featured Archives - Page 24 of 75 - Cyber Security Minute

Pipeline Operators Are Headed in the Right Direction, With or Without TSA’s Updated Security Directives

Issued by: Dark Reading

Following the Colonial Pipeline hack — one of the highest-profile attacks against US critical infrastructure to date — in 2021, the Department of Homeland Security’s Transportation Security Administration (TSA) released two unprecedented Security Directives, requiring owners and operators of gas and liquid pipelines to implement strict new protections against cyberattacks. On July 21, the TSA…

Vulnerabilities

Zimbra Credential Theft Vulnerability Exploited in Attacks

Issued by: Security Week

The security hole, tracked as CVE-2022-27924 and described as a Memcache injection issue, allows an unauthenticated attacker to steal cleartext credentials from a targeted Zimbra instance without any user interaction. An attacker can leverage the compromised credentials to access the victim’s emails, from where they could escalate their access within the targeted organization and obtain…

Malware & Threats

Power Electronics Manufacturer Semikron Targeted in Ransomware Attack

Issued by: Security Week

Semikron, which employs 3,000 people across 24 subsidiaries worldwide, makes power modules and systems. Its products are used in motor drives, industrial automation systems, as well as other application areas. In a notice posted on its website on Monday, Semikron said it had been targeted by ‘a professional hacker group’. The company said the incident…

Malware & Threats

Morocco Detains Frenchman Wanted in US Over Cybercrime: Police Source

Issued by: Security Week

Sebastien Raoult was taken in for questioning on May 31 at the Rabat-Sale airport in relation to an Interpol red notice over a cyber-piracy case, the Moroccan police source said, declining to be identified and providing no further details. Interpol red notices ask member countries to provisionally detain people pending possible extradition or other legal…

Malware & Threats

New Cross-Platform ‘Luna’ Ransomware Only Offered to Russian Affiliates

Issued by: Security Week

The ransomware is fairly simple, according to Kaspersky, whose researchers analyzed the malware, but it uses an encryption scheme that’s not typically used by ransomware — a combination of X25519 and AES. Luna is developed in Rust, which makes it easy to port to different platforms, and can also help evade static analysis. “Both the…

Application Security

Facebook gets round tracking privacy measure by encrypting links

Issued by: Malwarebytes

A form of individual tracking specific to your web browser is at the heart of a currently contested privacy battle, and one which Facebook has just got the upper hand to. This type of tracking involves adding additional parameters to the URLs that you click on a daily basis. When you click one of these…

Malware & Threats

FBI: Beware of Scam Cryptocurrency Investment Apps

Issued by: Dark Reading

Would-be cryptocurrency investors are being targeted in a scam that has already stolen more than $42.7 million from 244 victims, according to the latest private industry notification from the Federal Bureau of Investigation. According to the FBI, scammers have used phishing attacks to convince victims to download fake mobile cryptocurrency investment apps impersonating legitimate investment…

Vulnerabilities

The 3 Critical Elements You Need for Vulnerability Management Today

Issued by: Dark Reading

In a world increasingly dependent on technology, software sprawl is growing. Companies use custom-built software, open source software, and products from third-party providers when building applications. Through this software supply chain, the digital attack surface expands. Each software dependency can also open it up to potential attack as bugs are found in all types of…

Network Security

July 2022 Patch Tuesday forecast: A summertime lull?

Issued by: Help Net Security

June 2022 Patch Tuesday wrapped up a few loose ends we were waiting on. The Follina remote code execution vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) was fixed. Internet Explorer came to a quiet end in most versions of the Windows 10 operating system. And finally, the Phase 2 update for CVE-2021-26414, the…

Mobile Security

Apple Debuts Spyware Protection for State-Sponsored Cyberattacks

Issued by: Dark Reading

Apple today announced a new feature called Lockdown Mode that automatically locks down any system functionality that could be hijacked by even the most sophisticated, state-sponsored mercenary spyware to compromise a user device. While Apple acknowledged in its statement announcing the initiative that the number of users who might need Lockdown Mode is small, protecting…