News
News
- March 23, 2023
23 Mar'23
More victims emerge from Fortra GoAnywhere zero-day attacks
Threat actors began exploiting a zero-day vulnerability in Fortra's GoAnywhere file sharing software in late January, victimizing several large enterprises.
- March 22, 2023
22 Mar'23
BreachForums taken down after arrest of alleged owner
This Risk & Repeat podcast episode covers the arrest of BreachForums' alleged owner and the site's subsequent closure, as well as possible connections to the DC Health Link breach.
- March 22, 2023
22 Mar'23
Cyber insurance carriers expanding role in incident response
While cyber insurance has its benefits, infosec professionals expressed concern that carriers have too much influence over incident response decisions, especially with ransomware.
-
- March 21, 2023
21 Mar'23
ZenGo finds transaction simulation flaw in Coinbase, others
Referred to as a 'red pill attack,' ZenGo researchers discovered a way to exploit smart contracts and bypass security features known as transaction simulation solutions.
- March 20, 2023
20 Mar'23
FBI arrests suspected BreachForums owner in New York
The BreachForums arrest occurred days after DC Health Link's data went up for sale on the dark web message board, though the affidavit did not cite the breach in the arrest.
-
Sponsored News
-
Server Security in the Era of ChatGPT
Sponsored by Dell Technologies and Intel - The importance of security and compliance to applications and data environments cannot be overstated. A GenAI platform deployment is different from a typical infrastructure as a service (IaaS) implementation in terms of who holds the keys and who can read the data. Research by TechTarget's Enterprise Strategy Group has found that even cloud-first organizations are deploying some workloads on premises, rather than the cloud, due to concerns related to data governance and sovereignty (cited by 42% of respondents) and security (cited by 34%). These organizations understand the real potential for data leakage associated with GenAI. See More
-
Dell Technologies GenAI-validated Designs and Dell Reference Designs
Sponsored by Dell Technologies and Intel - It's important to have the right infrastructure in place to support generative AI solutions. The intent should be to keep control of both proprietary data and associated GenAI-related business outcomes. See More
-
Sustainability, AI and Dell PowerEdge Servers
Sponsored by Dell Technologies and Intel - When it comes to energy efficiency and sustainability in IT, rightsizing is critical. Optimizing the infrastructure model and the right hardware needed to run it should be the goal. See More
-
A Generative AI Use Case Brought to Life with Solutions from Dell Technologies
Sponsored by Dell Technologies and Intel - Generative AI is not science fiction. It is real. Implementing and using generative AI is a goal within reach of any organization, not just large technology-centric ones. According to research by TechTarget's Enterprise Strategy Group, 92% of organizations will have generative AI in production within the next year. IT vendors such as Dell Technologies are currently working to bring AI to businesses, organizations and institutions in a manner customized to their unique needs. See More
-
- March 17, 2023
17 Mar'23
Google warns users of Samsung Exynos zero-day vulnerabilities
To prevent threat actors from exploiting the unpatched attack vectors, Google Project Zero made an exception for four Exynos chipset flaws by extending its disclosure timeline.
- March 16, 2023
16 Mar'23
U.S. federal agency hacked via 3-year-old Telerik UI flaw
A CISA advisory said multiple threat actors recently exploited a Progress Telerik UI vulnerability, first disclosed in 2019, to breach an unnamed federal civilian agency.
- March 15, 2023
15 Mar'23
Secureworks IR team saw BEC attacks double in 2022
Vendor and incident response firm Secureworks referred to business email compromise, or BEC attacks, as 'the largest monetary threat to organizations.'
- March 15, 2023
15 Mar'23
Rubrik discloses data breach, blames Fortra zero-day
The cybersecurity vendor said it is investigating a data breach after attackers exploited a zero-day vulnerability in Fortra's GoAnywhere managed file transfer software.
- March 15, 2023
15 Mar'23
Dell launches new security offerings for data protection, MDR
Dell's new and expansive services focus on top security challenges enterprises face, such as data protection, ransomware recovery and supply chain threats.
-
- March 15, 2023
15 Mar'23
Hacker claims exposed database led to DC Health Link breach
This Risk & Repeat podcast episode covers the breach of health insurance exchange DC Health Link, as well as a hacker's claim that the breach was caused by an exposed database.
