News
News
- April 21, 2021
21 Apr'21
Zero-day flaw in Pulse Secure VPN exploited in attacks
A remote code execution vulnerability found in Pulse Secure VPN appliances has been exploited in attacks affecting government, defense and financial organizations.
- April 21, 2021
21 Apr'21
Hackers exploit 3 SonicWall zero-day vulnerabilities
SonicWall patched the zero-day vulnerabilities earlier this month, but the security vendor didn't disclose they were being exploited until Tuesday.
- April 20, 2021
20 Apr'21
The wide web of nation-state hackers attacking the U.S.
Cybersecurity experts weigh in on what it means to be a nation-state hacker, as well as the activities and motivations of the 'big four' countries attacking the U.S.
-
- April 15, 2021
15 Apr'21
Risk & Repeat: FBI's web shell removal raises questions
The FBI accessed computers -- without the knowledge or consent of the owners -- to remove hundreds of web shells placed in vulnerable Microsoft Exchange servers.
- April 15, 2021
15 Apr'21
Applus inspection systems still down following malware attack
Applus Technologies said it stopped a malware attack two weeks ago, but systems are still down as eight states are forced to extend vehicle inspection dates.
-
Sponsored News
-
Server Security in the Era of ChatGPT
Sponsored by Dell Technologies and Intel - The importance of security and compliance to applications and data environments cannot be overstated. A GenAI platform deployment is different from a typical infrastructure as a service (IaaS) implementation in terms of who holds the keys and who can read the data. Research by TechTarget's Enterprise Strategy Group has found that even cloud-first organizations are deploying some workloads on premises, rather than the cloud, due to concerns related to data governance and sovereignty (cited by 42% of respondents) and security (cited by 34%). These organizations understand the real potential for data leakage associated with GenAI. See More
-
Dell Technologies GenAI-validated Designs and Dell Reference Designs
Sponsored by Dell Technologies and Intel - It's important to have the right infrastructure in place to support generative AI solutions. The intent should be to keep control of both proprietary data and associated GenAI-related business outcomes. See More
-
Sustainability, AI and Dell PowerEdge Servers
Sponsored by Dell Technologies and Intel - When it comes to energy efficiency and sustainability in IT, rightsizing is critical. Optimizing the infrastructure model and the right hardware needed to run it should be the goal. See More
-
A Generative AI Use Case Brought to Life with Solutions from Dell Technologies
Sponsored by Dell Technologies and Intel - Generative AI is not science fiction. It is real. Implementing and using generative AI is a goal within reach of any organization, not just large technology-centric ones. According to research by TechTarget's Enterprise Strategy Group, 92% of organizations will have generative AI in production within the next year. IT vendors such as Dell Technologies are currently working to bring AI to businesses, organizations and institutions in a manner customized to their unique needs. See More
-
- April 15, 2021
15 Apr'21
Nation-state hacker indictments: Do they help or hinder?
While there are some benefits to filing criminal charges against nation-state actors, infosec experts say thus far, indictments haven't reduced cyber attacks.
- April 14, 2021
14 Apr'21
FBI removes web shells from infected Exchange servers
The DOJ announced the FBI had successfully removed hundreds of web shells from computers impacted by ProxyLogon and related Exchange Server vulnerabilities.
- April 13, 2021
13 Apr'21
NSA finds new Exchange Server vulnerabilities
Microsoft said it has not seen the new Exchange Server vulnerabilities being used in attacks against customers, but customers are still advised to patch immediately.
- April 13, 2021
13 Apr'21
McAfee: PowerShell threats grew 208% in Q4 2020
McAfee's latest threat report showed a sharp increase in PowerShell threats between Q3 and Q4 2020, in part due to malware known as Donoff and a rise in ransomware detections.
- April 08, 2021
08 Apr'21
Cring ransomware attacking vulnerable Fortigate VPNs
A vulnerability impacting Fortinet's Fortigate VPN, first disclosed and patched in 2019, is being exploited by Cring ransomware operators to extort bitcoin from enterprises.
-
- April 07, 2021
07 Apr'21
Cisco: Threat actors abusing Slack, Discord to hide malware
The threat intelligence vendor released a new report on how threat actors are increasingly abusing popular collaboration applications like Slack and Discord during the pandemic.
