News

News

• February 24, 2021 24 Feb'21

  Senate hearing: SolarWinds evidence points to Russia

  Executives from Microsoft and FireEye said that there was substantial evidence pointing to Russia's role in the SolarWinds attack and no evidence found leading anywhere else.

• February 24, 2021 24 Feb'21

  Dragos: ICS security threats grew threefold in 2020

  A new report highlights the challenges facing ICS vendors today, including practices that are geared toward traditional IT and not designed for ICS security.

• February 22, 2021 22 Feb'21

  Chinese APT used stolen NSA exploit for years

  Check Point's report details how a zero-day exploit credited to a Chinese nation-state threat group "is in fact a replica of an Equation Group exploit code-named 'EpMe.'"

• February 18, 2021 18 Feb'21

  White House: 100 companies compromised in SolarWinds hack

  The White House discussed its response to the SolarWinds attacks, which so far have compromised nine federal agencies and approximately 100 private sector companies.

• February 17, 2021 17 Feb'21

  Wide net cast on potential Accellion breach victims

  While Accellion fixed the zero-day vulnerability within 72 hours and said the breach affected 'less than 50 customers,' the attack's impact has expanded two weeks after the disclosure.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• February 17, 2021 17 Feb'21

  DOJ indicts additional WannaCry conspirators

  The unsealed indictments accuse three individuals of being part of a hacking group, known as APT38 or Lazarus Group, within a North Korean military intelligence agency.

• February 17, 2021 17 Feb'21

  Risk & Repeat: SolarWinds and the hacking back debate

  This week's Risk & Repeat podcast looks at a recent '60 Minutes' episode that discussed the possibility of the U.S. government hacking back in response to the SolarWinds attacks.

• February 12, 2021 12 Feb'21

  Risk & Repeat: Oldsmar water plant breach raises concerns

  This week's Risk & Repeat podcast looks at how an unknown threat actor used TeamViewer to manipulate chemical levels in a water treatment facility in Oldsmar, Fla.

• February 11, 2021 11 Feb'21

  Oldsmar water plant computers shared TeamViewer password

  In addition to the advisory published by Massachusetts officials, the FBI issued a private industry notification Tuesday that referenced poor password security.

• February 10, 2021 10 Feb'21

  Researcher used open source supply chain to breach tech giants

  Security researcher Alex Birsan breached several major tech companies, including Microsoft and Apple, through a novel technique that manipulated open source supply chains.

• February 09, 2021 09 Feb'21

  SolarWinds breach news center

  The massive SolarWinds supply-chain attack continues to invade networks. Here's the latest news on the breach, how the malware infiltrates systems and the IT industry response.

• February 09, 2021 09 Feb'21

  Florida city's water nearly poisoned in TeamViewer attack

  The intruder increased the quantity of sodium hydroxide in the water from 100 parts per million to 11,100 parts per million briefly before a water plant operator fixed it.

• February 09, 2021 09 Feb'21

  Ninety percent of dark web hacking forum posts come from buyers

  Positive Technologies built a picture of dark web hacking forums via data from the 10 active forums and over 8 million users, though the veracity of such posts remains unclear.

• February 08, 2021 08 Feb'21

  Microsoft, SolarWinds in dispute over nation-state attacks

  The latest investigation updates from SolarWinds and Microsoft offer differing views on how nation-state threat actors compromised SolarWinds' environment.

• February 05, 2021 05 Feb'21

  Risk & Repeat: Diving into the dark web

  This week's Risk & Repeat podcast discusses the state of the dark web in 2021, how it has changed and what enterprises should know about the threats that exist there.

• February 04, 2021 04 Feb'21

  SolarWinds Office 365 environment compromised

  SolarWinds CEO Sudhakar Ramakrishna said nation-state threat actors first compromised a single email account and later gained access to the company's Orion platform environment.

• February 02, 2021 02 Feb'21

  SonicWall confirms zero-day vulnerability on SMA 100 series

  After testing NCC Group's findings, SonicWall 'confirmed their submission as a critical zero-day in the SMA 100 series 10.x code, and are tracking it as SNWLID-2021-0001.'

