CISA
397 views
2 Posts
Hot
Latest
#COINCU
North Korean hacker group #BlueNoroff has been targeting cryptocurrency firms with a new malware campaign called "Hidden Risk" since April 2023. The campaign primarily exploits MacOS vulnerabilities, delivering malware through phishing emails with fake PDF links. Once opened, these PDFs download malware that gives hackers remote access to victims' systems, enabling them to steal sensitive data, including private keys for digital wallets.
The #FBI and #CISA have issued warnings about ongoing threats from North Korean hackers, particularly BlueNoroff, which has long targeted the crypto industry. In recent months, the group has increased its efforts, including using fake domains to further deceive and extort victims. This campaign follows a pattern of cyberattacks linked to the #LazarusGroup , which is also associated with high-profile cybercrimes.
North Korean hacker group #BlueNoroff has been targeting cryptocurrency firms with a new malware campaign called "Hidden Risk" since April 2023. The campaign primarily exploits MacOS vulnerabilities, delivering malware through phishing emails with fake PDF links. Once opened, these PDFs download malware that gives hackers remote access to victims' systems, enabling them to steal sensitive data, including private keys for digital wallets.
The #FBI and #CISA have issued warnings about ongoing threats from North Korean hackers, particularly BlueNoroff, which has long targeted the crypto industry. In recent months, the group has increased its efforts, including using fake domains to further deceive and extort victims. This campaign follows a pattern of cyberattacks linked to the #LazarusGroup , which is also associated with high-profile cybercrimes.
#bleepingcomputer
The #cybersecurity and Infrastructure Security Agency (#CISA ) has issued a new warning regarding cyber threat actors targeting critical infrastructure by exploiting internet-exposed operational technology (OT) and industrial control systems (ICS). The attacks, which affect sectors like water and wastewater systems, use relatively unsophisticated methods, such as brute force attacks and default credentials, to gain access to these systems.OT devices, essential in managing industrial processes like water treatment, have been a key focus for cybercriminals, including pro-Russian hacktivists, since 2022. These devices are often left vulnerable due to weak configurations and insufficient security measures. Recent incidents, such as a #cyberattack on the water treatment facility in Arkansas City, Kansas, underscore the severity of the threat.To defend against such attacks, CISA recommends that OT/ICS operators implement measures such as changing default passwords, using multifactor authentication, and securing human-machine interfaces behind firewalls. Additionally, the U.S. Environmental Protection Agency (EPA) has released guidance to help water and wastewater system operators improve their cybersecurity posture.The rise in attacks on critical infrastructure highlights the growing need for stronger cybersecurity practices, especially as both state-backed and independent hacking groups increasingly target vulnerable systems.
#hackernews
The #cybersecurity and Infrastructure Security Agency (#CISA ) has issued a new warning regarding cyber threat actors targeting critical infrastructure by exploiting internet-exposed operational technology (OT) and industrial control systems (ICS). The attacks, which affect sectors like water and wastewater systems, use relatively unsophisticated methods, such as brute force attacks and default credentials, to gain access to these systems.OT devices, essential in managing industrial processes like water treatment, have been a key focus for cybercriminals, including pro-Russian hacktivists, since 2022. These devices are often left vulnerable due to weak configurations and insufficient security measures. Recent incidents, such as a #cyberattack on the water treatment facility in Arkansas City, Kansas, underscore the severity of the threat.To defend against such attacks, CISA recommends that OT/ICS operators implement measures such as changing default passwords, using multifactor authentication, and securing human-machine interfaces behind firewalls. Additionally, the U.S. Environmental Protection Agency (EPA) has released guidance to help water and wastewater system operators improve their cybersecurity posture.The rise in attacks on critical infrastructure highlights the growing need for stronger cybersecurity practices, especially as both state-backed and independent hacking groups increasingly target vulnerable systems.
#hackernews