Aggregator

Security researchers at LRQA have uncovered a critical remote code execution (RCE) vulnerability in Broadcom’s Symantec Endpoint Management Suite, formerly known as Altiris, that could allow unauthenticated attackers to execute arbitrary code on vulnerable systems. The flaw, assigned CVE-2025-5333, affects multiple versions of the widely used enterprise endpoint management platform and has been rated with […]

The post Critical RCE Vulnerability Found in Symantec Endpoint Management Platform appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority security alert warning of serious vulnerabilities in railway brake control systems that could allow attackers to commandeer train operations and potentially cause catastrophic accidents. The alert, published on July 10, 2025, identifies critical flaws in the End-of-Train and Head-of-Train remote linking protocol used across […]

The post CISA Flags Remote Linking Protocol Flaws Allowing Attackers to Hijack Train Brake Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In this Help Net Security interview, Robert Knoblauch, CISO at Element Fleet Management, discusses how the rise of connected vehicles and digital operations is reshaping fleet management cybersecurity. He points to growing risks like API breaches, tampering with onboard diagnostics, and over-the-air update attacks, and explains how a layered zero-trust model and practical use of AI help tackle them. Knoblauch also shares how predictive analytics and real-time data are driving proactive security and safety across … More →

The post Securing vehicles as they become platforms for code and data appeared first on Help Net Security.

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Wing FTP Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the security flaw in the wild. Critical Security Flaw Enables System Takeover The vulnerability, tracked as CVE-2025-47812, affects Wing FTP Server and involves improper neutralization of null […]

The post CISA Issues Alert on Actively Exploited Wing FTP Server Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A growing number of MSPs, MSSPs, and consultancies are moving beyond one-and-done engagements and transforming from tactical vendors into strategic advisors. They’re shifting toward recurring cybersecurity programs that not only improve client outcomes but also generate compounding business value. Each successful engagement builds trust, leading to deeper relationships, longer contracts, and stronger retention – a revenue flywheel in action. This scalable and sustainable approach is at the heart of Cynomi’s Playbook: Transforming Your Cybersecurity Practice … More →

The post How service providers can turn cybersecurity into a scalable MRR engine appeared first on Help Net Security.

与“Scattered Spider”战术有关的黑客在攻击保险和零售行业之后，将目标扩大到航空和运输行业。这些威胁者采用了逐个行业进行攻击的方法，最初针对英国和美国的零售公司，如M&S和Co-op，随后将重点转移到保险公司。

虽然这些威胁者一开始并没有被正式指定为对保险行业的攻击负责，但最近的事件已经影响了Aflac、Erie保险公司和费城保险公司。

黑客攻击航空业

6月12日，加拿大第二大航空公司WestJet遭遇网络攻击，导致公司内部服务和移动应用程序短暂中断。泄露事件发生后不久，Palo Alto Networks和微软正在协助应对这次攻击。

这次攻击被归咎于Scattered Spider组织，据称它破坏了该公司的数据中心和微软云环境。

威胁者通过为一名员工执行自助密码重置来获得访问权限，这使他们能够注册自己的MFA，并通过Citrix远程访问网络。

当其他威胁者进行身份攻击时，由于他们经常以帮助台、密码和MFA基础设施为目标，Scattered Spider已经与这种策略联系在一起。

目前，夏威夷航空公司也披露，他们遭受了网络攻击，但没有提供任何细节可以表明谁是攻击的幕后黑手。随后据多方了解，Scattered Spider应该对此负责。

Palo Alto Networks负责咨询和威胁情报的高级副总裁证实，Scattered Spider已经开始瞄准航空业。

Mandiant的Charles Carmakal还警告说，威胁者现在已经将注意力转移到航空和运输领域。据悉，Scattered Spider已将北美航空公司和运输公司加入了他们的目标名单。

Mandiant建议业界立即采取措施，在向员工/承包商帐户添加新的电话号码（威胁者可以使用它来执行自助密码重置），重置密码，向MFA解决方案添加设备或提供可用于后续社会工程攻击的员工信息（例如员工id）之前，加强其帮助台身份验证流程。

美国航空公司目前也遭遇了IT故障，但尚不清楚这是否是安全事故。有媒体联系了航空公司，但没有收到回复。

什么是Scattered Spider

Scattered Spider，也被称为0ktapus、Starfraud、UNC3944、Scatter Swine、Octo Tempest和Muddled Libra，是一种威胁者的分类，擅长使用社会工程攻击、网络钓鱼、多因素认证（MFA）轰炸（目标MFA疲劳）和SIM交换来获得大型组织的初始网络访问权限。

这些威胁者拥有不同的技能，经常光顾同一个黑客论坛、Telegram频道和Discord服务器。然后使用这些媒介来实时计划和执行攻击。

其中一些人被认为是“Com”的一部分——一个以金融欺诈、加密货币盗窃、数据泄露和勒索攻击而闻名的松散威胁行为者社区。

虽然Scattered Spider通常被认为是一个有凝聚力的团伙，但它实际上是用来表示在进行攻击时使用特定策略的威胁组织。由于与Scattered Spider战术相关的攻击也经常被来自松散威胁者网络的不同个体使用，因此很难跟踪它们。

与许多其他威胁组织不同，与Scattered Spider有关的组织与讲俄语的勒索软件团伙合作，如黑猫、RansomHub和DragonForce。

其他与Scattered Spider有关的攻击包括米高梅、玛莎百货、Co-op、Twilio、Coinbase、DoorDash、Caesars、MailChimp、Riot Games和Reddit。

组织防御这种类型的威胁者应该从获得整个基础设施、身份系统和关键管理服务的完全可见性开始。这包括保护自助密码重置平台和帮助台，这是这些威胁者的常见目标。

谷歌威胁情报集团（GTIG）和Palo Alto Networks都发布了针对这些威胁者使用的已知Scattered Spider策略的强化防御指南。建议所有管理员熟悉这些技巧，并加强他们的身份平台和流程。