Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’

November 22, 2024 at 02:34PM Russian state hackers APT28 breached a U.S. company by executing a “nearest neighbor attack” via its enterprise WiFi, compromising nearby organizations first. Discovered on February 4, 2022, the incident involved credential theft and sophisticated lateral movement within the target network. Enhanced WiFi security is necessary to mitigate such risks. ### … Read more

CISA says BianLian ransomware now focuses only on data theft

November 21, 2024 at 01:39PM The BianLian ransomware group has transitioned to primarily data theft extortion techniques, as noted in a U.S. and Australian advisory. Since January 2024, they focus exclusively on this method, employing new tactics like exploiting Windows vulnerabilities and using RDP for access. Recent attacks include breaches of notable organizations. ### Meeting … Read more

Security plugin flaw in millions of WordPress sites gives admin access

November 17, 2024 at 11:37AM A critical vulnerability (CVE-2024-10924) in the ‘Really Simple Security’ WordPress plugin allows unauthorized access due to improper user authentication handling. Wordfence warns it enables mass exploitation, urging forced updates. The flaw affects versions 9.0.0 to 9.1.1.1, with a fix released in version 9.1.2. Users must manually update to avoid risks. … Read more

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

November 16, 2024 at 03:48AM Palo Alto Networks has identified a critical zero-day vulnerability in its PAN-OS firewall, allowing unauthenticated remote command execution. Exploited in the wild, this flaw has a CVSS score of 9.3 and could enable persistent access via a web shell. Immediate action is advised until patches are available. ### Meeting Takeaways … Read more

D-Link won’t fix critical bug in 60,000 exposed EoL modems

November 12, 2024 at 03:34PM D-Link routers, specifically the DSL6740C model, face critical vulnerabilities that allow remote attackers to take control, including password changes. D-Link will not address these issues, urging users to replace end-of-life devices. Several other high-severity vulnerabilities have also been identified, affecting around 60,000 exposed modems, primarily in Taiwan. ### Meeting Takeaways: … Read more

Cisco Patches Critical Vulnerability in Industrial Networking Solution

November 7, 2024 at 07:30AM Cisco has patched a critical vulnerability in its Unified Industrial Wireless software that could enable remote, unauthenticated attackers to execute commands with root privileges. The issue poses significant security risks to the affected systems. **Meeting Notes Takeaways:** – A critical vulnerability has been identified in Cisco Unified Industrial Wireless software. … Read more

Android Botnet ‘ToxicPanda’ Bashes Banks Across Europe, Latin America

November 5, 2024 at 04:20PM Researchers have identified a new banking botnet named ToxicPanda, linked to Chinese-speaking threat actors, which targets over 1,500 devices across various countries. This malware exploits Android vulnerabilities for money transfers, undermining multifactor authentication. Cleafy emphasizes the necessity for improved security measures and real-time detection to counter such threats. ### Meeting … Read more

Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes

October 28, 2024 at 07:26AM Operational Technology (OT) security is crucial for marine vessels and port operators, as digitalization leads to new security challenges. SSH’s PrivX OT Edition addresses these issues by providing secure, centralized remote access management for critical systems, enhancing safety, compliance, and operational efficiency while mitigating cyber risks across the maritime industry. … Read more

Black Basta ransomware poses as IT support on Microsoft Teams to breach networks

October 25, 2024 at 05:12PM Black Basta ransomware has shifted its social engineering tactics to Microsoft Teams, impersonating IT help desks to exploit employees. After inundating inboxes with emails, attackers contact users directly via Teams. Their goal is to trick employees into installing remote access tools, risking corporate networks. Organizations are advised to restrict external … Read more

Black Basta poses as IT support on Microsoft Teams to breach networks

October 25, 2024 at 04:57PM Black Basta ransomware is evolving, using Microsoft Teams for social engineering attacks by impersonating IT help desk personnel. Attackers overwhelm employees’ inboxes, then contact them via Teams to gain remote access and install malicious payloads, ultimately deploying ransomware. Organizations are advised to restrict external communication in Teams and enable logging. … Read more