Norsk Hydro, a leading European aluminum company with operations in more than 50 countries, was hit by a LockerGoga ransomware attack on March 18. The attack was far-reaching, with Norsk Hydro’s chief financial officer Eivind Kallevik sharing that “the entire worldwide network is down, affecting our production as well as our office operations.” As a [...]
Over the past week, we’ve seen Cisco publish a number of security advisories covering 29 vulnerabilities which affect Cisco NX-OS and four vulnerabilities which affect FXOS. Although there are not yet any reported active attacks leveraging these vulnerabilities, it’s crucial to be aware if any of these vulnerabilities exist within your network. What Risks do [...]
On November 30, 2018, Google’s Project Zero researchers discovered BuggyCow, a high-severity security flaw in the macOS kernel. They gave Apple a 90-day deadline to patch the issue: a deadline that, in this instance, was missed. As a direct result of Apple’s inaction, Google’s team revealed details about the flaw and posted a proof-of-concept on March [...]
OT networks were under increasing attack last year, according to Skybox Security’s recently published 2019 Vulnerability and Threat Trends Report. In this blog, we’re examine why such attacks are on the rise, identify the roadblocks standing in the way of much-needed progress and give advice about how you can secure your OT network. OT Networks [...]
A Microsoft Office vulnerability first discovered in July 2017 has been exploited by Formbook malware
The FaceTime Bug allowing unauthorized microphone and camera access is the latest chapter in Apple’s information disclosure story
A weaponized Excel file titled “Kuwait Oil Company Business Profile” breathes new life into an old vulnerability, raising concern for unsuspecting OT networks
In Skybox Security’s 2019 Vulnerability and Threat Trends Report, one of the key findings was the impact cloud networks could have on the attack surface. Cyberattackers Targeting Cloud Infrastructure Security of cloud networks — the responsibility of the cloud service provider (CSP) — is relatively strong. However, security within the cloud — the responsibility of [...]
Vulnerabilities detailed in Juniper’s latest bulletin weren’t picked up quickly enough by some major scanners and the NVD. Here's What Happened When Juniper Published its Bulletin On January 9, Juniper published its scheduled security bulletin which detailed 18 fixes that mostly related to JunOS, the popular enterprise-grade operating system used for Juniper's routing, switching and [...]
Notorious OT threat Shamoon returned with its third iteration in December, wiping the disks of hundreds of computers in an attack that started at oil giant Saipem. Shamoon 3: Here's What Happened Over the last 7 years, the notoriety of disk-wiping malware "Shamoon" (also known as "Disttrack") has grown. It has been implicated in three [...]