• February 02, 2021 02 Feb'21

  How a social engineering campaign fooled infosec researchers

  Impersonation tactics in social engineering attacks have become so elaborate that even highly aware members of the infosec community can fall victim to them.

• February 01, 2021 01 Feb'21

  The dark web in 2021: Should enterprises be worried?

  SearchSecurity spoke with multiple experts to find out how the dark web has changed, what the security risks are for enterprises and the value of dark web monitoring services.

• January 28, 2021 28 Jan'21

  DOJ charges suspect in NetWalker ransomware attacks

  The Department of Justice launched a coordinated effort to disrupt the notorious ransomware operation, which has infected healthcare organizations during the COVID-19 pandemic.

• January 27, 2021 27 Jan'21

  Emotet taken down in global law enforcement operation

  Ukraine's National Police said two citizens of Ukraine face up to 12 years in prison for their role in maintaining and operating Emotet, and other suspects have been identified.

• January 26, 2021 26 Jan'21

  Mimecast certificate compromised by SolarWinds hackers

  Mimecast conducted an investigation after being alerted by Microsoft that a certificate for Microsoft 365 Exchange Web Services authentication was stolen by a sophisticated actor.

• January 26, 2021 26 Jan'21

  Zero trust 2.0: Google unveils BeyondCorp Enterprise

  BeyondCorp Enterprise, which replaces Google's BeyondCorp Remote Access, uses the Chrome browser to extend the zero-trust platform to customers for continuous authentication.

• January 26, 2021 26 Jan'21

  Akamai: Extortion attempts increase in DDoS attacks

  New research from Akamai Technologies shows record-breaking DDoS attacks surged in 2020 while extortion-related campaigns against a variety of targets also increased.

• January 25, 2021 25 Jan'21

  SonicWall breached through 'probable' zero-day vulnerabilities

  SonicWall's internal systems were breached, and the company is investigating its Secure Mobile Access (SMA) 100 series, a remote access product for SMBs, as a possible vector.

• January 20, 2021 20 Jan'21

  FireEye releases new tool to fight SolarWinds hackers

  The new tool, dubbed Azure AD Investigator, will help audit Microsoft 365 environments for techniques used by the nation-state actors behind the SolarWinds supply chain attack.

• January 19, 2021 19 Jan'21

  SolarWinds supply chain attack explained: Need-to-know info

  The SolarWinds supply chain breach is the talk of the town -- and will be for months and years to come. Get informed and be part of the conversation with our guide.

• January 19, 2021 19 Jan'21

  Malwarebytes breached by SolarWinds hackers

  Malwarebytes, which is not a SolarWinds customer, confirmed that nation-state actors used an entirely different vector to breach the antimalware vendor and access internal emails.

• January 19, 2021 19 Jan'21

  FBI warns against vishing attacks targeting enterprises

  Though the FBI vishing warning references attacks that began in December 2019, the alert is reminiscent of the Twitter social engineering attacks that took place last July.

• January 14, 2021 14 Jan'21

  Tenable: Vulnerability disclosures skyrocketed over last 5 years

  New research from Tenable shows a dramatic increase in vulnerability disclosures since 2015, as well as concerning data about data breaches, ransomware threats and unpatched bugs.

• January 12, 2021 12 Jan'21

  Capitol building breach poses cybersecurity risks

  While security experts are divided on the level of risk, they agree there is a potential for threats after rioters stormed the Capitol building and ransacked offices.

• January 12, 2021 12 Jan'21

  SolarWinds confirms supply chain attack began in 2019

  SolarWinds and CrowdStrike published updates Monday that added new information for the timeline of the supply chain attack and how threat actors first gained access.

• January 11, 2021 11 Jan'21

  5 cybersecurity vendors to watch in 2021

  Despite the COVID-19 pandemic and economic setbacks, 2020 was another big year for investments in cybersecurity vendors. Here are five startups that stood out from the crowd.

