News

News

• April 20, 2021 20 Apr'21

  The wide web of nation-state hackers attacking the US

  Cybersecurity experts weigh in on what it means to be a nation-state hacker, as well as the activities and motivations of the 'big four' countries attacking the U.S.

• April 15, 2021 15 Apr'21

  Risk & Repeat: FBI's web shell removal raises questions

  The FBI accessed computers -- without the knowledge or consent of the owners -- to remove hundreds of web shells placed in vulnerable Microsoft Exchange servers.

• April 15, 2021 15 Apr'21

  Applus inspection systems still down following malware attack

  Applus Technologies said it stopped a malware attack two weeks ago, but systems are still down as eight states are forced to extend vehicle inspection dates.

• April 15, 2021 15 Apr'21

  Nation-state hacker indictments: Do they help or hinder?

  While there are some benefits to filing criminal charges against nation-state actors, infosec experts say thus far, indictments haven't reduced cyber attacks.

• April 14, 2021 14 Apr'21

  FBI removes web shells from infected Exchange servers

  The DOJ announced the FBI had successfully removed hundreds of web shells from computers impacted by ProxyLogon and related Exchange Server vulnerabilities.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• April 13, 2021 13 Apr'21

  NSA finds new Exchange Server vulnerabilities

  Microsoft said it has not seen the new Exchange Server vulnerabilities being used in attacks against customers, but customers are still advised to patch immediately.

• April 13, 2021 13 Apr'21

  McAfee: PowerShell threats grew 208% in Q4 2020

  McAfee's latest threat report showed a sharp increase in PowerShell threats between Q3 and Q4 2020, in part due to malware known as Donoff and a rise in ransomware detections.

• April 08, 2021 08 Apr'21

  Cring ransomware attacking vulnerable Fortigate VPNs

  A vulnerability impacting Fortinet's Fortigate VPN, first disclosed and patched in 2019, is being exploited by Cring ransomware operators to extort bitcoin from enterprises.

• April 07, 2021 07 Apr'21

  Cisco: Threat actors abusing Slack, Discord to hide malware

  The threat intelligence vendor released a new report on how threat actors are increasingly abusing popular collaboration applications like Slack and Discord during the pandemic.

• April 06, 2021 06 Apr'21

  Risk & Repeat: Recapping the Exchange Server attacks

  This week's Risk & Repeat episode looks back at the Microsoft Exchange Server attacks, plus the questions and mysteries surrounding the ongoing threat.

• April 05, 2021 05 Apr'21

  CISA: APTs exploiting Fortinet FortiOS vulnerabilities

  Three Fortinet FortiOS vulnerabilities that have been fully patched since last summer are being exploited by advanced persistent threat actors, according to the FBI and CISA.

• April 05, 2021 05 Apr'21

  Remote work increases demand for zero-trust security

  One year after lockdowns and office closures prompted a massive, hurried move to remote work, many enterprises are reexamining their security posture.

• April 01, 2021 01 Apr'21

  Man indicted in Kansas water facility breach

  While the attempted tampering of a Kansas water facility occurred more than two years ago, the Justice Department this week indicted a 22-year-old former employee.

• April 01, 2021 01 Apr'21

  CISA: U.S. agencies must scan for Exchange Server attacks

  CISA has not said whether any federal agencies have been hit by Exchange Server attacks, but the directive requires them to use Microsoft's detection tools to identify threats.

• April 01, 2021 01 Apr'21

  DHS: Ransomware poses a national security threat

  Ransomware is just one threat DHS Secretary Alejandro Mayorkas discusses during an RSA Conference webcast on the cybersecurity challenges facing the U.S.

• March 30, 2021 30 Mar'21

  Mysterious Hades ransomware striking 'big game' enterprises

  CrowdStrike reported Hades is tied to Evil Corp, but Awake Labs discovered a possible connection to Hafnium, a Chinese nation-state group behind initial Exchange Server attacks.

• March 30, 2021 30 Mar'21

  Feds debate while states act on data privacy laws

  As Congress debates its next move on how to regulate big tech, states are already enacting legislation. Their push will likely serve as a model for the federal government.

