What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-11-25 12:11:18 | Weekly OSINT Highlights, 25 November 2024 (lien direct) | ## Snapshot Last week\'s OSINT reporting reveals a persistent focus on sophisticated attacks targeting diverse sectors, from critical infrastructure to financial services and national defense. Attack types ranged from ransomware and phishing to cyberespionage and supply chain attacks, often leveraging advanced malware like LODEINFO, Asyncshell, and DEEPDATA. Threat vectors predominantly exploit unpatched vulnerabilities, malvertising, supply chain attacks, and credential harvesting, with phishing and social engineering remaining prominent tactics. Notable actors include APT groups such as Gelsemium and BrazenBamboo, alongside cybercriminal collectives like Ignoble Scorpius and Water Barghest, targeting organizations across the US, Europe, and Asia. The findings underscore the growing complexity of cyber threats, emphasizing the need for proactive threat intelligence and robust cybersecurity defenses. ## Description 1. [Helldown Ransomware Campaign](https://sip.security.microsoft.com/intel-explorer/articles/2af97093): Sekoia researchers detailed the Helldown ransomware exploiting a Zyxel firewall vulnerability (CVE-2024-42057) to infiltrate corporate networks. Primarily targeting SMBs in the US and Europe, the attackers deploy Linux and Windows ransomware variants for data extortion and VM encryption. 1. [APT-K-47 Asyncshell Malware](https://sip.security.microsoft.com/intel-explorer/articles/aac966a9): Knownsec reported APT-K-47\'s use of Hajj-themed lures and malicious CHM files to distribute Asyncshell malware. The campaign, targeting South Asian countries, utilizes upgraded stealth tactics and evolving C2 infrastructure for long-term espionage. 1. [Linux Backdoors by Gelsemium](https://sip.security.microsoft.com/intel-explorer/articles/fc22b3bb): ESET researchers identified WolfsBane and FireWood backdoors used by the China-linked APT group Gelsemium for cyberespionage. These tools enable stealthy, persistent access to Linux systems, targeting sensitive data and emphasizing APT trends toward exploiting Linux environments. 1. [Lottie-Player Supply Chain Attack](https://sip.security.microsoft.com/intel-explorer/articles/86e2a9b6): ReversingLabs discovered a supply chain attack on the npm package @lottiefiles/lottie-player, compromising web3 wallets through malicious code. This incident highlights vulnerabilities in open-source ecosystems and the risk of compromised developer credentials. 1. [VMware Vulnerabilities Exploited](https://sip.security.microsoft.com/intel-explorer/articles/2eda898d): CISA added two VMware vulnerabilities, CVE-2024-38812 and CVE-2024-38813, to the Known Exploited Vulnerabilities Catalog. These flaws, involving heap overflow and privilege escalation, threaten vCenter Server and Cloud Foundation environments, emphasizing the need for immediate patching. 1. [Phishing Campaign Targeting Telecom and Financial Sectors](https://sip.security.microsoft.com/intel-explorer/articles/29972b65): EclecticIQ reported a phishing campaign using Google Docs and Weebly to bypass detection, targeting telecom and financial sectors. Threat actors employed tailored lures, fake MFA prompts, and SIM-swapping tactics to steal sensitive data. 1. [Lumma Stealer Distributed via Telegram](https://sip.security.microsoft.com/intel-explorer/articles/f250caee): McAfee researchers observed Lumma Stealer disguised as cracked software and distributed through Telegram channels. The malware targets users in India, the US, and Europe, stealing cryptocurrency and personal data via sophisticated injection techniques. 1. [Rise of ClickFix Social Engineering](https://sip.security.microsoft.com/intel-explorer/articles/67d03ba9): Proofpoint researchers identified ClickFix, a social engineering tactic that tricks users into executing malicious PowerShell commands, leading to malware infections such as AsyncRAT and DarkGate. Used by groups like TA571 and ClearFake, the method targets Ukrainian entities and employs malvertising, GitHub notifications, and CAPTCHA phishing lures. | Ransomware Malware Tool Vulnerability Threat Patching Industrial Prediction Cloud | APT 10 | ★★ |
 |
2024-11-25 08:00:24 | David Baier, Senior Sales Engineer, Ping Identity: CISOs should think about Passwordless strategies (lien direct) | Global Security Mag: David Baier, good morning. Thank you very much for sparing this time for Global Security Mag. Please, can you introduce yourself and tell us how your professional journey brought you to your current position?
David Baier: Thanks for having me. My current position is Senior Solution Architect here at Ping Identity. I started my career after my studying Human-Computer Interaction at Würzburg.
After having my bachelor\'s degree from Würzburg University, I started as an IT Consultant at an ERP company, but then I quickly joined another company which is called Weidmüller GTI Software GmbH. It\'s a big family enterprise in Germany and I was responsible for a software unit which was specialized in digitalization of industrial processes, like HMI (Human-Machine Interface) and SCADA (Supervisory Control And Data Acquisition). So, you really have a pr
-
Interviews
Global Security Mag: David Baier, good morning. Thank you very much for sparing this time for Global Security Mag. Please, can you introduce yourself and tell us how your professional journey brought you to your current position? David Baier: Thanks for having me. My current position is Senior Solution Architect here at Ping Identity. I started my career after my studying Human-Computer Interaction at Würzburg. After having my bachelor\'s degree from Würzburg University, I started as an IT Consultant at an ERP company, but then I quickly joined another company which is called Weidmüller GTI Software GmbH. It\'s a big family enterprise in Germany and I was responsible for a software unit which was specialized in digitalization of industrial processes, like HMI (Human-Machine Interface) and SCADA (Supervisory Control And Data Acquisition). So, you really have a pr - Interviews |
Industrial | ★★★ | |
 |
2024-11-24 07:32:04 | Delivering comprehensive approach to fortify ICS architectures against rising threats, prepare for recovery (lien direct) | >Securing industrial control system (ICS) architectures in the face of increasing threats to nation-states requires a comprehensive approach...
