Thought Leadership
Blackout: Madrid subway evacuated
Spain and Portugal experienced a widespread power outage that affected large parts of both countries. The Spanish grid operator Red Eléctrica reported the disruption and announced that “all resources have been deployed to resolve” the problem.
New social engineering weapon in cyber warfare
What began as a ploy by commercial cybercriminals is now becoming a method used by state-supported hacker groups: The ClickFix technique. Originally used by financially motivated attackers to circumvent security mechanisms, it is now being used specifically by actors from North Korea, Iran and Russia for espionage purposes.
Old gaps, new access
Despite security updates being installed, cyber criminals have managed to gain permanent access to FortiGate devices. The attackers exploit known vulnerabilities that have long since been closed – but they go one better: they leave behind a so-called backdoor through which they retain access even after the patch.
Data leak with far-reaching consequences
A massive hacker attack has exposed the data of over 118,000 patients in the USA. The company affected is New York-based Endue Software, which provides digital infrastructure for infusion centers.
International cooperation
The German Federal Office for the Protection of the Constitution and the British National Cyber Security Center warn of the danger posed by the malware programs “Moonshine” and “BadBazaar”.
An old trick with a new twist
Despite its age, the ClickFix method remains a popular tool in the arsenal of cybercriminals. Security researchers from Sophos X-Ops came across the sophisticated attack tactic again in their latest analysis.
WK Kellogg has confirmed a data breach in which sensitive employee data was compromised by exploiting a vulnerability in its Cleo file transfer software.
Car rental company is being blackmailed
The Europcar Mobility Group has been the victim of a targeted cyber attack. Unknown persons gained access to the international car rental company’s GitLab repositories and captured both the source code of the mobile applications and customer data.
Questionable crisis communication
The US software company Oracle has admitted to selected customers that attackers have stolen customer access data after compromising a “legacy environment”. This was reported by Bloomberg.
Session tokens are also recorded
Security researchers from Sophos X-Ops have investigated the workings of Evilginx. The malware, which is based on the widely used open source web server nginx, poses a significant threat to IT security by enabling targeted adversary-in-the-middle attacks and can even bypass multi-factor authentication (MFA).