News
News
- July 20, 2021
20 Jul'21
DHS unveils second round of new pipeline security requirements
New requirements from DHS for oil and gas pipeline operators include the implementation of 'specific mitigation measures' against cyberthreats, specifically ransomware attacks.
- July 19, 2021
19 Jul'21
US charges members of APT40, Chinese state-sponsored group
The Department of Justice accused four Chinese nationals of hacking into a variety of businesses between 2011 and 2018 to steal trade secrets and other valuable data.
- July 19, 2021
19 Jul'21
US government formally names China in Exchange Server hack
Beyond the Exchange Server hack, the White House's statement condemned China for its malicious cyber behavior and accused the country of government-affiliated ransomware attacks.
-
- July 15, 2021
15 Jul'21
US government launches 'StopRansomware' site
In the latest initiatives to combat ransomware, the new website provides individuals and organizations with services and tools to help reduce the risk of attacks.
- July 15, 2021
15 Jul'21
SonicWall warns of 'imminent' SMA 100/SRA ransomware attacks
SonicWall said that those who fail to update or disconnect their vulnerable SMA 100 and SRA devices are 'at imminent risk of a targeted ransomware attack.'
-
Sponsored News
-
Server Security in the Era of ChatGPT
Sponsored by Dell Technologies and Intel - The importance of security and compliance to applications and data environments cannot be overstated. A GenAI platform deployment is different from a typical infrastructure as a service (IaaS) implementation in terms of who holds the keys and who can read the data. Research by TechTarget's Enterprise Strategy Group has found that even cloud-first organizations are deploying some workloads on premises, rather than the cloud, due to concerns related to data governance and sovereignty (cited by 42% of respondents) and security (cited by 34%). These organizations understand the real potential for data leakage associated with GenAI. See More
-
Dell Technologies GenAI-validated Designs and Dell Reference Designs
Sponsored by Dell Technologies and Intel - It's important to have the right infrastructure in place to support generative AI solutions. The intent should be to keep control of both proprietary data and associated GenAI-related business outcomes. See More
-
Sustainability, AI and Dell PowerEdge Servers
Sponsored by Dell Technologies and Intel - When it comes to energy efficiency and sustainability in IT, rightsizing is critical. Optimizing the infrastructure model and the right hardware needed to run it should be the goal. See More
-
A Generative AI Use Case Brought to Life with Solutions from Dell Technologies
Sponsored by Dell Technologies and Intel - Generative AI is not science fiction. It is real. Implementing and using generative AI is a goal within reach of any organization, not just large technology-centric ones. According to research by TechTarget's Enterprise Strategy Group, 92% of organizations will have generative AI in production within the next year. IT vendors such as Dell Technologies are currently working to bring AI to businesses, organizations and institutions in a manner customized to their unique needs. See More
-
- July 14, 2021
14 Jul'21
Microsoft's 'PrintNightmare' lingers, requires new patches
July's Patch Tuesday update includes critical fixes, but one well-known remote code execution bug might remain open for those with specific registry key settings.
- July 14, 2021
14 Jul'21
Risk & Repeat: Breaking down the Kaseya ransomware attacks
Nearly two weeks after REvil ransomware hit hundreds of companies, Kaseya and its managed service providers are still assessing the damage from the supply chain attack.
- July 14, 2021
14 Jul'21
Microsoft: Chinese threat actor exploited SolarWinds zero-day
Microsoft has observed DEV-0322, the threat actor exploiting the SolarWinds Serv-U zero-day, 'targeting entities in the U.S. Defense Industrial Base Sector and software companies.'
- July 13, 2021
13 Jul'21
Schneider Electric PLCs vulnerable to remote takeover attacks
The authentication bypass vulnerability is a symptom of a much larger security crisis plaguing industrial control hardware, according to researchers who found the bug.
- July 13, 2021
13 Jul'21
Why patching vulnerabilities is still a problem, and how to fix it
Patching is still a struggle for many organizations, and challenges include limited resources, technical debt, decentralized infrastructure and much more.