>Securing industrial control system (ICS) architectures in the face of increasing threats to nation-states requires a comprehensive approach... |
Industrial | ★★ | |
 |
2024-11-23 17:40:00 | Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites (lien direct) | Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077.
The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services across the world, Microsoft said.
Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077. The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services across the world, Microsoft said. |
Threat Industrial | ★★ | |
 |
2024-11-22 15:53:34 | US and Europe Account for 73% of Global Exposed ICS Systems (lien direct) | 73% of globally exposed ICS systems are in the US and Europe, with the US leading at 38%.…
73% of globally exposed ICS systems are in the US and Europe, with the US leading at 38%.… |
Industrial | ★★ | |
|
2024-11-22 14:58:12 | ColorTokens and Claroty Join Forces (lien direct) | ColorTokens and Claroty Join Forces to Enhance Cyber-Physical Systems Protection
ColorTokens and Claroty Join Forces to Enhance Cyber-Physical Systems Protection
New Alliance Brings Breach Readiness to Industrial Systems by Combining Unmatched Asset Visibility and Zero Trust Microsegmentation Technologies
New Alliance Brings Breach Readiness to Industrial Systems by Combining Unmatched Asset Visibility and Zero Trust Microsegmentation Technologies to Enhance Cyber-Physical Systems Protection
New Alliance Brings Breach Readiness to Industrial Systems by Combining Unmatched Asset Visibility and Zero Trust Microsegmentation Technologies
-
Business News
ColorTokens and Claroty Join Forces to Enhance Cyber-Physical Systems Protection ColorTokens and Claroty Join Forces to Enhance Cyber-Physical Systems Protection New Alliance Brings Breach Readiness to Industrial Systems by Combining Unmatched Asset Visibility and Zero Trust Microsegmentation Technologies New Alliance Brings Breach Readiness to Industrial Systems by Combining Unmatched Asset Visibility and Zero Trust Microsegmentation Technologies to Enhance Cyber-Physical Systems Protection New Alliance Brings Breach Readiness to Industrial Systems by Combining Unmatched Asset Visibility and Zero Trust Microsegmentation Technologies - Business News |
Industrial | ★★ | |
|
2024-11-22 10:45:45 | Censys data reports over 145,000 exposed ICS services worldwide, highlights US vulnerabilities (lien direct) | New Censys data revealed over 145,000 exposed ICS (industrial control systems) services globally, with more than 48,000 in...
New Censys data revealed over 145,000 exposed ICS (industrial control systems) services globally, with more than 48,000 in... |
Vulnerability Industrial | ★★ | |
|
2024-11-22 10:41:19 | Hexagon, Microsoft collaborate on HxGN SDx2 on Azure, bolstering industrial digital transformation (lien direct) | >Hexagon\'s Asset Lifecycle Intelligence division announced on Thursday its collaboration with Microsoft, using the Microsoft Azure cloud platform...
>Hexagon\'s Asset Lifecycle Intelligence division announced on Thursday its collaboration with Microsoft, using the Microsoft Azure cloud platform... |
Industrial Cloud | ★★ | |
|
2024-11-22 08:38:51 | ColorTokens, Claroty align to boost cybersecurity for industrial organizations amid rising digital threats (lien direct) | >ColorTokens Inc., a global enterprise microsegmentation company, announced on Thursday a new alliance with Claroty, the cyber-physical systems...
>ColorTokens Inc., a global enterprise microsegmentation company, announced on Thursday a new alliance with Claroty, the cyber-physical systems... |
Industrial | ★★ | |
|
2024-11-21 16:30:00 | Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online (lien direct) | New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures.
The analysis, which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.2% in South America,
New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis, which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.2% in South America, |
Industrial | ★★★★ | |
|
2024-11-21 16:24:36 | Belden launched Hirschmann EAGLE40-6M (lien direct) | Belden Firewall Solution Advances Railway Rolling Stock Cybersecurity
Hirschmann EAGLE40-6M prevents and detects cyber risks fast with real-time traffic monitoring.
-
Product Reviews
Belden Firewall Solution Advances Railway Rolling Stock Cybersecurity Hirschmann EAGLE40-6M prevents and detects cyber risks fast with real-time traffic monitoring. - Product Reviews |
Industrial | ★★★ | |
|
2024-11-21 16:22:00 | Belden lance son pare-feu Hirschmann EAGLE40-6M (lien direct) | La solution pare-feu de Belden fait progresser la cybersécurité pour les véhicules ferroviaires
Hirschmann EAGLE40-6M prévient et détecte les cyber-risques à un stade précoce grâce à une surveillance du trafic en temps réel.
-
Produits
La solution pare-feu de Belden fait progresser la cybersécurité pour les véhicules ferroviaires Hirschmann EAGLE40-6M prévient et détecte les cyber-risques à un stade précoce grâce à une surveillance du trafic en temps réel. - Produits |
Industrial | ★★★ | |
|
2024-11-21 00:18:57 | FrostyGoop\\'s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications (lien direct) | #### Targeted Geolocations
- Ukraine
## Snapshot
Unit 42 researchers at Palo Alto Networks, have identified the OT-centric malware FrostyGoop, also known as BUSTLEBERM, which targets Operational Technology (OT) systems. First observed in a [January 2024 attack](https://sip.security.microsoft.com/intel-explorer/articles/cf8f8199) by Russian threat actors on a municipal energy company in Ukraine, FrostyGoop disrupted power supply by sending Modbus TCP commands to ICS devices, affecting heating services for over 600 apartment buildings in Ukraine.
