The malware, described as a modular ICS attack framework and a collection of custom-made tools, can be used by threat actors to target ICS and SCADA devices, including programmable logic controllers (PLCs) from Schneider Electric and Omron, and OPC UA servers. Advisories and blog posts describing the toolset have been released by industrial cybersecurity firm…

Elementor is a drag-and-drop website builder for WordPress that has more than 5 million installations. Considered critical, the newly addressed vulnerability was apparently introduced on March 22, in version 3.6.0 of the plugin. Roughly one-third of websites were running a vulnerable version when the bug was found. Researchers with Plugin Vulnerabilities, who identified the flaw,…

In a traditional patch Tuesday update, Microsoft fixed a total of 128 vulnerabilities in various products and components. Of those, at least 10 are critical, at least two were known before the release of the patches and at least one of them was already actively exploited by unknown attackers. This is why it is a…

Kovrr and SANS Institute released their joint survey that reveals enterprise motivation and impact of cyber risk quantification (CRQ) in the modern cybersecurity landscape. CRQ helps businesses evaluate the potential financial impact of cyber events on an organization and is becoming an increasingly critical part of risk management programs. The survey found that over 75%…

The impact of a cybersecurity breach can be painful for any enterprise, and devastating for some. Any one of the top five threats we see in today’s environment—malware, ransomware, web application hacking, insider and privilege misuse, and targeted intrusions— are serious and can cause severe, long-lasting financial and reputational damage. First, there’s the financial cost—$4.24…

Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware. The exploitation allows threat actors to download the Mirai sample to the “/tmp” folder and execute them after permission change using “chmod”. We began seeing malicious activities at the…

As the cyber attack surface continues to rapidly expand, enterprises need a security solution that can help organizations to better understand, communicate, and mitigate cyber risk across their entire IT ecosystem. And with many offerings on the market, choosing the right product can be challenging. CISOs can make a more informed decision by leveraging the…