Articles tagged "Phishing"

Found 301 articles

Actively Exploited

A global phishing campaign has been detected that disguises a Lua loader as a TrueType font file to deploy remote access Trojans (RATs) and information stealers. Attackers are using this method to bypass security measures by making the malicious files appear innocuous. This tactic affects users who may inadvertently open these disguised files, leading to potential data breaches or unauthorized access to systems. The presence of such sophisticated phishing techniques raises concerns about the effectiveness of traditional email security measures. Users need to be vigilant about unexpected email attachments, even if they seem harmless, to avoid falling victim to these types of attacks.

Read Original

Rockwell Automation has identified several vulnerabilities in its CompactLogix, ControlLogix, Compact GuardLogix, and GuardLogix products that could allow attackers to cause a denial-of-service (DoS) condition. The affected versions include various models of CompactLogix and ControlLogix controllers, specifically those running versions V35.015 or lower for the 5370 and 5570 series, and V34.012 or V35.011 for the 5380, 5480, and 5580 series. If exploited, these vulnerabilities could lead to the devices entering a non-recoverable fault state, disrupting operations in critical manufacturing sectors. Users are urged to update their systems to the latest versions to mitigate these risks, as the vulnerabilities have a high severity rating (CVSS score of 8.6).

Read Original
Critical
Rockwell Automation Flex 5000 Adapter

All CISA Advisories

Rockwell Automation has reported a vulnerability in its Flex 5000 Adapter, specifically version 6.011, that could lead to a denial-of-service (DoS) condition. This issue arises from improper handling of specific CIP packets, which can cause the adapter to become unresponsive, necessitating a power cycle to restore functionality. The vulnerability is classified as CVE-2026-12659 and has a CVSS score of 7.5, indicating a high severity level. Users are advised to upgrade to version 6.012 to mitigate this risk. For those unable to update, Rockwell Automation recommends following its security best practices to safeguard their systems. This vulnerability is particularly concerning for sectors involved in critical manufacturing and information technology, affecting organizations globally.

Read Original

A serious vulnerability has been identified in Rockwell Automation's FactoryTalk DataMosaix Private Cloud software, affecting versions up to 8.02. This flaw, classified as CVE-2026-9292, allows authenticated attackers to inject malicious scripts into the server due to improper handling of user input. If exploited, this could lead to account takeovers, credential theft, or redirection to harmful websites when other users access the compromised pages. Rockwell Automation recommends that users upgrade to version 8.03 or later to mitigate the risk. For those unable to upgrade, following security best practices outlined by Rockwell is advised. Although there have been no reports of active exploitation of this vulnerability, organizations are urged to enhance their security measures to protect against potential threats.

Read Original

Rockwell Automation has reported a vulnerability affecting their 1756-EN2, 1756-EN3, and 1756-ENBT communication modules. Specifically, versions 1756-EN3 and 1756-EN2 up to V12.001, and 1756-ENBT V6.006 are susceptible to a denial-of-service attack due to improper validation of connection packets. An attacker on the same network could exploit this issue by sending malicious packets that disrupt device connections, although these connections can recover immediately. This vulnerability is particularly concerning for industries relying on critical manufacturing infrastructure, as it could lead to significant operational disruptions. Users are advised to update their devices to version 12.002 to mitigate this risk.

Read Original
Critical
Rockwell Automation Arena

All CISA Advisories

Rockwell Automation's Arena software has several critical vulnerabilities that could allow attackers to execute arbitrary code. These vulnerabilities affect versions up to V17.00.00 and include issues in components like model.exe, expmt.exe, linker.exe, and siman.exe. The problems arise from improper validation of user-supplied data, leading to out-of-bounds writes. Users are urged to update to version V17.00.01 to mitigate the risks. This situation is particularly concerning for sectors involved in critical manufacturing, as the software is used worldwide. No active exploitation of these vulnerabilities has been reported yet, but organizations should remain vigilant.

Read Original
Critical
AutomationDirect Productivity Suite

All CISA Advisories

AutomationDirect's Productivity Suite has several critical vulnerabilities that could be exploited by attackers with local or physical access. These vulnerabilities, affecting versions up to 4.6.2.2, include out-of-bounds writes and reads, which could lead to memory corruption, information disclosure, and system instability. Users are strongly advised to update to version 4.7.0.47 or later to mitigate these risks. In the meantime, AutomationDirect recommends several compensating controls, such as disconnecting affected workstations from external networks and restricting access to authorized personnel only. The vulnerabilities affect critical manufacturing sectors worldwide, emphasizing the need for immediate attention from users of the software.

