cybersecurity

ICS Patch Tuesday: Siemens Ruggedcom Devices Impacted by 45 Fortinet Vulnerabilities 

by

March 12, 2024 at 12:03PM Siemens and Schneider Electric have released their March 2024 Patch Tuesday security advisories. Siemens’ advisories cover 214 vulnerabilities, including critical flaws impacting Fortinet products. Impacted organizations can receive patch information from customer support or apply provided mitigations. Schneider Electric’s advisories describe vulnerabilities in Easergy T200 RTUs and EcoStruxure Power Design … Read more

Over 12 million auth secrets and keys leaked on GitHub in 2023

by

March 12, 2024 at 11:25AM GitGuardian reported that during 2023, 12.8 million sensitive secrets were accidentally exposed in over 3 million public repositories on GitHub, with the majority remaining valid after five days. The exposed secrets included account passwords, API keys, and certificates, posing significant security risks. The leakiest countries included India, the United States, … Read more

J.P. Morgan Growth Leads $39 Million Investment in Eye Security

by

March 12, 2024 at 10:57AM Eye Security, a Hague-based cybersecurity firm, raised €36 million in a Series B funding round, led by J.P. Morgan Growth Equity Partners. The company provides mid-market businesses with enterprise-level cybersecurity products and aims to expand its presence in European markets like Belgium and Germany. Eye Security also helps businesses comply … Read more

How to Identify a Cyber Adversary: Standards of Proof

by

March 12, 2024 at 10:11AM Part one of the article explains cybersecurity attribution, distinguishing between attribution and public disclosure, and discussing standards of proof including intelligence, judicial, and technical standards. Attribution is important for understanding the adversary and defending against future attacks. The article promises to delve into the key methods of attributing events to … Read more

EquiLend Ransomware Attack Leads to Data Breach 

by

March 12, 2024 at 09:51AM EquiLend has notified employees of a data breach resulting from a January 2024 ransomware attack. The company restored client-facing services by February 5 but recently disclosed the breach’s scope to the Massachusetts OCABR. Personal data, including Social Security numbers and payroll information, was compromised. EquiLend is providing impacted individuals with … Read more

CISA’s OT Attack Response Team Understaffed: GAO

by

March 12, 2024 at 09:51AM The US Government Accountability Office conducted a study on CISA’s operational technology (OT) cybersecurity products and found some teams were understaffed. While CISA offers various security products and guidance, the GAO report identified staffing issues impacting incident response and architecture design reviews. CISA is urged to improve workforce planning. SecurityWeek’s … Read more

US, Russia Accuse Each Other of Potential Election Cyberattacks

by

March 12, 2024 at 09:51AM A new annual report from the Office of the Director of National Intelligence outlines cyber threats to US national interests from Russia, China, and Iran, highlighting concerns about disruption to the US elections. The report suggests that China and Russia are threats at a global scale, while Iran remains a … Read more

UK council yanks IT systems and phone lines offline following cyber ambush

by

March 12, 2024 at 07:53AM Leicester City Council’s IT systems and critical service phone lines remain down following a “cyber incident.” The nature of the attack has not been confirmed, although ransomware is suspected. The council aims to restore services by the middle of the week and has set up emergency phone numbers for essential … Read more

The French Government Says It’s Being Targeted by Unusual Intense Cyberattacks

by

March 11, 2024 at 10:45PM The French government reported unprecedented cyberattacks targeting several of its services, prompting the activation of a crisis center to restore online services. While the impact has been reduced, details of the attacks and responsible group, supposedly Anonymous Sudan, are not confirmed. France has been enhancing cyber defenses ahead of the … Read more

White House and lawmakers increase pressure on UnitedHealth to ease providers’ pain

by

March 11, 2024 at 08:09PM The Biden administration and lawmakers are pressuring UnitedHealth Group to help medical providers affected by a ransomware attack on Change Healthcare. The attack caused disruptions and cash flow issues for providers, with the hackers receiving over $22 million in ransom. Lawmakers are calling for stronger cybersecurity standards in the healthcare … Read more