Original release date: March 31, 2022CISA has released two Industrial Controls Systems Advisories (ICSAs) detailing vulnerabilities in Rockwell Automation products. An attacker could exploit these vulnerabilities to inject code on affected system. …
Original release date: March 31, 2022The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to inform U.S. Government Facilities Sector partners of cyber actors conducting ransomware attacks on local government age…
Original release date: March 31, 2022CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber acto…
North Korean hackers have been exploiting a zero-day in Chrome.
The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors. One group was dubbed Operation Dream Job, and it targeted more than 250 people working for 10 different companies. The other group, known as AppleJeus, targeted 85 users.
The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users. The attackers placed links to the exploit kit within hidden iframes, which they embedded on both websites they owned as well as some websites they compromised…
Original release date: March 30, 2022The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to warn U.S. election and other state and local government officials about invoice-themed phishing emails that could be us…
Based on two years of leaked messages, 60,000 in all:
The Conti ransomware gang runs like any number of businesses around the world. It has multiple departments, from HR and administrators to coders and researchers. It has policies on how its hackers s…
Gus Simmons is an early pioneer in cryptography and computer security. I know him best for his work on authentication and covert channels, specifically as related to nuclear treaty verification. His work is cited extensively in Applied Cryptography.
He…
Tim Richardson brings 25 years of enterprise-level cyber security experience to New England Safety Partners, previously holding senior-level management roles in Auditing, Sales, Sales Engineering, Global Practice Management, Product Management, Product Marketing, and IT Management. Tim has advised clients how to address their cyber security risks and compliance management challenges across their enterprise environment in […]
Basically, the SafeZone library doesn’t sufficiently randomize the two prime numbers it used to generate RSA keys. They’re too close to each other, which makes them vulnerable to recovery.
There aren’t many weak keys out there, but there are some:
So far, Böck has identified only a handful of keys in the wild that are vulnerable to the factorization attack. Some of the keys are from printers from two manufacturers, Canon and Fujifilm (originally branded as Fuji Xerox). Printer users can use the keys to generate a Certificate Signing Request. The creation date for the all the weak keys was 2020 or later. The weak Canon keys are tracked as CVE-2022-26351…
Toby joined us in November of 2021 to help us with a number of our SOC2 clients. Toby is a strategic, results-driven infrastructure, security, and facilities expert with over 25 years of experience in leadership roles in both public and private companies with experience building, leading and advising technology companies through stages of rapid growth. […]