Building automation giant Johnson Controls hit by ransomware attack
Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company's and its subsidiaries' operations. Johnson Controls is a multinational conglomerate that develops and manufactures industrial control systems, security equipment, air conditioners, and fire safety equipment. READ MORE...
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation
In the latest attack to target software supply chains, attackers managed to slip in malicious code updates to hundreds of GitHub repositories by using stolen passcodes to commit changes and then used the name of a well-known tool, Dependabot, to convince developers to accept those updates. The campaign abused stolen personal access tokens to check code into the GitHub repositories, using a known technique to spoof the name of the contributor. READ MORE...
Chinese Gov Hackers Caught Hiding in Cisco Router Firmware
A Chinese state-sponsored APT called BlackTech has been caught hacking into network edge devices and using firmware implants to stay hidden and silently hop around the corporate networks of U.S. and Japanese multinational companies. According to a high-powered joint advisory from the NSA, FBI, CISA and Japan's NISC, BlackTech has been observed modifying router firmware on Cisco routers to maintain stealthy persistence and pivot from international subsidiaries to headquarters in Japan and the United States. READ MORE...
SSH keys stolen by stream of malicious PyPI and npm packages
A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms. The campaign started on September 12, 2023, and was first discovered by Sonatype, whose analysts unearthed 14 malicious packages on npm. Phylum reports that after a brief operational hiatus on September 16 and 17, the attack has resumed and expanded to the PyPI ecosystem. READ MORE...
CISA rolls dice on public service campaign to raise cyber awareness
The Cybersecurity and Infrastructure Security Agency launched its first-ever national public service campaign to raise awareness of cybersecurity in local communities, including for families and small businesses. The Secure our World campaign is designed to teach people and businesses in local communities how to stay safe online. The campaign includes public service announcements on television, digital content, cyber toolkits and other resources. READ MORE...
Millions of files with potentially sensitive information exposed online, researchers say
Thousands of computers and other internet-connected devices are exposing millions of files with potentially sensitive data across the internet, either inadvertently or on purpose, leaving the data discoverable and potentially exploitable in any number of ways, an analysis published Wednesday found. Researchers with Censys recently indexed nearly 314,000 distinct internet-connected devices and web servers with open directory listings and at least one file. READ MORE...
New twist on ZeroFont phishing technique spotted in the wild
Cybercriminals are leveraging the ZeroFont technique to trick users into trusting phishing emails, SANS ISC handler Jan Kopriva has warned. Documented and named by Avanan in 2018, the ZeroFont technique involves using text written in font size "0" throughout the email body. In that campaign, it was used to bypass Microsoft's NLP-based anti-phishing protections by breaking up the text strings that would otherwise trigger them. READ MORE...
Misconfigured TeslaMate Instances Put Tesla Car Owners at Risk
Misconfigured TeslaMate instances can leak tons of data on the internet, potentially exposing Tesla cars and their drivers to malicious attacks, IoT security intelligence firm Redinent reports. A third-party data logging application, TeslaMate relies on the Tesla API to retrieve various types of information about Tesla cars, making it available to users on their computers. While the application is a great tool for keeping track of car data, it also poses a significant risk if improperly configured. READ MORE...
- ...in 1867, the US takes control of Midway Island.
- ...in 1924, a team of US Army aviators completes the first ever aerial circumnavigation of the world, covering 27,553 miles in 175 days.
- ...in 1959, Explorer VI, the U.S. satellite, takes the first video pictures of Earth.
- ...in 2008, SpaceX launches the first private spacecraft, Falcon 1.
