Security News

Several serious vulnerabilities discovered in a widely used pneumatic tube system made by Swisslog Healthcare can be highly useful for ransomware attacks aimed at hospitals, according to enterprise IoT security firm Armis. Armis researchers discovered 8 types of vulnerabilities in the TransLogic pneumatic tube system made by Swisslog Healthcare, which specializes in automation and transport solutions for hospitals and pharmacies.

A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor." The campaign - dubbed "MeteorExpress" - has not been linked to any previously identified threat group or to additional attacks, making it the first incident involving the deployment of this malware, according to researchers from Iranian antivirus firm Amn Pardaz and SentinelOne.

Following cryptic reports of a malware attack that paralyzed the Iranian train system on July 9, SentinelOne threat hunters reconstructed the attack chain and discovered a destructive wiper component that could be used to scrub data from infected systems. In a research paper, SentinelOne threat hunter Juan Andres Guerrero-Saade said the never-before-seen wiper was developed in the past three years and appears designed for reuse in multiple campaigns.

President Joe Biden warned that cyberattacks leading to severe security breaches could lead to a "Real shooting war" with another major world power. "You know, we've seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and disruption to the real world," Biden said during a speech at the National Counterterrorism Center of the Office of the Director of National Intelligence.

A cyberattack that crippled the computer systems of a hospital network affecting six hospitals in Vermont and New York last fall happened after an employee opened a personal email on a company laptop while on vacation, a University of Vermont Health Network official said Tuesday. The email was from legitimate local business that had been hacked, Doug Gentile, network chief medical information officer told The Associated Press.

One key way that cybercriminals compromise organizations and users is by exploiting known security vulnerabilities. Of course, one key way that organizations can protect themselves is by patching known security vulnerabilities.

Kubernetes clusters are being attacked via misconfigured Argo Workflows instances, security researchers are warning. Argo Workflows is an open-source, container-native workflow engine for orchestrating parallel jobs on Kubernetes - to speed up processing time for compute-intensive jobs like machine learning and big-data processing.

Stellar Cyber introduced a realistic XDR Kill Chain to serve as a new model, addressing the current realities of cyberattacks and focus efforts to stop an attack early and quickly. The XDR Kill Chain serves as a blueprint for "Killing" or stopping an attack, rather than just as model to portray single-dimensional attack progression.

More details on the cyberattack on Iran's railroad system emerged over the weekend. According to Iran International, "The number might belong either to the office of President Hassan Rouhani or Supreme Leader Ali Khamenei. It is not clear if hackers have posted the information or the authorities." It would be reasonable to assume that the attack was at least partly designed to embarrass the incoming new hardline president, Ebrahim Raisi, before he takes over from the moderate Hassan Rouhani next month.

Virginia Tech says it was targeted in two recent cyberattacks but feels confident no data was stolen. Virginia Tech spokesman Mark Owczarski told the Roanoke Times Friday a few university units used Kaseya, a U.S. software company exploited in early July in a massive ransomware attack that snarled businesses around the world.