US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have published the guide in an attempt to promote cybersecurity resilience and improve incident response in the WWS sector. READ MORE...
Hackers working on behalf of Russia's foreign intelligence service successfully penetrated a limited number of Microsoft corporate email accounts, stealing some emails and attached documents, the company announced Friday. Microsoft detected the attack from a hacking unit tied to Russia's External Intelligence Service (SVR) on Jan. 12 "and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access," the company said. READ MORE...
Trezor issued a security alert after identifying a data breach that occurred on January 17 due to unauthorized access to their third-party support ticketing portal. The popular hardware cryptocurrency wallet vendor says that the investigation on the incident is ongoing but it found no evidence so far that users' digital assets were compromised in the incident. "We want to stress that none of our users' funds have been compromised through this incident," reads the announcement. READ MORE...
The LockBit ransomware gang is claiming an attack on submarine sandwich slinger Subway, alleging it has made off with a platter of data. LockBit's post to its leak blog, published on January 21, suggests one of its affiliates breached Subway's database, stealing sensitive data on "all financial aspects" of the fast food franchise. "The biggest sandwich chain is pretending that nothing happened," the criminals said, highlighting the silence from the company's official channels. READ MORE...
TeamViewer is software that organizations have long used to enable remote support, collaboration, and access to endpoint devices. Like other legitimate remote access technologies, it is also something that attackers have used with relative frequency to gain initial access on target systems. Two attempted ransomware deployment incidents that researchers at Huntress recently observed are the latest case in point. READ MORE...
Finnish IT software and service company Tietoevry has suffered a ransomware attack that affected several customers of one of its datacenters in Sweden. The ransomware attack took place during the night of January 19-20. "The attack was limited to one part of one of our Swedish datacenters, impacting Tietoevry's services to some of our customers in Sweden," the company noted. "Tietoevry immediately isolated the affected platform, and the ransomware attack has not affected other parts of the [company]." READ MORE...
Fujitsu software bugs that helped send innocent postal employees to prison in the UK were known "right from the very start of deployment," a Fujitsu executive told a public inquiry today. "All the bugs and errors have been known at one level or not, for many, many years. Right from the very start of deployment of the system, there were bugs and errors and defects, which were well-known to all parties," said Paul Patterson, co-CEO of Fujitsu's European division. READ MORE...
Exploitation of two chained vulnerabilities in Ivanti Connect Secure VPN is accelerating as more than 2,100 systems have been compromised by the Giftedvisitor webshell, according to a blog post released Thursday by Volexity. The suspected state-linked threat actor, which Volexity tracks as UTA0178, was observed manipulated the Integrity Checker Tool from Ivanti to make it appear there were no new or mismatched files, according to Volexity. READ MORE...
Evidence suggests that a Chinese cyberespionage group had been exploiting a recent VMware vCenter Server vulnerability as a zero-day since 2021, Mandiant reports. The flaw, tracked as CVE-2023-34048 (CVSS score of 9.8), is an out-of-bounds write bug in VMware's implementation of the DCERPC protocol that could allow an attacker with network access to execute arbitrary code remotely. READ MORE...
Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers. Atlassian disclosed the security issue last week and noted that it impacts only Confluence versions released before December 5, 2023, along with some out-of-support releases. The flaw has a critical severity score and allows unauthenticated remote attackers to execute code on vulnerable Confluence endpoints READ MORE...
On Thursday, Internet pioneer Vint Cerf announced that Dr. David L. Mills, the inventor of Network Time Protocol (NTP), died peacefully at age 85 on January 17, 2024. The announcement came in a post on the Internet Society mailing list after Cerf was informed of David's death by Mills' daughter, Leigh. Dr. Mills created the Network Time Protocol (NTP) in 1985 to address a crucial challenge in the online world: the synchronization of time across different computer systems and networks. READ MORE...