- April 06, 2021
06 Apr'21
Risk & Repeat: Recapping the Exchange Server attacks
This week's Risk & Repeat episode looks back at the Microsoft Exchange Server attacks, plus the questions and mysteries surrounding the ongoing threat.
- April 05, 2021
05 Apr'21
CISA: APTs exploiting Fortinet FortiOS vulnerabilities
Three Fortinet FortiOS vulnerabilities that have been fully patched since last summer are being exploited by advanced persistent threat actors, according to the FBI and CISA.
- April 05, 2021
05 Apr'21
Remote work increases demand for zero-trust security
One year after lockdowns and office closures prompted a massive, hurried move to remote work, many enterprises are reexamining their security posture.
- April 01, 2021
01 Apr'21
Man indicted in Kansas water facility breach
While the attempted tampering of a Kansas water facility occurred more than two years ago, the Justice Department this week indicted a 22-year-old former employee.
- April 01, 2021
01 Apr'21
CISA: U.S. agencies must scan for Exchange Server attacks
CISA has not said whether any federal agencies have been hit by Exchange Server attacks, but the directive requires them to use Microsoft's detection tools to identify threats.
- April 01, 2021
01 Apr'21
DHS: Ransomware poses a national security threat
Ransomware is just one threat DHS Secretary Alejandro Mayorkas discusses during an RSA Conference webcast on the cybersecurity challenges facing the U.S.
- March 30, 2021
30 Mar'21
Mysterious Hades ransomware striking 'big game' enterprises
CrowdStrike reported Hades is tied to Evil Corp, but Awake Labs discovered a possible connection to Hafnium, a Chinese nation-state group behind initial Exchange Server attacks.
- March 30, 2021
30 Mar'21
Feds debate while states act on data privacy laws
As Congress debates its next move on how to regulate big tech, states are already enacting legislation. Their push will likely serve as a model for the federal government.
- March 29, 2021
29 Mar'21
Ransomware negotiations: An inside look at the process
Ransomware negotiators are brought in to communicate with cybercriminals and hopefully arrange less expensive payments. How often do they succeed?
- March 25, 2021
25 Mar'21
Black Kingdom ransomware foiled through Mega password change
The Black Kingdom ransomware targeting Exchange servers uses an unusual encryption key method that was foiled due to a password being changed at cloud storage service Mega.
- March 25, 2021
25 Mar'21
Cyber insurance company CNA discloses cyber attack
Though the nature of the cyber attack is unclear, CNA confirmed the attack caused a network disruption and affected systems such as corporate email and the company's website.
- March 24, 2021
24 Mar'21
Nearly 100,000 web shells detected on Exchange servers
Although Microsoft reported a decrease in the number of vulnerable Exchange servers, new research shows a large amount of malicious web shells hiding inside networks.
- March 23, 2021
23 Mar'21
'Black Kingdom' ransomware impacting Exchange servers
Both ransomware and scareware variants of Black Kingdom have been reported in attacks against vulnerable Exchange servers, but the reason for this remains unclear.
- March 19, 2021
19 Mar'21
Acer hit by apparent attack from REvil ransomware group
Acer told SearchSecurity in a statement that it has 'reported recent abnormal situations observed to the relevant law enforcement.' However, it did not confirm a ransomware attack.
- March 18, 2021
18 Mar'21
FBI IC3 report's ransomware numbers are low, experts say
The FBI's Internet Crime Complaint Center reported a massive increase in financial losses from 2020 ransomware attacks, but infosec experts say the problem is worse than statistics say.
- March 17, 2021
17 Mar'21
SolarWinds hackers stole Mimecast source code
The investigation into a stolen Mimecast-issued digital certificate is now complete, and the vendor said the initial intrusion was Sunburst malware in the SolarWinds Orion platform.
- March 16, 2021
16 Mar'21
RiskIQ: 69,548 Microsoft Exchange servers still vulnerable
Security intelligence vendor RiskIQ found that 69,548 servers remained unpatched as of Sunday and are vulnerable to attacks, with nearly 17,000 servers located in the U.S.
- March 16, 2021
16 Mar'21
Timeline of Microsoft Exchange Server attacks raises questions
Multiple security vendors reported that exploitation of the Microsoft Exchange Server zero-days began well before their disclosure, but researchers are at a loss to explain why.
