News
News
- August 10, 2022
10 Aug'22
Chris Krebs: It's still too hard to work with the government
Former CISA Director Chris Krebs offered multiple areas of improvement to the U.S. government's cyber readiness during a Black Hat 2022 keynote.
- August 10, 2022
10 Aug'22
Industroyer2: How Ukraine avoided another blackout attack
A Black Hat 2022 session explained how the latest attack on Ukraine's energy grid was thwarted this spring, thanks to quick responses and timely sharing of threat data.
- August 08, 2022
08 Aug'22
U.S. sanctions another cryptocurrency mixer in Tornado Cash
The U.S. Treasury Department issued sanctions against Tornado Cash, a cryptocurrency mixer accused of helping North Korea's Lazarus Group launder stolen funds.
-
- August 08, 2022
08 Aug'22
VMware: The threat of lateral movement is growing
The majority of incident response professionals surveyed for VMware's 'Global Incident Response Threat Report' observed lateral movement in at least some attacks in the past year.
- August 04, 2022
04 Aug'22
Amazon CSO Steve Schmidt talks prescriptive security for AWS
In part two of this Q&A, Amazon CSO Steve Schmidt discusses why AWS has taken a more prescriptive approach to customer security and how it influences areas like incident response.
-
Sponsored News
-
Server Security in the Era of ChatGPT
Sponsored by Dell Technologies and Intel - The importance of security and compliance to applications and data environments cannot be overstated. A GenAI platform deployment is different from a typical infrastructure as a service (IaaS) implementation in terms of who holds the keys and who can read the data. Research by TechTarget's Enterprise Strategy Group has found that even cloud-first organizations are deploying some workloads on premises, rather than the cloud, due to concerns related to data governance and sovereignty (cited by 42% of respondents) and security (cited by 34%). These organizations understand the real potential for data leakage associated with GenAI. See More
-
Dell Technologies GenAI-validated Designs and Dell Reference Designs
Sponsored by Dell Technologies and Intel - It's important to have the right infrastructure in place to support generative AI solutions. The intent should be to keep control of both proprietary data and associated GenAI-related business outcomes. See More
-
Sustainability, AI and Dell PowerEdge Servers
Sponsored by Dell Technologies and Intel - When it comes to energy efficiency and sustainability in IT, rightsizing is critical. Optimizing the infrastructure model and the right hardware needed to run it should be the goal. See More
-
A Generative AI Use Case Brought to Life with Solutions from Dell Technologies
Sponsored by Dell Technologies and Intel - Generative AI is not science fiction. It is real. Implementing and using generative AI is a goal within reach of any organization, not just large technology-centric ones. According to research by TechTarget's Enterprise Strategy Group, 92% of organizations will have generative AI in production within the next year. IT vendors such as Dell Technologies are currently working to bring AI to businesses, organizations and institutions in a manner customized to their unique needs. See More
-
- August 03, 2022
03 Aug'22
Amazon CSO Steve Schmidt preaches fungible resources, MFA
In a Q&A with SearchSecurity, Amazon CSO Steve Schmidt discusses his time as head of AWS security and shifts the cloud provider made to improve its posture, as well as customers'.
- August 03, 2022
03 Aug'22
Thoma Bravo to acquire Ping Identity for $2.8B
Thoma Bravo's bid is expected to close in the fourth quarter of 2022. Ping Identity's purchase price represents a 63% premium over the vendor's closing price Tuesday.
- August 02, 2022
02 Aug'22
New Microsoft tools aim to protect expanding attack surface
New security concerns have arisen around initial attack vectors and visibility into a broader attack surface as companies have moved to the cloud, according to Microsoft.
- August 02, 2022
02 Aug'22
July another down month in ransomware attack disclosures
July saw a similar number of ransomware attack disclosures as June, previously the sparsest month for disclosures this year, according to SearchSecurity's data.
- July 29, 2022
29 Jul'22
Coveware: Median ransom payments dropped 51% in Q2
Coveware hypothesized that large enterprises are making themselves more expensive targets for ransomware gangs and refusing to give into high demands.