## Description
FrostyGoop malware, compiled in Go, uses a Modbus TCP connection to interact with ICS/OT devices and can perform various Modbus operations such as reading, writing, and writing multiple commands based on parameters in a JSON configuration file. The initial compromise may have involved a vulnerability in a MikroTik router, with the malware leveraging an open-source Modbus implementation and containing debugger evasion techniques. It logs output to a console or a JSON file and is associated with a Windows executable named go-encrypt.exe, which uses AES encryption to conceal target information. FrostyGoop also implements a debugger evasion technique by checking the BeingDebugged value in Windows\' Process Environment Block (PEB).
## Microsoft Analysis and Additional OSINT Context
The cybersecurity landscape for OT environments is increasingly dangerous, with a rise in ICS-centric malware like FrostyGoop and a growing number of OT and IoT devices exposed to the internet. Adversaries, including nation-state actors, ransomware groups, and hacktivists, are leveraging these vulnerabilities to target critical infrastructure sectors such as energy, transportation, and healthcare. The convergence of IT and OT networks introduces additional risks, as attackers exploit traditional IT entry points to access OT systems.
Russia has been aggressively targeting Ukrainian critical infrastructure with both cyberattacks and missiles. For example, in April, Ukraine\'s computer emergency response team (CERT-UA) reported that [Seashell Blizzard had targeted](https://therecord.media/frostygoop-malware-ukraine-heat) nearly 20 energy facilities in Ukraine that spring, potentially to amplify the impact of intense Russian missile and drone strikes on critical infrastructure.
Additionally, in May 2024, CISA issued a joint statement highlighting ongoing [pro-Russia hacktivist activity targeting ICS and small-scale OT systems](https://www.cisa.gov/resources-tools/resources/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity) across North American and European critical infrastructure sectors, including Water and Wastewater Systems, Dams, Energy, and Food and Agriculture. While these attacks often rely on unsophisticated techniques that create nuisance effects, investigations reveal that such actors are capable of leveraging more advanced methods to exploit insecure and misconfigured OT environments, potentially causing physical harm.
## Detections/Hunting Queries
### Microsoft Defender Antivirus
Microsoft Defender Antivirus detects threat components as the following malware
- Trojan:Win32/FrostyGoop
## References
[FrostyGoop\'s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications](https://unit42.paloaltonetworks.com/frostygoop-malware-analysis/) Palo Alto Unit 42 (accessed 2024-11-19)
## Copyright
**© Microsoft 2024**. All rights reserved. Reproduction or distribution of the content of this site, or any part thereof, without written permission of Microsoft is prohibited.
#### Targeted Geolocations - Ukraine ## Snapshot Unit 42 researchers at Palo Alto Networks, have identified the OT-centric malware FrostyGoop, also known as BUSTLEBERM, which targets Operational Technology (OT) systems. First observed in a [January 2024 attack](https://sip.security.microsoft.com/intel-explorer/articles/cf8f |
Ransomware Malware Vulnerability Threat Industrial Medical | ★★ | |
|
2024-11-20 10:07:29 | Dragos strengthens leadership team to propel growth in OT, CPS cybersecurity demand (lien direct) | >Dragos Inc., a cybersecurity provider for operational technology (OT) environments, announced it has appointed Mark Matheos as Chief...
>Dragos Inc., a cybersecurity provider for operational technology (OT) environments, announced it has appointed Mark Matheos as Chief... |
Industrial | ★★ | |
 |
2024-11-19 13:38:28 | How Fortinet & Dragos Partner to Improve OT Cybersecurity (lien direct) | >Dragos and Fortinet partner to offer an OT cybersecurity solution that enhances visibility, improves cyber event correlation, and enforces policies...
The post How Fortinet & Dragos Partner to Improve OT Cybersecurity first appeared on Dragos.
>Dragos and Fortinet partner to offer an OT cybersecurity solution that enhances visibility, improves cyber event correlation, and enforces policies... The post How Fortinet & Dragos Partner to Improve OT Cybersecurity first appeared on Dragos. |
Industrial | ★★ | |
 |
2024-11-19 07:58:27 | Yuka lance sa nouvelle arme fatale contre la malbouffe industrielle (lien direct) | Si vous pensiez que scanner vos courses pour vérifier leur qualité nutritionnelle était déjà sacrément pratique, alors vous allez adorer cette news : Yuka passe à la vitesse supérieure en donnant désormais aux consommateurs le pouvoir d’interpeller directement les marques ! C’est une nouvelle fonctionnalité qui risque de faire grincer quelques dents du côté des industriels…
Souvenez-vous : il y a quelques années, Yuka débarquait sur nos smartphones avec une promesse simple mais efficace - scanner les codes-barres de nos aliments pour obtenir une note sur 100 et comprendre leur composition. Un concept qui a rapidement séduit plus de 60 millions d’utilisateurs dans le monde, dont 22 millions rien qu’en France. L’application ne se limite d’ailleurs pas qu’à l’alimentaire, puisqu’elle analyse aussi les produits cosmétiques en identifiant les perturbateurs endocriniens, les substances cancérigènes ou encore les allergènes.