- March 12, 2021
12 Mar'21
DearCry ransomware impacting Microsoft Exchange servers
While only a small number of DearCry ransomware victims have been reported at this time, the infections have hit organizations in the U.S., Canada, Australia and beyond.
- March 11, 2021
11 Mar'21
After Oldsmar: How vulnerable is US critical infrastructure?
Following the highly publicized breach of a water treatment plant in Oldsmar, Fla., industrial security experts discuss the state of critical infrastructure risk in 2021.
- March 11, 2021
11 Mar'21
Cisco found cryptomining activity within 69% of customers
Cisco found cryptomining malware affected a vast majority of customers in 2020, generating massive amounts of malicious DNS traffic while sucking up precious computing resources.
- March 09, 2021
09 Mar'21
Microsoft Exchange Server attacks: What we know so far
More details continue to emerge since last week's disclosure of zero-day vulnerabilities and attacks on Microsoft Exchange Server, including the broad range of potential victims.
- March 08, 2021
08 Mar'21
Microsoft releases tools as Exchange Server attacks increase
Microsoft said it's seen increased Exchange Server attacks, as well as more threat actors beyond the Chinese state-sponsored Hafnium group conducting attacks.
- March 08, 2021
08 Mar'21
McAfee sells off enterprise business for $4 billion
Less than six months after its IPO, McAfee has agreed to sell its enterprise business to private equity firm Symphony Technology Group and refocus on consumer cybersecurity.
- March 04, 2021
04 Mar'21
Microsoft makes passwordless push in Azure Active Directory
To adapt to security challenges like remote work and increasingly sophisticated threats, Microsoft is building a passwordless ecosystem within Azure Active Directory.
- March 04, 2021
04 Mar'21
Microsoft's security roadmap goes all-in on 365 Defender
Microsoft 365 Defender's new threat analytics feature includes step-by-step reports on attacks, vulnerabilities and more, as well as links to relevant alerts in each report.
- March 04, 2021
04 Mar'21
Okta acquires identity rival Auth0 for $6.5 billion
Okta CEO Todd McKinnon said Auth0 shares his company's vision to establish identity services as one of the 'primary clouds' for enterprises, such as IaaS and collaboration.
- March 03, 2021
03 Mar'21
Microsoft Exchange Server zero-days exploited in the wild
Both the Cybersecurity and Infrastructure Security Agency and National Security Agency advise patching the Exchange Server zero-days immediately.
- March 03, 2021
03 Mar'21
Accellion FTA attacks claim more victims
More details have emerged about the Accellion FTA attacks since the December disclosure, including possible threat groups behind the breach and a growing list of victims.
- March 01, 2021
01 Mar'21
Chinese threat group 'RedEcho' targeting Indian power grid
The Chinese nation-state actor's targets include 10 different Indian power sector organizations, but Recorded Future said there's no evidence RedEcho triggered blackouts.
- February 26, 2021
26 Feb'21
Risk & Repeat: Inside the SolarWinds Senate hearing
This week's Senate Intelligence Committee hearing on SolarWinds tackled the attribution case against Russian state-sponsored hackers, as well as questions for AWS.
- February 25, 2021
25 Feb'21
Vastaamo breach, bankruptcy indicate troubling trend
The blackmailing of patients directly, as well as the resulting bankruptcy of Vastaamo Psychotherapy Centre, could single a shift in cyber crime tactics.
- February 24, 2021
24 Feb'21
Senate hearing: SolarWinds evidence points to Russia
Executives from Microsoft and FireEye said that there was substantial evidence pointing to Russia's role in the SolarWinds attack and no evidence found leading anywhere else.
- February 24, 2021
24 Feb'21
Dragos: ICS security threats grew threefold in 2020
A new report highlights the challenges facing ICS vendors today, including practices that are geared toward traditional IT and not designed for ICS security.
- February 22, 2021
22 Feb'21
Chinese APT used stolen NSA exploit for years
Check Point's report details how a zero-day exploit credited to a Chinese nation-state threat group "is in fact a replica of an Equation Group exploit code-named 'EpMe.'"
