News
News
- February 17, 2022
17 Feb'22
SonicWall: Ransomware attacks increased 105% in 2021
While 2021 represented a turning point for law enforcement and government action against ransomware, SonicWall still observed massive growth in attacks.
- February 16, 2022
16 Feb'22
Kronos attack fallout continues with data breach disclosures
Employees at both public and private sector organizations had their data compromised during a December ransomware attack on Kronos that also took down payroll systems.
- February 16, 2022
16 Feb'22
Apache Cassandra vulnerability puts servers at risk
Certain non-default configurations of the Apache Cassandra database software could leave the door open for remote code execution attacks, according to JFrog researchers.
-
- February 16, 2022
16 Feb'22
Trickbot has infected 140,000-plus machines since late 2020
In October 2020, Microsoft reported that more than 90% of Trickbot's infrastructure had been disabled. The threat actor bounced back and began thriving soon after.
- February 15, 2022
15 Feb'22
Sophos discovers new attack targeting Exchange Servers
A new type of attack that utilizes the Squirrelwaffle malware and business email compromise may be an issue for organizations that have not patched their Exchange servers.
-
Sponsored News
-
Server Security in the Era of ChatGPT
Sponsored by Dell Technologies and Intel - The importance of security and compliance to applications and data environments cannot be overstated. A GenAI platform deployment is different from a typical infrastructure as a service (IaaS) implementation in terms of who holds the keys and who can read the data. Research by TechTarget's Enterprise Strategy Group has found that even cloud-first organizations are deploying some workloads on premises, rather than the cloud, due to concerns related to data governance and sovereignty (cited by 42% of respondents) and security (cited by 34%). These organizations understand the real potential for data leakage associated with GenAI. See More
-
Dell Technologies GenAI-validated Designs and Dell Reference Designs
Sponsored by Dell Technologies and Intel - It's important to have the right infrastructure in place to support generative AI solutions. The intent should be to keep control of both proprietary data and associated GenAI-related business outcomes. See More
-
Sustainability, AI and Dell PowerEdge Servers
Sponsored by Dell Technologies and Intel - When it comes to energy efficiency and sustainability in IT, rightsizing is critical. Optimizing the infrastructure model and the right hardware needed to run it should be the goal. See More
-
A Generative AI Use Case Brought to Life with Solutions from Dell Technologies
Sponsored by Dell Technologies and Intel - Generative AI is not science fiction. It is real. Implementing and using generative AI is a goal within reach of any organization, not just large technology-centric ones. According to research by TechTarget's Enterprise Strategy Group, 92% of organizations will have generative AI in production within the next year. IT vendors such as Dell Technologies are currently working to bring AI to businesses, organizations and institutions in a manner customized to their unique needs. See More
-
- February 15, 2022
15 Feb'22
CrowdStrike: Attackers are moving faster, harder to detect
The CrowdStrike '2022 Global Threat Report' said attackers are getting better at exploiting vulnerabilities and moving through compromised networks before defenders can spot them.
- February 15, 2022
15 Feb'22
Ransomware tied to attacks on critical infrastructure last year
While recent law enforcement action may be altering the ransomware landscape, BlackBerry researchers observed high-profile attacks on critical infrastructure last year.
- February 14, 2022
14 Feb'22
CISA says 'Shields Up' as Russia-Ukraine tensions escalate
CISA said in its advisory that 'there are not currently any specific credible threats to the U.S. homeland,' but cited past Russian cyber attacks against Ukraine and others.
- February 14, 2022
14 Feb'22
Fallout from REvil arrests shakes up ransomware landscape
Russian authorities recently announced more than a dozen arrests of alleged REvil members, heightening concern among ransomware affiliates on the dark web.
- February 11, 2022
11 Feb'22
FBI seized Colonial Pipeline ransom from DarkSide affiliate
New research from Chainalysis claims the DarkSide ransomware affiliate involved in last year's Colonial Pipeline attack also had ties to the NetWalker ransomware operation.
-
- February 10, 2022
10 Feb'22
DEF CON bans social engineering expert Chris Hadnagy
Hadnagy, an influential figure at the DEF CON security conference, was permanently banned following allegations of misconduct at the annual Las Vegas gathering.