-
- July 12, 2021
12 Jul'21
Microsoft to acquire RiskIQ to combat growing cyberthreats
Microsoft has agreed to purchase threat intelligence vendor RiskIQ to bolster its cloud security offerings and help customers address global cyberthreats.
- July 12, 2021
12 Jul'21
SolarWinds warns of zero-day vulnerability under attack
SolarWinds says targeted attacks from a single threat actor have been reported on a previously unknown vulnerability in the Serv-U file transfer platform.
- July 08, 2021
08 Jul'21
Dutch researchers shed new light on Kaseya vulnerabilities
Dutch security researchers were working with Kaseya to get an authentication bypass flaw and other bugs patched when the catastrophic supply chain attack occurred.
- July 08, 2021
08 Jul'21
Kaseya post-attack VSA deployment delayed until Sunday
Kaseya CEO Fred Voccola said in an early Wednesday video update that the VSA deployment delay was 'probably the hardest decision I've had to make in my career.'
- July 07, 2021
07 Jul'21
Microsoft posts emergency 'PrintNightmare' patch
The out-of-band patch release addresses a critical flaw that allowed threat actors to gain remote code execution on vulnerable Windows and Windows Server systems.
- July 06, 2021
06 Jul'21
Kaseya ransomware attacks: What we know so far
REvil ransomware threat actors exploited a zero-day vulnerability to issue ransomware payloads disguised as legitimate software updates from Kaseya.
- July 06, 2021
06 Jul'21
Kaseya: 1,500 organizations affected by REvil attacks
Approximately 50 managed service providers and up to 1,500 of their customers were compromised via a devastating supply chain attack on Kaseya by REvil ransomware actors.
- July 02, 2021
02 Jul'21
Russia using Kubernetes cluster for brute-force attacks
The NSA warned that Russian state-sponsored hackers launched a new container-based campaign aimed at breaching networks and stealing essential data from multiple industries.
- June 30, 2021
30 Jun'21
European police lay siege to hacker haven DoubleVPN
An international law enforcement operation shut down DoubleVPN, a Dutch-hosted service that had provided low-cost, underground anonymizing services to cybercriminals.
- June 30, 2021
30 Jun'21
SentinelOne IPO raises $1.2 billion, beating estimates
the endpoint security vendor has gone public in one of the largest IPOs in the cybersecurity industry.
- June 30, 2021
30 Jun'21
Alleged creator of Gozi banking Trojan arrested in Colombia
Romanian Mihai Ionut Paunescu, known as 'Virus,' was charged with two other supposed creators of the Gozi malware back in 2012, but Paunescu is the only one not to be extradited.
- June 29, 2021
29 Jun'21
End users in the dark about latest cyberthreats, attacks
A study from IoT security vendor Armis shows many outside the IT community are unaware of growing threats, leaving a major gap in knowledge of basic security practices.
- June 28, 2021
28 Jun'21
SolarWinds hackers compromised Microsoft support agent
After placing information-stealing malware on a customer support agent's system, the Nobelium threat actors gained access to three Microsoft clients.
- June 28, 2021
28 Jun'21
DarkSide ransomware funded by cybercriminal 'investors'
New ransomware gangs, such as DarkSide, are receiving cryptocurrency investments from their peers and are poised to make life difficult for enterprises and law enforcement alike.
- June 24, 2021
24 Jun'21
Atlassian moves to lock down accounts from takeover bugs
Check Point Research uncovered a set of flaws that, if chained together, would have enabled attackers to hijack accounts with single sign-on enabled.
- June 24, 2021
24 Jun'21
Namecheap refines strategy to fight malicious domains
Security researchers this month noted drastic improvements in the domain registrar's effort to respond to and mitigate reports of malicious and fraudulent sites.
- June 24, 2021
24 Jun'21
HPE jumps into zero trust with Project Aurora
Enterprise giant HPE says its new zero-trust offering, dubbed Project Aurora, will make its debut later this year with the GreenLake hybrid cloud platform.
- June 24, 2021
24 Jun'21
Dell BIOSConnect flaws affect 30 million devices
Eclypsium researchers discovered vulnerabilities that, if exploited, can allow remote code execution in a pre-boot environment for 128 different Dell products.
