You are here

Home » Cybersecurity

Cybersecurity

War Fallout: Ukrainians Steal Data from Russian Water Supply Company

According to reports, Ukraine allegedly compromised Rosvodokanal, one of Russia’s largest private companies, and seized 1.5TB of data. The operation is believed to be carried out by the Ukrainian attack group Blackjack and part of continued cyberwarfare between Ukraine and Russia. The Interfax-Ukraine news agency stated that the Ukrainian attackers encrypted 6,000 computers and deleted more than 50TB of data, including internal document management system, corporate emails, cyber protection services, and backups.

Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File

Researchers disclosed details on two security vulnerabilities in Microsoft Outlook this week, which, when chained together, provide attackers a means to run any code or command on a computer system without restrictions. The vulnerabilities mentioned in the article can be exploited when a victim simply clicks on or opens a file, such as a sound file.

CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats

As part of CISA’s new Security by Design (SbD) Alert series, the agency published guidance on how manufacturers can protect customers by eliminating default passwords. The development comes after CISA sent out an alert earlier this month, stating Iranian actors affiliated with the Islamic Revolutionary Guard Corps have been actively exploiting operational technology devices with default passwords to gain access to critical infrastructure systems in the U.S.

What To Do When Receiving Unprompted MFA OTP Codes

As more sites and services offer and require multi-factor authentication (MFA), cyber threat actors have turned to various methods to bypass this additional protection. From these attempts, actual account holders may receive unprompted one-time passcodes (OTPs). Receiving an OTP sent as an email or text should be a cause for concern as it likely means the account holder's credentials have been stolen, but there are steps to take to stop the activity in its tracks.

NSA Releases Recommendations to Mitigate Software Supply Chain Risks

In response to an increase in cyber attacks to supply chains over the past five years, including targeted attacks of software supply chains, the National Security Agency (NSA) published a new Cybersecurity Information Sheet (CSI), “Recommendations for Software Bill of Materials (SBOM) Management.” This CSI provides network owners and operators with guidance for incorporating SBOM use to help protect the cybersecurity supply chain.

Joint Cybersecurity Advisory – Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

Yesterday, CISA, along with the FBI, the National Security Agency (NSA), and several international partners released a joint Cybersecurity Advisory (CSA), “Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally,” to warn that Russian threat actors are exploiting CVE-2023-42793 at a large scale, targeting servers hosting JetBrains TeamCity software.

Pages

Subscribe to Cybersecurity