SHI International, a New Jersey-based provider of Information Technology products and services, has confirmed that a malware attack hit its network over the weekend. "Over the Fourth of July holiday weekend, SHI was the target of a coordinated and professional malware attack," SHI said in a statement.
The Department of Commerce's National Institute of Standards and Technology has chosen four encryption algorithms that are designed to withstand the hacking of a future quantum computer and protect digital information. NIST said all four of the algorithms were created by experts collaborating from multiple countries and institutions.
What's the biggest threat to your business? Ransomware? A natural disaster? A critical infrastructure failure? That means understanding and protecting the data and applications your business relies on, including their complex interdependencies, as well as ensuring they're protected - and that your backups are protected too.
The FBI, CISA, and the U.S. Treasury Department issued today a joint advisory warning of North-Korean-backed threat actors using Maui ransomware in attacks against Healthcare and Public Health organizations. Starting in May 2021, the FBI has responded to and detected multiple Maui ransomware attacks impacting HPH Sector orgs across the U.S. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services-including electronic health records services, diagnostics services, imaging services, and intranet services," the federal agencies revealed.
The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios. The issue, now assigned the identifier CVE-2022-2274, has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4 released on June 21, 2022.
Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit "Designed to avoid detection by endpoint detection and response and antivirus capabilities."
51% of industrial organizations believe that the number of cyber attacks on smart factories is likely to increase over the next 12 months, according to the Capgemini Research Institute. "The benefits of digital transformation make manufacturers want to invest heavily in smart factories, but efforts could be undone in the blink of an eye if cybersecurity is not baked-in from the offset. The increased attack surface area and number of operational technology and Industrial Internet of Things devices make smart factories a prominent target for cyber criminals. Unless this is made a board-level priority, it will be difficult for organizations to overcome these challenges, educate their employees and vendors, and streamline communication between cybersecurity teams and the C-suite," said Geert van der Linden, Cybersecurity Business Lead at Capgemini.
"People have become the primary attack vector for cyber-attackers around the world," said Lance Spitzner, SANS Security Awareness Director. "Awareness programs enable security teams to effectively manage their human risk by changing how people think about cybersecurity and help them exhibit secure behaviors, from the Board of Directors on down," said Spitzner.