Latest News Articles
--- TLP:WHITE ---
News
− Johnson Controls Hit by Ransomware
Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company.
https://www.securityweek.com/johnson-controls-hit-by-ransomware/− US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform
An open redirection vulnerability in the popular job search platform Indeed has been exploited in a series of phishing attacks.
https://www.menlosecurity.com/blog/evilproxy-phishing-attack-strikes-indeed/− Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance
Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a SQL Server instance. "The attackers initially exploited a SQL injection vulnerability in an application within the target's environment," security researchers Sunders Bruskin, Hagai Ran Kestenberg, and Fady Nasereldeen said in a Tuesday report.
https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/Vulnerabilities
− US and Japan warn of Chinese hackers backdooring Cisco routers
A joint cybersecurity advisory by the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police) sheds light on the techniques the Chinese threat actors known as BlackTech use to attack Japanese and U.S. organizations.
https://www.techtarget.com/searchsecurity/news/366553736/US-Japan-warn-China-linked-BlackTech-targeting-routers− Government Shutdown Could Bench 80% of CISA Staff
Roughly 80% of CISA staff will be sent home at the end of the week in case of a government shutdown.
https://www.securityweek.com/80-of-cisa-staff-at-risk-of-furlough-as-government-shutdown-looms/− FBI Warns Organizations of Dual Ransomware, Wiper Attacks
The FBI warns organizations of cyberattacks that employ multiple ransomware families or deploy dormant data wipers.
https://www.ic3.gov/Media/News/2023/230928.pdf− WebP Vulnerability CVE-2023-4863
Researchers have discovered a flaw within the libwebp image library which may write data out of bounds to the heap. The libwebp library, which is responsible for encoding and decoding webp images, is present in a variety of software across mobile and desktop platforms.
https://www.ncsc.gov.ie/pdfs/WebP_Vulnerability_CVE_2023_4863.pdf− Multiple Critical Vulnerabilities in WS_FTP Server
Progress has released details about multiple vulnerabilities that exist in WS_FTP server. The vulnerabilities exist within the WS_FTP Server Ad Hoc Transfer Module and the WS_FTP Server manager interface. Two of these vulnerabilities are rated as critical, the remaining vulnerabilities are rated high and medium.
https://www.ncsc.gov.ie/pdfs/Multiple_Vulnerabilities_in_WS_FTP.pdf--- TLP:WHITE ---