• March 29, 2021 29 Mar'21

  Ransomware negotiations: An inside look at the process

  Ransomware negotiators are brought in to communicate with cybercriminals and hopefully arrange less expensive payments. How often do they succeed?

• March 25, 2021 25 Mar'21

  Black Kingdom ransomware foiled through Mega password change

  The Black Kingdom ransomware targeting Exchange servers uses an unusual encryption key method that was foiled due to a password being changed at cloud storage service Mega.

• March 25, 2021 25 Mar'21

  Cyber insurance company CNA discloses cyber attack

  Though the nature of the cyber attack is unclear, CNA confirmed the attack caused a network disruption and affected systems such as corporate email and the company's website.

• March 24, 2021 24 Mar'21

  Nearly 100,000 web shells detected on Exchange servers

  Although Microsoft reported a decrease in the number of vulnerable Exchange servers, new research shows a large amount of malicious web shells hiding inside networks.

• March 23, 2021 23 Mar'21

  'Black Kingdom' ransomware impacting Exchange servers

  Both ransomware and scareware variants of Black Kingdom have been reported in attacks against vulnerable Exchange servers, but the reason for this remains unclear.

• March 19, 2021 19 Mar'21

  Acer hit by apparent attack from REvil ransomware group

  Acer told SearchSecurity in a statement that it has 'reported recent abnormal situations observed to the relevant law enforcement.' However, it did not confirm a ransomware attack.

• March 18, 2021 18 Mar'21

  FBI IC3 report's ransomware numbers are low, experts say

  The FBI's Internet Crime Complaint Center reported a massive increase in financial losses from 2020 ransomware attacks, but infosec experts say the problem is worse than statistics say.

• March 17, 2021 17 Mar'21

  SolarWinds hackers stole Mimecast source code

  The investigation into a stolen Mimecast-issued digital certificate is now complete, and the vendor said the initial intrusion was Sunburst malware in the SolarWinds Orion platform.

• March 16, 2021 16 Mar'21

  RiskIQ: 69,548 Microsoft Exchange servers still vulnerable

  Security intelligence vendor RiskIQ found that 69,548 servers remained unpatched as of Sunday and are vulnerable to attacks, with nearly 17,000 servers located in the U.S.

• March 16, 2021 16 Mar'21

  Timeline of Microsoft Exchange Server attacks raises questions

  Multiple security vendors reported that exploitation of the Microsoft Exchange Server zero-days began well before their disclosure, but researchers are at a loss to explain why.

• March 12, 2021 12 Mar'21

  DearCry ransomware impacting Microsoft Exchange servers

  While only a small number of DearCry ransomware victims have been reported at this time, the infections have hit organizations in the U.S., Canada, Australia and beyond.

• March 11, 2021 11 Mar'21

  After Oldsmar: How vulnerable is US critical infrastructure?

  Following the highly publicized breach of a water treatment plant in Oldsmar, Fla., industrial security experts discuss the state of critical infrastructure risk in 2021.

• March 11, 2021 11 Mar'21

  Cisco found cryptomining activity within 69% of customers

  Cisco found cryptomining malware affected a vast majority of customers in 2020, generating massive amounts of malicious DNS traffic while sucking up precious computing resources.

• March 09, 2021 09 Mar'21

  Microsoft Exchange Server attacks: What we know so far

  More details continue to emerge since last week's disclosure of zero-day vulnerabilities and attacks on Microsoft Exchange Server, including the broad range of potential victims.

• March 08, 2021 08 Mar'21

  Microsoft releases tools as Exchange Server attacks increase

  Microsoft said it's seen increased Exchange Server attacks, as well as more threat actors beyond the Chinese state-sponsored Hafnium group conducting attacks.

• March 08, 2021 08 Mar'21

  McAfee sells off enterprise business for $4 billion

  Less than six months after its IPO, McAfee has agreed to sell its enterprise business to private equity firm Symphony Technology Group and refocus on consumer cybersecurity.

