News

News

• August 16, 2022 16 Aug'22

  Zero Day Initiative seeing an increase in failed patches

  In a Q&A with TechTarget Editorial, Trend Micro Zero Day Initiative's Brian Gorenc and Dustin Childs discuss incomplete patches and the value of personal researcher relations.

• August 12, 2022 12 Aug'22

  Eclypsium calls out Microsoft over bootloader security woes

  At DEF CON 30, Eclypsium researchers detailed three new vulnerabilities in third-party Windows bootloaders that were signed with Microsoft's UEFI certificates.

• August 11, 2022 11 Aug'22

  Rapid7: Cisco ASA and ASDM flaws went unpatched for months

  While several of the vulnerabilities were reported to Cisco in February, they remained unpatched until Thursday when Rapid7's Jake Baines discussed the flaws at Black Hat USA 2022.

• August 11, 2022 11 Aug'22

  Researchers reveal Kubernetes security holes, prevention

  Researchers with Palo Alto Networks took the stage at Black Hat to explain how configurations and system privileges in Kubernetes clusters can allow container escape and takeover.

• August 11, 2022 11 Aug'22

  Cisco hacked by access broker with Lapsus$ ties

  No Cisco employee or customer personal information was stolen in the hack, though some data did make it onto the dark web.

• August 11, 2022 11 Aug'22

  SentinelOne discusses the rise of data-wiping malware

  During a Black Hat 2022 session, researchers showed how expectations of cyber war may differ from the reality.

• August 11, 2022 11 Aug'22

  Zero Day Initiative launches new bug disclosure timelines

  The Trend Micro Zero Day Initiative's vulnerability disclosure policy will now mandate shorter disclosure windows for flaws believed to result from bypassed security patches.

• August 11, 2022 11 Aug'22

  How CI/CD pipelines are putting enterprise networks at risk

  At Black Hat USA 2022, NCC Group researchers demonstrated how threat actors can compromise CI/CD pipelines and break out into enterprise networks and cloud environments.

• August 11, 2022 11 Aug'22

  Google researchers dissect Android spyware, zero days

  Researchers with Google's Threat Analysis Group say the ecosystem of surveillance vendors is far larger than just NSO Group, and some vendors are sharing or trading exploits.

• August 10, 2022 10 Aug'22

  Ermetic addresses IAM weaknesses in multi-cloud environments

  Researchers at the cloud security vendor discussed the importance of understanding the different identity and access management features among the major cloud providers.

• August 10, 2022 10 Aug'22

  Chris Krebs: It's still too hard to work with the government

  Former CISA Director Chris Krebs offered multiple areas of improvement to the U.S. government's cyber readiness during a Black Hat 2022 keynote.

• August 10, 2022 10 Aug'22

  Industroyer2: How Ukraine avoided another blackout attack

  A Black Hat 2022 session explained how the latest attack on Ukraine's energy grid was thwarted this spring, thanks to quick responses and timely sharing of threat data.

• August 08, 2022 08 Aug'22

  U.S. sanctions another cryptocurrency mixer in Tornado Cash

  The U.S. Treasury Department issued sanctions against Tornado Cash, a cryptocurrency mixer accused of helping North Korea's Lazarus Group launder stolen funds.

• August 08, 2022 08 Aug'22

  VMware: The threat of lateral movement is growing

  The majority of incident response professionals surveyed for VMware's 'Global Incident Response Threat Report' observed lateral movement in at least some attacks in the past year.

• August 04, 2022 04 Aug'22

  Amazon CSO Steve Schmidt talks prescriptive security for AWS

  In part two of this Q&A, Amazon CSO Steve Schmidt discusses why AWS has taken a more prescriptive approach to customer security and how it influences areas like incident response.

• August 03, 2022 03 Aug'22

  Amazon CSO Steve Schmidt preaches fungible resources, MFA

  In a Q&A with SearchSecurity, Amazon CSO Steve Schmidt discusses his time as head of AWS security and shifts the cloud provider made to improve its posture, as well as customers'.

• August 03, 2022 03 Aug'22

  Thoma Bravo to acquire Ping Identity for $2.8B

  Thoma Bravo's bid is expected to close in the fourth quarter of 2022. Ping Identity's purchase price represents a 63% premium over the vendor's closing price Tuesday.

