Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A selection of this week’s more interesting vulnerbility disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. We all hope banks have great security but what about those providing services to banks that also have access to all our data? Well, this is a scary story that makes you wonder about the rest of them.

We've recently been inundated with news of increased cyberattacks and a general increase in cyber threats online. Hackers - both bad and good, government related or private groups - have their hands full every day as never before and compounding the situation is the Russia-Ukraine (UA) war which has sparked a cyber storm. This made us just more curious about Internet attacks on the UA telecom infrastructure.

There are many significant technology-enabled changes taking place in industrial environments today. Smart factories and Industry 4.0. The Industrial Internet of Things (IIoT). The convergence of information technology (IT) and operational technology (OT). All of these things are introducing digital technologies at a fast pace to improve operations, increase productivity, enhance oversight, and increase profitability.

Tetra Defense, an Arctic Wolf® company, partnered with Chainalysis to analyze the link between the Karakurt cyber extortion group to both Conti and Diavol ransomware through Tetra’s digital forensics and Chainalysis’ blockchain analytics. As recent leaks have revealed, Conti and Trickbot are complicated operations with sophisticated structures. But, our findings indicate that web is even wider than originally thought, to include additional exfiltration-only operations.

Very few people can memorize all of their passwords – especially if they’re using unique ones for each account. Many solve this problem by embracing a password manager like 1Password, while others turn to pen and paper. The latter could be a tiny notebook, a whiteboard on their office wall, or an array of sticky notes attached to their PC monitor.

As Synk announces its support of unmanaged dependencies (mostly C/C++ libraries), we thought it would be beneficial to introduce our non-C community to some common, high-risk dangers that lurk in the C world (get it?). Think of this as a “beginners guide” to C and C++ vulnerabilities, how they look, what problems they may cause, and how to fix them.

The Splunk Threat Research Team is monitoring several malicious payloads targeting Customer Premise Equipment (CPE) devices. These are defined as devices that are at customer (Commercial, Residential) premises and that provide connectivity and services to the internet backbone. Examples include.

Read also: Ukraine thwarts a Sandworm cyberattack against an energy provider, Microsoft disrupts the ZLoader botnet, and more.

For many years, it’s been said that data is the new oil. This means that data rich companies could well be more successful than their competitors. Data and information are like fuel for companies since both are needed for ongoing business transactions and innovation. Companies can only win the race against their competitors if they are not losing this fuel, meaning they must keep data secure at all times and anywhere.

One thing that we’ve learned from the Russia-Ukraine conflict is that the cybersecurity and the cyber-warfare world is going to change, if it hasn’t already. While Anonymous, the TI Army of Ukraine, and more hacktivist groups are actively participating in the conflict, a relatively new group brings something new to the table.