News
News
- November 17, 2020
17 Nov'20
CrowdStrike: Ransomware hit 56% of organizations in last year
A new survey from CrowdStrike revealed more than half of 2,200 respondents' organizations were hit with a ransomware attack at least once in the past 12 months.
- November 13, 2020
13 Nov'20
Risk & Repeat: 2020 election security in review
This week's Risk & Repeat podcast looks back at the 2020 election, which was free of major cyber attacks or hacks but has seen a rise in disinformation campaigns online.
- November 12, 2020
12 Nov'20
25,000 criminal reports: Vastaamo breach sets new precedent
The recent data breach at the Vastaamo Psychotherapy Centre in Finland shows threat actors are willing to threaten and extort patients directly, setting a dangerous new precedent.
-
- November 12, 2020
12 Nov'20
Life after Maze: Is Egregor ransomware next?
Cybersecurity experts have noted similarities between newly discovered Egregor ransomware and the now-defunct Maze, but it's unclear whether the same threat actors are involved.
- November 11, 2020
11 Nov'20
Palo Alto Networks buys Expanse for $800 million
Palo Alto Networks continued its acquisition spree with an agreement to purchase San Francisco-based security vendor Expanse, which specializes in attack surface management.
-
Sponsored News
-
Server Security in the Era of ChatGPT
Sponsored by Dell Technologies and Intel - The importance of security and compliance to applications and data environments cannot be overstated. A GenAI platform deployment is different from a typical infrastructure as a service (IaaS) implementation in terms of who holds the keys and who can read the data. Research by TechTarget's Enterprise Strategy Group has found that even cloud-first organizations are deploying some workloads on premises, rather than the cloud, due to concerns related to data governance and sovereignty (cited by 42% of respondents) and security (cited by 34%). These organizations understand the real potential for data leakage associated with GenAI. See More
-
Dell Technologies GenAI-validated Designs and Dell Reference Designs
Sponsored by Dell Technologies and Intel - It's important to have the right infrastructure in place to support generative AI solutions. The intent should be to keep control of both proprietary data and associated GenAI-related business outcomes. See More
-
Sustainability, AI and Dell PowerEdge Servers
Sponsored by Dell Technologies and Intel - When it comes to energy efficiency and sustainability in IT, rightsizing is critical. Optimizing the infrastructure model and the right hardware needed to run it should be the goal. See More
-
A Generative AI Use Case Brought to Life with Solutions from Dell Technologies
Sponsored by Dell Technologies and Intel - Generative AI is not science fiction. It is real. Implementing and using generative AI is a goal within reach of any organization, not just large technology-centric ones. According to research by TechTarget's Enterprise Strategy Group, 92% of organizations will have generative AI in production within the next year. IT vendors such as Dell Technologies are currently working to bring AI to businesses, organizations and institutions in a manner customized to their unique needs. See More
-
- November 09, 2020
09 Nov'20
CISA: No election hacking, but plenty of misinformation
Election Day in the U.S. occurred with no evidence of cyber attacks or voting machine hacks, but CISA has its hands full with disinformation and conspiracy theories.
- November 04, 2020
04 Nov'20
SaltStack discloses critical vulnerabilities, urges patching
The SaltStack vulnerabilities, disclosed Tuesday, allow remote attackers to execute arbitrary code on affected installations of the popular open source software.
- November 02, 2020
02 Nov'20
Maze gang shuts down its ransomware operation
Maze ransomware has shut down, according to an announcement it posted Sunday, although some evidence suggests that Maze operators have resumed attacks under a different name.
- October 29, 2020
29 Oct'20
FBI, CISA warn of impending ransomware attacks on hospitals
Trickbot and Ryuk ransomware actors are targeting hospitals and other healthcare providers, according to a joint cybersecurity advisory from the CISA and the FBI.
- October 28, 2020
28 Oct'20
Ping Identity launches passwordless authentication system
Ping's new suite of authentication features looks to secure accounts and login processes by eliminating the need for usernames and passwords, which are often reused and an easy target.
