News Items

Researchers at a security firm called Armis discovered a vulnerability in Schneider Electric computer control systems which is popular in heating, air conditioning, and other building systems that could allow hackers to control them. The remote code execution vulnerability puts millions of devices at risk. The affected Modicon programmable logic controllers (PLCs) are also used widely in manufacturing, automation applications, and energy utilities. The researchers stated that the vulnerability could be used to deploy a variety of attacks, from launching ransomware to altering the commands to machinery. The vulnerability could also allow attackers to hijack a command that would leak a password hash from the device's memory. Once they have that, they can authenticate its use and downgrade other security measures, ultimately gaining full control over the PLC. The attack requires network access, making it more challenging but not impossible to deploy in PLCs segmented from other systems, as is often the case in industrial settings. Armis first flagged the vulnerability to Schneider Electric in November. The company is still developing a patch and says it has collaborated with multiple researchers on the vulnerability.

CyberScoop reports: "Researchers Find Big Flaw in a Schneider Electric ICS System Popular in Building Systems, Utilities"

Just days after President Biden demanded that Russian President Putin shut down ransomware groups, the servers of one of the most prominent groups mysteriously went dark. Researchers stated that all of REvil's Dark Web sites slipped offline. It is unclear whether it's due to the ransomware gang getting busted or whether the threat actors did it on purpose. The REvil ransomware operation, also known as Sodinokibi, uses both clear web and Dark Web sites to negotiate ransoms, leak data, support its backend infrastructure, and receive payment from its many victimized organizations. Their victim's list has recently grown with the addition of Kaseya and its many managed service provider (MSP) customers and the global meat supplier JBS Foods. One cybersecurity expert emphasized that REvil's sites being offline doesn't mean that the notorious gang has been shut down.

Threatpost reports: "Ransomware Giant REvil's Sites Disappear"

SolarWinds has released an emergency patch for CVE-2021-35211, an RCE vulnerability affecting its Serv-U Managed File Transfer and Serv-U Secure FTP currently being exploited in the wild. Microsoft has provided evidence of limited, targeted customer impact. However, SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability. CVE-2021-35211 was unearthed in the SolarWinds Serv-U product by Microsoft's Threat Intelligence Center (MSTIC) and Microsoft Offensive Security Research teams. SolarWinds stated they will be publishing additional details about the vulnerability once its customers have had enough time to implement the fix. In the meantime, the researchers noted that the vulnerability affects Serv-U 15.2.3 HF1 and all prior Serv-U versions but does not exist if SSH is enabled for a Serv-U installation. The vulnerability allows attackers to perform remote code execution and to install programs. Attackers can also view, change or delete data, or run programs on the affected system. The researchers also stated that this is not related to the SUNBURST supply chain attack

Help Net Security reports: "SolarWinds Patches Zero-Day Exploited in the Wild (CVE-2021-35211)"

A team of researchers at Carnegie Mellon University's CyLab designed a new tool called SyRust to automatically check for memory bugs--the types of bugs that can lead to buffer overflow exploits. Their tool specifically checks for such bugs in Rust libraries. The team's goal is to automatically find memory bugs that can result in security vulnerabilities in Rust libraries, as checking for these bugs manually, is said to be inefficient and time-consuming. Rust is an increasingly popular programming language that has been branded as both safe and efficient. CyLab's Limin Jia, a professor of electrical and computer engineering, pointed out that Rust only works if you write in the language's strict idioms. Rust developers usually require complex data structures for their software, but those structures and their operations are typically written using unsafe Rust that is not checked by the Rust compiler for memory safety bugs. SyRust can help by automatically generating unit tests for library APIs and testing library implementations for memory bugs. The team tried SyRust out on 30 popular libraries and discovered four new memory bugs. Although the tool has not been perfected yet, it is a step in the right direction. The SyRust tool does not generate enough tests to draw out all possible behaviors to ensure that a program contains no bugs. This article continues to discuss buffer overflow attacks, the Rust programming language, and the SyRust tool designed by CyLab researchers to automatically check for memory bugs in Rust libraries.

