Cybersecurity, Libraries, Manufacturing and Security

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Artificial Intelligence

Artificial Intelligence Security Ransomware Data breaches

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

IT Governance

FEBRUARY 14, 2024

Compromised data includes policyholders’ and their families’ civil status, dates of birth and social security numbers, as well as the name of their health insurer and information relating to their contracts. It has since been confirmed by Anukul Peedkaew, the permanent secretary of social development and human security.

Data Privacy

Data Privacy Manufacturing Privacy Security

Microsoft: Raspberry Robin worm already infected hundreds of networks

Security Affairs

JULY 3, 2022

Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. Pierluigi Paganini.

Manufacturing

Manufacturing Libraries Communications Cybersecurity

Raspberry Robin spotted using two new 1-day LPE exploits

Security Affairs

FEBRUARY 11, 2024

Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malware was first spotted in September 2021, the experts observed it targeting organizations in the technology and manufacturing industries.

Communications

Communications Manufacturing Libraries Cybersecurity

Guest Blog: TalkingTrust. What’s driving the security of IoT?

Thales Cloud Protection & Licensing

MARCH 10, 2021

What’s driving the security of IoT? The Urgency for Security in a Connected World. There are so many reasons why manufacturers connect their products to the Internet, whether it’s industrial machines, medical devices, consumer goods or even cars. Device Security is Hard. Guest Blog: TalkingTrust. Thu, 03/11/2021 - 07:39.

IoT

IoT Security Manufacturing Encryption

Log4J: What You Need to Know

Adam Levin

DECEMBER 17, 2021

The entire technology industry received a sizable lump of coal in their collective stocking earlier this week in the form of two major security vulnerabilities in a widely-used software tool. Unfortunately, the patch itself contained another security vulnerability, which has also been patched. What is Log4J? How bad is it?

Systems administration

Systems administration Cybersecurity Manufacturing Libraries

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

Security Affairs

JULY 9, 2022

Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. exe ”, at the machine startup.

Manufacturing

Manufacturing Libraries Communications IT

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

Security Affairs

JULY 29, 2022

Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries.

Manufacturing

Manufacturing Libraries Access Communications

3CX voice and video conferencing software victim of a supply chain attack

Security Affairs

MARCH 30, 2023

The products from multiple cybersecurity vendors started detecting the popular software as malware suggesting that the company has suffered a supply chain attack. “Unfortunately this happened because of an upstream library we use became infected.” The company recommends uninstalling the app and then installing it again.

File names

File names Manufacturing Libraries Cybersecurity

Raspberry Robin spreads via removable USB devices

Security Affairs

MAY 7, 2022

Cybersecurity researchers from Red Canary have spotted a new Windows malware, dubbed Raspberry Robin, with worm-like capabilities that propagates through removable USB devices. The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries.

Manufacturing

Manufacturing Libraries Cybersecurity Communications

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

. “The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.” ” Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices.

Government

Government Communications Ransomware Manufacturing

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. With each new version, the malware adds new features like dynamic library loading, encryption, and adjustments to different locales and manufacturers.”

Financial Services

Financial Services Libraries Encryption Authentication

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. It is one of the largest libraries in the world. ” reads the announcement.

Libraries

Libraries Ransomware Manufacturing Education

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Security Affairs

OCTOBER 27, 2022

Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. Pierluigi Paganini.

Ransomware

Ransomware Access Encryption Manufacturing

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

. “The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.” ” Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices.

Government

Government Communications Ransomware Manufacturing

Decipher Security Podcast With ForAllSecure CEO David Brumley

ForAllSecure

APRIL 30, 2020

The Decipher Security podcast by Duo Security analyzes the news, explores the impact of the latest risks, and provides informative and educational material for readers intent on understanding how security affects our world. Thanks to these crypto libraries, today’s online economy is the size of Spain’s GDP!

Security

Security IoT Manufacturing IT

Decipher Security Podcast With ForAllSecure CEO David Brumley

ForAllSecure

APRIL 30, 2020

The Decipher Security podcast by Duo Security analyzes the news, explores the impact of the latest risks, and provides informative and educational material for readers intent on understanding how security affects our world. Thanks to these crypto libraries, today’s online economy is the size of Spain’s GDP!

Security

Security IoT Manufacturing IT

DECIPHER SECURITY PODCAST WITH FORALLSECURE CEO DAVID BRUMLEY

ForAllSecure

APRIL 30, 2020

The Decipher Security podcast by Duo Security analyzes the news, explores the impact of the latest risks, and provides informative and educational material for readers intent on understanding how security affects our world. Thanks to these crypto libraries, today’s online economy is the size of Spain’s GDP!

