News
News
- March 04, 2021
04 Mar'21
Microsoft makes passwordless push in Azure Active Directory
To adapt to security challenges like remote work and increasingly sophisticated threats, Microsoft is building a passwordless ecosystem within Azure Active Directory.
- March 04, 2021
04 Mar'21
Microsoft's security roadmap goes all-in on 365 Defender
Microsoft 365 Defender's new threat analytics feature includes step-by-step reports on attacks, vulnerabilities and more, as well as links to relevant alerts in each report.
- March 04, 2021
04 Mar'21
Okta acquires identity rival Auth0 for $6.5 billion
Okta CEO Todd McKinnon said Auth0 shares his company's vision to establish identity services as one of the 'primary clouds' for enterprises, such as IaaS and collaboration.
-
- March 03, 2021
03 Mar'21
Microsoft Exchange Server zero-days exploited in the wild
Both the Cybersecurity and Infrastructure Security Agency and National Security Agency advise patching the Exchange Server zero-days immediately.
- March 03, 2021
03 Mar'21
Accellion FTA attacks claim more victims
More details have emerged about the Accellion FTA attacks since the December disclosure, including possible threat groups behind the breach and a growing list of victims.
-
Sponsored News
-
It’s Time to Modernize Your SOC
Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More
-
6 Factors to Consider in Building Resilience Now
Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More
-
Why Zero Trust, Why Now
Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More
-
5 Best Practices To Secure Remote Workers
Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More
-
- March 01, 2021
01 Mar'21
Chinese threat group 'RedEcho' targeting Indian power grid
The Chinese nation-state actor's targets include 10 different Indian power sector organizations, but Recorded Future said there's no evidence RedEcho triggered blackouts.
- February 26, 2021
26 Feb'21
Risk & Repeat: Inside the SolarWinds Senate hearing
This week's Senate Intelligence Committee hearing on SolarWinds tackled the attribution case against Russian state-sponsored hackers, as well as questions for AWS.
- February 25, 2021
25 Feb'21
Vastaamo breach, bankruptcy indicate troubling trend
The blackmailing of patients directly, as well as the resulting bankruptcy of Vastaamo Psychotherapy Centre, could single a shift in cyber crime tactics.
- February 24, 2021
24 Feb'21
Senate hearing: SolarWinds evidence points to Russia
Executives from Microsoft and FireEye said that there was substantial evidence pointing to Russia's role in the SolarWinds attack and no evidence found leading anywhere else.
- February 24, 2021
24 Feb'21
Dragos: ICS security threats grew threefold in 2020
A new report highlights the challenges facing ICS vendors today, including practices that are geared toward traditional IT and not designed for ICS security.
-
- February 22, 2021
22 Feb'21
Chinese APT used stolen NSA exploit for years
Check Point's report details how a zero-day exploit credited to a Chinese nation-state threat group "is in fact a replica of an Equation Group exploit code-named 'EpMe.'"
- February 18, 2021
18 Feb'21
White House: 100 companies compromised in SolarWinds hack
The White House discussed its response to the SolarWinds attacks, which so far have compromised nine federal agencies and approximately 100 private sector companies.
- February 17, 2021
17 Feb'21
Wide net cast on potential Accellion breach victims
While Accellion fixed the zero-day vulnerability within 72 hours and said the breach affected 'less than 50 customers,' the attack's impact has expanded two weeks after the disclosure.
- February 17, 2021
17 Feb'21
DOJ indicts additional WannaCry conspirators
The unsealed indictments accuse three individuals of being part of a hacking group, known as APT38 or Lazarus Group, within a North Korean military intelligence agency.
- February 17, 2021
17 Feb'21
Risk & Repeat: SolarWinds and the hacking back debate
This week's Risk & Repeat podcast looks at a recent '60 Minutes' episode that discussed the possibility of the U.S. government hacking back in response to the SolarWinds attacks.