- February 10, 2022
10 Feb'22
Why Massachusetts' data breach reports are so high
Massachusetts discloses breaches of companies that affect just a single resident, giving the commonwealth a much larger number of 2021 incidents than other states.
- February 09, 2022
09 Feb'22
Google: 2-step verification led to 50% fewer account hacks
Google auto-enrolled more than 150 million users into two-step verification last October and mandated two-step verification for 2 million-plus YouTube accounts.
- February 09, 2022
09 Feb'22
Ransomware groups shift from big game hunting
A joint cybersecurity advisory documented top ransomware trends for 2021 and addressed ways for organizations to improve security.
- February 08, 2022
08 Feb'22
Russia continues cybercrime offensive with SkyFraud takedown
Officials in Russia have knocked the SkyFraud credit card fraud operation offline in the latest of a string of police actions against cybercriminals in the region.
- February 08, 2022
08 Feb'22
DOJ recovers $3.6B from 2016 Bitfinex hack
A couple was arrested Tuesday morning after the DOJ traced 120,000 bitcoin to a digital wallet containing funds stolen during the 2016 hack of cryptocurrency platform Bitfinex.
- February 08, 2022
08 Feb'22
Microsoft disables VBA macros by default
Microsoft's change in the default settings of five Office applications aims to shut down a widely used and longstanding threat vector to enterprises.
- February 07, 2022
07 Feb'22
Metaverse rollout brings new security risks, challenges
When companies and users decide to adapt the technologies of the coming metaverse, they will also expose themselves to a new class of security risks and vulnerabilities.
- February 07, 2022
07 Feb'22
Wormhole offers $10M to Ethereum thieves
Wormhole also offered $10 million to anyone who provided 'information leading to the arrest and conviction of those responsible' for last week's heist.
- February 03, 2022
03 Feb'22
Cryptocurrency platform Wormhole loses $320M after attack
After a threat actor made off with 120,000 wrapped Ethereum, Wormhole said the stolen cryptocurrency had been 'restored,' but what that means remains in question.
- February 03, 2022
03 Feb'22
DHS forms first-ever Cyber Safety Review Board
The new initiative is one in a string of many by the Biden administration to push public and private collaboration in addressing cyber threats such as Log4j vulnerabilities.
- February 03, 2022
03 Feb'22
Distrust, feuds building among ransomware groups
In an industry that operates in anonymity, trust is everything -- but recent accusations of ransomware actors working with or being law enforcement is threatening that work model.
- February 02, 2022
02 Feb'22
SolarMarker malware spread through advanced SEO poisoning
Sophos discovered SolarMarker malware was being distributed through fake SEO-focused topics in Google Groups, as well as malicious PDF files.
- February 02, 2022
02 Feb'22
More than 1,000 malware packages found in NPM repository
Researchers with WhiteSource were able to find some 1,300 examples of malware hiding under the guise of legitimate JavaScript packages on the NPM repository.
- February 01, 2022
01 Feb'22
Iranian hacking groups pick up the pace with new attacks
Two security vendors are reporting a fresh wave of targeted attacks and malware outbreaks believed to be the work of Iranian state-sponsored threat groups.
- February 01, 2022
01 Feb'22
Ransomware attacks continue to plague public services
Ransomware this year has picked up right where 2021 left off, with several local governments, schools and health services across the U.S. suffering attacks.
- January 31, 2022
31 Jan'22
Emsisoft releases DeadBolt ransomware decryption tool
Emsisoft's DeadBolt ransomware decryption tool fixes broken decryptor keys issued by threat actors, and works only if the victim has paid the ransom and received a key.
- January 28, 2022
28 Jan'22
Risk & Repeat: The complicated world of Monero
This Risk & Repeat podcast episode looks at the state of Monero, a privacy-focused cryptocurrency, as well as recent cyber attacks against crypto exchanges.
- January 27, 2022
27 Jan'22
SolarWinds hackers still active, using new techniques
CrowdStrike has tracked the latest threat activity and novel techniques from the SolarWinds hackers, a Russian state-sponsored group known as Cozy Bear.