- June 23, 2021
23 Jun'21
Risk & Repeat: US opens door for hacking back
This episode of the Risk & Repeat podcast discusses the growing pressure on the U.S. to respond to cyber attacks and if hacking back will be part of the plan.
- June 22, 2021
22 Jun'21
COVID, gift cards and phony acquisitions top BEC attack trends
New research from Cisco Talos shows cybercriminals are still using the COVID-19 pandemic for BEC attacks to steal millions, but in slightly different ways.
- June 21, 2021
21 Jun'21
Biden proposes critical infrastructure safe zones for hacking
The U.S. wants Russia to agree to make critical infrastructure targets off limits to hacking, but some infosec experts are skeptical such an agreement can be enforced.
- June 17, 2021
17 Jun'21
SolarWinds response team recounts early days of attack
During a webcast, members of the SolarWinds incident response team explained how a lucky break with a virtual machine aided their investigation into the historic breach.
- June 16, 2021
16 Jun'21
6 suspected Clop ransomware gang members arrested in Ukraine
The impact of the arrests is unknown, as Clop's ransomware leak site remains online after the arrests. The scale of the gang's current operation is also unknown.
- June 16, 2021
16 Jun'21
Zscaler: Exposed servers, open ports jeopardizing enterprises
Zscaler analyzed 1,500 networks and found administrators are leaving basic points of entry wide open for attackers as neglected servers are falling by the wayside.
- June 16, 2021
16 Jun'21
Repeat ransomware attacks hit 80% of victims who paid ransoms
New research from Cybereason offers troubling findings for organizations that pay ransoms, from repeat attacks to corrupted data and faulty decryption tools.
- June 15, 2021
15 Jun'21
Apple issues patches for two more WebKit zero-days
Apple said both WebKit zero-days, which affect older iOS devices, have reportedly been exploited in the wild, but further details about the threat activity are unknown.
- June 14, 2021
14 Jun'21
Accellion breach raises notification concerns
Victims of the breach continue to emerge, and one customer said it could have acted sooner, but a critical alert about a zero-day never left Accellion's email system.
- June 11, 2021
11 Jun'21
Slilpp marketplace goes dark following government takedown
Slilpp, a massive dark web emporium for buying and selling stolen credentials, has been pulled offline by an international law enforcement takedown.
- June 11, 2021
11 Jun'21
Securolytics COO charged in Georgia hospital cyber attack
Details on the cyber attack are scarce, but according to the indictment, Vikas Singla allegedly attempted to steal data and disrupt the hospital's phone system.
- June 11, 2021
11 Jun'21
Cisco Talos: Exchange Server flaws accounted for 35% of attacks
More than one third of incidents recorded by Cisco Talos in the past three months were related to four Microsoft Exchange Server zero-days first revealed in March.
- June 10, 2021
10 Jun'21
JBS USA paid $11M ransom to REvil hackers
Last week JBS USA said the ransomware attack was resolved and all facilities were fully operational, but now the company confirmed it paid a huge ransom.
- June 10, 2021
10 Jun'21
Risk & Repeat: Colonial Pipeline CEO grilled by Congress
Colonial Pipeline Co. CEO Joseph Blount faced criticism from several members of Congress this week during two different hearings on the recent ransomware attack.
- June 09, 2021
09 Jun'21
Mandiant: Compromised Colonial Pipeline password was reused
The Colonial Pipeline VPN password was relatively complex, according to Mandiant CTO Charles Carmakal, and likely would have been difficult for DarkSide threat actors to guess.
- June 08, 2021
08 Jun'21
FBI used encrypted Anom app in international crime bust
The FBI secretly ran an encrypted chat network that included 12,000 devices and was widely used by criminal organizations across the globe for various illegal dealings.
- June 08, 2021
08 Jun'21
FBI seized Colonial Pipeline ransom using private key
After Colonial Pipeline paid a $4.4 million ransom demand in last month's attack, the DOJ announced the majority of the funds have been retrieved by the FBI.
- June 08, 2021
08 Jun'21
CISA taps Bugcrowd for federal vulnerability disclosure program
The new program follows a CISA directive from September that requires executive branch agencies to create and publish vulnerability disclosure policies.
