Security News > 2024 > July

Microsoft has identified two critical vulnerabilities in Rockwell Automation's PanelView Plus, enabling remote, unauthenticated attackers to execute arbitrary code and cause a denial-of-service (DoS). Researcher Yuval Gordon explained that the remote code execution flaw exploits custom classes to upload malicious DLLs, while the DoS vulnerability sends unmanageable crafted buffers, crashing the system.The vulnerabilities, CVE-2023-2071 and CVE-2023-29464, with CVSS scores of 9.8 and 8.2, respectively, involve improper input validation. CVE-2023-2071 affects FactoryTalk View Machine Edition versions 13.0, 12.0, and earlier, allowing remote code execution. CVE-2023-29464 impacts FactoryTalk Linx versions 6.30, 6.20, and earlier, enabling data reading from memory and DoS through oversized packets.

Europol just announced that a week-long operation at the end of June dropped nearly 600 IP addresses that supported illegal copies of Cobalt Strike. "Used as a foothold, it has proven to be highly effective at providing a persistent backdoor to victims, facilitating intrusions of all forms. This disruption is to be welcomed, removing Cobalt Strike infrastructure used by criminals is always a good thing."

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users' personal data to train the company's artificial intelligence...

Brain Cipher, the group responsible for hacking into Indonesia's Temporary National Data Center and disrupting the country's services, has seemingly apologized for its actions and released an encryption key to the government. The cyber criminals had demanded a ransom of 131 billion Rupiah to release data it ransomwared June 20, but the Indonesian government refused to pay up.

What are the key components of an effective security incident response strategy? An effective security incident response strategy includes four key components that work together to ensure a rapid and effective response to cybersecurity issues.

A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the...

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The development comes days after an online persona named ShinyHunters published on BreachForums a database comprising 33 million phone numbers allegedly pulled from Authy accounts.

Web applications and APIs allow ecommerce sites to accept payments, healthcare systems to securely share patient data, and power activities we do on our phones. "Web applications are rarely built with security in mind. Yet, we use them daily for all sorts of critical functions, making them a rich target for hackers," said Matthew Prince, CEO at Cloudflare.

In assessing the results, only 13% of respondents were categorized as cyber mature. Cyber mature organizations, those that have deployed at least four of the five resiliency markers, recovered 41% faster than respondents with only zero or one marker.

Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. The investigation revealed that the partner had been compromised by hackers who leveraged the hijacked account to gain unauthorized access to HealthEquity's systems and, later, exfiltrate sensitive health data.