CyLab reports "New Tool Automatically Finds Buffer Overflow Vulnerabilities"

Researchers at the cybersecurity firm Rapid7 discovered four vulnerabilities in the Sage X3 enterprise resource planning (ERP) product, posing a significant risk to organizations. One of the flaws has been rated critical, while the rest were rated medium in severity. The critical flaw is described as an unauthenticated, remote command execution issue relating to a remote administration service. Its exploitation involves specially crafted requests to execute commands with elevated privileges. Exploiting the critical flaw requires a piece of information, which can be obtained through one of the medium-severity vulnerabilities discovered to be an installation pathname disclosure issue. The combination of this medium-severity flaw with the critical flaw could allow an attacker to learn the affected software's installation path and then use that information to send commands to the host system to be run in the SYSTEM context. An attacker could run arbitrary operating system commands to create Administrator-level users, install malicious software, and more. Sage X3 is used by thousands of medium and large organizations globally. This article continues to discuss the potential exploitation and impact of the security vulnerabilities found in the Sage X3 ERP product.

Security Week reports "Sage X3 Vulnerabilities Can Pose Serious Risk to Organizations"

Researchers at cybersecurity company Intezer have discovered that a campaign that uses remote access Trojans and malware-as-a-service infrastructure for cyber espionage purposes has targeted large international energy companies for at least a year. The campaign uses spear-phishing emails to steal browser data and private information, including banking details. The campaign also is used for logging keyboard strokes of victims. The campaign uses malicious code such as Formbook and Agent Tesla, along with Loki, Snake Keylogger, and AZORult. The researchers stated that in addition to energy companies, the campaign also attacks the oil and gas, IT, manufacturing, and media sectors. Its targets are primarily based in South Korea but include companies in the U.S., the United Arab Emirates, and Germany as well, Intezer stated. While the researchers did not offer details on the number of companies affected by the attacks, they noted that 68% of the victims are in the oil, gas, and energy sectors, followed by 20% in construction, 8% in IT, and 4% in media.

DataBreachToday.com reports: "Yearlong Phishing Campaign Targets Energy Firms"

The secure communication method, Quantum Key Distribution (QKD), uses particles of light known as photons to encode data in quantum bits, which are transmitted to a sender and receiver in the form of an encryption key. Although the security of QKD is said to be unbreakable in principle, attackers could still steal important information if it is not implemented correctly. Malicious actors could perform side-channel attacks in which they exploit vulnerabilities in the setup of the information system to eavesdrop on the exchange of secret keys. Researchers at the National University of Singapore (NUS) have developed a theoretical method and experimental method to protect QKD communications from side-channel attacks. The first method is an ultra-secure cryptography protocol that can be used in any communication network requiring long-term security. According to the researchers, the new protocol is easier to set up and is more tolerant to noise and loss than the original device-independent QKD protocol. The new protocol also provides the highest level of security allowable by quantum communications and empowers users to independently verify their own key generation devices. The team's setup allows all information systems built with device-independent QKD to be guarded against misconfiguration and poor implementation. The other method involves the use of a first-of-its-kind quantum power limiter device that defends QKD systems against bright light pulse attacks. The NUS team says its power limiter is highly cost-effective and can be easily manufactured with off-the-shelf components. Their device also does not need any power. Therefore, this device can be easily added to any quantum cryptography system to bolster the security of its implementation. This article continues to discuss the two methods developed by NUS researchers to protect QKD communications against side-channel attacks and the importance of closing the gap between the theory and practice of quantum secure communications.

NUS reports "NUS Researchers Bring Attack-Proof Quantum Communication Two Steps Forward"

Most participants in a recent study conducted by the University of Michigan School of Information did not know that their email addresses and other personal information had been involved in data breaches. Researchers presented facts from up to three breaches to 413 individuals that included their personal information and found that people were unaware of 74 percent of the breaches. This finding raises concern because if people do not know they are data breach victims, they cannot properly protect themselves against the implications of a breach, such as an increased risk of identity theft. The study also found that most data breach victims blamed their personal behaviors for the incidents. These behaviors include reusing the same password for multiple accounts, using the same email for a long time, and signing up for sketchy accounts. Only 14 percent attributed the problem to external factors. However, Adam Aviv, associate professor of computer science at George Washington University, says the fault for breaches almost always lies with the inadequate security practices of affected companies, not by breach victims. This article continues to discuss key findings from the study, what people should do when their data has been stolen, and how future data breaches could be prevented.

NextGov reports "People Don't Realize They're Data Breach Victims"

Researchers at BetterCloud surveyed more than 500 IT and security professionals and examined internal data from thousands of organizations and users during a new study. The study's goal was to understand organizations' top challenges, priorities, and the magnitude of data loss and sensitive information leaks that are occurring. The researchers found that SaaS file security violations are out of control. This year, as the world reopened for business, file security violations spiked 134%, and the types of violations are rampant throughout organizations. Nearly half of the organizations surveyed stated their top security concern was not knowing where sensitive data lives. The researchers also found that only 35 percent of respondents trust end-users to responsibly share and store company data, and nearly half of respondents stated they have difficulty securing users' activities within SaaS apps. The researchers stated that companies are not investing enough in SaaS file security, thus increasing the risk for potential incidents, whether intentional or unintentional.

