News
News
- May 05, 2022
05 May'22
Google cloud misconfiguration poses risk to customers
Cloud security vendor Mitiga discovered 'dangerous functionality' in the Google Cloud Platform that could allow attackers to compromise virtual machines.
- May 04, 2022
04 May'22
Coveware: Double-extortion ransomware attacks fell in Q1
Coveware said double-extortion ransomware may be replaced with 'big shame ransomware,' in which an attacker threatens to leak sensitive data without encrypting it.
- May 04, 2022
04 May'22
Winnti threat group rides again with IP theft campaign
A Chinese cyberespionage campaign, dubbed 'Operation CuckooBees' by Cybereason, went unnoticed for years as spies siphoned off intellectual property from companies.
-
- May 03, 2022
03 May'22
Trend Micro discovers AvosLocker can disable antivirus software
AvosLocker operators are using legitimate tools and previously disclosed vulnerabilities to disable antivirus software and evade detection on infected machines.
- May 03, 2022
03 May'22
RCE vulnerabilities found in Avaya, Aruba network switches
Armis told SearchSecurity that depending on device model, it was 'not too hard to develop an exploit' for the Avaya and Aruba flaws, heightening concern for administrators.
-
Sponsored News
-
Server Security in the Era of ChatGPT
Sponsored by Dell Technologies and Intel - The importance of security and compliance to applications and data environments cannot be overstated. A GenAI platform deployment is different from a typical infrastructure as a service (IaaS) implementation in terms of who holds the keys and who can read the data. Research by TechTarget's Enterprise Strategy Group has found that even cloud-first organizations are deploying some workloads on premises, rather than the cloud, due to concerns related to data governance and sovereignty (cited by 42% of respondents) and security (cited by 34%). These organizations understand the real potential for data leakage associated with GenAI. See More
-
Dell Technologies GenAI-validated Designs and Dell Reference Designs
Sponsored by Dell Technologies and Intel - It's important to have the right infrastructure in place to support generative AI solutions. The intent should be to keep control of both proprietary data and associated GenAI-related business outcomes. See More
-
Sustainability, AI and Dell PowerEdge Servers
Sponsored by Dell Technologies and Intel - When it comes to energy efficiency and sustainability in IT, rightsizing is critical. Optimizing the infrastructure model and the right hardware needed to run it should be the goal. See More
-
A Generative AI Use Case Brought to Life with Solutions from Dell Technologies
Sponsored by Dell Technologies and Intel - Generative AI is not science fiction. It is real. Implementing and using generative AI is a goal within reach of any organization, not just large technology-centric ones. According to research by TechTarget's Enterprise Strategy Group, 92% of organizations will have generative AI in production within the next year. IT vendors such as Dell Technologies are currently working to bring AI to businesses, organizations and institutions in a manner customized to their unique needs. See More
-
- May 03, 2022
03 May'22
April ransomware attacks slam US universities
April's ransomware attacks were highlighted by several universities and colleges in the U.S. reporting attacks, plus a possible data breach at one of the world's largest beverage companies.
- May 02, 2022
02 May'22
Cyberespionage group exploiting network and IoT blind spots
Researchers with Mandiant have uncovered a new espionage-focused hacking operation that takes advantage of IoT and networking gear that security tools don't cover.
- April 28, 2022
28 Apr'22
Lapsus$ targeting SharePoint, VPNs and virtual machines
From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung.
- April 28, 2022
28 Apr'22
Check Point: Ransomware attacks lasted 9.9 days in 2021
Check Point Research and Kovrr found ransomware attack victims paid out 89% of the ransom demand on average in 2019. The figure dropped to 27% in 2020 before rising to 49% in 2021.
- April 28, 2022
28 Apr'22
Phishing attacks benefiting from shady SEO practices
Cybercriminals running phishing operations are now making use of SEO specialists that break Google's rules to get themselves placed above legitimate search results to lure victims.
-
- April 27, 2022
27 Apr'22
Five Eyes reveals 15 most exploited vulnerabilities of 2021
Law enforcement agencies from five countries share the top flaws they've observed being exploited this year, some of which were disclosed as early as 2018.
