CyberSecurity Updates

10 Feb

Flaws in industrial wireless IoT solutions can give attackers deep access into OT networks

Data Breaches, Malware, Social Engineering

It’s common for operational technology (OT) teams to connect industrial control systems (ICS) to remote control and monitoring centers via wireless and cellular solutions that sometimes come with vendor-run, cloud-based management interfaces. These connectivity solutions, also referred to as industrial wireless IoT devices, increase the attack surface of OT networks and can provide remote attackers with a shortcut into previously segmented network segments that contain critical controllers. Industrial cybersecurity firm Otorio released a report this…

Read More
10 Feb

Indigo Bookstore Website Shuts Down After Cyberattack

Attacks, Malware

It is possible that this attack was the result of Info-stealing malware. According to cybersecurity firm Kela, a large amount of data being shared on the Darknet was advertised as login credentials for Indigo that were stolen by info-stealing malware. Such malware looks for sensitive information on the infected system and also collects details about the machine. Threat actors behind the malware can then use stolen information such as credentials to carry out cyberattacks. It…

Read More
10 Feb

Attackers Breach Reddit to Steal Source Code and Internal Data

Attacks, Malware

All organizations should provide phishing awareness and defense training to all of their employees/users. A simple defense technique would be adopting a zero-trust attitude toward outside communication. For email, the zero-trust model means not allowing the delivery of messages unless they originate from a sender who can be authenticated and who has been granted explicit permission to deliver messages to that inbox. https://www.bleepingcomputer.com/news/security/hackers-breach-reddit-to-steal-source-code-and-internal-data/

Read More
10 Feb

North Korean Ransomware Attacks on Healthcare Fund Government Operations

Attacks, Malware

In this campaign, the North Korean ransomware operators made use of numerous vulnerabilities, tools, and TTPs to accomplish their goals. To protect best against a campaign such as this, it is recommended to provide user education into common phishing tactics, such as trojanized software on typo-squatted domains. Additionally, it is recommended to ensure that all software/hardware is up to date, as the operators made use of numerous vulnerabilities that relied on outdated applications. Further, it…

Read More
10 Feb

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Attacks, Insights, Malware

Original release date: February 10, 2023 CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01:…

Read More
10 Feb

Microsoft OneNote Abuse for Malware Delivery Surges

Information, News

Organizations worldwide have been warned of an increase in the number of attacks abusing Microsoft OneNote documents for malware delivery. Part of the Office suite, OneNote is typically used within organizations for note taking and task management, among other operations. What makes OneNote documents an attractive target for threat actors includes the fact that they do not benefit from the Mark-of-the-Web (MOTW) protection, along with the fact that files can be attached to OneNote notebooks…

Read More
10 Feb

IOTW: Source code stolen in Reddit phishing attack

Attacks, Data Breaches

A “highly targeted” phishing attack against social media site Reddit’s internal network has seen malicious actors steal the company’s source code and internal documents. The breach occurred on February 5, after a phishing attack was launched at Reddit employees. The site said the attack contained “plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens”.  After obtaining an employee’s credentials, the…

Read More
10 Feb

Siemens Drives Rise in ICS Vulnerabilities Discovered in 2022: Report

Information, News

The number of vulnerabilities discovered in industrial control systems (ICS) continues to increase, and many of them have a ‘critical’ or ‘high’ severity rating, according to a new report from industrial cybersecurity firm SynSaber.  The report compares the number of ICS and ICS medical advisories published by CISA between 2020 and 2022. While the number of advisories was roughly the same in 2021 and 2022, at 350, the number of vulnerabilities discovered last year reached…

Read More
10 Feb

Top cybersecurity M&A deals for 2023

Data Breaches, Malware, Social Engineering

Uncertainty and instability marked the end of 2022 for many in the tech sector, a trend that bled into the beginning of 2023. Following on the heels of a drought in IT talent came mass layoffs at many of the world’s biggest tech companies as predictions of recession loomed and war in Ukraine dragged on with no end in sight. Global concern over cybersecurity has never been higher, with attacks coming fast and furious and…

Read More
09 Feb

Into the void: Your tech and security in digital darkness

Information

No internet, perfect security? Two ESET researchers perform a thought experiment where they consider the implications of being plunged into digital darkness. Not every computer problem is due to a war in Ukraine, or the failure of the power grid in Texas. But let’s say your network access gets shut off from the rest of the world due to a catastrophic event. Whether it is an armed conflict, a decision of an authoritarian regime, an…

Read More