The U.S. government has sanctioned numerous Iranian individuals after intensified hacking campaigns have caused cybersecurity havoc in countries around Europe. The announcement was made by The Treasury Department's Office of Foreign Assets Control. More: - The government has sanctioned twelve individuals. These individuals used methods and tools that are similar to the tools that a hacker group known as APT35 uses. The threat actor, who is also known as Charming Kitten, Phosphorus, DEV-0270, Tunnel Vision, and Nemesis Kitten, has been previously linked with multiple breaches.
- The hacker collective has taken advantage of the following flaws:
- This particular collective focuses on breaching U.S. and Middle Eastern diplomatic missions, defense, media, telecommunication, and energy companies.
- These individuals were also mentioned earlier this year in a joint warning released by the U.S., Canada, the U.K., and Australia.
Zoom Out: - Iranian hackers recently breached Albania's E-Albania online system. The breach caused a complete shutdown in administrative services for the country. These hackers cyberattacked the country again hours later, this time breaching Albania's border security control software known as TIMS.
- This breach led to the country cutting its diplomatic ties with Iran.
| |
A cyberattack has hit over 280,000 WordPress websites. The websites are being attacked through a flaw in the WPGateway plugin. More: - This flaw is being tracked as CVE-2022-3180 and has a CVSS score of 9.8.
- WPGateway is used to manage WordPress plugins through a centralized dashboard.
- Wordfence said it blocked over 4.6 million attacks against more than 280,000 sites in the past month.
Zoom Out: - Only a few days ago, a WordPress flaw tracked as BackupBuddy was publicized by researchers. The flaw has affected over 140,000 users so far.
- Hackers have also breached WordPress websites with password-stealing trojans and malware by using heavily loaded Javascript payloads that led to a DDoS attack.
| |
 A message from WIND RIVER Are you making use of all your RTOS's features? Modern real-time operating systems come with updated features that can make development faster and easier.
Join us as we explore the features available in the newest version of VxWorks®, as well as how to take advantage of them to streamline the software development cycle. You will learn: - What features are available in the newest edition of VxWorks
- How to set up and use these new features
- How they can improve the development process for embedded engineers
Register Now!
| |
Contec airplane WiFi devices have been found to be vulnerable to hackers. Researchers have tracked two specific bugs that can cause security risks for those who are connected to these devices. More: - The flaw affects the Flexlan FX3000 and FX2000 series wireless LAN devices.
- In a public statement, the researchers claimed that the flaw allows hackers to run Linux commands that lead to admin privileges.
- By having these privileges, users are unable to reset their devices and change their passwords, as the system believes the hacker is the owner of the device.
- A second flaw tracked as CVE–2022–36159 was also highlighted by the researchers. This flaw left back-door opportunities for hackers that could be taken advantage of. The back doors were left open due to weak cryptographic keys.
| |
CISA has ordered federal agencies to patch the recent Windows and iOS security flaws. The decision comes after Apple's recent iOS update and bug patches by Microsoft. More: - While the number of bugs patched recently is high, CISA has added two bugs to its list of vulnerabilities: CVE-2022-37969 and CVE-2022-32917.
- The Windows bug was a zero-day flaw that could have allowed hackers to gain unauthorized system privileges by abusing the Windows Common Log File System Driver.
- For Apple, this bug was the eighth one it had to fix this year, while the company has previously stated that CVE-2022-32917 may have been exploited in the wild.
- CISA has added over 800 security flaws in less than one year, a sign that hacking campaigns have intensified ever since the war in Ukraine began.
| |
 A message from QUANTUM Avoid Paying a Ransom - Get the Ultimate Backup Guide Before You Need It Paying a ransom may sound like the best case scenario: get your data back, make your customers feel worth it. But actually, it can affect your business in other ways and may, in some cases, be illegal. Make sure your systems are protected across the entire data lifecycle - and never pay a ransom again. You’re able to balance cost while maximizing efficiency. No one can stop ransomware or fully prevent it from taking place - but you can make sure you’re protecting your customers and your data by ensuring that there is a fully air-gapped solution. Request A Demo
| |
Lenovo has fixed security bugs for hundreds of different models of its products. The company has highlighted five flaws that could have led hackers to gain unauthorized privileges, cyberespionage, denial of service attacks, etc. More: - The company has patched the following bugs:
- CVE-2021-28216 — allows hackers to gain remote access.
- CVE-2022-40134 — leaks information.
- CVE-2022-40135 — allows the hacker to read the SMM memory.
- CVE-2022-40136 — another SMM memory flaw.
- CVE-2022-40137 — allows the breacher to overload the WMI SMI handler.
- If hackers gain access to SMM, they could easily gain control over the entire device. In order to counteract this type of attack, companies have developed a way of isolating SMM.
- Lenovo claims that it has patched most of the bugs, while other bugs will be patched in September and October.
- The company publishes a list that contains all of the security flaws that the company has either patched or plans to do so in the future.
| |
Quick Hits: - Join ClickUp For Startups to scale success with hands-on support and free resources. Qualifying startups get $3,000 in credit.*
- Over 80% of surveyed companies have been the victim of a cloud cyber attack in the past year, according to a new report. Startups are the most targeted entities by hackers, with 89% of them being a victim of cyberattacks.
- U.K. government authorities have concluded that several U.K. financial institutions saw an increased volume of cyberattacks against them during the first months of the war in Ukraine. Hackers used DDoS attacks as a threat vector.
- A threat actor known as SparklingGoblin APT has been tracked breaching a university in Hong Kong.
- A new report shows that over 20 million people will have to change careers due to technological advancement over the next two decades, with cybersecurity being one of the most in-demand jobs in the future job market.
*This is sponsored content.
| |
Upcoming events at Inside: - September 14 - What Do Developers Think of Threat Modeling? (feat. security experts from Security Compass, Dell, and Tricentis) (Register Here) *
- September 14 - AMA with Brian Dean (Founder of Backlinko) (Register Here)
- September 21 - Hired's Navigating Market Uncertainty: The State of Tech Hiring Webinar (Register Here) *
- September 21 - AMA with Kristen Ruby (Founder of Ruby Media Group) (Register Here)
- September 22 - "Top 10 Overlooked VxWorks Features" with Brian Kuhl (Register Here) *
- September 28 - AMA with Leigh-Ann Buchanan (Founder of aīre ventures) (Register Here)
- October 05 - AMA with Ram Bartov (Chief Accounting Officer at TripActions)* (Register Here)
- October 11 - AMA with Mike Malone (Smallstep) (Register Here)
- October 12 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
| |
With Quantum, we shift the focus from accumulating data to making it work for you. | |
