Security News > 2023 > November
Some operations and tasks don’t require painstaking attention to detail. Unfortunately, processing payroll isn’t one of them. With sensitive salary and wage information, bank and direct deposit...
Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage devices. Zyxel NAS systems are used for storing data in a centralized location on the network.
News that Iran-affiliated attackers have taken over a programmable logic controller at a water system facility in Pennsylvania has been followed by a public alert urging other water authorities to immediately secure their own PLCs. "The cyber threat actors likely accessed the affected device-a Unitronics Vision Series PLC with a Human Machine Interface-by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet," the Cybersecurity and Infrastructure Security Agency noted. Finally, CISA says, organizations should back up the logic and configurations on any Unitronics PLCs, so that "In the event of being hit by ransomware", they can quickly reset the devices and restore the configurations.
A new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade detection. The malware was discovered by Promon, whose analysts report that it currently spreads via emails, SMS, and messaging apps targeting banking apps in Indonesia, Thailand, Vietnam, Singapore, and Malaysia.
German company Nitrokey has released NetHSM 1.0, an open-source hardware security module. "Your private keys are kept secure inside the NetHSM, in case of server hacks and the physical compromise of your data center. NetHSM allows you to easily fulfill security compliance requirements," the company says.
The Black Basta ransomware group has reportedly generated upwards of $100 million in revenue since it started operations in April 2022. Black Basta is believed to be a ransomware offshoot of the former Conti group, assembled before its closure in May 2022.
Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious...
Threat actors from the Democratic People's Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around...
Wing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management...
Welcome to a world where Generative AI revolutionizes the field of cybersecurity. Generative AI refers to the use of artificial intelligence (AI) techniques to generate or create new data, such as...