- April 27, 2022
27 Apr'22
REvil ransomware attacks resume, but operators are unknown
The notorious REvil ransomware gang appears to be up and running once more, as new attacks and malware samples have been observed, but it's unclear who is behind the operation.
- April 27, 2022
27 Apr'22
Sophos: 66% of organizations hit by ransomware in 2021
Forty-four percent of organizations surveyed by Sophos said they used multiple approaches to recover data following a ransomware attack, including paying ransoms and using backups.
- April 26, 2022
26 Apr'22
Cisco Talos observes 'novel increase' in APT activity in Q1
The security vendor uncovered new trends during Q1, including increased APT attacks, 'democratized' ransomware threats and significant exploitation of Log4j bugs.
- April 25, 2022
25 Apr'22
LemonDuck botnet evades detection in cryptomining attacks
While the botnet is not new, it appears operators are honing their skills and evading Alibaba Cloud's monitoring service to take advantage of rising cryptocurrency prices.
- April 25, 2022
25 Apr'22
T-Mobile breached in apparent Lapsus$ attack
Lapsus$'s alleged theft of T-Mobile source code is in line with its previous activity; the cybercrime group previously stole code from Microsoft and Samsung.
- April 21, 2022
21 Apr'22
Zero-day vulnerability exploitation soaring, experts say
Researchers with Mandiant and Google Project Zero say they observed significant increases in exploitation of zero-day vulnerabilities over the past year.
- April 21, 2022
21 Apr'22
Cryptocurrency theft leaves Beanstalk Farms' future in doubt
Beanstalk Farms' founders confirmed they found many aspects of activity during the attack 'strange' but saw no reason for concern. Now, the company's future is uncertain.
- April 21, 2022
21 Apr'22
FBI warns of 'timed' ransomware attacks on agriculture sector
In a recent alert, the FBI warned that food and agriculture businesses could become a target of ransomware attacks at the sector's busiest times of the year.
- April 20, 2022
20 Apr'22
U.S. warns of 'increased' threats from Russian hacking groups
The U.S. government and its Five Eyes intelligence partners issued a joint advisory warning of the dangers posed by both state-sponsored hackers and cybercriminal crews in Russia.
- April 20, 2022
20 Apr'22
Kaspersky releases decryptor for Yanluowang ransomware
Kaspersky is offering users and admins a tool to decrypt data that had been locked away by the emerging Yanluowang ransomware gang, which was first revealed in December.
- April 20, 2022
20 Apr'22
BlackCat emerges as one of the top ransomware threats
After several notable ransomware attacks against major enterprises, the BlackCat gang is drawing the attention of security researchers who have connected it to other groups.
- April 20, 2022
20 Apr'22
AWS Log4Shell hot patch vulnerable to privilege escalation
Amazon's initial Log4Shell fix had 'severe security issues,' a Palo Alto Networks security researcher said. Amazon released new patches to fix those issues Tuesday.
- April 18, 2022
18 Apr'22
Pegasus spyware discovered on U.K. government networks
Citizen Lab confirmed it spotted the notorious spyware running on systems within the U.K. prime minister's office, and it believes the United Arab Emirates is to blame.
- April 18, 2022
18 Apr'22
Stolen OAuth tokens lead to 'dozens' of breached GitHub repos
Stolen OAuth tokens issued to Heroku and Travis CI were used to download data from the private repositories of 'dozens of organizations,' including GitHub subsidiary npm.
- April 18, 2022
18 Apr'22
Attack on Beanstalk Farms results in $182M loss
High payouts and security weaknesses make cryptocurrency a growing target, which was highlighted even further in the latest attack involving virtual currency and a DeFi platform.
- April 15, 2022
15 Apr'22
Corvus: Ransomware costs, ransom payments declining
Cyber insurance provider Corvus examined how the cost of ransomware attacks declined over the past year and a half and what it means for different industries moving forward.
- April 14, 2022
14 Apr'22
Critical Windows RPC vulnerability raises alarm
Security experts warn that a newly disclosed vulnerability in a critical Windows networking component is opening the door for remote takeover attacks.
- April 14, 2022
14 Apr'22
VMware Workspace One flaw actively exploited in the wild
Multiple threat intelligence providers have detected threat activity related to the VMware Workspace One flaw, including cryptocurrency mining activity.
