News
News
- June 03, 2021
03 Jun'21
White House issues ransomware directive for businesses
The Biden administration aims to stem parade of ransomware infections, data thefts and massive payouts to cybercriminal groups with a list of security best practices.
- June 03, 2021
03 Jun'21
FireEye and Mandiant part ways in $1.2B deal
FireEye products and Mandiant incident response services will split into two entities under the pending acquisition of FireEye by Symphony Technology Group.
- June 02, 2021
02 Jun'21
ExaGrid revealed as latest Conti ransomware casualty
The data backup vendor appears to have paid a $2.6 million ransom after Conti threat actors breached its corporate network and stole internal documents.
-
- June 01, 2021
01 Jun'21
Risk & Repeat: Security startups and trends from RSAC 2021
Analyst Carla Roncato of Enterprise Strategy Group weighs in on RSA Conference and the security startups featured during the show's Innovation Sandbox competition.
- May 27, 2021
27 May'21
DHS opens valve on new pipeline security requirements
The U.S. government has put forward a trio of new cybersecurity requirements for companies that operate oil and gas pipelines, including incident reporting and risk assessment.
- May 27, 2021
27 May'21
Apiiro wins RSA Conference Innovation Sandbox Contest
Apiiro's automated Code Risk Platform analyzes enterprise software for material changes that can lead to security vulnerabilities, data exposures and compliance risks.
- May 26, 2021
26 May'21
Rowhammer reach extended for new attack method
Google researchers discovered a bit-flipping hardware trick can now be carried out across extra rows of transistors, circumventing protections against the attack technique.
- May 26, 2021
26 May'21
US agencies lack supply chain best practices post-SolarWinds
Vijay D'Souza, the GAO's director of IT and cybersecurity, said during a joint hearing that 'none of the agencies have fully implemented our recommendations.'
- May 25, 2021
25 May'21
Operational technology is the new low-hanging fruit for hackers
FireEye researchers say exposed and poorly guarded industrial systems are being increasingly compromised by low-skill hackers using entry-level exploit techniques.
- May 25, 2021
25 May'21
Chaos in Maricopa County: The election audit explained
The controversy about an election audit of Maricopa County, Ariz., involves accusations of deleted databases, bamboo fibers and potentially ruined voting machines.
-
- May 25, 2021
25 May'21
Risk & Repeat: Recapping RSA Conference 2021
Election security, nation-state threats and supply chain attacks were major topics at this year's RSA Conference, which was held as a virtual event.
- May 24, 2021
24 May'21
Conti ransomware spree draws FBI attention
Hospitals and emergency service networks in the U.S. are at heightened risk from the new ransomware operation that disrupted Ireland's healthcare system in recent weeks.
- May 21, 2021
21 May'21
Stale sessions, ML poisoning among 2021's top security threats
An all-star security panel at RSA Conference discusses the biggest issues facing companies today and what it thinks will emerge as the top threats in the coming months.
- May 20, 2021
20 May'21
U.S. officials discuss 2020 election security, misinformation
During an RSA Conference 2021 panel, the CISO for Maricopa County, Ariz., said misinformation posed a bigger challenge for election officials than actual cyberattacks.
- May 20, 2021
20 May'21
Infosec experts: Threat landscape is worst in 60 years
Between an increasing sophistication seen in nation-state groups and a rise in ransomware that's affecting everyone, the threat landscape may be reaching a historic peak.
- May 20, 2021
20 May'21
CrowdStrike breaks down 'Golden SAML' attack
The nightmare scenario, demonstrated at RSA Conference 2021, was used by threat actors in the SolarWinds breach and gave them control over both cloud and on-premises systems.
- May 19, 2021
19 May'21
SentinelOne: More supply chain attacks are coming
At RSA Conference 2021, SentinelOne threat researcher Marco Figueroa discussed the implications of the SolarWinds attacks, which he called one of the biggest hacks ever.