Help Net Security reports: "File Security Violations Within Organizations Have Spiked 134% as The World Reopened For Business"

Researchers have found that Brits have lost over PS1bn to fraud and cybercrime in the first six months of 2021. The study revealed that 81,018 fraud and cybercrime-related police reports were issued in Q2 2021, with UK residents experiencing a total loss of PS382.3m due to these crimes. Interestingly, this represents a significant decrease compared with Q1 2021, when there were 137,695 reports. However, financial losses per average victim were PS176 higher in Q2 compared to Q1, at PS4719. The most common type of fraud and cybercrime in Q2 was related to online shopping and auctions, comprising one in five police reports (14,868). Victims lost a total of PS11.9m to these types of activities. According to the researchers, crimes relating to financial investments, share sales, or boiler room fraud proved to be most costly to victims in Q2. A total of 1309 victims lost PS35.8m to these activities in this period, equating to PS26,585 per person. Dating scam victims also experienced heavy losses, at PS13,558 each on average. Brits aged 30-39 were most commonly hit by fraud and cybercrime, making up 13,172 reports and a total of PS37m lost. Elderly UK residents (aged 70 and above) were more likely to fall victim to computer software and other advance fee frauds than any other age category. This population lost PS34.2m to these crimes in Q2, with an average of PS6,118 lost per case.

Infosecurity reports: "Brits Lose Over PS1bn in Fraud So Far This Year"

The National Institute of Standards and Technology's National Cybersecurity Center of Excellence (NCCoE) released a draft document outlining migration challenges and approaches to making the migration from public-key cryptographic algorithms to quantum-resistant algorithms easier. Efforts to evaluate and select post-quantum encryption algorithms have been ongoing since 2016, with the migration process also expected to be a long one. As nothing can protect hardware, software, applications, or data from quantum-enabled adversaries, encryption keys and data will need to be re-encrypted with a quantum-resistant algorithm. In order to replace cryptographic algorithms, all system components, including protocols, schemes, and infrastructures, must be ready to process the new encryption scheme. Therefore, algorithm replacement is expected to be significantly disruptive and lengthy. NIST has described five implementation scenarios with the goal of identifying vulnerable cryptographic code, prioritizing the replacement of that code, and more. Each scenario addresses enterprise data center environments, including on-premises data centers and data hosted in public and hybrid clouds by owners or third-party providers. Organizations working with NIST on this project will install and test discovery tools and quantum-resistant components in an enterprise environment hosted by NCCoE's post-quantum cryptography laboratory. This article continues to discuss NIST's efforts to ease the migration to post-quantum cryptography.

GCN reports "NIST Maps Out the Migration to Post-quantum Cryptography"

Researchers at RiskIQs discovered that cybercrime costs organizations an incredible $1.79m every minute. Their study, which analyzed the volume of malicious activity on the internet, laid bare the scale and damage of cyberattacks in the past year, finding that 648 cyberthreats occurred every minute. The researchers calculated that the average cost of a breach is $7.2 per minute, while the overall predicted cybersecurity spend is $280,060 every minute. E-commerce has been heavily hit by online payment fraud in the past year. While the e-commerce industry saw a record $861.1bn in sales, it lost $38,052 to online payment fraud every minute. The researcher also found that the healthcare industry lost $13 per minute on digital security breaches in the past year. The new study also looked at the impact of different forms of cybercrime. It showed that per minute there was $3615 lost to cryptocurrency scams, 525,600 records compromised, and six organizations victimized by ransomware. The researchers stated that the scale of cyberattacks last year was further underlined by the fact that one Magecart host was detected every 31 minutes, one vulnerable Microsoft Exchange server was patched every 1.7 minutes, and one malicious mobile app was blocklisted every five minutes.

