The threat actor got access to the reservoir’s HMI system, which was connected to the internet without any authentication or other security measures put in place to limit access to the system.
A weekly vulnerability digest.
For now, the TrickBot module is only checking if BIOS write protection is enabled or not and has not been seen modifying the firmware itself.
The goal of the campaign may have been to collect credentials that would give the attackers access to the information related to the COVID-19 vaccine distribution.
To gain initial access to target networks threat actors utilize a variety of techniques, including spear phishing and third-party message services.
Since August, the hackers have tried to infiltrate the networks of the two US-based pharmaceutical companies Johnson & Johnson and Novavax, as well as three South Korean firms.
The tool is designed to exfiltrate sensitive documents and other files to the attacker-controlled Dropbox accounts.
The exposed database contained confidential business-related data, including pharmaceutical sales data and full names of Apodis Pharma partners and employees.
The researchers found more than 3,000 internet-exposed Oracle WebLogic servers potentially vulnerable to attacks exploiting CVE-2020-14882.
The two packages named jdb.js and db-json.js were created by the same author and were posing as the legitimate jdb and db-json libraries.
Showing elements 3341 - 3350