News

News

• June 15, 2021 15 Jun'21

  Apple issues patches for two more WebKit zero-days

  Apple said both WebKit zero-days, which affect older iOS devices, have reportedly been exploited in the wild, but further details about the threat activity are unknown.

• June 14, 2021 14 Jun'21

  Accellion breach raises notification concerns

  Victims of the breach continue to emerge, and one customer said it could have acted sooner, but a critical alert about a zero-day never left Accellion's email system.

• June 11, 2021 11 Jun'21

  Slilpp marketplace goes dark following government takedown

  Slilpp, a massive dark web emporium for buying and selling stolen credentials, has been pulled offline by an international law enforcement takedown.

• June 11, 2021 11 Jun'21

  Securolytics COO charged in Georgia hospital cyber attack

  Details on the cyber attack are scarce, but according to the indictment, Vikas Singla allegedly attempted to steal data and disrupt the hospital's phone system.

• June 11, 2021 11 Jun'21

  Cisco Talos: Exchange Server flaws accounted for 35% of attacks

  More than one third of incidents recorded by Cisco Talos in the past three months were related to four Microsoft Exchange Server zero-days first revealed in March.

• June 10, 2021 10 Jun'21

  JBS USA paid $11M ransom to REvil hackers

  Last week JBS USA said the ransomware attack was resolved and all facilities were fully operational, but now the company confirmed it paid a huge ransom.

• June 10, 2021 10 Jun'21

  Risk & Repeat: Colonial Pipeline CEO grilled by Congress

  Colonial Pipeline Co. CEO Joseph Blount faced criticism from several members of Congress this week during two different hearings on the recent ransomware attack.

• June 09, 2021 09 Jun'21

  Mandiant: Compromised Colonial Pipeline password was reused

  The Colonial Pipeline VPN password was relatively complex, according to Mandiant CTO Charles Carmakal, and likely would have been difficult for DarkSide threat actors to guess.

• June 08, 2021 08 Jun'21

  FBI used encrypted Anom app in international crime bust

  The FBI secretly ran an encrypted chat network that included 12,000 devices and was widely used by criminal organizations across the globe for various illegal dealings.

• June 08, 2021 08 Jun'21

  FBI seized Colonial Pipeline ransom using private key

  After Colonial Pipeline paid a $4.4 million ransom demand in last month's attack, the DOJ announced the majority of the funds have been retrieved by the FBI.

• June 08, 2021 08 Jun'21

  CISA taps Bugcrowd for federal vulnerability disclosure program

  The new program follows a CISA directive from September that requires executive branch agencies to create and publish vulnerability disclosure policies.

• June 07, 2021 07 Jun'21

  DOJ charges alleged Trickbot developer

  Several of the 19 charges brought against the alleged Trickbot Group developer Alla Witte include bank fraud and aggravated identity theft.

• June 07, 2021 07 Jun'21

  Hackers vs. lawyers: Security research stifled in key situations

  The age-old debate between sharing information or covering legal liability is a growing issue in everything from bug bounties to disclosing ransomware attacks.

• June 03, 2021 03 Jun'21

  White House issues ransomware directive for businesses

  The Biden administration aims to stem parade of ransomware infections, data thefts and massive payouts to cybercriminal groups with a list of security best practices.

• June 03, 2021 03 Jun'21

  FireEye and Mandiant part ways in $1.2B deal

  FireEye products and Mandiant incident response services will split into two entities under the pending acquisition of FireEye by Symphony Technology Group.

• June 02, 2021 02 Jun'21

  ExaGrid revealed as latest Conti ransomware casualty

  The data backup vendor appears to have paid a $2.6 million ransom after Conti threat actors breached its corporate network and stole internal documents.

• June 01, 2021 01 Jun'21

  Risk & Repeat: Security startups and trends from RSAC 2021

  Analyst Carla Roncato of Enterprise Strategy Group weighs in on RSA Conference and the security startups featured during the show's Innovation Sandbox competition.

