SANS / Dragos - DISC: SANS ICS Virtual Conference and ICS CTF Event Details -
In case you weren't aware and you are interested in that sort of thing SANS and Dragos are hosting an online ICS security conference. The content looks pretty interesting.
Security Affairs - Crooks target US universities with malware used by nation-state actors -
Faculty and students at several U.S. universities and colleges were targeted in phishing attacks, threat actors attempted to infect the victims’ systems with a remote access Trojan (RAT) previously used by Chinese state-sponsored hackers.Cyberscoop - Researchers used a GIF to prove they could access Microsoft Teams user data -
The malicious code employed in the attacks is the Hupigon RAT, a RAT previously spotted in campaigns carried out by China-linked APTs such as APT3 (aka TG-0100, Buckeye, Gothic Panda, and UPS).
According to a proof-of-concept published by CyberArk, the issue involved the way that Microsoft Teams conducted security checks on images. Researchers determined that, by spoofing domains on a Microsoft server, attackers could impersonate legitimate members of a Teams client organization. Then, by convincing real Teams users to visit the hijacked domain, hackers could tempt them into clicking an image which ultimately displayed sensitive information.
In its demonstration, CyberArk demonstrated how a malicious Donald Duck GIF could be used to infiltrate a Teams workflow. From there, attackers could spread automatically through a client system, much like a self-replicating kind of malware known as a worm.Related - Security Boulevard - Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams -
Security Boulevard - SHARED INTEL: New book on cyber warfare foreshadows attacks on elections, remote workers -
A new book by Dr. Chase Cunningham — Cyber Warfare – Truth, Tactics, and Strategies — accomplishes this in a compelling, accessible way. Cunningham has the boots-on-the-ground experience and storytelling chops to pull this off. As a cybersecurity principal analyst at Forrester, he advises enterprise clients on how to stay in front of the latest iterations of cyber attacks coming at them from all quarters.Security Week - Israel Says Hackers Targeted SCADA Systems at Water Facilities -
According to an alert published by Israel’s National Cyber Directorate, the attacks targeted supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations and sewage facilities.Threatpost - Eight Common OT / Industrial Firewall Mistakes -
Organizations in the water and energy sectors have been advised to immediately change the passwords of internet-accessible control systems, reduce internet exposure, and ensure that all control system software is up to date.
This article explores eight common mistakes that firewall administrators make and describes how these mistakes can compromise firewall functionality and network security. The lesson here though is not “stop making mistakes.” This article also explores unidirectional gateway technology as an alternative to our most important OT firewalls. Unidirectional gateways provide physical protection for industrial operations, rather than merely software protection. This means that with a unidirectional gateway, no mistake in configuration can impair the protection that the gateway provides to the industrial network.This article is written by someone at Waterfall Technologies to pimp unidirectional gateways, which is fine - the points they bring up are valid, but read it with that in mind.
NBC - Tyson Foods chairman warns that 'the food supply chain is breaking' -
"The food supply chain is breaking," John Tyson wrote in a full-page advertisement published Sunday in The New York Times, The Washington Post and The Arkansas Democrat-Gazette.
"There will be limited supply of our products available in grocery stores until we are able to reopen our facilities that are currently closed," he wrote in the advertisement, which was also published as a blog post on the company's website.
No comments:
Post a Comment