- May 19, 2021
19 May'21
SolarWinds CEO: Supply chain attack began in January 2019
SolarWinds CEO Sudhakar Ramakrishna clarified earlier remarks from the company and said the massive supply chain attack was not the result of an intern's mistake.
- May 19, 2021
19 May'21
Cisco shares lessons learned in zero-trust deployment
The networking giant explained at RSA Conference 2021 how it was able to deploy a company-wide zero trust model in less than six months, and what it learned along the way.
- May 18, 2021
18 May'21
Attorneys share worst practices for data breach response
Angry emails, bad jokes and sloppy reports can all lead to legal headaches following a data breach, according to a panel of experts at RSA Conference 2021.
- May 18, 2021
18 May'21
McAfee CTO: Use data to make better cyber-risk decisions
According to McAfee CTO Steve Grobman, the best response to today's cyber-risks includes both human and technology-based solutions, like threat intelligence and good security hygiene.
- May 18, 2021
18 May'21
Neuberger calls for shift in software supply chain security
In an RSA Conference keynote, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said security requires a major "mindset shift."
- May 18, 2021
18 May'21
5 ways bad incident response plans can help threat actors
Infosec executives from Netskope and Chipotle Mexican Grill hosted an RSA Conference session about their personal experiences and lessons learned while responding to attacks.
- May 18, 2021
18 May'21
Sophos: 81% of attacks last year involved ransomware
The majority of incidents Sophos responded to in the last year involved ransomware. The company also found the median dwell time of attackers was 11 days.
- May 17, 2021
17 May'21
Hackers turn Comcast voice remotes into eavesdropping tool
Guardicore researchers at RSA Conference 2021 manipulated the Xfinity XR11 voice controller to covertly record household conversations, raising concerns about IoT devices.
- May 14, 2021
14 May'21
'Scheme flooding' bug threatens to sink user privacy
Researchers have uncovered a blind spot in web security that opens the door for tracking across multiple browsers and thwarts common privacy protections like incognito and VPN.
- May 13, 2021
13 May'21
Verizon DBIR shows sharp increase in ransomware attacks
According to Verizon's latest Data Breach Investigations Report, 60% of ransomware cases involved either direct installation or installation via desktop sharing software.
- May 13, 2021
13 May'21
Biden signs executive order to modernize cyberdefenses
Following several high-profile attacks on the federal government, the new executive order seeks to eliminate outdated security practices and improve supply chain security.
- May 13, 2021
13 May'21
'FragAttacks' eavesdropping flaws revealed in all Wi-Fi devices
Security researcher Mathy Vanhoef said every Wi-Fi device is impacted by at least one of the 12 vulnerabilities, and most devices are vulnerable to several of the flaws.
- May 12, 2021
12 May'21
Hacker makes short work of Apple AirTag jailbreak
A security researcher discovered a jailbreaking method for Apple's new mobile locating tracking devices, which were introduced just last month.
- May 12, 2021
12 May'21
Senate hearing raises questions about SolarWinds backdoors
U.S. Department of Commerce CISO Ryan Higgins said in a Senate committee hearing Tuesday that his department was one of first agencies to detect the systemic compromise.
- May 12, 2021
12 May'21
DarkSide: The ransomware gang that took down a pipeline
DarkSide may be best known for the Colonial Pipeline ransomware attack, but the gang has hit dozens of organizations since last summer, presenting itself as a Robin Hood-type group.
- May 12, 2021
12 May'21
Cyber insurance firm AXA halts coverage for ransom payments
As ransomware attacks increase across the globe and ransom payment reimbursement becomes a key issue for cyber insurers, AXA may be setting a new trend for private industries.
- May 12, 2021
12 May'21
Funding is key to strengthening national cybersecurity
In the wake of the Colonial Pipeline ransomware attack, national cybersecurity experts make the case for additional funding during a Senate hearing.