• May 27, 2021 27 May'21

  DHS opens valve on new pipeline security requirements

  The U.S. government has put forward a trio of new cybersecurity requirements for companies that operate oil and gas pipelines, including incident reporting and risk assessment.

• May 27, 2021 27 May'21

  Apiiro wins RSA Conference Innovation Sandbox Contest

  Apiiro's automated Code Risk Platform analyzes enterprise software for material changes that can lead to security vulnerabilities, data exposures and compliance risks.

• May 26, 2021 26 May'21

  Rowhammer reach extended for new attack method

  Google researchers discovered a bit-flipping hardware trick can now be carried out across extra rows of transistors, circumventing protections against the attack technique.

• May 26, 2021 26 May'21

  US agencies lack supply chain best practices post-SolarWinds

  Vijay D'Souza, the GAO's director of IT and cybersecurity, said during a joint hearing that 'none of the agencies have fully implemented our recommendations.'

• May 25, 2021 25 May'21

  Operational technology is the new low-hanging fruit for hackers

  FireEye researchers say exposed and poorly guarded industrial systems are being increasingly compromised by low-skill hackers using entry-level exploit techniques.

• May 25, 2021 25 May'21

  Chaos in Maricopa County: The election audit explained

  The controversy about an election audit of Maricopa County, Ariz., involves accusations of deleted databases, bamboo fibers and potentially ruined voting machines.

• May 25, 2021 25 May'21

  Risk & Repeat: Recapping RSA Conference 2021

  Election security, nation-state threats and supply chain attacks were major topics at this year's RSA Conference, which was held as a virtual event.

• May 24, 2021 24 May'21

  Conti ransomware spree draws FBI attention

  Hospitals and emergency service networks in the U.S. are at heightened risk from the new ransomware operation that disrupted Ireland's healthcare system in recent weeks.

• May 21, 2021 21 May'21

  Stale sessions, ML poisoning among 2021's top security threats

  An all-star security panel at RSA Conference discusses the biggest issues facing companies today and what it thinks will emerge as the top threats in the coming months.

• May 20, 2021 20 May'21

  U.S. officials discuss 2020 election security, misinformation

  During an RSA Conference 2021 panel, the CISO for Maricopa County, Ariz., said misinformation posed a bigger challenge for election officials than actual cyberattacks.

• May 20, 2021 20 May'21

  Infosec experts: Threat landscape is worst in 60 years

  Between an increasing sophistication seen in nation-state groups and a rise in ransomware that's affecting everyone, the threat landscape may be reaching a historic peak.

• May 20, 2021 20 May'21

  CrowdStrike breaks down 'Golden SAML' attack

  The nightmare scenario, demonstrated at RSA Conference 2021, was used by threat actors in the SolarWinds breach and gave them control over both cloud and on-premises systems.

• May 19, 2021 19 May'21

  SentinelOne: More supply chain attacks are coming

  At RSA Conference 2021, SentinelOne threat researcher Marco Figueroa discussed the implications of the SolarWinds attacks, which he called one of the biggest hacks ever.

• May 19, 2021 19 May'21

  SolarWinds CEO: Supply chain attack began in January 2019

  SolarWinds CEO Sudhakar Ramakrishna clarified earlier remarks from the company and said the massive supply chain attack was not the result of an intern's mistake.

• May 19, 2021 19 May'21

  Cisco shares lessons learned in zero-trust deployment

  The networking giant explained at RSA Conference 2021 how it was able to deploy a company-wide zero trust model in less than six months, and what it learned along the way.

• May 18, 2021 18 May'21

  Attorneys share worst practices for data breach response

  Angry emails, bad jokes and sloppy reports can all lead to legal headaches following a data breach, according to a panel of experts at RSA Conference 2021.

• May 18, 2021 18 May'21

  McAfee CTO: Use data to make better cyber-risk decisions

  According to McAfee CTO Steve Grobman, the best response to today's cyber-risks includes both human and technology-based solutions, like threat intelligence and good security hygiene.