- June 07, 2021
07 Jun'21
DOJ charges alleged Trickbot developer
Several of the 19 charges brought against the alleged Trickbot Group developer Alla Witte include bank fraud and aggravated identity theft.
- June 07, 2021
07 Jun'21
Hackers vs. lawyers: Security research stifled in key situations
The age-old debate between sharing information or covering legal liability is a growing issue in everything from bug bounties to disclosing ransomware attacks.
- June 03, 2021
03 Jun'21
White House issues ransomware directive for businesses
The Biden administration aims to stem parade of ransomware infections, data thefts and massive payouts to cybercriminal groups with a list of security best practices.
- June 03, 2021
03 Jun'21
FireEye and Mandiant part ways in $1.2B deal
FireEye products and Mandiant incident response services will split into two entities under the pending acquisition of FireEye by Symphony Technology Group.
- June 02, 2021
02 Jun'21
ExaGrid revealed as latest Conti ransomware casualty
The data backup vendor appears to have paid a $2.6 million ransom after Conti threat actors breached its corporate network and stole internal documents.
- June 01, 2021
01 Jun'21
Risk & Repeat: Security startups and trends from RSAC 2021
Analyst Carla Roncato of Enterprise Strategy Group weighs in on RSA Conference and the security startups featured during the show's Innovation Sandbox competition.
- May 27, 2021
27 May'21
DHS opens valve on new pipeline security requirements
The U.S. government has put forward a trio of new cybersecurity requirements for companies that operate oil and gas pipelines, including incident reporting and risk assessment.
- May 27, 2021
27 May'21
Apiiro wins RSA Conference Innovation Sandbox Contest
Apiiro's automated Code Risk Platform analyzes enterprise software for material changes that can lead to security vulnerabilities, data exposures and compliance risks.
- May 26, 2021
26 May'21
Rowhammer reach extended for new attack method
Google researchers discovered a bit-flipping hardware trick can now be carried out across extra rows of transistors, circumventing protections against the attack technique.
- May 26, 2021
26 May'21
US agencies lack supply chain best practices post-SolarWinds
Vijay D'Souza, the GAO's director of IT and cybersecurity, said during a joint hearing that 'none of the agencies have fully implemented our recommendations.'
- May 25, 2021
25 May'21
Operational technology is the new low-hanging fruit for hackers
FireEye researchers say exposed and poorly guarded industrial systems are being increasingly compromised by low-skill hackers using entry-level exploit techniques.
- May 25, 2021
25 May'21
Chaos in Maricopa County: The election audit explained
The controversy about an election audit of Maricopa County, Ariz., involves accusations of deleted databases, bamboo fibers and potentially ruined voting machines.
- May 25, 2021
25 May'21
Risk & Repeat: Recapping RSA Conference 2021
Election security, nation-state threats and supply chain attacks were major topics at this year's RSA Conference, which was held as a virtual event.
- May 24, 2021
24 May'21
Conti ransomware spree draws FBI attention
Hospitals and emergency service networks in the U.S. are at heightened risk from the new ransomware operation that disrupted Ireland's healthcare system in recent weeks.
- May 21, 2021
21 May'21
Stale sessions, ML poisoning among 2021's top security threats
An all-star security panel at RSA Conference discusses the biggest issues facing companies today and what it thinks will emerge as the top threats in the coming months.
- May 20, 2021
20 May'21
U.S. officials discuss 2020 election security, misinformation
During an RSA Conference 2021 panel, the CISO for Maricopa County, Ariz., said misinformation posed a bigger challenge for election officials than actual cyberattacks.
- May 20, 2021
20 May'21
CrowdStrike breaks down 'Golden SAML' attack
The nightmare scenario, demonstrated at RSA Conference 2021, was used by threat actors in the SolarWinds breach and gave them control over both cloud and on-premises systems.
- May 20, 2021
20 May'21
Infosec experts: Threat landscape is worst in 60 years
Between an increasing sophistication seen in nation-state groups and a rise in ransomware that's affecting everyone, the threat landscape may be reaching a historic peak.