• March 04, 2021 04 Mar'21

  Microsoft makes passwordless push in Azure Active Directory

  To adapt to security challenges like remote work and increasingly sophisticated threats, Microsoft is building a passwordless ecosystem within Azure Active Directory.

• March 04, 2021 04 Mar'21

  Microsoft's security roadmap goes all-in on 365 Defender

  Microsoft 365 Defender's new threat analytics feature includes step-by-step reports on attacks, vulnerabilities and more, as well as links to relevant alerts in each report.

• March 04, 2021 04 Mar'21

  Okta acquires identity rival Auth0 for $6.5 billion

  Okta CEO Todd McKinnon said Auth0 shares his company's vision to establish identity services as one of the 'primary clouds' for enterprises, such as IaaS and collaboration.

• March 03, 2021 03 Mar'21

  Microsoft Exchange Server zero-days exploited in the wild

  Both the Cybersecurity and Infrastructure Security Agency and National Security Agency advise patching the Exchange Server zero-days immediately.

• March 03, 2021 03 Mar'21

  Accellion FTA attacks claim more victims

  More details have emerged about the Accellion FTA attacks since the December disclosure, including possible threat groups behind the breach and a growing list of victims.

• March 01, 2021 01 Mar'21

  Chinese threat group 'RedEcho' targeting Indian power grid

  The Chinese nation-state actor's targets include 10 different Indian power sector organizations, but Recorded Future said there's no evidence RedEcho triggered blackouts.

• February 26, 2021 26 Feb'21

  Risk & Repeat: Inside the SolarWinds Senate hearing

  This week's Senate Intelligence Committee hearing on SolarWinds tackled the attribution case against Russian state-sponsored hackers, as well as questions for AWS.

• February 25, 2021 25 Feb'21

  Vastaamo breach, bankruptcy indicate troubling trend

  The blackmailing of patients directly, as well as the resulting bankruptcy of Vastaamo Psychotherapy Centre, could single a shift in cyber crime tactics.

• February 24, 2021 24 Feb'21

  Senate hearing: SolarWinds evidence points to Russia

  Executives from Microsoft and FireEye said that there was substantial evidence pointing to Russia's role in the SolarWinds attack and no evidence found leading anywhere else.

• February 24, 2021 24 Feb'21

  Dragos: ICS security threats grew threefold in 2020

  A new report highlights the challenges facing ICS vendors today, including practices that are geared toward traditional IT and not designed for ICS security.

• February 22, 2021 22 Feb'21

  Chinese APT used stolen NSA exploit for years

  Check Point's report details how a zero-day exploit credited to a Chinese nation-state threat group "is in fact a replica of an Equation Group exploit code-named 'EpMe.'"

• February 18, 2021 18 Feb'21

  White House: 100 companies compromised in SolarWinds hack

  The White House discussed its response to the SolarWinds attacks, which so far have compromised nine federal agencies and approximately 100 private sector companies.

• February 17, 2021 17 Feb'21

  Wide net cast on potential Accellion breach victims

  While Accellion fixed the zero-day vulnerability within 72 hours and said the breach affected 'less than 50 customers,' the attack's impact has expanded two weeks after the disclosure.

• February 17, 2021 17 Feb'21

  DOJ indicts additional WannaCry conspirators

  The unsealed indictments accuse three individuals of being part of a hacking group, known as APT38 or Lazarus Group, within a North Korean military intelligence agency.

• February 17, 2021 17 Feb'21

  Risk & Repeat: SolarWinds and the hacking back debate

  This week's Risk & Repeat podcast looks at a recent '60 Minutes' episode that discussed the possibility of the U.S. government hacking back in response to the SolarWinds attacks.

• February 12, 2021 12 Feb'21

  Risk & Repeat: Oldsmar water plant breach raises concerns

  This week's Risk & Repeat podcast looks at how an unknown threat actor used TeamViewer to manipulate chemical levels in a water treatment facility in Oldsmar, Fla.

