Security News

A new ransomware group named 'RA Group' is targeting pharmaceutical, insurance, wealth management, and manufacturing firms in the United States and South Korea. The new ransomware operation started in April 2023, when they launched a data leak site on the dark web to publish victims' details and stolen data, engaging in the typical 'double-extortion' tactic used by most ransomware gangs.

Three vulnerabilities in Advantech's EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level. Serial device servers are networking devices that "Network-enable" serial devices in an industrial automation environment.

Black Hat Asia Arm issued a statement last Friday declaring that a successful side attack on its TrustZone-enabled Cortex-M based systems was "Not a failure of the protection offered by the architecture." "The Security Extensions for the Armv8-M architecture do not claim to protect against side-channel attacks due to control flow or memory access patterns. Indeed, such attacks are not specific to the Armv8-M architecture; they may apply to any code with secret-dependent control flow or memory access patterns," argued Arm.

If a miscreant carefully crafted a mail with that sound path set to a remote SMB server, when Outlook fetched and processed the message, and automatically followed the path to the file server, it would hand over the user's Net-NTLMv2 hash in an attempt to log in. The patch from a couple of months ago made Outlook use the Windows function MapUrlToZone to inspect where a notification sound path was really pointing, and if it was out to the internet, it would be ignored and the default sound would play.

Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems. Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare clinics located in Germany.

The FBI and CISA issued a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks. "In early May 2023, according to FBI information, the Bl00dy Ransomware Gang gained access to victim networks across the Education Facilities Subsector where PaperCut servers vulnerable to CVE-2023-27350 were exposed to the internet," reads the security advisory.

As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution. "Successful exploits could allow attackers to monitor users' internet activity, hijack internet connections, and redirect traffic to malicious websites or inject malware into network traffic," Claroty security researcher Uri Katz said in a report.

Swiss multinational company ABB, a leading electrification and automation technology provider, has suffered a Black Basta ransomware attack, reportedly impacting business operations.On May 7th, the company fell victim to a ransomware attack conducted by Black Basta, a cybercrime group that surfaced in April 2022.

In a different report, Gartner concluded that vulnerability management vendors are expanding their offerings to include Attack Surface Management for a suite of comprehensive offensive security solutions. EASM is distinct from similar market categories, such as cyber attack surface management or security risk rating services, but the differences are nuanced.

A ransomware group has tried and failed to extort money from Dragos, the industrial cybersecurity firm has confirmed on Wednesday, and reassured that none of its systems or its Dragos Platform had been breached. "The criminal group gained access by compromising the personal email address of a new sales employee prior to their start date, and subsequently used their personal information to impersonate the Dragos employee and accomplish initial steps in the employee onboarding process. The group accessed resources a new sales employee typically uses in SharePoint and the Dragos contract management system. In one instance, a report with IP addresses associated with a customer was accessed, and we've reached out to the customer," the company explained.