Here is our latest news roundup of articles about network and digital security. Click here to see the whole series.
Malware
- Recently, the about a ransomware group that had affected 60 organizations in four months. BlackCat ransomware group has demanded millions of dollars in ransom and primarily leverages compromised user credentials to gain access.
- New research out of Germany found that With the new iOS 15 update, Apple introduced the “Find My iPhone After Power Off” feature that allows users to locate phones even when turned off. However, the Bluetooth can be exploited and used to install malware on the device.
Vulnerabilities
- The FBI is warning that unidentified attackers have been of U.S. businesses for several months. The hackers are using malicious PHP code to scrape data. The FBI recommends changing default login credentials, monitoring for potentially malicious activity and securing all websites with TLS/SSL.
- A newly discovered allows attackers to potentially exploit a Bluetooth weakness to unlock doors, operate vehicles and even gain access to connected laptops from hundreds of miles away. The hack is classified as a relay attack and can be used even when a key fob is out of range. It takes advantage of BLE (Bluetooth Low Energy), which the researcher explains should never be used for proximity authentication because it could be vulnerable. This could be exploited in any device running BLE, including smartphones, smart locks, watches and more.
- CISA warning of two new that it says are likely to be exploited.
- A flaw recently discovered in a allows for complete site takeover. The Jupiter theme and JupiterX Core plugin are used by over 90,0000 sites, leaving a large potential threat vector. New updates to Jupiter include patches to the flaws.
Data breaches
- the conviction of Sercan Oyuntur, who managed to use a phishing operation in 2018 to divert $23.5 million from the Department of Defense (DoD) to his personal bank account.
- in May due to credential stuffing. The company said no cash had been lost and that gift cards would be refunded to couples. In addition, no credit cards or bank information where exposed. Zola did reset all user passwords but does not offer two-factor authentication for all accounts, which made the attack easier for hackers.
Government standards
- The European Parliament and EU Member States reached an agreement on a in early May. The existing rules were the first EU-wide legislation on cybersecurity; however, an update was needed to offer more digital trust amidst increasing digital transformation. The NIS 2 Directive expands its scope to medium and large entities in various sectors including public electric communications, public administration, healthcare and more. The goal is to increase the level of cybersecurity in Europe. Member states will have 21 months to implement the directive into national law.
Internet of Things
- could put millions of devices and routers at risk if not patched. The flaw was discovered in all versions of the popular C standard libraries and is caused by predictable transaction IDs which could allow attackers to perform a DNS poisoning attack. DNS attacks have been increasing in recent years, and at we’ve been involved in research to prevent and detect DNS hijacking.