Month: September 2023

Malware & Threats

Issued by: DataBreach Today

Johnson Controls Suffers Ransomware Attack Global smart building and security systems maker Johnson Controls faces a major cybersecurity incident, it disclosed in a regulatory filing. “The incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations,” it told the U.S. Securities and Exchange Commission. Bleeping Computer reports…

Vulnerabilities

Issued by: SecurityWeek

An urgent bulletin from the Burlington, Mass. company documented at least eight security defects that could be exploited remotely and urged business customers to immediately upgrade to WS_FTP Server 2020.0.4 (8.7.4) and WS_FTP Server 2022.0.2 (8.8.2). Progress Software said two of the vulnerabilities — CVE-2023-40044 and CVE-2023-40045 — are rated critical because of the risk…

Malware & Threats

Issued by: DataBreach Today

A Chinese hacking group linked to state authorities in Beijing has upgraded its espionage capabilities to target companies with headquarters in the United States and East Asia, warned an alert from Japanese and American cyber agencies. The latest campaign from BlackTech has targeted networks of regional subsidiaries across government, industrial, technology and defense industrial base…

Application Security

Issued by: Dark Reading

In a major update to its Windows 11 operating system this week, Microsoft has integrated Passkeys alongside Windows Hello, its biometric authentication tool. Passkeys creates a unique credential that allows users to authenticate with their face, fingerprint, or a PIN in a more secure process than the traditional password. Microsoft’s passkeys will be available on…

News

Issued by: Security Affairs

The leak consisted of publicly accessible environment files hosted on the flyflair.com website. Flyflair.com belongs to the Canadian ultra-low-cost carrier Flair Airlines, founded in 2005. According to SimilarWeb, the website attracts 3.2 million monthly visitors. Environment files are commonly used in software development to manage environment-specific settings or sensitive information such as API keys and…

Software Security

Issued by: SecurityWeek

Windows 11 feature updates are released in the second half of each calendar year. The latest update, 23H2, is being gradually rolled out to users, with Microsoft expecting the new features to reach all devices by the release of the November 2023 security updates. However, customers with eligible devices running Windows 11 version 22H2 can…

Malware & Threats

Issued by: Security Affairs

Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. The campaign, codenamed STARK#VORTEX by Securonix, targets Ukrainian military entities and CERT-UA attributed it to a threat actor tracked as UAC-0154. The MerlinAgent is an open-source C2 toolkit written in Go, it…

Network Security

Issued by: Dark Reading

Basic security hygiene is more impactful than you may realize. While industry headlines are often dominated by emerging tech and the latest software or hardware solutions, base-level security hygiene still protects against 98% of attacks. This includes measures such as applying zero-trust principles or keeping systems up to date with the latest security patches. However,…