- February 12, 2021
12 Feb'21
Risk & Repeat: Oldsmar water plant breach raises concerns
This week's Risk & Repeat podcast looks at how an unknown threat actor used TeamViewer to manipulate chemical levels in a water treatment facility in Oldsmar, Fla.
- February 11, 2021
11 Feb'21
Oldsmar water plant computers shared TeamViewer password
In addition to the advisory published by Massachusetts officials, the FBI issued a private industry notification Tuesday that referenced poor password security.
- February 10, 2021
10 Feb'21
Researcher used open source supply chain to breach tech giants
Security researcher Alex Birsan breached several major tech companies, including Microsoft and Apple, through a novel technique that manipulated open source supply chains.
- February 09, 2021
09 Feb'21
SolarWinds breach news center
The massive SolarWinds supply-chain attack continues to invade networks. Here's the latest news on the breach, how the malware infiltrates systems and the IT industry response.
- February 09, 2021
09 Feb'21
Florida city's water nearly poisoned in TeamViewer attack
The intruder increased the quantity of sodium hydroxide in the water from 100 parts per million to 11,100 parts per million briefly before a water plant operator fixed it.
- February 09, 2021
09 Feb'21
Ninety percent of dark web hacking forum posts come from buyers
Positive Technologies built a picture of dark web hacking forums via data from the 10 active forums and over 8 million users, though the veracity of such posts remains unclear.
- February 08, 2021
08 Feb'21
Microsoft, SolarWinds in dispute over nation-state attacks
The latest investigation updates from SolarWinds and Microsoft offer differing views on how nation-state threat actors compromised SolarWinds' environment.
- February 05, 2021
05 Feb'21
Risk & Repeat: Diving into the dark web
This week's Risk & Repeat podcast discusses the state of the dark web in 2021, how it has changed and what enterprises should know about the threats that exist there.
- February 04, 2021
04 Feb'21
SolarWinds Office 365 environment compromised
SolarWinds CEO Sudhakar Ramakrishna said nation-state threat actors first compromised a single email account and later gained access to the company's Orion platform environment.
- February 02, 2021
02 Feb'21
SonicWall confirms zero-day vulnerability on SMA 100 series
After testing NCC Group's findings, SonicWall 'confirmed their submission as a critical zero-day in the SMA 100 series 10.x code, and are tracking it as SNWLID-2021-0001.'
- February 02, 2021
02 Feb'21
How a social engineering campaign fooled infosec researchers
Impersonation tactics in social engineering attacks have become so elaborate that even highly aware members of the infosec community can fall victim to them.
- February 01, 2021
01 Feb'21
The dark web in 2021: Should enterprises be worried?
SearchSecurity spoke with multiple experts to find out how the dark web has changed, what the security risks are for enterprises and the value of dark web monitoring services.
- January 28, 2021
28 Jan'21
DOJ charges suspect in NetWalker ransomware attacks
The Department of Justice launched a coordinated effort to disrupt the notorious ransomware operation, which has infected healthcare organizations during the COVID-19 pandemic.
- January 27, 2021
27 Jan'21
Emotet taken down in global law enforcement operation
Ukraine's National Police said two citizens of Ukraine face up to 12 years in prison for their role in maintaining and operating Emotet, and other suspects have been identified.
- January 26, 2021
26 Jan'21
Mimecast certificate compromised by SolarWinds hackers
Mimecast conducted an investigation after being alerted by Microsoft that a certificate for Microsoft 365 Exchange Web Services authentication was stolen by a sophisticated actor.
- January 26, 2021
26 Jan'21
Zero trust 2.0: Google unveils BeyondCorp Enterprise
BeyondCorp Enterprise, which replaces Google's BeyondCorp Remote Access, uses the Chrome browser to extend the zero-trust platform to customers for continuous authentication.
- January 26, 2021
26 Jan'21
Akamai: Extortion attempts increase in DDoS attacks
New research from Akamai Technologies shows record-breaking DDoS attacks surged in 2020 while extortion-related campaigns against a variety of targets also increased.