• January 07, 2021 07 Jan'21

  Defending against SolarWinds attacks: What can be done?

  While no defense is guaranteed, zero-trust access and behavioral monitoring can be useful against nation-state hackers and threats like the SolarWinds attacks.

• January 06, 2021 06 Jan'21

  The SolarWinds attacks: What we know so far

  The SolarWinds attacks have left a massive impact on security, tech and the world at large, and events are still unfolding nearly a month after the initial disclosure.

• January 05, 2021 05 Jan'21

  10 of the biggest cyber attacks of 2020

  Here is a list of 10 of the largest cyber attacks of a pandemic-dominated 2020, including several devastating ransomware incidents and a massive supply chain attack.

• January 04, 2021 04 Jan'21

  Ransomware 'businesses': Does acting legitimate pay off?

  Ransomware gangs such as Maze have portrayed themselves almost like penetration testing firms and referred to victims as 'clients.' What's behind this approach?

• December 23, 2020 23 Dec'20

  Security measures critical for COVID-19 vaccine distribution

  The COVID-19 vaccine supply chain is already under attack, which comes as no surprise to experts. The biggest potential threats, however, are still to come.

• December 21, 2020 21 Dec'20

  SolarWinds backdoor infected tech giants, impact unclear

  Reports that technology giants were also affected by the SolarWinds backdoor malware have been confirmed by several major vendors, though there's no evidence they were breached.

• December 18, 2020 18 Dec'20

  Risk & Repeat: SolarWinds backdoor shakes infosec industry

  This week's Risk & Repeat podcast discusses the latest developments around the devastating SolarWinds backdoor attacks, which impacted several U.S. government agencies.

• December 17, 2020 17 Dec'20

  CISA: SolarWinds backdoor attacks are 'ongoing'

  A joint statement from the FBI, CISA and Office of the Director of National Intelligence says the SolarWinds backdoor attacks are 'ongoing' and have comprised federal agencies.

• December 17, 2020 17 Dec'20

  Microsoft, FireEye create kill switch for SolarWinds backdoor

  The kill switch follows several other moves Microsoft made against the malware, including the removal of digital certificates and quarantining the malware in Windows Defender.

• December 16, 2020 16 Dec'20

  SolarWinds struggles with response to supply chain attack

  Security researchers discovered the Orion DLL component containing the backdoor used was still present in updates on SolarWinds' website as recently as Monday night.

• December 16, 2020 16 Dec'20

  SolarWinds breach highlights dangers of supply chain attacks

  While the scope of the breach is still unknown, the cyber attack on SolarWinds shows what can happen when sophisticated attackers target just one link of a software supply chain.

• December 14, 2020 14 Dec'20

  SolarWinds backdoor used in nation-state cyber attacks

  Nation-state hackers conducted a supply chain attack on SolarWinds and planted a backdoor in software updates issued to customers such as FireEye and various government agencies.

• December 11, 2020 11 Dec'20

  FBI, CISA warn of growing ransomware attacks on K-12 schools

  The FBI and the Cybersecurity and Infrastructure Security Agency warned that cyber attacks targeting K-12 schools are expected to continue through the 2020 - 2021 school year.

• December 09, 2020 09 Dec'20

  FireEye red team tools stolen in cyber attack

  While no zero-day exploits were included in the red team tools, FireEye released detection rules and known vulnerabilities to help organizations defend themselves.

• December 08, 2020 08 Dec'20

  Forescout reports 33 new TCP/IP vulnerabilities

  The lack of consistent updates (and the open source nature of the stacks) make the Amnesia:33 vulnerabilities difficult to fix as well as make it difficult to comprehend the full impact.

• December 08, 2020 08 Dec'20

  New Microsoft Teams RCE vulnerability also wormable

  In his GitHub post, researcher Oskars Vegeris discussed Microsoft classifying the vulnerability as 'Important' rather than 'Critical,' despite it being exploitable via RCE.

