Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing

October 2, 2024 at 04:46PM Critical security vulnerabilities with severity scores of 9.3 have been discovered in Optigo’s Spectra Aggregation Switch, potentially allowing remote attackers to inject malware into the OT network management switches running version 1.3.7 and earlier. No patches are available, and the manufacturer has issued workarounds to mitigate the vulnerabilities. The US … Read more

If you’re holding important data, Iran is probably trying spearphish it

September 30, 2024 at 09:37AM US and UK security agencies are warning about ongoing Iranian spearphishing campaigns targeting high-value individuals, including government officials and journalists. The attackers use social engineering to harvest credentials and access sensitive data. The advisory provides indicators of compromise and urges vigilance against unsolicited offers. Recent indictments also highlight Iranian cyber … Read more

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks

September 5, 2024 at 12:58AM Cisco has issued security updates to address critical flaws in its Smart Licensing Utility and Identity Services Engine (ISE). Affecting versions 2.0.0, 2.1.0, and 2.2.0, the flaws could enable unauthenticated, remote attackers to elevate privileges or access sensitive information. Additionally, a command injection vulnerability in ISE versions 3.2 and 3.3 … Read more

FBI: BlackSuit ransomware made over $500 million in ransom demands

August 7, 2024 at 06:27PM CISA and the FBI confirmed that the Royal ransomware rebranded to BlackSuit, demanding over $500 million from victims since September 2022. The joint advisory details the gang’s evolution, attack tactics, and linked organizations. Notably, the BlackSuit gang caused a widespread IT outage at CDK Global, affecting over 15,000 car dealerships. … Read more

US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks

July 25, 2024 at 01:19PM The U.S. State Department is offering a $10 million reward for information on North Korean military hacker Rim Jong Hyok, linked to Andariel hacking group. Hyok faces charges of computer hacking and money laundering and is tied to ransomware attacks on U.S. healthcare and defense organizations. This group is an … Read more

Chinese Threat Group APT40 Exploits N-Day Vulns at Rapid Pace

July 9, 2024 at 01:12PM Chinese state-sponsored actor APT40 swiftly targets and exploits newly discovered software vulnerabilities. Jointly advised by US, Australia, UK, Canada, and more, they employ techniques similar to other Chinese state-sponsored actors, prioritizing public-facing infrastructure exploitation. APT40 conducts extensive reconnaissance and continues to evolve its tactics, necessitating prompt patching by security teams … Read more

PTC License Server Bug Needs Immediate Patch Against Critical Flaw

July 2, 2024 at 02:54PM CISA and PTC reported a critical flaw in an industrial computer-aided design software server (CVE-2024-6071), exposing systems to unauthorized remote access. A patch has been issued for affected Creo Elements/Direct License Servers, urging immediate update. PTC stated no evidence of exploitation in the wild and emphasized no impact on the … Read more

Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

May 31, 2024 at 10:30AM Microsoft stresses the critical need to secure internet-exposed operational technology (OT) devices as cyber attacks continue to target such environments. The company warns that OT systems lack adequate security, making them vulnerable to exploitation and attacks. To mitigate these risks, organizations are urged to implement security measures and reduce the … Read more

Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE

May 8, 2024 at 12:44PM A use-after-free flaw in the open-source Tinyproxy (versions 1.11.1 and 1.10.0) allows attackers to trigger memory corruption, potentially leading to denial-of-service (DoS) and remote code execution (RCE) via a specially crafted HTTP Connection header. The flaw is rated 9.8 out of 10 in severity. While no known exploitation exists, more … Read more

NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources

May 3, 2024 at 05:45AM The U.S. government issued a cybersecurity advisory about North Korean threat actors using spear-phishing campaigns to gather intelligence. They exploit weak DMARC policies to send spoofed emails, targeting foreign policy experts. The group, known as Kimsuky, engages targets in prolonged, benign conversations to build trust and uses fake email addresses … Read more