#cyberthreat

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

by

December 1, 2023 at 09:58PM The FBI, CISA, NSA, EPA, and INCD issued a joint advisory about Iranian IRGC-affiliated cyber actors targeting operational technology, specifically Israeli-made Unitronics PLCs used in critical sectors in the US. Since November 2023, these actors have exploited poor security, primarily default passwords, to deface and potentially disrupt systems. Mitigations include … Read more

Zyxel warns of multiple critical vulnerabilities in NAS devices

by

November 30, 2023 at 10:17AM Zyxel has patched critical security vulnerabilities in its NAS devices that risked unauthorized command execution and data compromise. Users of NAS326 and NAS542 models must update their firmware to versions V5.21(AAZF.15)C0 and V5.21(ABAG.12)C0 or later, respectively, as there are no alternative mitigations. **Takeaways from Meeting Notes:** 1. **Issue Identification:** Zyxel … Read more

DJVU Ransomware’s Latest Variant ‘Xaro’ Disguised as Cracked Software

by

November 29, 2023 at 01:06AM A new ransomware called Xaro, derived from the DJVU/STOP strain, has been spreading through disguised cracked software. It encrypts files and steals information, demanding $980 in ransom. The malware also installs additional payloads like stealer and loader programs, aiming for double extortion and increased attack success rates. Cybersecurity experts warn … Read more

Toyota confirms breach after Medusa ransomware threatens to leak data

by

November 16, 2023 at 02:04PM Toyota Financial Services (TFS) has experienced unauthorized access on some of its systems in Europe and Africa as a result of a ransomware attack by the Medusa gang. The hackers are demanding an $8 million ransom and have threatened to leak stolen data if it is not paid. TFS has … Read more

New Ransomware Group Emerges with Hive’s Source Code and Infrastructure

by

November 13, 2023 at 07:48AM Hunters International, a new ransomware group, has acquired the source code and infrastructure from the now-dismantled Hive operation to jumpstart its own efforts. Despite similarities, Hunters International claims to have purchased the Hive source code and website. The group focuses on data exfiltration rather than encryption, targeting victims for data … Read more

Iran-Linked Imperial Kitten Cyber Group Targeting Middle East’s Tech Sectors

by

November 10, 2023 at 03:21AM A group with links to Iran, known as Imperial Kitten, targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023. They utilize social engineering and various techniques such as watering hole attacks, one-day exploits, phishing, and targeting IT service providers for initial access. Microsoft notes … Read more

FBI Director Warns of Increased Iranian Attacks

by

November 1, 2023 at 01:05PM FBI Director Christopher Wray warns of increased cyberattack threat to the US due to ongoing conflict in the Middle East. He mentions attacks on US military bases by Iranian-backed militia groups and predicts more physical and cyberattacks. Despite the threats, Wray assures that the FBI is staying ahead, having disrupted … Read more

Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection

by

November 1, 2023 at 03:49AM Turla, a Russia-linked hacking group, is using an updated version of a backdoor called Kazuar that emphasizes stealth and evasion techniques, according to Palo Alto Networks Unit 42. Kazuar, a .NET-based implant first discovered in 2017, has been improved by the threat actor behind the operation to enhance their attack … Read more

Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks

by

October 26, 2023 at 04:48AM The Iranian threat actor Tortoiseshell is responsible for a new series of watering hole attacks. They use a malware called IMAPLoader, which acts as a downloader for additional payloads. The attacks target various sectors, including maritime, shipping, logistics, and nuclear industries. Tortoiseshell has a history of strategic website compromises and … Read more

Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability

by

October 25, 2023 at 07:03AM VMware has released security updates to fix a critical flaw in the vCenter Server that could allow remote code execution. The vulnerability, tracked as CVE-2023-34048, is an out-of-bounds write issue in the DCE/RPC protocol. The company has urged users to apply the patches without delay as there are no workarounds … Read more