- May 10, 2021
10 May'21
Colonial Pipeline runs dry following ransomware attack
A vital U.S. oil supply was shut down to prevent a ransomware infection from spreading from corporate IT systems to more crucial operational technology systems.
- May 07, 2021
07 May'21
'Bulletproof' hosts catch RICO charges for aiding cybercriminals
Four men pleaded guilty to RICO conspiracy charges for operating a bulletproof hosting service that provided infrastructure to cybercriminals' operations.
- May 06, 2021
06 May'21
'BadAlloc' vulnerabilities spell trouble for IoT, OT devices
A week after Microsoft revealed 25 memory allocation vulnerabilities in several IoT and OT products, some devices have been patched, while others have not.
- May 06, 2021
06 May'21
Popular mobile apps leaking AWS keys, exposing user data
Security researchers at CloudSek discovered approximately 40 popular mobile apps contained hardcoded API secret keys, putting both user information and corporate data at risk.
- May 06, 2021
06 May'21
US defense contractor BlueForce apparently hit by ransomware
The Conti ransomware operators demanded nearly $1 million in bitcoin during ransomware negotiations and threatened to publish the defense contractor's data on its leak site.
- May 06, 2021
06 May'21
Dell patches high-severity flaws in firmware update driver
SentinelOne discovered the flaws in Dell's firmware update driver in December. There's no evidence that hackers have exploited the 12-year-old vulnerabilities.
- May 05, 2021
05 May'21
Twilio discloses breach caused by Codecov supply chain hack
Twilio utilizes Codecov tools including the previously compromised Bash Uploader script. It said that a "small number" of customer emails were potentially exposed.
- May 05, 2021
05 May'21
Researchers use PyInstaller to create stealth malware
Academic researchers say the application builder could be used to create undetectable attack bundles that bypass many widely used antimalware programs.
- May 04, 2021
04 May'21
Qualys finds 21 vulnerabilities in Exim mail software
Qualys, which discovered the '21Nails' vulnerabilities, said that it did not see evidence of exploitation, but many vulnerabilities are 17 years old and at risk of being exploited.
- May 03, 2021
03 May'21
Apple hurries out fixes for WebKit zero-days
Mac and iOS users are urged to patch their devices immediately for Apple WebKit flaws following reports of active exploits in the wild.
- April 30, 2021
30 Apr'21
Risk & Repeat: Will the Ransomware Task Force make an impact?
The Institute for Security and Technology's Ransomware Task Force published several recommendations to better address the growing security threat. Will they work?
- April 29, 2021
29 Apr'21
Ransomware Task Force takes aim at cryptocurrencies
The Ransomware Task Force released a new report with recommendations on how to tackle the growing ransomware problem, including regulation of cryptocurrency services.
- April 29, 2021
29 Apr'21
SolarWinds puts national cybersecurity strategy on display
Biden imposed economic sanctions on Russia for its role in the SolarWinds cyber attack. Experts see the response as just one part of a larger national cybersecurity strategy.
- April 28, 2021
28 Apr'21
Codecov breach raises concerns about software supply chain
So far, only HashiCorp has disclosed a breach connected to the attack on Codecov, but threat researchers have drawn parallels to the SolarWinds supply chain attacks.
- April 27, 2021
27 Apr'21
Rise in ransom payments may fuel more dangerous attacks
A new report from Coveware found that ransom payments increased significantly in Q1 this year, as did ransomware actors' use of software vulnerabilities in attacks.
- April 26, 2021
26 Apr'21
Remaining Emotet infections uninstalled by German police
A German federal police action led to all infections of Emotet malware being uninstalled Sunday, following an international police takeover of Emotet infrastructure in January.
- April 26, 2021
26 Apr'21
Hackers targeting VPN vulnerabilities in ongoing attacks
As remote work increased during the pandemic, threat actors increasingly targeted known vulnerabilities.