- January 27, 2022
27 Jan'22
Apple security update fixes zero-day vulnerability
Apple released a series of security updates for bugs that included a critical zero-day vulnerability in iOS and macOS that is being actively exploited in the wild.
- January 26, 2022
26 Jan'22
DeadBolt ransomware targeting QNAP NAS storage devices
In addition to DeadBolt, QNAP NAS users have had to deal with multiple types of ransomware in recent months, including Qlocker and eCh0raix.
- January 26, 2022
26 Jan'22
New vulnerability rating framework aims to fill in CVSS gaps
The CVSS vulnerability scale doesn't always give a clear picture of the risk of a vulnerability, but experts hope the emerging standard called EPSS will provide more clarity.
- January 25, 2022
25 Jan'22
Sophos: Log4Shell impact limited, threat remains
Sophos threat researcher Chet Wisniewski detailed the unexpectedly limited impact Log4Shell had on organizations but warned of future exploitation and risks.
- January 25, 2022
25 Jan'22
Bernalillo County ransomware attack still felt weeks later
A ransomware attack in early January disrupted government systems in New Mexico's largest county, which stalled operations at county offices and the county detention center.
- January 24, 2022
24 Jan'22
Monero and the complicated world of privacy coins
Monero is known for being one of the most common cryptocurrencies seen in illicit transactions, but its development community paints a different picture of the privacy coin.
- January 24, 2022
24 Jan'22
Enterprises reluctant to report cyber attacks to authorities
Despite some successful law enforcement operations, including the seizure of a ransom payment, infosec experts say many enterprises are still unlikely to report cyber attacks.
- January 20, 2022
20 Jan'22
Crypto.com confirms $35M lost in cyber attack
The cryptocurrency exchange had claimed no customer funds were lost in the recent cyber attack, but now admits 4,836.26 ETH and 443.93 bitcoin was stolen.
- January 20, 2022
20 Jan'22
Cisco: Patching bugs is about more than CVSS numbers
Cisco's Kenna Security advised enterprises to consider more than just CVSS scores and update advisories when deciding when and how to address security vulnerabilities.
- January 19, 2022
19 Jan'22
FireEye, McAfee Enterprise relaunch as XDR-focused Trellix
Though the new company is a combination of two high-profile security vendors, private equity firm STG relaunched the merger under an entirely different name.
- January 18, 2022
18 Jan'22
Cryptocurrency exchange Crypto.com hit by cyber attack
The cryptocurrency exchange said it detected unauthorized activity on some user accounts over the weekend, but questions remain on the severity of the attacks.
- January 18, 2022
18 Jan'22
Ukraine hit with destructive malware attacks amidst turmoil
A new type of destructive malware was discovered by Microsoft after public and private organizations in Ukraine endured a series of cyber attacks as tensions with Russia grow.
- January 18, 2022
18 Jan'22
Police seize VPN host allegedly facilitating ransomware
VPNLab is accused of facilitating cybercrime including ransomware and malware distribution, and its services were allegedly advertised on the dark web.
- January 18, 2022
18 Jan'22
Ransomware actors increasingly demand payment in Monero
Though Bitcoin is still the cryptocurrency standard in ransomware payment demands, Monero has gained prominence due to its more private, less traceable technology.
- January 13, 2022
13 Jan'22
Ukrainian police bust unnamed ransomware gang
A law enforcement raid in Ukraine resulted in the arrest of five suspects accused of deploying ransomware through phishing emails and making more than $1 million.
- January 12, 2022
12 Jan'22
New RAT campaign abusing AWS, Azure cloud services
Cisco Talos discovered threat actors taking advantage of public cloud services to spread remote administration tools such as NanoCore, NetWire and AsyncRAT.
- January 11, 2022
11 Jan'22
Microsoft: China-based ransomware actor exploiting Log4Shell
According to Microsoft, a threat actor tracked as DEV-0401 is utilizing Night Sky ransomware in its Log4j attacks, a variant first reported Jan. 1 that targets large enterprises.
- January 11, 2022
11 Jan'22
SonicWall SMA 100 appliances beset by multiple vulnerabilities
SonicWall's security appliances can be compromised by several attacks on five vulnerabilities, including one remote code execution bug, according to Rapid7.
