News
News
- November 01, 2023
01 Nov'23
Risk & Repeat: Breaking down SEC charges against SolarWinds
This episode covers the SEC charges against SolarWinds and CISO Timothy Brown for allegedly hiding known cybersecurity risks prior to the 2020 supply chain attack it suffered.
- October 31, 2023
31 Oct'23
No patches yet for Apple iLeakage side-channel attack
Apple said it is working on more complete fixes for the iLeakage side-channel attack technique, but only one partial mitigation is currently available to macOS customers.
- October 31, 2023
31 Oct'23
SEC charges SolarWinds for security failures, fraud
The SEC accused SolarWinds and CISO Timothy Brown of hiding known cybersecurity risks that were further highlighted by the supply chain attack revealed in 2020.
-
- October 31, 2023
31 Oct'23
Dual ransomware attacks on the rise, but causes are unclear
While the FBI warned enterprises of an increase in dual ransomware attacks, infosec experts said there's insufficient data to consider the threat a trend.
- October 26, 2023
26 Oct'23
Risk & Repeat: Okta under fire after support system breach
This podcast episode covers a security breach suffered by identity vendor Okta involving its customer support systems, which has sparked criticism from customers.
-
Sponsored News
-
Server Security in the Era of ChatGPT
Sponsored by Dell Technologies and Intel - The importance of security and compliance to applications and data environments cannot be overstated. A GenAI platform deployment is different from a typical infrastructure as a service (IaaS) implementation in terms of who holds the keys and who can read the data. Research by TechTarget's Enterprise Strategy Group has found that even cloud-first organizations are deploying some workloads on premises, rather than the cloud, due to concerns related to data governance and sovereignty (cited by 42% of respondents) and security (cited by 34%). These organizations understand the real potential for data leakage associated with GenAI. See More
-
Dell Technologies GenAI-validated Designs and Dell Reference Designs
Sponsored by Dell Technologies and Intel - It's important to have the right infrastructure in place to support generative AI solutions. The intent should be to keep control of both proprietary data and associated GenAI-related business outcomes. See More
-
Sustainability, AI and Dell PowerEdge Servers
Sponsored by Dell Technologies and Intel - When it comes to energy efficiency and sustainability in IT, rightsizing is critical. Optimizing the infrastructure model and the right hardware needed to run it should be the goal. See More
-
A Generative AI Use Case Brought to Life with Solutions from Dell Technologies
Sponsored by Dell Technologies and Intel - Generative AI is not science fiction. It is real. Implementing and using generative AI is a goal within reach of any organization, not just large technology-centric ones. According to research by TechTarget's Enterprise Strategy Group, 92% of organizations will have generative AI in production within the next year. IT vendors such as Dell Technologies are currently working to bring AI to businesses, organizations and institutions in a manner customized to their unique needs. See More
-
- October 26, 2023
26 Oct'23
NCC Group details 153% spike in September ransomware attacks
NCC Group analysts warned the significant year-over-year increase will likely continue. Organizations may see 4,000 ransomware attacks by the end of 2023.
- October 24, 2023
24 Oct'23
Cisco IOS XE instances still under attack, patch now
In the days since Cisco's initial disclosure, the networking giant found a second Cisco IOS XE zero-day as well as new evasion techniques being utilized by threat actors.
- October 24, 2023
24 Oct'23
1Password stops attack linked to Okta breach
1Password said a threat actor used a HAR file stolen in the recent Okta breach to access the password manager's Okta tenant, but the activity was detected and blocked.
- October 24, 2023
24 Oct'23
JPMorgan Chase CISO explains why he's an 'AI optimist'
Pat Opet, CISO at JPMorgan Chase & Co., discussed how the financial services giant invests in cybersecurity and where generative AI could provide game-changing benefits.
- October 23, 2023
23 Oct'23
Okta customer support system breached via stolen credentials
During the latest breach against the identity and access management vendor, attackers took advantage of the system intended to provide support for Okta customers.
-
- October 19, 2023
19 Oct'23
North Korean hackers exploit critical TeamCity vulnerability
While a patch is available, Microsoft and JetBrains confirmed TeamCity users have been compromised in attacks that leverage CVE-2023-42793 as an initial attack vector.
