Digitalization initiatives are connecting once-isolated Operational Technology (OT) environments with their Information Technology (IT) counterparts. This digital transformation of the factory floor has accelerated the connection of machinery to digital systems and data. Computer systems for managing and monitoring digital systems and data have been added to the hardware and … [Read more...] about How to Reduce Exposure on the Manufacturing Attack Surface
cyber security news today
Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs
May 17, 2023Ravie LakshmananInternet of Things / Vulnerability The second generation version of Belkin's Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier CVE-2023-27217, was discovered and reported to Belkin on January 9, 2023, by … [Read more...] about Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs
Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems
May 16, 2023Ravie LakshmananEndpoint Security / Cyber Threat A Golang implementation of Cobalt Strike called Geacon is likely to garner the attention of threat actors looking to target Apple macOS systems. The findings come from SentinelOne, which observed an uptick in the number of Geacon payloads appearing on VirusTotal in recent months. "While some of these are likely … [Read more...] about Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems
Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign
May 15, 2023Ravie LakshmananCyber Threat / Malware Government, aviation, education, and telecom sectors located in South and Southeast Asia have come under the radar of a new hacking group as part of a highly-targeted campaign that commenced in mid-2022 and continued into the first quarter of 2023. Symantec, by Broadcom Software, is tracking the activity under its … [Read more...] about Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign
New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages
May 13, 2023Ravie Lakshmanan A new phishing-as-a-service (PhaaS or PaaS) platform named Greatness has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks. "Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates … [Read more...] about New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages
XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks
May 12, 2023Ravie LakshmananCyber Threat / Malware Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems. Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare … [Read more...] about XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks
Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability
May 12, 2023Ravie LakshmananVulnerability / Ransomware U.S. cybersecurity and intelligence agencies have warned of attacks carried out by a threat actor known as the Bl00dy Ransomware Gang that attempt to exploit vulnerable PaperCut servers against the education facilities sector in the country. The attacks took place in early May 2023, the Federal Bureau of Investigation … [Read more...] about Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability
How Attack Surface Management Supports Continuous Threat Exposure Management
May 11, 2023The Hacker News According to Forrester, External Attack Surface Management (EASM) emerged as a market category in 2021 and gained popularity in 2022. In a different report, Gartner concluded that vulnerability management vendors are expanding their offerings to include Attack Surface Management (ASM) for a suite of comprehensive offensive security … [Read more...] about How Attack Surface Management Supports Continuous Threat Exposure Management
Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison
May 10, 2023Ravie LakshmananCyber Crime / Social Media A U.K. national has pleaded guilty in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform. Joseph James O'Connor, who also went by the online alias PlugwalkJoe, admitted to "his role in cyberstalking and multiple schemes that involve computer … [Read more...] about Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison
Researchers Uncover SideWinder’s Latest Server-Based Polymorphism Technique
May 09, 2023Ravie LakshmananAdvanced Persistent Threat The advanced persistent threat (APT) actor known as SideWinder has been accused of deploying a backdoor in attacks directed against Pakistan government organizations as part of a campaign that commenced in late November 2022. "In this campaign, the SideWinder advanced persistent threat (APT) group used a server-based … [Read more...] about Researchers Uncover SideWinder’s Latest Server-Based Polymorphism Technique