• February 11, 2021 11 Feb'21

  Oldsmar water plant computers shared TeamViewer password

  In addition to the advisory published by Massachusetts officials, the FBI issued a private industry notification Tuesday that referenced poor password security.

• February 10, 2021 10 Feb'21

  Researcher used open source supply chain to breach tech giants

  Security researcher Alex Birsan breached several major tech companies, including Microsoft and Apple, through a novel technique that manipulated open source supply chains.

• February 09, 2021 09 Feb'21

  SolarWinds breach news center

  The massive SolarWinds supply-chain attack continues to invade networks. Here's the latest news on the breach, how the malware infiltrates systems and the IT industry response.

• February 09, 2021 09 Feb'21

  Florida city's water nearly poisoned in TeamViewer attack

  The intruder increased the quantity of sodium hydroxide in the water from 100 parts per million to 11,100 parts per million briefly before a water plant operator fixed it.

• February 09, 2021 09 Feb'21

  Ninety percent of dark web hacking forum posts come from buyers

  Positive Technologies built a picture of dark web hacking forums via data from the 10 active forums and over 8 million users, though the veracity of such posts remains unclear.

• February 08, 2021 08 Feb'21

  Microsoft, SolarWinds in dispute over nation-state attacks

  The latest investigation updates from SolarWinds and Microsoft offer differing views on how nation-state threat actors compromised SolarWinds' environment.

• February 05, 2021 05 Feb'21

  Risk & Repeat: Diving into the dark web

  This week's Risk & Repeat podcast discusses the state of the dark web in 2021, how it has changed and what enterprises should know about the threats that exist there.

• February 04, 2021 04 Feb'21

  SolarWinds Office 365 environment compromised

  SolarWinds CEO Sudhakar Ramakrishna said nation-state threat actors first compromised a single email account and later gained access to the company's Orion platform environment.

• February 02, 2021 02 Feb'21

  SonicWall confirms zero-day vulnerability on SMA 100 series

  After testing NCC Group's findings, SonicWall 'confirmed their submission as a critical zero-day in the SMA 100 series 10.x code, and are tracking it as SNWLID-2021-0001.'

• February 02, 2021 02 Feb'21

  How a social engineering campaign fooled infosec researchers

  Impersonation tactics in social engineering attacks have become so elaborate that even highly aware members of the infosec community can fall victim to them.

• February 01, 2021 01 Feb'21

  The dark web in 2021: Should enterprises be worried?

  SearchSecurity spoke with multiple experts to find out how the dark web has changed, what the security risks are for enterprises and the value of dark web monitoring services.

• January 28, 2021 28 Jan'21

  DOJ charges suspect in NetWalker ransomware attacks

  The Department of Justice launched a coordinated effort to disrupt the notorious ransomware operation, which has infected healthcare organizations during the COVID-19 pandemic.

• January 27, 2021 27 Jan'21

  Emotet taken down in global law enforcement operation

  Ukraine's National Police said two citizens of Ukraine face up to 12 years in prison for their role in maintaining and operating Emotet, and other suspects have been identified.

• January 26, 2021 26 Jan'21

  Mimecast certificate compromised by SolarWinds hackers

  Mimecast conducted an investigation after being alerted by Microsoft that a certificate for Microsoft 365 Exchange Web Services authentication was stolen by a sophisticated actor.

• January 26, 2021 26 Jan'21

  Zero trust 2.0: Google unveils BeyondCorp Enterprise

  BeyondCorp Enterprise, which replaces Google's BeyondCorp Remote Access, uses the Chrome browser to extend the zero-trust platform to customers for continuous authentication.

• January 26, 2021 26 Jan'21

  Akamai: Extortion attempts increase in DDoS attacks

  New research from Akamai Technologies shows record-breaking DDoS attacks surged in 2020 while extortion-related campaigns against a variety of targets also increased.

• January 25, 2021 25 Jan'21

  SonicWall breached through 'probable' zero-day vulnerabilities

  SonicWall's internal systems were breached, and the company is investigating its Secure Mobile Access (SMA) 100 series, a remote access product for SMBs, as a possible vector.

