Security News

A cyberattack on Bridgestone Americas, one of the largest manufacturers of tires in the world, has been claimed by the LockBit ransomware gang. No details about the incident emerged until today when the LockBit ransomware gang claimed the attack by adding Bridgestone Americas to the list of their victims.

On November 2, 2021, the House of Representatives passed two bills with the goal of strengthening the cybersecurity of small businesses in America. The first bill, the Small Business Administration Cyber Awareness Act, was unanimously approved to expand cybersecurity operations at the SBA. The bill requires the Small Business Administration to issue a report assessing the agency's ability to combat cyber threats within six months of passage.

US-sanctioned Positive Technologies has pointed out three vulnerabilities in Zoom that can be exploited to crash or hijack on-prem instances of the videoconferencing system. One of the trio of bugs is an input validation flaw, which can be abused by a malicious Zoom portal administrator to inject and execute arbitrary commands on the machine hosting the software.

China Telecom Americas is the largest foreign subsidiary of China Telecom Corporation, China's state-owned telecom company. "Indeed, the FCC's own review found that China Telecom Americas poses significant national security concerns due to its control and ownership by the Chinese government, including its susceptibility to complying with communist China's intelligence and cybersecurity laws that are contrary to the interests of the United States."

BEC scams use various tactics to compromise or impersonate business email accounts with the end goal of redirecting pending or future payments to bank accounts under a threat actor's control. One of the case examples in the indictment document seen by Bleeping Computer, mentions a single transaction of $356,954, sent by a victim in Boston to what they thought was the bank account of their business partner.

A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans and geolocation filtering to avoid detection, according to new research. Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat tracked as APT-C-36, a suspected South America espionage group that has been active since at least 2018 and previously known for setting its sights on Colombian government institutions and corporations spanning financial, petroleum, and manufacturing sectors.

SafetyPay is a payments platform that enables eCommerce transactions via an unrivalled choice of open banking and eCash solutions, operating primarily in Latin America. Together the two acquisitions set Paysafe up to be the leading open banking and eCash solutions provider in Latin America, one of the world's fastest-growing online markets.

The United States' Cybersecurity and Infrastructure Security Agency has announced the "Standup" of a body called the "Joint Cyber Defense Collaborative" that it hopes will spark ideas for new and improved national responses against electronic threats. The aim of the effort is to get the private sector working alongside government agencies, so they can develop and implement better cyber security plans than are currently in operation.

Pneumatic tube system stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively referred to as PwnedPiper. PTS solutions are part of a hospital's critical infrastructure as they are used to quickly deliver items like blood, tissue, lab samples, or medication to where they're needed.

Huawei has decided to school America on cyber-security, and its lesson is to co-operate with China so its vendors - including Huawei - can be trusted around the world. Purdy, a former White House adviser on cyber security, makes some decent points - especially when pointing out that the Executive Order is only binding on federal agencies and their private sector suppliers.