- Significant hack potentially exposes US lawmakers’ personal data
March 9, 2023
A serious breach at a healthcare administrator serving the U.S. House of Representatives has potentially exposed the personal data of hundreds of lawmakers and their staff, top representatives and a senior Congressional official said in letters circulated on Wednesday. One of the letters, which the House’s Chief Administrative Officer Catherine Szpindor (CAO) sent to members of ...
- Suspected Chinese cyber spies target unpatched SonicWall devices
March 9, 2023
Suspected Chinese cyber criminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant. The spyware targets the SonicWall Secure Mobile Access (SMA) 100 Series – a gateway device that provides VPN access to remote users. Read more… Source: The Register
- Examining Ransomware Payments From a Data-Science Lens
March 9, 2023
Ransomware has come a long way since the Internet’s pre-cryptocurrency days. The advent of cryptocurrency was an important turning point in the evolution of this cyberthreat, as malicious actors are now no longer confined to available local or regional payment options when collecting ransom payments. The operation costs and monetization models of a ransomware group can be ...
- ECB: The Quick and the Dead – building up cyber resilience in the financial sector
March 8, 2023
The proliferation of cyber threat actors combined with an increase in remote working and greater digital interconnectedness is raising the risk, frequency and severity of cyberattacks. Increasingly, cyber criminals are launching ransomware attacks and demanding payment in crypto. Cyberattacks related to geopolitical developments – Russia’s aggression against Ukraine in particular – have also become a more common ...
- Fortinet warns of new critical unauthenticated RCE vulnerability
March 8, 2023
Fortinet has disclosed a “Critical” vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests. This buffer underflow vulnerability is tracked as CVE-2023-25610 and has a CVSS v3 score of 9.3, rating it critical. This type ...
- These DrayTek routers are under actual attack – and there’s no patch
March 8, 2023
If you’re still using post-support DrayTek Vigor routers it may be time to junk them, or come up with some other workaround, as a cunning malware variant is setting up shop in the kit. The operators behind the Hiatus malware campaign are hijacking DrayTek Vigor router models 2960 and 3900 powered by MIPS, i386 and Arm-based ...
- TSA issues new cybersecurity requirements for airport and aircraft operators
March 7, 2023
Today, the Transportation Security Administration (TSA) issued a new cybersecurity amendment on an emergency basis to the security programs of certain TSA-regulated airport and aircraft operators, following similar measures announced in October 2022 for passenger and freight railroad carriers. This is part of the Department of Homeland Security’s efforts to increase the cybersecurity resilience of U.S. critical infrastructure and ...
- One Month to Go: UK Cyber Week Event Will Help Businesses Fight Back Against Cyber Crime
March 7, 2023
Over 100 world-class speakers, hackers and disruptors working together to bridge knowledge gap between cyber and business communities London, UK, 7 March 2023 – Award winning event organiser, ROAR B2B, today announces the launch of UK Cyber Security Week event on 4th and 5th April at the Business Design Centre, London. Free attendee registration is open ...
- New malware variant has “radio silence” mode to evade detection
March 7, 2023
The Sharp Panda cyber-espionage hacking group is targeting high-profile government entities in Vietnam, Thailand, and Indonesia with a new version of the ‘Soul’ malware framework. The particular malware was previously seen in espionage campaigns targeting critical Southeast Asian organizations, attributed to various Chinese APTs. Read more… Source: Bleeping Computer
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
March 7, 2023
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-28810 Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability CVE-2022-33891 Apache Spark Command Injection Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Emotet malware attacks return after three-month break
March 7, 2023
The Emotet malware operation is again spamming malicious emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide. Emotet is a notorious malware distributed through email containing malicious Microsoft Word and Excel document attachments. When users open these documents and macros are enabled, the Emotet DLL will be downloaded and ...
- Protecting Android clipboard content from unintended exposure
March 6, 2023
Considering mobile users often use the clipboard to copy and paste sensitive information, like passwords or payment information, clipboard contents can be an attractive target for cyberattacks. Leveraging clipboards can enable attackers to collect target information and exfiltrate useful data. Examples even exist of attackers hijacking and replacing the clipboard contents for malicious purposes, such as modifying a copied ...
- Threat landscape for industrial automation systems for H2 2022
March 6, 2023
In H2 2022, the percentage of ICS computers on which malicious objects were blocked increased by 3.5 percentage points compared to the previous six-month period, reaching 34.3%. This was higher than the percentages for 2021 and even 2020. Read more… Source: Kaspersky
- Germany and Ukraine hit two high-value ransomware targets
March 6, 2023
On 28 February 2023, the German Regional Police (Landeskriminalamt Nordrhein-Westfalen) and the Ukrainian National Police (Націона́льна полі́ція Украї́ни), with support from Europol, the Dutch Police (Politie) and the United States Federal Bureau of Investigations, targeted suspected core members of the criminal group responsible for carrying out large-scale cyberattacks with the DoppelPaymer ransomware. Read more… Source: Europol
- DoppelPaymer ransomware suspects cuffed, alleged ringleaders escape
March 6, 2023
German and Ukrainian cops have arrested suspected members of the DoppelPaymer ransomware crew and issued warrants for three other “masterminds” behind the global operation that extorted tens of millions of dollars and may have led to the death of a hospital patient. The criminal gang, also known as Indrik Spider, Double Spider and Grief, used double-extortion ...