Security News
Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors. "The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure victims into downloading a malicious file," Morphisec said in a report shared with The Hacker News.
A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology environments."Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks," Israeli industrial cybersecurity company Otorio said.
Protecting CNI is a difficult task, thanks to a combination of a lack of skilled professionals, legacy systems and a lack of security investment that leaves them open to attack. While one would assume that these systems should run the latest and greatest security measures, due to their sensitive nature, many of these systems operate on legacy machines that can't be reset and can't be patched.
Utility infrastructure is in dire need of modernization. Integrating real-time data analytics into the decision-making process is one way to kick start modernization efforts, yet nearly one in five utilities are not making use of the tools they have due to security and data privacy concerns, according to Itron's 2022 Resourcefulness Report.
Europol supported the German, Dutch and US authorities in taking down the infrastructure of the prolific HIVE ransomware.In the last year, HIVE ransomware has been identified as a major threat as it has been used to compromise and encrypt the data and computer systems of large IT and oil multinationals in the EU and the USA. Since June 2021, over 1 500 companies from over 80 countries worldwide have fallen victim to HIVE associates and lost almost EUR 100 million in ransom payments.
The infrastructure associated with the Hive ransomware-as-a-service operation has been seized as part of a coordinated law enforcement effort involving 13 countries. "Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying the cybercriminals," Europol said in a statement.
The sheer volume of reported ICS vulnerabilities and CVEs may cause critical infrastructure asset owners to feel overwhelmed, or need help knowing where to begin, according to SynSaber. There is a deluge of vulnerability disclosures in industrial control systems, often creating anxiety as the security community attempts to patch or remediate each point of exposure - an impossible feat," said Ron Fabela, CTO of SynSaber.
The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers correspond to a variant of a commodity malware called ANDROMEDA that was uploaded to VirusTotal in 2013.
A Rust variant of a ransomware strain known as Agenda has been observed in the wild, making it the latest malware to adopt the cross-platform programming language after BlackCat, Hive, Luna, and RansomExx. A previous version of the ransomware, written in Go and customized for each victim, singled out healthcare and education sectors in countries like Indonesia, Saudi Arabia, South Africa, and Thailand.
Wazuh is a free and open source SIEM and XDR platform. The Wazuh central components analyze security data from endpoints in your infrastructure.