- January 25, 2021
25 Jan'21
SonicWall breached through 'probable' zero-day vulnerabilities
SonicWall's internal systems were breached, and the company is investigating its Secure Mobile Access (SMA) 100 series, a remote access product for SMBs, as a possible vector.
- January 20, 2021
20 Jan'21
FireEye releases new tool to fight SolarWinds hackers
The new tool, dubbed Azure AD Investigator, will help audit Microsoft 365 environments for techniques used by the nation-state actors behind the SolarWinds supply chain attack.
- January 19, 2021
19 Jan'21
SolarWinds supply chain attack explained: Need-to-know info
The SolarWinds supply chain breach is the talk of the town -- and will be for months and years to come. Get informed and be part of the conversation with our guide.
- January 19, 2021
19 Jan'21
Malwarebytes breached by SolarWinds hackers
Malwarebytes, which is not a SolarWinds customer, confirmed that nation-state actors used an entirely different vector to breach the antimalware vendor and access internal emails.
- January 19, 2021
19 Jan'21
FBI warns against vishing attacks targeting enterprises
Though the FBI vishing warning references attacks that began in December 2019, the alert is reminiscent of the Twitter social engineering attacks that took place last July.
- January 14, 2021
14 Jan'21
Tenable: Vulnerability disclosures skyrocketed over last 5 years
New research from Tenable shows a dramatic increase in vulnerability disclosures since 2015, as well as concerning data about data breaches, ransomware threats and unpatched bugs.
- January 12, 2021
12 Jan'21
Capitol building breach poses cybersecurity risks
While security experts are divided on the level of risk, they agree there is a potential for threats after rioters stormed the Capitol building and ransacked offices.
- January 12, 2021
12 Jan'21
SolarWinds confirms supply chain attack began in 2019
SolarWinds and CrowdStrike published updates Monday that added new information for the timeline of the supply chain attack and how threat actors first gained access.
- January 11, 2021
11 Jan'21
5 cybersecurity vendors to watch in 2021
Despite the COVID-19 pandemic and economic setbacks, 2020 was another big year for investments in cybersecurity vendors. Here are five startups that stood out from the crowd.
- January 07, 2021
07 Jan'21
Defending against SolarWinds attacks: What can be done?
While no defense is guaranteed, zero-trust access and behavioral monitoring can be useful against nation-state hackers and threats like the SolarWinds attacks.
- January 06, 2021
06 Jan'21
The SolarWinds attacks: What we know so far
The SolarWinds attacks have left a massive impact on security, tech and the world at large, and events are still unfolding nearly a month after the initial disclosure.
- January 05, 2021
05 Jan'21
10 of the biggest cyber attacks of 2020
Here is a list of 10 of the largest cyber attacks of a pandemic-dominated 2020, including several devastating ransomware incidents and a massive supply chain attack.
- January 04, 2021
04 Jan'21
Ransomware 'businesses': Does acting legitimate pay off?
Ransomware gangs such as Maze have portrayed themselves almost like penetration testing firms and referred to victims as 'clients.' What's behind this approach?
- December 23, 2020
23 Dec'20
Security measures critical for COVID-19 vaccine distribution
The COVID-19 vaccine supply chain is already under attack, which comes as no surprise to experts. The biggest potential threats, however, are still to come.
- December 21, 2020
21 Dec'20
SolarWinds backdoor infected tech giants, impact unclear
Reports that technology giants were also affected by the SolarWinds backdoor malware have been confirmed by several major vendors, though there's no evidence they were breached.
- December 18, 2020
18 Dec'20
Risk & Repeat: SolarWinds backdoor shakes infosec industry
This week's Risk & Repeat podcast discusses the latest developments around the devastating SolarWinds backdoor attacks, which impacted several U.S. government agencies.
- December 17, 2020
17 Dec'20
CISA: SolarWinds backdoor attacks are 'ongoing'
A joint statement from the FBI, CISA and Office of the Director of National Intelligence says the SolarWinds backdoor attacks are 'ongoing' and have comprised federal agencies.
