Researchers Disclose 56 Vulnerabilities Impacting OT Devices from 10 Vendors

The Hacker News reported on the findings as to vulnerabilities found in IoT devices offered by different global vendors.

Collectively dubbed OT:ICEFALL by Forescout, the 56 issues span as many as 26 device models from Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa.

"Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts," the company said in a technical report.

Read more on the Hacker News


Webinar 16.06.22: Sophos Adaptive Cybersecurity Ecosystem

REGISTRATION

Trilight Security and Hermitage Solutions invite you to take part in an online event, devoted to Adaptive Cybersecurity Ecosystem (ACE) of Sophos, in particular, its endpoint protection component, Sophos Intercept X.

Agenda:

  1. Sophos company introduction.
  2. Adaptive Cybersecurity Ecosystem (ACE), quick Sophos portfolio overview, "Cyber Kill Chain".
  3. Sophos Intercept X (CIXA – endpoint protection). Different protection levels explained.

Speaker:

Mindaugas Kadunas, Sophos Presales Engineer at Hermitage Solutions.

Date: 

16.06.2022, 12:00 CET, duration 45 minutes.

Registration:

To register for the event respond to this message with your contact details in signature, of follow this link to learn more about the event and fill a small registration form.

About Trilight Security

Trilight Security OÜ is a cybersecurity services provider offering reliable and affordable managed security services, managed detection & response, and SOCaas services to customers across Europe. More information can be found on our website.

About Hermitage Solutions

Hermitage Solutions is a leading value-added distributor of cybersecurity and innovative infrastructure solutions in the Baltic states that provide IT security products and services for enterprises and SMB in various industries. More information can be found on our website.

REGISTRATION


Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines

The Hacker News reports on new attacks by hackers on bank ATM-machines.

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards.

Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891, with some of the group's tactics, techniques, and procedures sharing overlaps with that of another cluster dubbed UNC1945.

Read further on the Hacker News


U.S. Cybersecurity Agency Publishes List of Free Security Tools and Services

A very comprehensive list of free cybersecurity tools recommended by U.S. Cybersecurity Agency you may find in the news published by the Hacker News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday published a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture.

The "Free Cybersecurity Services and Tools" resource hub comprises a mix of 101 services provided by CISA, open-source utilities, and other implements offered by private and public sector organizations across the cybersecurity community.

Read further on the Hacker News


We Become Sophos Authorized Partner

Trilight Security OÜ has recently been designated as Sophos Reseller. This is a title which opens to us the new opportunities to bring intelligent and reliable cybersecurity solutions to the market. These premium security solutions allow our customers to enjoy various benefits which the next-gen security tools and endpoint protections Sophos offers.

In the first place, these are small and mid-sized business that will benefit from simplified cybersecurity management offered by Sophos solutions and Trilight Security team taking advantage of the in-depth training and support by partner vendor.

Through this partnership we will be able to provide our customers with comprehensive range of Sophos solutions, securing systems and data against modern cyber threats, minimizing the risks and inspiring confidence based on earned reputation of the vendor: Sophos is well known for going above and beyond to provide partners with best industry cybersecurity solutions and superior support.

Trilight Security offers a long range of Sophos products and can assist customers with consulting, selection, installation and management of its facilities.

About Trilight Security

Trilight Security is a Managed Security Service Provider based in Estonia, European Union. We work with customers from small and medium to enterprises, with focus on providing reliable and affordable cybersecurity services to SMB from EU and Associated Countries. Our qualified cybersecurity and IT experts detect, investigate, respond to threats before they disrupt business or take necessary steps to minimize their potential or real impact. More information is available at www.trilightsecurity.com

About Sophos

As a worldwide leader in next-generation cybersecurity, Sophos protects more than 400,000 organizations of all sizes in more than 150 countries from today's most advanced cyber threats. Powered by SophosLabs – a global threat intelligence and data science team – Sophos' cloud-native and AI-powered solutions secure endpoints (laptops, servers and mobile devices) and networks against evolving cyberattack techniques, including ransomware, malware, exploits, data exfiltration, active-adversary breaches, phishing, and more. Sophos Central, a cloud-native management platform, integrates Sophos' entire portfolio of next-generation products, including the Intercept X endpoint solution and the XG next-generation firewall, into a single "synchronized security" system accessible through a set of APIs. Sophos has been driving a transition to next- generation cybersecurity, leveraging advanced capabilities in cloud, machine learning, APIs, automation, managed threat response, and more, to deliver enterprise-grade protection to any size organization. Sophos sells its products and services exclusively through a global channel of more than 53,000 partners and managed service providers (MSPs). Sophos also makes its innovative commercial technologies available to consumers via Sophos Home. The company is headquartered in Oxford, U.K. More information is available at www.sophos.com.

 


Critical Flaws Discovered in Cisco Small Business RV Series Routers

The Hacker News reported on serious flaws found in budget Cisco routes.

Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept (PoC) exploit code targeting some of these bugs.

Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest CVSS rating of 10.0, and affect its Small Business RV160, RV260, RV340, and RV345 Series routers.

Read further in The Hacker News


QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices

The Hacker News reported on new type of Ransomware.

"DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said. "QNAP urges all QNAP NAS users to […] immediately update QTS to the latest available version."

A query on IoT search engine Censys shows that at least 3,687 devices have been encrypted by the DeadBolt ransomware so far, with most NAS devices located in the U.S., Taiwan, France, Italy, the U.K., Hong Kong, Germany, the Netherlands, Poland, and South Korea.

Read more on The Hacker News


Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

The Hacker News reported on important patch released by Cisco.

Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system.

Tracked as CVE-2022-20658, the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and concerns a privilege escalation flaw arising out of a lack of server-side validation of user permissions that could be weaponized to create rogue Administrator accounts by submitting a crafted HTTP request.

Read further on The Hacker News


Goodfirms Publishes Interview with Trilight CEO

The Goodfirms.co, a renowned B2B service suppliers reviews service has chosen Trilight Security CEO for the interview.

Goodfirms: Please introduce your company and give a brief about your role within the organization.

Trilight CEO: We are Trilight Security, a cybersecurity services provider. Basically, we are the MSSP and provide managed security service to our SMB customers and larger enterprises. I’m one of the co-founders of the company and currently perform CEO duties...

Read further on the Goodfirms.com


Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware

The Hacker News describes he way how the Microsoft flaw is being utilized by hackers.

A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines.

"[T]he stealer is a PowerShell script, short with powerful collection capabilities — in only ~150 lines, it provides the adversary a lot of critical information including screen captures, Telegram files, document collection, and extensive data about the victim's environment," SafeBreach Labs researcher Tomer Bar said in a report published Wednesday.

Read more on The Hacker News