- October 19, 2023
19 Oct'23
CISA, NSA, FBI publish phishing guidance
In its guidance, CISA focused on two primary goals of phishing attacks: obtaining login credentials, often via social engineering, and installing malware on target systems.
- October 18, 2023
18 Oct'23
SailPoint extends identity security platform with data security
With DAS, privilege access management, AI and other features, SailPoint moves Atlas from an identity governance platform to an identity security platform.
- October 18, 2023
18 Oct'23
Mandiant: Citrix zero-day actively exploited since August
Exploitation against CVE-2023-4966 is ongoing, and Mandiant CTO Charles Carmakal warned patching alone is insufficient against potential attacks that leverage MFA bypass techniques.
- October 17, 2023
17 Oct'23
Cisco IOS XE zero-day facing mass exploitation
VulnCheck said its public scanning for CVE-2023-20198 revealed that 'thousands' of internet-facing Cisco IOS XE systems have been compromised with malicious implants.
- October 16, 2023
16 Oct'23
Cisco working on fix for critical IOS XE zero-day
Cisco designated the bug, CVE-2023-20198, with a CVSS score of 10 and said it was working on a patch, but advised customers to apply mitigations in the meantime.
- October 16, 2023
16 Oct'23
Google Authenticator synchronization raises MFA concerns
Infosec experts say a synchronization feature added to Google's Authenticator app could lead to unintended consequences for organizations' multifactor authentication codes.
- October 13, 2023
13 Oct'23
Ransomware gang targets critical Progress WS_FTP Server bug
The vulnerability used in the failed ransomware attack, CVE-2023-40044, is a .NET deserialization vulnerability in Progress Software's WS_FTP Server with a CVSS score of 10.
- October 12, 2023
12 Oct'23
Risk & Repeat: Rapid Reset and the future of DDoS attacks
This podcast episode covers the record-breaking DDoS attack Rapid Reset, why it stands out among other DDoS campaigns and whether it will be widely replicated in the future.
- October 10, 2023
10 Oct'23
'Rapid Reset' DDoS attacks exploiting HTTP/2 vulnerability
Cloudflare said the Rapid Reset DDoS attack was three times larger than the attack it had on record. Google similarly called it 'the largest DDoS attack to date.'
- October 06, 2023
06 Oct'23
MGM faces $100M loss from ransomware attack
MGM's 8-K filing revealed some personal customer data was stolen during the September attack and said the company expects cyber insurance to sufficiently cover the losses.
- October 05, 2023
05 Oct'23
IBM launches new AI-powered TDR Services
IBM followed its first AI-focused offering from April, QRadar Suite, with an MDR product -- Threat Detection and Response Services -- featuring AI capabilities.
- October 04, 2023
04 Oct'23
Critical Atlassian Confluence zero-day flaw under attack
Collaboration software vendor Atlassian urged customers with affected versions of Confluence Data Center and Server to apply patches for CVE-2023-22515 immediately.
- October 04, 2023
04 Oct'23
Okta debuts passkey support to combat account compromises
The identity and access management vendor introduced products and features that addressed new social engineering techniques that require additional security measures beyond MFA.
- October 03, 2023
03 Oct'23
Spyware vendor exploiting kernel flaw in Arm Mali GPU drivers
Arm Mali GPUs affected by CVE-2023-4211, which was discovered by Google researchers, include a wide range of Android phones as well as ChromeOS devices such as Chromebooks.
- October 03, 2023
03 Oct'23
Ransomware disrupts hospitality, healthcare in September
Ransomware disclosures and reports last month were headlined by attacks on MGM Resorts and Caesars Entertainment, which proved costly to the Las Vegas hospitality giants.
- October 02, 2023
02 Oct'23
Openwall patches 3 of 6 Exim zero-day flaws
The Openwall Project urged users to upgrade to the latest version of Exim, but there have been timely patching struggles with the message transfer agent software in the past.
- September 28, 2023
28 Sep'23
US, Japan warn China-linked 'BlackTech' targeting routers
CISA said BlackTech has targeted Cisco and other router makers by using a variety of tools and techniques to modify and even replace devices' firmware.
- September 28, 2023
28 Sep'23
Cisco patches zero-day vulnerability under attack
Cisco said its Advanced Security Initiatives Group discovered the zero-day flaw while investigating attempted attacks on the vendor's Group Encrypted Transport VPN feature.