- March 14, 2023
14 Mar'23
Magniber ransomware actors exploiting Microsoft zero day
Magniber ransomware actors discovered a way to bypass Microsoft's remediation for a previous SmartScreen vulnerability to attack enterprises, according to Google researchers.
- March 13, 2023
13 Mar'23
DC Health Link confirms breach, but questions remain
While DC Health Link confirmed the breach, it is unknown how threat actors obtained the personal health data of more than 56,000 customers, including members of Congress.
- March 09, 2023
09 Mar'23
Is ransomware declining? Not so fast, experts say
While some 2022 ransomware statistics indicate a possible 'decline' in activity, threat researchers warn there's more to the picture than the numbers suggest.
- March 09, 2023
09 Mar'23
IceFire ransomware targets Linux, exploits IBM vulnerability
IceFire ransomware actors have shifted their attention to Linux servers and are actively exploiting a known vulnerability in IBM's Aspera Faspex file sharing software.
- March 09, 2023
09 Mar'23
VulnCheck: CISA's KEV missing 42 vulnerabilities from 2022
VulnCheck said CISA's Known Exploited Vulnerabilities catalog 'cannot be treated as the authoritative catalog of exploited vulnerabilities' in its current state.
- March 09, 2023
09 Mar'23
Flashpoint: Threat vectors converging, increasing damage
The threat intelligence vendor warned that threat actors are increasingly combining known vulnerabilities, stolen credentials and exposed data to wreak maximum damage.
- March 07, 2023
07 Mar'23
Biden administration raises software liability questions
This Risk & Repeat podcast episode discusses the White House's National Cybersecurity Strategy and its proposal to hold technology companies liable for insecure software.
- March 07, 2023
07 Mar'23
Vishing attacks increasing, but AI's role still unclear
The volume of vishing attacks continues to rise. But threat researchers say it's difficult to attribute such threats to artificial intelligence tools and deepfake technology.
- March 06, 2023
06 Mar'23
Police raids target 'core' DoppelPaymer ransomware members
A coordinated law enforcement effort last week resulted in raids and arrest warrants against 'core members' of the infamous DoppelPaymer ransomware group.
- March 02, 2023
02 Mar'23
New National Cybersecurity Strategy takes aim at ransomware
The Biden-Harris administration's 39-page National Cybersecurity Strategy covers multiple areas, including disrupting ransomware operations and addressing vulnerable software.
- March 02, 2023
02 Mar'23
Ransomware attacks ravaged big names in February
While ransomware incidents appear to be decreasing, several high-profile organizations, including Dole, Dish Network and the U.S. Marshals Service, suffered notable attacks.
- February 28, 2023
28 Feb'23
Rapid7: Attackers exploiting vulnerabilities 'faster than ever'
Rapid7's 2022 Vulnerability Intelligence Report analyzed how attackers' increasing speed in deploying exploits affected an onset of widespread threats in 2022.
- February 28, 2023
28 Feb'23
LastPass breach tied to hack of engineer's home computer
LastPass said a threat actor hacked an employee's home computer to access a corporate password vault and steal decryption keys for its product backups and cloud storage resources.
- February 28, 2023
28 Feb'23
Bitdefender releases decryptor for MortalKombat ransomware
MortalKombat ransomware was first spotted in January, but Bitdefender has already cracked the new variant and released a free decryptor to help victims recover data.
- February 28, 2023
28 Feb'23
U.S. Marshals Service suffers ransomware attack, data breach
Ransomware actors breached the U.S. Marshals Service earlier this month and stole sensitive information pertaining to agency investigations, though many questions remain.
- February 22, 2023
22 Feb'23
Exploitation attempts observed against Fortinet FortiNAC flaw
Hours after Horizon3.ai released a proof of concept exploit through GitHub, Shadowserver Foundation observed several IP addresses attempting to exploit the vulnerability.
- February 22, 2023
22 Feb'23
How hackers can abuse ChatGPT to create malware
ChatGPT's capabilities for producing software code are limited. But researchers have observed cybercriminals bypassing the chatbot's safeguards to produce malicious content.
- February 22, 2023
22 Feb'23
IBM: Ransomware defenders showing signs of improvement
According to IBM X-Force's Threat Intelligence Index report, a smaller percentage of threat actors executed a ransomware attack after gaining access in 2022 than in 2021.