• May 18, 2021 18 May'21

  Neuberger calls for shift in software supply chain security

  In an RSA Conference keynote, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said security requires a major "mindset shift."

• May 18, 2021 18 May'21

  5 ways bad incident response plans can help threat actors

  Infosec executives from Netskope and Chipotle Mexican Grill hosted an RSA Conference session about their personal experiences and lessons learned while responding to attacks.

• May 18, 2021 18 May'21

  Sophos: 81% of attacks last year involved ransomware

  The majority of incidents Sophos responded to in the last year involved ransomware. The company also found the median dwell time of attackers was 11 days.

• May 17, 2021 17 May'21

  Hackers turn Comcast voice remotes into eavesdropping tool

  Guardicore researchers at RSA Conference 2021 manipulated the Xfinity XR11 voice controller to covertly record household conversations, raising concerns about IoT devices.

• May 14, 2021 14 May'21

  'Scheme flooding' bug threatens to sink user privacy

  Researchers have uncovered a blind spot in web security that opens the door for tracking across multiple browsers and thwarts common privacy protections like incognito and VPN.

• May 13, 2021 13 May'21

  Verizon DBIR shows sharp increase in ransomware attacks

  According to Verizon's latest Data Breach Investigations Report, 60% of ransomware cases involved either direct installation or installation via desktop sharing software.

• May 13, 2021 13 May'21

  Biden signs executive order to modernize cyberdefenses

  Following several high-profile attacks on the federal government, the new executive order seeks to eliminate outdated security practices and improve supply chain security.

• May 13, 2021 13 May'21

  'FragAttacks' eavesdropping flaws revealed in all Wi-Fi devices

  Security researcher Mathy Vanhoef said every Wi-Fi device is impacted by at least one of the 12 vulnerabilities, and most devices are vulnerable to several of the flaws.

• May 12, 2021 12 May'21

  Hacker makes short work of Apple AirTag jailbreak

  A security researcher discovered a jailbreaking method for Apple's new mobile locating tracking devices, which were introduced just last month.

• May 12, 2021 12 May'21

  Senate hearing raises questions about SolarWinds backdoors

  U.S. Department of Commerce CISO Ryan Higgins said in a Senate committee hearing Tuesday that his department was one of first agencies to detect the systemic compromise.

• May 12, 2021 12 May'21

  DarkSide: The ransomware gang that took down a pipeline

  DarkSide may be best known for the Colonial Pipeline ransomware attack, but the gang has hit dozens of organizations since last summer, presenting itself as a Robin Hood-type group.

• May 12, 2021 12 May'21

  Cyber insurance firm AXA halts coverage for ransom payments

  As ransomware attacks increase across the globe and ransom payment reimbursement becomes a key issue for cyber insurers, AXA may be setting a new trend for private industries.

• May 12, 2021 12 May'21

  Funding is key to strengthening national cybersecurity

  In the wake of the Colonial Pipeline ransomware attack, national cybersecurity experts make the case for additional funding during a Senate hearing.

• May 10, 2021 10 May'21

  Colonial Pipeline runs dry following ransomware attack

  A vital U.S. oil supply was shut down to prevent a ransomware infection from spreading from corporate IT systems to more crucial operational technology systems.

• May 07, 2021 07 May'21

  'Bulletproof' hosts catch RICO charges for aiding cybercriminals

  Four men pleaded guilty to RICO conspiracy charges for operating a bulletproof hosting service that provided infrastructure to cybercriminals' operations.

• May 06, 2021 06 May'21

  'BadAlloc' vulnerabilities spell trouble for IoT, OT devices

  A week after Microsoft revealed 25 memory allocation vulnerabilities in several IoT and OT products, some devices have been patched, while others have not.

• May 06, 2021 06 May'21

  Popular mobile apps leaking AWS keys, exposing user data

  Security researchers at CloudSek discovered approximately 40 popular mobile apps contained hardcoded API secret keys, putting both user information and corporate data at risk.