- February 18, 2021
18 Feb'21
White House: 100 companies compromised in SolarWinds hack
The White House discussed its response to the SolarWinds attacks, which so far have compromised nine federal agencies and approximately 100 private sector companies.
- February 17, 2021
17 Feb'21
Wide net cast on potential Accellion breach victims
While Accellion fixed the zero-day vulnerability within 72 hours and said the breach affected 'less than 50 customers,' the attack's impact has expanded two weeks after the disclosure.
- February 17, 2021
17 Feb'21
DOJ indicts additional WannaCry conspirators
The unsealed indictments accuse three individuals of being part of a hacking group, known as APT38 or Lazarus Group, within a North Korean military intelligence agency.
- February 17, 2021
17 Feb'21
Risk & Repeat: SolarWinds and the hacking back debate
This week's Risk & Repeat podcast looks at a recent '60 Minutes' episode that discussed the possibility of the U.S. government hacking back in response to the SolarWinds attacks.
- February 12, 2021
12 Feb'21
Risk & Repeat: Oldsmar water plant breach raises concerns
This week's Risk & Repeat podcast looks at how an unknown threat actor used TeamViewer to manipulate chemical levels in a water treatment facility in Oldsmar, Fla.
- February 11, 2021
11 Feb'21
Oldsmar water plant computers shared TeamViewer password
In addition to the advisory published by Massachusetts officials, the FBI issued a private industry notification Tuesday that referenced poor password security.
- February 10, 2021
10 Feb'21
Researcher used open source supply chain to breach tech giants
Security researcher Alex Birsan breached several major tech companies, including Microsoft and Apple, through a novel technique that manipulated open source supply chains.
- February 09, 2021
09 Feb'21
Florida city's water nearly poisoned in TeamViewer attack
The intruder increased the quantity of sodium hydroxide in the water from 100 parts per million to 11,100 parts per million briefly before a water plant operator fixed it.
- February 09, 2021
09 Feb'21
Ninety percent of dark web hacking forum posts come from buyers
Positive Technologies built a picture of dark web hacking forums via data from the 10 active forums and over 8 million users, though the veracity of such posts remains unclear.
- February 08, 2021
08 Feb'21
Microsoft, SolarWinds in dispute over nation-state attacks
The latest investigation updates from SolarWinds and Microsoft offer differing views on how nation-state threat actors compromised SolarWinds' environment.
- February 05, 2021
05 Feb'21
Risk & Repeat: Diving into the dark web
This week's Risk & Repeat podcast discusses the state of the dark web in 2021, how it has changed and what enterprises should know about the threats that exist there.
- February 04, 2021
04 Feb'21
SolarWinds Office 365 environment compromised
SolarWinds CEO Sudhakar Ramakrishna said nation-state threat actors first compromised a single email account and later gained access to the company's Orion platform environment.
- February 02, 2021
02 Feb'21
SonicWall confirms zero-day vulnerability on SMA 100 series
After testing NCC Group's findings, SonicWall 'confirmed their submission as a critical zero-day in the SMA 100 series 10.x code, and are tracking it as SNWLID-2021-0001.'
- February 02, 2021
02 Feb'21
How a social engineering campaign fooled infosec researchers
Impersonation tactics in social engineering attacks have become so elaborate that even highly aware members of the infosec community can fall victim to them.
- February 01, 2021
01 Feb'21
The dark web in 2021: Should enterprises be worried?
SearchSecurity spoke with multiple experts to find out how the dark web has changed, what the security risks are for enterprises and the value of dark web monitoring services.
- January 28, 2021
28 Jan'21
DOJ charges suspect in NetWalker ransomware attacks
The Department of Justice launched a coordinated effort to disrupt the notorious ransomware operation, which has infected healthcare organizations during the COVID-19 pandemic.
- January 27, 2021
27 Jan'21
Emotet taken down in global law enforcement operation
Ukraine's National Police said two citizens of Ukraine face up to 12 years in prison for their role in maintaining and operating Emotet, and other suspects have been identified.
- January 26, 2021
26 Jan'21
Mimecast certificate compromised by SolarWinds hackers
Mimecast conducted an investigation after being alerted by Microsoft that a certificate for Microsoft 365 Exchange Web Services authentication was stolen by a sophisticated actor.
