Cyberattacks on critical infrastructure facilities give us a chance to take a deep dive into the malicious operations of cybercriminal groups. In light of the recent Colonial Pipeline hack, U.S. security agencies published a joint advisory detailing the activities of the ransomware operation responsible for it. In other news, IoT devices are still shockingly vulnerable to attacks; this time it is almost every WiFi-connected device with the discovery of new flaws. Also, researchers reported new phishing campaigns targeting Office 365 users. For more, move ahead to the top cybersecurity highlights from the past 24 hours.
01
The FBI and CISA issued a joint advisory following the Colonial Pipeline incident conducted by five distinct activity clusters, associated with the DarkSide Ransomware-as-a-Service (RaaS).
02
A total of 12 design and implementation flaws, dubbed FragAttacks, in IEEE 802.11 technical standards leave all WiFi devices vulnerable to attacks. These flaws can be exploited by attackers within radio range of the target.
03
As per a report by the Auditor-General of Western Australia, computer systems at 50 local government bodies were found to have 328 control flaws, with 33 rated as critical.
04
Researchers identified 38,335 public-facing VOIP/SIP devices worldwide that can be accessed from anywhere due to unpatched security flaws. The U.S. leads in the country-list while London tops the chart among cities impacted.
05
A phishing campaign was spotted leveraging Zix, an email authentication solution, to trick Office365 users into feeling secure and managed to reach between 5,000 and 10,000 mailboxes.
06
A report by the NSA, in partnership with the ODNI and the CISA, warned that inadequate implementation of telecom standards, supply chain threats, and weaknesses in systems architecture could pose major cybersecurity risks to 5G networks.
07
Apple claimed to get rid of 95,000 applications from the App Store hosting malicious programs for spam and violating the security policies.
08
The FBI published a Private Industry Notification (PIN) warning of cybercriminals abusing search engine results and ads to entice targets on phishing sites with the aim of stealing login credentials.
09
Panaseer, an enterprise security firm, secured $26.5 million in series B funding led by AllegisCyber Capital, with participation from existing investors.
10
HelpSystems acquired vulnerability assessment and management software provider Beyond Security to expand its cybersecurity portfolio.