- May 19, 2021
19 May'21
SentinelOne: More supply chain attacks are coming
At RSA Conference 2021, SentinelOne threat researcher Marco Figueroa discussed the implications of the SolarWinds attacks, which he called one of the biggest hacks ever.
- May 19, 2021
19 May'21
SolarWinds CEO: Supply chain attack began in January 2019
SolarWinds CEO Sudhakar Ramakrishna clarified earlier remarks from the company and said the massive supply chain attack was not the result of an intern's mistake.
- May 19, 2021
19 May'21
Cisco shares lessons learned in zero-trust deployment
The networking giant explained at RSA Conference 2021 how it was able to deploy a company-wide zero trust model in less than six months, and what it learned along the way.
- May 18, 2021
18 May'21
Attorneys share worst practices for data breach response
Angry emails, bad jokes and sloppy reports can all lead to legal headaches following a data breach, according to a panel of experts at RSA Conference 2021.
- May 18, 2021
18 May'21
McAfee CTO: Use data to make better cyber-risk decisions
According to McAfee CTO Steve Grobman, the best response to today's cyber-risks includes both human and technology-based solutions, like threat intelligence and good security hygiene.
- May 18, 2021
18 May'21
Neuberger calls for shift in software supply chain security
In an RSA Conference keynote, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said security requires a major "mindset shift."
- May 18, 2021
18 May'21
5 ways bad incident response plans can help threat actors
Infosec executives from Netskope and Chipotle Mexican Grill hosted an RSA Conference session about their personal experiences and lessons learned while responding to attacks.
- May 18, 2021
18 May'21
Sophos: 81% of attacks last year involved ransomware
The majority of incidents Sophos responded to in the last year involved ransomware. The company also found the median dwell time of attackers was 11 days.
- May 17, 2021
17 May'21
Hackers turn Comcast voice remotes into eavesdropping tool
Guardicore researchers at RSA Conference 2021 manipulated the Xfinity XR11 voice controller to covertly record household conversations, raising concerns about IoT devices.
- May 14, 2021
14 May'21
'Scheme flooding' bug threatens to sink user privacy
Researchers have uncovered a blind spot in web security that opens the door for tracking across multiple browsers and thwarts common privacy protections like incognito and VPN.
- May 13, 2021
13 May'21
Verizon DBIR shows sharp increase in ransomware attacks
According to Verizon's latest Data Breach Investigations Report, 60% of ransomware cases involved either direct installation or installation via desktop sharing software.
- May 13, 2021
13 May'21
Biden signs executive order to modernize cyberdefenses
Following several high-profile attacks on the federal government, the new executive order seeks to eliminate outdated security practices and improve supply chain security.
- May 13, 2021
13 May'21
'FragAttacks' eavesdropping flaws revealed in all Wi-Fi devices
Security researcher Mathy Vanhoef said every Wi-Fi device is impacted by at least one of the 12 vulnerabilities, and most devices are vulnerable to several of the flaws.
- May 12, 2021
12 May'21
Hacker makes short work of Apple AirTag jailbreak
A security researcher discovered a jailbreaking method for Apple's new mobile locating tracking devices, which were introduced just last month.
- May 12, 2021
12 May'21
Senate hearing raises questions about SolarWinds backdoors
U.S. Department of Commerce CISO Ryan Higgins said in a Senate committee hearing Tuesday that his department was one of first agencies to detect the systemic compromise.
- May 12, 2021
12 May'21
DarkSide: The ransomware gang that took down a pipeline
DarkSide may be best known for the Colonial Pipeline ransomware attack, but the gang has hit dozens of organizations since last summer, presenting itself as a Robin Hood-type group.
- May 12, 2021
12 May'21
Cyber insurance firm AXA halts coverage for ransom payments
As ransomware attacks increase across the globe and ransom payment reimbursement becomes a key issue for cyber insurers, AXA may be setting a new trend for private industries.
- May 12, 2021
12 May'21
Funding is key to strengthening national cybersecurity
In the wake of the Colonial Pipeline ransomware attack, national cybersecurity experts make the case for additional funding during a Senate hearing.
