Details Disclosed for GitHub Pages Flaws That Earned Researchers $35,000
GitHub Pages is a service that individuals and organizations can use to host websites. The sites can be hosted on a custom domain or the github.io domain, and the code for the website is taken directly from a private or public GitHub repository. The pages themselves can also be private or public. Over the weekend,…
All Eyes on PCAP: The Gold Standard of Traffic Analysis
PCAP, or full packet data capture for analysis, does what it says – it captures the entirety of every packet that comprises the network traffic (both metadata and content). If something happens on the network, PCAP knows about it. Whether it is malware moving data around, or staff arranging a private party, it can be…
The Rise of Industrial IoT and How to Mitigate Risk
With the acceleration of digital transformation and convergence of IT and operational technology (OT) networks, Internet of Things (IoT) and Industrial IoT (IIoT) devices are becoming essential tools for companies in sectors including oil and gas, energy, utilities, manufacturing, pharmaceuticals, and food and beverage. Whether optimizing individual processes or entire factories and other critical infrastructure…
APT Group Using Voice Changing Software in Spear-Phishing Campaign
The Molerats hacking group, also tagged as Gaza Hackers Team, Gaza Cybergang, DustySky, Extreme Jackal, and Moonlight, has been active since at least 2012, mainly targeting entities in the Middle East, but also launching attacks against targets in Europe and the United States. Cado Security says that APT-C-23, believed to be part of Molerats, typically…
University of California Victim of Nationwide Hack Attack
A cybersecurity attack targeted a vulnerability in Accellion, a third-party vendor that is used to securely transfer files, the university said in a statement Wednesday. “We understand those behind this attack have published online screenshots of personal information, and we will notify members of the UC community if we believe their data was leaked in…
VMware Patches Critical Flaw in Carbon Black Cloud Workload
Tracked as CVE-2021-21982 and featuring a CVSS score of 9.1, the recently addressed vulnerability resides in the administrative interface for the appliance and exists because attackers could bypass authentication through manipulation of a URL on the interface. “A malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance…
Nine Critical Flaws in FactoryTalk Product Pose Serious Risk to Industrial Firms
The vulnerabilities were discovered by researchers at industrial cybersecurity firm Claroty and they were addressed by the vendor with the release of AssetCentre v11. Previous versions are impacted. FactoryTalk AssetCentre is designed for securing, managing, tracking, versioning and reporting information related to automation assets across an entire facility. The product is used by many industrial…
Financial Sector Remains Most Targeted by Threat Actors: IBM
Manufacturing and energy became the second and third most targeted industries last year, respectively. Retail and professional services rounded up the top five most targeted sectors, IBM says. In the latest installment of their annual X-Force Threat Intelligence Index, IBM Security also reveals that ransomware was the most popular attack method in 2020, with a…
After Hack, Officials Draw Attention to Supply Chain Threats
The National Counterintelligence and Security Center warned Thursday that foreign hackers are increasingly targeting vendors and suppliers that work with the government to compromise their products in an effort to steal intellectual property and carry out espionage. The NCSC said it is working with other agencies, including the Cybersecurity and Infrastructure Security Agency, to raise…
NIST Publishes Guide for Securing Hotel Property Management Systems
The National Institute of Standards and Technology (NIST) has released a cybersecurity guide for the hospitality industry to help reduce security risks related to hotel property-management system software. These systems store guest personal information and credit card data – an attractive target for hackers. NIST’s new guide provides security recommendations and suggestions for using commercially…
