"Digital trust" cybersecurity solutions enabling automated, real-time risk mitigation are crucial for protecting organizations in today's threat landscape.
Welcome to Cyber Watch series for today, August 4, 2023. At DigitalXForce, our Cyber Intelligence team curates a list of the latest cybersecurity news to keep you informed of stories that matter every week.
This week’s Cyber Watch top 10 list is a compilation of stories from 50+ relevant news sources across the web – all ranked according to the risk impact. We encourage you to review these stories and take steps to protect your organization.
TSA Updates Gas Pipeline Cybersecurity Guidelines
In a crucial move to enhance national security, the Transportation Security Administration (TSA) has recently updated its cybersecurity guidelines for gas pipeline operators. This comes in the wake of the 2021 Colonial Pipeline cyberattack, underscoring the imperative of fortifying critical infrastructure against potential cyber threats.
According to a recent Security Magazine report, “the reissued security directive for critical pipeline companies follows an initial directive announced in July 2021 and renewed in July 2022”. The updated measures are set to bolster the resilience of the industry’s gas supply network, safeguarding it from potential cyber intrusions.
Google Fixes 15 Critical Vulnerabilities in a Recent Chrome Security Update
We urge all Google Chrome users to take immediate action as a vital security update has been rolled out.
According to Cybersecurity News, this update addresses multiple vulnerabilities that malicious actors could exploit to compromise user data and systems. Stay informed and safeguard your online experience by promptly applying the latest Chrome patch.
Critical Flaw Hits Ivanti
Ivanti, a prominent software company, faced another critical security challenge. A recent vulnerability in its software could potentially be exploited by cybercriminals to execute arbitrary code remotely.
As cybersecurity experts work to patch this flaw, businesses using Ivanti products must remain vigilant and update their systems promptly to stay protected.
In a recent InfoSecurity Magazine report, Ivanti explained that “the vulnerability was incidentally resolved in MobileIron Core 11.3 as part of work on a product bug. It had not previously been identified as a vulnerability”.
Cloudzy Accused of Aiding and Abetting Threat Actors
Startling revelations have emerged about an Iranian company, Cloudzy, which stands accused of orchestrating a massive cyber espionage campaign. This operation allegedly targeted numerous high-profile individuals and organizations worldwide.
A recent The Hacker News report revealed that “some of the key actors that are assessed to be leveraging Cloudzy include state-sponsored entities from China (APT10), India (Sidewinder), Iran (APT33 and APT34), North Korea (Kimsuky, Konni, and Lazarus Group), Pakistan (Transparent Tribe), Russia (APT29 and Turla), and Vietnam (OceanLotus) as well as cybercrime entities (Evil Corp and FIN12).”
The implications of this breach are far-reaching, raising concerns about cyber warfare and the need for heightened vigilance in safeguarding sensitive information.
Another Hit: Hackers Exploit Salesforce Vulnerability to Launch Attacks
Cybersecurity experts have uncovered a concerning development in the tech world. Threat actors are exploiting a vulnerability in Salesforce, a popular cloud-based platform used by countless businesses.
According to a recent Cyber Wire report, “Guardio Labs research team discovered a zero-day vulnerability affecting Salesforce’s email services and SMTP servers. Attackers exploited the vulnerability to launch phishing campaigns targeting Facebook accounts”.
The attackers are also leveraging this weakness to gain unauthorized access to sensitive data, potentially jeopardizing the security of multiple organizations. Stay informed and take necessary precautions to protect your data from these evolving threats.
Hackers Target Microsoft Teams Users to Steal MFA Codes
In a concerning development, the same threat actors responsible for the infamous SolarWinds 2020 supply chain breach have launched a series of sophisticated social engineering attacks worldwide.
Microsoft Teams users are the target, with attackers leveraging stolen Microsoft 365 instances to deceive victims through fake IT support messages.
A recent SC Media report revealed that malicious actors aim to trick users into approving multi-factor authentication prompts, enabling them to pilfer valuable account credentials, as reported by Microsoft Threat Intelligence. Stay vigilant, and protect your digital assets!
SpecterOps Announce The Release Of Bloodhound Community Edition (CE)
Cybersecurity experts are on high alert as SpecterOps announce BloodHound Pentesting Tool – which will be available on August 8, 2023. This powerful tool, designed to assess Active Directory vulnerabilities, has both positive and potentially dangerous implications.
Cybersecurity News reported that “this update brings many enterprise-grade usability features to BloodHound CE, like containerized deployment, REST APIs, user management, and access control”.
While it helps identify security weaknesses, its misuse could facilitate cyberattacks. Stay tuned for a comprehensive analysis on this double-edged sword of cybersecurity.
Self-Spreading Malware Attacks Call of Duty Players
Call of Duty: Modern Warfare 2 players are facing a new, sinister threat in the gaming world. Malware disguised as cheat software has infiltrated the game, jeopardizing the security and privacy of countless players.
According to a Wired News report, “Call of Duty players on the old game are being hit with malware that automatically spreads through multiplayer lobbies, according to the publication”.
This alarming development highlights the need for gamers to exercise caution and adopt robust cybersecurity measures.
CISA Disclose 670 ICS Vulnerabilities In A Recent 2023 Analysis
Alarming data from the Cybersecurity and Infrastructure Security Agency (CISA) reveal a staggering 670 vulnerabilities in Industrial Control Systems (ICS) disclosed during the first half of 2023.
According to a recent Security Week report, “more than 40% of the flaws impact software and 26% affect firmware. OEMs continued to report most of these vulnerabilities — more than 50% — followed by security vendors (28%) and independent researchers (9%)”.
These vulnerabilities pose significant risks to critical infrastructure worldwide. Stay informed to protect vital systems from potential cyber threats.
SCARF Cipher Sets New Data Protection Standards
In a recent groundbreaking development, the Scarf Cipher has emerged as a robust solution for safeguarding sensitive data. This innovative encryption technique offers enhanced protection against cyber threats, making it a potential game-changer in the world of cybersecurity.
According to a recent Help Net Security report, “SCARF’s potential impact extends beyond individual computers, as its implementation can contribute to building a more secure information society. By mitigating cache side-channel attack vulnerabilities, SCARF takes a critical step towards safeguarding sensitive data and user privacy”.
Are you prepared against threat actors? Think outside the security box. Join forces with DigitalXForce and let the Cyber Force stand by your side. See you next week!