• August 02, 2022 02 Aug'22

  New Microsoft tools aim to protect expanding attack surface

  New security concerns have arisen around initial attack vectors and visibility into a broader attack surface as companies have moved to the cloud, according to Microsoft.

• August 02, 2022 02 Aug'22

  July another down month in ransomware attack disclosures

  July saw a similar number of ransomware attack disclosures as June, previously the sparsest month for disclosures this year, according to SearchSecurity's data.

• July 29, 2022 29 Jul'22

  Coveware: Median ransom payments dropped 51% in Q2

  Coveware hypothesized that large enterprises are making themselves more expensive targets for ransomware gangs and refusing to give into high demands.

• July 28, 2022 28 Jul'22

  Microsoft: Austrian company DSIRF selling Subzero malware

  Microsoft said Austrian penetration testing firm DSIRF exploited multiple zero-day vulnerabilities, including the recently patched CVE-2022-22047.

• July 28, 2022 28 Jul'22

  AWS adds anti-malware and PII visibility to storage

  New tools unveiled by AWS at re:Inforce 2022 add new anti-malware capabilities to AWS block storage and a way to find personally identifiable information with S3 object storage.

• July 26, 2022 26 Jul'22

  AWS issues MFA call to action at re:Inforce 2022

  To reduce growing attack surfaces in the cloud, AWS executives emphasized the importance of implementing MFA to protect accounts and blocking public access to cloud resources.

• July 26, 2022 26 Jul'22

  CrowdStrike launches cloud threat hunting service

  Launched at AWS re:Inforce 2022, CrowdStrike's Falcon OverWatch Cloud Threat Hunting is a standalone threat hunting service built to stop advanced threats from within the cloud.

• July 21, 2022 21 Jul'22

  NCC Group observes a drop in ransomware attacks -- for now

  Changes in top ransomware-as-a-service groups like LockBit 2.0 and Conti accounted for the decline in activity, though NCC Group anticipates attacks will ramp back up.

• July 21, 2022 21 Jul'22

  Atlassian Confluence plugin contains hardcoded password

  A flaw in Questions for Confluence, a first-party application in Atlassian Confluence, contains a hardcoded password enabling access into any vulnerable instance.

• July 21, 2022 21 Jul'22

  SynSaber: Only 41% of ICS vulnerabilities require attention

  The industrial cybersecurity vendor analyzed 681 ICS vulnerabilities that were disclosed this year and found many had a low probability of exploitation.

• July 20, 2022 20 Jul'22

  DOJ report warns of escalating cybercrime, 'blended' threats

  The Department of Justice's cyber review report warned that the lines between conventional cybercriminal activity and national security threats have all but disappeared.

• July 20, 2022 20 Jul'22

  Sophos launches cross-operational task force X-Ops

  The Sophos X-Ops team aims to create an AI-assisted security operations center using the cybersecurity vendor's research and threat response teams.

• July 15, 2022 15 Jul'22

  Cryptocurrency mixer activity reaches new heights in 2022

  Chainalysis observed a stark uptick in April that led to a steady decline in May and June, but illicit addresses and DeFi platforms have kept mixers busy so far this year.

• July 15, 2022 15 Jul'22

  Risk & Repeat: Ransomware in 2022 so far

  This podcast episode discusses ransomware in 2022, including an apparent decrease in attacks, the evolution of cybercrime operations and the lack of visibility into the threat.

• July 14, 2022 14 Jul'22

  Cryptocurrency crash triggers crisis for dark web exchanges

  Cybersixgill says dark web exchanges that help cybercriminals launder their funds are facing a crisis as users are cashing out amid a cryptocurrency price crash.

• July 13, 2022 13 Jul'22

  Researcher develops Hive ransomware decryption tool

  Despite being only a year old, Hive ransomware has grown into a prominent ransomware-as-a-service operator. The decryptor tackles Hive's newer, better-encrypted version.

• July 13, 2022 13 Jul'22

  Supreme Court justices doxxed on dark web

  Five conservative Supreme Court justices were reportedly doxxed by threat actors that claim to have obtained credit card numbers, addresses and other information.

