting a zero-trust attitude toward outside communication. For email, the zero-trust model means not allowing the delivery of messages unless they originate from a sender who can be authenticated and who has been granted explicit permission to deliver messages to that inbox. https://www.bleepingcomputer.com/news/security/hackers-breach-reddit-to-steal-source-code-and-internal-data/

Read More

North Korean Ransomware Attacks on Healthcare Fund Government Operations

In this campaign, the North Korean ransomware operators made use of numerous vulnerabilities, tools, and TTPs to accomplish their goals. To protect best against a campaign such as this, it is recommended to provide user education into common phishing tactics, such as trojanized software on typo-squatted domains. Additionally, it is recommended to ensure that all software/hardware is up to date, as the operators made use of numerous vulnerabilities that relied on outdated applications. Further, it…

Read More

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Original release date: February 10, 2023 CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01:…

Read More

Top cybersecurity M&A deals for 2023

Uncertainty and instability marked the end of 2022 for many in the tech sector, a trend that bled into the beginning of 2023. Following on the heels of a drought in IT talent came mass layoffs at many of the world’s biggest tech companies as predictions of recession loomed and war in Ukraine dragged on with no end in sight. Global concern over cybersecurity has never been higher, with attacks coming fast and furious and…

Read More

Weee! Grocery Chain Suffers Apparent Data Breach

Individuals who may have been affected by this breach should change login information immediately. Customers who may have been affected should also be aware that phishing attempts, whether by email or text, are likely to increase so any suspicious emails from unknown senders should be dealt with cautiously. https://www.bleepingcomputer.com/news/security/weee-grocery-service-confirms-data-breach-11-million-affected

Read More

Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms

Infections via malicious Google ads has become increasingly utilized by threat actors in recent months, indicating the popularity of such a tactic gaining traction. It is recommended to install an ad blocker on web browsers, as this can help prevent these malicious Google ads from being served. This can help prevent an unsuspecting user from accidentally visiting the malicious website instead of the legitimate one. In cases where a masquerading malware such as Gootkit is…

Read More

MTU Cork Struck with Ransomware Attack

Ransomware continues to be a dominant force in the cybercrime industry. While mitigating this threat is difficult, it is far from impossible, especially with mature incident response, threat detection, and disaster recovery programs in place. Implementing detections for Data Encrypted for Impact (MITRE ATT&CK Technique T1486) and other common ransomware techniques will help incident response teams react as soon as possible, potentially stopping the attacker in their tracks. Backups of critical systems, if kept disconnected…

Read More

#StopRansomware – Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities

Original release date: February 9, 2023 CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and Republic of Korea’s Defense Security Agency and National Intelligence Service have released a joint Cybersecurity Advisory (CSA), Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities, to provide information on ransomware activity used by North Korean state-sponsored cyber to target various critical infrastructure sectors, especially Healthcare and Public…

Read More