- September 26, 2023
26 Sep'23
Clop MoveIt Transfer attacks affect over 2,000 organizations
According to research by security vendor Emsisoft, 2,095 organizations and 62,054,613 individuals have been affected by the Clop gang's attacks on MoveIt Transfer customers.
- September 26, 2023
26 Sep'23
CrowdStrike makes a breakout move
CrowdStrike's annual user conference emphasized the company's future vision for AI, automation and an integrated security IT approach.
- September 25, 2023
25 Sep'23
Dallas doles out $8.5M to remediate May ransomware attack
The city of Dallas provided a detailed attack timeline that showed Royal threat actors compromised a service account a month before ransomware was deployed.
- September 22, 2023
22 Sep'23
Apple issues emergency patches for 3 zero-day bugs
Apple said CVE-2023-41992, CVE-2023-41991 and CVE-2023-41993 -- all reported by Citizen Lab and Google researchers -- might have been exploited against versions of iOS before 16.7.
- September 20, 2023
20 Sep'23
Okta: Caesars, MGM hacked in social engineering campaign
Identity management vendor Okta had previously disclosed that four unnamed customers had fallen victim to a social engineering campaign that affected victims' MFA protections.
- September 20, 2023
20 Sep'23
Cyber insurance report shows surge in ransomware claims
Coalition's H1 2023 report shows ransomware activity increased and severity reached "historic" highs as businesses lost an average of more than $365,000 following an attack.
- September 19, 2023
19 Sep'23
Risk & Repeat: MGM, Caesars casino hacks disrupt Las Vegas
This podcast episode compares the cyber attacks suffered by casino giants MGM Resorts and Caesars Entertainment in recent weeks and the fallout from them.
- September 18, 2023
18 Sep'23
Microsoft AI researchers mistakenly expose 38 TB of data
Microsoft said no customer data was affected by the Azure Storage exposure and 'no other internal services were put at risk because of this issue,' which has been mitigated.
- September 14, 2023
14 Sep'23
Developer platform Retool breached in vishing attack
A successful vishing attack against a Retool employee led to account takeovers of 27 cloud customers, but the company is pointing the finger at Google.
- September 14, 2023
14 Sep'23
Caesars Entertainment breached in social engineering attack
Caesars said it took steps after the breach to "ensure that the stolen data is deleted by the unauthorized actor," suggesting it paid a ransom to the attackers.
- September 14, 2023
14 Sep'23
Palo Alto Networks: 80% of security exposures exist in cloud
It's no surprise that organizations struggle with cloud security, but a new report reveals an alarming split between cloud and on-premise security exposures.
- September 13, 2023
13 Sep'23
Browser companies patch critical zero-day vulnerability
While attack details remain unknown, Chrome, Edge and Firefox users are being urged to update their browsers as an exploit for CVE-2023-4863 lurks in the wild.
- September 12, 2023
12 Sep'23
Risk & Repeat: Big questions remain on Storm-0558 attacks
Microsoft revealed that Storm-0558 threat actors stole a consumer signing key from its corporate network, but many questions about the breach and subsequent attacks remain.
- September 11, 2023
11 Sep'23
Cisco VPN flaw faces attempted Akira ransomware attacks
Cisco said it became aware of 'attempted exploitation' last month and referenced an Aug. 24 security advisory saying its VPNs were under attack by the Akira ransomware gang.
- September 07, 2023
07 Sep'23
How Storm-0558 hackers stole an MSA key from Microsoft
Microsoft detailed a series of errors that led to a consumer account signing key accidentally being included in a crash dump that was later accessed by Storm-0558 actors.
- September 06, 2023
06 Sep'23
Okta: 4 customers compromised in social engineering attacks
Okta said a threat actor convinced IT personnel at several customers to reset MFA factors for highly privileged users, though it's unclear how they accomplished that task.
- September 05, 2023
05 Sep'23
Ransomware attacks on education sector spike in August
While data breach notifications for MoveIt Transfer customers continued to rise, August also saw ransomware ramp up against schools and universities as classes resumed.
- August 30, 2023
30 Aug'23
Risk & Repeat: Digging into Microsoft security criticisms
Executives, researchers and former employees told TechTarget Editorial about issues with Microsoft security practices, including patch bypasses, poor transparency and more.