- February 21, 2023
21 Feb'23
GoDaddy's response to 'multi-year' breach criticized
GoDaddy took nearly three months to disclose that attackers breached the company in a multi-year campaign, and customers are still in the dark about the details of the attack.
- February 16, 2023
16 Feb'23
Google: Russia continues to set cyber sights on NATO nations
A new report from Google's Threat Analysis Group shed light on Russia's efforts to conduct malicious cyber campaigns not only against Ukraine but also NATO nations too.
- February 16, 2023
16 Feb'23
Ransomware actors increasingly weaponizing old vulnerabilities
A new report from Cyber Security Works shows that 76% of all ransomware-associated vulnerabilities tracked in 2022 were old flaws initially discovered between 2010 and 2019.
- February 16, 2023
16 Feb'23
No relief in sight for ransomware attacks on hospitals
Despite being off limits for some hackers, hospitals continue to be lucrative targets for ransomware groups because of their valuable data and higher rate of paying ransoms.
- February 15, 2023
15 Feb'23
Cisco Talos spots new MortalKombat ransomware attacks
Researchers discovered the threat campaign is also using a new GO version of malware called Laplas Clipper to steal cryptocurrency from individuals and businesses in the U.S.
- February 15, 2023
15 Feb'23
ESXiArgs attack vector unclear as infections continue
This Risk & Repeat podcast episode discusses the recent developments involving ESXiArgs, the ransomware variant that has been infecting vulnerable VMware ESXi servers this month.
- February 14, 2023
14 Feb'23
Dragos: ICS/OT ransomware attacks up 87%
Ransomware attacks against industrial organizations remains a growing problem, according to ICS/OT vendor Dragos' new 'Year in Review 2022' report.
- February 13, 2023
13 Feb'23
Namecheap email system hacked, used for phishing campaign
While the domain registrar said it was not breached directly, it did confirm its third-party email system was compromised Sunday and warned customers not to open any unauthorized emails.
- February 10, 2023
10 Feb'23
New ESXi ransomware strain spreads, foils decryption tools
Since the onset of the widespread attacks last week, the ESXiArgs ransomware strain appears to have undergone updates that make it harder for enterprises to recover data.
- February 09, 2023
09 Feb'23
U.S., U.K. hit TrickBot cybercrime gang with sanctions
TrickBot malware has caused considerable damage to U.S. organizations, particularly in the healthcare industry, and was used in Conti and Ryuk ransomware attacks.
- February 09, 2023
09 Feb'23
Hypervisor patching struggles exacerbate ESXiArgs attacks
Ransomware hit a high number of unpatched VMware ESXi servers by exploiting two- and three-year-old flaws, which has put hypervisor patching difficulties in the spotlight.
- February 09, 2023
09 Feb'23
Thousands of victims apparently hit by ESXiArgs ransomware
A joint security advisory from CISA and the FBI said the ESXiArgs ransomware campaign has claimed over 3,800 servers globally since attacks first emerged last week.
- February 08, 2023
08 Feb'23
CISA battles ESXiArgs ransomware campaign with recovery tool
The U.S. Cybersecurity and Infrastructure Security Agency published a decryptor script intended to assist VMware customers affected by ESXiArgs ransomware.
- February 08, 2023
08 Feb'23
ESXiArgs ransomware campaign raises concerns, questions
This Risk & Repeat podcast looks at the widespread ESXiArgs ransomware attacks and the questions they've raised about the threat landscape, vulnerability patching and more.
- February 06, 2023
06 Feb'23
Vastaamo hacking suspect arrested in France
The suspect in the infamous cyber attack, Julius Kivimäki, is a 25-year-old Finnish man who was arrested after being remanded in absentia in October 2022.
- February 06, 2023
06 Feb'23
Widespread ransomware campaign targets VMware ESXi servers
The attacks exploited a two-year-old heap overflow vulnerability in VMware ESXi. Many questions remain about the scope of the campaign and the threat actor behind it.
- February 02, 2023
02 Feb'23
Threat activity increasing around Fortinet VPN vulnerability
Following public disclosure of the critical VPN flaw in December, multiple reports show threat actors are exploiting it to target high-profile organizations.