- December 17, 2020
17 Dec'20
Microsoft, FireEye create kill switch for SolarWinds backdoor
The kill switch follows several other moves Microsoft made against the malware, including the removal of digital certificates and quarantining the malware in Windows Defender.
- December 16, 2020
16 Dec'20
SolarWinds struggles with response to supply chain attack
Security researchers discovered the Orion DLL component containing the backdoor used was still present in updates on SolarWinds' website as recently as Monday night.
- December 16, 2020
16 Dec'20
SolarWinds breach highlights dangers of supply chain attacks
While the scope of the breach is still unknown, the cyber attack on SolarWinds shows what can happen when sophisticated attackers target just one link of a software supply chain.
- December 14, 2020
14 Dec'20
SolarWinds backdoor used in nation-state cyber attacks
Nation-state hackers conducted a supply chain attack on SolarWinds and planted a backdoor in software updates issued to customers such as FireEye and various government agencies.
- December 11, 2020
11 Dec'20
FBI, CISA warn of growing ransomware attacks on K-12 schools
The FBI and the Cybersecurity and Infrastructure Security Agency warned that cyber attacks targeting K-12 schools are expected to continue through the 2020 - 2021 school year.
- December 09, 2020
09 Dec'20
FireEye red team tools stolen in cyber attack
While no zero-day exploits were included in the red team tools, FireEye released detection rules and known vulnerabilities to help organizations defend themselves.
- December 08, 2020
08 Dec'20
Forescout reports 33 new TCP/IP vulnerabilities
The lack of consistent updates (and the open source nature of the stacks) make the Amnesia:33 vulnerabilities difficult to fix as well as make it difficult to comprehend the full impact.
- December 08, 2020
08 Dec'20
New Microsoft Teams RCE vulnerability also wormable
In his GitHub post, researcher Oskars Vegeris discussed Microsoft classifying the vulnerability as 'Important' rather than 'Critical,' despite it being exploitable via RCE.
- December 08, 2020
08 Dec'20
Salesforce advised users to skip Chrome browser updates
Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps.
- December 07, 2020
07 Dec'20
Russian state-sponsored hackers exploit VMware vulnerability
The NSA issued a cybersecurity advisory warning government agencies to mitigate as soon as possible, as the vulnerability was disclosed and patched last week.
- December 03, 2020
03 Dec'20
Updated Trickbot malware threatens firmware security
Despite recent takedown efforts, the operators behind the malicious botnet are back with a new module called 'TrickBoot' that detects UEFI/BIOS firmware vulnerabilities.
- December 01, 2020
01 Dec'20
Ransomware attack shuts down Baltimore County schools
Ransomware incapacitated Baltimore County Public Schools' network just before Thanksgiving, but the school system said students' Chromebooks and Google accounts were not impacted.
- December 01, 2020
01 Dec'20
Online education vendor K12 hit with ransomware, pays ransom
A spokesperson for K12 told SearchSecurity that based on the current status of the investigation, the attack did not affect student devices or school networks.
- November 20, 2020
20 Nov'20
Risk & Repeat: Christopher Krebs out as CISA director
This week's Risk & Repeat podcast discusses President Trump's firing of CISA Director Christopher Krebs, which was a controversial move in the infosec community.
- November 19, 2020
19 Nov'20
White House questions election security; experts do not
A number of infosec experts, election officials and government agencies say Election Day was free from hacking and cyber attacks, but the White House disagrees.
- November 18, 2020
18 Nov'20
President Trump fires CISA director Christopher Krebs
President Trump fired Krebs as director of CISA after the agency pushed back on unfounded accusations about widespread voter fraud and voting system hacks during the election.
- November 18, 2020
18 Nov'20
Sophos: Ransomware 'heavyweights' demand sky-high payments
Sophos principal research scientist Chet Wisniewski explains the presence of 'weight classes' in ransomware and offers his thoughts on its future.