- January 11, 2022
11 Jan'22
NetUSB flaw could impact millions of routers
SentinelOne researcher Max Van Amerongen said the only way to fix the high-severity vulnerability is to update the router firmware, which can be a difficult process.
- January 10, 2022
10 Jan'22
Chainalysis: Cryptocurrency crime reaches all-time high
While illicit activity peaked at $14 billion in 2021, Chainalysis said it's a drop in the bucket compared with overall transactions amid 'roaring adoption' of cryptocurrency.
- January 10, 2022
10 Jan'22
VMware ESXi 7 users vulnerable to hypervisor takeover bug
A recent security update addressed a hypervisor takeover vulnerability in several VMware products, but the patch omitted one key server platform in ESXi 7.
- January 06, 2022
06 Jan'22
New Zloader attacks thwarting Microsoft signature checks
Check Point Software Technologies found a long-known trick of injecting code into valid file signatures remains effective for spreading malware such as Zloader.
- January 05, 2022
05 Jan'22
NY AG's credential stuffing probe finds 1M exposed accounts
The threat of credential stuffing attacks prompted an investigation by the New York Attorney General, which found stolen passwords for customer accounts across 17 companies.
- January 05, 2022
05 Jan'22
FTC warns companies to mitigate Log4j vulnerability
In a blog post about the critical Log4Shell vulnerability, the FTC mentioned 2017's Equifax breach and the legal consequences that followed.
- December 30, 2021
30 Dec'21
Threat actors target HPE iLO hardware with rootkit attack
Integrated Lights Out, HPE's remote server management platform, has been compromised by intruders who are using it to install a hard-to-detect rootkit in the wild.
- December 23, 2021
23 Dec'21
ManageEngine attacks draw warning from FBI
The FBI said a vulnerability in the ManageEngine Desktop Central IT management tool is being used by APT actors in targeted network attacks dating back to October.
- December 20, 2021
20 Dec'21
5 Russians charged in hacking, illegal trading scheme
A group of hackers based in Russia and tied to the GRU stand accused of breaking into companies and using confidential data to profit from illegal stock trades.
- December 20, 2021
20 Dec'21
Log4j 2.17.0 fixes newly discovered exploit
The Log4j 2.17.0 update is the third of its kind since Log4Shell was disclosed and the mass exploitation began. Versions 2.15.0 and 2.16.0 patched remote code execution bugs.
- December 20, 2021
20 Dec'21
Apple v. NSO Group: How will it affect security researchers?
While the full extent of impact won't be revealed until the lawsuit concludes, negative impacts on security researchers are possible.
- December 20, 2021
20 Dec'21
Critical bugs could go unpatched amid Log4j concern
Many organizations are focused on finding and patching Log4Shell, but there are other vulnerabilities, including Patch Tuesday bugs, already under active exploitation.
- December 17, 2021
17 Dec'21
Risk & Repeat: Log4Shell shakes infosec industry
This Risk & Repeat podcast episode looks at the latest developments with Log4Shell and the efforts to mitigate the critical remote code executive vulnerability.
- December 15, 2021
15 Dec'21
Log4j gets a second update as security woes pile up
Administrators who were already scrambling to patch up the Log4Shell flaw are now being advised to update to Log4j version 2.16.0 following the discovery of issues in 2.15.0.
- December 15, 2021
15 Dec'21
Nation-state threat groups are exploiting Log4Shell
Multiple nation-state actors are taking advantage of the critical log4j 2 vulnerability, making mitigation even more urgent for some enterprises and government agencies.
- December 15, 2021
15 Dec'21
'Insane' spread of Log4j exploits won't abate anytime soon
Experts say that the explosion in exploits for CVE-2021-44228 is only the early phase of what will be a long and tedious road to remediation for the critical vulnerability.
- December 14, 2021
14 Dec'21
Hive ransomware claims hundreds of victims in 6-month span
Group-IB research has revealed that Hive ransomware-as-a-service operations are back and busier than ever, with a rapidly growing victim list over a short amount of time.