Si vous pensiez que scanner vos courses pour vérifier leur qualité nutritionnelle était déjà sacrément pratique, alors vous allez adorer cette news : Yuka passe à la vitesse supérieure en donnant désormais aux consommateurs le pouvoir d’interpeller directement les marques ! C’est une nouvelle fonctionnalité qui risque de faire grincer quelques dents du côté des industriels… Souvenez-vous : il y a quelques années, Yuka débarquait sur nos smartphones avec une promesse simple mais efficace - scanner les codes-barres de nos aliments pour obtenir une note sur 100 et comprendre leur composition. Un concept qui a rapidement séduit plus de 60 millions d’utilisateurs dans le monde, dont 22 millions rien qu’en France. L’application ne se limite d’ailleurs pas qu’à l’alimentaire, puisqu’elle analyse aussi les produits cosmétiques en identifiant les perturbateurs endocriniens, les substances cancérigènes ou encore les allergènes. |
Industrial | ★★★ | |
|
2024-11-18 14:56:40 | Waterfall and GoCloud partner to safeguard North-America\\'s largest maritime port (lien direct) | >Waterfall Security, a vendor of cybersecurity solutions for protecting industrial control systems and operational technology (OT) environments, and...
>Waterfall Security, a vendor of cybersecurity solutions for protecting industrial control systems and operational technology (OT) environments, and... |
Industrial | ★★ | |
|
2024-11-18 11:00:33 | Belden Launches Products that Support Data Security and Reliable Connectivity (lien direct) | Belden Launches Products that Support Maximum Data Security and Reliable Connectivity
Releases include Cat6A industrial Ethernet cables from Belden, as well as Hirschmann\'s EAGLE40-6M firewall and OpEdge™-4D gateway, and ProSoft Technology\'s Wi-Fi 6 radio.
-
Product Reviews
Belden Launches Products that Support Maximum Data Security and Reliable Connectivity Releases include Cat6A industrial Ethernet cables from Belden, as well as Hirschmann\'s EAGLE40-6M firewall and OpEdge™-4D gateway, and ProSoft Technology\'s Wi-Fi 6 radio. - Product Reviews |
Industrial | ★★ | |
|
2024-11-17 08:17:14 | Bridging the gap by integrating zero trust strategies in IT and OT environments for enhanced cybersecurity (lien direct) | Integrating zero trust strategies across IT and OT (operational technology) environments calls for sensitive handling to transcend the...
Integrating zero trust strategies across IT and OT (operational technology) environments calls for sensitive handling to transcend the... |
Industrial | ★★ | |
|
2024-11-16 17:02:23 | Cybersecurity Flaws in US Drinking Water Systems Put 26 Million at Risk (lien direct) | The U.S. Environmental Protection Agency (EPA) Report Exposes Cybersecurity Risks in US Water Systems: Vulnerabilities in Critical Drinking…
The U.S. Environmental Protection Agency (EPA) Report Exposes Cybersecurity Risks in US Water Systems: Vulnerabilities in Critical Drinking… |
Vulnerability Industrial | ★★★ | |
|
2024-11-15 20:58:06 | Sailing Into Danger: DoNot APT\\'s Attack on Maritime & Defense Manufacturing (lien direct) | #### Targeted Geolocations - Pakistan #### Targeted Industries - Critical Manufacturing - Defense Industrial Base ## Snapshot Researchers from Cyble discovered a recent campaign linked to the [DoNot group](https://malpedia.caad.fkie.fraunhofer.de/actor/viceroy_tiger) targeting Pakistan\'s manufacturing sector, focusing on industries supporting maritime and defense operations. ## Description The attack leverages malicious .LNK files disguised as RTF documents, distributed potentially through spam emails. Once executed, the LNK file uses PowerShell to decrypt and deploy a lure document and stager malware, creating a scheduled task for persistence by executing the DLL payload every five minutes. Key advancements in this campaign include updated encryption methods for command-and-control (C&C) communication, shifting from older XOR-based techniques to AES encryption with Base64 encoding. Additionally, the malware now embeds decryption keys within the downloaded binary rather than hardcoding them into the configuration file, complicating detection and analysis. It also employs dynamic domain generation for backup C&C communication, adding further resilience. The malware collects system information, such as installed security products, before delivering its final payload to determine the target\'s value. It uses environment variables to store key configuration details, including C&C addresses and task schedules. Notably, the DoNot group has shifted its initial infection vector from Microsoft Office files to .LNK files, demonstrating evolving tactics to evade defenses. ## Microsoft Analysis and Additional OSINT Context The [DoNot Team](https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/), also known as APT-C-35 or VICEROY TIGER, is a highly sophisticated threat group with ties to India, active since at least 2016. Initially targeting diverse sectors across multiple countries, their focus has shifted primarily to entities in Pakistan, particularly government and security organizations. The DoNot Team\'s campaigns are motivated by espionage and generally culminate in the collection and exfiltration of data. This group is known for deploying spear-phishing campaigns, often utilizing malicious Microsoft Office documents and Android-targeted malware, as well as phishing schemes designed to steal user credentials. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. - Turn on [cloud-delivered protection](https://learn.microsoft.com/en-us/defender-endpoint/linux-preferences) in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown threats. - Run [EDR in block mode](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide?ocid=magicti_ta_learndoc) so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. - Allow [investigation and remediation](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-worldwide?ocid=magicti_ta_learndoc) in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume. - [Enable](https://learn.microsoft.com/en-us/defender-endpoint/enable-controlled-folders) controlled folder access. - Ensure that [tamper protection](https://learn.microsoft.com/en-us/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#how-do-i-configure-or-manage-tamper-protection) is enabled in Microsoft Defender for Endpoint. - Enable [network protection | Spam Malware Tool Threat Industrial | ★★ | |
 |
2024-11-13 22:12:11 | (Déjà vu) 20% of Industrial Manufacturers Are Using Network Security as a First Line of Defense (lien direct) | Pas de details / No more details | Industrial | ★★★ | |
|
2024-11-13 19:04:31 | DOE\\'s CESER launches ICS cybersecurity training initiative to bolster energy sector workforce strategy (lien direct) | As part of a larger effort to strengthen its cybersecurity workforce strategy, the U.S. Department of Energy\'s (DOE)...
