Cyber Security News

  • CISA Adds One Known Exploited Vulnerability to Catalog

    May 26, 2023

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-2868 Barracuda Networks ESG Appliance Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases ...

  • US govt contractor ABB confirms ransomware attack, data theft

    May 26, 2023

    Swiss tech multinational and U.S. government contractor ABB has confirmed that some of its systems were impacted by a ransomware attack, previously described by the company as “an IT security incident.” It also revealed that the attackers had stolen data from compromised devices and that it would notify affected individuals if their information was impacted in ...

  • U.S. DOD Submits Classified Cyber Strategy to Congress

    May 26, 2023

    The Department of Defense announced on Friday that it submitted its classified 2023 cyber strategy to Congress “earlier this week” and plans to release an unclassified summary of its new cybersecurity approach “in the coming months.” “The classified 2023 DOD cyber strategy provides direction to the department to operationalize the concepts and defense objectives for cyberspace ...

  • Buhti: New Ransomware Operation Relies on Repurposed Payloads

    May 25, 2023

    A relatively new ransomware operation calling itself Buhti appears to be eschewing developing its own payload and is instead utilizing variants of the leaked LockBit and Babuk ransomware families to attack Windows and Linux systems. While the group doesn’t develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer ...

  • COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises

    May 25, 2023

    Mandiant identified novel operational technology (OT) / industrial control system (ICS)-oriented malware, which we track as COSMICENERGY, uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are ...

  • Mercenary mayhem: A technical analysis of Intellexa’s PREDATOR spyware

    May 25, 2023

    Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox). Cisco Talos research specifically looks at two components of this mobile spyware suite ...

  • Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

    May 24, 2023

    Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt ...

  • New PowerExchange malware backdoors Microsoft Exchange servers

    May 24, 2023

    A new PowerShell-based malware dubbed PowerExchange was used in attacks linked to APT34 Iranian state hackers to backdoor on-premise Microsoft Exchange servers. After infiltrating the mail server via a phishing email containing an archived malicious executable, the threat actors deployed a web shell named ExchangeLeech (first observed by the Digital14 Incident Response team in 2020) that ...

  • IT security analyst admits hijacking cyber attack to pocket ransom payments

    May 24, 2023

    A former IT security analyst at Oxford Biomedica has admitted, five years after the fact, to turning to the dark side – by hijacking a cyber attack against his own company in an attempt to divert any ransom payments to himself. Ashley Liles, of Letchworth Garden City, Hertfordshire, pleaded guilty at Reading Crown Court to blackmail ...

  • Arms maker Rheinmetall confirms BlackBasta ransomware attack

    May 23, 2023

    German automotive and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business. On Saturday, May 20th, 2023, BlackBasta posted Rheinmetall on its extortion site along with samples of the data the hackers claimed to have stolen from the German company. Read more… Source: Bleeping Computer  

  • CISA and Partners Update the #StopRansomware Guide

    May 23, 2023

    Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates lessons learned from the past two years and ...