- April 14, 2022
14 Apr'22
US government, security vendors warn of new ICS malware
As attacks on critical infrastructure increase, experts warn that threat actors have developed new malware designed to take control of ICS and SCADA systems in the energy sector.
- April 13, 2022
13 Apr'22
Microsoft dismantles ZLoader botnet
Microsoft and ESET security teams explained how they were able to identify and dismantle the command and control infrastructure of the notorious ZLoader malware network.
- April 13, 2022
13 Apr'22
Sophos: LockBit affiliates hacked regional government agency
Sophos said attackers spent at least five months inside an unnamed regional government agency's network, remotely Googling for hacking tools before deploying LockBit ransomware.
- April 12, 2022
12 Apr'22
Ukraine energy grid hit by Russian Industroyer2 malware
The 2016 malware known as 'Industroyer' has resurfaced in a new series of targeted attacks against industrial controller hardware at a Ukraine power company.
- April 12, 2022
12 Apr'22
Synopsys: Enterprises struggling with open source software
To curb open source risk, Synopsys advises enterprises to keep a comprehensive inventory of all software within its environment and to understand that securing open source requires strong management.
- April 12, 2022
12 Apr'22
Law enforcement takedowns continue with RaidForums seizure
The hacker forum, which used to sell and purchase sensitive information including login credentials, has been dismantled, and its alleged founder was arrested and indicted.
- April 11, 2022
11 Apr'22
Apple Security Bounty improves, but problems remain
Security researchers told SearchSecurity that Apple Security Bounty improved its communication earlier this year, which had been a key issue for participants.
- April 08, 2022
08 Apr'22
Fin7 hacker sentenced to 5 years in prison
A Ukrainian man has been sentenced to five years in prison after being convicted as one of the primary hackers behind the notorious Fin7 financial malware ring.
- April 07, 2022
07 Apr'22
Government officials: AI threat detection still needs humans
At the Ai4 Cybersecurity Summit, infosec professionals from CISA and the state of Tennessee discussed the promise and potential obstacles of AI for threat detection.
- April 07, 2022
07 Apr'22
How the FBI took down the Cyclops Blink botnet
The FBI's operation copied and removed Cyclops Blink's malware from victims' systems that were used as command and control devices, severing Sandworm's control of the botnet.
- April 06, 2022
06 Apr'22
US sanctions Garantex for laundering over $100M
The latest action follows a string of sanctions imposed during the past year against cryptocurrency exchanges operating out of Russia.
- April 06, 2022
06 Apr'22
Conti ransomware leaks show a low-tech but effective model
The Conti ransomware gang runs largely on elbow grease, according to Akamai security researchers who analyzed the group's training materials and operating policies.
- April 05, 2022
05 Apr'22
German authorities behead dark web Hydra Market
Police in Germany raided facilities hosting the infamous Hydra Market site as part of an international effort to crack down on dark web forums and marketplaces.
- April 05, 2022
05 Apr'22
March ransomware attacks strike finance, government targets
In March, ransomware reports and disclosures showed a variety of victims, from public schools and county governments to financial services firms and large enterprises.
- April 05, 2022
05 Apr'22
Conti ransomware deployed in IcedID banking Trojan attack
The Conti ransomware gang gained recent notoriety for publicly backing Russia in its invasion of Ukraine. An anonymous researcher then leaked massive amounts of internal Conti data.
- April 04, 2022
04 Apr'22
Cryptocurrency companies targeted in Mailchimp breach
Cryptocurrency wallet maker Trezor revealed phishing attacks against its customers that stemmed from a breach at Mailchimp, which the email marketing firm later confirmed.
- April 01, 2022
01 Apr'22
CrowdStrike finds 'logging inaccuracies' in Microsoft 365
CrowdStrike says Microsoft's cloud offering may not be accurately taking logs of user sign-ins, and that could pose a threat to protecting networks and investigating attacks.
- April 01, 2022
01 Apr'22
Zimperium acquired by Liberty Strategic Capital for $525M
Zimperium is the latest cybersecurity investment for Liberty Strategic Capital, a private equity firm founded by former Treasury Secretary Steven Mnuchin.
