Cisco Systems has taken steps to enhance the security of its products by releasing a series of updates that fix critical vulnerabilities in its system. These vulnerabilities were identified as being capable of being exploited by attackers, who could then manipulate affected systems to execute arbitrary code. One of the most severe vulnerabilities, CVE-2023-20036, is a command injection flaw found in Cisco Industrial Network Director’s web UI component, which arose due to an incorrect input validation during the uploading of a Device Pack. Furthermore, Cisco resolved a medium-severity vulnerability, CVE-2023-20039, that an attacker with authenticated local access could exploit to…
Author: Olivia William
A ransomware attack affecting several of its systems is being dealt with this week by a New England health insurance company that provides services to over two million people. According to Point32Health, created through the merger of Harvard Pilgrim Health Care and Tufts Health Plan, the ransomware was found on April 17 in systems for “service members, accounts, brokers, and providers.” “After identifying the unauthorized party, we took aggressive steps to contain the threat by taking some of the systems offline. We have informed law enforcement and regulatory agencies, and we are collaborating with outside cybersecurity experts to fully investigate…
Security researchers at Check Point Research (CPR) have released an advisory that details the unique evasion techniques employed by threat actors who rely on the Raspberry Robin malware to avoid detection. In the advisory published on Tuesday, CPR experts explain the novel malware features and provide technical details on how to guard against them. According to CPR security researcher Shavit Yosef, evading anti-debugging techniques and other evasion methods can be quite draining, especially when dealing with the high number and complexity of obfuscation methods used by Raspberry Robin. Yosef’s research seeks to showcase a plethora of evasion methods, along with detailed explanations of…
There is a new “class” of Russian hackers, the UK cyber-agency warns. Due to an increased danger of attacks by state-aligned Russian hackers, the National Cyber Security Centre (NCSC) of the UK is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hackers has developed.” These state-aligned organizations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organizations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature,…
According to MalwareHunterTeam, the LockBit ransomware group is purportedly working on a new variant of malware that may encrypt data on Apple macOS. Although LockBit has traditionally concentrated on Linux and Windows systems, this would be the first instance of malware aiming at Mac devices. The ransomware organization is renowned for its RaaS (ransomware-as-a-service) business, which rents out the ransomware to online criminals in exchange for money. Locker Apple M1 64 is the name of the new malware, and there are separate variants for PPC Macs. Vx-Underground, a site that analyzes malware samples, claims that the latest ransomware, locker Apple…
The Chinese app for e-commerce Pinduoduo is suspected of having used a high-severity Android vulnerability as a zero-day to spy on its users, in line with the U.S. Cybersecurity and Infrastructure Security Agency (CISA). For unpatched Android devices, this security hole in the Android Framework (identified as CVE-2023-20963) enables attackers to increase their privileges without the need for user input. According to CISA, “Android Framework contains an unknown vulnerability that permits privilege escalation after updating an app to a higher Target SDK without the need for additional execution rights.” With security updates published at the beginning of March. Google patched…
Here is catching up on news and events that happened this week in the world of cybersecurity. Estonian National Charged in U.S. for Acquiring Hacking-Tools An Estonian was prosecuted for buying U.S. military and government equipment for Russia. On March 28, 2023, Tallinn detained 45-year-old Andrei Shevlyakov. He faces 18 conspiracy charges and others. If convicted, he may serve 20 years. Shevlyakov is accused of importing critical technology from U.S. corporations through front companies. Russia got them without export restrictions. Defense-system analog-to-digital converters, low-noise pre-scalers, and synthesizers were purchased. Rapid7 Metasploit Pro, a legitimate penetration testing and adversary simulation application,…
After hackers stole the Kodi Foundation’s MyBB forum database, which contained user information and private messages, and made an attempt to sell it online, the organization disclosed the Kodi data breach. Open-source, cross-platform Kodi is a media player, organizer, and streaming suite that allows users to access content from various sources and personalize their viewing. The now-defunct Kodi forum had about 401,000 users who posted 3 million messages covering various topics, including video streaming, suggestions, support, sharing new add-ons, and more. Hackers took the forum database by accessing the Admin interface with the credentials of an inactive staff member, according…
Over the Easter weekend, a well-known manufacturer of high-end yachts for the super-wealthy was the victim of a ransomware assault; however, it is unclear if private client data was taken. German Superyacht-Maker Lürssen, established in 1875, is thought to generate close to €2 billion ($2.2 billion) in annual sales and undoubtedly has an exclusive clientele, making it a prime target for cyber extortionists. A spokesman reportedly said, “In conjunction with internal and external specialists, we quickly initiated all necessary preventive measures and alerted the competent authorities.” The company, which has its headquarters in Bremen, has built several of the largest…
Hyundai Notifies Vehicle Owners in France and Italy of Data Breach. Hyundai, a South Korean multinational automaker that sells over 500,000 automobiles a year throughout Europe, has announced a data breach that has affected car owners in France and Italy. The company has warned that a hacker got unlawful access to the personal information of the company’s customers. This Hyundai Data Breach also contains phone numbers, email addresses, street locations, and vehicle chassis numbers. You can learn all about the Hyundai data breach as you read on. The Hyundai database was breached, exposing the private information of car owners and…