Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







Home » Short News
by admin

Cyber Snippets:

Quick Updates on the Latest Security Issues

SHORT NEWS

ICICI Bank inadvertently exposed the credit card information of 17,000 customers due to a bug in its mobile app, 'iMobile.' The glitch revealed sensitive data such as card numbers, expiry dates, and CVVs. Upon discovery, reported by users on social media, the bank immediately blocked the affected cards and began issuing replacements. This incident follows a previous data leak of millions of records with sensitive data.

0 FacebookTwitterLinkedinWhatsappEmail

Microsoft has introduced ICSpector, a new open-source tool for examining industrial programmable logic controllers (PLCs). The goal is to use it in managing water and power grids operations. This tool, available on GitHub, addresses the challenges of analyzing PLCs, accessing operational code to check for tampering during incident responses. ICSpector can detect malicious changes, extract modification timestamps, and provide an overview of system task execution flows.

0 FacebookTwitterLinkedinWhatsappEmail

An unknown hacker group has exploited vulnerabilities in Fortinet SSL-VPN devices. This breach could enable access to sensitive corporate data and networks, potentially resulting in data theft, ransomware, and other malicious activities. Affected organizations face the risk of losing operational and financial data, as well as severe reputational damage. Fortinet hasn’t yet responded formally and advice to users is to apply any security updates immediately.

0 FacebookTwitterLinkedinWhatsappEmail

The German Parliament’s technology committee held a confidential session with Microsoft executives. It was after they disclosed that Russian intelligence hackers (Midnight Blizzard or APT29/Cozy Bear), infiltrated its source code systems in March. This is part of a broader examination of Microsoft’s security measures following significant breaches. It coincides with recent actions by CISA requiring enhanced security levels in federal agencies using Microsoft.

0 FacebookTwitterLinkedinWhatsappEmail

Part of the global Synlab group, Synlab Italia operates 380 labs and medical centers across Italy, generating $426M annually. Last week, a security breach forced the company to shut down its computers to mitigate damage. Consequently, all lab services and sample collections are suspended. Efforts are underway to clear the malware from the IT system and restore operations from backups.

0 FacebookTwitterLinkedinWhatsappEmail

The Payment Card Industry (PCI) Security Standards Council is expanding its cybersecurity efforts in the Middle East. In April, they appointed a regional director to collaborate with regulators, banks, financial institutions, and service providers on initiatives to improve the security of card transactions. This initiative addresses the global rise in card fraud. The expectation is it will reach $36 billion by 2024.

0 FacebookTwitterLinkedinWhatsappEmail

Cisco issued security patches to address vulnerabilities in Cisco Adaptive Security Appliances (ASA) devices and Cisco Firepower Threat Defense (FTD). This software is known as ArcaneDoor. These vulnerabilities, CVE-2024-20353 [CVSS 8+], CVE-2024-20359, and CVE-2024-20358, could allow a cyber threat actor to take control of the affected systems. CISA included them in its Known Exploited Vulnerabilities Catalog and urges users and admins to install updates promptly.

0 FacebookTwitterLinkedinWhatsappEmail

Ukrainian cyber defenders have issued an urgent warning of a severe wave of cyberattacks by Russian hackers targeting the nation’s energy sector. They are linking the attacks to Sandworm, a notorious cyberwarfare unit of Russia’s military intelligence, which has targeted around 20 enterprises in Ukraine’s energy, water, and heating industries as of March. This information comes from Ukraine’s Computer Emergency Response Team.

0 FacebookTwitterLinkedinWhatsappEmail

The U.S. federal government launched an extensive crackdown on four alleged Iranian state hackers. They unveiled a multi-count criminal indictment, imposing Treasury sanctions on the individuals. They also offered a reward of up to $10 million for information leading to their capture. The accused, allegedly involved in extensive phishing operations from 2016 through at least 2021, targeted entities including the Departments of Treasury and State.

0 FacebookTwitterLinkedinWhatsappEmail

The cyberattack compromised sensitive data for a significant portion of the American population, potentially making it the largest health data breach in U.S. history. Change Healthcare processes 15 billion transactions a year and reaches one-third of U.S. patients. Hackers reportedly accessed Change Healthcare’s network nine days prior to initiating a ransomware attack. They used compromised credentials for staff remote system access as their entry point.

0 FacebookTwitterLinkedinWhatsappEmail

Recent news

Recent Blogs

Follow Us

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.