• May 06, 2021 06 May'21

  US defense contractor BlueForce apparently hit by ransomware

  The Conti ransomware operators demanded nearly $1 million in bitcoin during ransomware negotiations and threatened to publish the defense contractor's data on its leak site.

• May 06, 2021 06 May'21

  Dell patches high-severity flaws in firmware update driver

  SentinelOne discovered the flaws in Dell's firmware update driver in December. There's no evidence that hackers have exploited the 12-year-old vulnerabilities.

• May 05, 2021 05 May'21

  Twilio discloses breach caused by Codecov supply chain hack

  Twilio utilizes Codecov tools including the previously compromised Bash Uploader script. It said that a "small number" of customer emails were potentially exposed.

• May 05, 2021 05 May'21

  Researchers use PyInstaller to create stealth malware

  Academic researchers say the application builder could be used to create undetectable attack bundles that bypass many widely used antimalware programs.

• May 04, 2021 04 May'21

  Qualys finds 21 vulnerabilities in Exim mail software

  Qualys, which discovered the '21Nails' vulnerabilities, said that it did not see evidence of exploitation, but many vulnerabilities are 17 years old and at risk of being exploited.

• May 03, 2021 03 May'21

  Apple hurries out fixes for WebKit zero-days

  Mac and iOS users are urged to patch their devices immediately for Apple WebKit flaws following reports of active exploits in the wild.

• April 30, 2021 30 Apr'21

  Risk & Repeat: Will the Ransomware Task Force make an impact?

  The Institute for Security and Technology's Ransomware Task Force published several recommendations to better address the growing security threat. Will they work?

• April 29, 2021 29 Apr'21

  Ransomware Task Force takes aim at cryptocurrencies

  The Ransomware Task Force released a new report with recommendations on how to tackle the growing ransomware problem, including regulation of cryptocurrency services.

• April 29, 2021 29 Apr'21

  SolarWinds puts national cybersecurity strategy on display

  Biden imposed economic sanctions on Russia for its role in the SolarWinds cyber attack. Experts see the response as just one part of a larger national cybersecurity strategy.

• April 28, 2021 28 Apr'21

  Codecov breach raises concerns about software supply chain

  So far, only HashiCorp has disclosed a breach connected to the attack on Codecov, but threat researchers have drawn parallels to the SolarWinds supply chain attacks.

• April 27, 2021 27 Apr'21

  Rise in ransom payments may fuel more dangerous attacks

  A new report from Coveware found that ransom payments increased significantly in Q1 this year, as did ransomware actors' use of software vulnerabilities in attacks.

• April 26, 2021 26 Apr'21

  Remaining Emotet infections uninstalled by German police

  A German federal police action led to all infections of Emotet malware being uninstalled Sunday, following an international police takeover of Emotet infrastructure in January.

• April 26, 2021 26 Apr'21

  Hackers targeting VPN vulnerabilities in ongoing attacks

  As remote work increased during the pandemic, threat actors increasingly targeted known vulnerabilities.

• April 22, 2021 22 Apr'21

  DOJ creates ransomware task force to combat digital extortion

  An internal memo from the DOJ said the task force will 'bring the full authorities and resources of the Department' in order to confront the growing threat of ransomware.

• April 21, 2021 21 Apr'21

  Zero-day flaw in Pulse Secure VPN exploited in attacks

  A remote code execution vulnerability found in Pulse Secure VPN appliances has been exploited in attacks affecting government, defense and financial organizations.

• April 21, 2021 21 Apr'21

  Hackers exploit 3 SonicWall zero-day vulnerabilities

  SonicWall patched the zero-day vulnerabilities earlier this month, but the security vendor didn't disclose they were being exploited until Tuesday.

• April 20, 2021 20 Apr'21

  The wide web of nation-state hackers attacking the U.S.

  Cybersecurity experts weigh in on what it means to be a nation-state hacker, as well as the activities and motivations of the 'big four' countries attacking the U.S.