- March 31, 2022
31 Mar'22
Spring Framework vulnerabilities sow confusion, concern
Two different remote code execution vulnerabilities in a Java developer tool caused considerable confusion after one of the flaws was leaked online as a zero-day.
- March 31, 2022
31 Mar'22
New 'AcidRain' malware may be connected to Viasat attack
SentinelOne did not directly attribute the malware to the Viasat attack. That said, researchers argued the "AcidRain" malware's functionality matches open source intelligence.
- March 30, 2022
30 Mar'22
Viasat confirms cyber attack on Ukraine customers
The U.S.-based satellite internet provider said a 'multifaceted and deliberate cyber attack' struck Viasat's KA-SAT network on the first day of Russia's invasion of Ukraine.
- March 30, 2022
30 Mar'22
Axie Infinity hack results in $600M cryptocurrency heist
Axie Infinity, whose developer was hacked this month, is a popular NFT-based video game in which players earn cryptocurrency by raising their pay-to-play digital pets, or 'Axies.'
- March 29, 2022
29 Mar'22
Rapid7 finds zero-day attacks surged in 2021
Cybercriminals are turning bugs into exploits faster than ever, according to Rapid7, which found that the average time to known exploitation dropped 71% last year.
- March 29, 2022
29 Mar'22
Cryptocurrency cyber attacks on the rise as industry expands
Consumers, businesses and governments are finding new ways to use cryptocurrency, but a recent string of cyber attacks has highlighted security risks and shortcomings.
- March 25, 2022
25 Mar'22
US indicts Russian nationals for critical infrastructure attacks
One defendant is accused of deploying the infamous Trisis or Triton malware against energy-sector companies, including a petrochemical plant in Saudi Arabia in a 2017 attack.
- March 25, 2022
25 Mar'22
Risk & Repeat: Lapsus$ highlights poor breach disclosures
This Risk & Repeat podcast episode examines two high-profile breaches by emerging threat group Lapsus$ and how Microsoft and Okta responded to these attacks.
- March 24, 2022
24 Mar'22
North Korean hackers exploited Chrome zero-day for 6 weeks
Google researchers say a Chrome zero-day bug stemming from a use-after-free error was exploited by North Korean hackers against both media and financial targets earlier this year.
- March 24, 2022
24 Mar'22
FBI: Ransomware hit 649 critical infrastructure entities in 2021
The FBI's Internet Crime Complaint Center found ransomware was a top threat to critical infrastructure security in 2021, hitting a wide range of organizations.
- March 24, 2022
24 Mar'22
Okta provides new details on Lapsus$ attack
The authentication provider shed new light on how a customer service agent at subcontractor Sitel was hacked and then used to obtain data on hundreds of Okta clients.
- March 23, 2022
23 Mar'22
Lawsuit claims Kronos breach exposed data for 'millions'
A class-action lawsuit was filed against Ultimate Kronos Group for alleged negligence regarding a ransomware attack and private cloud breach in December.
- March 23, 2022
23 Mar'22
Microsoft confirms breach, attributes attack to Lapsus$
Microsoft disclosed it had been breached by emerging threat group Lapsus$ toward the end of a threat intelligence post dedicated to the extortion gang and its tactics.
- March 22, 2022
22 Mar'22
Lapsus$ hacking group hit authentication vendor Okta
Authentication vendor Okta is the latest tech giant to be named as a victim of the prolific Lapsus$ crew, through key details about the attack remain in dispute.
- March 22, 2022
22 Mar'22
F-Secure splits in two as WithSecure launches
The Finnish security vendor's enterprise business sets off on its own as a new brand called WithSecure, while F-Secure will continue to operate the consumer side of the business.
- March 22, 2022
22 Mar'22
Biden: Russia exploring cyber attacks against US
President Joe Biden's warning of potential Russian attacks against U.S. critical infrastructure is the latest call to action for the private sector to fortify its cyberdefenses.
- March 22, 2022
22 Mar'22
STG launches Skyhigh Security from McAfee cloud assets
The new company combines the McAfee Enterprise Security Service Edge portfolio with a name reminiscent of a previous McAfee acquisition: Skyhigh Networks.