• July 12, 2022 12 Jul'22

  4 critical flaws among 84 fixes in July Patch Tuesday

  Microsoft's Patch Tuesday release for July brought dozens of fixes for security flaws in Windows, an Azure disaster recovery tool and the problematic Print Spooler service.

• July 07, 2022 07 Jul'22

  Early detection crucial in stopping BEC scams

  Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails.

• July 07, 2022 07 Jul'22

  Public sector still facing ransomware attacks amid decline

  While ransomware activity has reportedly decreased worldwide in recent months, several public sector organizations in the U.S. suffered attacks in June.

• July 06, 2022 06 Jul'22

  5G networks vulnerable to adversarial ML attacks

  A team of academic researchers introduced an attack technique that could disrupt 5G networks, requiring new ways to protect against adversarial machine learning attacks.

• July 06, 2022 06 Jul'22

  HackerOne incident raises concerns for insider threats

  While the threat actor's motivation appears to be financial, it shows just how damaging an insider threat could be for vulnerability disclosure and bug bounty systems.

• July 05, 2022 05 Jul'22

  Ransomware in 2022: Evolving threats, slow progress

  Experts say trends involving new forms of leverage, increasing numbers of affiliates and the evolving cyber insurance market are shaping the ransomware landscape in 2022.

• June 30, 2022 30 Jun'22

  SANS Institute: Human error remains the top security issue

  The SANS Institute's annual report on security awareness found that human risk is still the biggest source of data breaches and security issues for enterprises.

• June 28, 2022 28 Jun'22

  Ransomware gangs using Log4Shell to attack VMware instances

  Ransomware groups are exploiting the Log4Shell flaw in VMware Horizon and using DLL sideloading techniques to exfiltrate and encrypt data, according to Trend Micro.

• June 28, 2022 28 Jun'22

  Cisco Talos techniques uncover ransomware sites on dark web

  One of the three techniques Cisco Talos used to de-anonymize ransomware dark web sites is to match TLS certificate serial numbers from dark web leak sites to the clear web.

• June 28, 2022 28 Jun'22

  Wiz launches open database to track cloud vulnerabilities

  Wiz researchers Alon Schindel and Amitai Cohen and Scott Piper, cloud security engineer at Block, launched a database to list all known cloud vulnerabilities and security issues.

• June 24, 2022 24 Jun'22

  Researchers criticize Oracle's vulnerability disclosure process

  While the critical flaws were reported in April, it took the vendor nearly half a year to issue patches, exceeding the standard responsible coordinated disclosure policy.

• June 23, 2022 23 Jun'22

  Chinese HUI Loader malware ups the ante on espionage attacks

  A state-sponsored piece of malware may become a favorite weapon for Beijing-backed hacking crews looking to lift intellectual property from foreign firms.

• June 23, 2022 23 Jun'22

  Access management issues may create security holes

  Employees who aren't credentialed to access corporate systems to do their jobs find ways around the red tape that could lead to security breaches.

• June 22, 2022 22 Jun'22

  Ongoing PowerShell security threats prompt a call to action

  Although PowerShell poses an ongoing risk to enterprise security as a post-exploitation tool, authorities strongly advise against disabling it completely.

• June 22, 2022 22 Jun'22

  Kaspersky unveils unknown APT actor 'ToddyCat'

  The origin of 'ToddyCat' is unknown. However, Kaspersky said the APT actor carries similarities with a number of Chinese-speaking threat groups.

• June 22, 2022 22 Jun'22

  Publicly disclosed U.S. ransomware attacks database

  Each day SearchSecurity looks for every publicly available instance of a ransomware attack in the U.S. and compiles this data into a list to keep readers updated on recent threats.

• June 22, 2022 22 Jun'22

  Proofpoint: Social engineering attacks slipping past users

  Executives, administrators and network defenders overlook the severity of many of the most effective social engineering tools, Proofpoint cautions.

• June 21, 2022 21 Jun'22

  Forescout discloses 'OT:Icefall,' 56 flaws from 10 vendors

  The OT:Icefall vulnerabilities come from 10 operational technology vendors that make hardware for critical infrastructure, including Emerson, Honeywell, Motorola and more.

• June 20, 2022 20 Jun'22

  Cleveland BSides takes heat for Chris Hadnagy appearance

  The Cleveland BSides security conference is experiencing turmoil after booking a 'surprise' keynote speaker who was recently barred from DEF CON for misconduct.

