Security News > 2023 > May

Swiss tech multinational and U.S. government contractor ABB has confirmed that some of its systems were impacted by a ransomware attack, previously described by the company as "An IT security incident.""ABB has determined that an unauthorized third-party accessed certain ABB systems, deployed a type of ransomware that is not self-propagating, and exfiltrated certain data," the company said in a press release.

A new security flaw has been disclosed in the Google Cloud Platform's Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition to customer data," Israeli cloud security firm Dig said.

Emby says it remotely shut down an undisclosed number of user-hosted media server instances that were recently hacked by exploiting a previously known vulnerability and an insecure admin account configuration. To trick the servers into granting them access and gain admin servers to the vulnerable servers even though they were attempting to log in from outside the LAN, the threat actors exploited a flaw described by Emby as a "Proxy header vulnerability," known since at least February 2020 and recently patched in the beta channel.

Firefox users have been complaining about very intrusive full-screen advertisements promoting Mozilla VPN displayed in the web browser when navigating an unrelated page. The ads popping in Firefox disable the web browser's functionality, denying users access to the interface and graying out everything in the background until they close them.

GitLab announced on Monday the new GitLab 16 platform, an upgraded and comprehensive AI-driven DevSecOps solution. GitLab 16 includes more than 55 improvements and new features.

The city of Augusta in Georgia, U.S., has confirmed that the most recent IT system outage was caused by unauthorized access to its network.The administration has not disclosed the nature of the cyberattack but the BlackByte ransomware gang has published the City of Augusta as one of its victims.

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa. "A deep dive into both spyware components indicates that Alien is more than just a loader for Predator and actively sets up the low-level capabilities needed for Predator to spy on its victims," Cisco Talos said in a technical report.

5G encompasses robust security features that guarantee confidentiality, integrity, and availability of network services and user data. Essential 5G security methods and technologies include encryption, privacy protection, authentication and authorization, network slicing, and network equipment security assurance.

Cyberspace operations now officially has a physical dimension, meaning that the United States has official military doctrine about cyberattacks that also involve an actual human gaining physical access to a piece of computing infrastructure. A revised version of Joint Publication 3-12 Cyberspace Operations-published in December 2022 and while unclassified, is only available to those with DoD common access cards, according to a Joint Staff spokesperson-officially provides a definition for "Expeditionary cyberspace operations," which are "[c]yberspace operations that require the deployment of cyberspace forces within the physical domains.

Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, adding it was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. "The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 devices, such as remote terminal units, that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia," the company said.