- March 21, 2022
21 Mar'22
Cryptocurrency companies impacted by HubSpot breach
A compromised employee account at HubSpot led to the breach of several companies' customers in the cryptocurrency industry.
- March 17, 2022
17 Mar'22
JavaScript apps hit with pro-Ukraine supply chain attack
A popular JavaScript package was sabotaged by its developer and seeded with messages in support of Ukraine in what has become a supply chain attack.
- March 17, 2022
17 Mar'22
Sandworm APT ramps up Cyclops Blink botnet with Asus routers
Trend Micro discovered that the Cyclops Blink botnet, which had originally targeted WatchGuard devices, is now spreading to Asus and 'at least one other vendor.'
- March 16, 2022
16 Mar'22
LokiLocker ransomware crew bursts onto the scene
The mysterious LokiLocker ransomware group caught the attention of BlackBerry researchers, who say the outfit could become the next cybercrime group to menace enterprises.
- March 16, 2022
16 Mar'22
FTC accuses CafePress of covering up 2019 data breach
The proposed FTC settlement would require CafePress' former owner to pay $500,000 in compensation to customers who were victimized in the company's 2019 data breach.
- March 16, 2022
16 Mar'22
Biden signs law on reporting critical infrastructure cyber attacks
President Joe Biden signed a law that requires critical infrastructure entities to report cyber attacks within 72 hours and report ransom payments in 24 hours.
- March 15, 2022
15 Mar'22
Container vulnerability opens door for supply chain attacks
A CRI-O container engine vulnerability could allow attackers to bypass security controls and take over a host system, according to CrowdStrike researchers.
- March 15, 2022
15 Mar'22
SentinelOne acquires Attivo Networks for $617M
SentinelOne is acquiring Attivo Networks for a $616.5 million price tag and plans to merge the company's identity threat detection services with its XDR offering.
- March 15, 2022
15 Mar'22
Infosec news cycles: How quickly do they fade?
Google Trends spikes, on average, lasted a few weeks for major infosec news events like SolarWinds, Log4Shell and the Colonial Pipeline ransomware attack.
- March 14, 2022
14 Mar'22
Cyber insurance war exclusions loom amid Ukraine crisis
Changes in insurance exemptions for acts of war reflect an increase in damages caused to enterprises related to state-sponsored cyber attacks.
- March 10, 2022
10 Mar'22
Log4Shell vulnerability continues to menace developers
Months after it was first disclosed, the Log4j RCE vulnerability remains widespread on code-sharing sites and open source repositories, according to security researchers.
- March 09, 2022
09 Mar'22
Researchers disclose new Spectre V2 vulnerabilities
The Spectre class of data disclosure vulnerabilities is once again at the security forefront after researchers discovered a new variant of the side-channel attack.
- March 09, 2022
09 Mar'22
Immersive Labs: Average cyberthreat response takes 96 days
Immersive Labs' Cyber Workforce Benchmark found that some critical threats, including a zero-day vulnerability, took an average of six months to fully address.
- March 08, 2022
08 Mar'22
FBI finds Ragnar Locker hit 52 U.S. critical infrastructure targets
While providing an updated list of indicators of compromise, the FBI revealed that a range of critical sectors were attacked by the ransomware group.
- March 08, 2022
08 Mar'22
Google to acquire Mandiant for $5.4B
Google's acquisition announcement came less than a year after Mandiant and FireEye split. FireEye was sold to Symphony Technology Group last fall for $1.2 billion.
- March 08, 2022
08 Mar'22
Researchers uncover vulnerabilities in APC Smart-UPS devices
Researchers with Armis found a trio of vulnerabilities in uninterruptible power supply (UPS) devices from APC that could be remotely exploited by threat actors.
- March 07, 2022
07 Mar'22
Samsung breached, Nvidia hackers claim responsibility
Samsung said Galaxy device source code was stolen, but no employee or customer personal information was taken by the attackers, who appear to be with the Lapsus$ ransomware group.
- March 04, 2022
04 Mar'22
Hackers using stolen Nvidia certificates to sign malware
The recent breach of Nvidia's corporate network has resulted in the posting of valid software certificates that are now being used to spread malware in the wild.