-
- July 28, 2022
28 Jul'22
Microsoft: Austrian company DSIRF selling Subzero malware
Microsoft said Austrian penetration testing firm DSIRF exploited multiple zero-day vulnerabilities, including the recently patched CVE-2022-22047.
- July 28, 2022
28 Jul'22
AWS adds anti-malware and PII visibility to storage
New tools unveiled by AWS at re:Inforce 2022 add new anti-malware capabilities to AWS block storage and a way to find personally identifiable information with S3 object storage.
- July 26, 2022
26 Jul'22
AWS issues MFA call to action at re:Inforce 2022
To reduce growing attack surfaces in the cloud, AWS executives emphasized the importance of implementing MFA to protect accounts and blocking public access to cloud resources.
- July 26, 2022
26 Jul'22
CrowdStrike launches cloud threat hunting service
Launched at AWS re:Inforce 2022, CrowdStrike's Falcon OverWatch Cloud Threat Hunting is a standalone threat hunting service built to stop advanced threats from within the cloud.
- July 21, 2022
21 Jul'22
NCC Group observes a drop in ransomware attacks -- for now
Changes in top ransomware-as-a-service groups like LockBit 2.0 and Conti accounted for the decline in activity, though NCC Group anticipates attacks will ramp back up.
- July 21, 2022
21 Jul'22
Atlassian Confluence plugin contains hardcoded password
A flaw in Questions for Confluence, a first-party application in Atlassian Confluence, contains a hardcoded password enabling access into any vulnerable instance.
- July 21, 2022
21 Jul'22
SynSaber: Only 41% of ICS vulnerabilities require attention
The industrial cybersecurity vendor analyzed 681 ICS vulnerabilities that were disclosed this year and found many had a low probability of exploitation.
- July 20, 2022
20 Jul'22
DOJ report warns of escalating cybercrime, 'blended' threats
The Department of Justice's cyber review report warned that the lines between conventional cybercriminal activity and national security threats have all but disappeared.
- July 20, 2022
20 Jul'22
Sophos launches cross-operational task force X-Ops
The Sophos X-Ops team aims to create an AI-assisted security operations center using the cybersecurity vendor's research and threat response teams.
- July 15, 2022
15 Jul'22
Cryptocurrency mixer activity reaches new heights in 2022
Chainalysis observed a stark uptick in April that led to a steady decline in May and June, but illicit addresses and DeFi platforms have kept mixers busy so far this year.
- July 15, 2022
15 Jul'22
Risk & Repeat: Ransomware in 2022 so far
This podcast episode discusses ransomware in 2022, including an apparent decrease in attacks, the evolution of cybercrime operations and the lack of visibility into the threat.
- July 14, 2022
14 Jul'22
Cryptocurrency crash triggers crisis for dark web exchanges
Cybersixgill says dark web exchanges that help cybercriminals launder their funds are facing a crisis as users are cashing out amid a cryptocurrency price crash.
- July 13, 2022
13 Jul'22
Researcher develops Hive ransomware decryption tool
Despite being only a year old, Hive ransomware has grown into a prominent ransomware-as-a-service operator. The decryptor tackles Hive's newer, better-encrypted version.
- July 13, 2022
13 Jul'22
Supreme Court justices doxxed on dark web
Five conservative Supreme Court justices were reportedly doxxed by threat actors that claim to have obtained credit card numbers, addresses and other information.
- July 12, 2022
12 Jul'22
4 critical flaws among 84 fixes in July Patch Tuesday
Microsoft's Patch Tuesday release for July brought dozens of fixes for security flaws in Windows, an Azure disaster recovery tool and the problematic Print Spooler service.
- July 07, 2022
07 Jul'22
Early detection crucial in stopping BEC scams
Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails.
- July 07, 2022
07 Jul'22
Public sector still facing ransomware attacks amid decline
While ransomware activity has reportedly decreased worldwide in recent months, several public sector organizations in the U.S. suffered attacks in June.
- July 06, 2022
06 Jul'22
5G networks vulnerable to adversarial ML attacks
A team of academic researchers introduced an attack technique that could disrupt 5G networks, requiring new ways to protect against adversarial machine learning attacks.
- July 06, 2022
06 Jul'22
HackerOne incident raises concerns for insider threats
While the threat actor's motivation appears to be financial, it shows just how damaging an insider threat could be for vulnerability disclosure and bug bounty systems.
