Worldwide there are more than 145,000 internet-exposed industrial control systems (ICS), according to internet intelligence platform provider Censys. The company's latest 'State of the Internet' report also reveals that the devices are spread out across 175 countries, with 38% of them located in North America, 35% in Europe and 22% in Asia. In the United States, there are 48,000 exposed systems. Censys previously reported seeing 40,000 internet-exposed ICS systems in the United States. READ MORE...
Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. Finastra is a financial software company serving over 8,000 institutions across 130 countries, including 45 of the world's top 50 banks and credit unions. The company employs 12,000 people, and last year, it reported a revenue of $1.7 billion. READ MORE...
Still reeling from its February ransomware attack, Change Healthcare confirms its clearinghouse services are back up and running, almost exactly nine months since the digital disruption began. In an ordinary year, the healthcare organization handles 15 billion transactions - the most of any clearinghouse in the US. It looks after payments and transactions between and among healthcare providers, hospitals, practitioners, and patients throughout the US healthcare system. READ MORE...
A newly unveiled threat actor has been spying on mobile phones in Asia and Africa for more than four years. On Nov. 19, Adam Meyers, senior vice president for counter-adversary operations at CrowdStrike, testified before the US Senate Judiciary Subcommittee on Privacy, Technology, and the Law, on the subject of Chinese cyber threats to critical infrastructure. In the process, he unveiled Liminal Panda, an APT hyper-focused on gathering intelligence from telecommunications networks. READ MORE...
Mexico's president said Wednesday that the government is investigating an alleged ransomware hack of her administration's legal affairs office after what appeared to be samples of personal information from a database of government employees were posted online. The website Cybernews said a group called Ransomhub had posted a sample of apparently hacked government files on the dark web, reportedly giving them 10 days to pay an undisclosed sum or it will make public about 313 gigbytes of files. READ MORE...
Apple has released security updates to address two zero-day vulnerabilities that are under active exploitation in the wild. The bugs, tracked as CVE-2024-44308 (CVSS 6.8) and CVE-2024-44309 (CVSS 4.3), are, respectively, a vulnerability in JavaScriptCore that could lead to arbitrary code execution, and a cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack while processing malicious Web content. READ MORE...
A design flaw in the Fortinet VPN server's logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of compromised logins. Although the brute-force attack is still visible, a new technique allows logging only failed attempts and not successful ones, generating a false sense of security. The FortiClient VPN server stores login activity using a two-step process. READ MORE...
Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation's internet-wide scanning has revealed. Compromised devices are predominantly located in the US and India, the nonprofit says. Approximately two weeks ago, Palo Alto Networks warned that attackers have been spotted leveraging a zero-day flaw to achieve remote code execution on vulnerable devices. READ MORE...
Researchers at Qualys refuse to release exploit code for five bugs in Ubuntu Server's needrestart utility that allow unprivileged attackers to gain root access without any user interaction. The security shop's Threat Research Unit (TRU) said it was able to develop a working exploit but wouldn't release it, describing the findings as "alarming." Regardless, they said the vulnerabilities are "easily exploitable" and urged admins to apply the recommended fixes promptly. READ MORE...