• January 20, 2021 20 Jan'21

  FireEye releases new tool to fight SolarWinds hackers

  The new tool, dubbed Azure AD Investigator, will help audit Microsoft 365 environments for techniques used by the nation-state actors behind the SolarWinds supply chain attack.

• January 19, 2021 19 Jan'21

  SolarWinds supply chain attack explained: Need-to-know info

  The SolarWinds supply chain breach is the talk of the town -- and will be for months and years to come. Get informed and be part of the conversation with our guide.

• January 19, 2021 19 Jan'21

  Malwarebytes breached by SolarWinds hackers

  Malwarebytes, which is not a SolarWinds customer, confirmed that nation-state actors used an entirely different vector to breach the antimalware vendor and access internal emails.

• January 19, 2021 19 Jan'21

  FBI warns against vishing attacks targeting enterprises

  Though the FBI vishing warning references attacks that began in December 2019, the alert is reminiscent of the Twitter social engineering attacks that took place last July.

• January 14, 2021 14 Jan'21

  Tenable: Vulnerability disclosures skyrocketed over last 5 years

  New research from Tenable shows a dramatic increase in vulnerability disclosures since 2015, as well as concerning data about data breaches, ransomware threats and unpatched bugs.

• January 12, 2021 12 Jan'21

  Capitol building breach poses cybersecurity risks

  While security experts are divided on the level of risk, they agree there is a potential for threats after rioters stormed the Capitol building and ransacked offices.

• January 12, 2021 12 Jan'21

  SolarWinds confirms supply chain attack began in 2019

  SolarWinds and CrowdStrike published updates Monday that added new information for the timeline of the supply chain attack and how threat actors first gained access.

• January 11, 2021 11 Jan'21

  5 cybersecurity vendors to watch in 2021

  Despite the COVID-19 pandemic and economic setbacks, 2020 was another big year for investments in cybersecurity vendors. Here are five startups that stood out from the crowd.

• January 07, 2021 07 Jan'21

  Defending against SolarWinds attacks: What can be done?

  While no defense is guaranteed, zero-trust access and behavioral monitoring can be useful against nation-state hackers and threats like the SolarWinds attacks.

• January 06, 2021 06 Jan'21

  The SolarWinds attacks: What we know so far

  The SolarWinds attacks have left a massive impact on security, tech and the world at large, and events are still unfolding nearly a month after the initial disclosure.

• January 05, 2021 05 Jan'21

  10 of the biggest cyber attacks of 2020

  Here is a list of 10 of the largest cyber attacks of a pandemic-dominated 2020, including several devastating ransomware incidents and a massive supply chain attack.

• January 04, 2021 04 Jan'21

  Ransomware 'businesses': Does acting legitimate pay off?

  Ransomware gangs such as Maze have portrayed themselves almost like penetration testing firms and referred to victims as 'clients.' What's behind this approach?

• December 23, 2020 23 Dec'20

  Security measures critical for COVID-19 vaccine distribution

  The COVID-19 vaccine supply chain is already under attack, which comes as no surprise to experts. The biggest potential threats, however, are still to come.

• December 21, 2020 21 Dec'20

  SolarWinds backdoor infected tech giants, impact unclear

  Reports that technology giants were also affected by the SolarWinds backdoor malware have been confirmed by several major vendors, though there's no evidence they were breached.

• December 18, 2020 18 Dec'20

  Risk & Repeat: SolarWinds backdoor shakes infosec industry

  This week's Risk & Repeat podcast discusses the latest developments around the devastating SolarWinds backdoor attacks, which impacted several U.S. government agencies.

• December 17, 2020 17 Dec'20

  CISA: SolarWinds backdoor attacks are 'ongoing'

  A joint statement from the FBI, CISA and Office of the Director of National Intelligence says the SolarWinds backdoor attacks are 'ongoing' and have comprised federal agencies.

• December 17, 2020 17 Dec'20

  Microsoft, FireEye create kill switch for SolarWinds backdoor

  The kill switch follows several other moves Microsoft made against the malware, including the removal of digital certificates and quarantining the malware in Windows Defender.

