News

News

• December 17, 2020 17 Dec'20

  Microsoft, FireEye create kill switch for SolarWinds backdoor

  The kill switch follows several other moves Microsoft made against the malware, including the removal of digital certificates and quarantining the malware in Windows Defender.

• December 16, 2020 16 Dec'20

  SolarWinds struggles with response to supply chain attack

  Security researchers discovered the Orion DLL component containing the backdoor used was still present in updates on SolarWinds' website as recently as Monday night.

• December 16, 2020 16 Dec'20

  SolarWinds breach highlights dangers of supply chain attacks

  While the scope of the breach is still unknown, the cyber attack on SolarWinds shows what can happen when sophisticated attackers target just one link of a software supply chain.

• December 14, 2020 14 Dec'20

  SolarWinds backdoor used in nation-state cyber attacks

  Nation-state hackers conducted a supply chain attack on SolarWinds and planted a backdoor in software updates issued to customers such as FireEye and various government agencies.

• December 11, 2020 11 Dec'20

  FBI, CISA warn of growing ransomware attacks on K-12 schools

  The FBI and the Cybersecurity and Infrastructure Security Agency warned that cyber attacks targeting K-12 schools are expected to continue through the 2020 - 2021 school year.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• December 09, 2020 09 Dec'20

  FireEye red team tools stolen in cyber attack

  While no zero-day exploits were included in the red team tools, FireEye released detection rules and known vulnerabilities to help organizations defend themselves.

• December 08, 2020 08 Dec'20

  Forescout reports 33 new TCP/IP vulnerabilities

  The lack of consistent updates (and the open source nature of the stacks) make the Amnesia:33 vulnerabilities difficult to fix as well as make it difficult to comprehend the full impact.

• December 08, 2020 08 Dec'20

  New Microsoft Teams RCE vulnerability also wormable

  In his GitHub post, researcher Oskars Vegeris discussed Microsoft classifying the vulnerability as 'Important' rather than 'Critical,' despite it being exploitable via RCE.

• December 08, 2020 08 Dec'20

  Salesforce advised users to skip Chrome browser updates

  Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps.

• December 07, 2020 07 Dec'20

  Russian state-sponsored hackers exploit VMware vulnerability

  The NSA issued a cybersecurity advisory warning government agencies to mitigate as soon as possible, as the vulnerability was disclosed and patched last week.

• December 03, 2020 03 Dec'20

  Updated Trickbot malware threatens firmware security

  Despite recent takedown efforts, the operators behind the malicious botnet are back with a new module called 'TrickBoot' that detects UEFI/BIOS firmware vulnerabilities.

• December 01, 2020 01 Dec'20

  Ransomware attack shuts down Baltimore County schools

  Ransomware incapacitated Baltimore County Public Schools' network just before Thanksgiving, but the school system said students' Chromebooks and Google accounts were not impacted.

• December 01, 2020 01 Dec'20

  Online education vendor K12 hit with ransomware, pays ransom

  A spokesperson for K12 told SearchSecurity that based on the current status of the investigation, the attack did not affect student devices or school networks.

• November 20, 2020 20 Nov'20

  Risk & Repeat: Christopher Krebs out as CISA director

  This week's Risk & Repeat podcast discusses President Trump's firing of CISA Director Christopher Krebs, which was a controversial move in the infosec community.

• November 19, 2020 19 Nov'20

  White House questions election security; experts do not

  A number of infosec experts, election officials and government agencies say Election Day was free from hacking and cyber attacks, but the White House disagrees.

• November 18, 2020 18 Nov'20

  President Trump fires CISA director Christopher Krebs

  President Trump fired Krebs as director of CISA after the agency pushed back on unfounded accusations about widespread voter fraud and voting system hacks during the election.

• November 18, 2020 18 Nov'20

  Sophos: Ransomware 'heavyweights' demand sky-high payments

  Sophos principal research scientist Chet Wisniewski explains the presence of 'weight classes' in ransomware and offers his thoughts on its future.

