Sign up to save your podcasts
Or
Share Auto Supplier Attacked, Iranian Factory Lucky Break, CODESYS ICS Flaws, and more.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Auto Supplier Attacked, Iranian Factory Lucky Break, CODESYS ICS Flaws, and more.
A daily look at the relevant information security news from overnight - 27 June, 2022
Episode 253 - 27 June 2022
Auto Supplier Attacked- https://www.bleepingcomputer.com/news/security/automotive-fabric-supplier-tb-kawashima-announces-cyberattack/
Iranian Factory Lucky Break -
https://www.securityweek.com/cyberattack-forces-iran-steel-company-halt-production
Oracle Miracle Fix- https://portswigger.net/daily-swig/oracle-patches-miracle-exploit-impacting-middleware-fusion-cloud-services
Mega Vuln -
https://www.securityweek.com/top-cryptographers-flag-devastating-flaws-mega-cloud-storage
CODESYS ICS Flaws -
https://thehackernews.com/2022/06/critical-security-flaws-identified-in.html
Hi, I’m Paul Torgersen. It’s Monday June 27th, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com
TB Kawashima, part of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack. The company responded by turning off all systems and devices in the network and says that production has not been impacted, but their website was down. No confirmation from the company, but the LockBit ransomware group has claimed responsibility and started leaking data supposedly acquired in the attack.
From SecurityWeek.com:
Iranian state owned Khuzestan Steel Company, one of three in the country, had to stop work until further notice following a cyberattack. The company’s CEO claimed they were able to thwart the attack and prevent structural damage to production lines. In a bit of a lucky break, it appears the attack at least partially failed because the factory happened to be non-operational at the time due to an electricity outage.
From PortSwigger.net:
Oracle has finally patched a remote code execution vulnerability impacting Oracle Fusion Middleware and other Oracle systems. The vulnerability, dubbed Miracle Exploit, carries a 9.8 severity and is said to be easily exploitable. The bug was found on accident while researchers were building a proof of concept for a different zero-day. Oracle was first notified of the flaw back in October of last year and has now issued a fix. Get your patch on kids.
From SecurityWeek.com:
Cryptographers at a Swiss university have found at least five exploitable security flaws in the privacy-themed MEGA cloud storage service that could lead to devastating attacks on the confidentiality and integrity of user data in the MEGA cloud. The company released an advisory and patches, but said the vulnerabilities would be exceedingly difficult to exploit, basically requiring Mega to become a bad actor against itself.
And last today, from TheHackerNews.com
CODESYS has released patches to address 11 security flaws in its ICS automation software, two of which were rated critical, that could result in information disclosure and denial-of-service. These vulnerabilities are considered simple to exploit, and impacted at least seven of their Programmable Logic Controller applications. More details in the article.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
Episode 253 - 27 June 2022
Auto Supplier Attacked- https://www.bleepingcomputer.com/news/security/automotive-fabric-supplier-tb-kawashima-announces-cyberattack/
Iranian Factory Lucky Break -
https://www.securityweek.com/cyberattack-forces-iran-steel-company-halt-production
Oracle Miracle Fix- https://portswigger.net/daily-swig/oracle-patches-miracle-exploit-impacting-middleware-fusion-cloud-services
Mega Vuln -
https://www.securityweek.com/top-cryptographers-flag-devastating-flaws-mega-cloud-storage
CODESYS ICS Flaws -
https://thehackernews.com/2022/06/critical-security-flaws-identified-in.html
Hi, I’m Paul Torgersen. It’s Monday June 27th, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com
TB Kawashima, part of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack. The company responded by turning off all systems and devices in the network and says that production has not been impacted, but their website was down. No confirmation from the company, but the LockBit ransomware group has claimed responsibility and started leaking data supposedly acquired in the attack.
From SecurityWeek.com:
Iranian state owned Khuzestan Steel Company, one of three in the country, had to stop work until further notice following a cyberattack. The company’s CEO claimed they were able to thwart the attack and prevent structural damage to production lines. In a bit of a lucky break, it appears the attack at least partially failed because the factory happened to be non-operational at the time due to an electricity outage.
From PortSwigger.net:
Oracle has finally patched a remote code execution vulnerability impacting Oracle Fusion Middleware and other Oracle systems. The vulnerability, dubbed Miracle Exploit, carries a 9.8 severity and is said to be easily exploitable. The bug was found on accident while researchers were building a proof of concept for a different zero-day. Oracle was first notified of the flaw back in October of last year and has now issued a fix. Get your patch on kids.
From SecurityWeek.com:
Cryptographers at a Swiss university have found at least five exploitable security flaws in the privacy-themed MEGA cloud storage service that could lead to devastating attacks on the confidentiality and integrity of user data in the MEGA cloud. The company released an advisory and patches, but said the vulnerabilities would be exceedingly difficult to exploit, basically requiring Mega to become a bad actor against itself.