As part of a larger effort to strengthen its cybersecurity workforce strategy, the U.S. Department of Energy\'s (DOE)... |
Industrial | ★★ | |
 |
2024-11-13 18:00:33 | A Security-First Approach to 6G (lien direct) | >5G and 6G can transform industries and drive the Industrial Revolution beyond connectivity. They need to provide Zero Trust, enterprise-grade security.
>5G and 6G can transform industries and drive the Industrial Revolution beyond connectivity. They need to provide Zero Trust, enterprise-grade security. |
Industrial | ★★★ | |
|
2024-11-13 09:21:17 | NCC Group partners with Dragos to boost OT cybersecurity amid rising threats (lien direct) | >NCC Group announced Tuesday a new partnership with Dragos, a vendor of industrial cyber security technology, to safeguard...
>NCC Group announced Tuesday a new partnership with Dragos, a vendor of industrial cyber security technology, to safeguard... |
Industrial | ★★ | |
|
2024-11-13 08:05:49 | WEF-University of Oxford cyber resilience white paper extends protection from IT to OT and ICS environments (lien direct) | The World Economic Forum (WEF) and the University of Oxford emphasized that cyber resilience goes beyond IT resilience,...
The World Economic Forum (WEF) and the University of Oxford emphasized that cyber resilience goes beyond IT resilience,... |
Industrial | ★★ | |
|
2024-11-12 19:41:42 | Seoul accuses pro-Kremlin hackers of attacking websites over decision to monitor North Korean troops in Ukraine (lien direct) | #### Targeted Geolocations
- Korea
#### Targeted Industries
- Government Agencies & Services
- Food and Agriculture
## Snapshot
Pro-Russian hacker groups have escalated cyberattacks against South Korean targets following Seoul\'s decision to send observers to Ukraine, which coincided with [North Korea deploying troops alongside Russian forces](https://www.bbc.com/news/articles/c14le0p4310o). The surge in attacks predominantly targeted civilian and government websites, leading South Korea\'s presidential office to convene an emergency meeting and enhance cyber threat monitoring.
## Description
South Korean authorities report a rise in cyber activity from groups like Z Pentest, Alligator Black Hat, and [NoName057(16)](https://sip.security.microsoft.com/intel-explorer/articles/f85adcbc), known for DDoS attacks. While these groups claimed breaches at industrial facilities, including a grain warehouse, these assertions have not been confirmed by local officials. The developments come amid international condemnation of Moscow\'s alliance with Pyongyang, with thousands of North Korean soldiers reportedly stationed near the Ukrainian border in support of Russia.
## Microsoft Analysis and Additional OSINT Context
Russian cyber proxies and hacktivist groups often engage in cyber activities such as distributed denial-of-service (DDoS) attacks and other disruptions in support of Russian geopolitical goals. Security researchers have noted a growing overlap between hacktivist groups, financially-motivated cybercrime, and nation-state activity, especially since Russia\'s 2022 invasion of Ukraine, which has led many such groups to attack Ukraine and its allies under a hacktivist guise. In September, the US government issued a [joint advisory](https://www.cisa.gov/sites/default/files/2024-09/aa24-249a-russian-military-cyber-actors-target-us-and-global-critical-infrastructure.pdf) warning that threat groups affiliated with Russia\'s military intelligence service, including known cyber-criminals and enablers, are targeting global critical infrastructure and key resource sectors.
## References
[Seoul accuses pro-Kremlin hackers of attacking websites over decision to monitor North Korean troops in Ukraine](https://therecord.media/seoul-accuses-pro-kremlin-hackers-of-attacking-websites-ukraine). The Record by Recorded Future (accessed 2024-11-12)
## Copyright
**© Microsoft 2024**. All rights reserved. Reproduction or distribution of the content of this site, or any part thereof, without written permission of Microsoft is prohibited.
#### Targeted Geolocations - Korea #### Targeted Industries - Government Agencies & Services - Food and Agriculture ## Snapshot Pro-Russian hacker groups have escalated cyberattacks against South Korean targets following Seoul\'s decision to send observers to Ukraine, which coincided with [North Korea deploying troops alongside Russian forces](https://www.bbc.com/news/articles/c14le0p4310o). The surge in attacks predominantly targeted civilian and government websites, leading South Korea\'s presidential office to convene an emergency meeting and enhance cyber threat monitoring. ## Description South Korean authorities report a rise in cyber activity from groups like Z Pentest, Alligator Black Hat, and [NoName057(16)](https://sip.security.microsoft.com/intel-explorer/articles/f85adcbc), known for DDoS attacks. While these groups claimed breaches at industrial facilities, including a grain warehouse, these assertions have not been confirmed by local officials. The developments come amid international condemnation of Moscow\'s alliance with Pyongyang, with thousands of North Korean soldiers reportedly stationed near the Ukrainian border in support of Russia. ## Microsoft Analysis and Additional OSINT Context Russian cyber proxies and hacktivist groups often engage in cyber activities such as distributed denial-of-service (DDoS) a |
Threat Industrial | ★★★ | |
|
2024-11-11 21:40:38 | Incident Response, Anomaly Detection Rank High on Planned ICS Security Spending (lien direct) | Data from the SANS State of ICS/OT Cybersecurity report suggest organizations are going to shift spending from security technologies protecting industrial control systems and operational technology environments to non-technical activities such as training and incident response.