- April 22, 2021
22 Apr'21
DOJ creates ransomware task force to combat digital extortion
An internal memo from the DOJ said the task force will 'bring the full authorities and resources of the Department' in order to confront the growing threat of ransomware.
- April 21, 2021
21 Apr'21
Zero-day flaw in Pulse Secure VPN exploited in attacks
A remote code execution vulnerability found in Pulse Secure VPN appliances has been exploited in attacks affecting government, defense and financial organizations.
- April 21, 2021
21 Apr'21
Hackers exploit 3 SonicWall zero-day vulnerabilities
SonicWall patched the zero-day vulnerabilities earlier this month, but the security vendor didn't disclose they were being exploited until Tuesday.
- April 20, 2021
20 Apr'21
The wide web of nation-state hackers attacking the U.S.
Cybersecurity experts weigh in on what it means to be a nation-state hacker, as well as the activities and motivations of the 'big four' countries attacking the U.S.
- April 15, 2021
15 Apr'21
Risk & Repeat: FBI's web shell removal raises questions
The FBI accessed computers -- without the knowledge or consent of the owners -- to remove hundreds of web shells placed in vulnerable Microsoft Exchange servers.
- April 15, 2021
15 Apr'21
Applus inspection systems still down following malware attack
Applus Technologies said it stopped a malware attack two weeks ago, but systems are still down as eight states are forced to extend vehicle inspection dates.
- April 15, 2021
15 Apr'21
Nation-state hacker indictments: Do they help or hinder?
While there are some benefits to filing criminal charges against nation-state actors, infosec experts say thus far, indictments haven't reduced cyber attacks.
- April 14, 2021
14 Apr'21
FBI removes web shells from infected Exchange servers
The DOJ announced the FBI had successfully removed hundreds of web shells from computers impacted by ProxyLogon and related Exchange Server vulnerabilities.
- April 13, 2021
13 Apr'21
NSA finds new Exchange Server vulnerabilities
Microsoft said it has not seen the new Exchange Server vulnerabilities being used in attacks against customers, but customers are still advised to patch immediately.
- April 13, 2021
13 Apr'21
McAfee: PowerShell threats grew 208% in Q4 2020
McAfee's latest threat report showed a sharp increase in PowerShell threats between Q3 and Q4 2020, in part due to malware known as Donoff and a rise in ransomware detections.
- April 08, 2021
08 Apr'21
Cring ransomware attacking vulnerable Fortigate VPNs
A vulnerability impacting Fortinet's Fortigate VPN, first disclosed and patched in 2019, is being exploited by Cring ransomware operators to extort bitcoin from enterprises.
- April 07, 2021
07 Apr'21
Cisco: Threat actors abusing Slack, Discord to hide malware
The threat intelligence vendor released a new report on how threat actors are increasingly abusing popular collaboration applications like Slack and Discord during the pandemic.
- April 06, 2021
06 Apr'21
Risk & Repeat: Recapping the Exchange Server attacks
This week's Risk & Repeat episode looks back at the Microsoft Exchange Server attacks, plus the questions and mysteries surrounding the ongoing threat.
- April 05, 2021
05 Apr'21
CISA: APTs exploiting Fortinet FortiOS vulnerabilities
Three Fortinet FortiOS vulnerabilities that have been fully patched since last summer are being exploited by advanced persistent threat actors, according to the FBI and CISA.
- April 05, 2021
05 Apr'21
Remote work increases demand for zero-trust security
One year after lockdowns and office closures prompted a massive, hurried move to remote work, many enterprises are reexamining their security posture.
- April 01, 2021
01 Apr'21
Man indicted in Kansas water facility breach
While the attempted tampering of a Kansas water facility occurred more than two years ago, the Justice Department this week indicted a 22-year-old former employee.
- April 01, 2021
01 Apr'21
CISA: U.S. agencies must scan for Exchange Server attacks
CISA has not said whether any federal agencies have been hit by Exchange Server attacks, but the directive requires them to use Microsoft's detection tools to identify threats.