Security

Security IoT Manufacturing IT

Anomaly detection in machine learning: Finding outliers for optimization of business functions

IBM Big Data Hub

DECEMBER 19, 2023

For example, higher than average traffic on a website or application for a particular period can signal a cybersecurity threat, in which case you’d want a system that could automatically trigger fraud detection alerts. Isolation forest models can be found on the free machine learning library for Python, scikit-learn.

Unstructured data

Unstructured data Artificial Intelligence Sales Manufacturing

Weekly Vulnerability Recap – October 16, 2023 – DDoS, Microsoft, Apple & Linux Lead a Busy Week

eSecurity Planet

OCTOBER 16, 2023

The past week has been an eventful one for cybersecurity vulnerabilities, from record DDoS attacks and three Microsoft zero-days to vulnerabilities in Linux, Apple, Citrix, and other widely used technologies. The problem: A memory corruption vulnerability in the open-source libcue library was reported by the GitHub Security Lab.

Libraries

Libraries Metadata Cybersecurity Security

The Week in Cyber Security and Data Privacy: 15 – 21 April 2024

IT Governance

APRIL 22, 2024

Compromised data includes names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers. million accounts compromised in Le Slip Français data breach The French underwear manufacturer Le Slip Français has suffered a data breach. Data breached: 5,300,000 records.

Data Privacy

Data Privacy Privacy Manufacturing Security

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

ransomfeed #security #infosec #energychina pic.twitter.com/deRRximVPd — Ransomfeed (@ransomfeed) November 25, 2023 The China Energy Engineering Corporation (CEEC) is a state-owned company in China that operates in the energy and infrastructure sectors. Energy China [link] TL;DR That's huuuge!

Ransomware

Ransomware Manufacturing Education Libraries

Researchers released a free decryption tool for the Rhysida Ransomware

Security Affairs

FEBRUARY 12, 2024

Cybersecurity researchers from Kookmin University and the Korea Internet and Security Agency (KISA) discovered an implementation vulnerability in the source code of the Rhysida ransomware. Rhysida ransomware employed a secure random number generator to generate the encryption key and subsequently encrypt the data.

Ransomware

Ransomware Encryption Paper Manufacturing

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

The group also claimed the hack of the British Library and China Energy Engineering Corporation. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

Recently, the Rhysida ransomware gang added the British Library and China Energy Engineering Corporation to the list of victims on its Tor leak site. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors.

Ransomware

Ransomware Manufacturing Education Libraries

The Hacker Mind Podcast: The Internet As A Pen Test

ForAllSecure

MAY 17, 2023

A lot of SMBs do not have security operations centers or SOCs. They have IT contractors who can provision laptops and maintain a certain level of compliance and security. They can provide that additional security, remotely. They have those security capabilities. In a way and then you consume the outcomes.

Insurance

Insurance Privacy Ransomware GDPR

Russia’s SolarWinds Attack and Software Security

Schneier on Security

JANUARY 8, 2021

And a massive security failure on the part of the United States is also to blame. Our insecure Internet infrastructure has become a critical national security risk — one that we need to take seriously and spend money to reduce. We typically don’t know what third party libraries are in the software we install.

Security

Security Government Marketing IoT

The Hacker Mind Podcast: Fuzzing Message Brokers

ForAllSecure

DECEMBER 17, 2021

As I produce this episode, there's a dangerous new vulnerability known informally as Log4Shell, it’s a flaw in an open source Java logging library developed by the Apache Foundation and, in the hands of a malicious actor, could allow for remote code injection. And there’s the researchers, the one that come along and find things.

Computer and Electronics

Computer and Electronics IT Security Libraries

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. This article details two major findings from the report: five major cybersecurity threats and prioritization problems.

Cybersecurity

Cybersecurity Ransomware Passwords Cloud

Types of Malware & Best Malware Protection Practices

eSecurity Planet

FEBRUARY 16, 2021

Rogue security software. Boost your organization’s IT literacy with ongoing cybersecurity training so they recognize the threats posed by malware attacks. Architect a premium network security model like SASE that encompasses SD-WAN , CASB , secure web gateways , ZTNA , FWaaS , and microsegmentation. RAM scraper.

Phishing

Phishing Ransomware Passwords Access

Nmap Ultimate Guide: Pentest Product Review and Analysis

eSecurity Planet

JULY 19, 2023

The open source security tool, Nmap, originally focused on port scanning, but a robust community continues to add features and capabilities to make Nmap a formidable penetration testing tool. Almost all cybersecurity professionals have familiarity with Nmap and most use it frequently — it is the hammer of the pentesting toolbox.