- December 14, 2021
14 Dec'21
Log4Shell: Experts warn of bug's severity, reach
Check Point Research said in a blog post 'anyone can make a Log4Shell exploit,' as it only requires a single string of malicious code.
- December 13, 2021
13 Dec'21
Fixes for Log4j flaw arise as attacks soar
Exploits against the Log4j security vulnerability are already commonplace just days after its disclosure, but some vendors are already offering mitigations and detection tools.
- December 13, 2021
13 Dec'21
Critical Log4j flaw exploited a week before disclosure
The Apache Software Foundation first found out about the Log4j 2 vulnerability in late November, but Cisco and Cloudflare detected exploitation in the wild shortly after.
- December 10, 2021
10 Dec'21
Dark web posts shed light on Panasonic breach
A network breach at Japanese electronics giant Panasonic was possibly set up as far back as January, according to researchers who were monitoring dark web forums.
- December 10, 2021
10 Dec'21
Critical Apache Log4j 2 bug under attack; mitigate now
The Log4j 2 flaw has a base CVSS score of 10 and enables remote code execution against applications, cloud services and PC games with vulnerable configurations.
- December 09, 2021
09 Dec'21
17 Discord malware packages found in NPM repository
These latest reports of Discord malware follow a trend of threat actors using open source software repositories to host malware, two JFrog researchers said.
- December 09, 2021
09 Dec'21
Threat actors targeting MikroTik routers, devices
Eclypsium researchers found vulnerable MikroTik devices have become a popular target for threat actors, who are exploiting known flaws that remain unpatched.
- December 07, 2021
07 Dec'21
USB-over-Ethernet bugs put cloud services at risk
SentinelOne says vulnerabilities in the Eltima SDK, which connects USB devices on virtual workstations, can put enterprises at risk of privilege escalation attacks.
- December 07, 2021
07 Dec'21
BadgerDAO users' cryptocurrency stolen in cyber attack
Following last week's attack, BadgerDAO sent the threat actor a message, offering to 'compensate' the individual for finding a vulnerability in the company's systems.
- December 07, 2021
07 Dec'21
Google takes action against blockchain-based Glupteba botnet
In a legal complaint made public Tuesday, Google said that it "has been and continues to be directly injured" by the actions of the Glupteba botnet.
- December 06, 2021
06 Dec'21
BitMart the latest crypto exchange to suffer cyber attack
BitMart, which describes itself as the 'most trusted crypto trading platform,' confirmed it was the victim of an attack where $150 million in assets were stolen.
- December 06, 2021
06 Dec'21
One year later, SolarWinds hackers targeting cloud providers
The hacking crew accused of breaking into SolarWinds a year ago is back at it and is trying to get to their targets through attacks on the networks of cloud computing providers.
- December 03, 2021
03 Dec'21
Hundreds of new vulnerabilities found in SOHO routers
Researchers credited vendors for their swift response to reports of widespread security vulnerabilities but warned users to make sure firmware is updated to avoid attacks.
- December 02, 2021
02 Dec'21
Former Ubiquiti engineer arrested for inside threat attack
Nickolas Sharp is accused of attacking his former employer, stealing confidential data and attempting to extort the company into paying him approximately $2 million.
- December 01, 2021
01 Dec'21
New Yanluowang ransomware mounting targeted attacks in US
Symantec threat analysts observed the new ransomware operation abusing legitimate tools such as ConnectWise's remote access product to move laterally inside networks.
- December 01, 2021
01 Dec'21
CISA taps CrowdStrike for endpoint security
The U.S. government's cybersecurity authority will be watched over by security vendor CrowdStrike as part of the larger government IT security overhaul.
- December 01, 2021
01 Dec'21
BlackByte ransomware attacks exploiting ProxyShell flaws
Red Canary said BlackByte's campaign is using wormable ransomware against organizations vulnerable to ProxyShell flaws in Microsoft Exchange.
- November 30, 2021
30 Nov'21
Windows Installer zero-day under active exploitation
McAfee said the Windows Installer vulnerability is being exploited in 23 countries around the world, including the United States, China, India and others.
