featured Archives - Page 21 of 75 - Cyber Security Minute

Transportation sector targeted by both ransomware and APTs

Issued by: Help Net Security

Trellix released The Threat Report: Fall 2022 from its Advanced Research Center, which analyzes cybersecurity trends from the third quarter (Q3) of 2022. The report includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat (APT) actors. It examines malicious cyberactivity including threats to email, the malicious use of legitimate third-party…

Vulnerabilities

Networking Tech Vulnerability Could Be Used to Hack Spacecraft: Researchers

Issued by: Security Week

The flaw affects Time-Triggered Ethernet (TTE), a networking technology specifically designed for real-time applications and cyber-physical systems with high safety and availability requirements. TTE is often used to reduce costs and improve efficiency as it allows mission-critical components to exist on the same network hardware as less important systems. For instance, life support systems can…

Vulnerabilities

Aiphone Intercom System Vulnerability Allows Hackers to Open Doors

Issued by: Security Week

Aiphone is one of the largest global manufacturers of intercom systems, including audio and video entry systems for residential and corporate buildings. Last week, researchers with Norwegian application security firm Promon published information on a vulnerability identified in several Aiphone products that could allow an attacker to easily breach the entry system using an NFC…

Mobile Security

Google Pays $70k for Android Lock Screen Bypass

Issued by: Security Week

Tracked as CVE-2022-20465, the security bug was resolved as part of the November 2022 Android patches, and could have allowed an attacker with physical access to a device to unlock it in minutes. The issue, which Schutz accidentally discovered, could allow an attacker to unlock an Android phone by triggering the SIM PIN reset mechanism,…

Malware & Threats

A Better Way to Resist Identity-Based Cyber Threats

Issued by: Dark Reading

Take a moment to consider how frequently you authenticate your identity online: checking your email, logging in to your bank account, accessing cloud-based productivity tools, booking a flight, paying your taxes. We confirm our identities so many times every day that things like providing personally identifiable information and confirming a login attempt through our smartphones…

Vulnerabilities

Fortinet Patches 6 High-Severity Vulnerabilities

Issued by: Security Week

One of the high-severity issues affects FortiTester and it allows an authenticated attacker to execute commands via specially crafted arguments to existing commands. FortiSIEM is affected by a vulnerability that allows a local attacker with command-line access to perform operations on the Glassfish server directly via a hardcoded password. The remaining high-severity flaws are stored…

Network Security

US Agencies Issue Guidance on Responding to DDoS Attacks

Issued by: Security Week

A type of cyberattack targeting applications or websites, denial-of-service (DoS) attacks aim to exhaust the target system’s resources to render it inaccessible to legitimate users. DDoS attacks may target server vulnerabilities to overload network resources or to consume these resources through the reflection of a high volume of network traffic to the target, or may…

Malware & Threats

Searchlight Security unveils new DarkIQ multi-tenancy feature to expand dark web monitoring

Issued by: Help Net Security

Searchlight Security has announced new multi-tenancy capabilities for DarkIQ, its dark web monitoring solution. DarkIQ utilizes the most comprehensive dark web dataset on the market, and is the only one that includes dark web traffic to and from the organization’s network. DarkIQ’s multi-tenancy feature allows organizations to manage multiple profiles on a single account, making…

Application Security, Software Security

CNC Machines Vulnerable to Hijacking, Data Theft, Damaging Cyberattacks

Issued by: Security Week

Trend Micro is presenting the research this week at SecurityWeek’s 2022 ICS Cyber Security Conference in Atlanta, which can also be joined online via SecurityWeek’s virtual event platform. Registration for the event is still open. CNC machines can be programmed to carry out a wide range of tasks with a high level of efficiency, consistency…

Malware & Threats

New ‘Prestige’ Ransomware Targets Transportation Industry in Ukraine, Poland

Issued by: Security Week

Initially observed last week, the activity surrounding the new malware family, which labels itself Prestige, does not appear to be connected with any of the ransomware or threat groups that Microsoft currently tracks, and is currently referred to as DEV-0960. However, the tech giant warns of potential overlaps with previously observed Russian state-sponsored activity through…