-
- October 28, 2020
28 Oct'20
'Lives at stake': How ransomware impacts hospitals
Some ransomware gangs pledged to not target medical facilities during the COVID-19 pandemic, but hospitals are still getting hit. And the attacks affect more than just IT systems.
- October 27, 2020
27 Oct'20
Mitre ATT&CK: How it has evolved and grown
Adoption of the Mitre ATT&CK framework, which saw version 8.0 released Tuesday, has grown rapidly over the last years, though challenges still remain for enterprise users.
- October 22, 2020
22 Oct'20
Iranian hackers pose as far-right group to threaten U.S. voters
The FBI said Russia and Iran have obtained voter information, and Iranian hackers have also been sending threatening emails to voters that appeared to be from a far-right group.
- October 22, 2020
22 Oct'20
McAfee launches IPO, raises $620 million
McAfee has returned to Wall Street, which comes months after the endpoint security vendor's previous CEO, Christopher Young, was replaced by Peter Leav in January.
- October 21, 2020
21 Oct'20
Microsoft: 94% of Trickbot's infrastructure disabled
In a new blog post, Microsoft said its legal takedown last week, which sought to decrease Trickbot activity, disabled the vast majority of the botnet's servers.
- October 21, 2020
21 Oct'20
NSA issues advisory against Chinese state-sponsored hackers
Among the 25 vulnerabilities listed in the NSA advisory, numerous were critical and carried a CVSS score either at or close to 10, the highest possible.
- October 20, 2020
20 Oct'20
NSS Labs ceases operations amid financial turmoil
Product testing firm NSS Labs shut down last week, citing negative effects of COVID-19, but former employees say the company's troubles started well before the pandemic.
- October 20, 2020
20 Oct'20
After a brief pause, Trickbot rebounds from takedown efforts
Attempts to disrupt the notorious Trickbot botnet, most recently through Microsoft's legal takedown, have proven short-lived as ransomware attacks have resumed.
- October 19, 2020
19 Oct'20
Combating disinformation campaigns ahead of 2020 election
As the 2020 election approaches, more focus needs to be on overcoming disinformation campaigns that manipulate voters as they vote early or head to the polls on Election Day.
- October 14, 2020
14 Oct'20
Blockchain or bust? Experts debate applications for elections
Blockchain has been proposed as a solution for security issues around e-voting. But some infosec experts are skeptical that the technology is the right fit for U.S. elections.
- October 13, 2020
13 Oct'20
Trickbot takedown: Will it make a dent in ransomware attacks?
A court order allowed Microsoft and several partners to take down the Trickbot botnet, which is commonly used to deploy ransomware, but it's unclear how long the impact will last.
- October 12, 2020
12 Oct'20
Hackers exploit Netlogon flaw to attack government networks
CISA issued an alert stating those government networks that were targeted by the APT were close to election systems and the activity may pose some risk to those systems.
- October 08, 2020
08 Oct'20
Should ransomware payments be banned? Experts weigh in
Two events -- a new advisory and what might be the first ransomware-related death -- have reignited the debate of whether ransomware payments should be banned.
- October 07, 2020
07 Oct'20
Raccine: A ransomware 'vaccine' with a few catches
Raccine, an open source 'vaccine,' prevents ransomware threat actors from using a Windows utility to delete shadow copies of a system's data, but there are a few drawbacks.
- October 07, 2020
07 Oct'20
Ping acquires blockchain identity startup ShoCard
Ping accelerated its push into the personal identity management market with the acquisition of ShoCard, which uses a blockchain-based platform to manage consumer identities.
- October 05, 2020
05 Oct'20
Surge in ransomware attacks threatens student data
Ransomware attacks are not the only threats facing K-12 schools during the COVID-19 pandemic. Cybercriminals are stealing and exposing students' personal data as well.
- October 01, 2020
01 Oct'20
Potential ransomware-related death still under investigation
German authorities say they are still investigating the death of a patient in connection with a ransomware attack on Düsseldorf University Hospital in Germany last month.
- September 28, 2020
28 Sep'20
Ivanti makes double acquisition of MobileIron, Pulse Secure
Ivanti will acquire all outstanding shares of MobileIron stock for approximately $872 million. The financial terms of Pulse Secure's acquisition were not disclosed.