• June 20, 2022 20 Jun'22

  Paige Thompson found guilty in 2019 Capital One data breach

  The former Amazon engineer who hacked AWS and gained access to sensitive data belonging to Capital One customers has been convicted.

• June 20, 2022 20 Jun'22

  Healthcare breaches on the rise in 2022

  According to U.S. government data, the number of healthcare breaches in the first five months of 2022 has nearly doubled from the same period last year.

• June 17, 2022 17 Jun'22

  Hertzbleed disclosure raises questions for Intel

  Hertzbleed, a family of new side-channel attacks, was first reported to Intel in the third quarter of 2021, and it's unclear why it was kept under embargo for so long.

• June 16, 2022 16 Jun'22

  Risk & Repeat: Recapping RSA Conference 2022

  This Risk & Repeat episode discusses RSA Conference 2022 and major themes, such as the evolving ransomware landscape and the government's strategy to address nation-state threats.

• June 15, 2022 15 Jun'22

  Alphv ransomware gang ups pressure with new extortion scheme

  The ransomware operators this week launched a website for victims' employees and customers to search for any stolen personal information following an attack.

• June 15, 2022 15 Jun'22

  Microsoft takes months to fix critical Azure Synapse bug

  Orca Security discovered that inadequate tenant separation in Microsoft's Azure Synapse service could allow a threat actor to steal credentials from thousands of customers.

• June 14, 2022 14 Jun'22

  Critical Atlassian Confluence flaw remains under attack

  Researchers say a critical flaw in the Atlassian Confluence Data Center and Server is now being used to spread ransomware in the wild, making updates a top priority.

• June 14, 2022 14 Jun'22

  How Russian sanctions may be helping US cybersecurity

  Federal government officials say Russian sanctions decreased cyber attacks on the U.S. over the past few months but could potentially lead to significant threats down the road.

• June 13, 2022 13 Jun'22

  Tenable slams Microsoft over Azure vulnerabilities

  Tenable expressed its frustration after working with Microsoft on the disclosure of two cloud flaws that researchers ranked as critical, which the company later silently patched.

• June 13, 2022 13 Jun'22

  Skyhigh Security CEO, VP talk life after McAfee

  Gee Rittenhouse discusses the process of building Skyhigh Security, a new company created by Symphony Technology Group as a rebirth of McAfee's enterprise cloud security portfolio.

• June 09, 2022 09 Jun'22

  Rob Joyce: China represents biggest long-term cyberthreat

  NSA director of cybersecurity Rob Joyce spoke at RSA Conference 2022 about the cyberthreat landscape for nation-state attacks from Russia and China.

• June 09, 2022 09 Jun'22

  CrowdStrike demonstrates dangers of container escape attacks

  CrowdStrike gave a live demonstration at RSA Conference 2022 of how an attacker can use a recently discovered Kubernetes flaw to obtain full control over a container's host system.

• June 09, 2022 09 Jun'22

  Mandiant: Cyberextortion schemes increasing pressure to pay

  At RSA Conference 2022, Mandiant executives discussed how attackers are pulling out all the stops to pressure victims to pay, from DDoS attacks to harassing victims' customers.

• June 08, 2022 08 Jun'22

  SANS lists bad backups, cloud abuse as top cyberthreats

  A panel of experts from the SANS Institute took the stage at RSA Conference 2022 to weigh in on some of the biggest threats and risks facing security teams.

• June 08, 2022 08 Jun'22

  CISA director promotes collaboration and trust at RSAC 2022

  Jen Easterly said there's growing momentum for stronger collaboration and communication between government agencies like CISA and private-sector cybersecurity companies.

• June 07, 2022 07 Jun'22

  Cisco Talos: Destructive malware, supply chain attacks rising

  At RSA Conference 2022, Cisco Talos discussed how adversaries have evolved and changed their tactics, leading to major shifts in the threat landscape.

• June 07, 2022 07 Jun'22

  Microsoft flags common pitfalls for cyber insurance

  Cyber insurance is getting more expensive and tougher to acquire. At RSA Conference 2022, Microsoft's Cynthia James discussed the common mistakes made when obtaining coverage.

