CyberSecurity Updates

16 Aug

CISA Releases JCDC Remote Monitoring and Management (RMM) Cyber Defense Plan

Attacks, Insights, Malware

Today, CISA released the Remote Monitoring and Management (RMM) Cyber Defense Plan, the first proactive Plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC). This plan addresses systemic risks facing the exploitation of RMM software. Cyber threat actors can gain footholds via RMM software into managed service providers (MSPs) or manage security service providers (MSSPs) servers and, by extension, can cause cascading impacts for the small and medium-sized organizations that…

Read More
15 Aug

2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability

Information, News

A threat actor has automated the exploitation of a recent Citrix vulnerability and has infected roughly 2,000 NetScaler instances with a backdoor, British information assurance firm NCC Group reports. Tracked as CVE-2023-3519, the critical vulnerability was disclosed last month as a zero-day, being exploited since June 2023, including in attacks against critical infrastructure organizations. The issue allows unauthenticated, remote attackers to execute arbitrary code on vulnerable Citrix Application Delivery Controller (ADC) and Gateway appliances that…

Read More
15 Aug

Crimeware server used by NetWalker ransomware seized and shut down

Information

by Paul Ducklin It’s taken nearly ten years, but the US Department of Justice (DOJ) has just announced the court-approved seizure of a web domain called LolekHosted.net that was allegedly connected to a wide range of crimeware-as-a-service activities. The DOJ also charged a 36-year-old Polish man named Artur Karol Grabowski in connection with running the service, but his current whereabouts are unknown. In the DOJ’s blunt words, “Grabowski remains a fugitive.” The downed site is…

Read More
15 Aug

“Grab hold and give it a wiggle” – ATM card skimming is still a thing

Information

by Paul Ducklin It’s been a while since we’ve written about card skimmers, which used to play a big part in global cybercrime. These days, many if not most cyber-breach and cybercrime stories revolve around ransomware, the darkweb and the cloud, or some unholy combination of the three. In ransomware attacks, the criminals don’t actually need to approach the scene of the crime in person, and their payoffs are extracted online, typically using pseudoanonymous technologies…

Read More
14 Aug

Diligere, Equity-Invest Are New Firms of U.K. Con Man

Information, Insights

John Clifton Davies, a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Invest[.]ch, and Diligere[.]co.uk, a scam due diligence company that Equity-Invest insists all investment partners use. A native of the United Kingdom, Mr. Davies absconded from justice before being convicted on multiple counts…

Read More
14 Aug

Colorado Health Agency Says 4 Million Impacted by MOVEit Hack

Data Breaches, Information, News

The Colorado Department of Health Care Policy and Financing (HCPF) has revealed that the personal information of millions of individuals was compromised in a data breach resulting from the recent MOVEit cyberattack. On Friday, HCPF informed the Maine Attorney General’s office that it has started informing close to 4.1 million individuals that their personal information might have been compromised in the incident. In a sample notification letter submitted to authorities, HCPF revealed that, on May…

Read More
13 Aug

Don’t Expect Quick Fixes in ‘Red-Teaming’ of AI Models. Security Was an Afterthought

Information, News

White House officials concerned by AI chatbots’ potential for societal harm and the Silicon Valley powerhouses rushing them to market are heavily invested in a three-day competition ending Sunday at the DefCon hacker convention in Las Vegas. Some 2,200 competitors tapped on laptops seeking to expose flaws in eight leading large-language models representative of technology’s next big thing. But don’t expect quick results from this first-ever independent “red-teaming” of multiple models. Findings won’t be made…

Read More
11 Aug

In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
11 Aug

Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying

Information, News

Over a dozen vulnerabilities discovered by Microsoft researchers in Codesys products can be exploited to cause disruption to industrial processes or deploy backdoors that allow the theft of sensitive information. Germany-based Codesys makes automation software for engineering control systems. Its products are used by some of the world’s largest industrial control system (ICS) manufacturers, the vendor claiming that its software is found in millions of devices — roughly 1,000 different types of products made by…

Read More