• November 17, 2020 17 Nov'20

  CrowdStrike: Ransomware hit 56% of organizations in last year

  A new survey from CrowdStrike revealed more than half of 2,200 respondents' organizations were hit with a ransomware attack at least once in the past 12 months.

• November 13, 2020 13 Nov'20

  Risk & Repeat: 2020 election security in review

  This week's Risk & Repeat podcast looks back at the 2020 election, which was free of major cyber attacks or hacks but has seen a rise in disinformation campaigns online.

• November 12, 2020 12 Nov'20

  25,000 criminal reports: Vastaamo breach sets new precedent

  The recent data breach at the Vastaamo Psychotherapy Centre in Finland shows threat actors are willing to threaten and extort patients directly, setting a dangerous new precedent.

• November 12, 2020 12 Nov'20

  Life after Maze: Is Egregor ransomware next?

  Cybersecurity experts have noted similarities between newly discovered Egregor ransomware and the now-defunct Maze, but it's unclear whether the same threat actors are involved.

• November 11, 2020 11 Nov'20

  Palo Alto Networks buys Expanse for $800 million

  Palo Alto Networks continued its acquisition spree with an agreement to purchase San Francisco-based security vendor Expanse, which specializes in attack surface management.

• November 09, 2020 09 Nov'20

  CISA: No election hacking, but plenty of misinformation

  Election Day in the U.S. occurred with no evidence of cyber attacks or voting machine hacks, but CISA has its hands full with disinformation and conspiracy theories.

• November 04, 2020 04 Nov'20

  SaltStack discloses critical vulnerabilities, urges patching

  The SaltStack vulnerabilities, disclosed Tuesday, allow remote attackers to execute arbitrary code on affected installations of the popular open source software.

• November 02, 2020 02 Nov'20

  Maze gang shuts down its ransomware operation

  Maze ransomware has shut down, according to an announcement it posted Sunday, although some evidence suggests that Maze operators have resumed attacks under a different name.

• October 29, 2020 29 Oct'20

  FBI, CISA warn of impending ransomware attacks on hospitals

  Trickbot and Ryuk ransomware actors are targeting hospitals and other healthcare providers, according to a joint cybersecurity advisory from the CISA and the FBI.

• October 28, 2020 28 Oct'20

  Ping Identity launches passwordless authentication system

  Ping's new suite of authentication features looks to secure accounts and login processes by eliminating the need for usernames and passwords, which are often reused and an easy target.

• October 28, 2020 28 Oct'20

  'Lives at stake': How ransomware impacts hospitals

  Some ransomware gangs pledged to not target medical facilities during the COVID-19 pandemic, but hospitals are still getting hit. And the attacks affect more than just IT systems.

• October 27, 2020 27 Oct'20

  Mitre ATT&CK: How it has evolved and grown

  Adoption of the Mitre ATT&CK framework, which saw version 8.0 released Tuesday, has grown rapidly over the last years, though challenges still remain for enterprise users.

• October 22, 2020 22 Oct'20

  Iranian hackers pose as far-right group to threaten U.S. voters

  The FBI said Russia and Iran have obtained voter information, and Iranian hackers have also been sending threatening emails to voters that appeared to be from a far-right group.

• October 22, 2020 22 Oct'20

  McAfee launches IPO, raises $620 million

  McAfee has returned to Wall Street, which comes months after the endpoint security vendor's previous CEO, Christopher Young, was replaced by Peter Leav in January.

• October 21, 2020 21 Oct'20

  Microsoft: 94% of Trickbot's infrastructure disabled

  In a new blog post, Microsoft said its legal takedown last week, which sought to decrease Trickbot activity, disabled the vast majority of the botnet's servers.

• October 21, 2020 21 Oct'20

  NSA issues advisory against Chinese state-sponsored hackers

  Among the 25 vulnerabilities listed in the NSA advisory, numerous were critical and carried a CVSS score either at or close to 10, the highest possible.

