Fortinet Vulnerability a Cause for Concern

Dark Reading: Critical RCE Bug Opens Fortinet’s Secure Web Gateway to Takeover https://www.darkreading.com/application-security/critical-rce-bug-fortinet-secure-web-gateway-takeover

Oasis Recovers Stolen Cryptocurrency

Oasis reportedly exploits its own wallet platform to recover stolen cryptocurrency.

CoinDesk: https://www.coindesk.com/business/2023/02/24/oasis-exploits-its-own-wallet-software-to-seize-crypto-stolen-in-wormhole-hack/

Cyber Startup Closes 10M Seed

Very exciting to see such a tremendous booster for cybersecurity startup Hadrian. Their autonomous technology will help many with managing cyber threats.

https://techcrunch-com.cdn.ampproject.org/c/s/techcrunch.com/2022/06/24/amsterdam-cyber-startup-hadrian-closes-e10-5m-seed-for-platform-which-simulates-hacker-attacks/amp/

https://www.linkedin.com/posts/michael-mcadams-b3s240_amsterdam-cyber-startup-hadrian-closes-105m-activity-6946143826470211585-muhY

Shortage in Cybersecurity Experience VS Talent

Great article on an excellent view of the topic of shortage in Cybersecurity:

Silicon Republic | Jenny Darmody: “Cybersecurity has an ‘experience shortage’, not a talent shortage”

“HPE’s Bobby Ford believes businesses need to stop taking cyber talent from other companies and start thinking outside the box.

https://burnoutblusbolsteredblog.blogspot.com/2022/06/shortage-in-cybersecurity-experience-vs.html

LinkedIn: https://www.linkedin.com/posts/michael-mcadams-b3s240_cybersecurity-has-an-experience-shortage-activity-6945789833478901760-rYLa?utm_source=linkedin_share&utm_medium=ios_app

New State Sponsored APT Tools Built to Attack Industrial Control Systems

New State-Sponsored APT Tools Built to Attack ICS/SCADA Devices Exploiting Vulnerable Drivers

A state-sponsored threat group has developed new APT tools target and compromise industrial control systems via targeting vulnerable motherboard drives in multiple ICS devices.

Much more detail here:

CISA: https://www.cisa.gov/uscert/ncas/alerts/aa22-103a

Dragos: https://www.dragos.com/blog/industry-news/chernovite-pipedream-malware-targeting-industrial-control-systems/

Mandiant: https://www.mandiant.com/resources/incontroller-state-sponsored-ics-tool

Compromised Exchange Servers Sending Emails to Infect Computers with IcedID Malware

IcedID Info-Stealing Malware Continues to Spread

Compromised Microsoft Exchange servers are sending out emails that appear to be a part of an email chain’s conversation to lure the un-suspecting user into opening an attached password protected archive or .zip file, along with the included password on open the file, resulting in infecting the user’s computer. From this point IcedID phones home with command-and-control techniques and then it can be utilized for a number of different ways to continue to exploit the infected computer. Due to the age of IcedID malware there is quite a bit of researched patterns and information of how it infects a computer.

More details:

The Register – https://www.theregister.com/2022/03/29/icedid_microsoft_exchange_phishing/

The Hacker News – https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html

BleepingComputer – https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/

A Second Chinese Threat Actor Identified In Ukraine CyberAttacks

“Scarab”, a Chinese speaking threat actor has been identified attacking Ukraine in using a backdoor named “HeaderTip” in spear-phishing attack campaigns.

The Hacker News – “Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion” : https://thehackernews.com/2022/03/another-chinese-hacking-group-spotted.html

The Record – “Researchers tie Ukraine cyber intrusion attempt to suspected Chinese threat actor ‘Scarab’” : https://therecord.media/researchers-tie-ukraine-cyber-intrusion-attempt-to-suspected-chinese-threat-actor-scarab/

SpaceX shifts resources to cybersecurity to address Starlink jamming

cybersecurity #cyberspace #cyberattack #spacex #starlink #spacetech #space #tech