Communications

Communications Access Security Manufacturing

Black Hat insights: How to shift security-by-design to the right, instead of left, with SBOM, deep audits

The Last Watchdog

AUGUST 5, 2021

Related: Experts react to Biden cybersecurity executive order. A bill of materials is a complete list of the components used to manufacture a product. President Biden’s cybersecurity executive order, issued in May, includes a detailed SBOM requirement for all software delivered to the federal government.

Security

Security Manufacturing Libraries Digital transformation

The Week in Cyber Security and Data Privacy: 11 – 18 December 2023

IT Governance

DECEMBER 19, 2023

An investigation determined that personal data, including names, addresses, phone numbers, Social Security numbers, dates of birth and bank account numbers, belonging to nearly 15 million people was obtained by an unauthorised party between 30 October and 1 November. GB Coca-Cola Singapore Source (New) Manufacturing Singapore Yes 413.92

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

The Hacker Mind Podcast: Hacking Behavioral Biometrics

ForAllSecure

NOVEMBER 18, 2021

I’m just not convinced that a fingerprint or an image of my face is secure enough. In security we traditionally define the different factors of authentication as something you know, so that could be the username and password, or an answer to a security question. Macorin: My name is Justin Macorin cybersecurity research.

Authentication

Authentication Passwords Artificial Intelligence IT

IG: The Whole Is More Than the Sum of Its Parts

Positively RIM

MAY 5, 2015

IT, Legal, Records, Privacy, Security, Compliance Finance, Audit and other areas can manage their information alone. Some organizations lack adequate security expertise to counter outside hacking and internal pilfering of proprietary data. Attorneys may consider an “archive” to be the reference library of legal matters or cases.

IT

IT Information governance Government Communications

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, has founded securepairs.org , a group of infosec experts who are volunteering their free time to fight for the digital right to repair in local legislation. ” So should analyzing a device’s firmware for security flaws be considered illegal?

Manufacturing

Manufacturing Agriculture IT Access

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, has founded securepairs.org , a group of infosec experts who are volunteering their free time to fight for the digital right to repair in local legislation. ” So should analyzing a device’s firmware for security flaws be considered illegal?

Manufacturing

Manufacturing Agriculture IT Access

MY TAKE: How blockchain technology came to seed the next great techno-industrial revolution

The Last Watchdog

NOVEMBER 4, 2019

Jeff Bezos of Amazon, and Larry Page and Sergey Brin of Google did more than anyone else to actualize digital commerce as we’re experiencing it today – including its dark underbelly of ever-rising threats to privacy and cybersecurity. It very well could take us to improved privacy and cybersecurity. How often does that happen today?

Blockchain

Blockchain Mining Privacy Libraries

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

Trending Sources

Microsoft: Raspberry Robin worm already infected hundreds of networks

Raspberry Robin spotted using two new 1-day LPE exploits

Guest Blog: TalkingTrust. What’s driving the security of IoT?

Log4J: What You Need to Know

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

3CX voice and video conferencing software victim of a supply chain attack

Raspberry Robin spreads via removable USB devices

Raspberry Robin malware used in attacks against Telecom and Governments

EventBot, a new Android mobile targets financial institutions across Europe

Rhysida ransomware gang is auctioning data stolen from the British Library

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Raspberry Robin malware used in attacks against Telecom and Governments

Decipher Security Podcast With ForAllSecure CEO David Brumley

Decipher Security Podcast With ForAllSecure CEO David Brumley

DECIPHER SECURITY PODCAST WITH FORALLSECURE CEO DAVID BRUMLEY

Anomaly detection in machine learning: Finding outliers for optimization of business functions

Weekly Vulnerability Recap – October 16, 2023 – DDoS, Microsoft, Apple & Linux Lead a Busy Week

The Week in Cyber Security and Data Privacy: 15 – 21 April 2024

Rhysida ransomware gang claimed China Energy hack

Researchers released a free decryption tool for the Rhysida Ransomware

Rhysida ransomware group hacked Abdali Hospital in Jordan

Rhysida ransomware group hacked King Edward VII’s Hospital in London

The Hacker Mind Podcast: The Internet As A Pen Test

Russia’s SolarWinds Attack and Software Security

The Hacker Mind Podcast: Fuzzing Message Brokers

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Types of Malware & Best Malware Protection Practices

Nmap Ultimate Guide: Pentest Product Review and Analysis

Black Hat insights: How to shift security-by-design to the right, instead of left, with SBOM, deep audits

The Week in Cyber Security and Data Privacy: 11 – 18 December 2023

The Hacker Mind Podcast: Hacking Behavioral Biometrics

IG: The Whole Is More Than the Sum of Its Parts

The Hacker Mind Podcast: The Right To Repair

The Hacker Mind Podcast: The Right To Repair

MY TAKE: How blockchain technology came to seed the next great techno-industrial revolution

Stay Connected