Saturday, June 25, 2022

Researchers: It Took Oracle 6 Months to Patch 'Mega' Vulnerability Affecting Many Systems

Security researchers have published technical details on a critical Fusion Middleware vulnerability that Oracle took six months to patch. read more

CrowdStrike: Ransomware Actor Caught Exploiting Mitel VOIP Zero-Day

Security researchers at CrowdStrike have stumbled upon ransomware actors deploying zero-day exploits against Mitel VOIP appliances sitting on the network perimeter. read more

Hadrian Raises $11 Million for Offensive Security Platform

Offensive security startup Hadrian today announced that it has received €10.5 million ($11 million) in unsolicited seed funding that brings the total invested in the company to $13.7 million. The investment round was led by HV Capital, with participation from...

Codesys Patches 11 Flaws Likely Affecting Controllers From Several ICS Vendors

Codesys this week announced patches for nearly a dozen vulnerabilities discovered in the company’s products by researchers at Chinese cybersecurity firm NSFocus. read more

US Agencies Warn Organizations of Log4Shell Attacks Against VMware Products

The United States Cybersecurity and Infrastructure Security Agency (CISA) and the Coast Guard Cyber Command (CGCYBER) have issued a joint advisory to warn organizations that threat actors continue to exploit the Log4Shell vulnerability in VMware Horizon and Unified Access...

US, UK, New Zealand Issue PowerShell Security Guidance

The US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Cyber Security Centres in New Zealand (NZ NCSC) and the United Kingdom (NCSC-UK) have issued joint guidance on the proper configuration and monitoring...

Apple, Android Phones Targeted by Italian Spyware: Google

An Italy-based firm's hacking tools were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Google said Thursday, casting a light on a "flourishing" spyware industry. read more

A Year After Death, McAfee's Corpse Still in Spanish Morgue

The body of software entrepreneur John McAfee remained at a morgue in Spain Thursday a year after his death as a legal case filed by his family, who do not believe he committed suicide, is yet to be resolved. read...

Biden Signs Two Cybersecurity Bills Into Law

Two bipartisan cybersecurity bills were signed into law on Tuesday, June 21, 2022, by US President Joe Biden: the Federal Rotational Cyber Workforce Program Act of 2021, and the State and Local Government Cybersecurity Act of 2021. read more

Security Orchestration: Beware of the Hidden Financial Costs

Among the many improvements in cybersecurity technology and tools we’ve seen over the last few years, one of the most significant has been the inclusion of security automation and orchestration capabilities in solution categories beyond SOAR platforms. SIEM providers...

Top Cryptographers Flag 'Devastating' Flaws in MEGA Cloud Storage

Cryptographers at Swiss university ETH Zurich have found at least five exploitable security flaws in the privacy-themed MEGA cloud storage service and warned that the issues could lead to “devastating attacks on the confidentiality and integrity of user data...

Chinese APT 'Bronze Starlight' Uses Ransomware to Disguise Cyberespionage

A China-linked state-sponsored hacking group named Bronze Starlight was observed deploying various ransomware families to hide the true intent of its attacks. read more

Affected ICS Vendors Start Responding to OT:Icefall Vulnerabilities

Some of the industrial control system (ICS) vendors impacted by the OT:Icefall vulnerabilities have released advisories to inform customers about the impact of the flaws and to provide mitigations. read more

Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks

Acquisition allows Johnson Controls to bring zero trust security to connected buildings  read more

MCG Health Faces Lawsuit Over Data Breach Impacting 1.1 Million Individuals

Patient care guidelines provider MCG Health faces a proposed class lawsuit over the compromise of patient information during a March 2022 data breach. A wholly-owned subsidiary of the New York-based Hearst Health network, MCG Health combines artificial intelligence with clinical...

US Subsidiary of Automotive Hose Maker Nichirin Hit by Ransomware

A US subsidiary of Nichirin, a Japanese company that makes hoses for the automotive industry, was recently hit by ransomware. The company said on Wednesday in a press release written in Japanese that the attack, aimed at Nichirin-Flex USA, was...

Firmware Security Startup Binarly Raises $3.6 Million in Seed Funding

Firmware security company Binarly on Wednesday announced that it has raised $3.6 million in a seed funding round led by Westwave Capital and Acrobator Ventures. Several angel investors also took part in the seed round, which will help the startup...

SMA Technologies Patches Critical Security Issue in Workload Automation Solution

A critical vulnerability in the SMA Technologies OpCon UNIX agent results in the same SSH key being deployed with all installations. Aimed at financial institutions and insurance firms, OpCon is a cross-platform process automation and orchestration solution that can be...
Security Affairs

Multiple malicious packages in PyPI repository found stealing AWS secrets

Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment...

The Post-Roe Privacy Nightmare Has Arrived

Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.

How to Move Your WhatsApp Chats Across Devices and Apps

It's never been easier to switch between iPhone and Android—and to get your messages out of the Meta ecosystem entirely.
The Register

We’re now truly in the era of ransomware as pure extortion without the encryption

Why screw around with cryptography and keys when just stealing the info is good enough Feature  US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing...
The Hacker News

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF

In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet NIST standards. Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management...