- August 30, 2023
30 Aug'23
FBI, Justice Department dismantle Qakbot malware
The FBI operation, one of the largest U.S.-led botnet disruption efforts ever, included international partners such as France, Germany, the Netherlands and the United Kingdom.
- August 30, 2023
30 Aug'23
CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security
CrowdStrike's Elia Zaitsev discusses the rise in credential-based attacks, as well as the common errors organizations make in the cloud that often lead to breaches.
- August 29, 2023
29 Aug'23
Mandiant reveals new backdoors used in Barracuda ESG attacks
Further investigations show threat actors were prepared for Barracuda Networks' remediation efforts, including an action notice to replace all compromised devices.
- August 29, 2023
29 Aug'23
Cisco VPNs under attack via Akira, LockBit ransomware
Cisco and Rapid7 say ransomware actors LockBit and Akira have apparently been targeting Cisco VPNs not configured for multifactor authentication.
- August 25, 2023
25 Aug'23
CloudNordic loses most customer data after ransomware attack
The Danish cloud host said the ransomware attack it suffered last week 'has paralyzed CloudNordic completely' and that 'it has proved impossible' to recover more customer data.
- August 24, 2023
24 Aug'23
FBI: Suspected Chinese actors continue Barracuda ESG attacks
The alert comes after Barracuda Networks issued an advisory stating that patches for CVE-2023-2868 were insufficient and all affected ESG devices need to be replaced.
- August 23, 2023
23 Aug'23
Sophos: RDP played a part in 95% of attacks in H1 2023
While Sophos observed increasing activity around Active Directory and Remote Desktop Protocol abuse, it recommended simple mitigation steps can limit the attack surface.
- August 23, 2023
23 Aug'23
Google launches AI-powered data classification for Workspace
Available now in preview, the new capability can automatically label files across a customer's Drive environment to protect data from exposure and exfiltration.
- August 22, 2023
22 Aug'23
Ivanti issues fix for third zero-day flaw exploited in the wild
CVE-2023-38035 is the latest Ivanti zero-day vulnerability to be exploited in the wild. The vendor has released a series of remediation recommendations.
- August 21, 2023
21 Aug'23
Vendors criticize Microsoft for repeated security failings
Microsoft is facing frustration for numerous security issues, including problematic transparency, numerous patch bypasses and inconsistent communication practices.
- August 17, 2023
17 Aug'23
CISA, vendors warn Citrix ShareFile flaw under attack
A vulnerability in the managed file transfer product that enterprises use is being actively exploited two months after Citrix released a fix.
- August 17, 2023
17 Aug'23
Risk & Repeat: Highlights from Black Hat USA 2023
Black Hat USA 2023 in Las Vegas covered several trends, such as generative AI and cloud security issues, as well as new vulnerabilities, including the Downfall flaw in Intel chips.
- August 11, 2023
11 Aug'23
The latest from Black Hat USA 2023
Use this guide to Black Hat USA 2023 to keep up on breaking news and trending topics and to read expert insights on one of the world's top cybersecurity conferences.
- August 10, 2023
10 Aug'23
CISA shares 'secure by design' plan for US tech ecosystem
The cyber agency plans to establish secure-by-design principles through internal and external communications, data collection and education for the next generation.
- August 10, 2023
10 Aug'23
Palo Alto: SugarCRM zero-day reveals growing cloud threats
Recent incident response investigations reveal that attackers are becoming more advanced when it comes to the cloud, but there are steps enterprises can take to mitigate risks.
- August 10, 2023
10 Aug'23
Kemba Walden: We need to secure open source software
During her Black Hat USA 2023 keynote, the acting national cyber director said the White House wants to develop realistic policies to improve the security of open source software.
- August 10, 2023
10 Aug'23
Trend Micro discloses 'silent threat' flaws in Azure ML
During a Black Hat 2023 session, Trend Micro researchers discussed several vulnerabilities they discovered in Azure Machine Learning that allow sensitive information disclosure.
- August 10, 2023
10 Aug'23
U.S., Ukraine cyber leaders talk resilience, collaboration
At Black Hat 2023, CISA's Jen Easterly and Ukraine's Victor Zhora discuss cyber resilience and security hardening in the face of destructive cyber campaigns.
