- Head Mare: adventures of a unicorn in Russia and Belarus
September 2, 2024
Head Mare is a hacktivist group that first made itself known in 2023 on the social network X (formerly Twitter). In their public posts, the attackers reveal information about some of their victims, including organization names, internal documents stolen during attacks, and screenshots of desktops and administrative consoles. By analyzing incidents in Russian companies, Kaspersky researchers ...
- #StopRansomware: RansomHub Ransomware
August 29, 2024
The Federal Bureau of Investigation (FBI) and partners are releasing this joint advisory to disseminate known RansomHub ransomware IOCs and TTPs. These have been identified through FBI threat response activities and third-party reporting as recently as August 2024. RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—that has established itself as an efficient and successful ...
- Microchip Technologies hit by cyberattack
August 21, 2024
Microchip said an ‘unauthorised party’ disrupted its systems and has impacted its ability to fulfill manufacturing orders. US chipmaker Microchip Technologies has been hit with a cyberattack, disrupting its systems and impacting its manufacturing capabilities. The company revealed the details in a filing with the Securities and Exchange Commission and said it detected “suspicious activity” on ...
- CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery
July 26, 2024
Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF). SSRF occurs when the server can be induced to perform arbitrary requests on behalf of an attacker. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web ...
- Vulnerabilities in PanelView Plus devices could lead to remote code execution
July 2, 2024
Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). The RCE vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device. The ...
- Keytronic confirms data breach after Black Basta ransomware gang strikes again
June 17, 2024
Hardware firm Keytronic has confirmed a significant data breach weeks after the Black Basta ransomware group leaked over 500GB of the company’s stolen data around two weeks ago. The company, known for its printed circuit board assembly (PCBA), reported the cyberattack in an SEC filing over a month ago on May 6 – the attack was ...
- UK: King Charles military badge rollout delayed over fears China could ‘use them for spying’
June 15, 2024
The introduction of military badges specially redesigned to mark King Charles’s accession to the throne has been delayed, with claims British Army chiefs fear the insignia could be made in China, enabling Beijing to insert tracking devices into them. Regiments which have a royal crest on their berets are changing “cap badges” from a design with ...
- Sapphire Werewolf polishes Amethyst stealer to attack over 300 companies
June 5, 2024
Since March 2024, the BI.ZONE Threat Intelligence team has been tracking the cluster of activity dubbed Sapphire Werewolf. The threat actor targets Russia’s industries, such as education, manufacturing, IT, defense, and aerospace engineering. Over 300 attacks were carried out using Amethyst, an offshoot of the popular open‑source SapphireStealer. The attackers disguise the malware as an enforcement ...
- Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices
May 30, 2024
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by different nation-backed actors, including attacks by IRGC-affiliated “CyberAv3ngers” in November 2023, as well ...
- Threat landscape for industrial automation systems, Q1 2024
May 27, 2024
In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Building automation has historically led the surveyed industries in terms of the percentage of ICS computers ...
- Dell data breach may affect up to 49m customers
May 13, 2024
Dell has confirmed a data breach that could, according to reports, have affected up to 49m customers. The breach revealed names and addresses of Dell customers, as well as information about equipment purchased, although the tech giant says that no payment or banking details were uncovered in the incident. Read more… Source: MSN News Sign up for our Newsletter Related:
- U.K., U.S. and Canadian cyber authorities warn of pro-Russia hacktivist attacks on OT systems
May 3, 2024
The U.K.’s National Cyber Security Centre (NCSC) and other international cyber authorities, including the Federal Bureau of Investigation (FBI), have warned about pro-Russia hacktivist attacks targeting providers of operational technology. OT is hardware and software that interacts with the physical environment and includes smart water metres, automated irrigation systems, dam monitoring systems, smart grids and IoT ...
- Dutch chipmaker Nexperia hacked by cyber criminals
April 12, 2024
Dutch-headquartered chipmaker Nexperia was victim of a hacking attack by cyber criminals last month, the Chinese-owned company said on Friday, and was investigating the incident with the help of outside specialists. The company did not say if it had suffered any damage or losses as a result of the hack, but RTL said the cyber criminals ...
- Threat landscape for industrial automation systems. H2 2023
March 19, 2024
In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. In H2 2023, building automation once again had the highest percentage of ICS computers on which malicious objects were blocked of all industries that we looked at. Oil and Gas was the only ...
- Tech giant Fujitsu says it was hacked, warns of data breach
March 18, 2024
Multinational technology giant Fujitsu confirmed a cyberattack in a statement Friday, and warned that hackers may have stolen personal data and customer information. “We confirmed the presence of malware on multiple work computers at our company, and as a result of an internal investigation, we discovered that files containing personal information and customer information could be ...
- BMW security lapse exposed sensitive company information, researcher finds
February 14, 2024
A misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security researcher at threat intelligence company SOCRadar, told TechCrunch that he discovered the exposed BMW cloud storage server while routinely scanning the internet. Read more… Source: TechCrunch
- Scaly Wolf uses White Snake stealer against Russian industry
February 2, 2024
The BI.ZONE Threat Intelligence team has identified at least a dozen campaigns linked to Scaly Wolf. The impact spreads across organizations from various industries in Russia, including manufacturing and logistics. One of the group’s characteristics in gaining initial access is their phishing emails designed to look like legitimate correspondence from Russian public authorities. Its phishing arsenal ...
- Threat Assessment: BianLian ransomware group
January 23, 2024
Unit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most active groups based on leak site data they’ve gathered. From that leak site data, Unit 42 primarily observed activity affecting the healthcare and manufacturing sectors and industries, and impacting organizations mainly in the United States (US) ...
- VF Corp’s cyber incident causes data breach of 35.5 million consumers
January 19, 2024
Vans sneaker maker VF Corp said on Thursday the cyber incident that hit the company in December led to a breach of personal data of about 35.5 million consumers, and added that it does not expect a material impact to its financials. The unauthorized activity, detected on Dec. 13, disrupted global customer orders on its e-commerce ...
- Water and Wastewater Sector – Incident Response Guide
January 18, 2024
Cyber threat actors are aware of – and deliberately target – single points of failure. A compromise or failure of a Water and Wastewater (WWS) Sector organization could cause cascading impacts throughout the Sector and other critical infrastructure sectors. There are many aspects of the large and complex WWS Sector that pose challenges to raising cyber resilience ...