After hackers compromised an industrial control system (ICS) at a water utility in the United States, the cybersecurity agency CISA issued an alert over the exploitation of the targeted device. The target of the attack was the Municipal Water Authority of Aliquippa in Pennsylvania, which confirmed that hackers took control of a system associated with […]
Claiming Accounts The problem with this approach for email generation is that this also applies to email domains of large email providers. For example, if the owner is using an outlook.com email address, the Room’s email address will be room__<account ID>@outlook.com. Since anyone can create an arbitrary Outlook email address, we can create a valid […]
CVEs: CVE-2023-35137, CVE-2023-35138, CVE-2023-37927, CVE-2023-37928, CVE-2023-4473, CVE-2023-4474 Summary Zyxel has released patches addressing an authentication bypass vulnerability and command injection vulnerabilities in NAS products. Users are advised to install them for optimal protection. What are the vulnerabilities? CVE-2023-35137 An improper authentication vulnerability in the authentication module in Zyxel NAS devices could allow an unauthenticated attacker […]
Nov 30, 2023NewsroomMachine Learning / Email Security Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious emails in Gmail. “RETVec is trained to be resilient against character-level manipulations including insertion, deletion, typos, homoglyphs, LEET substitution, and […]
Dollar Tree’s service provider, Zeroed-In, suffered a security incident between August 7 and 8, 2023. As part of this cyberattack, the threat actors managed to steal data containing the personal information of Dollar Tree and Family Dollar employees.
A prolific Russian-speaking ransomware group has made over $100m from dozens of victims since April 2022, new analysis has revealed. Corvus Insurance used the Elliptic Investigator blockchain forensics tool to lift the lid on the Black Basta group. The tool helped it to uncover patterns in the group’s online activities which enabled it to trace […]
Rhysida ransomware group hacked King Edward VII’s Hospital in London Pierluigi Paganini November 30, 2023 The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. King Edward VII’s Hospital is a private hospital located on Beaumont Street in the Marylebone district of central London. It is a leading provider of acute […]
Wing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management (TPRM) and what companies should do to ensure a proper SaaS-TPRM process is in place. In this article we will share 5 tips to manage […]
Nov 30, 2023NewsroomCryptocurrency / Cyberattacks Threat actors from the Democratic People’s Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country. “Even though movement in and out of and within the country is heavily restricted, and its […]