Blog – Page 1075 – Cyber Mike

Kazakh Organizations Targeted by ‘Bloody Wolf’ Cyber Attacks

Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT (aka Strigoi Master).
“The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijack restricted data,” cybersecurity vendor BI.ZONE said in a new analysis.
The cyber attacks employ

New SLUBStick Attack Makes Linux Kernel Vulnerabilities More Dangerous

A new Linux kernel exploitation technique named SLUBStick makes heap vulnerabilities more dangerous.

The post New SLUBStick Attack Makes Linux Kernel Vulnerabilities More Dangerous appeared first on SecurityWeek.

The Loper Bright Decision: How it Impacts Cybersecurity Law

The Loper Bright decision has yielded impactful results: the Supreme Court has overturned forty years of administrative law, leading to potential litigation over the interpretation of ambiguous laws previously decided by federal agencies. This article explores key questions for cybersecurity professionals and leaders as we enter a more contentious period of cybersecurity law.
Background
What is

Apache OFBiz Users Warned of New and Exploited Vulnerabilities

Organizations are being warned of a newly discovered Apache OFBiz vulnerability as exploitation of another recent flaw is observed.

The post Apache OFBiz Users Warned of New and Exploited Vulnerabilities appeared first on SecurityWeek.

Enhancing Incident Response Readiness with Wazuh

Incident response is a structured approach to managing and addressing security breaches or cyber-attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated actions to enhance readiness. Improving these areas ensures a swift and effective response, minimizing damage and restoring normal operations quickly.
Challenges in incident

Justice Department Sues TikTok, Accusing the Company of Illegally Collecting Children’s Data

The US Justice Department has sued TikTok, accusing the company of illegally collecting children’s data and violating an online privacy law.

The post Justice Department Sues TikTok, Accusing the Company of Illegally Collecting Children’s Data appeared first on SecurityWeek.

Ransomware Attack Cost Keytronic Over $17 Million

Keytronic says the recent ransomware attack resulted in expenses and lost revenue totaling more than $17 million.

The post Ransomware Attack Cost Keytronic Over $17 Million appeared first on SecurityWeek.

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol (CIP) programming and configuration commands.
The flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS v3.1 score of 8.4.
“A vulnerability exists in the affected products that allows a threat actor to

New Android Trojan “BlankBot” Targets Turkish Users’ Financial Data

Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to steal financial information.
“BlankBot features a range of malicious capabilities, which include customer injections, keylogging, screen recording and it communicates with a control server over a WebSocket connection,” Intel 471 said in an analysis published last week.

China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates

The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider (ISP) to push malicious software updates to target companies in mid-2023, highlighting a new level of sophistication associated with the group.
Evasive Panda, also known by the names Bronze Highland, Daggerfly, and StormBamboo, is a cyber espionage group that’s been active since at least 2012,

Cyber News