- January 26, 2021
26 Jan'21
Zero trust 2.0: Google unveils BeyondCorp Enterprise
BeyondCorp Enterprise, which replaces Google's BeyondCorp Remote Access, uses the Chrome browser to extend the zero-trust platform to customers for continuous authentication.
- January 26, 2021
26 Jan'21
Akamai: Extortion attempts increase in DDoS attacks
New research from Akamai Technologies shows record-breaking DDoS attacks surged in 2020 while extortion-related campaigns against a variety of targets also increased.
- January 25, 2021
25 Jan'21
SonicWall breached through 'probable' zero-day vulnerabilities
SonicWall's internal systems were breached, and the company is investigating its Secure Mobile Access (SMA) 100 series, a remote access product for SMBs, as a possible vector.
- January 20, 2021
20 Jan'21
FireEye releases new tool to fight SolarWinds hackers
The new tool, dubbed Azure AD Investigator, will help audit Microsoft 365 environments for techniques used by the nation-state actors behind the SolarWinds supply chain attack.
- January 19, 2021
19 Jan'21
SolarWinds supply chain attack explained: Need-to-know info
The SolarWinds supply chain breach is the talk of the town -- and will be for months and years to come. Get informed and be part of the conversation with our guide.
- January 19, 2021
19 Jan'21
Malwarebytes breached by SolarWinds hackers
Malwarebytes, which is not a SolarWinds customer, confirmed that nation-state actors used an entirely different vector to breach the antimalware vendor and access internal emails.
- January 19, 2021
19 Jan'21
FBI warns against vishing attacks targeting enterprises
Though the FBI vishing warning references attacks that began in December 2019, the alert is reminiscent of the Twitter social engineering attacks that took place last July.
- January 14, 2021
14 Jan'21
Tenable: Vulnerability disclosures skyrocketed over last 5 years
New research from Tenable shows a dramatic increase in vulnerability disclosures since 2015, as well as concerning data about data breaches, ransomware threats and unpatched bugs.
- January 12, 2021
12 Jan'21
Capitol building breach poses cybersecurity risks
While security experts are divided on the level of risk, they agree there is a potential for threats after rioters stormed the Capitol building and ransacked offices.
- January 12, 2021
12 Jan'21
SolarWinds confirms supply chain attack began in 2019
SolarWinds and CrowdStrike published updates Monday that added new information for the timeline of the supply chain attack and how threat actors first gained access.
- January 11, 2021
11 Jan'21
5 cybersecurity vendors to watch in 2021
Despite the COVID-19 pandemic and economic setbacks, 2020 was another big year for investments in cybersecurity vendors. Here are five startups that stood out from the crowd.
- January 07, 2021
07 Jan'21
Defending against SolarWinds attacks: What can be done?
While no defense is guaranteed, zero-trust access and behavioral monitoring can be useful against nation-state hackers and threats like the SolarWinds attacks.
- January 06, 2021
06 Jan'21
The SolarWinds attacks: What we know so far
The SolarWinds attacks have left a massive impact on security, tech and the world at large, and events are still unfolding nearly a month after the initial disclosure.
- January 05, 2021
05 Jan'21
10 of the biggest cyber attacks of 2020
Here is a list of 10 of the largest cyber attacks of a pandemic-dominated 2020, including several devastating ransomware incidents and a massive supply chain attack.
- January 04, 2021
04 Jan'21
Ransomware 'businesses': Does acting legitimate pay off?
Ransomware gangs such as Maze have portrayed themselves almost like penetration testing firms and referred to victims as 'clients.' What's behind this approach?
- December 23, 2020
23 Dec'20
Security measures critical for COVID-19 vaccine distribution
The COVID-19 vaccine supply chain is already under attack, which comes as no surprise to experts. The biggest potential threats, however, are still to come.
- December 21, 2020
21 Dec'20
SolarWinds backdoor infected tech giants, impact unclear
Reports that technology giants were also affected by the SolarWinds backdoor malware have been confirmed by several major vendors, though there's no evidence they were breached.
- December 18, 2020
18 Dec'20
Risk & Repeat: SolarWinds backdoor shakes infosec industry
This week's Risk & Repeat podcast discusses the latest developments around the devastating SolarWinds backdoor attacks, which impacted several U.S. government agencies.