- February 02, 2023
02 Feb'23
HeadCrab malware targets Redis to mine cryptocurrency
Aqua Security said the HeadCrab botnet has taken control of at least 1,200 servers via internet-facing instances of the opensource DBMS Redis and is using them for cryptomining.
- February 02, 2023
02 Feb'23
Ransomware attacks on public sector persist in January
Many of the attacks disclosed or reported in January occurred against the public sector, including multiple school districts that were hit within days of one another.
- January 31, 2023
31 Jan'23
Risk & Repeat: The FBI's Hive ransomware takedown
This podcast episode discusses the law enforcement operation that led to the infiltration and takedown of the Hive network and what it could mean for other ransomware gangs.
- January 31, 2023
31 Jan'23
Horizon3.ai releases POC exploit for VMware vulnerabilities
Penetration testing vendor Horizon3.ai published technical details and exploit code for three new CVEs in VMware vRealize Log Insight that can be chained for remote code execution.
- January 30, 2023
30 Jan'23
Schools don't pay, but ransomware attacks still increasing
Ransomware gangs have increasingly focused their attacks on the K-12 education sector, even though most school districts do not pay the ransom. But how long will that last?
- January 26, 2023
26 Jan'23
FBI hacked into Hive ransomware gang, disrupted operations
The FBI infiltrated Hive's network in July 2022 and obtained decryption keys, which it distributed to victims to prevent $130 million in ransom payments, according to the DOJ.
- January 25, 2023
25 Jan'23
Contractor error led to Baltimore schools ransomware attack
A security contractor for Baltimore County Public Schools mistakenly opened a suspicious phishing email attachment in an unsecure environment, leading to the ransomware attack.
- January 24, 2023
24 Jan'23
Risk & Repeat: Another T-Mobile data breach disclosed
This podcast episode discusses the latest T-Mobile breach -- the third in less than three years -- in which a threat actor stole personal data from 37 million customer accounts.
- January 24, 2023
24 Jan'23
Customer data, encryption key stolen in GoTo breach
GoTo's breach update follows the recent disclosure made by GoTo subsidiary LastPass, which similarly lost significant sensitive customer data in a breach last year.
- January 23, 2023
23 Jan'23
Experts applaud expansion of Apple's E2E encryption
Amidst growing privacy concerns and data breach threats, Apple launched Advanced Data Protection for U.S. customers last month to secure almost all data stored in iCloud.
- January 20, 2023
20 Jan'23
T-Mobile data breach affects 37M customers
T-Mobile said a threat actor first began using an API in November to obtain the personal data of 37 million customer accounts, though no financial data was affected.
- January 20, 2023
20 Jan'23
Risk & Repeat: Breaking down the LastPass breach
This podcast episode discusses the fallout of the recent LastPass breach, in which a threat actor stole encrypted logins and unencrypted website URLs from the password manager.
- January 19, 2023
19 Jan'23
Chainalysis: Ransomware payments down, fewer victims paying
Ransomware payments dropped significantly this past year, falling more than 40% from 2021, according to new research from blockchain analysis firm Chainalysis.
- January 18, 2023
18 Jan'23
Bitzlato cryptocurrency exchange founder arrested, charged
Russian national Anatoly Legkodymov is accused of using Bitzlato to process more than $700 million in illicit cryptocurrency transactions, including ransomware payments.
- January 18, 2023
18 Jan'23
LastPass faces mounting criticism over recent breach
LastPass disclosed a breach last month in which a threat actor stole personal customer information, including billing addresses and encrypted website login details.
- January 17, 2023
17 Jan'23
Microsoft fixes SSRF vulnerabilities found in Azure services
Orca Security, which discovered the Azure flaws, warned enterprises to be aware of SSRF attacks, which can result in a threat actor accessing or modifying sensitive data.
- January 16, 2023
16 Jan'23
Judge dismisses Chris Hadnagy lawsuit against DEF CON
DEF CON said it wasn't the only infosec conference to receive code-of-conduct complaints about Chris Hadnagy, claiming Black Hat USA removed him from its review board.
- January 12, 2023
12 Jan'23
Windows zero day patched but exploitation activity unclear
Avast threat researchers detected exploitation of a Windows zero-day flaw in the wild, and organizations are being urged to patch the flaw immediately.