• April 15, 2021 15 Apr'21

  Risk & Repeat: FBI's web shell removal raises questions

  The FBI accessed computers -- without the knowledge or consent of the owners -- to remove hundreds of web shells placed in vulnerable Microsoft Exchange servers.

• April 15, 2021 15 Apr'21

  Applus inspection systems still down following malware attack

  Applus Technologies said it stopped a malware attack two weeks ago, but systems are still down as eight states are forced to extend vehicle inspection dates.

• April 15, 2021 15 Apr'21

  Nation-state hacker indictments: Do they help or hinder?

  While there are some benefits to filing criminal charges against nation-state actors, infosec experts say thus far, indictments haven't reduced cyber attacks.

• April 14, 2021 14 Apr'21

  FBI removes web shells from infected Exchange servers

  The DOJ announced the FBI had successfully removed hundreds of web shells from computers impacted by ProxyLogon and related Exchange Server vulnerabilities.

• April 13, 2021 13 Apr'21

  NSA finds new Exchange Server vulnerabilities

  Microsoft said it has not seen the new Exchange Server vulnerabilities being used in attacks against customers, but customers are still advised to patch immediately.

• April 13, 2021 13 Apr'21

  McAfee: PowerShell threats grew 208% in Q4 2020

  McAfee's latest threat report showed a sharp increase in PowerShell threats between Q3 and Q4 2020, in part due to malware known as Donoff and a rise in ransomware detections.

• April 08, 2021 08 Apr'21

  Cring ransomware attacking vulnerable Fortigate VPNs

  A vulnerability impacting Fortinet's Fortigate VPN, first disclosed and patched in 2019, is being exploited by Cring ransomware operators to extort bitcoin from enterprises.

• April 07, 2021 07 Apr'21

  Cisco: Threat actors abusing Slack, Discord to hide malware

  The threat intelligence vendor released a new report on how threat actors are increasingly abusing popular collaboration applications like Slack and Discord during the pandemic.

• April 06, 2021 06 Apr'21

  Risk & Repeat: Recapping the Exchange Server attacks

  This week's Risk & Repeat episode looks back at the Microsoft Exchange Server attacks, plus the questions and mysteries surrounding the ongoing threat.

• April 05, 2021 05 Apr'21

  CISA: APTs exploiting Fortinet FortiOS vulnerabilities

  Three Fortinet FortiOS vulnerabilities that have been fully patched since last summer are being exploited by advanced persistent threat actors, according to the FBI and CISA.

• April 05, 2021 05 Apr'21

  Remote work increases demand for zero-trust security

  One year after lockdowns and office closures prompted a massive, hurried move to remote work, many enterprises are reexamining their security posture.

• April 01, 2021 01 Apr'21

  Man indicted in Kansas water facility breach

  While the attempted tampering of a Kansas water facility occurred more than two years ago, the Justice Department this week indicted a 22-year-old former employee.

• April 01, 2021 01 Apr'21

  CISA: U.S. agencies must scan for Exchange Server attacks

  CISA has not said whether any federal agencies have been hit by Exchange Server attacks, but the directive requires them to use Microsoft's detection tools to identify threats.

• April 01, 2021 01 Apr'21

  DHS: Ransomware poses a national security threat

  Ransomware is just one threat DHS Secretary Alejandro Mayorkas discusses during an RSA Conference webcast on the cybersecurity challenges facing the U.S.

• March 30, 2021 30 Mar'21

  Mysterious Hades ransomware striking 'big game' enterprises

  CrowdStrike reported Hades is tied to Evil Corp, but Awake Labs discovered a possible connection to Hafnium, a Chinese nation-state group behind initial Exchange Server attacks.

• March 30, 2021 30 Mar'21

  Feds debate while states act on data privacy laws

  As Congress debates its next move on how to regulate big tech, states are already enacting legislation. Their push will likely serve as a model for the federal government.

