Security News

A critical vulnerability affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned.Patches are available and VMware recommends upgrading to VMware Aria Automation 8.16.

A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains. Microsoft security researcher Igal Lytzki spotted the attacks delivered over hijacked email threads last summer but couldn't retrieve the final payload. In September, AT&T's Alien Labs team of researchers noticed "a spike in phishing emails, targeting specific individuals in certain companies" and started to investigate.

The National Grid is reportedly the latest organization in the UK to begin pulling China-manufactured equipment from its network over cybersecurity fears. The contract with the UK subsidiary of China's state-owned Nari Technology, NR Electric UK, was terminated after seeking advice from the National Cyber Security Centre, according to sources who spoke to the Financial Times.

We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader malware. More ransomware actors switched to extortion rather than encryption, while commodity loaders evolved to be stealthier and highly effective, although new major security improvements have seen the day in 2023, such as Microsoft Office disabling macros by default.

A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. The flaws discovered by Forescout Vedere Labs affect Sierra Wireless AirLink cellular routers and open-source components like TinyXML and OpenNDS. AirLink routers are highly regarded in the field of industrial and mission-critical applications due to high-performance 3G/4G/5G and WiFi and multi-network connectivity.

Network security is both the top challenge and the top investment priority for enterprise IT leaders, according to ISG. Network security challenges. 60% of respondents to the ISG survey on network modernization ranked network security among their top five challenges, with 21% ranking it highest.

The Cybersecurity and Infrastructure Security Agency has announced a pilot program that aims to offer cybersecurity services to critical infrastructure entities as they have become a common target in cyberattacks. "In alignment with CISA's 'Target Rich, Resource Poor' strategy, our teams are working with critical infrastructure entities in the healthcare, water, and K-12 education sectors in our first phase of deployment. This year, we plan to deliver services to up to 100 entities," said Eric Goldstein, CISA's Executive Assistant Director for Cybersecurity.

Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation...

"Our research found that there's much room for improvement in how global organizations can protect and manage their entire attack surface. It's not a question of if, but when, an attack will occur - especially against critical infrastructure that society so heavily relies upon." Employees increasingly are using their own assets in business environments, with clear gaps in the enforcement of BYOD policies: 22% of respondents report having an official BYOD policy that is not enforced across all employees, 23% say they either have guidelines that employees are encouraged to follow or admit they don't have any policies or guidelines around BYOD. Organizations, on average, can only account for around 60% of their assets when it comes to knowing things like asset location or the support status of these assets.

The latest warning to CNI operators of what the NCSC said is an enduring and significant threat comes after a year of serious assaults on critical services in the UK. Royal Mail International was the target of a serious attack by the LockBit group in January, and this was after a raid on software supplier Advanced forced the NHS to revert to pen and paper once again. The UK and its intelligence partners have also sought to bring attention to the cyber threat faced by allied CNI over the past year, including alerts covering Russia's cyber-espionage-enabling Snake malware and China's attacks on US organizations.