• October 20, 2020 20 Oct'20

  NSS Labs ceases operations amid financial turmoil

  Product testing firm NSS Labs shut down last week, citing negative effects of COVID-19, but former employees say the company's troubles started well before the pandemic.

• October 20, 2020 20 Oct'20

  After a brief pause, Trickbot rebounds from takedown efforts

  Attempts to disrupt the notorious Trickbot botnet, most recently through Microsoft's legal takedown, have proven short-lived as ransomware attacks have resumed.

• October 19, 2020 19 Oct'20

  Combating disinformation campaigns ahead of 2020 election

  As the 2020 election approaches, more focus needs to be on overcoming disinformation campaigns that manipulate voters as they vote early or head to the polls on Election Day.

• October 14, 2020 14 Oct'20

  Blockchain or bust? Experts debate applications for elections

  Blockchain has been proposed as a solution for security issues around e-voting. But some infosec experts are skeptical that the technology is the right fit for U.S. elections.

• October 13, 2020 13 Oct'20

  Trickbot takedown: Will it make a dent in ransomware attacks?

  A court order allowed Microsoft and several partners to take down the Trickbot botnet, which is commonly used to deploy ransomware, but it's unclear how long the impact will last.

• October 12, 2020 12 Oct'20

  Hackers exploit Netlogon flaw to attack government networks

  CISA issued an alert stating those government networks that were targeted by the APT were close to election systems and the activity may pose some risk to those systems.

• October 08, 2020 08 Oct'20

  Should ransomware payments be banned? Experts weigh in

  Two events -- a new advisory and what might be the first ransomware-related death -- have reignited the debate of whether ransomware payments should be banned.

• October 07, 2020 07 Oct'20

  Raccine: A ransomware 'vaccine' with a few catches

  Raccine, an open source 'vaccine,' prevents ransomware threat actors from using a Windows utility to delete shadow copies of a system's data, but there are a few drawbacks.

• October 07, 2020 07 Oct'20

  Ping acquires blockchain identity startup ShoCard

  Ping accelerated its push into the personal identity management market with the acquisition of ShoCard, which uses a blockchain-based platform to manage consumer identities.

• October 05, 2020 05 Oct'20

  Surge in ransomware attacks threatens student data

  Ransomware attacks are not the only threats facing K-12 schools during the COVID-19 pandemic. Cybercriminals are stealing and exposing students' personal data as well.

• October 01, 2020 01 Oct'20

  Potential ransomware-related death still under investigation

  German authorities say they are still investigating the death of a patient in connection with a ransomware attack on Düsseldorf University Hospital in Germany last month.

• September 28, 2020 28 Sep'20

  Ivanti makes double acquisition of MobileIron, Pulse Secure

  Ivanti will acquire all outstanding shares of MobileIron stock for approximately $872 million. The financial terms of Pulse Secure's acquisition were not disclosed.

• September 28, 2020 28 Sep'20

  IBM: Ransomware attacks surged in Q2, ransom demands rising

  IBM Security examined several concerning ransomware for this year, as well as an exponential increase in ransom demands and massive spike in attacks during the spring.

• September 24, 2020 24 Sep'20

  Microsoft detects Netlogon vulnerability exploitation in the wild

  While Microsoft released a patch last month for the Netlogon flaw, the company said it detected threat actors using exploits for the critical vulnerability.

• September 24, 2020 24 Sep'20

  Shopify discloses data breach caused by insider threats

  Canadian e-commerce company Shopify disclosed a data breach involving two insider threats, but questions remain about the breach and how it was discovered.

• September 23, 2020 23 Sep'20

  FBI: Disinformation attacks on election results 'likely'

  Foreign threat actors and cybercriminals are "likely" to spread disinformation around 2020 election results through social media and also alter election-related websites.

• September 23, 2020 23 Sep'20

  ConnectWise launches bug bounty program to boost security

  ConnectWise, which provides remote management software to MSPs, partnered with HackerOne in its first bug bounty program, which is part of a larger strategy to improve security.