- November 17, 2020
17 Nov'20
CrowdStrike: Ransomware hit 56% of organizations in last year
A new survey from CrowdStrike revealed more than half of 2,200 respondents' organizations were hit with a ransomware attack at least once in the past 12 months.
- November 13, 2020
13 Nov'20
Risk & Repeat: 2020 election security in review
This week's Risk & Repeat podcast looks back at the 2020 election, which was free of major cyber attacks or hacks but has seen a rise in disinformation campaigns online.
- November 12, 2020
12 Nov'20
25,000 criminal reports: Vastaamo breach sets new precedent
The recent data breach at the Vastaamo Psychotherapy Centre in Finland shows threat actors are willing to threaten and extort patients directly, setting a dangerous new precedent.
- November 12, 2020
12 Nov'20
Life after Maze: Is Egregor ransomware next?
Cybersecurity experts have noted similarities between newly discovered Egregor ransomware and the now-defunct Maze, but it's unclear whether the same threat actors are involved.
- November 11, 2020
11 Nov'20
Palo Alto Networks buys Expanse for $800 million
Palo Alto Networks continued its acquisition spree with an agreement to purchase San Francisco-based security vendor Expanse, which specializes in attack surface management.
- November 09, 2020
09 Nov'20
CISA: No election hacking, but plenty of misinformation
Election Day in the U.S. occurred with no evidence of cyber attacks or voting machine hacks, but CISA has its hands full with disinformation and conspiracy theories.
- November 04, 2020
04 Nov'20
SaltStack discloses critical vulnerabilities, urges patching
The SaltStack vulnerabilities, disclosed Tuesday, allow remote attackers to execute arbitrary code on affected installations of the popular open source software.
- November 02, 2020
02 Nov'20
Maze gang shuts down its ransomware operation
Maze ransomware has shut down, according to an announcement it posted Sunday, although some evidence suggests that Maze operators have resumed attacks under a different name.
- October 29, 2020
29 Oct'20
FBI, CISA warn of impending ransomware attacks on hospitals
Trickbot and Ryuk ransomware actors are targeting hospitals and other healthcare providers, according to a joint cybersecurity advisory from the CISA and the FBI.
- October 28, 2020
28 Oct'20
Ping Identity launches passwordless authentication system
Ping's new suite of authentication features looks to secure accounts and login processes by eliminating the need for usernames and passwords, which are often reused and an easy target.
- October 28, 2020
28 Oct'20
'Lives at stake': How ransomware impacts hospitals
Some ransomware gangs pledged to not target medical facilities during the COVID-19 pandemic, but hospitals are still getting hit. And the attacks affect more than just IT systems.
- October 27, 2020
27 Oct'20
Mitre ATT&CK: How it has evolved and grown
Adoption of the Mitre ATT&CK framework, which saw version 8.0 released Tuesday, has grown rapidly over the last years, though challenges still remain for enterprise users.
- October 22, 2020
22 Oct'20
Iranian hackers pose as far-right group to threaten U.S. voters
The FBI said Russia and Iran have obtained voter information, and Iranian hackers have also been sending threatening emails to voters that appeared to be from a far-right group.
- October 22, 2020
22 Oct'20
McAfee launches IPO, raises $620 million
McAfee has returned to Wall Street, which comes months after the endpoint security vendor's previous CEO, Christopher Young, was replaced by Peter Leav in January.
- October 21, 2020
21 Oct'20
Microsoft: 94% of Trickbot's infrastructure disabled
In a new blog post, Microsoft said its legal takedown last week, which sought to decrease Trickbot activity, disabled the vast majority of the botnet's servers.
- October 21, 2020
21 Oct'20
NSA issues advisory against Chinese state-sponsored hackers
Among the 25 vulnerabilities listed in the NSA advisory, numerous were critical and carried a CVSS score either at or close to 10, the highest possible.
- October 20, 2020
20 Oct'20
NSS Labs ceases operations amid financial turmoil
Product testing firm NSS Labs shut down last week, citing negative effects of COVID-19, but former employees say the company's troubles started well before the pandemic.