- December 17, 2020
17 Dec'20
CISA: SolarWinds backdoor attacks are 'ongoing'
A joint statement from the FBI, CISA and Office of the Director of National Intelligence says the SolarWinds backdoor attacks are 'ongoing' and have comprised federal agencies.
- December 17, 2020
17 Dec'20
Microsoft, FireEye create kill switch for SolarWinds backdoor
The kill switch follows several other moves Microsoft made against the malware, including the removal of digital certificates and quarantining the malware in Windows Defender.
- December 16, 2020
16 Dec'20
SolarWinds struggles with response to supply chain attack
Security researchers discovered the Orion DLL component containing the backdoor used was still present in updates on SolarWinds' website as recently as Monday night.
- December 16, 2020
16 Dec'20
SolarWinds breach highlights dangers of supply chain attacks
While the scope of the breach is still unknown, the cyber attack on SolarWinds shows what can happen when sophisticated attackers target just one link of a software supply chain.
- December 14, 2020
14 Dec'20
SolarWinds backdoor used in nation-state cyber attacks
Nation-state hackers conducted a supply chain attack on SolarWinds and planted a backdoor in software updates issued to customers such as FireEye and various government agencies.
- December 11, 2020
11 Dec'20
FBI, CISA warn of growing ransomware attacks on K-12 schools
The FBI and the Cybersecurity and Infrastructure Security Agency warned that cyber attacks targeting K-12 schools are expected to continue through the 2020 - 2021 school year.
- December 09, 2020
09 Dec'20
FireEye red team tools stolen in cyber attack
While no zero-day exploits were included in the red team tools, FireEye released detection rules and known vulnerabilities to help organizations defend themselves.
- December 08, 2020
08 Dec'20
Forescout reports 33 new TCP/IP vulnerabilities
The lack of consistent updates (and the open source nature of the stacks) make the Amnesia:33 vulnerabilities difficult to fix as well as make it difficult to comprehend the full impact.
- December 08, 2020
08 Dec'20
New Microsoft Teams RCE vulnerability also wormable
In his GitHub post, researcher Oskars Vegeris discussed Microsoft classifying the vulnerability as 'Important' rather than 'Critical,' despite it being exploitable via RCE.
- December 08, 2020
08 Dec'20
Salesforce advised users to skip Chrome browser updates
Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps.
- December 07, 2020
07 Dec'20
Russian state-sponsored hackers exploit VMware vulnerability
The NSA issued a cybersecurity advisory warning government agencies to mitigate as soon as possible, as the vulnerability was disclosed and patched last week.
- December 03, 2020
03 Dec'20
Updated Trickbot malware threatens firmware security
Despite recent takedown efforts, the operators behind the malicious botnet are back with a new module called 'TrickBoot' that detects UEFI/BIOS firmware vulnerabilities.
- December 01, 2020
01 Dec'20
Ransomware attack shuts down Baltimore County schools
Ransomware incapacitated Baltimore County Public Schools' network just before Thanksgiving, but the school system said students' Chromebooks and Google accounts were not impacted.
- December 01, 2020
01 Dec'20
Online education vendor K12 hit with ransomware, pays ransom
A spokesperson for K12 told SearchSecurity that based on the current status of the investigation, the attack did not affect student devices or school networks.
- November 20, 2020
20 Nov'20
Risk & Repeat: Christopher Krebs out as CISA director
This week's Risk & Repeat podcast discusses President Trump's firing of CISA Director Christopher Krebs, which was a controversial move in the infosec community.
- November 19, 2020
19 Nov'20
White House questions election security; experts do not
A number of infosec experts, election officials and government agencies say Election Day was free from hacking and cyber attacks, but the White House disagrees.
- November 18, 2020
18 Nov'20
President Trump fires CISA director Christopher Krebs
President Trump fired Krebs as director of CISA after the agency pushed back on unfounded accusations about widespread voter fraud and voting system hacks during the election.
- November 18, 2020
18 Nov'20
Sophos: Ransomware 'heavyweights' demand sky-high payments
Sophos principal research scientist Chet Wisniewski explains the presence of 'weight classes' in ransomware and offers his thoughts on its future.