CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems
thehackernews.com/2021/10/cisa-issues-warning-on-cyber-threats.html The U.S. Cybersecurity Infrastructure and Security Agency (CISA) on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities (WWS), highlighting five incidents that occurred between March 2019 and August 2021. Lisäksi:
us-cert.cisa.gov/ncas/alerts/aa21-287a
Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
isc.sans.edu/diary/rss/27940 Johannes published a diary on this activity last week for an Apache 2.4.49 directory traversal vulnerability where the patch was made available on September 15, 2021. Apache released a new update on October 7, 2021, indicating their advisory for “Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)”.
Check your iPhone for compromised passwords… NOW!
www.zdnet.com/article/check-your-iphone-for-compromised-passwords-now/ But thankfully iOS makes it quite easy to do a quick audit of your passwords for compromised passwords, allowing you to change them before problems escalate.
China’s Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes
www.darkreading.com/vulnerabilities-threats/china-s-hackers-crack-devices-at-tianfu-cup-for-1-5m-in-prizes Competitions such as Pwn2Own gives talented hackers the opportunity to crack products from some of the world’s largest technology companies. This weekend is China’s equivalent hacking competition, the Tianfu Cup in Chengdu, China.
When Is an Attack not an Attack? The Story of Red Team Versus Blue Team
securityintelligence.com/articles/red-team-versus-blue-team-attack/ Cybersecurity experts fill our days with terminology from warfare, including jargon such as red team versus blue team. The concept of red team’ has its origin in wargaming. The red team plays an opposing force and attempts to bypass the barriers of the defending or blue team.
Threat Roundup for October 8 to October 15
blog.talosintelligence.com/2021/10/threat-roundup-1008-1015.html Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Oct. 8 and Oct. 15. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
Attackers Behind Trickbot Expanding Malware Distribution Channels
thehackernews.com/2021/10/attackers-behind-trickbot-expanding.html The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti. Lisäksi:
threatpost.com/trickbot-cybercrime-elite-affiliates/175510/
How Attackers Hack Humans
www.darkreading.com/edge-articles/how-attackers-hack-humans Inside their motivations, how they go about it — and what businesses can do about it, according to Counterintelligence Institute founder Peter Warmka.