The Hacker News Daily Updates

"Honeypot Factory:  The use of deception in ICS/OT Environments."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.   Accessed on 13 February 2023, 1422 UTC.  Content provided by email subscription to "The Hacker News Daily Updates."

Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGrcXrRblFBTsBvwxGLmwbgsZsw (Latest cybersecurity news from "The Hacker News Daily Updates").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News Daily Updates

Emerging Cybersecurity Technologies | Live Virtual Event | March 23, 2023 | 11am-5:15pm EST | Download Now Sponsored

LATEST NEWS Feb 13, 2023

Honeypot-Factory: The Use of Deception in ICS/OT Environments There have been a number of reports of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as production systems are commonly connected to ordinary corporate networks at this point. Though our data does not indicate at this point that a lot of threat actors ... Read More

Chinese Tonto Team Hackers' Second Attempt to Target Cybersecurity Firm Group-IB Fails The advanced persistent threat (APT) actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's also the second attack aimed at Group-IB, the first of which took place in March 2021. Tonto ... Read More

Hackers Targeting U.S. and German Firms Monitor Victims' Desktops with Screenshotter A previously unknown threat actor has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information. Enterprise security company Proofpoint, which is tracking the activity cluster under the name Screentime, said the group, dubbed TA866, is likely financially motivated. "TA866 is an organized actor able to perform well thought-out attacks ... Read More

New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a system administrator on an online forum, where another participant stated that files larger than ... Read More

Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers "use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers ... Read More

CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage (TNAS) devices that could lead to unauthenticated remote code execution with the highest privileges. ... Read More

Researchers Uncover Obfuscated Malicious Code in PyPI Python Packages Four different rogue packages in the Python Package Index (PyPI) have been found to carry out a number of malicious actions, including dropping malware, deleting the netstat utility, and manipulating the SSH authorized_keys file. The packages in question are aptx, bingchilling2, httops, and tkint3rs, all of which were collectively downloaded about 450 times before they were taken down. ... Read More

North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory. The attacks, which demand cryptocurrency ransoms in exchange for recovering access to encrypted files, are designed to support North ... Read More

Emerging Cybersecurity Technologies | Live Virtual Event | March 23, 2023 | 11am-5:15pm EST | Download Now Sponsored