- April 01, 2021
01 Apr'21
DHS: Ransomware poses a national security threat
Ransomware is just one threat DHS Secretary Alejandro Mayorkas discusses during an RSA Conference webcast on the cybersecurity challenges facing the U.S.
- March 30, 2021
30 Mar'21
Mysterious Hades ransomware striking 'big game' enterprises
CrowdStrike reported Hades is tied to Evil Corp, but Awake Labs discovered a possible connection to Hafnium, a Chinese nation-state group behind initial Exchange Server attacks.
- March 30, 2021
30 Mar'21
Feds debate while states act on data privacy laws
As Congress debates its next move on how to regulate big tech, states are already enacting legislation. Their push will likely serve as a model for the federal government.
- March 29, 2021
29 Mar'21
Ransomware negotiations: An inside look at the process
Ransomware negotiators are brought in to communicate with cybercriminals and hopefully arrange less expensive payments. How often do they succeed?
- March 25, 2021
25 Mar'21
Black Kingdom ransomware foiled through Mega password change
The Black Kingdom ransomware targeting Exchange servers uses an unusual encryption key method that was foiled due to a password being changed at cloud storage service Mega.
- March 25, 2021
25 Mar'21
Cyber insurance company CNA discloses cyber attack
Though the nature of the cyber attack is unclear, CNA confirmed the attack caused a network disruption and affected systems such as corporate email and the company's website.
- March 24, 2021
24 Mar'21
Nearly 100,000 web shells detected on Exchange servers
Although Microsoft reported a decrease in the number of vulnerable Exchange servers, new research shows a large amount of malicious web shells hiding inside networks.
- March 23, 2021
23 Mar'21
'Black Kingdom' ransomware impacting Exchange servers
Both ransomware and scareware variants of Black Kingdom have been reported in attacks against vulnerable Exchange servers, but the reason for this remains unclear.
- March 19, 2021
19 Mar'21
Acer hit by apparent attack from REvil ransomware group
Acer told SearchSecurity in a statement that it has 'reported recent abnormal situations observed to the relevant law enforcement.' However, it did not confirm a ransomware attack.
- March 18, 2021
18 Mar'21
FBI IC3 report's ransomware numbers are low, experts say
The FBI's Internet Crime Complaint Center reported a massive increase in financial losses from 2020 ransomware attacks, but infosec experts say the problem is worse than statistics say.
- March 17, 2021
17 Mar'21
SolarWinds hackers stole Mimecast source code
The investigation into a stolen Mimecast-issued digital certificate is now complete, and the vendor said the initial intrusion was Sunburst malware in the SolarWinds Orion platform.
- March 16, 2021
16 Mar'21
RiskIQ: 69,548 Microsoft Exchange servers still vulnerable
Security intelligence vendor RiskIQ found that 69,548 servers remained unpatched as of Sunday and are vulnerable to attacks, with nearly 17,000 servers located in the U.S.
- March 16, 2021
16 Mar'21
Timeline of Microsoft Exchange Server attacks raises questions
Multiple security vendors reported that exploitation of the Microsoft Exchange Server zero-days began well before their disclosure, but researchers are at a loss to explain why.
- March 12, 2021
12 Mar'21
DearCry ransomware impacting Microsoft Exchange servers
While only a small number of DearCry ransomware victims have been reported at this time, the infections have hit organizations in the U.S., Canada, Australia and beyond.
- March 11, 2021
11 Mar'21
After Oldsmar: How vulnerable is US critical infrastructure?
Following the highly publicized breach of a water treatment plant in Oldsmar, Fla., industrial security experts discuss the state of critical infrastructure risk in 2021.
- March 11, 2021
11 Mar'21
Cisco found cryptomining activity within 69% of customers
Cisco found cryptomining malware affected a vast majority of customers in 2020, generating massive amounts of malicious DNS traffic while sucking up precious computing resources.
