News – Page 492

The Next Disruptive ICS Attacker: A Ransomware Gang?

Posted on 12 August 2021

From tripwire.com

The Next Disruptive ICS Attacker: A Ransomware Gang?

OT networks often rely on Windows systems for various ICS applications including HMIs, historians, and data gateways. Beyond that, they also commonly rely on Windows systems to run associated IT-networks.

A successful ransomware deployment into either of these networks may prevent engineers from controlling plant operations and lead to an unplanned shutdown. This creates an immediate cost on the organization due to lost productivity. In the worst case, unplanned shutdowns may lead to physical failures that can damage equipment, potentially endangering lives in the process. The downtime from such an event could also span many months depending on the system. Specialized industrial equipment often cannot be replaced with existing components and take months to produce.

Connected devices increasingly at risk as new ransomware attacks are reported almost daily

Posted on 12 August 2021

From helpnetsecurity.com

Ordr released a report on the state of connected devices. The 2021 study addresses pandemic-related cybersecurity challenges, including the growth of connected devices and related increase of security risks from these devices as threat actors took advantage of chaos to launch attacks.

Singaporean telco leaked personal data of over 57,000 customers

Posted on 12 August 2021

From theregister.com

Singapore pay TV, internet and mobile phone provider StarHub is in the process of notifying 57,191 customers via email that they are victims of a cyber attack that leaked national identity card numbers, mobile numbers and email addresses.

An August 11th email notifying a customer of the leak was obtained by The Register and reads:

During a proactive online surveillance earlier this month, we discovered, on a third-party data dump website, an illegally uploaded file containing certain limited types of personal information related to your StarHub subscription from before 2007.

In the email, StarHub explains that there is no current evidence that information has been misused, and that an incident management team assessed the situation. Investigations by digital forensic and cybersecurity experts are ongoing.

StarHub claims credit card and bank account information was not compromised, but has nonetheless offered all affected customers six months of free credit monitoring, as long as they act by September 5. Emails will continue to go out to leak victims until August 20, 2021.

Microsoft Warns of Another Unpatched Windows Print Spooler RCE Vulnerability

Posted on 12 August 2021

From thehackernews.com

A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it’s working to remediate the issue in an upcoming security update.

Tracked as CVE-2021-36958 (CVSS score: 7.3), the unpatched flaw is the latest to join a list of bugs collectively known as PrintNightmare that have plagued the printer service and come to light in recent months. Victor Mata of FusionX, Accenture Security, who has been credited with reporting the flaw, said the issue was disclosed to Microsoft in December 2020.

Accenture Hacked – Lockbit 2.0 Ransomware Compromised Thousands of Computers & Demand $50M

Posted on 12 August 2021

From gbhackers.com

Accenture Hacked – Lockbit 2.0 Ransomware Compromised Thousands of Computers & Demand $50M

Exclusive!! One of the Worlds biggest IT Consulting firm Accenture reportedly hacked by the notorious Lockbit 2.0 Ransomware.

Accenture operating with more than 500k employees around the globe with a valuation of $44.3 billion and is the largest firm handling a wide range of development in various sectors such as banks, government, technology, energy, telecoms, and more.

LockBit is a cybercriminal gang roaming in the dark web that operates using a ransomware-as-a-service (RaaS) model—similar t REvil. The team behind the LockBit offers its ransomware platform for other entities or individuals to use based on an affiliate model and share the revenue collected from the victims.

Adobe fixes critical preauth vulnerabilities in Magento

Posted on 11 August 2021

From bleepingcomputer.com

Adobe has released a large Patch Tuesday security update that fixes critical vulnerabilities in Magento and important bugs in Adobe Connect.

The complete list of Adobe Products receiving security updates today and the number of fixed vulnerabilities are below:

In total, Adobe fixed 29 vulnerabilities with today’s updates.

Almost all Critical vulnerabilities could lead to arbitrary code execution, allowing threat actors to execute commands on vulnerable computers.

slsa: Supply-chain Levels for Software Artifacts

Posted on 11 August 2021

From securityonline.info

Supply-chain Levels for Software Artifacts (SLSA, pronounced salsa) is an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain. The requirements are inspired by Google’s internal “Binary Authorization for Borg” which has been in use for the past 8+ years and that is mandatory for all of Google’s production workloads.