Daily Cyber Brief
Clop ransomware hits a UK water utility, Brazilian police open up an investigation into Lapsus$, and vulnerabilities were found in Intel and AMD processors...
Cybersecurity
A water company that supplies drinking water to over 1.6 million people in the UK says it has been hit by a cyber attack. But the criminal gang involved appears to have claimed it had breached a different water utilities firm. South Staffordshire Water says it has been the…
Earlier this month, numerous official websites in Taiwan were taken down by a series of distributed-denial-of-service (DDoS) attacks. The targeted websites included the island’s Presidential Office, National Defence Ministry, the Foreign Affairs Ministry and its largest…
Exploit code has been released for a critical vulnerability affecting networking devices with Realtek’s RTL819x system on a chip (SoC), which are estimated to be in the millions. The flaw is identified as CVE-2022-27255 and a remote attacker could exploit it to compromise…
Brazil’s Federal Police carried out eight search and seizure warrants Tuesday as part of an investigation into attacks claimed by the Lapsus$ Group that disrupted the country’s Ministry of Health last December, the agency announced in a press release. Police did not specifically…
Security researchers have uncovered multiple vulnerabilities impacting UWB (ultra-wideband) RTLS (real-time locating systems), enabling threat actors to conduct man-in-the-middle attacks and manipulate tag geo-location data. RTLS technology is widely used…
A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive…
Almost 7 million users have attempted to install malicious browser extensions since 2020, with 70% of those extensions used as adware to target users with advertisements. The most common payloads carried by malicious web browser extensions during the first half of 2022…
Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers (PLCs) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks. Dubbed "Evil PLC"…
Just a week after 10 malicious software packages were found nesting in the Python Package Index (PyPI) repository, several more have come to light, uncovered by different firms. It's becoming a bit of a whack-a-mole exercise, snuffing out bad code only to find more taking its…
Mobile transactions could’ve been disabled, created and signed by attackers. Smartphone maker Xiaomi, the world’s number three phone maker behind Apple and Samsung, reported it has patched a high-severity flaw in its “trusted environment” used to store payment data that…