News – Page 17

Too many ICS assets are exposed to the public internet

Posted on 17 May 2024

From helpnetsecurity.com

“Our research reveals alarming gaps and unexpected trends in enterprise infrastructure, including the decay of network segmentation, persistent challenges in attack surface management, and the increasing volume of dark matter on modern networks,” said HD Moore, CEO.

IT and OT are converging, expanding the attack surface of organizations and requiring new techniques to discover and manage assets. OT systems are high-value targets for attackers and are consistently exposed to untrusted networks. Over 7% of the ICS assets sampled are exposed to the public internet. These assets include programmable logic controllers, power meters, and protocol gateways, all of which play an important role in critical infrastructure.

CISA announces secure by design pledges from leading tech providers

Posted on 17 May 2024

From securitymagazine.com

The Cybersecurity and Infrastructure Security Agency (CISA) announced that 68 leading software manufacturers voluntarily committed to CISA’s Secure by Design pledge. By joining this initiative, these software manufacturers pledge to deliver measurable progress towards seven specific goals, all with the intention of securing critical infrastructure.

Organizations struggle to defend against ransomware

Posted on 17 May 2024

From helpnetsecurity.com

In this Help Net Security video, Jeremy Nichols, Director, Global Threat Intelligence Center at NTT Security Holdings, discusses a recent surge in ransomware incidents.

After a down year in 2022, ransomware and extortion incidents increased in 2023. More than 5,000 ransomware victims were detected or posted across multiple social channels up from approximately 3,000 in 2022, according to the 2024 Global Threat Intelligence Report by NTT Security Holdings.

7 Essential Security Tips to Identify Fake Mobile Apps

Posted on 17 May 2024

From cybersecurity-insiders.com

n today’s digital age, mobile applications have become an integral part of our daily lives, facilitating various tasks from communication to banking. However, with the proliferation of mobile apps, there’s also an increase in fake and malicious applications aiming to compromise users’ security and privacy.

To help you navigate the digital landscape safely, here are seven essential security tips to spot fake mobile apps:

1. Verify the Developer: Before downloading any app, take a moment to research the developer. Legitimate apps are usually developed by reputable companies or individuals with a track record of producing quality apps. Check the developer’s website, reviews, and ratings to ensure authenticity.

2. Check App Permissions: Be wary of apps that request excessive permissions. If a flashlight app asks for access to your contacts and location, it’s a red flag. Review the permissions requested by the app and question if they align with its functionality. Avoid apps that ask for unnecessary access to your personal data.

Russian APT Hackers Attacking Critical Infrastructure

Posted on 17 May 2024

From gbhackers.com

Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals, as APT groups conduct espionage to gather valuable political and economic information.

The Russian government may recruit financially motivated groups, despite their apparent independence, for malicious operations, resulting in a complex threat landscape where the distinctions between criminal and state-sponsored actors are hazy, while intelligence agencies like the SVR and GRU likely orchestrate these cyber activities.

Nissan North America data breach impacts over 53,000 employees

Posted on 16 May 2024

From bleepingcomputer.com

Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company’s external VPN and shut down systems to receive a ransom.

The car maker discovered the breach in early November 2023 and discovered recently that the incident exposed personal data belonging to more than 53,000 current and former employees.

“As shared during the Nissan Town Hall meeting on December 5, 2023, Nissan learned on November 7, 2023, that it was the victim of a targeted cyberattack. Upon learning of the attack, Nissan promptly notified law enforcement and began taking immediate actions to investigate, contain, and successfully terminate the threat,” the company said in a notification to impacted individuals.

Nissan disclosed that the threat actor targeted its external VPN and then shut down certain company systems before asking for a ransom. The company notes that none of its systems were encrypted during the attack.

SANTANDER: A DATA BREACH AT A THIRD-PARTY PROVIDER IMPACTED CUSTOMERS AND EMPLOYEES

Posted on 16 May 2024

From securityaffairs.com

The Spanish bank Santander disclosed a data breach at a third-party provider that impacted customers in Chile, Spain, and Uruguay.

The Spanish financial institution Santander revealed a data breach involving a third-party provider that affected customers in Chile, Spain, and Uruguay.

The bank recently became aware of unauthorized access to one of its databases hosted by a third-party provider.

The company announced that it immediately implemented measures to contain the incident. The company blocked the compromised access to the database and established additional fraud prevention controls to protect affected customers.

“We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider.” reads the statement published by the bank. “Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed. Customer data in all other Santander markets and businesses are not affected.”