- September 28, 2020
28 Sep'20
IBM: Ransomware attacks surged in Q2, ransom demands rising
IBM Security examined several concerning ransomware for this year, as well as an exponential increase in ransom demands and massive spike in attacks during the spring.
- September 24, 2020
24 Sep'20
Microsoft detects Netlogon vulnerability exploitation in the wild
While Microsoft released a patch last month for the Netlogon flaw, the company said it detected threat actors using exploits for the critical vulnerability.
- September 24, 2020
24 Sep'20
Shopify discloses data breach caused by insider threats
Canadian e-commerce company Shopify disclosed a data breach involving two insider threats, but questions remain about the breach and how it was discovered.
- September 23, 2020
23 Sep'20
FBI: Disinformation attacks on election results 'likely'
Foreign threat actors and cybercriminals are "likely" to spread disinformation around 2020 election results through social media and also alter election-related websites.
- September 23, 2020
23 Sep'20
ConnectWise launches bug bounty program to boost security
ConnectWise, which provides remote management software to MSPs, partnered with HackerOne in its first bug bounty program, which is part of a larger strategy to improve security.
- September 21, 2020
21 Sep'20
Cyber attacks on schools increasing amid remote learning shift
The pandemic forced schools to make a quick transition to remote learning with little resources and weak security postures, and threat actors have increased their attacks.
- September 17, 2020
17 Sep'20
Gartner: Paying after ransomware attacks carries big risks
The average cost of a ransomware payment in Q1 2020 was $178,254, according to a session at Gartner's Security & Risk Management Summit -- and that doesn't include downtime cost.
- September 17, 2020
17 Sep'20
Maze ransomware gang uses VMs to evade detection
A Sophos investigation into a Maze ransomware attack revealed that threat actors borrowed an attack technique pioneered by Ragnar Locker operators earlier this year.
- September 16, 2020
16 Sep'20
Gartner: Securing remote workforce a top priority
In a COVID-19 pandemic world with new security threats and risks emerging, Gartner analysts discussed the urgency of securing access and devices for remote employees.
- September 15, 2020
15 Sep'20
Gartner: Privileged access management a must in 2020
Gartner's 2020 Security & Risk Management Summit focused on the importance of privileged access management to cybersecurity as threat actors increasingly target admin credentials.
- September 10, 2020
10 Sep'20
Disinformation, mail-in ballots top election security concerns
While there have been no major cyberattacks this election season, threat actors are waging disinformation campaigns around hot-button issues like mail-in ballots.
- September 09, 2020
09 Sep'20
Intel patches critical flaw in Active Management Technology
Intel's Patch Tuesday featured four security advisories, including a critical flaw in Active Management Technology that could allow an attacker privilege escalation.
- September 03, 2020
03 Sep'20
CISA issues vulnerability disclosure order for federal agencies
The U.S. Cybersecurity and Infrastructure Security Agency gives a directive for federal agencies to establish vulnerability disclosure policies in the next 180 calendar days.
- September 02, 2020
02 Sep'20
CISA and FBI say there have been no hacks on voter databases
After a false Russian news report circulated on the internet, CISA and the FBI released a joint statement that denied any hacks to election security.
- September 01, 2020
01 Sep'20
Big ransomware attacks overshadowing other alarming trends
Large ransomware attacks on major enterprises have dominated the news, but security experts say there are other alarming trends.
- August 31, 2020
31 Aug'20
Cisco issues alert for zero-day vulnerability under attack
Cisco discovered attempted exploitation of a high-severity vulnerability found in the IOS XR software used in some of its networking equipment.
- August 31, 2020
31 Aug'20
The Uber data breach cover-up: A timeline of events
The criminal charges against former Uber CSO Joe Sullivan were the latest development in the ongoing scandal over the ride-sharing company's concealment of a 2016 data breach.
- August 27, 2020
27 Aug'20
North Korea's 'BeagleBoyz' target banks with ATM cash-out attacks
The U.S. Government issued a joint alert for an ATM cash-out scheme run by a newly identified North Korean nation-state hacking group known as 'BeagleBoyz.'
