Cybersecurity Highlights

Cryptographic flaw in ECDSA implementation in Java

The Elliptic Curve Digital Signature Algorithm (ECDSA), used in Java and Oracle to digitally sign messages and data to verify the authenticity and integrity of content, is vulnerable due to a...

References:

neilmadden.blog

unaaldia.hispasec.com

media.cert.europa.eu

jfrog.com

blog.ehcgroup.io

nakedsecurity.sophos.com

thehackernews.com

Tags:

Encryption

Tool

Vulnerability

API Threat Research: SSRF on FinTech Platforms

Salt Security researchers discovered a server-side request forgery (SSFR) vulnerability in an API embedded in many FinTech platform banking systems, which could potentially have compromised...

References:

salt.security

threatpost.com

thecybersecurity.nwes

oodaloop.com

infosectoday.com

websecurity.agency

Tags:

Researchers use decommissioned satellite to retransmit pirate television

A group of researchers have been granted permission since last year to access and transmit from the disused Anik F1R satellite, launched in support of television broadcasting in 2005 and designed...

References:

wired.com

adslzone.net

espanol.news.

noticiasmoviles.com

Tags:

Other critical infrastructures

Vulnerability

Six US states hit by China-based cyberattack

Cybersecurity firm Mandiant uncovered evidence of data exfiltration by the Chinese hacking group known as 'APT41', which targeted US state governments between May 2021 and February 2022.The events...

References:

mandiant.com

wired.com

theverge.com

techcrunch.com

threatpost.com

computing.co.uk

Tags:

Other critical infrastructures

Public administration

Vulnerability

API requests not authenticated by mobile device monitoring services

Consumer spyware is often sold under the guise of child or family surveillance software, but is also known as stalkerware because of its ability to track and monitor.The website TechCrunch...

References:

techcrunch.com

cert.org

yahoo.com

adexchanger.com

Tags:

Cyberattack on Vodafone in Portugal affects 4 million users

Vodafone Portugal has been the victim of a cyberattack that has affected voice, data, television, SMS and voice/digital response services, although they have no evidence that customer data has been...

References:

vodafone.pt

eldiario.es

20minutos.es

swissinfo.ch

reuters.com

hispasec.com

Tags:

Cybercrime

Incident

Internet

Other critical infrastructures

Vulnerability

Wormhole suffers cyberattack, loses millions of dollars

The attack affected the website of Wormhole, a cryptocurrency token exchange platform that allows users to convert one form of cryptocurrency into another.The cyberattackers were able to exploit a...

References:

twitter.com

xataka.com

welivesecurity.com

20minutos.es

reuters.com

bloomberg.com

fortune.com

Tags:

Two German oil firms hit by cyberattack

A cyberattack on two German oil logistics companies, Oiltanking and Mabanaft, has forced a temporary diversion of traffic to alternative supply depots due to disruption of their IT systems and...

References:

washingtonpost.com

theregister.com

bbc.com

bleepingcomputer.com

reuters.com

Infobae.com

incibe-cert.es

Tags:

Industrial Control System

Malware

Vulnerability

Belarusian railway network hit by ransomware ciberattack

A group of hacktivists gained access to the Belarusian railway system by using ransomware to block its servers, databases and network stations in order to hinder and block the transit of personnel...

References:

arstechnica.com

gizmodo.com

hipertextual.com

elhacker.net

Tags:

The most important hardware weaknesses according to MITRE

MITRE has published the list of the most important hardware (HW) weaknesses (CWE) for the year 2021 in order to raise awareness and prevent security incidents. Among the most dangerous ones are:...

References:

cwe.mitre.org

us-cert.cisa.gov

bleepingcomputer.com

Tags:

IoT

Vulnerability

Corporate access

Cybersecurity Highlights

Cryptographic flaw in ECDSA implementation in Java

API Threat Research: SSRF on FinTech Platforms

Researchers use decommissioned satellite to retransmit pirate television

Six US states hit by China-based cyberattack

API requests not authenticated by mobile device monitoring services

Cyberattack on Vodafone in Portugal affects 4 million users

Wormhole suffers cyberattack, loses millions of dollars

Two German oil firms hit by cyberattack

Belarusian railway network hit by ransomware ciberattack

The most important hardware weaknesses according to MITRE

Pages