- March 04, 2022
04 Mar'22
Risk & Repeat: Conti ransomware gang gets breached
This Risk & Repeat podcast episode covers the massive Conti leaks, including the data that was published and what it reveals about the infamous ransomware gang.
- March 04, 2022
04 Mar'22
February ransomware attacks hit major enterprises
Enterprises, colleges and municipalities in the U.S. continued to be hit by ransomware as publicly reported attacks for February piled up.
- March 03, 2022
03 Mar'22
Intel touts security improvements in 12th-gen Core CPUs
Intel is courting enterprises with a new line of Core vPro CPUs that boast improved security protections ranging from firmware and OS to memory.
- March 02, 2022
02 Mar'22
CrowdStrike cracks PartyTicket ransomware targeting Ukraine
CrowdStrike's analysis of the new ransomware, also known as HermeticRansom, that affected Ukrainian organizations revealed that files encrypted with PartyTicket are recoverable.
- March 01, 2022
01 Mar'22
Conti ransomware source code, documentation leaked
The Conti ransomware gang's primary Bitcoin address, found in the leak, showed the crime outfit has taken in over $2 billion in cryptocurrency since 2017.
- March 01, 2022
01 Mar'22
Nvidia confirms breach, proprietary data leaked online
Nvidia has confirmed some of the claims from a little-known ransomware gang that allegedly broke into the network of the GPU giant and stole corporate data.
- March 01, 2022
01 Mar'22
HermeticWiper poses increasing cyber risk to Ukraine
While it has not been attributed to a specific threat group, ESET researchers observed another data-wiping malware that targeted a Ukrainian organization and warned it could extend to allies.
- February 28, 2022
28 Feb'22
Recorded Future: Russia may retaliate with cyber attacks
Recorded Future warned U.S. and European organizations could be hit by 'spillover attacks' or intentional retaliatory strikes from Russia following its invasion of Ukraine.
- February 28, 2022
28 Feb'22
Conti ransomware gang backs Russia, threatens U.S.
The Conti ransomware gang announced last week that they were in 'full support' of Russia and would retaliate if the West attacked Russian critical infrastructure.
- February 25, 2022
25 Feb'22
(ISC)2 study finds long remediation times for Log4Shell
An (ISC)2 survey of cybersecurity professionals found Log4Shell remediation for many organizations took several weeks or more than a month, requiring work on weekends and holidays.
- February 25, 2022
25 Feb'22
Researchers find access brokers focused on US targets
Security vendors studied 'access broker' advertisements on the dark web, which provide ransomware groups with the network and system access required for data thefts.
- February 24, 2022
24 Feb'22
New data wiper malware hits Ukraine targets
HermeticWiper is similar to another data-wiping malware known as WhisperGate, which was used in cyber attacks against Ukraine last month. Both used ransomware as an apparent decoy.
- February 24, 2022
24 Feb'22
New tech, same threats for Web 3.0
Emerging technologies are prone to old-school social engineering attacks and credential-swiping techniques, according to Cisco Talos researchers who analyzed the new platforms.
- February 23, 2022
23 Feb'22
US, UK attribute Cyclops Blink to Sandworm
The group known for its use of VPNFilter malware has retooled with what is being tracked as Cyclops Blink, but its impact appears limited to WatchGuard business customers for now.
- February 23, 2022
23 Feb'22
Dragos: Ransomware topped ICS and OT threats in 2021
Whether ICS and OT networks were intentionally targeted or not, ransomware was found to be the No. 1 compromise to industrial organizations last year.
- February 23, 2022
23 Feb'22
IBM: REvil dominated ransomware activity in 2021
IBM X-Force's Threat Intelligence Index report also found a 'triple extortion' ransomware tactic in 2021, where threat actors use DDoS attacks to put extra pressure on victims.
- February 17, 2022
17 Feb'22
FBI: BEC attacks spreading to virtual meetings
Since the start of the COVID-19 pandemic, many workplaces have shifted to virtual meeting platforms, and the FBI warned that threat actors have taken note.
- February 17, 2022
17 Feb'22
Snyk enters cloud security market with Fugue acquisition
Analysts say the acquisition of Fugue will give Snyk an opportunity to build a presence in the cloud security market and strengthen its infrastructure-as-code capabilities.