- July 05, 2022
05 Jul'22
Ransomware in 2022: Evolving threats, slow progress
Experts say trends involving new forms of leverage, increasing numbers of affiliates and the evolving cyber insurance market are shaping the ransomware landscape in 2022.
- June 30, 2022
30 Jun'22
SANS Institute: Human error remains the top security issue
The SANS Institute's annual report on security awareness found that human risk is still the biggest source of data breaches and security issues for enterprises.
- June 28, 2022
28 Jun'22
Ransomware gangs using Log4Shell to attack VMware instances
Ransomware groups are exploiting the Log4Shell flaw in VMware Horizon and using DLL sideloading techniques to exfiltrate and encrypt data, according to Trend Micro.
- June 28, 2022
28 Jun'22
Cisco Talos techniques uncover ransomware sites on dark web
One of the three techniques Cisco Talos used to de-anonymize ransomware dark web sites is to match TLS certificate serial numbers from dark web leak sites to the clear web.
- June 28, 2022
28 Jun'22
Wiz launches open database to track cloud vulnerabilities
Wiz researchers Alon Schindel and Amitai Cohen and Scott Piper, cloud security engineer at Block, launched a database to list all known cloud vulnerabilities and security issues.
- June 24, 2022
24 Jun'22
Researchers criticize Oracle's vulnerability disclosure process
While the critical flaws were reported in April, it took the vendor nearly half a year to issue patches, exceeding the standard responsible coordinated disclosure policy.
- June 23, 2022
23 Jun'22
Chinese HUI Loader malware ups the ante on espionage attacks
A state-sponsored piece of malware may become a favorite weapon for Beijing-backed hacking crews looking to lift intellectual property from foreign firms.
- June 23, 2022
23 Jun'22
Access management issues may create security holes
Employees who aren't credentialed to access corporate systems to do their jobs find ways around the red tape that could lead to security breaches.
- June 22, 2022
22 Jun'22
Ongoing PowerShell security threats prompt a call to action
Although PowerShell poses an ongoing risk to enterprise security as a post-exploitation tool, authorities strongly advise against disabling it completely.
- June 22, 2022
22 Jun'22
Kaspersky unveils unknown APT actor 'ToddyCat'
The origin of 'ToddyCat' is unknown. However, Kaspersky said the APT actor carries similarities with a number of Chinese-speaking threat groups.
- June 22, 2022
22 Jun'22
Publicly disclosed U.S. ransomware attacks database
Each day SearchSecurity looks for every publicly available instance of a ransomware attack in the U.S. and compiles this data into a list to keep readers updated on recent threats.
- June 22, 2022
22 Jun'22
Proofpoint: Social engineering attacks slipping past users
Executives, administrators and network defenders overlook the severity of many of the most effective social engineering tools, Proofpoint cautions.
- June 21, 2022
21 Jun'22
Forescout discloses 'OT:Icefall,' 56 flaws from 10 vendors
The OT:Icefall vulnerabilities come from 10 operational technology vendors that make hardware for critical infrastructure, including Emerson, Honeywell, Motorola and more.
- June 20, 2022
20 Jun'22
Cleveland BSides takes heat for Chris Hadnagy appearance
The Cleveland BSides security conference is experiencing turmoil after booking a 'surprise' keynote speaker who was recently barred from DEF CON for misconduct.
- June 20, 2022
20 Jun'22
Paige Thompson found guilty in 2019 Capital One data breach
The former Amazon engineer who hacked AWS and gained access to sensitive data belonging to Capital One customers has been convicted.
- June 20, 2022
20 Jun'22
Healthcare breaches on the rise in 2022
According to U.S. government data, the number of healthcare breaches in the first five months of 2022 has nearly doubled from the same period last year.
- June 17, 2022
17 Jun'22
Hertzbleed disclosure raises questions for Intel
Hertzbleed, a family of new side-channel attacks, was first reported to Intel in the third quarter of 2021, and it's unclear why it was kept under embargo for so long.