- August 27, 2020
27 Aug'20
Maze ransomware 'cartel' expands with new members
Two more ransomware groups have apparently joined the Maze 'cartel' in an effort to expose victims' data on leak sites and shame them into paying expensive ransoms.
- August 25, 2020
25 Aug'20
'Meow' attacks top 25,000 exposed databases, services
One month after the notorious 'meow' attacks were first detected, the threat to misconfigured databases exposed on the internet shows little sign of slowing down.
- August 24, 2020
24 Aug'20
FBI and CISA issue vishing campaign warning
The FBI and CISA have issued a joint advisory related to a vishing campaign that began in mid-July, with numerous attacks that gained access to corporate VPN credentials.
- August 21, 2020
21 Aug'20
Claroty: 70% of ICS vulnerabilities are remotely exploitable
Out of 365 ICS vulnerabilities that were disclosed by the National Vulnerability Database in the first half of 2020, Claroty found more than 70% can be remotely exploited.
- August 21, 2020
21 Aug'20
Former Uber CSO charged over 'hush money' payment to hackers
Joe Sullivan, who was fired by Uber in 2017, was charged by federal prosecutors for allegedly covering up a massive 2016 data breach at the ride-sharing company.
- August 18, 2020
18 Aug'20
Apache Struts vulnerabilities allow remote code execution, DoS
The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities that were originally patched but not fully disclosed last fall.
- August 17, 2020
17 Aug'20
Email enigma: Why is Canada hit with so many phishing attacks?
Canada has become an increasingly popular target for phishing attacks, according to several security vendors, but the reasons for the increase remain a mystery.
- August 14, 2020
14 Aug'20
Risk & Repeat: Black Hat 2020 highlights
This week's Risk & Repeat podcast recaps Black Hat USA 2020 and discusses some of the best sessions, worst vulnerabilities and the overall virtual conference experience.
- August 12, 2020
12 Aug'20
Kaspersky reveals 2 Windows zero-days from failed attack
Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer.
- August 11, 2020
11 Aug'20
Healthcare CISO offers alternatives to 'snake oil' companies
Indiana University Health CISO Mitchell Parker discussed internal risk assessments, security snake oil salesmen and more at his Black Hat USA 2020 talk.
- August 10, 2020
10 Aug'20
Games, not shame: Why security awareness training needs a makeover
Elevate Security co-founder Masha Sedova spoke at Black Hat USA 2020 about why traditional security awareness training is ineffective and fails to change risky behavior.
- August 07, 2020
07 Aug'20
10 years after Stuxnet, new zero-days discovered
A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020.
- August 07, 2020
07 Aug'20
Not just politics: Disinformation campaigns hit enterprises, too
In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises.
- August 06, 2020
06 Aug'20
Voting vendor ES&S unveils vulnerability disclosure program
Election Systems & Software, the biggest vendor of U.S. voting equipment, will allow the security researcher community to test its elections equipment for vulnerabilities.
- August 06, 2020
06 Aug'20
CISA chief: Ransomware could threaten election security
During a Black Hat USA 2020 session, CISA Chief Christopher Krebs said ransomware attacks on city, state and local governments are a major concern for election security.
- August 06, 2020
06 Aug'20
Ripple20 vulnerabilities still plaguing IoT devices
Months after Ripple20 vulnerabilities were reported, things haven't gotten much better, say experts at Black Hat USA 2020. In fact, the world may never be fully rid of the flaws.
- August 05, 2020
05 Aug'20
Matt Blaze warns of election security challenges amid COVID-19
In his Black Hat USA 2020 keynote, security researcher Matt Blaze discussed the challenges facing U.S. elections this year and what must be done to solve them.
- August 04, 2020
04 Aug'20
Twitter breach raises concerns over phone phishing
The alleged mastermind behind the Twitter breach has been arrested, and the method of social engineering attack has also been revealed: phone phishing, or vishing.
- August 04, 2020
04 Aug'20
Risk & Repeat: Sophos warns of evolving ransomware threats
Dan Schiappa and Chester Wisniewski of Sophos join the Risk & Repeat podcast to discuss how ransomware groups are evolving and embracing innovative evasion techniques.
