The US cybersecurity agency CISA last week warned organizations about critical- and high-severity vulnerabilities discovered by researchers in a human-machine interface (HMI) product made by Taiwan-based Weintek. According to CISA, the impacted product, the Weintek cMT HMI, is used worldwide, including in critical manufacturing organizations, which are considered part of critical infrastructure. The vendor has […]
The US cybersecurity agency CISA is stepping up its efforts to prevent ransomware by making it easier for organizations to learn about vulnerabilities and misconfigurations exploited in these attacks. As part of its Ransomware Vulnerability Warning Pilot (RVWP) program launched in March, the agency has released two new resources to help organizations identify and eliminate […]
A previously unidentified APT group, known as Grayling, has been targeting a range of organizations spanning the manufacturing, IT, and biomedical sectors in Taiwan since February. The group’s reach has not been confined to Taiwan alone; a Pacific Islands’ government agency and entities in both Vietnam and the U.S. have also been targeted. Diving into […]
Researchers have uncovered a new cyberespionage campaign targeting the telecommunications industry and government organizations across Kazakhstan, Uzbekistan, Pakistan, and Vietnam. The campaign, named Stayin Alive, has been active since 2021 and is possibly the work of a Chinese threat actor called ToddyCat. Infection process The campaign employs spear-phishing emails and DLL side-loading to deliver archive […]
One in three employees believe their actions do not impact their organization’s security, according to Ivanti. Unsafe cybersecurity habits among office workers The research also shows that Millennial and Gen Z office workers are more likely to have unsafe cybersecurity habits when compared to Gen X and older (those above 40 years of age). This […]
Oct 09, 2023NewsroomCredential Harvesting / Hacking Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Menlo Security said the activity started in July 2023, primarily singling out banking and financial services, insurance, […]
In the latest PLAY cyber attack, six organizations have been victimized. The affected entities span across different regions, including the United States, the United Kingdom, and Norway. The targeted organizations include Roof Management, Security Instrument Corp, Filtration Control Ltd, Cinépolis Cinemas, CHARMANT Group, and Stavanger Municipality. The claims were shared via PLAY ransomware group’s data […]
Dive Brief: Cloud-related threats are the top cyber concern for organizations that have adopted the technology, according to a PwC report published Tuesday. The accounting and consulting firm surveyed 3,876 senior business and technology executives. Security concerns intensify for organizations with multiple clouds or hybrid infrastructures, the report found. More than half of respondents in […]
Upgrading alone will not remove attackers from compromised instances, and organizations must take steps to detect compromises, remove unauthorized admins, and assess any potential damage.