June 2024 - Cyber Security Minute

No Patches for Hospital Temperature Monitors’ Critical Flaws

Issued by: DataBreach Today

Vulnerabilities in internet-connected temperature monitoring devices mainly used in hospitals, and their accompanying desktop application, could allow hackers to gain administrator privileges to the technology. Researchers at Nozomi Networks uncovered four vulnerabilities in Sensor Net Connect and three flaws in the Thermoscan IP desktop application, both made by a division of French firm Proges Plus….

Malware & Threats

Infinidat Revolutionizes Enterprise Cyber Storage Protection to Reduce Ransomware and Malware Threat Windows

Issued by: CSO Online

Infinidat, a leading provider of enterprise storage solutions, has introduced a new automated cyber resiliency and recovery solution that will revolutionize how enterprises can minimize the impact of ransomware and malware attacks. Infinidat’s InfiniSafe® Automated Cyber Protection (ACP) is a first-of-its-kind cybersecurity integration solution that is designed to reduce the threat window of cyberattacks, such…

News

Bogus: LockBit’s Claimed Federal Reserve Ransomware Hit

Issued by: DataBreach Today

More reasons to beware breathless reporting about a ransomware group’s latest supposed victim: LockBit’s claim to have breached the U.S. Federal Reserve Bank. The Fed, based in Washington, is America’s central bank. It works with 12 regional Fed banks. If any aspect of that system fell victim to ransomware-wielding groups – or had data exfiltrated,…

Malware & Threats

Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organizations Report Cyber Breaches and Incidents

Issued by: Dark Reading

Optiv, the cyber advisory and solutions leader, has published its 2024 Threat and Risk Management Report, which examines how organizations’ cybersecurity investments and governance priorities are keeping up with the evolving threat landscape. Based on an independent Ponemon Institute survey, the report reveals a 59% increase in cyber budgets year-over-year. Additionally, 63% of organizations with…

Malware & Threats

Indonesia Refuses to Pay $8M Ransom After Cyberattack

Issued by: Dark Reading

A cybercrime group is demanding $8 million after compromising Indonesia’s national data center — an amount the government is refusing to pay. More than 200 government agencies have been disrupted by the cyberattack since June 20, according to Samuel Abrijani Pangerapan, director general of informatics applications with the Communications and Informatics Ministry. He told the…

Network Security

Threat Actor May Have Accessed Sensitive Info on CISA Chemical App

Issued by: Dark Reading

An unknown threat actor may have accessed critical information on US chemical facilities by compromising the US Cybersecurity and Infrastructure Security Agency’s (CISA) Chemical Security Assessment Tool (CSAT) earlier this year. Data the adversary may have accessed includes the types and quantities of chemicals stored at different facilities, facility-specific security vulnerability assessments, site security plans,…

Malware & Threats

European Union Sanctions Russian State Hackers

Issued by: DataBreach Today

The European Union sanctioned four Russian domestic intelligence agency hackers including two military officers who participated in what researchers have described as “hack and leak” operations against Western governments. The two officers are part of a Federal Security Service hacking group known as Callisto Group and Coldriver and formerly tracked by Microsoft as Seaborgium. The…

Application Security

What Building Application Security Into Shadow IT Looks Like

Issued by: Dark Reading

Application security (AppSec) programs are difficult to use and filled with vulnerabilities. Overloaded staff face an inadequate budget. Communication with developers is challenging. These sayings are so true, so ubiquitous, that they’ve become tropes. This is why meeting a team of two who managed to resolve 70,000 security vulnerabilities in three months made me gasp….

Software Security

Biden Administration Bans Kaspersky Antivirus Software

Issued by: DataBreach Today

The U.S. federal government is banning Russian cybersecurity firm Kaspersky Labs from selling antivirus software in the United States, officials announced Thursday, citing significant national security risks. Department of Commerce officials urged current Kaspersky customers to “immediately find alternatives” after an investigation determined that Russian state hackers could turn the cybersecurity software against their users….

Malware & Threats

‘Vortax’ Meeting Software Builds Elaborate Branding, Spreads Infostealers

Issued by: Dark Reading

A widespread campaign aimed at stealing cryptocurrency is spreading a wave of infostealers through fake virtual meeting software for both macOS and Windows platforms, particularly targeting the former with the dangerous Atomic stealer. Discovered by Recorded Future’s Insikt Group, the campaign attributed to a threat actor dubbed “Markopolo” is responsible for an elaborate Web and…