Data from the SANS State of ICS/OT Cybersecurity report suggest organizations are going to shift spending from security technologies protecting industrial control systems and operational technology environments to non-technical activities such as training and incident response. |
Industrial | ★★★★ | |
|
2024-11-11 09:13:04 | La CISA met en garde contre les vulnérabilités critiques ICS à Beckhoff, Delta, Bosch Systems Equipment déployé à travers une infrastructure critique (lien direct) | L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a publié des avis pour les systèmes de contrôle industriel (ICS) jeudi, offrant ...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released advisories for industrial control systems (ICS) on Thursday, offering... |
Vulnerability Industrial | ★★★★ | |
|
2024-11-10 10:36:39 | Principes de cybersécurité de l\'ACSC \\\: APPEL à l\'action pour les fournisseurs d\'infrastructures critiques pour stimuler la cyber-résilience (lien direct) | Après avoir publié des lignes directrices pour aider les fournisseurs d'infrastructures critiques à sécuriser et à protéger efficacement leurs systèmes de technologie opérationnelle (OT), le ...
After releasing guidelines to help critical infrastructure providers effectively secure and protect their operational technology (OT) systems, the... |
Industrial | ★★★ | |
|
2024-11-07 12:43:00 | Cisco libère le patch pour la vulnérabilité critique URWB dans les systèmes sans fil industriels Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (lien direct) |
Cisco a publié des mises à jour de sécurité pour aborder une faille de sécurité de gravité maximale impactant les points d'accès à backhaul sans fil ultra-fiables (URWB) qui pourraient permettre aux attaquants distants non authentifiés d'exécuter des commandes avec des privilèges élevés.
Suivi en CVE-2024-20418 (score CVS: 10.0), la vulnérabilité a été décrite comme résultant d'un manque de validation d'entrée à la gestion du Web
Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability has been described as stemming from a lack of input validation to the web-based management |
Vulnerability Industrial | ★★ | |
|
2024-11-07 08:02:32 | ServiceNow pour acquérir une mission sécurisée pour améliorer la visibilité des actifs ServiceNow to acquire Mission Secure to enhance OT asset visibility (lien direct) |
> ServiceNow a annoncé mercredi qu'elle avait signé un accord pour acquérir Mission Secure, une société basée à Charlottesville, en Virginie, axée sur la société ...
>ServiceNow announced Wednesday that it has signed an agreement to acquire Mission Secure, a Charlottesville, Virginia-based company focused... |
Industrial | ★★★ | |
|
2024-11-06 21:26:00 | Les attaquants enfreignent les réseaux en fonction avant de passer à des systèmes ICS / OT Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems (lien direct) |
SANS a récemment publié son rapport de la cybersécurité de State of ICS.OT 2024, mettant en évidence les compétences des cyber-professionnels travaillant dans des infrastructures critiques, des estimations budgétaires et des technologies émergentes.Le rapport a également examiné les types de vecteurs d'attaque les plus courants utilisés contre les réseaux TIC / OT.
SANS recently published its 2024 State of ICS.OT Cybersecurity report, highlighting the skills of cyber professionals working in critical infrastructure, budget estimates, and emerging technologies. The report also looked at the most common types of attack vectors used against ICT/OT networks. |
Industrial | ★★★★ | |
|
2024-11-05 10:46:13 | Nanolock Security débute la version 3.0 d'OT Defender, stimule la cyber-protection des appareils ICS NanoLock Security debuts version 3.0 of OT Defender, boosts cyber protection for ICS devices (lien direct) |
> Nanolock Security introduit la version 3.0 de la solution OT Defender, en combler les lacunes entre l'efficacité opérationnelle et le cyber ...
>NanoLock Security introduces Version 3.0 of the OT Defender solution, addressing gaps between operational efficiency and OT cyber... |
Industrial | ★★ | |
|
2024-11-05 10:43:53 | Exalens, approchez le cyber partenaire pour stimuler la résilience de la cybersécurité OT Exalens, Approach Cyber partner to boost OT cybersecurity resilience (lien direct) |
> Exalens, une société de surveillance et de sécurité industrielle 4.0, a annoncé un nouveau partenariat avec Approach Cyber, un jeu pur ...
>Exalens, an Industrial 4.0 monitoring and security company, has announced a new partnership with Approach Cyber, a pure-play... |
Industrial | ★★★ | |
 |
2024-11-04 04:02:42 | Stratégies de mise en œuvre de la détection efficace des menaces dans IIOT Strategies for Implementing Effective Threat Detection in IIoT (lien direct) |
L'Internet industriel des objets (IIoT) se développe rapidement.Bien que cela ait la bonne nouvelle pour les entreprises en termes de productivité et d'économies, ces appareils comportent des risques de cybersécurité uniques qui exigent l'attention.Au milieu de ces préoccupations croissantes, la détection des menaces IIOT est un must.Pourquoi les organisations ont besoin de la détection des menaces IIOT IIOT Endpoints sont intrinsèquement risqués en raison du potentiel de mouvement latéral.La violation d'un système de technologie opérationnelle connectée (OT) est souvent plus facile qu'un informatique.En conséquence, les attaquants peuvent utiliser les appareils IoT comme entrées dans un réseau et se déplacer vers des systèmes et des données sensibles ...