• December 08, 2020 08 Dec'20

  Salesforce advised users to skip Chrome browser updates

  Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps.

• December 07, 2020 07 Dec'20

  Russian state-sponsored hackers exploit VMware vulnerability

  The NSA issued a cybersecurity advisory warning government agencies to mitigate as soon as possible, as the vulnerability was disclosed and patched last week.

• December 03, 2020 03 Dec'20

  Updated Trickbot malware threatens firmware security

  Despite recent takedown efforts, the operators behind the malicious botnet are back with a new module called 'TrickBoot' that detects UEFI/BIOS firmware vulnerabilities.

• December 01, 2020 01 Dec'20

  Ransomware attack shuts down Baltimore County schools

  Ransomware incapacitated Baltimore County Public Schools' network just before Thanksgiving, but the school system said students' Chromebooks and Google accounts were not impacted.

• December 01, 2020 01 Dec'20

  Online education vendor K12 hit with ransomware, pays ransom

  A spokesperson for K12 told SearchSecurity that based on the current status of the investigation, the attack did not affect student devices or school networks.

• November 20, 2020 20 Nov'20

  Risk & Repeat: Christopher Krebs out as CISA director

  This week's Risk & Repeat podcast discusses President Trump's firing of CISA Director Christopher Krebs, which was a controversial move in the infosec community.

• November 19, 2020 19 Nov'20

  White House questions election security; experts do not

  A number of infosec experts, election officials and government agencies say Election Day was free from hacking and cyber attacks, but the White House disagrees.

• November 18, 2020 18 Nov'20

  President Trump fires CISA director Christopher Krebs

  President Trump fired Krebs as director of CISA after the agency pushed back on unfounded accusations about widespread voter fraud and voting system hacks during the election.

• November 18, 2020 18 Nov'20

  Sophos: Ransomware 'heavyweights' demand sky-high payments

  Sophos principal research scientist Chet Wisniewski explains the presence of 'weight classes' in ransomware and offers his thoughts on its future.

• November 17, 2020 17 Nov'20

  CrowdStrike: Ransomware hit 56% of organizations in last year

  A new survey from CrowdStrike revealed more than half of 2,200 respondents' organizations were hit with a ransomware attack at least once in the past 12 months.

• November 13, 2020 13 Nov'20

  Risk & Repeat: 2020 election security in review

  This week's Risk & Repeat podcast looks back at the 2020 election, which was free of major cyber attacks or hacks but has seen a rise in disinformation campaigns online.

• November 12, 2020 12 Nov'20

  25,000 criminal reports: Vastaamo breach sets new precedent

  The recent data breach at the Vastaamo Psychotherapy Centre in Finland shows threat actors are willing to threaten and extort patients directly, setting a dangerous new precedent.

• November 12, 2020 12 Nov'20

  Life after Maze: Is Egregor ransomware next?

  Cybersecurity experts have noted similarities between newly discovered Egregor ransomware and the now-defunct Maze, but it's unclear whether the same threat actors are involved.

• November 11, 2020 11 Nov'20

  Palo Alto Networks buys Expanse for $800 million

  Palo Alto Networks continued its acquisition spree with an agreement to purchase San Francisco-based security vendor Expanse, which specializes in attack surface management.

• November 09, 2020 09 Nov'20

  CISA: No election hacking, but plenty of misinformation

  Election Day in the U.S. occurred with no evidence of cyber attacks or voting machine hacks, but CISA has its hands full with disinformation and conspiracy theories.

• November 04, 2020 04 Nov'20

  SaltStack discloses critical vulnerabilities, urges patching

  The SaltStack vulnerabilities, disclosed Tuesday, allow remote attackers to execute arbitrary code on affected installations of the popular open source software.

• November 02, 2020 02 Nov'20

  Maze gang shuts down its ransomware operation

  Maze ransomware has shut down, according to an announcement it posted Sunday, although some evidence suggests that Maze operators have resumed attacks under a different name.

