The unprecedented wave of high-profile cyberattacks on US water utilities over the past year has just kept flowing. In one incident, pro-Iranian hackers penetrated a Pittsburgh-area water utility's PLC and defaced the touchscreen with an anti-Israel message, forcing the utility to revert to manual control of its water pressure-regulation system. A water and wastewater operator temporarily severed connections between its IT and OT networks after ransomware infiltrated some back-end systems. READ MORE...
A popular saying is: "To err is human, but to really foul things up you need a computer." Even though the saying is older than you might think, it did not come about earlier than the concept of artificial intelligence (AI). And as long as we have been waiting for AI technology to become commonplace, if AI has taught us one thing this year, then it's that when humans and AI cooperate, amazing things can happen. But amazing is not always positive. READ MORE...
North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers. Contagious Interview has been active since at least December 2022, according to researchers at cybersecurity company Palo Alto Networks. The campaign targets software developers with fake job offers to deliver malware such as BeaverTail and InvisibleFerret. READ MORE...
The South Korean government has sanctioned more than a dozen individuals and one organization for a wide-ranging global scheme to fund North Korea's nuclear and missile programs through impersonating IT workers abroad, stealing cryptocurrency and facilitating cyberattacks. South Korean officials on Thursday identified 15 North Korean nationals and the Chosun Geumjeong Economic Information Technology Exchange Corporation for economic sanctions. READ MORE...
At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users. One attack was disclosed by Cyberhaven, a data loss prevention company that alerted its customers of a breach on December 24 after a successful phishing attack on an administrator account for the Google Chrome store. Among Cyberhaven's customers are Snowflake, Motorola, Canon, Reddit, AmeriHealth, Cooley, IVP, Navan, DBS, Upstart, and others. READ MORE...