"CISA Warns on JetBrains TeamCity Flaw That Could Allow Hackers to Generate Admin Accounts"

"CISA Warns on JetBrains TeamCity Flaw That Could Allow Hackers to Generate Admin Accounts"

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a JetBrains vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, noting evidence of active exploitation. The JetBrains flaw is a critical authentication bypass problem in the TeamCity On-Premises software that enables unauthenticated attackers to completely take over target servers. It is tracked as CVE-2024-27198 and has a severity score of 9.8.

Submitted by Gregory Rigby on

"Tesla Can Be Hacked via MiTM Phishing Attack"

"Tesla Can Be Hacked via MiTM Phishing Attack"

Researchers discovered that hackers can steal a Tesla Model 3 by conducting a Man-in-The-Middle (MiTM) phishing attack on car owners' Tesla accounts. The researchers carried out the attack using the 4.30.6 version of the Tesla App, which serves as the car's key, and version 11.1 2024.2.7 of the underlying Tesla software. Through the attack, the researchers were able to get a new "phone key" to unlock the Tesla vehicle. The study reveals that connecting the car to a new phone lacks adequate authentication security.

Submitted by Gregory Rigby on

"UnitedHealth Sets Timeline to Restore Change Healthcare Systems After BlackCat Hit"

"UnitedHealth Sets Timeline to Restore Change Healthcare Systems After BlackCat Hit"

UnitedHealth Group has recently published a timeline to restore Change Healthcare’s systems following the BlackCat/ALPHV ransomware attack, which has led to delays to patient care across the US.  UnitedHealth Group, which owns Change Healthcare, expects key pharmacy and payment systems to be restored and available by March 18.  In the meantime, UnitedHealth is urging its provider and payer clients to use applicable workarounds it has established, including its new iEDI claim submission system.

Submitted by Adam Ekwall on

"NSA Releases Top Ten Cloud Security Mitigation Strategies"

"NSA Releases Top Ten Cloud Security Mitigation Strategies"

The National Security Agency (NSA) has published "Top Ten Cloud Security Mitigation Strategies" to help cloud customers understand important security practices as they migrate their data to cloud environments. The report compiles ten Cybersecurity Information Sheets (CSIs), each covering a different strategy. The US Cybersecurity and Infrastructure Security Agency (CISA) has joined the NSA as a partner in six of the ten strategies.

Submitted by Gregory Rigby on

"Scientists Put Forth a Smarter Way to Protect a Smarter Grid"

"Scientists Put Forth a Smarter Way to Protect a Smarter Grid"

A team of experts at the US Department of Energy's (DOE) Pacific Northwest National Laboratory (PNNL) presented a new approach to protecting the electric grid against cyberattacks. Instead of protecting the grid and its many components piece-by-piece, the team is developing a tool capable of quickly sorting and prioritizing cyber threats. The goal is to provide grid operators with a clear blueprint for identifying and addressing the most serious threats first. This article continues to discuss the team's approach to protecting the electric grid against cyberattacks.

Submitted by Gregory Rigby on

"Flaws in Public Records Management Tool Could Let Hackers Nab Sensitive Data Linked to Requests"

"Flaws in Public Records Management Tool Could Let Hackers Nab Sensitive Data Linked to Requests"

According to Jason Parker, an independent cybersecurity researcher, a popular tool used by many state and local governments to manage public records requests had flaws that could have enabled hackers to download unsecured files associated with records inquiries, including personal information such as IDs, fingerprints, medical reports, and more. The vulnerabilities could have also let hackers trick the system into allowing individuals to edit or change the metadata of records requests without administrators' knowledge.

Submitted by Gregory Rigby on

"Research Exposes Security, Privacy and Safety Issues in Female Technology Apps Used to Track Fertility, Menopause and Monthly Cycle"

"Research Exposes Security, Privacy and Safety Issues in Female Technology Apps Used to Track Fertility, Menopause and Monthly Cycle"

A team of researchers identified significant security, privacy, and safety issues with FemTech, which is a collection of digital technologies focusing on women's health and well-being. Such technologies include apps, wearable devices, and software. The researchers found FemTech apps gaining access to users' personal contacts, camera, microphone, location, system settings, and more, posing major security and privacy risks. These apps and Internet of Things (IoT) devices use embedded sensors to collect various types of data about users, their relatives, their bodies, and their environments.

Submitted by Gregory Rigby on

"Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks"

"Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks"

Threat actors are using malicious JavaScript injections to launch brute-force attacks on WordPress sites. According to Sucuri security researcher Denis Sinegubko, the distributed brute-force attacks target WordPress websites via the browsers of site visitors. The activity is part of an attack wave in which compromised WordPress sites are used to directly inject cryptocurrency drainers such as Angel Drainer or redirect site visitors to Web3 phishing sites with drainer malware.

Submitted by Gregory Rigby on

"Linux Variants of Bifrost Trojan Evade Detection via Typosquatting"

"Linux Variants of Bifrost Trojan Evade Detection via Typosquatting"

A 20-year-old Remote Access Trojan (RAT) has reemerged with new variants targeting Linux and impersonating a trusted hosted domain. Palo Alto Networks discovered a new Linux variant of the Bifrost malware, also known as Bifrose, that applies the typosquatting tactic to mimic a legitimate VMware domain, allowing the malware to avoid detection. Bifrost is a RAT that has been active since 2004, gathering sensitive information from compromised systems, including hostnames and IP addresses. Bifrost Linux variants have increased significantly in recent months, raising concerns.

Submitted by Gregory Rigby on

"Web-Based PLC Malware: A New Potential Threat to Critical Infrastructure"

"Web-Based PLC Malware: A New Potential Threat to Critical Infrastructure"

Researchers from Georgia Tech's College of Engineering developed web-based Programmable Logic Controller (PLC) malware capable of targeting most PLCs from major manufacturers. Their web-based PLC malware resides in PLC memory but is eventually executed client-side by different browser-equipped devices in the ICS environment. The researchers explained that the malware then uses ambient browser-based credentials to interact with the PLC's legitimate web Application Programming Interfaces (APIs) in order to attack the underlying real-world machinery.

Submitted by Gregory Rigby on
Subscribe to