- March 09, 2021
09 Mar'21
Microsoft Exchange Server attacks: What we know so far
More details continue to emerge since last week's disclosure of zero-day vulnerabilities and attacks on Microsoft Exchange Server, including the broad range of potential victims.
- March 08, 2021
08 Mar'21
Microsoft releases tools as Exchange Server attacks increase
Microsoft said it's seen increased Exchange Server attacks, as well as more threat actors beyond the Chinese state-sponsored Hafnium group conducting attacks.
- March 08, 2021
08 Mar'21
McAfee sells off enterprise business for $4 billion
Less than six months after its IPO, McAfee has agreed to sell its enterprise business to private equity firm Symphony Technology Group and refocus on consumer cybersecurity.
- March 04, 2021
04 Mar'21
Microsoft makes passwordless push in Azure Active Directory
To adapt to security challenges like remote work and increasingly sophisticated threats, Microsoft is building a passwordless ecosystem within Azure Active Directory.
- March 04, 2021
04 Mar'21
Microsoft's security roadmap goes all-in on 365 Defender
Microsoft 365 Defender's new threat analytics feature includes step-by-step reports on attacks, vulnerabilities and more, as well as links to relevant alerts in each report.
- March 04, 2021
04 Mar'21
Okta acquires identity rival Auth0 for $6.5 billion
Okta CEO Todd McKinnon said Auth0 shares his company's vision to establish identity services as one of the 'primary clouds' for enterprises, such as IaaS and collaboration.
- March 03, 2021
03 Mar'21
Microsoft Exchange Server zero-days exploited in the wild
Both the Cybersecurity and Infrastructure Security Agency and National Security Agency advise patching the Exchange Server zero-days immediately.
- March 03, 2021
03 Mar'21
Accellion FTA attacks claim more victims
More details have emerged about the Accellion FTA attacks since the December disclosure, including possible threat groups behind the breach and a growing list of victims.
- March 01, 2021
01 Mar'21
Chinese threat group 'RedEcho' targeting Indian power grid
The Chinese nation-state actor's targets include 10 different Indian power sector organizations, but Recorded Future said there's no evidence RedEcho triggered blackouts.
- February 26, 2021
26 Feb'21
Risk & Repeat: Inside the SolarWinds Senate hearing
This week's Senate Intelligence Committee hearing on SolarWinds tackled the attribution case against Russian state-sponsored hackers, as well as questions for AWS.
- February 25, 2021
25 Feb'21
Vastaamo breach, bankruptcy indicate troubling trend
The blackmailing of patients directly, as well as the resulting bankruptcy of Vastaamo Psychotherapy Centre, could single a shift in cyber crime tactics.
- February 24, 2021
24 Feb'21
Senate hearing: SolarWinds evidence points to Russia
Executives from Microsoft and FireEye said that there was substantial evidence pointing to Russia's role in the SolarWinds attack and no evidence found leading anywhere else.
- February 24, 2021
24 Feb'21
Dragos: ICS security threats grew threefold in 2020
A new report highlights the challenges facing ICS vendors today, including practices that are geared toward traditional IT and not designed for ICS security.
- February 22, 2021
22 Feb'21
Chinese APT used stolen NSA exploit for years
Check Point's report details how a zero-day exploit credited to a Chinese nation-state threat group "is in fact a replica of an Equation Group exploit code-named 'EpMe.'"
- February 18, 2021
18 Feb'21
White House: 100 companies compromised in SolarWinds hack
The White House discussed its response to the SolarWinds attacks, which so far have compromised nine federal agencies and approximately 100 private sector companies.
- February 17, 2021
17 Feb'21
Wide net cast on potential Accellion breach victims
While Accellion fixed the zero-day vulnerability within 72 hours and said the breach affected 'less than 50 customers,' the attack's impact has expanded two weeks after the disclosure.