Tuesday, September 27, 2022

Russia Gives Citizenship to Ex-NSA Contractor Edward Snowden

Russian President Vladimir Putin has granted Russian citizenship to former U.S. security contractor Edward Snowden, according to a decree signed Monday by the Russian leader. read more

Ukraine Says Russia Planning 'Massive Cyberattacks' on Critical Infrastructure

The Ukrainian government says it is bracing to deal with “massive cyberattacks” from Russian hackers against critical infrastructure targets in the energy sector. read more

Hackers Leak French Hospital Patient Data in Ransom Fight

Hackers who crippled a French hospital and stole a trove of data last month have released personal records of patients online, officials have confirmed. The cyberattackers demanded a multimillion dollar ransom from the Corbeil-Essonnes hospital...

Australia Mulls Tougher Cybersecurity Laws After Data Breach

The Australian government said on Monday it is considering tougher cybersecurity rules for telecommunications companies and blamed Optus, the nation’s second-largest wireless carrier, for an unprecedented breach of personal data from 9.8 million customers. read more

Breached American Airlines Email Accounts Abused for Phishing

American Airlines discovered it was breached after receiving reports of employee email accounts being used in phishing attacks. Last week, the airline started informing some of its customers that their personal data was likely compromised in a data breach identified...

UK Teen Arrested Over Rockstar Games, Uber Hacks

The City of London Police announced on Friday that a 17-year-old had been arrested on suspicion of hacking, and there are some reports that the suspect is believed to have been involved in the recent cyberattacks targeting Uber and...

Ukraine Cracks Down on Group Selling Hacked Accounts to Pro-Russia Propagandists

Ukrainian authorities take down cybercrime group that hacked 30 million accounts Ukrainian authorities say they have taken down a pro-Russia hacking group that compromised user accounts and then sold them for profit on dark web portals. read more

Microsoft Dismantles Spam Campaign Abusing OAuth Applications

Microsoft says it has dismantled a malicious campaign relying on a network of single-tenant OAuth applications for the distribution of spam messages. read more

Hacktivist Attacks Show Ease of Hacking Industrial Control Systems

Hacktivists might not know a lot about industrial control systems (ICS), but they’re well aware of the potential implications of these devices getting compromised. That is why some groups have been targeting these systems — which are often unprotected...

Sophos Firewall Zero-Day Exploited in Attacks on South Asian Organizations

UK-based cybersecurity company Sophos has warned customers that a new zero-day vulnerability affecting some of its firewall products has been exploited in attacks. read more

SentinelOne Announces $100 Million Venture Fund

Endpoint security firm SentinelOne (NYSE: S) this week announced a $100 million venture fund that the publicly-traded company will use to invest other security startups. read more

Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks

Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. read more

New 'Wolfi' Linux Distro Focuses on Software Supply Chain Security

Chainguard this week announced Wolfi, a stripped-down Linux OS distribution designed to improve the security of the software supply chain. read more

BIND Updates Patch High-Severity Vulnerabilities

The Internet Systems Consortium (ISC) this week announced the availability of patches for six vulnerabilities in the widely deployed BIND DNS software, all remotely exploitable. read more

“Left and Right of Boom” – Having a Winning Strategy

As security practitioners are painfully aware, it is not a matter of if but when their organization will come under cyberattack. Given this year’s geopolitical events, the likelihood of falling victim to an attack has exponentially increased. And while...

CISA Warns of Zoho ManageEngine RCE Vulnerability Exploitation

The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned of cyberattacks targeting a recently addressed vulnerability in Zoho ManageEngine. read more

New Firmware Vulnerabilities Affecting Millions of Devices Allow Persistent Access

Firmware security company Binarly has discovered another round of potentially serious firmware vulnerabilities that could allow an attacker to gain persistent access to any of the millions of affected devices. read more

The Future of Endpoint Management

Industry experts foresee further simplification and modernization to occur across endpoint management tools read more

NSA, CISA Explain How Threat Actors Plan and Execute Attacks on ICS/OT

US government agencies have shared a new cybersecurity resource that can help organizations defend critical control systems against threat actors. read more

Cyberattack Steals Passenger Data From Portuguese Airline

Portugal’s national airline TAP Air Portugal says hackers obtained the personal data of some of its customers and have published the information on the dark web. read more
The Register

Ukraine fears ‘massive’ Russian cyberattacks on power, infrastructure

Will those be before or after the nuke strikes Putin keeps banging on about? Russia plans to conduct "massive cyberattacks" on Ukraine and its allies' critical infrastructure and energy sector, according to Kyiv.…

BrandPost: Extortion Economics: Ransomware’s New Business Model

Did you know that over 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cybercriminals have become emboldened by the underground ransomware economy.And...

Police ‘all over’ dark web ransom threat to release 10,000 customer records a day, Optus CEO says

Purported hackers post ultimatum demanding $1m within four days after massive Optus data breachFollow our Australia news live blog for the latest updatesGet our free news app, morning email briefing or daily news podcastThe chief executive of Optus, Kelly...

Barracuda Unveils New Capabilities To Protect Against Persistent And Evolving Threats

Barracuda announced a number of product enhancements and innovative new capabilities at its recent Secured.22 virtual conference to expand the protection for customers and help them defend against the latest cyber threats.

Zoho ManageEngine flaw is actively exploited, CISA warns

A remote code execution vulnerability in Zoho's ManageEngine, a popular IT management solution for enterprises, is being exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) added the flaw to its catalog of known exploited vulnerabilities...