Attacks, Threats, and Vulnerabilities
U.S. Issues Conti Alert as Second Farming Cooperative Hit by Ransomware (SecurityWeek) CISA has issued an alert on the Conti ransomware, just as a second major U.S. farming cooperative confirmed being hit by ransomware.
Threat Thursday: BlackMatter RaaS – Darker Than DarkSide? (BlackBerry) BlackMatter is a new player in the Ransomware-as-as-Service (RaaS) arena. It has recently made headlines as the likely culprit behind cybersecurity incidents affecting a major medical technology company and a U.S. farming cooperative.
Ransomware Isn’t Back. It Never Left (Wired) A recent wave of attacks belies an apparent lull toward the end of the summer.
Cyber Attack Strikes US Critical Infrastructure (Axio) A Cyber Attack Strikes US Critical Infrastructure, this time an Iowa grain cooperative, illuminating the growing risk for companies.
Hackers breached computer network at key US port but did not disrupt operations (CNN) Suspected foreign government-backed hackers last month breached a computer network at one of the largest ports on the US Gulf Coast, but early detection of the incident meant the intruders weren’t in a position to disrupt shipping operations, according to a Coast Guard analysis of the incident obtained by CNN and a public statement from a senior US cybersecurity official.
Major US port target of attempted cyber attack (TheHill) The Port of Houston, a major U.S.
Port of Houston targeted by hackers believed to be with foreign government, authorities say (ABC13 Houston) The port says it was able to fend off the attack, but there could have been severe consequences for international trade if the hackers had succeeded.
State-sponsored hacking group targets Port of Houston using Zoho zero-day (The Record by Recorded Future) A suspected state-sponsored hacking group has attempted to breach the network of the Port of Houston, one of the largest port authorities in the US, using a zero-day vulnerability in a Zoho user authentication appliance, CISA officials said in a Senate hearing today.
Hackers hit Russian ministry, rocket center using MSHTML vulnerability (HackRead) Microsoft Office zero-day also dubbed MSHTML attack exploited to target Russian government including Interior ministry and State Rocket Center.
BCCL, UIDAI, MP Police were targets of state-sponsored Chinese hackers: Insikt Group (Exchange4media) Earlier this year, Insikt Group documented a RedEcho campaign targeting India’s critical national infrastructure following India’s skirmish with China at Galwan
TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures (Cloudmark) A clever and complicated new SMS malware attack has been discovered in the United States and Canada. This malware, coined TangleBot, can directly obtainpersonal information, control device interaction with apps and overlay screens, and steal account information from financial activities initiated on the device.
Microsoft Exchange Autodiscover Flaw: How Hackers Can Exploit It (MSSP Alert) A Microsoft Exchange Autodiscover design flaw can “leak” web requests outside of a user’s domains, Guardicore reports. Here’s the fix.
Five Things You Need To Know As You Wake Up: A cyber attack compromises African Bank customers (ECR) Kickstart your morning with a variety of national and global news stories. This Thursday morning one of the biggest stories in country is that African Bank had its system hacked and some of their consumers’ personal data is at stake. To lighten things up, you can check out a video of Nicole Richie’s hair catching fire as she blows he birthday candles.
A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit (The Hacker News) A new vulnerability in all Microsoft Windows systems shipped since 2012 can allow attackers to install a rootkit with ease.
When you ‘Ask app not to track,’ some iPhone apps keep snooping anyway (Washington Post) To test Apple’s privacy protections, we watched the data flow out of 10 popular apps.
Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers (The Hacker News) Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers | Read latest news headlines on latest news and technical coverage on cybersecurity, infosec and hacking.
Secret Audit Reveals US Military’s 3D Printing Tech Vulnerable to Cyberattacks (3DPrint.com | The Voice of 3D Printing / Additive Manufacturing) To those of us who are particularly civic-minded, few news alerts are more anxiety-inducing than those in which the U.S. military’s most broadly-encompassing actions are put under the microscope. The…
Sporting Events Are No Longer Immune From Cybercriminals, Warns Darktrace (Gizmodo Australia) With the AFL and NRL grand finals upon us it’s the perfect time to be reminded that even Australian sport is not immune from cybercrime.
Security Patches, Mitigations, and Software Updates
Apple patches iOS and macOS zero-day exploited in the wild (The Record by Recorded Future) Apple has released security updates today to patch a new zero-day vulnerability that Google’s security team said it’s been exploited in the wild to compromise user devices.
Apple Deprecates Outdated TLS Protocols in iOS, macOS (SecurityWeek) Apple announced that it has deprecated the Transport Layer Security (TLS) 1.0 and 1.1 legacy encryption protocols from the latest iterations of its mobile and desktop platforms.
UK Businesses Fear Increased Risk of Data Breach as a Result of Hybrid Working – (UK Today News) More than eight in 10 (83%) UK businesses say hybrid working increases the risk of a data breach, yet over a fifth (22%) remain unprepared if it happens, with speed of response the top concern.
Virginia hails national importance of once-secret Army post in Fauquier (Culpeper Star-Exponent ) The Virginia Landmarks Register gained a most unusual historic district on Thursday: a former Army post whose activities have been among the nation’s most closely guarded secrets.
LG is acquiring automotive cybersecurity startup Cybellum in a $240M deal (TechCrunch) LG Electronics, the Korean tech giant that once was a leading player in mobile phones but is now winding down that business, is making an acquisition that points to its ambitions in another, emerging area: next-generation automotive hardware and services. Today the company announced that it will be…
Web Security Provider Jscrambler Raises $15 Million (SecurityWeek) The company will use the investment to expand marketing and sales initiatives and accelerate product roadmap.
Panorays Closes $42 Million Series B Funding Round to Revolutionize Third-Party Security (Yahoo Finance) Funding Comes on the Heels of 500% Growth in Client Base Panorays group photo Panorays Closes $42 Million Series B Funding Round to Revolutionize Third-Party Security NEW YORK, Sept. 23, 2021 (GLOBE NEWSWIRE) — Panorays, a leading provider of third-party security risk management, today…