The Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines earlier this month.
On Tuesday, the wind turbine maker published an updated incident notification, saying that it was still working on restoring systems to “enable business continuity and resume normal operations as soon as reasonably practicable.”
The federal agencies said the threat actors could use custom-built modular malware to scan for, compromise, and take control of ICS and SCADA devices from Schneider Electric, OMRON, and Open Platform Communications.
This vulnerability, identified as CVE-2022-1329, is extremely severe. With over 5 million active installations of Elementor at the time of writing, a significant number of websites are impacted.
Securden makes products that secure access across IT, DevOps, and cloud environments, meaning they can manage passwords for IT teams, govern privileged access, and even enable remote access without a VPN.
The CISA has added ten new security bugs to its list of actively exploited vulnerabilities, including a high severity local privilege escalation bug in the Windows Common Log File System Driver.
Apache has taken another shot at fixing a critical remote code execution vulnerability in its Struts 2 framework for Java applications – because the first patch, issued in 2020, didn’t fully do the trick.
When changes were made to existing policies, they were driven by factors including remote working demands, supply chain failures, increased cyberattack rates, and employee turnover.
Managed detection and response (MDR) solutions provider Critical Start on Tuesday announced that it has received more than $215 million in strategic growth funding from private equity firm Vista Equity Partners.
A proof-of-concept exploit has been released online for the VMware CVE-2022-22954 remote code execution vulnerability, already being used in active attacks that infect servers with coin miners.