News – June 2022


  • Learn The Latest Oil & Gas Industry Trends With AUTOMA 2022

    June 23, 2022

    Learn The Latest Oil & Gas Industry Trends With AUTOMA 2022  Oil & Gas Automation and Digitalization Congress is held on October, 17-18, 2022, in Milan, Italy, and gathers Oil & Gas companies, EPC contractors, drilling contractors, pipeline operators, refineries, service providers and equipment manufacturers to discuss how to unlock the full potential of innovative technologies ...

  • CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

    June 22, 2022

    CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality. CISA has released six corresponding ...

  • Keeping PowerShell: Security Measures to Use and Embrace

    June 22, 2022

    Cybersecurity authorities from the United States, New Zealand, and the United Kingdom recommend proper configuration and monitoring of PowerShell, as opposed to removing or disabling PowerShell entirely. This will provide benefits from the security capabilities PowerShell can enable while reducing the likelihood of malicious actors using it undetected after gaining access into victim networks. The ...

  • Critical PHP flaw exposes QNAP NAS devices to RCE attacks

    June 22, 2022

    QNAP has warned customers today that most of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution. “A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11. If exploited, the vulnerability allows attackers to ...

  • Yodel blames cyber incident for disruption and parcel-tracking problems

    June 22, 2022

    Delivery company Yodel is experiencing service delays because of what it describes as a “cyber incident” affecting customer services and parcel tracking. “Yodel has experienced a cyber incident that has caused some disruption. We are servicing customers but tracking is currently impacted,” a Yodel spokesperson told ZDNet. “As soon as we detected the incident, we launched an ...

  • Europol: Phishing gang behind several million euros worth of losses busted in Belgium and the Netherlands

    June 21, 2022

    A cross-border operation, supported by Europol and involving the Belgian Police (Police Fédérale/Federale Politie) and the Dutch Police (Politie), resulted in the dismantling of an organised crime group involved in phishing, fraud, scams and money laundering. The action day on 21 June 2022 led to: 9 arrests in the Netherlands 24 house searches in the NetherlandsSeizures including firearms, ...

  • An unknown APT actor attacking high-profile entities in Europe and Asia

    June 21, 2022

    ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly ...

  • 1.5 million customers impacted by Flagstar Bank data breach

    June 21, 2022

    Flagstar Bank has disclosed a security incident that led to the exposure of personal data belonging to up to 1.5 million customers. As reported by Bleeping Computer, the data breach occurred between December 3 and December 4, 2021. The US financial organization is headquartered in Michigan and operates over 150 branches in areas including Indiana, California, Wisconsin, ...

  • Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware

    June 21, 2022

    The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. The APT28 hacking group is believed to be sending emails containing a malicious document name “Nuclear Terrorism A Very Real Threat.rtf.”. The threat ...

  • Magecart attacks are still around. And they are becoming more stealthy

    June 21, 2022

    Magecart attacks are decreasing in number but are becoming more stealthy, with researchers highlighting potential server-side blindspots in tracking them. It’s not too often you hear about Magecart attacks. In the past few years, cybersecurity incidents that hit the headlines tended to involve attacks on core utilities and critical services, state-sponsored campaigns, ransomware, massive data breaches, ...

  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure

    June 21, 2022

    Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to the US government’s CISA and private security researchers. Some of these vulnerabilities received CVSS severity scores as high as 9.8 ...

  • Microsoft 365 credentials targeted in new fake voicemail campaign

    June 20, 2022

    A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials. The operation is ongoing and the threat actor behind it uses fake voicemail notifications to lure victims into opening a malicious HTML attachment. According to researchers at cloud ...

  • There are 24.6 billion sets of credentials up for sale on the dark web

    June 20, 2022

    More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found. Data recorded from last year reflected a 64 percent increase over 2020’s total (Digital Shadows publishes the data every two years), which is a significant slowdown ...

  • Android-wiping BRATA malware is evolving into a persistent threat

    June 19, 2022

    The threat actor behind BRATA banking trojan has evolved their tactics and improved the malware with information-stealing capabilities. Italian mobile security company Cleafy has been tracking BRATA activity and noticed in the most recent campaigns changes that lead to longer persistence on the device. “The modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern,” ...

  • International operation takes down Russian RSOCKS botnet

    June 17, 2022

    A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe. The RSOCKS botnet functioned as an IP proxy service, but instead of ...