"Gas Chromatograph Hacking Could Have Serious Impact: Security Firm"

"Gas Chromatograph Hacking Could Have Serious Impact: Security Firm"

Security researchers at Claroty have recently disclosed the details of several vulnerabilities discovered in a gas chromatograph made by Emerson and warned that attacks could have a serious impact. A gas chromatograph is a chemical analysis instrument that measures the content of various components in a sample.  Such devices are used by hospitals in blood testing and by environmental facilities to measure air pollution.  The researchers found that Rosemount GC370XA, GC700XA, and GC1500XA products are affected by four vulnerabilities.

Submitted by Adam Ekwall on

"Arkansas Based Evolve Bank Confirms CyberAttack And Data Breach"

"Arkansas Based Evolve Bank Confirms CyberAttack And Data Breach"

Evolve Bank and Trust recently announced that it was the victim of a cybersecurity incident that involved customers' data being illegally released on the dark web. On Tuesday, ransomware group Lockbit 3.0 posted data hacked from Evolve.  The hackers had given the bank until Tuesday afternoon to meet its ransom demands in exchange for not posting sensitive data from an alleged hack of the central bank.  Some of the data affected include account numbers and deposit balances.  The investigation into the incident is still ongoing. 

 

Submitted by Adam Ekwall on

Cyber Scene - AI: Driving US Crazy?

Cyber Scene - AI: Driving US Crazy?

By krahal

The relatively new kid on the block is generating tectonic explosions worldwide, from international political issues to how you write a note to a friend or prepare your lawsuit briefs.

Submitted by Gregory Rigby on

"Developer Errors Lead to Long-Term Exposure of Sensitive Data in Git Repos"

"Developer Errors Lead to Long-Term Exposure of Sensitive Data in Git Repos"

New Aqua Security research found secrets from organizations, including credentials, Application Programming Interface (API) tokens, and passkeys, that have been exposed for years. Researchers discovered active secrets from open source organizations and enterprises providing access to sensitive data and software. This discovery was made by scanning the most popular 100 organizations on GitHub, which has over 50,000 publicly accessible repositories. This article continues to discuss findings regarding the significant exposure of enterprise secrets.

Submitted by Gregory Rigby on

"Hackers Target New MOVEit Transfer Critical Auth Bypass Bug"

"Hackers Target New MOVEit Transfer Critical Auth Bypass Bug"

Threat actors are exploiting a new critical authentication bypass flaw in Progress MOVEit Transfer, which is a Managed File Transfer (MFT) solution used to securely transfer files between business partners and customers. The new security flaw enables attackers to bypass authentication in the Secure File Transfer Protocol (SFTP) module. This flaw allows an attacker to access sensitive data, delete files, intercept file transfers, and more. This article continues to discuss the exploitation of a new MOVEit Transfer flaw.

Submitted by Gregory Rigby on

"Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector"

"Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector"

Siemens recently patched several vulnerabilities in some of its Sicam products that could be exploited in attacks against the energy sector. In May, Siemens released updates for its Sicam A8000 remote terminal unit, Sicam EGS grid sensors, and Sicam 8 power automation software. One of the vulnerabilities is a buffer overread issue that can enable attackers to read sensitive data from memory, potentially leading to arbitrary code execution in the context of the current process or to a Denial-of-Service (DoS) condition.

Submitted by Gregory Rigby on

"Novel Banking Malware Targets Customers in Southeast Asia"

"Novel Banking Malware Targets Customers in Southeast Asia"

Promon research highlights a new malware strain called "Snowblind" targeting banking customers in Southeast Asia. The new malware disables Android banking apps' ability to detect malicious modifications, thus avoiding detection. Snowblind exploits accessibility services on apps, which have extensive permissions to interact with and modify app interfaces. According to Promon, Snowblind uses these services to access sensitive information, navigate the device, and more. This article continues to discuss findings regarding the Snowblind malware.

Submitted by Gregory Rigby on
Subscribe to