- June 16, 2022
16 Jun'22
Risk & Repeat: Recapping RSA Conference 2022
This Risk & Repeat episode discusses RSA Conference 2022 and major themes, such as the evolving ransomware landscape and the government's strategy to address nation-state threats.
- June 15, 2022
15 Jun'22
Alphv ransomware gang ups pressure with new extortion scheme
The ransomware operators this week launched a website for victims' employees and customers to search for any stolen personal information following an attack.
- June 15, 2022
15 Jun'22
Microsoft takes months to fix critical Azure Synapse bug
Orca Security discovered that inadequate tenant separation in Microsoft's Azure Synapse service could allow a threat actor to steal credentials from thousands of customers.
- June 14, 2022
14 Jun'22
Critical Atlassian Confluence flaw remains under attack
Researchers say a critical flaw in the Atlassian Confluence Data Center and Server is now being used to spread ransomware in the wild, making updates a top priority.
- June 14, 2022
14 Jun'22
How Russian sanctions may be helping US cybersecurity
Federal government officials say Russian sanctions decreased cyber attacks on the U.S. over the past few months but could potentially lead to significant threats down the road.
- June 13, 2022
13 Jun'22
Tenable slams Microsoft over Azure vulnerabilities
Tenable expressed its frustration after working with Microsoft on the disclosure of two cloud flaws that researchers ranked as critical, which the company later silently patched.
- June 13, 2022
13 Jun'22
Skyhigh Security CEO, VP talk life after McAfee
Gee Rittenhouse discusses the process of building Skyhigh Security, a new company created by Symphony Technology Group as a rebirth of McAfee's enterprise cloud security portfolio.
- June 09, 2022
09 Jun'22
Rob Joyce: China represents biggest long-term cyberthreat
NSA director of cybersecurity Rob Joyce spoke at RSA Conference 2022 about the cyberthreat landscape for nation-state attacks from Russia and China.
- June 09, 2022
09 Jun'22
CrowdStrike demonstrates dangers of container escape attacks
CrowdStrike gave a live demonstration at RSA Conference 2022 of how an attacker can use a recently discovered Kubernetes flaw to obtain full control over a container's host system.
- June 09, 2022
09 Jun'22
Mandiant: Cyberextortion schemes increasing pressure to pay
At RSA Conference 2022, Mandiant executives discussed how attackers are pulling out all the stops to pressure victims to pay, from DDoS attacks to harassing victims' customers.
- June 08, 2022
08 Jun'22
SANS lists bad backups, cloud abuse as top cyberthreats
A panel of experts from the SANS Institute took the stage at RSA Conference 2022 to weigh in on some of the biggest threats and risks facing security teams.
- June 08, 2022
08 Jun'22
CISA director promotes collaboration and trust at RSAC 2022
Jen Easterly said there's growing momentum for stronger collaboration and communication between government agencies like CISA and private-sector cybersecurity companies.
- June 07, 2022
07 Jun'22
Cisco Talos: Destructive malware, supply chain attacks rising
At RSA Conference 2022, Cisco Talos discussed how adversaries have evolved and changed their tactics, leading to major shifts in the threat landscape.
- June 07, 2022
07 Jun'22
Microsoft flags common pitfalls for cyber insurance
Cyber insurance is getting more expensive and tougher to acquire. At RSA Conference 2022, Microsoft's Cynthia James discussed the common mistakes made when obtaining coverage.
- June 07, 2022
07 Jun'22
Ransomware Task Force calls for better incident reporting
Michael Phillips, co-chair of the Ransomware Task Force and chief claims officer at Resilience, pointed to a 'data gap' that prohibits a complete picture of the ransomware problem.
- June 07, 2022
07 Jun'22
Microsoft details zero-trust transition, challenges
Over the past three years, Microsoft has moved to a zero-trust framework. Security engineers outlined the transition and its challenges during a session at RSA Conference 2022.
- June 07, 2022
07 Jun'22
DNI Avril Haines: Cybersecurity is getting harder
During her RSA Conference 2022 keynote, the U.S. Director of National Intelligence discussed the increase in cyber threats, from nation-state attacks to commercial hacking tools.
- June 07, 2022
07 Jun'22
Cybereason: Paying ransoms leads to more ransomware attacks
Cybereason found that the majority of organizations that pay threat actors to decrypt data are attacked again -- usually within a month and at the hands of the same attackers.
