News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Evilginx: Dangerous web server tricks MFA 
SophosNews

A malicious mutation of the widely used nginx web server facilitates malicious adversary-in-the-middle attacks. Sophos X-Ops has analyzed the criminal potential of Evilginx in a test setup and offers tips for protection. Evilginx is malware based on the legitimate and widely used open-source web server nginx. It can be used to steal usernames, passwords, and session tokens, and it offers attackers a chance to bypass multi-factor authentication (MFA). How Evilginx works: At its core, Evilginx uses the legitimate and popular nginx web server to route web traffic through malicious websites. These are then used by the threat actors…

Read more

Hacker encrypts 12.000 patient records
B2B Cyber ​​Security ShortNews

Many weeks ago, there was a hacker attack on the MVZ Herz-Lungen-Praxis Hamburg-Bergedorf, a subsidiary that manages the practice information system of the LungenClinic Grosshansdorf. The attack initially resulted in the loss of 12.000 patient records, which have not yet been fully recovered. After a long period of silence by the company, it is now clear that unknown perpetrators encrypted the practice information system with ransomware over the turn of the year. As a result, the MVZ Herz-Lungen-Praxis Hamburg-Bergedorf was no longer able to access the approximately 12.000 patient master and health records. It is also unclear whether all of the data was also lost as a result of the IT security incident...

Read more

Trojan Sliver-Implant targets companies
B2B Cyber ​​Security ShortNews

As the website Tarnkappe.info reports, the Sliver-Implant Trojan is targeting companies. Malware is hidden in Windows link files (LNK), which then gains access to the systems. The attack is primarily carried out via phishing emails with attached archives. The Sliver-Implant Trojan is intended to target companies exclusively and uses manipulated LNK files to gain access. Cyber ​​criminals send phishing emails with infected ZIP or RAR archives that contain supposedly harmless LNK files. When these files are opened, the legitimate "wksprt.exe" file is copied, which then loads a malicious DLL. This uses techniques such as DLL sideloading and proxying,...

Read more

Blue Yonder attacked – Starbucks affected
B2B Cyber ​​Security ShortNews

A few days ago, Blue Yonder, a provider of a management platform for supply chains, was attacked with ransomware. As a result, time tracking at Starbucks, for example, has been paralyzed and salary payments have been somewhat difficult. According to the company itself, the following happened: "On November 21, 2024, Blue Yonder experienced disruptions in its hosted managed services environment due to a ransomware incident. Since the incident became known, the Blue Yonder team has been working intensively with external cybersecurity firms to make progress in recovery. We have conducted several defensive and forensic...

Read more

Recovery: Companies change strategy after an attack
Recovery: Companies change strategy after an attack

2024 IT and IT security managers took part in the study for the Cyber ​​Recovery Readiness Report 1000. It showed that companies that fell victim to unauthorized access to data changed their behavior in securing data and thus significantly accelerated their recovery. The 2024 Cyber ​​Recovery Readiness Report study, conducted by Commvault in collaboration with GigaOM in eleven countries, shows that companies that have suffered a cyber incident in the past have comprehensively reassessed their data security and positioned themselves better. The effect of the additional investments and...

Read more

New old attack method: the attack of the worms
Trend Micro News

Earth Preta - or Mustang Panda - the hacker group is using self-propagating malware that spreads via removable storage devices and spear phishing campaigns in a new wave of attacks. The attacks are currently mainly targeting government agencies in the Asia-Pacific region (APAC). The Earth Preta group uses removable storage devices as an infection vector and pursues cyber espionage to control systems and steal data. Trend Micro recently reported an increase in the activities of Chinese threat actors, which include Earth Preta. Security Advisor Richard Werner at Trend Micro puts the group's activities into context. The return...

Read more

Secure Industrial IoT: A challenge for many 
Secure Industrial IoT: A challenge for many - Image by Vilius Kukanauskas on Pixabay

The concept of Industry 4.0 is essentially based on the digitization and networking of a company's production, logistics and administration. The core building blocks are the devices, sensors and machines connected to the company network and the Internet - the Internet of Things (IoT) and the Industrial Internet of Things (IIoT). For years, companies around the world have been working on the most comprehensive implementation of Industry 4.0 possible - including in Germany. According to an IDC survey from the end of last year, almost half of DACH companies want to increase the speed with which they can develop their IoT and IIoT parks this year...

Read more

Iranian TA453 targets well-known personalities
B2B Cyber ​​Security ShortNews

In a recent investigation, the Threat Research Team at is shedding light on the activities of the Iranian cybercrime group TA453. It is currently targeting a Jewish personality using the BlackSmith malware toolkit. During their analysis, the security experts were able to determine that TA453 has targeted a prominent Jewish personality using a new malware toolkit called BlackSmith - which deploys a PowerShell Trojan called AnvilEcho. Joshua Miller, Senior Threat Researcher at Proofpoint, comments on the investigation results: "TA453 phishing campaigns that we have observed reflect the priorities of the Islamic Revolutionary Guard Corps intelligence service. This malware deployment, which is based on a...

Read more

AI assistant for security analysis in enterprise solutions
AI assistant for security analysis in enterprise solutions Image by T Hansen on Pixabay

Upgrade for business solutions: With ESET AI Advisor, artificial intelligence now supports security managers in their day-to-day security work. SMEs and other companies also receive help with endpoint and XDR solutions. ESET's generative AI-based cybersecurity assistant improves incident response and interactive risk analysis. This enables companies to take advantage of Extended Detection and Response (XDR) solutions even if they have limited IT resources. ESET AI Advisor was first presented at the RSA Conference 2024 and is now available in ESET PROTECT MDR Ultimate and ESET Threat Intelligence, among others. The…

Read more