Cybersecurity has evolved beyond a mere compliance necessity, recognizing human error’s significant impact, contributing to 95% of all data breaches. The alarming frequency of cyber-attacks every 39 seconds underscores the critical need for robust security measures. Particularly concerning is the fact that 43% of these cyber-attacks specifically target small businesses. Today’s overview on the Security Bench concisely summarizes major cybersecurity events throughout the day. Stay informed better to navigate the dynamic and ever-evolving landscape of cybersecurity threats.
- Bitdefender has disclosed that Bosch BCC100 thermostats and Rexroth NXAO15S-36V-B smart nutrunners contained multiple security vulnerabilities that could allow attackers to execute arbitrary code on affected systems if exploited. Attackers can also exploit it to write a malicious update that could alter the device’s functionality. Still, interest is more on using it to sniff traffic, penetrate other devices, and other sophisticated attacks.
- AUSA (Association of the United States Army), a nonprofit educational and professional development association serving America’s Army and supporters of a strong national defense, was hit by the Hunter group in a ransomware attack today. Not much is known about the attack’s impact, but reports revealed the organization contained it earlier through the help of their experts.
- Hackers can now run any file on victims’ Mac or Windows through the Opera MyFlaw bug. The time needed to fix this bug is still unknown. Users of the famous browser are advised to take precautions because running files on the victim’s system is achieved by bypassing the browser’s sandbox and the entire browser process.
- Northeast Spine and Sports Medicine, a large multi-specialty medical group in New Jersey, has suffered a ransomware attack involving 400GB of data leak by the LockBit3.0 group. The company is known for orthopedic surgery, neurosurgery, pain management, sports medicine, chiropractic, physical and occupational therapy, acupuncture, and massage.
- A report today revealed that the Environmental Services Industry closed 2023 with a surge of 61,839% in DDoS attacks, promoting fear of further increment if the industry fails to take proper action against it in 2024. The United States and China remain the top targets with the highest record of HTTP DDoS attacks.
- Records revealed over 7,100 WordPress websites have suffered the impact of the Balada Injector malware due to plugin vulnerability. It is worth noting that only users of the vulnerable version of the Popup Builder plugin were affected. Further investigation revealed the malware has been around since 2021, and an extensive calculation of victims would result in over one million since the discovery. With over 200,000 currently active plugin installations, there is fear the impact might increase significantly.
- A French construction and renovation company called Maisons de l’Avenir is one of today’s LockBit3.0 ransomware group victims. Neither the loss suffered by the company nor the steps taken to remediate the attack’s impact is disclosed to the public. Customers are in the dark regarding possible data exposure or compromise from the attack.
- Windows smart screen flaw opens the ground for attackers to exploit through Phemedrone malware. The information-exfiltrating malware capitalizes on the Defender SmartScreen vulnerability (CVE-2023-36025) to escape the Windows security prompts when opening URL files. The attacker also uses social engineering skills to get victims into clicking malicious URLs, aiding the hostile act.
- Today, cybersecurity researchers revealed that over 178,000 SonicWall firewalls are subject to DoS and potential RCE attacks when exploited by threat actors. The next-generation firewalls (NGFW) suffer from two flaws CVE-2022-22274 and CVE-2023-0656, which also promote remote code execution. Security experts claim the vulnerability results from using the same vulnerable code pattern as in the past.
Lastly, Google is vindicated from claims that the tech giant is causing defects in YouTube’s performance. The performance flaw was traced to Adblock and Adblock Plus. According to statistics released on the Chrome Web Store, Adblock and Adblock Plus currently have 113 million active users.