- November 29, 2021
29 Nov'21
Hack 'Sabbath': Elusive new ransomware detected
A newly uncovered ransomware operation, dubbed UNC2190 or "Sabbath," has roots in a previous ransomware group but has so far been able to operate mostly undetected.
- November 23, 2021
23 Nov'21
Apple files lawsuit against spyware vendor NSO Group
Apple sued the Israeli technology vendor, whose Pegasus spyware has been implicated in several malicious attacks on journalists, activists and government officials.
- November 23, 2021
23 Nov'21
Researcher drops instant admin Windows zero-day bug
A newly-disclosed zero-day vulnerability in Windows could potentially allow local users to elevate their permissions to administrator status, and Microsoft has yet to post a fix.
- November 22, 2021
22 Nov'21
GoDaddy discloses breach of 1.2M customer account details
Web hosting provider GoDaddy said an attacker broke into its Managed WordPress service and accessed the account details and SSL keys of 1.2 million customers.
- November 22, 2021
22 Nov'21
Cryptocurrency exchange BTC-Alpha confirms ransomware attack
While it is common for threat actors to use cryptocurrency platforms to move and obfuscate ransom payments, this time an exchange platform was the victim of such an attack.
- November 19, 2021
19 Nov'21
Cybercriminals discuss new business model for zero-day exploits
Digital Shadows observed increased chatter on dark web forums about the possible emergence of a new business model that would rent out zero-day exploits as a service.
- November 19, 2021
19 Nov'21
How enterprises need to prepare for 'cyberwar' conflicts
Infosec expert Tarah Wheeler said increasing international conflicts are posing new compliance and regulatory standards, but adapting the changes may be difficult for enterprises.
- November 18, 2021
18 Nov'21
CISA, Microsoft warn of rise in cyber attacks from Iran
CISA and Microsoft this week issued alerts about increased threat activity Iranian nation-state hacking groups, including ransomware attacks on enterprises.
- November 18, 2021
18 Nov'21
New side channel attack resurrects DNS poisoning threat
A new side channel attack would potentially allow attackers to poison DNS servers and reroute traffic to malicious sites.
- November 17, 2021
17 Nov'21
Malwarebytes slams Apple for inconsistent patching
At the center of the Apple criticism is an exploit chain that utilized two vulnerabilities -- one of which was only patched in macOS Big Sur for several months.
- November 17, 2021
17 Nov'21
Risk & Repeat: Are ransomware busts having an effect?
International law enforcement agencies this year have stepped up efforts to address the ransomware threat with arrests, indictments and multimillion-dollar rewards.
- November 15, 2021
15 Nov'21
Microsoft releases out-of-band update for Windows Server
Less than a week after November's Patch Tuesday, Microsoft released an unscheduled security update for Windows Server to address an authentication vulnerability.
- November 11, 2021
11 Nov'21
Aruba Central breach exposed customer data
HPE-owned Aruba Networks said one of its cloud databases was accessed by hackers who were able to make off with location and telemetry data for its customers' Wi-Fi gear.
- November 11, 2021
11 Nov'21
Trend Micro reveals 'Void Balaur' cybermercenary group
New Trend Micro research revealed a cybermercenary group that has been actively targeting high-profile organizations and individuals across the globe since 2015.
- November 11, 2021
11 Nov'21
'King of Fraud' sentenced for Methbot botnet operation
Aleksandr Zhukov was sentenced to 10 years in prison for the theft of $7 million in a massive digital advertising fraud operation using his 'Methbot' botnet.
- November 09, 2021
09 Nov'21
Medical devices at risk from Siemens Nucleus vulnerabilities
Thirteen bugs, including a critical security flaw, have been patched in the Siemens Nucleus TCP/IP stack, a vital component for millions of connected medical devices.
- November 08, 2021
08 Nov'21
DOJ charges REvil ransomware members, seizes $6.1M
One of the accused cybercriminals, who was directly involved in the ransomware attack on Kaseya earlier this year, was arrested and faces extradition from Poland.
- November 04, 2021
04 Nov'21
DDoS botnet exploiting known GitLab vulnerability
A botnet is using a critical GitLab vulnerability, which was disclosed and patched in April, to launch powerful DDoS attacks that have surpassed 1 Tbps.