Akamai researchers have identified a critical vulnerability in the Common Unix Printing System (CUPS) that could allow malicious actors to initiate powerful distributed denial-of-service (DDoS) attacks with minimal resources. Approximately 58,000 exposed devices are potentially at risk, posing a serious threat to internet stability. This discovery adds to the growing list of vulnerabilities in outdated technology that can be abused by malefactors. The Akamai team revealed that over 198,000 devices connected to the internet are vulnerable to this type of attack, with around 34% of these, or roughly 58,000 devices, susceptible to DDoS abuse. Exploit Details and Impact The exploit,…
Author: ISB Staff Reporter
CloudSEK, a provider of AI-driven cybersecurity solutions, has debuted Deep Fake Detection Technology, which is now available for free. The company says this initiative is part of its commitment to providing society with resources to combat cybercrime. Advanced Deep Fake Detection Technology CloudSEK has developed an advanced DeepFake Detector designed to identify and mitigate the risks of deep fake content. The technology calculates an overall Fakeness Score by integrating several sophisticated analyzers: Promoting Cybersecurity Awareness By offering this technology for free, CloudSEK aims to enhance the cyber resilience of the digital world and help people and companies protect themselves against the growing…
Check Point Software, a cybersecurity solutions provider, has acquired Cyberint Technologies, a company specializing in external risk management solutions. This marks Check Point’s third startup acquisition within the past year. Through this acquisition, Check Point will enhance its Security Operations Center (SOC) capabilities and broaden its managed threat intelligence services, strengthening its ability to protect organizations from a broader range of threats. According to reports, the acquisition is valued at around $200 million in shares and cash. Cyberint employs over 170 people across Israel, the USA, and Asia, and once the deal is closed, which is expected to close by…
A staggering 80% of manufacturing companies have critical vulnerabilities, putting them at heightened risk of cyberattacks. This was one of the findings of Back Kite’s 2024 report, The Biggest Third-Party Risks in Manufacturing. Black Kite is a third-party cyber risk intelligence business. The findings stem from an analysis of nearly 5,000 companies across 10 manufacturing sub-industries, highlighting the extensive third-party risk landscape in the sector. As manufacturing rapidly adopts digital technologies, it has become a prime target for cyberattacks. Cybercriminals are exploiting the sector’s expanding digital footprint, with defense strategies often lagging behind the growing attack surface. Given the sector’s…
In a significant move against one of the world’s most notorious cybercrime groups, the UK has sanctioned 16 individuals linked to Evil Corp, a criminal organization with ties to the Russian state. Among those newly exposed is a key affiliate of the LockBit ransomware group. Australia and the United States have also imposed sanctions, with the US unsealing an indictment against a prominent member of the group. The UK’s National Crime Agency (NCA) played a pivotal role in uncovering Evil Corp’s extensive criminal network. Once a Moscow-based family financial crime group, Evil Corp expanded into cybercrime, reportedly extorting at least…
University Medical Center (UMC) is still grappling with the aftermath of a ransomware attack that occurred last Thursday. The attack caused a widespread IT outage and forced the diversion of emergency and non-emergency patients to nearby facilities. While some services have been restored, the full impact of the attack remains uncertain as the hospital works to recover. The ransomware attack, first detected on 26 September, has left UMC’s systems crippled, impacting critical operations, including the diversion of ambulances away from the hospital’s emergency room, despite the ER remaining open to the public. “Out of an abundance of caution, we are…
A recent investigation by Bitsight TRACE has uncovered several critical 0-day vulnerabilities in six Automatic Tank Gauge (ATG) systems from five different vendors. These vulnerabilities are substantial real-world threats, with the potential for exploitation by malicious actors, leading to severe consequences such as physical damage, environmental harm, and financial losses. Even more alarming is that, despite repeated warnings, thousands of ATGs remain online and directly accessible via the internet, making them highly vulnerable to cyberattacks, particularly in sabotage or cyberwarfare contexts. Industrial Control Systems (ICS) form the backbone of modern critical infrastructure, with ATG systems playing a key role in…
The U.S. Department of Justice (DOJ) has indicted three Iranian nationals linked to the Islamic Revolutionary Guard Corps (IRGC) for orchestrating a cyberattack aimed at influencing the 2024 US presidential election. The indictment, unsealed today, charges Masoud Jalili, Seyyed Ali Aghamiri, and Yaser Balaghi with a conspiracy to hack into the accounts of US political figures, media members, and campaign officials in a coordinated “hack-and-leak” operation. The aim of the campaign was to stoke discord, erode confidence in the electoral process, and acquire sensitive information for the IRGC’s benefit. According to the DOJ, the three hackers targeted officials and individuals…
Cybersecurity researchers identified critical vulnerabilities in Kia vehicles, revealing that attackers could remotely control cars using only a license plate number. The vulnerabilities were first identified in June this year and have since been patched, but the potential impact has raised serious concerns about vehicle security. Hacked in 30 Seconds On 11 June 2024, a team of hackers Neiko Rivera, Sam Curry, Justin Rhinehart, and Ian Carroll) uncovered flaws in Kia’s vehicle systems that allowed them to execute commands on a car by entering its license plate. Within 30 seconds, they could control various vehicle functions, including unlocking doors, disabling…
The Cybersecurity and Infrastructure Security Agency (CISA) has once again raised alarms about the ongoing exploitation of operational technology (OT) and industrial control systems (ICS) across critical infrastructure sectors. The warning comes amid an active investigation into a cybersecurity incident at the City of Arkansas’s Water Treatment Facility, which was targeted early Sunday on 22 September, 2024. While the City of Arkansas City has reassured residents that its water supply remains safe and operations continue uninterrupted, the incident shines a light on the fact that malicious actors are targeting vital OT/ICS systems using relatively unsophisticated methods. Unsophisticated Attacks Still a…