• October 29, 2020 29 Oct'20

  FBI, CISA warn of impending ransomware attacks on hospitals

  Trickbot and Ryuk ransomware actors are targeting hospitals and other healthcare providers, according to a joint cybersecurity advisory from the CISA and the FBI.

• October 28, 2020 28 Oct'20

  Ping Identity launches passwordless authentication system

  Ping's new suite of authentication features looks to secure accounts and login processes by eliminating the need for usernames and passwords, which are often reused and an easy target.

• October 28, 2020 28 Oct'20

  'Lives at stake': How ransomware impacts hospitals

  Some ransomware gangs pledged to not target medical facilities during the COVID-19 pandemic, but hospitals are still getting hit. And the attacks affect more than just IT systems.

• October 27, 2020 27 Oct'20

  Mitre ATT&CK: How it has evolved and grown

  Adoption of the Mitre ATT&CK framework, which saw version 8.0 released Tuesday, has grown rapidly over the last years, though challenges still remain for enterprise users.

• October 22, 2020 22 Oct'20

  Iranian hackers pose as far-right group to threaten U.S. voters

  The FBI said Russia and Iran have obtained voter information, and Iranian hackers have also been sending threatening emails to voters that appeared to be from a far-right group.

• October 22, 2020 22 Oct'20

  McAfee launches IPO, raises $620 million

  McAfee has returned to Wall Street, which comes months after the endpoint security vendor's previous CEO, Christopher Young, was replaced by Peter Leav in January.

• October 21, 2020 21 Oct'20

  Microsoft: 94% of Trickbot's infrastructure disabled

  In a new blog post, Microsoft said its legal takedown last week, which sought to decrease Trickbot activity, disabled the vast majority of the botnet's servers.

• October 21, 2020 21 Oct'20

  NSA issues advisory against Chinese state-sponsored hackers

  Among the 25 vulnerabilities listed in the NSA advisory, numerous were critical and carried a CVSS score either at or close to 10, the highest possible.

• October 20, 2020 20 Oct'20

  NSS Labs ceases operations amid financial turmoil

  Product testing firm NSS Labs shut down last week, citing negative effects of COVID-19, but former employees say the company's troubles started well before the pandemic.

• October 20, 2020 20 Oct'20

  After a brief pause, Trickbot rebounds from takedown efforts

  Attempts to disrupt the notorious Trickbot botnet, most recently through Microsoft's legal takedown, have proven short-lived as ransomware attacks have resumed.

• October 19, 2020 19 Oct'20

  Combating disinformation campaigns ahead of 2020 election

  As the 2020 election approaches, more focus needs to be on overcoming disinformation campaigns that manipulate voters as they vote early or head to the polls on Election Day.

• October 14, 2020 14 Oct'20

  Blockchain or bust? Experts debate applications for elections

  Blockchain has been proposed as a solution for security issues around e-voting. But some infosec experts are skeptical that the technology is the right fit for U.S. elections.

• October 13, 2020 13 Oct'20

  Trickbot takedown: Will it make a dent in ransomware attacks?

  A court order allowed Microsoft and several partners to take down the Trickbot botnet, which is commonly used to deploy ransomware, but it's unclear how long the impact will last.

• October 12, 2020 12 Oct'20

  Hackers exploit Netlogon flaw to attack government networks

  CISA issued an alert stating those government networks that were targeted by the APT were close to election systems and the activity may pose some risk to those systems.

• October 08, 2020 08 Oct'20

  Should ransomware payments be banned? Experts weigh in

  Two events -- a new advisory and what might be the first ransomware-related death -- have reignited the debate of whether ransomware payments should be banned.

• October 07, 2020 07 Oct'20

  Raccine: A ransomware 'vaccine' with a few catches

  Raccine, an open source 'vaccine,' prevents ransomware threat actors from using a Windows utility to delete shadow copies of a system's data, but there are a few drawbacks.

• October 07, 2020 07 Oct'20

  Ping acquires blockchain identity startup ShoCard

  Ping accelerated its push into the personal identity management market with the acquisition of ShoCard, which uses a blockchain-based platform to manage consumer identities.

