Daily Cyber Brief

Water utilities are at high risk for a cyber attack, 8 new 0-days for ICS Carrier, and Apple's new M1 chip has a major flaw...

Cybersecurity

70 Indian government, private websites face international cyber attacks over Prophet row

After threats by the al-Qaida, comments against Prophet Muhammad — by now-suspended BJP spokesperson Nupur Sharma — have led to a slew of cyber attacks on Indian websites, both government and private. Orchestrated by the hacktivist group DragonForce Malaysia…

Nigerian Police Bust Gang Planning Cyberattacks on 10 Banks

The Nigerian Police Special Fraud Unit - or PSFU - says it has busted a criminal syndicate, preventing cyberattacks against at least 10 banks in the country. The alleged mastermind, 52-year-old Kehinde Oladimeji, was caught and arrested by the police, along with 27-year-old…

Hello XD ransomware now drops a backdoor while encrypting

Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an upgraded sample featuring stronger encryption. First observed in November 2021, the particular family was based on the leaked source code of…

U.S. Water Utilities Prime Cyberattack Target, Experts

Environmentalists and policymakers warn water treatment plants are ripe for attack. Industrial controls governing water-related U.S. critical infrastructure are woefully under-estimated as cyberattack targets. The potential for attack, say policymakers, is too great to…

8 zero-day vulnerabilities discovered in popular industrial control system from Carrier

Eight zero-day vulnerabilities affecting a popular industrial control provided by Carrier have been identified and patched, according to security researchers from Trellix who discovered the issues. The vulnerabilities affect the LenelS2 Mercury access control panel, which is used to…

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can't Be Patched

A novel hardware attack dubbed PACMAN has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages "speculative execution attacks to bypass an…

WiFi probing exposes smartphone users to tracking, info leaks

Researchers at the University of Hamburg in Germany have conducted a field experiment capturing hundreds of thousands of passersby's WiFi connection probe requests to determine the type of data transmitted without the device owners realizing it. WiFi probing is a…

Vulnerabilities Targeting InfiRay Thermal Cameras May Result in Industrial Process Hacking

Austrian cybersecurity firm SEC Consult found a series of vulnerabilities affecting Infiray IRAY-A8Z3 thermal cameras in February 2021. The consulting company disclosed the details of the vulnerabilities in an advisory on Tuesday, saying they were a direct consequence of…

PyPI package 'keep' mistakenly included a password stealer

PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to be containing a backdoor due to the presence of malicious 'request' dependency within some versions. For example, while most versions of 'keep' project use the legitimate Python module requests for making HTTP…

Vulnerabilities in HID Mercury Access Controllers Allow Hackers to Unlock Doors

Access control products using HID Mercury controllers are affected by critical vulnerabilities that can be exploited by hackers to remotely unlock doors. The vulnerabilities were discovered by researchers at XDR firm Trellix, which launched earlier this year following the merger of…

Daily Cyber Brief

Water utilities are at high risk for a cyber attack, 8 new 0-days for ICS Carrier, and Apple's new M1 chip has a major flaw...

Cybersecurity

Join the conversation

Overt Operator