December 5, 2023 at 09:24AM Two years post-discovery, details on 10 unpatched vulnerabilities in Loytec building automation products were made public. Clear Takeaways from Meeting Notes: 1. There are 10 unpatched vulnerabilities that have been found in Loytec building automation products. 2. The details of these vulnerabilities have been publicly disclosed. 3. The disclosure occurred … Read more
December 4, 2023 at 10:07AM Vladimir Dunaev, a Russian citizen, admitted guilt in creating and deploying the TrickBot malware, which resulted in substantial financial losses. Takeaways from the Meeting Notes: 1. Acknowledgment of Guilty Plea: Vladimir Dunaev, a Russian national, has admitted guilt in his association with the TrickBot malware’s development and deployment. 2. Impact … Read more
December 4, 2023 at 06:54AM Cybersecurity experts have uncovered a new version of the P2PInfect botnet targeting routers and IoT devices, now able to infect devices using MIPS architecture. First identified in 2023 exploiting a critical Redis vulnerability, P2PInfect has evolved with evasion tactics and now includes a Windows DLL module, indicating a sophisticated threat … Read more
December 3, 2023 at 11:36PM New Relic disclosed a two-pronged cyber attack that compromised their staging systems using stolen credentials and affected a small number of customer accounts. They’ve rotated passwords, removed API keys, and updated security measures. Ongoing investigations with external experts aim to enhance their security posture. Meeting Takeaways: 1. Incident Details: New … Read more
December 1, 2023 at 09:58PM The FBI, CISA, NSA, EPA, and INCD issued a joint advisory about Iranian IRGC-affiliated cyber actors targeting operational technology, specifically Israeli-made Unitronics PLCs used in critical sectors in the US. Since November 2023, these actors have exploited poor security, primarily default passwords, to deface and potentially disrupt systems. Mitigations include … Read more
December 1, 2023 at 05:34PM Delinea announced new features for its Secret Server to enhance usability and facilitate Privileged Access Management adoption. Improvements include a Web Password Filler, enhanced Connection Manager, and mobile app updates for secure, convenient access to privileged credentials, addressing the balance between risk, security, and productivity. Meeting Takeaways: 1. Delinea has … Read more
December 1, 2023 at 10:07AM Get the latest in cybersecurity: threats, vulnerabilities, breaches, and trends via daily or weekly email updates. Clear takeaways from the meeting notes: 1. Subscribe to updates on cybersecurity to stay informed about the latest threats. 2. Ensure that information about newly discovered vulnerabilities is received regularly. 3. Keep abreast of … Read more
November 29, 2023 at 04:35PM Okta’s October support system breach impacted all customer accounts, far more than the initial 134 reported. Although mostly names and emails were accessed, the risk of phishing is heightened. Okta urges customers to use multi-factor authentication. The scale of the breach was realized after additional analysis and the discovery of … Read more
November 27, 2023 at 06:11AM A man believed to be the leader of the cybercrime gang Killnet, known as “Killmilk,” has allegedly been exposed by Russian state media. Killmilk is known for launching major attacks on targets like US government agencies and hospitals. The FBI’s takedown of the Qakbot botnet has significantly reduced attempted exploits … Read more
November 13, 2023 at 01:32AM The UK’s Royal Mail has been found to have an open redirect flaw on one of its websites, which potentially exposes customers to malware infections and phishing attacks. The vulnerability allows attackers to use the legitimate website to redirect users to malicious sites. The Royal Mail has been notified of … Read more