Cyble Chronicles -September 13th: Latest Findings & Recommendations for the Cybersecurity Community
Stay updated on key cybersecurity developments! CISA has disclosed 17 vulnerabilities in LOYTEC, Hughes, and Baxter products and added three critical vulnerabilities to its Known Exploited Vulnerabilities Catalog. CRIL has also uncovered a phishing campaign using reputation hijacking to bypass security. Join Cyble at the ETCISO Annual Conclave and register for our webinar on healthcare cybersecurity risks.
Major ICS Security Flaws Disclosed in LOYTEC, Hughes, and Baxter Products
CISA has issued three major advisories addressing 17 vulnerabilities across products from LOYTEC Electronics GmbH, Hughes Network Systems, and Baxter. These vulnerabilities allow for cleartext transmission of sensitive data, including passwords, which could be exploited in Man-in-the-Middle (MitM) attacks. Despite being reported in 2021, the vulnerabilities are now publicly disclosed due to the vendors' lack of response. Read the whole CRIL analysis here.
CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog
CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog with three critical vulnerabilities: CVE-2016-3714, CVE-2017-1000253, and CVE-2024-40766, which are actively being exploited by cybercriminals. These vulnerabilities pose serious risks to both federal and private organizations. CISA recommends organizations prioritize remediation by applying the latest patches, enabling multi-factor authentication (MFA), and monitoring for unusual activities to strengthen cybersecurity defenses.
Analyse the complete incident here.
Reputation Hijacking with JamPlus: A Maneuver to Bypass Smart App Control (SAC)
Cyble Research and Intelligence Labs (CRIL) has identified a phishing site impersonating a CapCut download page, aiming to distribute malicious software. Threat actors are using a reputation-hijacking technique by embedding a legitimate CapCut-signed application within the malicious package to bypass security systems. This campaign exploits a proof-of-concept (PoC) using the JamPlus build utility to execute malicious scripts while evading detection. Read more.
Recommended by LinkedIn
Cyble Joins the Prestigious ETCISO Annual Conclave
We are excited to announce Cyble Inc.'s participation in the ETCISO Annual Conclave, where top cybersecurity experts will come together to discuss the evolving challenges of security and digital transformation. Join us to explore how Cyble safeguards businesses in an increasingly connected world.
Finding the Antidote to US Healthcare Cyber Threats
The healthcare sector is increasingly vulnerable to cyber threats, including ransomware attacks and supply chain risks. As cybercriminal tactics evolve, healthcare leaders must protect sensitive patient data and uphold trust. Join our webinar to explore cybersecurity challenges in the US healthcare industry. Register here.
Check your Cyber Risk Today!
Start a 14-day trial with our experts and experience firsthand how Cyble’s advanced AI-powered Cyber Threat Intelligence can strengthen your cybersecurity posture.
Cybersecurity Sales, Transformational Sales Coach | Overcoming Adversity | Empowering Professionals to Achieve Holistic Success
2wGreat content and I am particularly interested in the upcoming Healthcare webinar.
CISSP | Helping MSPs, SOC Teams, Cloud Solution Security Providers | Expert in Hybrid, Cloud Deployment and Cybersecurity | AZ-500 | AZ-400 | SC-100
2wReally enjoyed reading details. Thank you for sharing these critical updates! It's clear that the landscape of cybersecurity is constantly evolving, and staying ahead of these threats is paramount. One aspect that often gets overlooked is the importance of user education and awareness. Organizations should invest in regular training programs to ensure employees recognize phishing attempts and understand the importance of strong, unique passwords. Additionally, adopting a zero-trust architecture can further mitigate risks by continuously verifying the trustworthiness of devices and users. Looking forward to the insights from the ETCISO Annual Conclave and the upcoming webinar on healthcare cybersecurity. Keep up the great work, Cyble team!