February 2021

A critical authentication bypass vulnerability could be exploited by remote attackers to Rockwell Automation programmable logic controllers (PLCs). A critical authentication bypass vulnerability, tracked as CVE-2021-22681, can be exploited by remote attackers to compromise programmable logic controllers (PLCs) manufactured by Rockwell Automation. The vulnerability was independently reported to Rockwell by researchers at the Soonchunhyang University […]

The post Experts found a critical authentication bypass flaw in Rockwell Automation software appeared first on Security Affairs.

Read More Experts found a critical authentication bypass flaw in Rockwell Automation software

‘Hotarus Corp’ Ransomware operators hacked Ecuador’s largest private bank, Banco Pichincha, and the country’s Ministry of Finance. ​A cybercrime group called ‘Hotarus Corp’ has breached the Ecuador’s largest private bank, Banco Pichincha, and the local Ministry of Finance (the Ministerio de Economía y Finanzas de Ecuador). The group claims to have also stolen data from […]

The post Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha appeared first on Security Affairs.

Read More Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks. Crooks conduct SIM swapping attacks to take control of victims’ […]

The post T-Mobile customers were hit with SIM swapping attacks appeared first on Security Affairs.

Read More T-Mobile customers were hit with SIM swapping attacks

I honestly don’t know where my time goes. I get up, have great plans for all the things I want to do then next minute, the day is gone. There’s probably some hints in the range of different things I’m speaking about this week and the book is certainly now

Read More Weekly Update 232

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks. Experts from French national cyber-security agency ANSSI have spotted a new Ryuk ransomware variant that implements worm-like capabilities that allow within local networks. “On top of its usual functions, this version holds a new attribute […]

The post New Ryuk ransomware implements self-spreading capabilities appeared first on Security Affairs.

Read More New Ryuk ransomware implements self-spreading capabilities

Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack Microsoft has announced the availability of open-source CodeQL queries that the IT giant used during its investigation into the SolarWinds attack. In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint […]

The post Microsoft releases open-source CodeQL queries to assess Solorigate compromise appeared first on Security Affairs.

Read More Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. The server contained 55,000 court papers regarding over 15,000 legal cases, which affected hundreds of thousands of people. What’s Going On? Our online security team has uncovered a massive data breach originating from a misconfigured […]

The post Data Breach: Turkish legal advising company exposed over 15,000 clients appeared first on Security Affairs.

Read More Data Breach: Turkish legal advising company exposed over 15,000 clients

Whenever I think about SAM and software assets, I remember my very first CND lesson – forget about scharfes-ing the word “asset” because it has nothing in common with what you’re up against in IT management. Instead, replace “s” with the dollar sign (“…

Read More Software Asset Management (SAM) Revisited – ITAM vs SAM and the Real Cost of High-Velocity Upscaling

This morning’s podcast reports on two studies of cyber threat trends, and a warning about targeted attacks on the defence sector
The post Cyber Security Today, Feb. 26, 2021 – Conflicting reports on vulnerabilities, and a warning to the defence sector …

Read More Cyber Security Today, Feb. 26, 2021 – Conflicting reports on vulnerabilities, and a warning to the defence sector

Excellent Brookings paper: “Why data ownership is the wrong approach to protecting privacy.”

From the introduction:

Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal information even if they choose to “sell” it. Data is not a commodity. It is information. Any system of information rights­ — whether patents, copyrights, and other intellectual property, or privacy rights — ­presents some tension with strong interest in the free flow of information that is reflected by the First Amendment. Our personal information is in demand precisely because it has value to others and to society across a myriad of uses…

Read More The Problem with Treating Data as a Commodity

Hackers have broken into the biochemical systems of an Oxford University lab where researchers are working on the study of Covid-19. Hackers compromised the systems at one of the most advanced biology labs at the Oxford University that is involved in the research on the Covid-19 pandemic. The news was disclosed by Forbes and the […]

The post Hackers are selling access to Biochemical systems at Oxford University Lab appeared first on Security Affairs.

Read More Hackers are selling access to Biochemical systems at Oxford University Lab

We check in on ITWC’s latest MapleSEC satellite series event, the Supreme Court of Canada says no to big telcos’ cries for a pricing appeal, and President Biden signs another exec order, this one tackling the global chip shortage.
The post Hashtag Tren…

Read More Hashtag Trending, Feb. 26, 2021 – MapleSEC recap; Supreme Court of Canada says no to pricing appeal; Biden signs exec order to address chip shortage

Dutch Research Council (NWO) confirmed that the recent cyberattack that forced it to take its servers offline was caused by the DoppelPaymer ransomware gang. On February 14, Dutch Research Council (NWO) was hit by a cyber attack that compromised its network and impacted its operations. In response to the incident, the Dutch Research Council (NWO) […]

The post Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack appeared first on Security Affairs.

Read More Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack

SolarWinds announced the APM Integrated Experience for the SolarWinds application performance management (APM) solutions—AppOptics, Loggly, and Pingdom—consolidating access to application performance metrics, traces, logs, and user experience into a co…

Read More SolarWinds APM Integrated Experience delivers a single platform for navigation across the APM portfolio