- January 11, 2023
11 Jan'23
Vulnerable software, low incident reporting raises risks
Beneath the buzz around tech innovations at CES were discussions about cybersecurity and how to prevent the next generation of tech from being just as vulnerable as the last.
- January 10, 2023
10 Jan'23
BitSight, Schneider Electric partner to quantify OT risk
The new partnership aims to provide organizations with increased visibility and risk detection capabilities for operational technology environments and critical infrastructure.
- January 10, 2023
10 Jan'23
Risk & Repeat: Analyzing the Rackspace ransomware attack
This Risk & Repeat podcast episode discusses new details of the Rackspace ransomware attack, as well as the questions remaining following the company's final status update.
- January 06, 2023
06 Jan'23
Rackspace: Ransomware actor accessed 27 customers' data
Rackspace said Personal Storage Tables of 27 customers were accessed in the attack last month, but added there was no evidence threat actors viewed, obtained or misused the data.
- January 04, 2023
04 Jan'23
Rackspace: Ransomware attack caused by zero-day exploit
The exploit that led to the Rackspace ransomware attack, referred to as OWASSRF, combines two Exchange Server flaws -- CVE-2022-41080 and a ProxyNotShell flaw, CVE-2022-41082.
- January 04, 2023
04 Jan'23
December ransomware disclosures reveal high-profile victims
Cloud provider Rackspace was just one of several major enterprises to suffer a ransomware attack, according to public disclosures and reports in December.
- January 03, 2023
03 Jan'23
Many Exchange servers still vulnerable to ProxyNotShell flaw
A new exploit chain using one of the ProxyNotShell vulnerabilities has bypassed Microsoft's URL Rewrite mitigations from September and put Exchange servers at risk.
- December 21, 2022
21 Dec'22
Play ransomware actors bypass ProxyNotShell mitigations
CrowdStrike is urging organizations to apply the latest Microsoft Exchange updates after investigations revealed attackers developed a bypass for ProxyNotShell mitigations.
- December 21, 2022
21 Dec'22
Risk & Repeat: OT security progress, threats in 2022
This Risk & Repeat podcast episode discusses the current state of OT security, including the convergence with IT environments and an ever-evolving threat landscape.
- December 20, 2022
20 Dec'22
Malicious Python package in PyPI poses as SentinelOne SDK
No attacks resulting from the malicious Python package have been recorded to date. However, according to PyPI, more than 1,000 users had downloaded it before it was taken down.
- December 20, 2022
20 Dec'22
20 companies affected by major ransomware attacks in 2021
Between hefty ransom demands, major disruptions and leaked data, 2021 saw major ransomware activity across companies and industries.
- December 20, 2022
20 Dec'22
NCC Group: Ransomware attacks increased 41% in November
In addition to a month full of unexpected trends in both threat group activity and targeted sectors, NCC Group warned organizations to be aware of an increase in DDoS attacks.
- December 19, 2022
19 Dec'22
The state of OT security: a rapidly evolving landscape
Security experts weigh in on how the OT security landscape has evolved over the last decade, and where it could be going next as threats continue to mount.
- December 15, 2022
15 Dec'22
Google drops TrustCor certificates as questions loom
Google joined Mozilla and Microsoft in removing support for TrustCor Systems certificates following a Washington Post report on TrustCor's connections to spyware vendors.
- December 15, 2022
15 Dec'22
Check Point classifies Azov as wiper, not ransomware
While Azov was initially considered ransomware, Check Point researchers warned the polymorphic malware is designed to inflict maximum damage to targeted systems.
- December 14, 2022
14 Dec'22
Cybereason warns of rapid increase in Royal ransomware
Enterprises need to be aware of the group's partial encryption technique because the less data it encrypts, the less chance the activity will be detected by a security product.
- December 13, 2022
13 Dec'22
Microsoft addresses two zero days in December Patch Tuesday
December's Patch Tuesday features fixes for 48 new bugs, including several critical vulnerabilities and two zero days, one of which is currently being exploited in the wild.
- December 13, 2022
13 Dec'22
Citrix ADC and Gateway zero day under active exploitation
The NSA said that APT5, a suspected Chinese nation-state threat group, is actively exploiting the Citrix zero-day flaw, which affects the vendor's ADC and Gateway products.