Read Original

A vulnerability has been identified in NASA's Core Flight System (cFS) Health & Safety (HS) Application, specifically affecting versions prior to 7.0.1. This flaw allows attackers to cause the application to crash when processing certain telemetry requests, resulting in a denial-of-service condition. The vulnerability, categorized as CVE-2026-15352, poses a risk to critical infrastructure, particularly in the transportation sector, as the application is used globally. Users are urged to update to version 7.0.1 to mitigate this risk. While there have been no reports of the vulnerability being actively exploited in the wild, organizations are advised to take precautionary measures to secure their systems against potential attacks.

Read Original
Actively Exploited

A recent survey of 2,158 IT and security leaders reveals that email, particularly through phishing attacks, is the primary method for cyber attackers to gain access to networks. In many cases, employees unknowingly open malicious emails and provide their login credentials, allowing attackers to infiltrate deeper into the system. This chain of events often leads to ransomware incidents, where files become inaccessible. Notably, while ransom demands have decreased, the reliance on email as an attack vector remains significant, accounting for half of all reported incidents. This trend emphasizes the need for organizations to bolster their email security and educate employees about the risks of phishing.

Read Original
Actively Exploited

Phishing attacks targeting finance departments are becoming increasingly sophisticated and effective. According to research from Cofense, attackers are crafting phishing emails that mimic legitimate business communications, making them harder to detect. These emails often bypass advanced email security tools, such as AI-based secure email gateways, because they lack the typical urgency cues that would raise alarms. This tactic poses a significant risk to organizations in the financial sector, as employees might unknowingly engage with these deceptive messages, potentially leading to data breaches or financial loss. Companies need to enhance employee training and awareness to combat these subtle phishing efforts.

Read Original

A recent analysis shows that email attacks have surpassed software exploits as the leading cause of ransomware incidents. Last year, attackers increasingly targeted credentials via phishing and other identity-based tactics. Despite the widespread use of multifactor authentication (MFA)—implemented in 97% of these credential-based attacks—many organizations still faced compromises. This shift highlights a significant vulnerability in how companies defend against identity theft, emphasizing the need for improved security measures beyond just MFA. As cybercriminals adapt their strategies, businesses must rethink their security protocols to better protect sensitive information.

Read Original
Actively Exploited

A phishing campaign that lasted six months used seasonal eCards to trick victims into downloading legitimate Remote Monitoring and Management (RMM) tools. Attackers crafted emails that appeared to be friendly holiday greetings, leading individuals to believe they were receiving festive messages. Instead, these emails contained links that, when clicked, installed RMM software on the victims' devices without their knowledge. This tactic poses a significant risk as it allows attackers to gain remote access to the systems of unsuspecting users, potentially leading to data breaches and further exploitation. Companies and individuals need to be vigilant about unexpected emails, especially those that seem too good to be true, to avoid falling victim to similar attacks.

Read Original

Recent research by Sophos reveals that compromised logins are now the leading method for ransomware delivery, surpassing traditional software vulnerabilities. This shift means that attackers are increasingly using phishing, brute force attacks, and other identity-based threats to gain access to networks. As a result, organizations may be at greater risk if they do not enhance their security measures around user credentials. Companies should prioritize employee training on recognizing phishing attempts and implement multi-factor authentication to bolster defenses. This change in attack vectors highlights the need for a more proactive approach to cybersecurity, particularly in safeguarding login credentials.

Read Original

Lidl has informed its online shop customers in Germany, Belgium, and the Netherlands about a data breach that involved the theft of personal data. This incident occurred due to a compromise of an external IT service provider, although payment information was not affected. The company reached out to customers last week to notify them of the breach and the potential risks associated with their stolen information. Customers should remain vigilant for any suspicious activity related to their personal data, as it could be used for identity theft or phishing attempts. This breach highlights the vulnerabilities associated with third-party service providers and the importance of robust security measures.

Read Original
Actively Exploited

A misconfigured server has exposed the operations of three phishing groups using Evilginx forks, which are tools designed to bypass multi-factor authentication (MFA). This incident shows how attackers can exploit configuration errors to facilitate phishing attacks that are more sophisticated and harder to detect. The exposed data could potentially allow these operators to target unsuspecting users, putting sensitive information at risk. As more organizations adopt MFA as a security measure, attackers are finding ways to circumvent these protections, making it essential for companies to ensure their server configurations are secure. This incident serves as a reminder of the importance of proper server management and security practices.

Read Original
Page 1 of 21Next