• October 05, 2020 05 Oct'20

  Surge in ransomware attacks threatens student data

  Ransomware attacks are not the only threats facing K-12 schools during the COVID-19 pandemic. Cybercriminals are stealing and exposing students' personal data as well.

• October 01, 2020 01 Oct'20

  Potential ransomware-related death still under investigation

  German authorities say they are still investigating the death of a patient in connection with a ransomware attack on Düsseldorf University Hospital in Germany last month.

• September 28, 2020 28 Sep'20

  Ivanti makes double acquisition of MobileIron, Pulse Secure

  Ivanti will acquire all outstanding shares of MobileIron stock for approximately $872 million. The financial terms of Pulse Secure's acquisition were not disclosed.

• September 28, 2020 28 Sep'20

  IBM: Ransomware attacks surged in Q2, ransom demands rising

  IBM Security examined several concerning ransomware for this year, as well as an exponential increase in ransom demands and massive spike in attacks during the spring.

• September 24, 2020 24 Sep'20

  Microsoft detects Netlogon vulnerability exploitation in the wild

  While Microsoft released a patch last month for the Netlogon flaw, the company said it detected threat actors using exploits for the critical vulnerability.

• September 24, 2020 24 Sep'20

  Shopify discloses data breach caused by insider threats

  Canadian e-commerce company Shopify disclosed a data breach involving two insider threats, but questions remain about the breach and how it was discovered.

• September 23, 2020 23 Sep'20

  FBI: Disinformation attacks on election results 'likely'

  Foreign threat actors and cybercriminals are "likely" to spread disinformation around 2020 election results through social media and also alter election-related websites.

• September 23, 2020 23 Sep'20

  ConnectWise launches bug bounty program to boost security

  ConnectWise, which provides remote management software to MSPs, partnered with HackerOne in its first bug bounty program, which is part of a larger strategy to improve security.

• September 21, 2020 21 Sep'20

  Cyber attacks on schools increasing amid remote learning shift

  The pandemic forced schools to make a quick transition to remote learning with little resources and weak security postures, and threat actors have increased their attacks.

• September 17, 2020 17 Sep'20

  Gartner: Paying after ransomware attacks carries big risks

  The average cost of a ransomware payment in Q1 2020 was $178,254, according to a session at Gartner's Security & Risk Management Summit -- and that doesn't include downtime cost.

• September 17, 2020 17 Sep'20

  Maze ransomware gang uses VMs to evade detection

  A Sophos investigation into a Maze ransomware attack revealed that threat actors borrowed an attack technique pioneered by Ragnar Locker operators earlier this year.

• September 16, 2020 16 Sep'20

  Gartner: Securing remote workforce a top priority

  In a COVID-19 pandemic world with new security threats and risks emerging, Gartner analysts discussed the urgency of securing access and devices for remote employees.

• September 15, 2020 15 Sep'20

  Gartner: Privileged access management a must in 2020

  Gartner's 2020 Security & Risk Management Summit focused on the importance of privileged access management to cybersecurity as threat actors increasingly target admin credentials.

• September 10, 2020 10 Sep'20

  Disinformation, mail-in ballots top election security concerns

  While there have been no major cyberattacks this election season, threat actors are waging disinformation campaigns around hot-button issues like mail-in ballots.

• September 09, 2020 09 Sep'20

  Intel patches critical flaw in Active Management Technology

  Intel's Patch Tuesday featured four security advisories, including a critical flaw in Active Management Technology that could allow an attacker privilege escalation.

• September 03, 2020 03 Sep'20

  CISA issues vulnerability disclosure order for federal agencies

  The U.S. Cybersecurity and Infrastructure Security Agency gives a directive for federal agencies to establish vulnerability disclosure policies in the next 180 calendar days.

• September 02, 2020 02 Sep'20

  CISA and FBI say there have been no hacks on voter databases

  After a false Russian news report circulated on the internet, CISA and the FBI released a joint statement that denied any hacks to election security.