- December 12, 2022
12 Dec'22
Fortinet confirms VPN vulnerability exploited in the wild
In an advisory Monday, Fortinet urged customers to take steps to immediately mitigate the critical flaw, which was disclosed earlier by French infosec firm Olympe Cyberdefense.
- December 09, 2022
09 Dec'22
Claroty unveils web application firewall bypassing technique
Claroty's attack technique bypasses web application firewalls, or WAFs, by tricking those that can't detect JSON as part of their SQL injection detection process.
- December 08, 2022
08 Dec'22
Risk & Repeat: Breaking down Rackspace ransomware attack
This Risk & Repeat podcast episode discusses the recent ransomware attack against cloud provider Rackspace, as well as the major service outage affecting its customers.
- December 07, 2022
07 Dec'22
Vice Society ransomware 'persistent threat' to education sector
New research from Palo Alto Networks supports recent government warnings that Vice Society poses an increased risk to K-12 schools and higher education.
- December 06, 2022
06 Dec'22
MegaRAC flaws, IP leak impact multiple server brands
MegaRAC BMC software from American Megatrends, Inc. have a trio of serious security vulnerabilities that were discovered following an intellectual property leak.
- December 06, 2022
06 Dec'22
Rackspace confirms ransomware attack after Exchange outages
The cloud service provider said that because the investigation of the ransomware attack is in the early stages, it is unknown what, if any, customer data was stolen.
- December 05, 2022
05 Dec'22
Education sector hit by Hive ransomware in November
The education sector remained a popular target last month, particularly from Hive, a ransomware-a-as-a-service group, that even warranted a government alert in late November.
- December 05, 2022
05 Dec'22
Rackspace 'security incident' causes Exchange Server outages
Rackspace has not said what caused the security incident, but the cloud provider said it proactively disconnected its Hosted Exchange offering as it investigates the matter.
- December 02, 2022
02 Dec'22
Experts argue 'sludge' could muck up cyber attacks
Network defenders can supplement their security postures with additional settings and policies that frustrate and discourage attackers, according to a new research paper.
- December 01, 2022
01 Dec'22
Mozilla, Microsoft drop Trustcor as root certificate authority
Mozilla and Microsoft removed support for TrustCor certificates after a Washington Post report revealed the company's ties to government contractors specializing in spyware.
- December 01, 2022
01 Dec'22
LastPass warns some customer data accessed in new breach
LastPass disclosed a new breach, related to the previously disclosed attack in August, that resulted in a threat actor obtaining access to some customer data.
- November 30, 2022
30 Nov'22
Lockbit 3.0 has BlackMatter ransomware code, wormable traits
LockBit 3.0 or 'LockBit Black' includes anti-debugging capabilities, the ability to delete Volume Shadow Copy files and the potential ability to self-spread via legitimate tools.
- November 30, 2022
30 Nov'22
Exchange Server bugs caused years of security turmoil
The four high-profile sets of security vulnerabilities in Microsoft Exchange Server, disclosed by researcher Orange Tsai, are set to remain a major concern for organizations.
- November 30, 2022
30 Nov'22
Risk & Repeat: Twitter, Elon Musk and security concerns
This podcast episode discusses Twitter's security concerns following Elon Musk's acquisition last month, as well as a possible data breach from 2021 that came to light recently.
- November 30, 2022
30 Nov'22
Tenable: 72% of organizations remain vulnerable to Log4Shell
New research shows the attack surface remains wide for the Log4j vulnerability, known as Log4Shell, which caused significant problems for organizations over the past year.
- November 28, 2022
28 Nov'22
Infosec researcher reports possible 'massive' Twitter breach
The alleged Twitter breach involves a data set from late 2021 and includes the phone numbers and personal information of millions of users in the U.S. and Europe.
- November 23, 2022
23 Nov'22
Cybereason warns of fast-moving Black Basta campaign
Threat actors with the Black Basta ransomware-as-a-service group are compromising networks in as little as one hour and stealing sensitive data before disabling DNS services.
- November 22, 2022
22 Nov'22
Google's new YARA rules fight malicious Cobalt Strike use
Google's YARA rules detect cracked versions of Cobalt Strike's older releases so that legitimate instances of the red teaming tool, which use the latest version, aren't targeted.