The industrial Internet of Things (IIoT) is growing rapidly. While that\'s good news for businesses in terms of productivity and cost savings, these devices carry unique cybersecurity risks that demand attention. Amid such rising concerns, IIoT threat detection is a must. Why Organizations Need IIoT Threat Detection IIoT endpoints are inherently risky because of the potential for lateral movement. Breaching a connected operational technology (OT) system is often easier than an IT one. As a result, attackers can use IoT devices as entryways into a network and move to sensitive systems and data... |
Threat Industrial | ★★★ | |
 |
2024-11-04 00:00:00 | Cyber OT : la prise de conscience du secteur industriel (lien direct) | Les systèmes industriels s'ouvrent et s'exposent bien plus largement aux risques de cybersécurité que par le passé. À l'heure de leur transformation digitale, la stratégie du château fort ne tient plus. | Industrial | ★★ | |
|
2024-11-01 19:56:31 | Greynoise Intelligence découvre les vulnérabilités zéro-jour dans les caméras en streaming en direct avec l'aide de l'IA GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI (lien direct) |
#### Industries ciblées - agences et services gouvernementaux - Services publics généraux - local - Services publics généraux - État - Santé et santé publique - Fabrication critique - Organisation non gouvernementale - Organisation religieuse ## Instantané Greynoise a découvert de graves vulnérabilités de jour zéro dans les caméras IoT en direct populaires, mettant en évidence des risques importants dans la fabrication, les soins de santé, les affaires, le gouvernement et d'autres secteurs sensibles. ## Description En exploitant ces défauts, les attaquants pourraient prendre le contrôle total des caméras affectées, manipuler les flux vidéo, désactiver les appareils ou les coopter dans des botnets pour des attaques plus larges.Les vulnérabilités, suivies comme [CVE-2024-8956] (https://security.microsoft.com/intel-explorer/cves/cve-2024-8956/) et [CVE-2024-8957] (https: // security.microsoft.com / Intel-Explorer / CVES / CVE-2024-8957 /), affectez les caméras Pan-Tilt-Zoom (PTZ) compatibles avec NDI utilisées dans les applications où la fiabilité et la confidentialité sont essentielles. Avec une authentification insuffisante (CVE-2024-8956) et des défauts d'injection de commande (CVE-2024-8957), les pirates peuvent accéder aux données sensibles, reconfigurer ou désactiver les caméras et effectuer une surveillance non autorisée.Cela expose les entreprises à des violations de données potentielles, des invasions de confidentialité et même des attaques de ransomwares, car les caméras compromises pourraient permettre des intrusions de réseau plus larges.Dans les milieux industriels, de telles violations pourraient avoir un impact sur la surveillance des machines et du contrôle de la qualité, tandis que dans les soins de santé, ils pourraient compromettre la télésanté et les flux en direct chirurgicaux. Ces vulnérabilités mettent en évidence un défi croissant de cybersécurité dans les écosystèmes IoT, où les conceptions non sécurisées rendent les appareils sensibles à l'exploitation.Les attaquants peuvent pivoter de ces caméras pour cibler d'autres appareils en réseau, conduisant à des violations de données plus larges ou à des attaques de ransomwares. ## Recommandations GreyNoise recommande que les organisations utilisant le micrologiciel de la caméra VHD PTZ | Ransomware Vulnerability Threat Industrial Medical | ★★ | |
|
2024-11-01 17:00:00 | La centralisation de la sécurité informatique rend l'utilisation des espions industriels plus rentables IT Security Centralization Makes the Use of Industrial Spies More Profitable (lien direct) |
Alors que les organisations centralisent la sécurité informatique, le risque d'espionnage devient silencieusement une menace plus rentable.
As organizations centralize IT security, the risk of espionage is silently becoming a more profitable threat. |
Threat Industrial | ★★ | |
 |
2024-11-01 13:00:39 | La menace évolutive de Ransomware \\: la montée de RansomHub, le déclin de Lockbit et la nouvelle ère de l'extorsion des données Ransomware\\'s Evolving Threat: The Rise of RansomHub, Decline of Lockbit, and the New Era of Data Extortion (lien direct) |
Ransomware Threat Industrial Medical | ★★★ | ||
|
2024-11-01 12:47:26 | La recherche ABI révèle que les fabricants industriels privilégient les investissements en sécurité du réseau dans une augmentation des cyber-menaces ABI Research reveals industrial manufacturers prioritize network security investments amid rising cyber threats (lien direct) |
Les fabricants industriels ont classé la sécurité du réseau comme leur premier investissement en cybersécurité pour se prémunir contre les cyber-événements adverses, selon ...
Industrial manufacturers ranked network security as their top cybersecurity investment to guard against adverse cyber events, according to... |
Industrial | ★★★★ | |
 |
2024-11-01 11:45:00 | CISA met en garde contre les vulnérabilités de logiciels critiques dans les appareils industriels CISA Warns of Critical Software Vulnerabilities in Industrial Devices (lien direct) |
Plusieurs vulnérabilités dans les produits Rockwell Automation et Mitsubishi pourraient permettre aux cyber-attaques ICS
Multiple vulnerabilities in Rockwell Automation and Mitsubishi products could allow ICS cyber-attacks |
Vulnerability Industrial | ★★ | |
 |
2024-10-31 15:34:16 | La Russie à interdire l'exploitation des crypto-monnaies dans certaines régions en raison de pénuries d'électricité Russia to ban cryptocurrency mining in some regions due to electricity shortages (lien direct) |
La nouvelle loi imposant des restrictions aux mineurs privés et industriels a été signée plus tôt en octobre, quelques mois seulement après que la Russie a légalisé l'extraction de monnaie virtuelle pour les entités juridiques et les entrepreneurs.