- August 10, 2023
10 Aug'23
Researchers put LLMs to the test in phishing email experiment
A Black Hat USA 2023 session discussed an experiment that used large language models to see how effective the technology can be in both detecting and producing phishing emails.
- August 09, 2023
09 Aug'23
Generative AI takes center stage at Black Hat USA 2023
About one year after generative AI launched into the spotlight, the technology is showing early signs of potential for security at Black Hat USA 2023 in Las Vegas.
- August 09, 2023
09 Aug'23
Coalition looks to bridge gap between CISOs, cyber insurance
While carriers and CISOs agree cyber insurance has contributed to better security postures, Coalition said the relationship needs to stronger as threat evolve and intensify.
- August 09, 2023
09 Aug'23
Wiz warns of exposed multi-tenant apps in Azure AD
During a Black Hat USA 2023 session, a Wiz researcher explained how a common misconfiguration in Azure Active Directory led to the exposure of nearly 1,300 applications.
- August 09, 2023
09 Aug'23
Onapsis researchers detail new SAP security threats
At Black Hat 2023, Onapsis researchers demonstrated how attackers could chain a series of SAP vulnerabilities impacting the P4 protocol to gain root access to a target network.
- August 09, 2023
09 Aug'23
Tenable launches LLM-powered ExposureAI product
ExposureAI will be integrated into Tenable One, the vendor's encompassing exposure management platform, and is the latest cybersecurity produce to employ large language models.
- August 08, 2023
08 Aug'23
Google unveils 'Downfall' attacks, vulnerability in Intel chips
Google researcher Daniel Moghimi first reported CVE-2022-40982 and the resulting data leak attacks to Intel in August 2022, but it's taken nearly 12 months to disclose the flaw.
- August 08, 2023
08 Aug'23
CrowdStrike observes massive spike in identity-based attacks
Identity-based attacks like Kerberoasting saw massive increases over the last 12 months as adversary breakout time fell, according to CrowdStrike's 2023 Threat Hunting Report.
- August 07, 2023
07 Aug'23
Google to discuss LLM benefits for threat intelligence programs
Large language models are the backbone of generative AI products launching in the security space. Google will discuss how best to integrate the technology at this week's Black Hat USA.
- August 03, 2023
03 Aug'23
MoveIt Transfer attacks dominate July ransomware disclosures
Traditional ransomware attacks took a back seat last month, as Clop operators continued to claim victims from the zero-day attacks on MoveIt Transfer customers.
- August 03, 2023
03 Aug'23
Risk & Repeat: Microsoft takes heat over Storm-0558 attacks
The Storm-0558 attacks have raised questions about Microsoft's response to a cloud flaw and a stolen MSA key that was used to compromise customer email accounts.
- August 01, 2023
01 Aug'23
Infosec experts divided on SEC four-day reporting rule
Professionals in the cybersecurity industry voiced concerns and praises of new incident disclosure rules that allow companies four days to report a "material" cyber attack.
- July 31, 2023
31 Jul'23
CISA details backdoor malware used in Barracuda ESG attacks
CISA said Friday that 'Submarine' is a novel persistent backdoor used in attacks against Barracuda Email Security Gateway appliances vulnerable to CVE-2023-2868.
- July 27, 2023
27 Jul'23
Google: 41 zero-day vulnerabilities exploited in 2022
While attackers increasingly exploited zero-day flaws last year, one of the most notable findings from the report emphasized how inadequate patches led to new variants.
- July 25, 2023
25 Jul'23
Thoma Bravo sells Imperva to Thales Group for $3.6B
With the acquisition, Thales looks to expand its Digital Security and Identity business with an increased focus on protecting web applications and API.
- July 25, 2023
25 Jul'23
Ivanti EPMM zero-day vulnerability exploited in wild
A zero-day authentication bypass vulnerability in Ivanti Endpoint Manager Mobile was exploited in a cyber attack against a Norwegian government agency.
- July 24, 2023
24 Jul'23
Coveware: Rate of victims paying ransom continues to plummet
Incident response firm Coveware said 34% of ransomware victims paid the ransom in Q2 2023, a sharp decline from last quarter and an enormous decline from 2020 and 2019.
