Tag Archive for: Warns

Homeland Security warns federal agencies of hackers targeting Google Chrome, Excel spreadsheets

/in


The Cybersecurity and Infrastructure Security Agency, or CISA, is issuing a new warning: your Google Chrome browser and Excel spreadsheets could be at risk of an attack. The agency identified two new exploits that could give hackers easy access to your computer.

Federal agencies have until January 23 to make sure they’re protected. Here are some ways to make sure you’re protected too.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER

Homeland Security warns federal agencies of hackers targeting Google Chrome, Excel spreadsheets

Microsoft logo on keyboard (Kurt “CyberGuy” Knutsson)

Microsoft Excel’s new exploit

Hackers are targeting Microsoft Excel using a huge vulnerability in a library that reads Excel files. The bug is in a library called Spreadsheet::ParseExcel. It allows hackers to run malware remotely. Specifically, hackers can utilize a string in the library to run programs on your computer.

This exploit has popped up before. Security firm Barracuda noticed Chinese hackers using the exploit last month. They would create custom Excel attachments to exploit the bug and run any program they wanted to.

While Barracuda addressed this with a patch, they say open-source libraries could still be at risk. The company also issued a warning to anyone who uses Spreadsheet::ParseExcel, recommending they review the bug and take any necessary action.

Homeland Security warns federal agencies of hackers targeting Google Chrome, Excel spreadsheets

Google Chrome browser on laptop (Kurt “CyberGuy” Knutsson)

MORE: THE 7 SIGNS YOU’VE BEEN HACKED

Google Chrome’s bug

Google’s eighth day zero attack comes in the form of an attack on an open-source project. WebRTC allows web browsers and mobile applications to communicate in real-time. However, hackers are using it to overload your browser and either cause it to crash or give them permission to do whatever they want. This exploit doesn’t just affect Google Chrome. It also affects other open-source web browsers using WebRTC to communicate. Google issued an emergency fix just last month, but there’s more you can do to protect yourself.

Four essential tips to secure your devices and data from hackers and scammers 

To protect yourself from malicious hackers and scammers, we recommend you do the following four things.

1) Be cautious about using open-source…

Source…

UK At High Risk Of ‘Catastrophic Ransomware Attack,’ Parliamentary Committee Warns

/in


The U.K.’s apparent lack of preparedness and insufficient investment in cybersecurity has reportedly left it highly prone to “catastrophic ransomware attacks,” as per a parliamentary committee.

What Happened: The joint committee on the national security strategy has raised concerns about the U.K.’s susceptibility to a cyber-attack capable of disrupting critical national infrastructure or CNI such as energy, water supply, transport, healthcare, and telecommunications services, reported The Guardian.

The committee criticized the U.K. government and the Home Office for their failure to address ransomware threats adequately and underscored their lack of sufficient investment to deter large-scale cyberattacks.

See Also: This AI Can Predict Your Passwords With A 95% Accuracy Rate Based On Your Keyboard Clicks

Recent ransomware attacks on U.K. public services, including the NHS and, Redcar and Cleveland council, were pointed out as indicators of the looming threat. The committee also expressed concerns about the vulnerability of the U.K.’s CNI due to its dependence on outsourced IT systems.

The report warned of potential threats to human lives from future ransomware attacks if cyber criminals manage to interfere with CNI operations. The NHS was identified as a particular area of concern given its outdated IT services and lack of investment.

Additionally, the committee pointed out ransomware groups in Russia, North Korea, and Iran as primary threats targeting the U.K., based on information from the National Cyber Security Centre or NCSC.

Harjinder Singh Lallie, a cybersecurity expert at the University of Warwick, suggested regularly updating operating systems and computer hardware could mitigate overall costs and disruption.

In response to the report, a government spokesperson said, “The UK is well prepared to respond to cyber threats and has taken robust action to improve our cyber defenses, investing £2.6bn under our cyber security strategy and rolling out the first ever government-backed minimum standards for cybersecurity through the NCSC’s cyber essentials scheme.”

Why It Matters: This warning comes on the heels of increased ransomware attacks globally. Just last…

Source…

Rising ransomware attacks exploit remote access software, warns WatchGuard report

/in


New research from WatchGuard Technologies, a global player in unified cybersecurity, has revealed a significant spike in endpoint ransomware attacks as well as an alarming trend of cyber attackers exploiting remote access software.

The Internet Security Report provides insights into the latest malware trends and endpoint security threats, shedding light on the increasingly sophisticated tactics adopted by cybercriminals.

The research revealed an 89% rise in endpoint ransomware attacks and a decrease in malware delivered through encrypted connections. WatchGuard also observed an increase in abuse of remote access software, an exploitation strategy actively embraced by cyber adversaries.

Cyber criminals are also exploiting password-stealers and info-stealers to pilfer priceless credentials, and are increasingly pivoting from scripting to other living-off-the-land techniques to instigate endpoint attacks.

Discussing the consequeces, Corey Nachreiner, Chief Security Officer at WatchGuard, stated, “Threat actors continuously evolve their tools and methods in attack campaigns, making it crucial for organisations to stay updated on the latest tactics to bolster their security strategy.”

He added that end users often represent the last defence line against sophisticated attacks that employ social engineering tactics. Nachreiner emphasised that it was paramount for organisations to deliver social engineering education and adopt a unified security approach that provides multiple layers of defence.

Among the key findings, the report detailed how cyber attackers are increasingly leveraging remote management tools to dodge anti-malware detection, confirmed by both the FBI and CISA.

Notably, there was a surge in the Medusa ransomware variant in Q3, driving endpoint ransomware attacks up by 89%. The report also highlighted a noticeable decline in attacks employing scripted methods, with script-based attacks dropping by 11% in Q3 and by 41% in Q2.

However, in spite of the reduction, script-based attacks still represent the largest attack vector, making up 56% of total attacks. Cyber attackers are also resorting to Windows living-off-the-land binaries more frequently, as these…

Source…

CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack

/in


After hackers compromised an industrial control system (ICS) at a water utility in the United States, the cybersecurity agency CISA issued an alert over the exploitation of the targeted device.

The target of the attack was the Municipal Water Authority of Aliquippa in Pennsylvania, which confirmed that hackers took control of a system associated with a station where water pressure is monitored and regulated, but said there was no risk to the water supply or drinking water.

Based on publicly available information, the hackers targeted an Unitronics Vision system, which is a programmable logic controller (PLC) with an integrated human-machine interface (HMI).

A hacktivist group called Cyber Av3ngers, known to be anti-Israel and possibly linked to Iran, has taken credit for the attack, apparently targeting the Israel-made Unitronics PLC. 

Unitronics Vision products have been known to be affected by critical vulnerabilities that could expose devices to attacks. However, HMIs are often accessible from the internet without authentication, making them an easy target even for low-skilled threat actors. 

In the case of the Municipal Water Authority of Aliquippa, CISA noted that the attackers likely accessed the ICS device “by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet”. 

This statement suggests that the attackers likely leveraged the fact that the device was insecurely configured, rather than exploiting an actual vulnerability. This would not be surprising for a hacktivist group as these types of threat actors mostly target low-hanging fruit and do not waste time and energy creating sophisticated exploits.  

In order to protect their Unitronics PLCs against potential attacks, organizations have been urged by CISA to change the default ‘1111’ password, require multi-factor authentication for remote access to OT systems, ensure that the controller is not directly exposed to the internet, create backups for the PLC’s logic and configuration in case it gets compromised, change the default port, and update the device to the latest version.

Advertisement. Scroll to continue reading.

Such PLCs are used by organizations in the…

Source…