The new law imposing restrictions on both private and industrial miners was signed earlier in October, just a few months after Russia legalized virtual currency mining for legal entities and entrepreneurs. |
Industrial | ★★ | |
|
2024-10-31 09:05:57 | Les hantises de la cybersécurité industrielle The Hauntings of Industrial Cybersecurity (lien direct) |
> Bienvenue, chers collègues, dans un voyage effrayant à travers la maison hantée de la cybersécurité industrielle.Alors que Halloween se profile, c'est & # 8217; s ...
>Welcome, dear colleagues, to a spine-chilling journey through the haunted house of industrial cybersecurity. As Halloween looms, it’s... |
Industrial | ★★ | |
|
2024-10-31 08:34:39 | Détecter les menaces de cybersécurité OT utilisant la matrice connue connue Detecting OT Cybersecurity Threats Using the Known-Unknown Matrix (lien direct) |
> Des logiciels malveillants en matière de marchandises aux vers de nuisance aux attaques sophistiquées et ciblées, les organisations doivent se protéger en réduisant l'exposition ...
>From commodity malware to nuisance worms to sophisticated, targeted attacks, organizations need to protect themselves by reducing exposure... |
Malware Industrial | ★★ | |
|
2024-10-30 14:07:23 | 20% des fabricants industriels utilisent la sécurité du réseau comme première ligne de défense contre les cyberattaques, selon l'enquête 20% of Industrial Manufacturers are Using Network Security as a First Line of Defense against Cyberattacks, according to Survey (lien direct) |
20% des fabricants industriels utilisent la sécurité du réseau comme première ligne de défense contre les cyberattaques, selon Survey
-
Rapports spéciaux
20% of Industrial Manufacturers are Using Network Security as a First Line of Defense against Cyberattacks, according to Survey - Special Reports |
Industrial | ★★★ | |
|
2024-10-30 13:00:00 | 5 raisons pour lesquelles la gestion de la vulnérabilité basée sur les risques est importante dans l'OT 5 Reasons Why Risk-Based Vulnerability Management Matters in OT (lien direct) |
> À mesure que les systèmes industriels se développent et deviennent plus connectés, la gestion des vulnérabilités basée sur le risque est devenue la pierre angulaire de la cybersécurité OT.Cette approche ...
Le message 5 raisons pour lesquelles la gestion des vulnérabilités basée sur le risque est importanteDans OT , est apparu pour la première fois sur dragos .
>As industrial systems expand and become more connected, risk-based vulnerability management has become a cornerstone of OT cybersecurity. This approach... The post 5 Reasons Why Risk-Based Vulnerability Management Matters in OT first appeared on Dragos. |
Vulnerability Industrial | ★★★ | |
|
2024-10-29 17:58:00 | Le DHS et la CISA prescrivent des étapes proactives vers la cryptographie post-quantum dans les environnements OT DHS and CISA prescribe proactive steps toward post-quantum cryptography across OT environments (lien direct) |
> Le Département américain de la sécurité intérieure (DHS) et la Cybersecurity and Infrastructure Security Agency (CISA) sont proactifs ...
>The U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) lay down proactive... |
Industrial | ★★ | |
|
2024-10-29 10:02:17 | Zscaler identifie plus de 200 B & OUML; Zscaler identifiziert mehr als 200 bösartige Apps im Google Play Store mit über acht Millionen Downloads (lien direct) |
Les résultats de & uuml;
Mobilger & Auml;
La technologie, le système éducatif et la production sont toujours au début de
Les États-Unis restent l'objectif principal de F & uuml;
San Jose, États-Unis.29 octobre 2024 - Zscaler, Inc. (NASDAQ: ZS), F & Uuml;
-
Rapports spéciaux
/ /
cybersecurite_home_gaucche
Die Ergebnisse im Überblick: Mobilgeräte bleiben weiterhin ein großer Bedrohungsvektor mit 111 Prozent Wachstum an Spyware und 29 Prozent an Banking-Malware Technologie, Bildungswesen und Produktion sind noch immer am anfälligsten für Angriffe Die USA bleiben das Hauptziel für IoT-, OT- und mobile Cybersecurity-Angriffe SAN JOSE, USA. 29. Oktober 2024 - Zscaler, Inc. (NASDAQ: ZS), führender Anbieter von Cloud-Sicherheit, veröffentlicht seinen jährlichen Zscaler ThreatLabz 2024 Mobile, IoT und OT Threat Report mit dem Überblick über die mobile und IoT-/OT-Cyberbedrohungslandschaft von Juni 2023 bis Mai 2024. - Sonderberichte / cybersecurite_home_gauche |
Threat Mobile Industrial | ★★ | |
|
2024-10-28 16:30:00 | Naviguant les sept mers en toute sécurité du port au port & # 8211;OT Access Security pour les navires et les grues Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes (lien direct) |
La sécurité des technologies opérationnelles (OT) a affecté les navires marins et les opérateurs portuaires, car les navires et les grues industrielles sont en cours de numérisation et automatisées à un rythme rapide, inaugurant de nouveaux types de défis de sécurité.
Les navires viennent à terre tous les six mois en moyenne.Les grues à conteneurs sont principalement automatisées.Les diagnostics, la maintenance, la mise à niveau et les ajustements de ces systèmes critiques sont effectués
Operational Technology (OT) security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly automated. Diagnostics, maintenance, upgrade and adjustments to these critical systems are done |
Industrial | ★★ |
To see everything:
Our RSS (filtrered)