- July 30, 2020
30 Jul'20
'Meow' attacks continue, thousands of databases deleted
More than one week later, the mysterious attacks on insecure databases on ElasticSearch, MongoDB and others have not only persisted but grown, with no explanation.
- July 29, 2020
29 Jul'20
'BootHole' bug puts most Linux, Windows systems in jeopardy
Hardware security vendor Eclypsium discovered a bootloader vulnerability that bypasses Secure Boot protection and affects a majority of modern Linux and Windows systems.
- July 29, 2020
29 Jul'20
IBM: Compromised credentials led to higher data breach costs
The average total cost of a data breach is $3.86 million, according to new research from IBM and the Ponemon Institute, and compromised credentials are the biggest reason why.
- July 27, 2020
27 Jul'20
Emotet botnet hacked, malware replaced with humorous GIFs
Malware distribution network Emotet has been hacked by a potential threat actor of unknown origin, with malware payloads now being replaced with GIFs of James Franco and others.
- July 27, 2020
27 Jul'20
Digital ad networks tied to malvertising threats -- again
Adsterra and Propeller Ads were implicated in past malvertising threats such the Master134 campaign. Now the two ad networks are linked to new malicious activity.
- July 23, 2020
23 Jul'20
'Meow' attacks wipe more than 1,000 exposed databases
A new threat has hit more than 1,000 unsecured databases on ElasticSearch, MongoDB and other platforms, destroying data and replacing files with a single word: meow.
- July 23, 2020
23 Jul'20
Microsoft unveils new DLP, 'Double Key Encryption' offerings
Microsoft revealed new security products and features this week, including an Endpoint Data Loss Prevention product as well as "Double Key Encryption" for Microsoft 365.
- July 23, 2020
23 Jul'20
Evasive phishing campaign hid inside Google cloud services
A new report by Check Point Software Technologies revealed attackers were abusing Google Cloud Functions to hide their phishing links within public cloud services.
- July 20, 2020
20 Jul'20
Twitter breach caused by social engineering attack
Twitter was breached last Wednesday though a social engineering attack. Forty-five accounts were hijacked and up to eight accounts may have had their private messages stolen.
- July 17, 2020
17 Jul'20
'SigRed' alert: Experts urge action on Windows DNS vulnerability
Experts are urging organizations to take immediate action on SigRed, a 17-year-old Windows DNS server vulnerability discovered by Check Point Research and patched by Microsoft.
- July 17, 2020
17 Jul'20
Identity theft subscription services uncovered on dark web
Identity theft subscriptions are now being offered on the dark web. This information is being used for carding operations, account generation and other cybercrime schemes.
- July 17, 2020
17 Jul'20
Risk & Repeat: Twitter breach leads to account hijacking
This week's Risk & Repeat podcast discusses how threat actors gained access to Twitter's internal systems and hijacked the accounts of Jeff Bezos, Bill Gates and others.
- July 15, 2020
15 Jul'20
Advent, Forescout bury the hatchet with new acquisition deal
Despite an ugly legal dispute and allegations of channel stuffing, Advent International and Forescout Technologies are moving forward with an amended acquisition agreement.
- July 15, 2020
15 Jul'20
Attackers find new way to exploit Docker APIs
Aqua Security released research detailing a new tactic where the attacker exploits a misconfigured Docker API port in order to build and run a malicious container image on the host.
- July 15, 2020
15 Jul'20
Citrix data exposed in third-party breach
Citrix CISO Fermin Serna said a third-party organization is investigating a data breach after some of the vendor's customer data ended up on a dark web marketplace.
- July 13, 2020
13 Jul'20
RSA finds two-thirds of phishing attacks directed at Canada
RSA Security researchers found that nearly 70% of phishing attacks were directed at users in Canada, while the majority of attacks come from U.S.-based ISPs and hosting providers.
- July 10, 2020
10 Jul'20
Cybercriminals auction off admin credentials for $3,000
Threat actors are auctioning off domain administrator accounts, selling access to the highest bidder for an average of $3,139 and up to $140,000, according to Digital Shadows.