- June 06, 2022
06 Jun'22
MacOS malware attacks slipping through the cracks
Apple security specialist Patrick Wardle told RSA Conference 2022 attendees that some of the worst security flaws in the macOS operating system come from overlooked bits of code.
- June 06, 2022
06 Jun'22
Major DDoS attacks increasing after invasion of Ukraine
DDoS attacks are a growing threat to both government and commercial entities across the globe, as Russia's invasion of Ukraine has increased the rate of attacks in 2022.
- June 03, 2022
03 Jun'22
Critical Atlassian Confluence flaw exploited in the wild
No patch is currently available for the critical Atlassian bug, which affects Confluence Server and Data Center products, though one is expected by end of day Friday.
- June 02, 2022
02 Jun'22
May ransomware attacks strike municipal governments, IT firms
A major agriculture machinery vendor as well as a handful of other private companies and municipal governments were the targets of ransomware attacks in May.
- June 02, 2022
02 Jun'22
Conti ransomware group targeted Intel firmware tools
A pair of Intel firmware management platforms were targeted by the notorious Conti ransomware group to create new attack techniques, according to Eclypsium researchers.
- June 02, 2022
02 Jun'22
VMware launches 'threat intelligence cloud' Contexa
The Contexa threat intelligence service is integrated into all VMware security products and will be available to all new and existing customers at no additional cost.
- June 01, 2022
01 Jun'22
Hackers ransom 1,200 exposed Elasticsearch databases
An extensive extortion operation didn't need exploits or vulnerabilities to take over more than 1,200 Elasticsearch databases and demand bitcoin payments, according to Secureworks.
- June 01, 2022
01 Jun'22
Forescout proof-of-concept ransomware attack affects IoT, OT
Forescout's proof of concept showed how an attacker could use an IoT camera to gain access to an enterprise's IT network and then shut down operational technology hardware.
- May 31, 2022
31 May'22
Microsoft zero day exploited in the wild, workarounds released
A zero-day flaw in the Microsoft Support Diagnostic Tool has already been exploited in the wild. No patch is available yet, but Microsoft released temporary mitigations.
- May 26, 2022
26 May'22
U.S. Senate report calls out lack of ransomware reporting
The Senate Committee on Homeland Security published a report that points to a lack of ransomware reporting as a major issue in defending the U.S. from cyber attacks.
- May 26, 2022
26 May'22
Twitter fined $150M for misusing 2FA data
The DOJ and FTC said the social media company misused consumers' personal data for advertisement purposes, from which it gained benefit.
- May 26, 2022
26 May'22
'Pantsdown' BMC vulnerability still present in Quanta servers
Eclypsium found that a critical security flaw first disclosed in 2019 remains exposed in many internet-facing servers, leaving networks at risk for remote code execution attacks.
- May 25, 2022
25 May'22
Verizon DBIR: Stolen credentials led to nearly 50% of attacks
The Verizon 2022 Data Breach Investigations Report revealed enterprises' ongoing struggle with securing credentials and avoiding common mistakes such as misconfigurations.
- May 24, 2022
24 May'22
Developers targeted by poisoned Python library
A developer's expired domain led to a threat actor taking control of an open source library and poisoning it with malware that could steal private keys for AWS instances.
- May 24, 2022
24 May'22
MFA technology is rapidly evolving -- are mandates next?
The evolving landscapes of both the modern workplace and cyberthreats have paved the way for some organizations to require multifactor authentication protection. Will others join?
- May 24, 2022
24 May'22
Verizon DBIR: Ransomware dominated threat landscape in 2021
Though ransomware became an increasingly large threat to enterprises last year, Verizon's Data Breach Investigations Report found the model may not be as profitable as expected.
- May 23, 2022
23 May'22
AdvIntel: Conti rebranding as several new ransomware groups
According to AdvIntel's research, the Conti ransomware group's attack on the Costa Rican government was part of a rebranding effort, as the gang's ransom payments had dried up.
- May 19, 2022
19 May'22
QNAP devices hit by DeadBolt ransomware again
DeadBolt ransomware is once again targeting QNAP's NAS devices, and the vendor is urging customers to patch immediately.
