"Thousands of DrayTek Routers at Risk From 14 Vulnerabilities"

"Thousands of DrayTek Routers at Risk From 14 Vulnerabilities"

Tens of thousands of DrayTek routers, including models used by many businesses and government agencies, are at risk of attack due to 14 newly discovered firmware vulnerabilities. Several flaws could lead to Denial-of-Service (DoS) and Remote Code Execution (RCE) attacks. The other vulnerabilities enable threat actors to carry out data theft, session hijacking, and other malicious activities. This article continues to discuss the vulnerabilities impacting thousands of DrayTek routers.

Submitted by Gregory Rigby on

"Ransomware Hits Critical Infrastructure Hard, Costs Adding Up"

"Ransomware Hits Critical Infrastructure Hard, Costs Adding Up"

Claroty surveyed 1,100 cybersecurity professionals responsible for securing Cyber-Physical Systems (CPS), including Operational Technology (OT), Internet of Things (IoT), Building Management Systems (BMS), and more. The survey found that 45 percent of organizations suffered losses of $500,000 or more in the past year, and 27 percent faced losses of $1 million or more.

Submitted by Gregory Rigby on

"DPRK's APT37 Targets Cambodia With Khmer, 'VeilShell' Backdoor"

"DPRK's APT37 Targets Cambodia With Khmer, 'VeilShell' Backdoor"

The North Korean state-sponsored threat actor known as "APT37" is spreading a new backdoor named "VeilShell." Most North Korean Advanced Persistent Threats (APTs) target South Korean or Japanese organizations, but APT37's latest campaign appears to target Cambodia, a country Kim Jong-Un has more complicated relations with. According to Securonix, APT37 has been sending malicious emails in the Khmer language about Cambodian affairs to attract victims.

Submitted by Gregory Rigby on

"NJIT PhD Researcher Develops Secure Code Generation System, Achieves Early Conference Acceptance"

"NJIT PhD Researcher Develops Secure Code Generation System, Achieves Early Conference Acceptance"

Security vulnerabilities are a major issue in Artificial Intelligence (AI)-powered code generation. Therefore, Khiem Ton, a Ph.D. student, and his colleagues at the New Jersey Institute of Technology (NJIT) developed "SGCode," a system that uses advanced AI and security analysis tools to detect and fix security flaws during code creation. SGCode includes Large Language Models (LLMs) such as GPT-4, a graph-based Generative Adversarial Network (gGAN), and security analysis tools. The flexible system lets users switch between code security optimization methods.

Submitted by Gregory Rigby on

"Cybercriminals Capitalize on Poorly Configured Cloud Environments"

"Cybercriminals Capitalize on Poorly Configured Cloud Environments"

Researchers at Elastic found that off-the-shelf offensive security tools and poorly configured cloud environments expand the attack surface. About 54 percent of malware alerts involved offensive security tools such as Cobalt Strike and Metasploit. The most prevalent malware family this year was Cobalt Strike, with 27.02 percent of infections. Cobalt Strike is a commercial post-exploitation framework that threat actors often steal and use for their own malicious activities.

Submitted by Gregory Rigby on

"Cloudflare Blocks Largest Recorded DDoS Attack Peaking at 3.8Tbps"

"Cloudflare Blocks Largest Recorded DDoS Attack Peaking at 3.8Tbps"

In a Distributed Denial-of-Service (DDoS) campaign aimed at financial services, Internet, and telecommunications companies, volumetric attacks peaked at 3.8 terabits per second (Tbps), the largest publicly recorded. The campaign involved over 100 hyper-volumetric DDoS attacks that flooded network infrastructure with garbage data. A volumetric DDoS attack overwhelms the target with large amounts of data, consuming bandwidth or exhausting the resources of applications and devices, denying legitimate users access.

Submitted by Gregory Rigby on

"NSA joins Australian Signals Directorate and Others in Promoting Six Principles of Operational Technology (OT) Cybersecurity"

"NSA joins Australian Signals Directorate and Others in Promoting Six Principles of Operational Technology (OT) Cybersecurity"

The National Security Agency (NSA), together with the Australian Signals Directorate's Australian Cyber Security Centre (ASD ACSC) and others, released a new Cybersecurity Information Sheet (CSI) titled "Principles of Operational Technology Cyber Security." The CSI delves into six principles for creating and maintaining a safe, secure critical infrastructure Operational Technology (OT) environment. The guidance aims to help improve cybersecurity methods for protecting water, energy, transportation, and more. This article continues the new CSI on OT cybersecurity.

Submitted by Gregory Rigby on

"Fake Browser Updates Spread Updated WarmCookie Malware"

"Fake Browser Updates Spread Updated WarmCookie Malware"

The new "FakeUpdate" campaign targeting users in France involves compromised websites that display fake browser and app updates, which deliver a new version of the WarmCookie backdoor. The threat group "SocGolish" compromises or creates fake websites to display fake update prompts for web browsers, Java, VMware Workstation, WebEx, and Proton VPN. If a user clicks on the legitimate-looking update prompts, a fake update is downloaded that drops cryptocurrency drainers, ransomware, and more. This article continues to discuss the FakeUpdate campaign.

Submitted by Gregory Rigby on

Securing New Ground

"Once a year, the security industry's brightest minds, biggest players and most driven entrepreneurs come together for information sharing, top-level networking and security industry business analysis. At Securing New Ground trends are spotted, connections are formed and minds are opened. Join us!"

"Sellafield Fined for Cybersecurity Failures at Nuclear Site"

"Sellafield Fined for Cybersecurity Failures at Nuclear Site"

Sellafield Ltd was recently fined $437,440 for cybersecurity failings running the Sellafield nuclear facility in Cumbria, North-West England.  The fine was issued by Westminster Magistrates Court.  Sellafield Ltd has also been ordered to pay prosecution costs of $70,060.  The charges relate to Sellafield's management of the security around its information technology systems between 2019 and 2023 and breaches of the Nuclear Industries Security Regulations 2003.

Submitted by Adam Ekwall on
Subscribe to