• September 21, 2020 21 Sep'20

  Cyber attacks on schools increasing amid remote learning shift

  The pandemic forced schools to make a quick transition to remote learning with little resources and weak security postures, and threat actors have increased their attacks.

• September 17, 2020 17 Sep'20

  Gartner: Paying after ransomware attacks carries big risks

  The average cost of a ransomware payment in Q1 2020 was $178,254, according to a session at Gartner's Security & Risk Management Summit -- and that doesn't include downtime cost.

• September 17, 2020 17 Sep'20

  Maze ransomware gang uses VMs to evade detection

  A Sophos investigation into a Maze ransomware attack revealed that threat actors borrowed an attack technique pioneered by Ragnar Locker operators earlier this year.

• September 16, 2020 16 Sep'20

  Gartner: Securing remote workforce a top priority

  In a COVID-19 pandemic world with new security threats and risks emerging, Gartner analysts discussed the urgency of securing access and devices for remote employees.

• September 15, 2020 15 Sep'20

  Gartner: Privileged access management a must in 2020

  Gartner's 2020 Security & Risk Management Summit focused on the importance of privileged access management to cybersecurity as threat actors increasingly target admin credentials.

• September 10, 2020 10 Sep'20

  Disinformation, mail-in ballots top election security concerns

  While there have been no major cyberattacks this election season, threat actors are waging disinformation campaigns around hot-button issues like mail-in ballots.

• September 09, 2020 09 Sep'20

  Intel patches critical flaw in Active Management Technology

  Intel's Patch Tuesday featured four security advisories, including a critical flaw in Active Management Technology that could allow an attacker privilege escalation.

• September 03, 2020 03 Sep'20

  CISA issues vulnerability disclosure order for federal agencies

  The U.S. Cybersecurity and Infrastructure Security Agency gives a directive for federal agencies to establish vulnerability disclosure policies in the next 180 calendar days.

• September 02, 2020 02 Sep'20

  CISA and FBI say there have been no hacks on voter databases

  After a false Russian news report circulated on the internet, CISA and the FBI released a joint statement that denied any hacks to election security.

• September 01, 2020 01 Sep'20

  Big ransomware attacks overshadowing other alarming trends

  Large ransomware attacks on major enterprises have dominated the news, but security experts say there are other alarming trends.

• August 31, 2020 31 Aug'20

  Cisco issues alert for zero-day vulnerability under attack

  Cisco discovered attempted exploitation of a high-severity vulnerability found in the IOS XR software used in some of its networking equipment.

• August 31, 2020 31 Aug'20

  The Uber data breach cover-up: A timeline of events

  The criminal charges against former Uber CSO Joe Sullivan were the latest development in the ongoing scandal over the ride-sharing company's concealment of a 2016 data breach.

• August 27, 2020 27 Aug'20

  North Korea's 'BeagleBoyz' target banks with ATM cash-out attacks

  The U.S. Government issued a joint alert for an ATM cash-out scheme run by a newly identified North Korean nation-state hacking group known as 'BeagleBoyz.'

• August 27, 2020 27 Aug'20

  Maze ransomware 'cartel' expands with new members

  Two more ransomware groups have apparently joined the Maze 'cartel' in an effort to expose victims' data on leak sites and shame them into paying expensive ransoms.

• August 25, 2020 25 Aug'20

  'Meow' attacks top 25,000 exposed databases, services

  One month after the notorious 'meow' attacks were first detected, the threat to misconfigured databases exposed on the internet shows little sign of slowing down.

• August 24, 2020 24 Aug'20

  FBI and CISA issue vishing campaign warning

  The FBI and CISA have issued a joint advisory related to a vishing campaign that began in mid-July, with numerous attacks that gained access to corporate VPN credentials.