• December 16, 2020 16 Dec'20

  SolarWinds struggles with response to supply chain attack

  Security researchers discovered the Orion DLL component containing the backdoor used was still present in updates on SolarWinds' website as recently as Monday night.

• December 16, 2020 16 Dec'20

  SolarWinds breach highlights dangers of supply chain attacks

  While the scope of the breach is still unknown, the cyber attack on SolarWinds shows what can happen when sophisticated attackers target just one link of a software supply chain.

• December 14, 2020 14 Dec'20

  SolarWinds backdoor used in nation-state cyber attacks

  Nation-state hackers conducted a supply chain attack on SolarWinds and planted a backdoor in software updates issued to customers such as FireEye and various government agencies.

• December 11, 2020 11 Dec'20

  FBI, CISA warn of growing ransomware attacks on K-12 schools

  The FBI and the Cybersecurity and Infrastructure Security Agency warned that cyber attacks targeting K-12 schools are expected to continue through the 2020 - 2021 school year.

• December 09, 2020 09 Dec'20

  FireEye red team tools stolen in cyber attack

  While no zero-day exploits were included in the red team tools, FireEye released detection rules and known vulnerabilities to help organizations defend themselves.

• December 08, 2020 08 Dec'20

  Forescout reports 33 new TCP/IP vulnerabilities

  The lack of consistent updates (and the open source nature of the stacks) make the Amnesia:33 vulnerabilities difficult to fix as well as make it difficult to comprehend the full impact.

• December 08, 2020 08 Dec'20

  New Microsoft Teams RCE vulnerability also wormable

  In his GitHub post, researcher Oskars Vegeris discussed Microsoft classifying the vulnerability as 'Important' rather than 'Critical,' despite it being exploitable via RCE.

• December 08, 2020 08 Dec'20

  Salesforce advised users to skip Chrome browser updates

  Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps.

• December 07, 2020 07 Dec'20

  Russian state-sponsored hackers exploit VMware vulnerability

  The NSA issued a cybersecurity advisory warning government agencies to mitigate as soon as possible, as the vulnerability was disclosed and patched last week.

• December 03, 2020 03 Dec'20

  Updated Trickbot malware threatens firmware security

  Despite recent takedown efforts, the operators behind the malicious botnet are back with a new module called 'TrickBoot' that detects UEFI/BIOS firmware vulnerabilities.

• December 01, 2020 01 Dec'20

  Ransomware attack shuts down Baltimore County schools

  Ransomware incapacitated Baltimore County Public Schools' network just before Thanksgiving, but the school system said students' Chromebooks and Google accounts were not impacted.

• December 01, 2020 01 Dec'20

  Online education vendor K12 hit with ransomware, pays ransom

  A spokesperson for K12 told SearchSecurity that based on the current status of the investigation, the attack did not affect student devices or school networks.

• November 20, 2020 20 Nov'20

  Risk & Repeat: Christopher Krebs out as CISA director

  This week's Risk & Repeat podcast discusses President Trump's firing of CISA Director Christopher Krebs, which was a controversial move in the infosec community.

• November 19, 2020 19 Nov'20

  White House questions election security; experts do not

  A number of infosec experts, election officials and government agencies say Election Day was free from hacking and cyber attacks, but the White House disagrees.

• November 18, 2020 18 Nov'20

  President Trump fires CISA director Christopher Krebs

  President Trump fired Krebs as director of CISA after the agency pushed back on unfounded accusations about widespread voter fraud and voting system hacks during the election.

• November 18, 2020 18 Nov'20

  Sophos: Ransomware 'heavyweights' demand sky-high payments

  Sophos principal research scientist Chet Wisniewski explains the presence of 'weight classes' in ransomware and offers his thoughts on its future.

• November 17, 2020 17 Nov'20

  CrowdStrike: Ransomware hit 56% of organizations in last year

  A new survey from CrowdStrike revealed more than half of 2,200 respondents' organizations were hit with a ransomware attack at least once in the past 12 months.