Australian PM says nation under serious state-run ‘cyber attack’ – Microsoft, Citrix, Telerik UI bugs ‘exploited’

Australian Prime Minister Scott Morrison has called a snap press conference to reveal that the nation is under cyber-attack by a state-based actor, but the nation’s infosec advice agency says that while the attacker has gained access to some systems Read More …

Contact tracing apps unsafe if Bluetooth vulnerabilities not fixed

As more governments turn to contact tracing apps to aid in their efforts to contain the coronavirus outbreak, cybersecurity experts are warning this may spark renewed interest in Bluetooth attacks. They urge developers to ensure such apps are regularly tested for Read More …

DarkHotel hackers use VPN zero-day to breach Chinese government agencies

Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. Attacks began last month, in March, and are believed to be related to the current coronavirus (COVID-19) outbreak. Chinese security-firm Qihoo 360, which Read More …

4G networks vulnerable to denial of service attacks, subscriber tracking

Every 4G network is susceptible to a form of denial-of-service (DoS) attack, researchers say. We are in the early stages of a rollout of 5G, the next-generation wireless technology that will replace 4G, offering improved speeds and latency in the process. However, Read More …

The IIoT Threat Landscape: Securing Connected Industries

The Industrial Internet of Things (IIoT) provides bridges of connectedness that enable seamless IT and OT convergence. However, threat actors can cross these bridges to compromise systems. As the use of IoT extends beyond the home and goes into the Read More …

Critical Bugs in Rockwell, Johnson Controls ICS Gear

Security vulnerabilities that require very little skill to exploit have been discovered in industrial control systems (ICS) gear from Rockwell Automation and Johnson Controls, which anchor a flurry of bug disclosures impacting critical infrastructure. First, a set of critical vulnerabilities Read More …

Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Chinese hackers have used a zero-day in the Trend Micro OfficeScan antivirus during their attacks on Mitsubishi Electric, ZDNet has learned from sources close to the investigation. Trend Micro has now patched the vulnerability, but the company did not comment if the Read More …

Critical, Unpatched ‘MDhex’ Bugs Threaten Hospital Devices

A collection of six cybersecurity vulnerabilities in a range of GE Healthcare devices for hospitals has been discovered. Dubbed “MDhex” by the researchers at CyberMDX who discovered them, the bugs would allow attackers to disable the devices, harvest personal health Read More …

FBI: Nation-state actors have breached two US municipalities

Nation-state hackers have breached the networks of two US municipalities last year, the FBI said in a security alert sent to private industry partners last week. The hacks took place after attackers used the CVE-2019-0604 vulnerability in Microsoft SharePoint servers to breach Read More …