News – March 2023

March 27, 2023

A team of hackers from French security shop Synacktiv have won $100,000 and a Tesla Model 3 after subverting the Muskmobile’s entertainment system, and from there opening up the car’s core management systems. The prize was awarded at the annual Pwn2Own competition in Vancouver and it wasn’t Synacktiv’s only win. The team walked away from the ...

March 27, 2023

Through extensive analysis and as of this writing, we discovered over 200 victims, leading to a wider intelligence analysis of the groups’ goals, different operation groups, and tactics, techniques, and procedures (TTPs). Our study aimed at understanding the different phases and facets involved in this operation, shedding light on the motives and techniques used by ...

March 27, 2023

The idea of creating Web 3.0 has been around since the end of 2000s. The new version of the world wide web should repair the weak points of Web 2.0., some of which are: featureless content, prevalence of proprietary solutions, and lack of safety in a centralized user data storage environment, where a massive leak ...

March 26, 2023

A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with. Emotet is a notorious malware infection distributed through phishing emails that in the past contained Microsoft Word and Excel documents with malicious macros that install the malware. Read more… Source: Bleeping Computer  

March 26, 2023

One of the authors of a Senate bill that would enable the US commerce department to ban technologies with links to foreign governments has said the Biden White House is “very in favor” of the measure, but stopped short of saying whether the administration has discussed possibly prohibiting the Chinese-owned platform TikTok in particular. Appearing on ...

March 24, 2023

The FBI warns the public of criminal actors using Business Email Compromise (BEC) schemes to facilitate the acquisition of a wide range of commodities. BEC is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional. In many BEC scams, ...

March 24, 2023

Accelerating Digital Inclusion and Sustainable Transformation The 8th Edition of the Connected Banking Summit Southern Africa is set to take place on May 24, 2023, in Johannesburg, South Africa, bringing together top executives, experts, and leaders from the banking and financial services industry. The summit, organized by the International Center for Strategic Alliances (ICSA), is a ...

March 24, 2023

US Cyber Command operators have confirmed they carried out an online defensive mission in Albania, in response to last year’s cyber attacks against the local government. Over the course of the three-month deployment, Cyber National Mission Force (CNMF) troops worked with their Albanian counterparts to hunt for cyber threats and identify vulnerabilities on networks in the ...

March 23, 2023

As we spoke about in the new ThreatWise TV documentary, “People Matter: A look back on how Cisco Talos has been supporting Ukraine,” war isn’t something that often appears in an organization’s business continuity or disaster recovery plans. In the months leading up to Russia’s invasion of Ukraine, Cisco and Talos did everything we could to ...

March 23, 2023

CISA released six Industrial Control Systems (ICS) advisories on March 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-082-01 RoboDK ICSA-23-082-02 CP-Plus KVMS Pro ICSA-23-082-03 SAUTER EY-modulo 5 Building Automation Stations Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases Eight Industrial Control Systems Advisories  

March 23, 2023

Construction materials giant GRS Roadstone is writing to employees warning them to check their bank accounts following a major cyber attack. The firm – which employs 800 people – was hit by a “sophisticated cyber-incident” last year which saw data relating to current and former employees copied from its systems and leaked online. Read more… Source: Construction Enquirer  

March 23, 2023

The commissions of the House of Commons and House of Lords have announced they will follow the move taken by the government on official devices, citing the need for cyber security. A parliament spokesman said that TikTok “will be blocked from all parliamentary devices and the wider parliamentary network”. Read more… Source: Sky News  

March 23, 2023

Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables ...

March 23, 2023

Devices used in critical infrastructure are riddled with vulnerabilities that can cause denial of service, allow configuration manipulation, and achieve remote code execution, according to security researchers. And most of these operational technology (OT) products – which include industrial control systems and related devices – claim security certifications, some of which they did not actually have. Read ...

March 22, 2023

In the recently released 2022 Internet Crime Report produced by the FBI’s Internet Crime Complaint Center (IC3), the numbers confirm that cyber actors continue to plague Americans by targeting U.S. networks, attacking critical infrastructure, holding our money and data for ransom, facilitating large-scale fraud schemes, and threatening our national security. IC3 received a total of ...