Infosecurity reports: "Cybercrime Costs Organizations Nearly $1.79 Million Per Minute"

Researchers at Armis released new data uncovering the lack of knowledge and general awareness of major cyberattacks on critical infrastructure and an understanding of security hygiene. During a new survey of over 2,000 respondents from across the United States, researchers found that end users are not paying attention to the significant attacks plaguing operational technology and critical infrastructure across the country, signaling the importance of businesses prioritizing a focus on security as employees return to the office. In the past year, 65,000 ransomware attacks occurred in the United States. In other words, approximately 7 attacks per hour, which is expected to continue to rise. Over 21% of respondents have not even heard about the cyberattack on the largest U.S. fuel pipeline, and 45% of working Americans did not hear about the attempted tampering of Florida's water supply. The researchers stated that the severity of the cyberattacks on critical infrastructure is not sticking. Despite the complete shutdown of the Colonial Pipeline following the attack and the halting of production at JBS, consumers don't see the lasting effects of these attacks. Almost a quarter (24%) of respondents believe that the Colonial Pipeline attack will not have any long-lasting impact on the U.S. fuel industry. The researchers believe that healthcare could be the next frontier for hackers. More than half (63%) of healthcare delivery organizations have experienced a security incident related to unmanaged IoT devices over the past two years. The data from the survey shows that when it comes to device security, over 60% of healthcare employees believe that their personal devices do not pose any security threat to their organization, and 26% even said that their companies do not have any policies in place to secure both work and personal devices.

Help Net Security reports: "Critical Infrastructure Cyberattacks Signaling The Importance of Prioritizing Security"

Ransomware attacks continue to grow in size, frequency, and ransom demand. It is essential to understand the groups behind these attacks in order to take them down. The top five most dangerous criminal organizations currently online include DarkSide, REvil, Clop, the Syrian Electronic Army, and FIN7. DarkSide was the group behind the ransomware attack against the U.S. Colonial Pipeline's fuel distribution network that led to gas shortages and higher prices. REvil is a Russia-based ransomware-as-a-service group that recently targeted the global meat processing company JBS. The Clop ransomware group has yielded half a billion U.S. dollars through its double-extortion tactic in which threats are made to targeted organizations to pay an extra ransom so that stolen data is not leaked to the public. The Syrian Electronic Army is a hacktivist group as it is known for launching online attacks to promote political propaganda. FIN7 is another Russia-based group that is arguably the most successful online criminal organization of all time, as many of its operations have been undetected for years. This article continues to discuss recent ransomware attacks, the top five most dangerous online criminal organizations, and why it is difficult for law enforcement agencies to take such organizations down.

The Conversation reports "The Top 5 Most Dangerous Criminal Organizations Online Right Now"

Researchers at AT&T Cybersecurity have discovered a new phishing campaign that is targeting engineering applicants and employees in classified engineering roles across the U.S. and Europe. They revealed that the Lazarus hacking group is behind the new phishing campaign. Between May to June 2021, Twitter users identified several malicious documents attempting to impersonate new defense contractors and engineering companies such as Airbus, General Motors (GM), and Rheinmetall. All of these documents were found to contain macro malware, which has been altered during the course of this campaign from one target to another. The first two documents identified in early May 2021 relate to Rheinmetall, a German Engineering company focused on the automotive and defense industries. A similar document targeting General Motors had minor updates in the Command and Control (C&C) communication process. Another malicious document targeting Airbus had different execution and injection processes. Researchers warn that the new activity is in line with the Lazarus group's campaigns and will not be the last. Lazarus continues to use the same tactics, techniques, and procedures (TTPs), such as using Microsoft Office documents that can download remote templates, leveraging compromised third-party infrastructure to host the payloads, and more. This article continues to discuss the researchers' findings surrounding the Lazarus group's new phishing campaign against engineers.

ITPro reports "Lazarus Hackers Target Engineers Using Malware-Laced Job Ads"

Researchers at Fortinet have discovered a new ransomware variant called Diavol, which has been observed targeting organizations since June 2021. Although Diavol is a new ransomware threat, it is believed to have a connection with the Russia-based cybercriminal group Wizard Spider. According to the researchers, Diavol leverages Asynchronous Procedure Calls (APCs) with a unique encryption procedure. This ransomware leaves a ransom note in every folder it encrypts. Diavol ransomware does not apply any tactics for evading detections, but the group behind it is using an anti-analysis method to disguise the ransomware code. The researchers found that Diavol ransomware has similarities with Conti and Egregor ransomware. For example, the command lines used by Diavol are similar to those used by Conti ransomware. Conti and Diavol ransomware also operate with synchronous I/O operations in the encryption of files. However, the attackers behind Diavol ransomware may have set up these similarities intentionally to confuse the security experts analyzing it. This article continues to discuss the spread and attack flow of Diavol ransomware, as well as its similarities to Conti and Egregor ransomware.

