Security News > 2022 > April

A number of the world's largest manufacturing and cybersecurity companies are getting behind a new consortium aimed at protecting industrial systems from threats. The Operational Technology Cybersecurity Coalition is targeting the end-to-end industrial flow for a wide range of manufacturers, including Coca-Cola, Honeywell, and Blackberry in addition to the expected plethora of cybersecurity companies like Fortinet, ABB, and Check Point.

Report: Organizations are better prepared to fight ransomware, but gaps remain. A report released Tuesday by disaster recovery provider Zerto examines how companies that seem prepared for an attack can still be vulnerable.

Report: Organizations better prepared to fight ransomware, but gaps remain. A report released Tuesday by disaster recovery provider Zerto examines how companies that seem prepared for an attack can still be vulnerable.

Fox configuration error leads to 13 million users data becoming public. A configuration error exposed millions of internal records traced back to Fox News, including personally identifiable information on employees, according to researchers.

The RaidForums hacker forum, used mainly for trading and selling stolen databases, has been shut down and its domain seized by U.S. law enforcement during Operation TOURNIQUET, an action coordinated by Europol that involved law enforcement agencies in several countries. According to the DoJ, the marketplace offered for sale more than 10 billion unique records from hundreds of stolen databases that impacted people residing in the U.S. In a separate announcement today, Europol says that RaidForums had more than 500,000 users and "Was considered one of the world's biggest hacking forums".

John Oliver has an excellent segment on data brokers and surveillance capitalism.

A regional U.S. government agency compromised with LockBit ransomware had the threat actor in its network for at least five months before the payload was deployed, security researchers found. According to researchers at cybersecurity company Sophos, the actor accessed the network through open remote desktop ports on a misconfigured firewall and then used Chrome to download the tools needed in the attack.

OpenSSH 9 is here, with updates aimed at dealing with cryptographically challenging quantum computers. A bigger nod to the future has come in the form of the use of the "Hybrid Streamline NTRU Prime + x25519 key exchange method by default."

The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems and a new version of the CaddyWiper data destruction malware. The threat actor used a version of the Industroyer ICS malware customized for the target high-voltage electrical substations and then tried to erase the traces of the attack by executing CaddyWiper and other data-wiping malware families tracked as Orcshred, Soloshred, and Awfulshred for Linux and Solaris systems.

Mobile robot maker Aethon has fixed a series of vulnerabilities in its Tug hospital robots that, if exploited, could allow a cybercriminal to remotely control thousands of medical machines. Cynerio did find "Several" hospitals in the US and globally that were using the internet-connected robots, and in each of these cases the researchers could exploit the vulns to remotely control the robots from the Cynerio Live research lab.