Security News > 2023 > February

Three vulnerabilities found in a variety of Korenix JetWave industrial access points and LTE cellular gateways may allow attackers to either disrupt their operation or to use them as a foothold for further attacks, CyberDanube researchers have found. "If such a device is acting as key device in an industrial network, or controls various critical equipment via serial ports, more extensive damage in the corresponding network can be done by an attacker," the researchers noted.

In brief The notorious LockBit ransomware gang has taken credit for an attack on the Royal Mail - but a deadline it gave for payment has come and gone with nothing exposed to the web except the group's claims. LockBit even published a page bragging of an attack against fintech firm ION without directly acknowledging the Royal Mail attack earlier this week - though that's now changed, according to Reuters.

A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal information or sharing their crypto wallet's secret recovery phrase. The emails look like they were sent by Namecheap, prompting recipients to complain to the company, which then started an investigation and soon after reacted by stopping all the emails.

Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems.Pepsi Bottling Ventures is the largest bottler of Pepsi-Cola beverages in the United States, responsible for manufacturing, selling, and distributing popular consumer brands.

CryPLH is a low-interactive and virtual Smart-Grid ICS honeypot simulating Siemens Simatic 300 PLC devices. With the development of cybersecurity technology, deception has been applied in various circumstances like the web, databases, mobile apps, and IoT. Deception technology has been embodied in some ICS honeypot applications in the OT field.

Now, as for the job itself, Steve was in the "Salesman support/office/data processing section." The computer system in use at the time was an IBM system 3, with tub files of 96-hole punch cards for sales order processing, inventory management, and reporting. Steve tells us "The punch cards were kept with the sales orders until order completion/delivery, or pickup, with some orders awaiting on-order inventory for later pickup."

The advanced persistent threat actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees.

A previously unknown threat actor has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information. The attachments range from macro-laced Microsoft Publisher files to PDFs with URLs pointing to JavaScript files.

The US Department of Commerce added six more entities to its blacklist on Friday on grounds of national security after an errant Chinese surveillance balloon was shot down over the US last week. According to White House press secretary Karine Jean-Pierre, the balloon followed a flight path, and the US did not give any credence to the Chinese argument that the balloon veered off course.

While zero trust can be an effective approach to security, it can also present some challenges, particularly when it comes to implementing it for software as a service due to the fast pace of its adoption, distributed ownership of SaaS applications across organizations, and the shared responsibility model between a SaaS vendor and a customer. The traditional approach to SaaS security challenges has been to use a cloud access security broker and/or identity provider to manage access to SaaS applications.