• August 21, 2020 21 Aug'20

  Claroty: 70% of ICS vulnerabilities are remotely exploitable

  Out of 365 ICS vulnerabilities that were disclosed by the National Vulnerability Database in the first half of 2020, Claroty found more than 70% can be remotely exploited.

• August 21, 2020 21 Aug'20

  Former Uber CSO charged over 'hush money' payment to hackers

  Joe Sullivan, who was fired by Uber in 2017, was charged by federal prosecutors for allegedly covering up a massive 2016 data breach at the ride-sharing company.

• August 18, 2020 18 Aug'20

  Apache Struts vulnerabilities allow remote code execution, DoS

  The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities that were originally patched but not fully disclosed last fall.

• August 17, 2020 17 Aug'20

  Email enigma: Why is Canada hit with so many phishing attacks?

  Canada has become an increasingly popular target for phishing attacks, according to several security vendors, but the reasons for the increase remain a mystery.

• August 14, 2020 14 Aug'20

  Risk & Repeat: Black Hat 2020 highlights

  This week's Risk & Repeat podcast recaps Black Hat USA 2020 and discusses some of the best sessions, worst vulnerabilities and the overall virtual conference experience.

• August 12, 2020 12 Aug'20

  Kaspersky reveals 2 Windows zero-days from failed attack

  Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer.

• August 11, 2020 11 Aug'20

  Healthcare CISO offers alternatives to 'snake oil' companies

  Indiana University Health CISO Mitchell Parker discussed internal risk assessments, security snake oil salesmen and more at his Black Hat USA 2020 talk.

• August 10, 2020 10 Aug'20

  Games, not shame: Why security awareness training needs a makeover

  Elevate Security co-founder Masha Sedova spoke at Black Hat USA 2020 about why traditional security awareness training is ineffective and fails to change risky behavior.

• August 07, 2020 07 Aug'20

  10 years after Stuxnet, new zero-days discovered

  A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020.

• August 07, 2020 07 Aug'20

  Not just politics: Disinformation campaigns hit enterprises, too

  In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises.

• August 06, 2020 06 Aug'20

  Voting vendor ES&S unveils vulnerability disclosure program

  Election Systems & Software, the biggest vendor of U.S. voting equipment, will allow the security researcher community to test its elections equipment for vulnerabilities.

• August 06, 2020 06 Aug'20

  CISA chief: Ransomware could threaten election security

  During a Black Hat USA 2020 session, CISA Chief Christopher Krebs said ransomware attacks on city, state and local governments are a major concern for election security.

• August 06, 2020 06 Aug'20

  Ripple20 vulnerabilities still plaguing IoT devices

  Months after Ripple20 vulnerabilities were reported, things haven't gotten much better, say experts at Black Hat USA 2020. In fact, the world may never be fully rid of the flaws.

• August 05, 2020 05 Aug'20

  Matt Blaze warns of election security challenges amid COVID-19

  In his Black Hat USA 2020 keynote, security researcher Matt Blaze discussed the challenges facing U.S. elections this year and what must be done to solve them.

• August 04, 2020 04 Aug'20

  Twitter breach raises concerns over phone phishing

  The alleged mastermind behind the Twitter breach has been arrested, and the method of social engineering attack has also been revealed: phone phishing, or vishing.

• August 04, 2020 04 Aug'20

  Risk & Repeat: Sophos warns of evolving ransomware threats

  Dan Schiappa and Chester Wisniewski of Sophos join the Risk & Repeat podcast to discuss how ransomware groups are evolving and embracing innovative evasion techniques.

• July 30, 2020 30 Jul'20

  'Meow' attacks continue, thousands of databases deleted

  More than one week later, the mysterious attacks on insecure databases on ElasticSearch, MongoDB and others have not only persisted but grown, with no explanation.

• July 29, 2020 29 Jul'20

  'BootHole' bug puts most Linux, Windows systems in jeopardy

  Hardware security vendor Eclypsium discovered a bootloader vulnerability that bypasses Secure Boot protection and affects a majority of modern Linux and Windows systems.

