threats Archives - Cyber Security Minute

US Navy Ship Builder Says No Classified Info Leaked in Cyberattack

Issued by: Dark Reading

The US leg of an Australia-based shipbuilding company, Austal, which is a contractor for the US Department of Defense and the Department of Homeland Security, recently alerted the FBI and the Naval Criminal Investigative Service (NCIS) of a cyberattack. The cyberattack was claimed by the Hunters International ransomware group, which leaked stolen information as proof…

Malware & Threats

Ransomware Readiness Assessments: One Size Doesn’t Fit All

Issued by: Dark Reading

Ransomware attacks can be devastating for organizations, causing significant damage to operations and reputations. Therefore, it’s crucial to prepare for such an eventuality with a comprehensive ransomware response plan. However, it’s also essential to understand that ransomware readiness assessments aren’t a one-size-fits-all solution. Let’s explore why a tailored approach to ransomware readiness assessments is necessary…

Malware & Threats

Saudi Aramco CEO Warns of New Threat of Generative AI

Issued by: Dark Reading

The world’s largest oil company issued a warning this week that the energy sector is vulnerable to attacks, particularly with the advent of new technologies such as generative AI. Amin H. Nasser, CEO of Saudi Aramco, told the Global Cybersecurity Forum that the energy sector is an attractive target to those who want to do…

Vulnerabilities

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Issued by: The Hacker News

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. “There are indications from Google Threat Analysis Group and Google Project Zero…

Malware & Threats

Fake WinRAR PoC Exploit Conceals VenomRAT Malware

Issued by: Dark Reading

In a new twist on the cybercrime penchant for trojanizing things, a threat actor recently pounced upon a “hot” vulnerability disclosure to create a fake proof of concept (PoC) exploit that concealed the VenomRAT malware. According to research from Palo Alto Networks, the cyberattacker, who goes by “whalersplonk,” took advantage of a very real remote…

Vulnerabilities

Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications

Issued by: Dark Reading

After vulnerabilities were found in the TETRA communications protocol that powers industrial control systems globally, researchers have revealed new research showing multiple additional zero-day vulnerabilities in a Motorola base station and system chip. Both are required to run and decrypt the TETRA communications algorithm, potentially exposing sensitive information. TETRA, or Terrestrial Trunked Radio, is a…

Vulnerabilities

CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem

Issued by: Dark Reading

The soon-to-be-released Version 4.0 of the Common Vulnerability Scoring System (CVSS) promises to fix a number of issues with the severity metric for security bugs. But vulnerability experts say that prioritizing patches or measuring exploitability will still be a tough nut to crack. The Forum of Incident Response and Security Teams (FIRST) released a preview…

Malware & Threats

SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023

Issued by: Dark Reading

Expert instructors from the SANS Institute here yesterday detailed what they cite as the most dangerous forms of cyberattacks for 2023. Some of the key themes bubbling to the surface included the intersection of AI with attack patterns and the ways that attackers are taking advantage of highly flexible development environments. “This is my favorite…

Network Security

Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin

Issued by: Security Affairs

WordPress security firm PatchStack warns of a high-severity vulnerability in the Elementor Pro WordPress plugin that is currently being exploited by threat actors in the wild. Elementor Pro is a paid plugin that is currently installed on over 11 million websites, it allows users to easily create WordPress websites. This vulnerability was reported on March…

Vulnerabilities

Vulkan Playbook Leak Exposes Russia’s Plans for Worldwide Cyberwar

Issued by: Dark Reading

The release of thousands of pages of confidential documents has exposed Russian military and intelligence agencies’ grand plans for using their cyberwar capabilities in disinformation campaigns, hacking operations, critical infrastructure disruption, and control of the Internet. The papers were leaked from the Russian contractor NTC Vulkan and show how Russian intelligence agencies use private companies…