• March 29, 2021 29 Mar'21

  Ransomware negotiations: An inside look at the process

  Ransomware negotiators are brought in to communicate with cybercriminals and hopefully arrange less expensive payments. How often do they succeed?

• March 25, 2021 25 Mar'21

  Black Kingdom ransomware foiled through Mega password change

  The Black Kingdom ransomware targeting Exchange servers uses an unusual encryption key method that was foiled due to a password being changed at cloud storage service Mega.

• March 25, 2021 25 Mar'21

  Cyber insurance company CNA discloses cyber attack

  Though the nature of the cyber attack is unclear, CNA confirmed the attack caused a network disruption and affected systems such as corporate email and the company's website.

• March 24, 2021 24 Mar'21

  Nearly 100,000 web shells detected on Exchange servers

  Although Microsoft reported a decrease in the number of vulnerable Exchange servers, new research shows a large amount of malicious web shells hiding inside networks.

• March 23, 2021 23 Mar'21

  'Black Kingdom' ransomware impacting Exchange servers

  Both ransomware and scareware variants of Black Kingdom have been reported in attacks against vulnerable Exchange servers, but the reason for this remains unclear.

• March 19, 2021 19 Mar'21

  Acer hit by apparent attack from REvil ransomware group

  Acer told SearchSecurity in a statement that it has 'reported recent abnormal situations observed to the relevant law enforcement.' However, it did not confirm a ransomware attack.

• March 18, 2021 18 Mar'21

  FBI IC3 report's ransomware numbers are low, experts say

  The FBI's Internet Crime Complaint Center reported a massive increase in financial losses from 2020 ransomware attacks, but infosec experts say the problem is worse than statistics say.

• March 17, 2021 17 Mar'21

  SolarWinds hackers stole Mimecast source code

  The investigation into a stolen Mimecast-issued digital certificate is now complete, and the vendor said the initial intrusion was Sunburst malware in the SolarWinds Orion platform.

• March 16, 2021 16 Mar'21

  RiskIQ: 69,548 Microsoft Exchange servers still vulnerable

  Security intelligence vendor RiskIQ found that 69,548 servers remained unpatched as of Sunday and are vulnerable to attacks, with nearly 17,000 servers located in the U.S.

• March 16, 2021 16 Mar'21

  Timeline of Microsoft Exchange Server attacks raises questions

  Multiple security vendors reported that exploitation of the Microsoft Exchange Server zero-days began well before their disclosure, but researchers are at a loss to explain why.

• March 12, 2021 12 Mar'21

  DearCry ransomware impacting Microsoft Exchange servers

  While only a small number of DearCry ransomware victims have been reported at this time, the infections have hit organizations in the U.S., Canada, Australia and beyond.

• March 11, 2021 11 Mar'21

  After Oldsmar: How vulnerable is US critical infrastructure?

  Following the highly publicized breach of a water treatment plant in Oldsmar, Fla., industrial security experts discuss the state of critical infrastructure risk in 2021.

• March 11, 2021 11 Mar'21

  Cisco found cryptomining activity within 69% of customers

  Cisco found cryptomining malware affected a vast majority of customers in 2020, generating massive amounts of malicious DNS traffic while sucking up precious computing resources.

• March 09, 2021 09 Mar'21

  Microsoft Exchange Server attacks: What we know so far

  More details continue to emerge since last week's disclosure of zero-day vulnerabilities and attacks on Microsoft Exchange Server, including the broad range of potential victims.

• March 08, 2021 08 Mar'21

  Microsoft releases tools as Exchange Server attacks increase

  Microsoft said it's seen increased Exchange Server attacks, as well as more threat actors beyond the Chinese state-sponsored Hafnium group conducting attacks.

• March 08, 2021 08 Mar'21

  McAfee sells off enterprise business for $4 billion

  Less than six months after its IPO, McAfee has agreed to sell its enterprise business to private equity firm Symphony Technology Group and refocus on consumer cybersecurity.