• July 29, 2020 29 Jul'20

  IBM: Compromised credentials led to higher data breach costs

  The average total cost of a data breach is $3.86 million, according to new research from IBM and the Ponemon Institute, and compromised credentials are the biggest reason why.

• July 27, 2020 27 Jul'20

  Emotet botnet hacked, malware replaced with humorous GIFs

  Malware distribution network Emotet has been hacked by a potential threat actor of unknown origin, with malware payloads now being replaced with GIFs of James Franco and others.

• July 27, 2020 27 Jul'20

  Digital ad networks tied to malvertising threats -- again

  Adsterra and Propeller Ads were implicated in past malvertising threats such the Master134 campaign. Now the two ad networks are linked to new malicious activity.

• July 23, 2020 23 Jul'20

  'Meow' attacks wipe more than 1,000 exposed databases

  A new threat has hit more than 1,000 unsecured databases on ElasticSearch, MongoDB and other platforms, destroying data and replacing files with a single word: meow.

• July 23, 2020 23 Jul'20

  Microsoft unveils new DLP, 'Double Key Encryption' offerings

  Microsoft revealed new security products and features this week, including an Endpoint Data Loss Prevention product as well as "Double Key Encryption" for Microsoft 365.

• July 23, 2020 23 Jul'20

  Evasive phishing campaign hid inside Google cloud services

  A new report by Check Point Software Technologies revealed attackers were abusing Google Cloud Functions to hide their phishing links within public cloud services.

• July 20, 2020 20 Jul'20

  Twitter breach caused by social engineering attack

  Twitter was breached last Wednesday though a social engineering attack. Forty-five accounts were hijacked and up to eight accounts may have had their private messages stolen.

• July 17, 2020 17 Jul'20

  'SigRed' alert: Experts urge action on Windows DNS vulnerability

  Experts are urging organizations to take immediate action on SigRed, a 17-year-old Windows DNS server vulnerability discovered by Check Point Research and patched by Microsoft.

• July 17, 2020 17 Jul'20

  Identity theft subscription services uncovered on dark web

  Identity theft subscriptions are now being offered on the dark web. This information is being used for carding operations, account generation and other cybercrime schemes.

• July 17, 2020 17 Jul'20

  Risk & Repeat: Twitter breach leads to account hijacking

  This week's Risk & Repeat podcast discusses how threat actors gained access to Twitter's internal systems and hijacked the accounts of Jeff Bezos, Bill Gates and others.

• July 15, 2020 15 Jul'20

  Advent, Forescout bury the hatchet with new acquisition deal

  Despite an ugly legal dispute and allegations of channel stuffing, Advent International and Forescout Technologies are moving forward with an amended acquisition agreement.

• July 15, 2020 15 Jul'20

  Attackers find new way to exploit Docker APIs

  Aqua Security released research detailing a new tactic where the attacker exploits a misconfigured Docker API port in order to build and run a malicious container image on the host.

• July 15, 2020 15 Jul'20

  Citrix data exposed in third-party breach

  Citrix CISO Fermin Serna said a third-party organization is investigating a data breach after some of the vendor's customer data ended up on a dark web marketplace.

• July 13, 2020 13 Jul'20

  RSA finds two-thirds of phishing attacks directed at Canada

  RSA Security researchers found that nearly 70% of phishing attacks were directed at users in Canada, while the majority of attacks come from U.S.-based ISPs and hosting providers.

• July 10, 2020 10 Jul'20

  Cybercriminals auction off admin credentials for $3,000

  Threat actors are auctioning off domain administrator accounts, selling access to the highest bidder for an average of $3,139 and up to $140,000, according to Digital Shadows.

• July 09, 2020 09 Jul'20

  Data theft in ransomware attacks may change disclosure game

  Many ransomware attacks aren't publicly disclosed. But as ransomware gangs continue to steal, encrypt and threaten to publicly release data, that may be changing.