- NortonLifeLock warns that hackers breached Password Manager accounts
January 13, 2023
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks. According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account ...
- Royal Mail cyber attack carried out by Russian-linked ransomware gang
January 13, 2023
A ransomware gang linked to Russia carried out the Royal Mail cyber attack that suspended international postal deliveries. It is understood that Royal Mail’s investigation found the gang, named Lockbit, infected machines that print customs labels for parcels being sent overseas. The attack has left more than half a million parcels and letters stuck in limbo. Lockbit’s ...
- CISA Releases Twelve Industrial Control Systems Advisories
January 12, 2023
CISA released twelve Industrial Control Systems (ICS) advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-012-01 Sewio RTLS Studio ICSA-23-012-02 RONDS Equipment Predictive Maintenance Solution ICSA-23-012-03 InHand Networks InRouter ICSA-23-012-04 Panasonic Sanyo ...
- Hackers compromised Ontario liquor board website, stole customer data
January 12, 2023
Cyber attackers compromised the website of Ontario’s Liquor Control Board and stole personal information of customers who bought products online, the retailer has acknowledged. “At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the checkout process,” the Crown corporation said in ...
- Hackers exploit Control Web Panel flaw to open reverse shells
January 12, 2023
Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel (CWP), a tool for managing servers formerly known as CentOS Web Panel. The security issue is identified as CVE-2022-44877 and received a critical severity score of 9.8 out of 10 as it allows an attacker to execute code remotely without authentication. On January 3, ...
- Juniper Networks Releases Security Updates for Multiple Products
January 12, 2023
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper Networks’ security advisories page and apply the necessary updates. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- How Did the FBI Get a Tor User’s IP Address?
January 12, 2023
Polling the internet: what is the best way to de-anonymize a Tor user? Somebody over at the FBI definitely has a method, but they clearly aren’t planning on telling anybody anytime soon. Motherboard originally reported that the bureau has somehow managed to nab the IP address of an alleged criminal using Tor, short for “The Onion ...
- Fortinet: Government networks targeted with now-patched SSL-VPN zero-day
January 12, 2023
Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets. The security flaw (CVE-2022-42475) abused in these incidents is a heap-based buffer overflow weakness found in the FortiOS SSLVPNd that allowed unauthenticated attackers to crash targeted devices remotely or gain remote code execution. The network security ...
- Royal Mail export services severely disrupted after ‘cyber incident’
January 11, 2023
Britain’s Royal Mail said on Wednesday it was facing severe disruption to its international export services following what it described as “a cyber incident”. “We are temporarily unable to despatch items to overseas destinations,” Royal Mail, one of the world’s largest post and parcel firms, said in a service update on its website. It advised customers to ...
- U.S. Federal Aviation Administration says flight personnel alert system not processing updates after outage
January 11, 2023
The U.S. Federal Aviation Administration’s (FAA) system that alerts pilots and other flight personnel about hazards or any changes to airport facility services and relevant procedures was not processing updated information, the civil aviation regulator’s website showed on Wednesday. In an advisory, the FAA said its NOTAM (Notice to Air Missions) system had “failed”. There was ...
- The US government is building an AI sandbox to tackle cybercrime
January 10, 2023
A joint effort between the Science and Technology Directorate (S&T) – housed within the Department of Homeland Security (DHS) – and the Cybersecurity and Infrastructure Security Agency (CISA), an AI sandbox will be designed for researchers to collaborate and test analytical approaches and techniques in combating cyber threats. CISA’s Advanced Analytics Platform for Machine Learning (CAP-M) ...