The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its […]
Cyber News, Cyber Threat Trends
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on […]
Cyber News, Cyber Threat TrendsThe operators could make over $3m if they decide to sell the card dumps on underground forums
Cyber News, Cyber Threat Trends
Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS). The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol (MS-EVEN), which enables remote access to event logs. While the former allows “any domain user to remotely
Cyber News, Cyber Threat Trends
91. Granting AWS Console access for Secrets Manager Secrets to address IAM Policy Limitations This is a continuation of my series on Automating Cybersecurity Metrics. If you recall from a prior post we had some complications when trying to protect a user-specific secret due to the way AWS policies work. We couldn’t fully achieve our […]
Cyber News, Cyber Threat Trends
Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant […]
Cyber News, Cyber Threat Trends
Introduction In many ways, the software supply chain is similar to that of manufactured goods, which we all know has been largely impacted by a global pandemic and shortages of raw materials. However, in the IT world, it is not shortages or pandemics that have been the main obstacles to overcome in recent years, but […]
Cyber News, Cyber Threat TrendsLast week, I was privileged to participate in an important national summit on IoT Security convened by Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies. Representatives from across the US government, industry, and academia were invited to the White House to discuss a National Consumer IoT Security Labeling program. In short, we […]
Cyber News, Cyber Threat TrendsIt was all going so well. At first. Read more in my article on the Hot for Security blog.
Cyber News, Cyber Threat Trends