- July 09, 2020
09 Jul'20
Data theft in ransomware attacks may change disclosure game
Many ransomware attacks aren't publicly disclosed. But as ransomware gangs continue to steal, encrypt and threaten to publicly release data, that may be changing.
- July 08, 2020
08 Jul'20
Microsoft seizes malicious domains used in COVID-19 phishing
Microsoft went to court to seize several malicious domains that were used by cybercriminals in extensive phishing and BEC attacks on Office 365 accounts amid the current pandemic.
- July 06, 2020
06 Jul'20
Critical F5 Networks vulnerability under attack
A critical remote code execution vulnerability that was disclosed and patched just days ago is already being exploited by threat actors.
- July 01, 2020
01 Jul'20
Microsoft fixes Windows Codecs flaws with emergency patches
Microsoft addressed two vulnerabilities, one rated critical and the other rated important, after being alerted by a researcher with Trend Micro's Zero Day Initiative.
- July 01, 2020
01 Jul'20
Snake ransomware poses unique danger to industrial systems
The new ransomware family known as Snake, or Ekans, is designed for organizations with industrial control systems and has already struck at least two enterprises.
- June 29, 2020
29 Jun'20
Record-setting DDoS attacks indicate troubling trend
Akamai Technologies recently mitigated two of the largest DDoS attacks ever recorded on its platform, including a massive 809 million packets per second attack against a bank.
- June 26, 2020
26 Jun'20
Maze ransomware hit biggest target yet with LG breach
The operators of Maze ransomware claim to have breached LG, offering three screenshots as proof. One of those screenshots features LG product source code.
- June 25, 2020
25 Jun'20
Open source vulnerabilities down 20% in 2019
Snyk recently released its fourth annual 'State of Open Source Security' report, which analyzed open source statistics, vulnerability trends and security culture.
- June 23, 2020
23 Jun'20
MSPs scramble to bolster security amid ransomware spike
After a flurry of devastating ransomware attacks in 2019, MSPs and vendor partners are improving security to prevent history from repeating during the pandemic.
- June 22, 2020
22 Jun'20
Microsoft acquires CyberX to strengthen IoT security offering
Microsoft is acquiring CyberX to boost its IoT security offerings, though it's unknown whether CyberX will remain a separate entity or be integrated into Microsoft.
- June 19, 2020
19 Jun'20
Risk & Repeat: Vault 7 report slams CIA security practices
This week's Risk & Repeat podcast discusses the CIA's internal task force report on the Vault 7 leak, which blasted the agency for a variety of serious security lapses.
- June 18, 2020
18 Jun'20
New Cisco Webex vulnerability exposes authentication tokens
Trustwave SpiderLabs researchers disclosed a vulnerability in Cisco Webex software that leaks information stored in memory, including authentication tokens.
- June 16, 2020
16 Jun'20
ZDI drops 10 zero-day vulnerabilities in Netgear router
Trend Micro's Zero Day Initiative published 10 vulnerabilities in Netgear's R6700 router that have gone unpatched for seven months.
- June 16, 2020
16 Jun'20
CIA unaware of Vault 7 theft until WikiLeaks dump
An internal CIA report from the Wikileaks Task Force blasted the agency over the leak of the Vault 7 cyberweapons, which exposed dangerous hacking tools and vulnerabilities.
- June 16, 2020
16 Jun'20
Repeat ransomware attacks: Why organizations fall victim
Some organizations get hit with ransomware multiple times. Threat researchers explain why repeat attacks happen and how victims can prevent it from occurring again.
- June 11, 2020
11 Jun'20
Italian company implicated in GuLoader malware attacks
While analyzing the network dropper GuLoader, researchers found an almost identical commercial software tool called CloudEye offered by a legitimate-looking Italian company.
- June 10, 2020
10 Jun'20
New 'Thanos' ransomware weaponizes RIPlace evasion technique
Recorded Future's Insikt Group uncovered a new ransomware-as-a-service tool named 'Thanos' that's the first ransomware to use the hard-to-detect RIPlace technique.
- June 10, 2020
10 Jun'20
Maze ransomware builds 'cartel' with other threat groups
Operators behind the Maze ransomware posted data leaks from competing ransomware gangs to their victim shaming website, suggesting they have joined forces.