And last today, from TheHackerNews.com
CODESYS has released patches to address 11 security flaws in its ICS automation software, two of which were rated critical, that could result in information disclosure and denial-of-service. These vulnerabilities are considered simple to exploit, and impacted at least seven of their Programmable Logic Controller applications. More details in the article.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
View all episodes
By Paul TorgersenA daily look at the relevant information security news from overnight - 27 June, 2022
Episode 253 - 27 June 2022
Auto Supplier Attacked- https://www.bleepingcomputer.com/news/security/automotive-fabric-supplier-tb-kawashima-announces-cyberattack/
Iranian Factory Lucky Break -
https://www.securityweek.com/cyberattack-forces-iran-steel-company-halt-production
Oracle Miracle Fix- https://portswigger.net/daily-swig/oracle-patches-miracle-exploit-impacting-middleware-fusion-cloud-services
Mega Vuln -
https://www.securityweek.com/top-cryptographers-flag-devastating-flaws-mega-cloud-storage
CODESYS ICS Flaws -
https://thehackernews.com/2022/06/critical-security-flaws-identified-in.html
Hi, I’m Paul Torgersen. It’s Monday June 27th, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com
TB Kawashima, part of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack. The company responded by turning off all systems and devices in the network and says that production has not been impacted, but their website was down. No confirmation from the company, but the LockBit ransomware group has claimed responsibility and started leaking data supposedly acquired in the attack.
From SecurityWeek.com:
Iranian state owned Khuzestan Steel Company, one of three in the country, had to stop work until further notice following a cyberattack. The company’s CEO claimed they were able to thwart the attack and prevent structural damage to production lines. In a bit of a lucky break, it appears the attack at least partially failed because the factory happened to be non-operational at the time due to an electricity outage.
From PortSwigger.net:
Oracle has finally patched a remote code execution vulnerability impacting Oracle Fusion Middleware and other Oracle systems. The vulnerability, dubbed Miracle Exploit, carries a 9.8 severity and is said to be easily exploitable. The bug was found on accident while researchers were building a proof of concept for a different zero-day. Oracle was first notified of the flaw back in October of last year and has now issued a fix. Get your patch on kids.
From SecurityWeek.com:
Cryptographers at a Swiss university have found at least five exploitable security flaws in the privacy-themed MEGA cloud storage service that could lead to devastating attacks on the confidentiality and integrity of user data in the MEGA cloud. The company released an advisory and patches, but said the vulnerabilities would be exceedingly difficult to exploit, basically requiring Mega to become a bad actor against itself.
And last today, from TheHackerNews.com
CODESYS has released patches to address 11 security flaws in its ICS automation software, two of which were rated critical, that could result in information disclosure and denial-of-service. These vulnerabilities are considered simple to exploit, and impacted at least seven of their Programmable Logic Controller applications. More details in the article.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
Episode 253 - 27 June 2022
Auto Supplier Attacked- https://www.bleepingcomputer.com/news/security/automotive-fabric-supplier-tb-kawashima-announces-cyberattack/
Iranian Factory Lucky Break -
https://www.securityweek.com/cyberattack-forces-iran-steel-company-halt-production
Oracle Miracle Fix- https://portswigger.net/daily-swig/oracle-patches-miracle-exploit-impacting-middleware-fusion-cloud-services
Mega Vuln -
https://www.securityweek.com/top-cryptographers-flag-devastating-flaws-mega-cloud-storage
CODESYS ICS Flaws -
https://thehackernews.com/2022/06/critical-security-flaws-identified-in.html
Hi, I’m Paul Torgersen. It’s Monday June 27th, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com
TB Kawashima, part of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack. The company responded by turning off all systems and devices in the network and says that production has not been impacted, but their website was down. No confirmation from the company, but the LockBit ransomware group has claimed responsibility and started leaking data supposedly acquired in the attack.
From SecurityWeek.com:
Iranian state owned Khuzestan Steel Company, one of three in the country, had to stop work until further notice following a cyberattack. The company’s CEO claimed they were able to thwart the attack and prevent structural damage to production lines. In a bit of a lucky break, it appears the attack at least partially failed because the factory happened to be non-operational at the time due to an electricity outage.
From PortSwigger.net:
Oracle has finally patched a remote code execution vulnerability impacting Oracle Fusion Middleware and other Oracle systems. The vulnerability, dubbed Miracle Exploit, carries a 9.8 severity and is said to be easily exploitable. The bug was found on accident while researchers were building a proof of concept for a different zero-day. Oracle was first notified of the flaw back in October of last year and has now issued a fix. Get your patch on kids.
From SecurityWeek.com:
Cryptographers at a Swiss university have found at least five exploitable security flaws in the privacy-themed MEGA cloud storage service that could lead to devastating attacks on the confidentiality and integrity of user data in the MEGA cloud. The company released an advisory and patches, but said the vulnerabilities would be exceedingly difficult to exploit, basically requiring Mega to become a bad actor against itself.
And last today, from TheHackerNews.com
CODESYS has released patches to address 11 security flaws in its ICS automation software, two of which were rated critical, that could result in information disclosure and denial-of-service. These vulnerabilities are considered simple to exploit, and impacted at least seven of their Programmable Logic Controller applications. More details in the article.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.