Tag: us cybersecurity and infrastructure security agency
MongoDB’s Data Breach Confirmed – December 18th
MongoDB revealed a data breach exposing customer metadata and sensitive information in an email announcement to their customers. The email, alerting MongoDB's customers of the cyberattack, also informed customers to be aware of heightened phishing email risk due to the data breach, and to set up multi-factor authentication for their accounts as a phishing safety measure.
Pittsburgh-area Water Authority Hit by Cyber Attack – November 28th
The Municipal Water Authority of Aliquippa reported a cyberattack that shut down their water pressure technology, to the U.S. Department of Homeland Security this past weekend. According to the U.S. Department of Homeland Security, the unassuming cyberattack may come with serious international implications, with the attack suspected to come from an anti-Israeli Iranian threat actor group labeled as "Cyber Av3ngers". This nation-state cyberattack is not the first to disrupt critical water infrastructure.
Lazarus equips two new remote access trojan weapons – September 22nd
The Lazarus group is using two new remote access trojans to target health systems' ManageEngine vulnerabilities. The group recently made headlines after targeting healthcare entities in Europe and the US and has since evolved its malware to exploit the CVE-2022047966 vulnerability in the ManageEngine setup, allowing for remote code execution. Its new RAT variants, QuiteRAT and CollectionRAT, allow for the attacker to run arbitrary commands, among other capabilities.