News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Researchers Discover Holey Web Application Firewalls (WAF)
B2B Cyber ​​Security ShortNews

Claroty security researchers have discovered ways to bypass Web Application Firewalls (WAF). A lack of JSON support allows attacks on potentially all providers. The providers Palo Alto Networks, Amazon Web Services, Cloudflare, F5 and Imperva have meanwhile updated their products. Security researchers from Team82, the research arm of cyber-physical systems (CPS) security specialists Claroty, have identified the possibility of a basic bypass of industry-leading web application firewalls (WAF). The attack technique involves appending JSON syntax to SQL injection payloads. Leading WAF Vendors Have Already Responded Although most database engines have supported JSON for a decade,…

Read more

IHK is the victim of a cyber attack – website paralyzed
B2B Cyber ​​Security ShortNews

The German Chamber of Commerce and Industry was the victim of a cyber attack. Currently, the homepage of the IHK only shows the note "Service currently not available" and refers to the page of the "DIHK - Deutscher Industrie- und Handelskammertag". The Chamber of Industry and Commerce fell victim to a massive cyber attack. At least that's what Michael Bergmann, the general manager of the IHK Mittleres Ruhrgebiet, says via LinkedIn. He wrote there: “Hacker attack on the IHK organization. Unfortunately, a serious IT security incident occurred yesterday. The IHK organization was subjected to a massive cyber attack. As a security measure, all Internet connections were blocked immediately. As a result, both…

Read more

Ransomware victim: electronics manufacturer Semikron from Nuremberg
B2B Cyber ​​Security ShortNews

As the Semikron Group announced on August 01, 2022, it was the victim of a cyber attack by a professional hacker group. According to Semikron, the systems were partially encrypted. It was not yet known who exactly was behind the attack and whether a ransom was being demanded or paid. The high rate of attacks on large companies or powerful medium-sized companies continues. In particular, the fact that large APT groups offer their ransomware as RaaS - ransomware as a service, causes an increased number of cyber attacks. Now it also has the Nuremberg-based manufacturer…

Read more

Ransomware: BlackCat uses Brute Ratel as an attack tool
SophosNews

Sophos X-Ops presents the latest threat intelligence results. BlackCat ransomware gang uses the Brute Ratel pentesting tool as a new attack tool. Attack series shows how cybercriminals infect computers worldwide through unpatched firewalls and VPN services. Sophos X-Ops reveals in the new BlackCat Ransomware Attacks Not Merely a Byproduct of Bad Luck report that the ransomware gang has added the Brute Ratel pentesting tool to its arsenal of attack tools. The article describes a series of ransomware attacks in which BlackCat used unpatched or outdated firewalls and VPN services to penetrate vulnerable networks and systems in various industries worldwide. BlackCat with Ransomware-as-a-Service The…

Read more

Russian cyber attacks on Ukraine KRITIS
Russian cyber attacks on Ukraine KRITIS

"Cyberattacks on critical infrastructure have become a key element of this conflict" - expert commentary on the Russian hacking attack on the largest private energy conglomerate by cybersecurity specialist Claroty. The DTEK Group, which owns coal and thermal power plants in various parts of Ukraine, says it has been the target of a Russian hacker attack. A group called XakNet wanted to destabilize the energy operator's technological processes, spread propaganda about the company's activities and leave Ukrainian consumers without electricity. Ukrainian electricity supplier attacked The same Russian hacker group allegedly attacked back in April…

Read more

Hive Ransomware: Attack Sequence 
Hive Ransomware: Attack Sequence

The course of a ransomware attack using Hive was investigated by the Varonis forensics team during a customer deployment. The attack and the actions of the cyber criminals were documented in this way. First discovered in June 2021, Hive is used as ransomware-as-a-service by cybercriminals to attack healthcare facilities, nonprofits, retailers, utilities, and other industries worldwide. Most commonly, they use common ransomware tactics, techniques, and procedures (TTPs) to compromise victims' devices. Among others, phishing emails with malicious attachments, stolen VPN credentials and vulnerabilities are used to intrude into the targeted systems….

Read more

KRITIS still in sight one year after Colinial Pipeline & Co.
Tenable news

Tenable sees KRITIS operators exposed to increasing threat potential. Also one year after the severe attack on Colinial Pipeline & Co. with devastating effects. A comment from Tenable. “In the XNUMX months since ransomware attacks struck JBS Foods and Colonial Pipeline, the sad reality is that the threat to critical infrastructure operators has increased rather than decreased. Attackers only care about money - not impact Attackers recognize the impact they can have by influencing these environments and rely on it to launch their attacks with increasing accuracy and frequency...

Read more

Ransomware & OneDrive: Attackers delete version backups

Proofpoint has discovered potentially dangerous Microsoft Office 365 features that attackers use to delete recovery version files stored on SharePoint and OneDrive in order to more easily blackmail victims. Ransomware attacks traditionally target data across endpoints or network drives. Until now, IT and security teams have believed that cloud drives are more resilient to ransomware attacks. After all, the now well-known “AutoSave” feature, along with versioning and the good old recycle bin for files as a backup, should have sufficed. But that might not be the case for much longer. Vulnerability in Microsoft 365 and OneDrive Proofpoint…

Read more

Fendt tractor paralyzed by hacker attack
B2B Cyber ​​Security ShortNews

As the Allgäuer Zeitung reports, production at tractor manufacturer Fendt has been halted since last week due to a massive hacker attack. In some cases, even the assembly lines are said to stand still in the Marktoberdorf plant with around 4.000 employees. According to the first unofficial findings, the hacker attack is said to have come from Finland. However, the attack should not only affect Marktoberdorf, but also affect production facilities worldwide. This was announced by the parent company AGCO (Your Agriculture Company), a global manufacturer and distributor of agricultural equipment. As early as May 5, 2022, the company announced a ransomware attack affecting some production facilities. AGCO is investigating...

Read more

Report: When ransomware groups fight each other.

A ransomware attack is enough for most companies as a limit. But two at once is an apocalypse scenario, albeit quite exciting for security professionals. Sophos took a closer look at the rare case, which is also a clash of modern and traditional ransomware tactics. Sophos releases its research into a dual ransomware attack in which a ransom note from Karma ransomware operators was encrypted 24 hours later by the Conti Group. Conti, another ransomware community, was operating on the infected network at the same time. Karma group meets Conti group in the same network The Sophos analysts draw the dual attack in detail in…

Read more