Welcome to your weekly roundup, where we talk about what you ought to find out about the cybersecurity information and activities that happened in the last few days. Week this, learn about the way the following generation of Intel cellular processors shall consist of malware protection included in the chip. Furthermore, read about a fresh phishing marketing campaign that uses brands to bypass security filter systems and trick sufferers into quitting Microsoft Workplace 365 credentials to get usage of corporate networks.
Read on:
Intel Says ‘Tiger Lake’ Will Drown Control-Flow Malware
Announced this week, another generation of Intel cellular processors shall include malware protection included in the chip. The protection, supplied by Intel’s Control-Flow Enforcement Technologies (CET), will initial be accessible in the business’s “Tiger Lake” cellular processors. In this post, Greg Adolescent, vice president of cybersecurity at Tendency Micro, shares his ideas.
Forward-Looking Security Analysis of Smart Factories Part 4: MES Database Compromises
In this five-part blog series, Trend Micro talks about the security risks to understand when promoting smart factories by examining overlooked attack vectors, feasible attack scenarios and recommended defense strategies. Part four describes the way the Manufacturing Engineering System (MES) plays a significant role in the manufacturing process and how cyberattacks on the MES make a difference production activities.
The theft of top-secret computer hacking tools from the CIA in 2016 was the consequence of a workplace culture where the agency’s elite computer hackers “prioritized building cyber weapons at the trouble of securing their very own systems,” in accordance with an interior report. The breach — committed by way of a CIA employee &mdash allegedly; a year after it just happened was discovered, once the information was published by WikiLeaks in March 2017.
Unpatched Vulnerability Identified in 79 NETGEAR Router Models
A whopping 79 NETGEAR router models are susceptible to a severe security flaw that may let hackers dominate devices remotely. In accordance with researchers, the vulnerability impacts 758 different firmware versions which have been applied to 79 NETGEAR routers over the years, with some firmware versions being first deployed on devices released dating back to 2007.
Massive IBM Cloud Outage Caused by BGP Hijacking
this week IBM has provided new information regarding the large-scale outage that occurred, affecting many IBM Cloud customers. The outage, which knocked a complete host of sites offline, was the full total consequence of BGP hijacking, said the firm.
Hackers Posing as LinkedIn Recruiters to Scam Military, Aerospace Firms
A new, highly sophisticated espionage campaign targeting military and aerospace organizations across Europe and the center East has been discovered by cybersecurity firm ESET. The campaigners try to lure company employees to extract money and/or sensitive documents. Dubbed Operation In(ter)caption; from September to December 2019 the campaign was active, and espionage is declared the principal objective behind this campaign.
Phishing Campaign Targeting Office 365, Exploits Brand Names
Researchers have discovered a complicated new phishing campaign that uses recognized brands to bypass security filters also to trick victims into quitting Microsoft Office 365 credentials to get usage of corporate networks. A written report from Check Point Software observed the attacks&mdash first;the most which targeted European companies, with others observed in Asia and the center East.
Foodora Data Breach Impacts Customers in 14 Countries
Online food delivery service Delivery Hero has confirmed a data breach affecting its Foodora brand. The cybersecurity incident has exposed the account information on 727,000 customers in 14 different countries. Information exposed in the incident included names, addresses, telephone numbers, and hashed passwords. While no financial data was leaked, customers’ geolocation data, accurate to inside a handful of inches, was breached.
Cisco Adds New Security Features to Webex, Patches Serious Vulnerabilities
At its Cisco Live 2020 event, the networking giant informed customers that it has extended its data loss prevention (DLP) retention, Legal Hold and features to Webex Meetings eDiscovery. This week for Webex vulnerabilities the business in addition has published several security advisories, including three which have been classified as high severity and something rated medium severity.
Vulnerable Platform Used in Power Plants Enables Attackers to Run Malicious Code on User Browsers
Otorio’s incident response team identified a high-score vulnerability in OSIsoft’s PI System. They immediately notified OSIsoft Software of the vulnerability, which OSIsoft filed with ICS-CERT (ICSA-20-163-01). Installed in a few of the world’s largest critical infrastructure facilities, OSIsoft Software’s PI System is really a data management platform that accesses an easy selection of core OT network assets in the websites it serves.
How many other sophisticated phishing campaigns perhaps you have seen through the pandemic? Share your ideas in the comments below or follow me on Twitter to keep the conversation: @JonLClay.