- May 19, 2022
19 May'22
VMware vulnerabilities under attack, CISA urges action
Administrators are grappling with four VMware vulnerabilities -- two older flaws that are under active exploitation and two new bugs that CISA believes will be exploited soon.
- May 19, 2022
19 May'22
Small businesses under fire from password stealers
Kaspersky researchers tracked notable increases in password-stealing Trojans, RDP attacks and other cyberthreats against small businesses in various countries.
- May 18, 2022
18 May'22
Axie Infinity hack highlights DPRK cryptocurrency heists
The $620 million hack of developer Sky Mavis earlier this year is only the latest in a long line of cryptocurrency platform attacks conducted by North Korean nation-state actors.
- May 18, 2022
18 May'22
CISA calls out security misconfigurations, common mistakes
Poor security practices and misconfigured controls are allowing threat actors to compromise enterprise networks.
- May 17, 2022
17 May'22
North Korean IT workers targeting US enterprises
North Korean nationals are looking to land jobs at U.S. and European companies to collect sensitive data that could help the reclusive government's military programs.
- May 17, 2022
17 May'22
Cardiologist charged with creating Thanos, Jigsaw ransomware
Moises Luis Zagala Gonzalez, 55, faces up to five years in prison for each of the two charges connected to his alleged role in creating Thanos and Jigsaw ransomware.
- May 16, 2022
16 May'22
Critical bug in Zyxel firewalls, VPNs exploited in the wild
Initially discovered by Rapid7, the vulnerability poses a critical risk to enterprise networks and could allow attackers to gain remote access to Zyxel security products.
- May 12, 2022
12 May'22
Iranian APT Cobalt Mirage launching ransomware attacks
Secureworks researchers said a new Iranian state-sponsored threat group is melding government and financial interests by targeting U.S. organizations with ransomware attacks.
- May 12, 2022
12 May'22
Vendors, governments make ransomware decryptors more common
Ransomware decryption tools are increasingly common today, thanks to cybersecurity vendors and law enforcement agencies working on cracking past and present ransomware threats.
- May 11, 2022
11 May'22
Critical F5 vulnerability under exploitation in the wild
A remote code vulnerability in F5 BIG-IP network appliances is now being scanned for by threat actors, and some experts have observed exploitation in the wild.
- May 11, 2022
11 May'22
US, allies warn of nation-state attacks against MSPs
The joint advisory did not name any specific nation-states, though co-sponsor agencies expect threat actors to 'step up their targeting' of managed service providers (MSPs).
- May 10, 2022
10 May'22
New clues point to REvil ransomware gang's return
New research from Secureworks' Counter Threat Unit provides further evidence that the REvil ransomware group, once thought to be defunct, is indeed back on the scene.
- May 10, 2022
10 May'22
US, EU attribute Viasat hack to Russia
The U.S. and U.K. governments, along with the EU, confirmed the suspicions around the attack that disrupted satellite services for customers in Ukraine as Russia invaded the country.
- May 09, 2022
09 May'22
Victims of Horizon Actuarial data breach exceed 1M
Five months after the data breach was discovered, the number of Horizon Actuarial Services customers and individuals affected by the attack has climbed significantly.
- May 09, 2022
09 May'22
US offers $10M bounty for Conti ransomware information
The bounty follows a recent Conti ransomware attack that Costa Rica suffered in April. The country's new president, Rodrigo Chaves, declared a national emergency Sunday.
- May 06, 2022
06 May'22
Cryptocurrency mixer sanctioned over Lazarus Group ties
North Korea's Lazarus Group is accused of stealing more than $600 million in the Axie Infinity hack and laundering a chunk through the Blender.io mixing service.
- May 05, 2022
05 May'22
Hackers exploit vulnerable Adminer for AWS database thefts
Mandiant researchers spotted a threat group using an exploit for older versions of Adminer to get their hands on metadata that included secret keys for AWS accounts.
- May 05, 2022
05 May'22
SentinelOne finds high-severity flaws in Avast, AVG
The Avast and AVG vulnerabilities, which have been patched, went undiscovered for 10 years and potentially impact millions of devices, according to SentinelOne.