FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit

Bitdefender Labs reveals how the China-linked FamousSparrow hacking group targeted an Azerbaijani energy firm using ProxyNotShell, Deed RAT,…...

War in Iran Spiked Oil Prices. Trump Will Decide How High They Go

The conflict in the Middle East is driving oil prices up in a midterm year when Americans are already focused on high energy bills...

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve...

Opportunistic Pro-Russia Hacktivists Attack US and Global Critical Infrastructure

CISA, in partnership with Federal Bureau of Investigation, the National Security Agency, Department of Energy, Environmental Protection Agency, the Department of Defense Cyber Crime Center, and other international partners published a joint cybersecurity advisory, Pro-Russia Hacktivists Create...

ABB CoreSense HM和ABB CoreSense M10 路径遍历漏洞

ABB CoreSense HM and ABB CoreSense M10 are both sensors that detect transformer oil from ABB Switzerland. A path traversal vulnerability exists in ABB CoreSense HM version 2.3.1 and earlier and ABB CoreSense M10 version 1.4.1.12 and earlier, which stems from an improperly restricted pathname and...

EUVD-2014-3938

Malware in sbrugna...

EUVD-2023-54676

Malicious code in bioql PyPI...

EUVD-2024-40872

Malicious code in bioql PyPI...

EUVD-2023-40842

Malicious code in bioql PyPI...

CVE-2024-44112

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

Unsophisticated Cyber Actor(s) Targeting Operational Technology

CISA is increasingly aware of unsophisticated cyber actors targeting ICS/SCADA systems within U.S. critical Infrastructure sectors Oil and Natural Gas, specifically in Energy and Transportation Systems. Although these activities often include basic and elementary intrusion techniques, the presenc...

Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT

A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT. The activity, detected by SEQRITE in December 2024, targeted Indian entities und...

CVE-2024-44112

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

CVE-2024-44112

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

CVE-2024-44112

CVE-2024-44112 affects SAP for Oil & Gas (Transportation and Distribution). The root cause is a missing authorization check on a remote-enabled function, allowing an authenticated non-administrative user to delete non-sensitive entries in a user data table. The vulnerability is described as havin...

CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

SAP for Oil & Gas 安全漏洞

SAP for Oil & Gas is an enterprise resource planning ERP solution from SAP, Germany. A security vulnerability exists in SAP for Oil & Gas, which stems from a lack of authorization checking that allows authenticated, non-administrative users to invoke a remote function that would allow them to...

Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America

Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental institutions,...

Friday Squid Blog: The Market for Squid Oil Is Growing

How did I not know before now that there was a market for squid oil? The squid oil market has experienced robust growth in recent years, expanding from $4.56 billion in 2023 to $4.94 billion in 2024 at a compound annual growth rate CAGR of 8.5%. The growth in the historic period can be attributed...