CISO MAG reports "Researchers Find New Ransomware Variant 'Diavol'"

A massive ransomware attack has compromised up to 1,500 businesses, according to a Tuesday update from a Florida IT company called Kaseya. Kaseya offers its VSA platform to managed service providers (MSPs) to whom other companies outsource IT functions. The company stated that only 50 of its 35,000 customers had been breached, but given the reach of its MSP customers, 50 victims can quickly multiply into many, many more. The self-proclaimed culprit behind the attacks is the Russia-based ransomware gang REvil. REvil claims that this attack has affected more than 1 million victims and is seeking $70 million in cryptocurrency collectively. Researchers at the Dutch Institute for Vulnerability Disclosure stated that the attackers exploited previously unknown zero-day vulnerabilities that Kaseya was in the midst of patching when the outbreak began. The researchers noted that the Kaseya-filtered attack is more globally disbursed than other ransomware attacks and compared this ransomware incident to the 2017 WannaCry cryptoworm that infected hundreds of thousands of computers. The company shut down the software over the holiday weekend and also released detection tools.

CyberScoop reports: "Kaseya Says up to 1,500 Victims Affected by Ransomware, as Biden Directs 'Full Resources' to Investigate"

The growing popularity of Apple Macs among enterprises is accompanied by the increasing number of malware variants targeting macOS. The arrival of Apple's new ARM64-based M1 processors has come with a new generation of malware specific to macOS. Most macOS-specific malware variants have been found to be repurposed from Windows malware variants. The shift to working from home due to the COVID-19 pandemic has increased the use of Macs for work activities as some employees' home offices include Mac devices, thus making them a more attractive target for attackers seeking to compromise enterprises. Mac security expert Patrick Wardle has already observed an increasing number of malware variants written specifically for the M1 platform. M1 provides faster and more efficient processing, graphics, and longer battery life. It also comes with new security features to protect the machine from remote exploitation and provide physical access protection. Still, Wardle discovered that new macOS malware could circumvent many anti-malware tools. Wardle will share his findings from the reverse engineering and analysis of M1-specific malware samples at Black Hat USA in Las Vegas to help threat hunters and researchers better detect such malware. When he split out the binaries for macOS malware (one built for the Intel-based Mac platform and the other for the M1-based platform), anti-malware systems were found to detect malware targeting the Intel platform more than macOS malware targeting the M1 platform, despite the binaries being logically identical. This finding suggests that existing antivirus signaures tend to be created only for the Intel variant of macOS malware. This article continues to discuss the increased targeting of Apple's new ARM-based M1 processors by malware authors and the research conducted by Patrick Wardle to help spot new macOS malware.

Dark Reading reports "Attackers Already Unleashing Malware for Apple macOS M1 Chip"

The U.S. Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) is cataloging bad cybersecurity practices to help critical infrastructure providers improve the prioritization of their cybersecurity responsibilities. The list will be updated based on cybersecurity professionals' feedback. Recent events have brought further attention to the significant impact that cyberattacks against critical infrastructure can have on essential functions of government and the private sector. Organizations, especially those designated as National Critical Functions (NCF), must implement effective cybersecurity programs to manage cyber risks and defend against cyber threats. According to CISA, bad cyber practices in an organization that supports NCFs are dangerous because any disruption, corruption, or dysfunction to its systems could weaken security, national economic security, national public health, and national public safety. The bad practices catalog currently only includes two practices. These practices involve the use of unsupported software and fixed default passwords and credentials in service of NCFs. This article continues to discuss the purpose and current status of CISA's bad practices catalog.

MeriTalk reports "CISA Begins Cataloging, Publicizing Bad Cyber Practices"

According to researchers, the VPN provider known as LimeVPN has been hit with a data breach affecting 69,400 user records. Recently a hacker claimed to have stolen the company's entire customer database before knocking its website offline. The stolen records consist of user names, passwords in plain text, IP addresses, and billing information, according to researchers at PrivacySharks. Researchers added that the attack also included public and private keys of LimeVPN users. The hacker stated that they have the private keys of every user, which is a severe security issue as it means they can easily decrypt every LimeVPN user's traffic. Even though LimeVPN is not a large provider like Surfshark or NordVPN, the fact that its entire database was scraped raises the question of security among VPN providers.

