bleepingcomputer
286 views
1 Posts
Hot
Latest
#bleepingcomputer
Hackers are targeting Windows machines using the ZIP file concatenation technique to deliver malicious payloads in compressed archives without security solutions detecting them.
The technique exploits the different methods ZIP parsers and archive managers handle concatenated ZIP files.
This new trend was spotted by Perception Point, who discovered a a concatentated ZIP archive hiding a trojan while analyzing a phishing attack that lured users with a fake shipping notice.
The researchers found that the attachment was disguised as a RAR archive and the malware leveraged the AutoIt scripting language to automate malicious tasks.
#HackerAlert
#HackerNews
Hackers are targeting Windows machines using the ZIP file concatenation technique to deliver malicious payloads in compressed archives without security solutions detecting them.
The technique exploits the different methods ZIP parsers and archive managers handle concatenated ZIP files.
This new trend was spotted by Perception Point, who discovered a a concatentated ZIP archive hiding a trojan while analyzing a phishing attack that lured users with a fake shipping notice.
The researchers found that the attachment was disguised as a RAR archive and the malware leveraged the AutoIt scripting language to automate malicious tasks.
#HackerAlert
#HackerNews
#bleepingcomputer
The #cybersecurity and Infrastructure Security Agency (#CISA ) has issued a new warning regarding cyber threat actors targeting critical infrastructure by exploiting internet-exposed operational technology (OT) and industrial control systems (ICS). The attacks, which affect sectors like water and wastewater systems, use relatively unsophisticated methods, such as brute force attacks and default credentials, to gain access to these systems.OT devices, essential in managing industrial processes like water treatment, have been a key focus for cybercriminals, including pro-Russian hacktivists, since 2022. These devices are often left vulnerable due to weak configurations and insufficient security measures. Recent incidents, such as a #cyberattack on the water treatment facility in Arkansas City, Kansas, underscore the severity of the threat.To defend against such attacks, CISA recommends that OT/ICS operators implement measures such as changing default passwords, using multifactor authentication, and securing human-machine interfaces behind firewalls. Additionally, the U.S. Environmental Protection Agency (EPA) has released guidance to help water and wastewater system operators improve their cybersecurity posture.The rise in attacks on critical infrastructure highlights the growing need for stronger cybersecurity practices, especially as both state-backed and independent hacking groups increasingly target vulnerable systems.
#hackernews
The #cybersecurity and Infrastructure Security Agency (#CISA ) has issued a new warning regarding cyber threat actors targeting critical infrastructure by exploiting internet-exposed operational technology (OT) and industrial control systems (ICS). The attacks, which affect sectors like water and wastewater systems, use relatively unsophisticated methods, such as brute force attacks and default credentials, to gain access to these systems.OT devices, essential in managing industrial processes like water treatment, have been a key focus for cybercriminals, including pro-Russian hacktivists, since 2022. These devices are often left vulnerable due to weak configurations and insufficient security measures. Recent incidents, such as a #cyberattack on the water treatment facility in Arkansas City, Kansas, underscore the severity of the threat.To defend against such attacks, CISA recommends that OT/ICS operators implement measures such as changing default passwords, using multifactor authentication, and securing human-machine interfaces behind firewalls. Additionally, the U.S. Environmental Protection Agency (EPA) has released guidance to help water and wastewater system operators improve their cybersecurity posture.The rise in attacks on critical infrastructure highlights the growing need for stronger cybersecurity practices, especially as both state-backed and independent hacking groups increasingly target vulnerable systems.
#hackernews
