Cybersecurity Weekly: DOJ prioritizes ransomware, CODESYS flaws, Realtek bugs
The U.S. gives ransomware hacks similar priority as terrorism. Ten critical flaws were found in the CODESYS industrial automation software. Researchers warn of critical bugs affecting the Realtek Wi-Fi module. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. U.S. to give ransomware hacks similar priority as terrorism
The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals. The DOJ guidance specifically refers to Colonial as an example of the growing threat that ransomware and digital extortion pose to the nation.
2. Ten critical flaws found in CODESYS industrial automation software
Last week, cybersecurity researchers disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to remote code execution on programmable logic controllers. To exploit the vulnerabilities, an attacker does not need a username or password — having network access to the industrial controller is enough.
3. Researchers warn of critical bugs affecting Realtek Wi-Fi module
A new set of critical vulnerabilities was disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications. Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS.
4. Meat giant JBS now fully operational after ransomware attack
On May 31, JBS was forced to shut down production after REvil ransomware operators breached and encrypted some of its North American and Australian IT systems. The attack on JBS follows another major ransomware incident that forced Colonial Pipeline to shut down the largest US pipeline and pay a $5 million ransom.
5. Microsoft Teams calls are getting end-to-end encryption in July
Microsoft Teams is getting better security and privacy next month with the addition of end-to-end encrypted 1:1 voice calls. While Microsoft Teams already encrypts data at rest and in transit, it allows administrators to configure automatic recording and transcription of voice calls.
6. UF Health Florida hospitals back to pen and paper after cyberattack
Last week, UF Health The Villages Hospital and UF Health Leesburg Hospital suffered a cyberattack preventing access to computer systems and email. The hospital suspended access to some of their Central Florida systems, including email, and have implemented backup procedures as their IT team ensures that all data and networks are secure.
7. Scripps Health notifies patients of data breach after ransomware attack
The Steamship Authority, Massachusetts' largest ferry service, was hit by a ransomware attack on Wednesday which led to ticketing and reservation disruptions. In an update later in the week, the Steamship Authority said that it's still working on restoring services, with trips already scheduled to operate without disruption.
8. Massachusetts' largest ferry service hit by ransomware attack
Bose confirmed that it experienced a data breach, having fallen victim to a ransomware attack in early March. Immediately upon discovering the attack on March 7, Bose initiated incident response protocols, activated its technical team to contain the incident, and hardened its defenses against unauthorized activity.
9. FUJIFILM shuts down network after suspected ransomware attack
FujiFilm is investigating a ransomware attack and shut down portions of its network to prevent the attack's spread. While FUJIFILM has not stated what ransomware group is responsible for the attack, Advanced Intel CEO Vitali Kremez announced that FUJIFILM was infected with the Qbot trojan last month.
10. Threat actors hacked NYC MTA using Pulse Secure zero-day
Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority network in April using a Pulse Secure zero-day. Still, they failed to cause any data loss or gain access to systems controlling the transportation fleet. According to MTA's Chief Technology Officer, the attackers couldn't gain access to employee or customer information.
In this Series
- Cybersecurity Weekly: DOJ prioritizes ransomware, CODESYS flaws, Realtek bugs
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
