CyberSecurity Updates

29 Nov

SecurityWeek to Host Cyber AI & Automation Summit on December 6th

Information, News

Virtual conference will explore cybersecurity use-cases for artificial intelligence (AI) technology and the race to protect LLM algorithms from adversarial use. SecurityWeek will host its 2023 Cyber AI & Automation Summit on December 6, 2023 as a fully immersive virtual conference, showcasing prominent technologists discussing the burgeoning AI-powered security landscape. The Cyber AI & Automation Summit will feature keynotes and editorial presentations from Chief Information Security Officers (CISOs), software developers, policy analysts, government representatives and…

Read More
29 Nov

The biggest cyber security attacks in November

Attacks, Data Breaches

Cyber Security Hub takes a look at the most significant cyber security incidents in November. Contents 2.2 million people impacted by McLaren Health Care data breach Toyota Financial Services systems forced offline by cyber attack Data breach at US nuclear energy firm exposes sensitive employee information BlackCat/APLHV ransomware gang reports victim’s “undisclosed” data breach Canadian Government data exposed by contractor cyber attack LockBit ransomware affiliates actively exploit Citrix Bleed vulnerability General Electric investigates claims of…

Read More
29 Nov

CISA Releases First Secure by Design Alert

Attacks, Insights, Malware

Today, CISA published guidance on How Software Manufacturers Can Shield Web Management Interfaces From Malicious Cyber Activity as a part of a new Secure by Design (SbD) Alert series.    This SbD Alert urges software manufacturers to proactively prevent the exploitation of vulnerabilities in web management interfaces by designing and developing their products using SbD principles:   Take Ownership of Customer Security Outcomes.  Embrace Radical Transparency and Accountability.    For more information on SbD principles,…

Read More
29 Nov

Ransomware attack disrupts multiple US hospital ERs

Attacks, Data Breaches

US healthcare provider Ardent Health Services is facing disruption to clinical and financial operations at six locations following a ransomware attack. Ardent Health Services and its affiliated entities (Ardent) became aware of a cybersecurity incident on the morning of November 23, according to a statement published this week. Ardent’s IT team immediately began working to understand the event, safeguard data and regain functionality, taking its network offline, it said. This suspended all user access to…

Read More
28 Nov

‘Tis the season to be wary: 12 steps to ruin a cybercriminal’s day

Information

Scams, Cybercrime The holiday shopping season may be the time to splurge, but it’s a also favorite time of year for cybercriminals to target shoppers with phony deals, phishing scams and other threats Phil Muncaster 27 Nov 2023  •  , 5 min. read The holiday shopping season is in full swing. It involves a seemingly endless few weeks of shopping mayhem as we rush to take advantage of bargains and buy gifts for our friends…

Read More
28 Nov

ID Theft Service Resold Access to USInfoSearch Data

Data Breaches, Information, Insights

One of the cybercrime underground’s more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. Since at least February 2023, a service advertised on Telegram called USiSLookups has operated an automated bot that allows anyone to look up the SSN or background report on virtually any American. For prices ranging from $8 to $40 and payable via…

Read More
28 Nov

Police Dismantle Major Ukrainian Ransomware Operation

Information, News, Uncategorized

Law enforcement agencies in seven countries teamed up with Europol and Eurojust to dismantle a major Ukraine-based ransomware operation. According to Europol, 30 properties were searched on November 21 in four regions of Ukraine, resulting in the arrest of a 32-year-old who is allegedly the operation’s ringleader, as well as four key accomplices.  This law enforcement activity is part of an operation that resulted in the arrests of a dozen individuals back in 2021.  The…

Read More
28 Nov

Exploitation of Unitronics PLCs used in Water and Wastewater Systems

Attacks, Insights, Malware

CISA is responding to active exploitation of Unitronics programmable logic controllers (PLCs) used in the Water and Wastewater Systems (WWS) Sector. Cyber threat actors are targeting PLCs associated with WWS facilities, including an identified Unitronics PLC, at a U.S. water facility. In response, the affected municipality’s water authority immediately took the system offline and switched to manual operations—there is no known risk to the municipality’s drinking water or water supply. WWS Sector facilities use PLCs…

Read More
27 Nov

Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass

Information, News

Open-source file-sharing and collaboration software ownCloud is plagued by critical vulnerabilities that could lead to the exposure of credentials and other sensitive information and to authentication and validation bypass. The most serious issue, which carries a CVSS score of 10/10, impacts the graphapi app, which uses a third-party library providing a URL that, when accessed, reveals the PHP environment’s configuration details (phpinfo). “This information includes all the environment variables of the webserver. In containerized deployments,…

Read More
26 Nov

CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development

Attacks, Insights, Malware

Today, in a landmark collaboration, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) are proud to announce the release of the Guidelines for Secure AI System Development. Co-sealed by 23 domestic and international cybersecurity organizations, this publication marks a significant step in addressing the intersection of artificial intelligence (AI), cybersecurity, and critical infrastructure. The Guidelines, complementing the U.S. Voluntary Commitments on Ensuring Safe, Secure, and Trustworthy AI,…

Read More