- October 20, 2020
20 Oct'20
After a brief pause, Trickbot rebounds from takedown efforts
Attempts to disrupt the notorious Trickbot botnet, most recently through Microsoft's legal takedown, have proven short-lived as ransomware attacks have resumed.
- October 19, 2020
19 Oct'20
Combating disinformation campaigns ahead of 2020 election
As the 2020 election approaches, more focus needs to be on overcoming disinformation campaigns that manipulate voters as they vote early or head to the polls on Election Day.
- October 14, 2020
14 Oct'20
Blockchain or bust? Experts debate applications for elections
Blockchain has been proposed as a solution for security issues around e-voting. But some infosec experts are skeptical that the technology is the right fit for U.S. elections.
- October 13, 2020
13 Oct'20
Trickbot takedown: Will it make a dent in ransomware attacks?
A court order allowed Microsoft and several partners to take down the Trickbot botnet, which is commonly used to deploy ransomware, but it's unclear how long the impact will last.
- October 12, 2020
12 Oct'20
Hackers exploit Netlogon flaw to attack government networks
CISA issued an alert stating those government networks that were targeted by the APT were close to election systems and the activity may pose some risk to those systems.
- October 08, 2020
08 Oct'20
Should ransomware payments be banned? Experts weigh in
Two events -- a new advisory and what might be the first ransomware-related death -- have reignited the debate of whether ransomware payments should be banned.
- October 07, 2020
07 Oct'20
Raccine: A ransomware 'vaccine' with a few catches
Raccine, an open source 'vaccine,' prevents ransomware threat actors from using a Windows utility to delete shadow copies of a system's data, but there are a few drawbacks.
- October 07, 2020
07 Oct'20
Ping acquires blockchain identity startup ShoCard
Ping accelerated its push into the personal identity management market with the acquisition of ShoCard, which uses a blockchain-based platform to manage consumer identities.
- October 05, 2020
05 Oct'20
Surge in ransomware attacks threatens student data
Ransomware attacks are not the only threats facing K-12 schools during the COVID-19 pandemic. Cybercriminals are stealing and exposing students' personal data as well.
- October 01, 2020
01 Oct'20
Potential ransomware-related death still under investigation
German authorities say they are still investigating the death of a patient in connection with a ransomware attack on Düsseldorf University Hospital in Germany last month.
- September 28, 2020
28 Sep'20
Ivanti makes double acquisition of MobileIron, Pulse Secure
Ivanti will acquire all outstanding shares of MobileIron stock for approximately $872 million. The financial terms of Pulse Secure's acquisition were not disclosed.
- September 28, 2020
28 Sep'20
IBM: Ransomware attacks surged in Q2, ransom demands rising
IBM Security examined several concerning ransomware for this year, as well as an exponential increase in ransom demands and massive spike in attacks during the spring.
- September 24, 2020
24 Sep'20
Microsoft detects Netlogon vulnerability exploitation in the wild
While Microsoft released a patch last month for the Netlogon flaw, the company said it detected threat actors using exploits for the critical vulnerability.
- September 24, 2020
24 Sep'20
Shopify discloses data breach caused by insider threats
Canadian e-commerce company Shopify disclosed a data breach involving two insider threats, but questions remain about the breach and how it was discovered.
- September 23, 2020
23 Sep'20
FBI: Disinformation attacks on election results 'likely'
Foreign threat actors and cybercriminals are "likely" to spread disinformation around 2020 election results through social media and also alter election-related websites.
- September 23, 2020
23 Sep'20
ConnectWise launches bug bounty program to boost security
ConnectWise, which provides remote management software to MSPs, partnered with HackerOne in its first bug bounty program, which is part of a larger strategy to improve security.
- September 21, 2020
21 Sep'20
Cyber attacks on schools increasing amid remote learning shift
The pandemic forced schools to make a quick transition to remote learning with little resources and weak security postures, and threat actors have increased their attacks.