- July 24, 2023
24 Jul'23
Mandiant: JumpCloud breach led to supply chain attack
Mandiant researchers attribute the supply chain attack to a North Korean threat actor that abused JumpCloud's commands framework to gain access to a downstream customer.
- July 20, 2023
20 Jul'23
Risk & Repeat: Are data extortion attacks ransomware?
Ransomware gangs are focusing more on data theft and extortion, while skipping the encryption of networks. But should these attacks still be considered ransomware?
- July 20, 2023
20 Jul'23
Cyber insurers adapting to data-centric ransomware threats
Cyber insurance carriers and infosec vendors weigh in on how the shift in ransomware tactics is affecting policies and coverage, presenting challenges for enterprises.
- July 19, 2023
19 Jul'23
Microsoft to expand free cloud logging following recent hacks
Microsoft faced criticism over a lack of free cloud log data after a China-based threat actor compromised email accounts of several organizations, including some federal agencies.
- July 19, 2023
19 Jul'23
Citrix NetScaler ADC and Gateway flaw exploited in the wild
Critical remote code execution flaw CVE-2023-3519 was one of three vulnerabilities in Citrix's NetScaler ADC and Gateway. Customers are urged to patch their instances.
- July 18, 2023
18 Jul'23
Multiple Adobe ColdFusion flaws exploited in the wild
One of the Adobe ColdFusion flaws exploited in the wild, CVE-2023-38203, was a zero-day bug that security vendor Project Discovery inadvertently published.
- July 18, 2023
18 Jul'23
Orca: Google Cloud design flaw enables supply chain attacks
Orca Security says threat actors can use a design flaw in Google Cloud Build's default permissions to gain access to Artifact Registry code repositories and poison software.
- July 17, 2023
17 Jul'23
Microsoft still investigating stolen MSA key from email attacks
While Microsoft provided additional attack details and techniques used by Storm-0558, it remains unclear how the Microsoft account signing key was acquired.
- July 17, 2023
17 Jul'23
JumpCloud breached by nation-state threat actor
JumpCloud's mandatory API key rotation earlier this month was triggered by a breach at the hands of a nation-state threat actor that gained access through spear phishing.
- July 14, 2023
14 Jul'23
XSS zero-day flaw in Zimbra Collaboration Suite under attack
A manual workaround is currently available for a cross-site scripting vulnerability in Zimbra Collaboration Suite, though a patch won't be available until later this month.
- July 13, 2023
13 Jul'23
Microsoft: Government agencies breached in email attacks
While Microsoft mitigated the attacks and found no evidence of further access beyond the email accounts, the Outlook breaches raised questions for the software giant.
- July 12, 2023
12 Jul'23
Chainalysis observes sharp rise in ransomware payments
The rise in total ransomware payments so far this year is a reversal of the decline Chainalysis saw in 2022, when payments fell sharply to $457 million from $766 million in 2021.
- July 12, 2023
12 Jul'23
Threat actors forged Windows driver signatures via loophole
Threat actors bypassed Microsoft's driver signing policy using a technical loophole and signature timestamp forging tools commonly used in the video game cheat community.
- July 12, 2023
12 Jul'23
Russia-based actor exploited unpatched Office zero day
Microsoft investigated an ongoing phishing campaign that leverages Word documents to deliver malicious attachments to targeted organizations in the U.S. and Europe.
- July 11, 2023
11 Jul'23
Risk & Repeat: How bad is Clop's MoveIt Transfer campaign?
Clop's data theft and extortion campaign against MoveIt Transfer customers marks some of the most high-profile threat activity this year, but its success level remains unclear.
- July 11, 2023
11 Jul'23
Clop's MoveIt Transfer attacks lead to mixed results
Clop's data theft extortion campaign against MoveIt Transfer customers has apparently compromised hundreds of organizations. But it's unclear how many victims have paid ransoms.
- July 10, 2023
10 Jul'23
TPG Capital acquires Forcepoint's government unit for $2.45B
Forcepoint's Global Governments and Critical Infrastructure unit will operate independently under TPG, while the commercial business will remain at Francisco Partners.
- July 06, 2023
06 Jul'23
CISA: Truebot malware infecting networks in U.S., Canada
CISA warned of Truebot attacks in a joint advisory alongside the FBI, the Canadian Centre for Cyber Security and the Multi-State Information Sharing and Analysis Center.