Hackers compromised 22 energy organizations in a coordinated attack against Denmark's critical infrastructure, non-profit cybersecurity center for critical sectors SektorCERT reveals. As part of the attack, which occurred in May 2023, the hackers compromised the victim organizations within a few days, making this the largest attack against Danish critical infrastructure to date. READ MORE...
Henry Schein, a medical and dental supplies company, is still recovering from a cybersecurity incident last month that took some of its systems offline. In a letter to its customers, the company disclosed on Monday that a data breach occurred, but "we do not have all the details of what data may have been compromised." Customer bank accounts and credit card numbers may have been affected. READ MORE...
A pro-Palestinian cyber espionage group focused on compromising government targets in the Middle East has improved its attack tools with a sophisticated initial access downloader - all the while largely ignoring the conflict unfolding in Israel and the Palestinian territories. TA402 (aka Molerats and Frankenstein) rolled out a new sophisticated tool named IronWind, which it used in three campaigns aimed at compromising systems within government agencies throughout the Middle East and Northern Africa. READ MORE...
Dragos is once again the subject of an extortion attempt, this time from AlphV, also known as BlackCat, which claims to have breached the industrial cybersecurity specialist through a third-party hack. AlphV, linked to the high-profile social engineering attack against MGM Resorts in September, claims to have gained access to Dragos, according to post on X, the site formerly known as Twitter, by security researcher Dominic Alvieri. READ MORE...
Siemens and Schneider Electric's Patch Tuesday advisories for November 2023 address roughly 90 vulnerabilities affecting their products. Siemens has released 14 new advisories to inform customers about more than 80 vulnerabilities, many of which impact third-party components. Schneider Electric has released three new advisories to inform customers about the availability of patches for five vulnerabilities. READ MORE...
The US' Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have released fresh guidance on the Royal ransomware operation, saying that evidence suggests it may soon undergo a long-speculated rebrand. The agencies didn't specify a reason for the rebrand or spinoff variant, but rebranding in the ransomware industry is fairly common. READ MORE...
Ducktail is targeting marketing professionals in the fashion industry with its latest campaign, where the threat actors send out archives containing images of authentic products from well-known companies alongside a malicious executable camouflaged as a PDF file. According to a report from Kaspersky, upon execution, the malware opens a genuine embedded PDF, detailing job information, with the attack crafted to appeal to marketing professionals actively seeking career changes. READ MORE...
A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence. The backdoor provides attackers remote access to a victim, both its Confluence server and other network resources, and is found to persist even after Confluence patches are applied. Patches were made available from October 31, with Atlassian telling customers at the time they "must take immediate action". READ MORE...
CISA has ordered US federal agencies to patch five vulnerabilities used by attackers to compromise Juniper networking devices, and to do so by Friday. Most of these bugs are not particularly severe by themselves, but they can be - and have been - chained together by attackers to achieve remote code execution on internet-facing vulnerable devices. Juniper Networks fixed four flaws affecting the J-Web GUI of Junos OS-powered devices in late August 2023. READ MORE...