Check Point Software, a cybersecurity solutions provider, has acquired Cyberint Technologies, a company specializing in external risk management solutions. This marks Check Point’s third startup acquisition within the past year. Through this acquisition, Check Point will enhance its Security Operations Center (SOC) capabilities and broaden its managed threat intelligence services, strengthening its ability to protect organizations from a broader range of threats. According to reports, the acquisition is valued at around $200 million in shares and cash. Cyberint employs over 170 people across Israel, the USA, and Asia, and once the deal is closed, which is expected to close by…
ISB Staff Reporter
A staggering 80% of manufacturing companies have critical vulnerabilities, putting them at heightened risk of cyberattacks. This was one of the findings of Back Kite’s 2024 report, The Biggest Third-Party Risks in Manufacturing. Black Kite is a third-party cyber risk intelligence business. The findings stem from an analysis of nearly 5,000 companies across 10 manufacturing sub-industries, highlighting the extensive third-party risk landscape in the sector. As manufacturing rapidly adopts digital technologies, it has become a prime target for cyberattacks. Cybercriminals are exploiting the sector’s expanding digital footprint, with defense strategies often lagging behind the growing attack surface. Given the sector’s…
In a significant move against one of the world’s most notorious cybercrime groups, the UK has sanctioned 16 individuals linked to Evil Corp, a criminal organization with ties to the Russian state. Among those newly exposed is a key affiliate of the LockBit ransomware group. Australia and the United States have also imposed sanctions, with the US unsealing an indictment against a prominent member of the group. The UK’s National Crime Agency (NCA) played a pivotal role in uncovering Evil Corp’s extensive criminal network. Once a Moscow-based family financial crime group, Evil Corp expanded into cybercrime, reportedly extorting at least…
University Medical Center (UMC) is still grappling with the aftermath of a ransomware attack that occurred last Thursday. The attack caused a widespread IT outage and forced the diversion of emergency and non-emergency patients to nearby facilities. While some services have been restored, the full impact of the attack remains uncertain as the hospital works to recover. The ransomware attack, first detected on 26 September, has left UMC’s systems crippled, impacting critical operations, including the diversion of ambulances away from the hospital’s emergency room, despite the ER remaining open to the public. “Out of an abundance of caution, we are…
A recent investigation by Bitsight TRACE has uncovered several critical 0-day vulnerabilities in six Automatic Tank Gauge (ATG) systems from five different vendors. These vulnerabilities are substantial real-world threats, with the potential for exploitation by malicious actors, leading to severe consequences such as physical damage, environmental harm, and financial losses. Even more alarming is that, despite repeated warnings, thousands of ATGs remain online and directly accessible via the internet, making them highly vulnerable to cyberattacks, particularly in sabotage or cyberwarfare contexts. Industrial Control Systems (ICS) form the backbone of modern critical infrastructure, with ATG systems playing a key role in…
The U.S. Department of Justice (DOJ) has indicted three Iranian nationals linked to the Islamic Revolutionary Guard Corps (IRGC) for orchestrating a cyberattack aimed at influencing the 2024 US presidential election. The indictment, unsealed today, charges Masoud Jalili, Seyyed Ali Aghamiri, and Yaser Balaghi with a conspiracy to hack into the accounts of US political figures, media members, and campaign officials in a coordinated “hack-and-leak” operation. The aim of the campaign was to stoke discord, erode confidence in the electoral process, and acquire sensitive information for the IRGC’s benefit. According to the DOJ, the three hackers targeted officials and individuals…
Cybersecurity researchers identified critical vulnerabilities in Kia vehicles, revealing that attackers could remotely control cars using only a license plate number. The vulnerabilities were first identified in June this year and have since been patched, but the potential impact has raised serious concerns about vehicle security. Hacked in 30 Seconds On 11 June 2024, a team of hackers Neiko Rivera, Sam Curry, Justin Rhinehart, and Ian Carroll) uncovered flaws in Kia’s vehicle systems that allowed them to execute commands on a car by entering its license plate. Within 30 seconds, they could control various vehicle functions, including unlocking doors, disabling…
The Cybersecurity and Infrastructure Security Agency (CISA) has once again raised alarms about the ongoing exploitation of operational technology (OT) and industrial control systems (ICS) across critical infrastructure sectors. The warning comes amid an active investigation into a cybersecurity incident at the City of Arkansas’s Water Treatment Facility, which was targeted early Sunday on 22 September, 2024. While the City of Arkansas City has reassured residents that its water supply remains safe and operations continue uninterrupted, the incident shines a light on the fact that malicious actors are targeting vital OT/ICS systems using relatively unsophisticated methods. Unsophisticated Attacks Still a…
Non-profit privacy watchdog noyb (None of Your Business) has filed a formal complaint against Mozilla, accusing the tech company of enabling a controversial tracking feature in its Firefox browser without user consent. The feature, dubbed “Privacy Preserving Attribution” (PPA), was introduced in a recent update and has sparked concern over the browser’s handling of user privacy. Despite its name, the feature allows Firefox to track user behavior across websites—taking control of tracking from individual websites and shifting it to the browser itself. While Mozilla claims this approach is less invasive than traditional cookie tracking, noyb argues that users were not…
Hackers have allegedly carried out a second Dell data breach within a week, compromising sensitive internal files via Atlassian tools. Allegedly, data from Jira, Jenkins, and Confluence has been exposed. Dell is currently investigating the initial breach. On 19 September 2024, Hackread.com published a report claiming a Dell data breach involving sensitive information on 10,863 employees. Hot on the heels of that incident, the same hacker responsible for the first breach now alleges that Dell has been breached again. The hacker, using the alias “grep” on the notorious Breach Forums platform, made these claims on 22 September. In the post,…