Threatpost reports: "Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web"

Living-off-the-Land (LotL) attacks involve the use of trusted pre-installed system tools to avoid installing foreign files or tools, thus allowing threat actors to hide their malicious activity. New LotL attacks have been overserved using AutoHotkey, which is a free, open-source scripting language for Microsoft Windows. AutoHotkey allows users to create scripts for various tasks such as auto-clicking, form fillers, and more. A recent attack that occurred in mid-May 2021 was observed misusing AutoHotkey. The Remote Access Trojan (RAT) delivery campaign started with an AutoHotkey-compiled script that loaded an executable, which branched into one of four versions when it ran. These versions involved different VBScripts and malware payloads, including Houdini, VjW0rm, and HCrypt. One of the ways companies can defend themselves against attacks via AutoHotkey scripts is to invest in security awareness training programs that use phishing tests. Such tests will make employees more familiar with email-based attacks. In addition to awareness training, companies are encouraged to carefully review native apps and tools used by employees to perform their normal work activities. This article continues to discuss the concept of LotL attacks, examples of malicious campaigns in which AutoHotkey scripts were used, and how employers can defend themselves against such attacks.

Security Intelligence reports "Malware Actors Have Begun Using AutoHotkey Scripts For Attacks"

An investigation has been launched into a data breach that occurred in June at a hospital in Las Vegas. The University Medical Center (UMC) is a nonprofit public hospital affiliated with the Kirk Kerkorian School of Medicine at UNLV and operated by the Clark County Commission. The hospital houses the Silver State's only Level 1 trauma center. On Monday, ransomware gang REvil claimed to have hacked into their computer network and exfiltrated data belonging to the hospital. Sensitive information allegedly swiped by the gang includes Nevada driver's licenses, passports, and Social Security numbers. Images of what appear to be stolen data belonging to at least six victims were uploaded to the hacking group's website on the darknet. On Tuesday, UMC acknowledged that its network had been compromised in the middle of June when a server was accessed without authorization. The hospital said that the matter had been reported to law enforcement, who were now investigating it as a cyberattack. The hospital stated that there is no evidence that any clinical systems were accessed during the attack.

Infosecurity reports: "Data Breach at Las Vegas Hospital"

The Germany-based industrial solutions provider Phoenix Contact recently informed customers about ten vulnerabilities that have been identified across many of its products. Advisories published by Phoenix Contact and Germany's CERT VDE say the vulnerabilities were pointed out by various researchers and companies. Firmware updates were released to address many of the flaws. For some of the flaws, only recommendations were provided by the vendor for preventing attacks. Two of the vulnerabilities are described as a high-severity security bypass issue and a medium-severity Denial-of-Service (DoS) flaw. These vulnerabilities impact Phoenix Contact's TC router, FL MGUARD modules, ILC 2050 BI building controllers, and PLCNext products. Another high-severity flaw, which could allow the installation of malicious firmware on a device, affects SMARTRTU AXC remote terminal and automation systems, EEM-SB37x energy meters, CHARX control modular AC charging controllers, and PLCNext products. Three of the vulnerabilities that can be exploited for DoS attacks and Cross-Site Scripting (XSS) attacks, impact FL SWITCH SMCS series switches. The exploitation of the XSS bug can allow an attacker to inject malicious code into a device's web-based management interface. This article continues to discuss the potential exploitation and impact of the security vulnerabilities discovered in different Phoenix Contact industrial products.

Security Week reports "High-Severity Vulnerabilities Found in Several Phoenix Contact Industrial Products"

A survey was conducted by the IoT security firm Armis to which 2,000 employees across various industries responded. They were surveyed on their knowledge pertaining to current security events and best practices. The results from the survey show that there is a lack of awareness of major cybersecurity incidents in the U.S. Of the professionals surveyed, 21 percent revealed that they had not heard about the Colonial Pipeline ransomware attack. Of those who were aware of the Colonial Pipeline cyberattack, 24 percent did not believe it would have a lasting impact on the U.S. oil industry, despite it causing localized fuel shortages, increasing gas prices, sparking panic buying, and dominating headlines. More than 40 percent said they were not aware of the February attack at a water treatment facility in Oldsmar, Florida, in which an attacker compromised a control system and attempted to taint the municipal water supply. Armis suggests that the lack of awareness surrounding such incidents and the risks they pose means basic security procedures are probably not being followed. For example, 54 percent of the respondents did not believe connecting their personal devices to their company network will present a security risk to their company. Companies are encouraged to improve their network security and keep their users informed of the heightened risk for cyberattacks in the current climate. This article continues to discuss the key findings from the Armis survey on the level of awareness of current security events and best practices, and how a lack of end-user knowledge increases risk for cyberattacks.

SearchSecurity reports "End Users in the Dark About Latest Cyberthreats, Attacks"