Security News
Olympus, a leading medical technology company, was forced to take down IT systems in the Americas following a cyberattack that hit its network Sunday, October 10, 2021. "Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue," Olympus says in a statement published today, two days after the attack.
Details have emerged about a new cyber espionage campaign directed against the aerospace and telecommunications industries, primarily in the Middle East, with the goal of stealing sensitive information about critical assets, organizations' infrastructure, and technology while remaining in the dark and successfully evading security solutions. "The ShellClient RAT has been under ongoing development since at least 2018, with several iterations that introduced new functionalities, while it evaded antivirus tools and managed to remain undetected and publicly unknown," researchers Tom Fakterman, Daniel Frank, Chen Erlich, and Assaf Dahan said in a technical deep dive published today.
Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools. "While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of the attackers and the high-profile nature of their victims," Kaspersky researchers said.
Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems. Tracked as CVE-2021-26084, the vulnerability concerns an OGNL injection flaw that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Center instance.
Companies are spending more than ever on cybersecurity but, despite a plethora of new security systems, they continue to be vulnerable to attacks, which are not only becoming more numerous but are also taking a greater financial and business toll on organizations. To truly protect themselves, organizations need to get past the belief that the more money they spend, and the more security systems they implement, the better protected they will be.
Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. Open source supply, demand, and security dynamics Supply increased 20%. The top four open source ecosystems now contain a combined 37,451,682 different versions of components.
Millions of devices running the HP Omen Gaming Hub were using on a driver with a bug that could give attackers kernel-mode access without administrator privileges. HP has since released a patch, but a new report on the flaw from researchers from SentinelLabs details how the gaming software was built in part by copying code from a problematic open-source driver called WinRing0.
For CISOs, juggling the vast scale of a tech stack and the attackers using increasingly sophisticated techniques calls for a new approach to security to keep systems, data, and devices safe. We get alerts from our development platforms, the Continuous Integration system, the security monitoring tools, even our watches.
A just-patched, critical remote code-execution vulnerability in the Atlassian Confluence server platform is suffering wide-scale exploitation, the Feds have warned - as evidenced by an attack on the popular Jenkins open-source automation engine. Atlassian Confluence is a collaboration platform where business teams can organize its work in one place: "Dynamic pages give your team a place to create, capture, and collaborate on any project or idea," according to the website.
With COVID-19 variants on the rise, widespread remote work may be sticking around longer than IT leaders would like, which comes with a heightened risk for cyberattacks that could expose customer data, steal company information, or take control of internal operations. Three out of four "Common" data security breaches are caused by privilege misuse - when employees have unrestricted access to a system even when it's not needed to do their job.