- May 10, 2021
10 May'21
Colonial Pipeline runs dry following ransomware attack
A vital U.S. oil supply was shut down to prevent a ransomware infection from spreading from corporate IT systems to more crucial operational technology systems.
- May 07, 2021
07 May'21
'Bulletproof' hosts catch RICO charges for aiding cybercriminals
Four men pleaded guilty to RICO conspiracy charges for operating a bulletproof hosting service that provided infrastructure to cybercriminals' operations.
- May 06, 2021
06 May'21
'BadAlloc' vulnerabilities spell trouble for IoT, OT devices
A week after Microsoft revealed 25 memory allocation vulnerabilities in several IoT and OT products, some devices have been patched, while others have not.
- May 06, 2021
06 May'21
Popular mobile apps leaking AWS keys, exposing user data
Security researchers at CloudSek discovered approximately 40 popular mobile apps contained hardcoded API secret keys, putting both user information and corporate data at risk.
- May 06, 2021
06 May'21
US defense contractor BlueForce apparently hit by ransomware
The Conti ransomware operators demanded nearly $1 million in bitcoin during ransomware negotiations and threatened to publish the defense contractor's data on its leak site.
- May 06, 2021
06 May'21
Dell patches high-severity flaws in firmware update driver
SentinelOne discovered the flaws in Dell's firmware update driver in December. There's no evidence that hackers have exploited the 12-year-old vulnerabilities.
- May 05, 2021
05 May'21
Twilio discloses breach caused by Codecov supply chain hack
Twilio utilizes Codecov tools including the previously compromised Bash Uploader script. It said that a "small number" of customer emails were potentially exposed.
- May 05, 2021
05 May'21
Researchers use PyInstaller to create stealth malware
Academic researchers say the application builder could be used to create undetectable attack bundles that bypass many widely used antimalware programs.
- May 04, 2021
04 May'21
Qualys finds 21 vulnerabilities in Exim mail software
Qualys, which discovered the '21Nails' vulnerabilities, said that it did not see evidence of exploitation, but many vulnerabilities are 17 years old and at risk of being exploited.
- May 03, 2021
03 May'21
Apple hurries out fixes for WebKit zero-days
Mac and iOS users are urged to patch their devices immediately for Apple WebKit flaws following reports of active exploits in the wild.
- April 30, 2021
30 Apr'21
Risk & Repeat: Will the Ransomware Task Force make an impact?
The Institute for Security and Technology's Ransomware Task Force published several recommendations to better address the growing security threat. Will they work?
- April 29, 2021
29 Apr'21
Ransomware Task Force takes aim at cryptocurrencies
The Ransomware Task Force released a new report with recommendations on how to tackle the growing ransomware problem, including regulation of cryptocurrency services.
- April 29, 2021
29 Apr'21
SolarWinds puts national cybersecurity strategy on display
Biden imposed economic sanctions on Russia for its role in the SolarWinds cyber attack. Experts see the response as just one part of a larger national cybersecurity strategy.
- April 28, 2021
28 Apr'21
Codecov breach raises concerns about software supply chain
So far, only HashiCorp has disclosed a breach connected to the attack on Codecov, but threat researchers have drawn parallels to the SolarWinds supply chain attacks.
- April 27, 2021
27 Apr'21
Rise in ransom payments may fuel more dangerous attacks
A new report from Coveware found that ransom payments increased significantly in Q1 this year, as did ransomware actors' use of software vulnerabilities in attacks.
- April 26, 2021
26 Apr'21
Remaining Emotet infections uninstalled by German police
A German federal police action led to all infections of Emotet malware being uninstalled Sunday, following an international police takeover of Emotet infrastructure in January.
- April 26, 2021
26 Apr'21
Hackers targeting VPN vulnerabilities in ongoing attacks
As remote work increased during the pandemic, threat actors increasingly targeted known vulnerabilities.
- April 22, 2021
22 Apr'21
DOJ creates ransomware task force to combat digital extortion
An internal memo from the DOJ said the task force will 'bring the full authorities and resources of the Department' in order to confront the growing threat of ransomware.