'

Microsoft demonstrates remote code execution exploit against PLCs that support CODESYS

Researchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) vulnerabilities in the popular automation protocol. The flaws were patched earlier this year and impact the CODESYS V3 software development kit (SDK) that is integrated in more than 1,000 … Read more

Cyber Mindfulness Corner Company Spotlight: Mimecast

Cyber Mindfulness Corner Company Spotlight: Mimecast

At the IT Security Guru we’re showcasing organisations that are passionate about making cybersecurity a healthier, more mindful industry. This week, Johan Dreyer, Field CTO, EMEA, at Mimecast, tells the Gurus about burnout, leading by example, and the future of cybersecurity. Johan Dreyer has been working across the IT Infrastructure, Messaging and Security industry for … Read more

Major Story – Data Breach Exposes Sensitive Police Data In Northern Ireland

Major Story – Data Breach Exposes Sensitive Police Data In Northern Ireland

In a significant blow to data security, the Police Service of Northern Ireland (PSNI) has fallen victim to a major data breach this week, resulting in the exposure of sensitive information to both officers and citizens, raising concerns about the potential implications for national security and personal privacy. The breach compromised highly sensitive data including … Read more

1 in 5 CIOs Believe Cyber Security Ops Are Not An Immediate Priority

1 in 5 CIOs Believe Cyber Security Ops Are Not An Immediate Priority

In April 2023, Acora conducted a survey that revealed insights into the changing responsibilities of Chief Information Officers (CIOs) and their main focuses in mid-market companies in the UK. The research included 126 decision-makers from UK-based financial services companies and aimed to identify the difficulties and modifications that resulted from the transition to a hybrid … Read more

66% of Organisations in UK Set to Ban ChatGPT and Generative AI Apps on Work Devices

66% of Organisations in UK Set to Ban ChatGPT and Generative AI Apps on Work Devices

This week, BlackBerry Limited released new research revealing that 66% of organisations in the UK are currently implementing or considering bans on ChatGPT and other Generative AI applications within the workplace. 69% of those deploying or considering bans said the measures are intended as long term or permanent, with risks to data security, privacy, and … Read more

Whirlpool malware rips open old Barracuda wounds

Whirlpool malware rips open old Barracuda wounds

Advanced persistent threat (APT) attacks targeting a former zero-day remote command injection vulnerability in Barracuda email security gateway (ESG) appliances have been detected by the US cybersecurity and infrastructure security agency (CISA). The vulnerability, according to a CISA alert, was used to plant malware payloads of Seapsy and Whirlpool backdoors on the compromised devices. While … Read more

The CSO guide to top security conferences

The CSO guide to top security conferences

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts. Fortunately, plenty of great conferences are coming up in the months ahead. … Read more

Check Point beefs up SASE offering with $490M Perimeter 81 acquisition

Check Point beefs up SASE offering with 0M Perimeter 81 acquisition

Cybersecurity company Check Point Software is acquiring secure access service edge (SASE) and network security vendor Perimeter 81 for $490 million, to beef up its offerings for security beyond the network perimeter at a time when business is increasingly conducted in hybrid and remote work settings. The plan is to integrate Perimeter 81’s zero trust … Read more

Takeovers of MFA-protected accounts increase, as Microsoft 365 phishing campaign shows

Takeovers of MFA-protected accounts increase, as Microsoft 365 phishing campaign shows

A Microsoft 365 phishing campaign has targeted over 100 companies since March and successfully compromised accounts belonging to senior business executives. The attackers used EvilProxy, a phishing toolkit that uses reverse-proxy tactics to bypass multifactor authentication (MFA). “Contrary to what one might anticipate, there has been an increase in account takeovers among tenants that have … Read more

Gafgyt botnet is targeting EoL Zyxel routers

Researchers warn that the Gafgyt botnet is actively exploiting a vulnerability impacting the end-of-life Zyxel P660HN-T1A router. A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. The flaw is a command injection vulnerability that resides in the Remote System Log … Read more

Charming Kitten APT is targeting Iranian dissidents in Germany

Germany’s Federal Office for the Protection of the Constitution (BfV) warns that the Charming Kitten APT group targeted Iranian dissidents in the country. The Federal Office for the Protection of the Constitution (BfV) is warning that an alleged nation-state actor targeted Iranian dissident organizations and individuals in the country. The intelligence agency attributes the attack … Read more

Statc Stealer, a new sophisticated info-stealing malware

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. The malware can steal sensitive information from various web browsers, including login data, … Read more