• June 07, 2022 07 Jun'22

  Ransomware Task Force calls for better incident reporting

  Michael Phillips, co-chair of the Ransomware Task Force and chief claims officer at Resilience, pointed to a 'data gap' that prohibits a complete picture of the ransomware problem.

• June 07, 2022 07 Jun'22

  Microsoft details zero-trust transition, challenges

  Over the past three years, Microsoft has moved to a zero-trust framework. Security engineers outlined the transition and its challenges during a session at RSA Conference 2022.

• June 07, 2022 07 Jun'22

  DNI Avril Haines: Cybersecurity is getting harder

  During her RSA Conference 2022 keynote, the U.S. Director of National Intelligence discussed the increase in cyber threats, from nation-state attacks to commercial hacking tools.

• June 07, 2022 07 Jun'22

  Cybereason: Paying ransoms leads to more ransomware attacks

  Cybereason found that the majority of organizations that pay threat actors to decrypt data are attacked again -- usually within a month and at the hands of the same attackers.

• June 06, 2022 06 Jun'22

  MacOS malware attacks slipping through the cracks

  Apple security specialist Patrick Wardle told RSA Conference 2022 attendees that some of the worst security flaws in the macOS operating system come from overlooked bits of code.

• June 06, 2022 06 Jun'22

  Major DDoS attacks increasing after invasion of Ukraine

  DDoS attacks are a growing threat to both government and commercial entities across the globe, as Russia's invasion of Ukraine has increased the rate of attacks in 2022.

• June 03, 2022 03 Jun'22

  Critical Atlassian Confluence flaw exploited in the wild

  No patch is currently available for the critical Atlassian bug, which affects Confluence Server and Data Center products, though one is expected by end of day Friday.

• June 02, 2022 02 Jun'22

  May ransomware attacks strike municipal governments, IT firms

  A major agriculture machinery vendor as well as a handful of other private companies and municipal governments were the targets of ransomware attacks in May.

• June 02, 2022 02 Jun'22

  Conti ransomware group targeted Intel firmware tools

  A pair of Intel firmware management platforms were targeted by the notorious Conti ransomware group to create new attack techniques, according to Eclypsium researchers.

• June 02, 2022 02 Jun'22

  VMware launches 'threat intelligence cloud' Contexa

  The Contexa threat intelligence service is integrated into all VMware security products and will be available to all new and existing customers at no additional cost.

• June 01, 2022 01 Jun'22

  Hackers ransom 1,200 exposed Elasticsearch databases

  An extensive extortion operation didn't need exploits or vulnerabilities to take over more than 1,200 Elasticsearch databases and demand bitcoin payments, according to Secureworks.

• June 01, 2022 01 Jun'22

  Forescout proof-of-concept ransomware attack affects IoT, OT

  Forescout's proof of concept showed how an attacker could use an IoT camera to gain access to an enterprise's IT network and then shut down operational technology hardware.

• May 31, 2022 31 May'22

  Microsoft zero day exploited in the wild, workarounds released

  A zero-day flaw in the Microsoft Support Diagnostic Tool has already been exploited in the wild. No patch is available yet, but Microsoft released temporary mitigations.

• May 26, 2022 26 May'22

  U.S. Senate report calls out lack of ransomware reporting

  The Senate Committee on Homeland Security published a report that points to a lack of ransomware reporting as a major issue in defending the U.S. from cyber attacks.

• May 26, 2022 26 May'22

  Twitter fined $150M for misusing 2FA data

  The DOJ and FTC said the social media company misused consumers' personal data for advertisement purposes, from which it gained benefit.

• May 26, 2022 26 May'22

  'Pantsdown' BMC vulnerability still present in Quanta servers

  Eclypsium found that a critical security flaw first disclosed in 2019 remains exposed in many internet-facing servers, leaving networks at risk for remote code execution attacks.

• May 25, 2022 25 May'22

  Verizon DBIR: Stolen credentials led to nearly 50% of attacks

  The Verizon 2022 Data Breach Investigations Report revealed enterprises' ongoing struggle with securing credentials and avoiding common mistakes such as misconfigurations.

• May 24, 2022 24 May'22

  Developers targeted by poisoned Python library

  A developer's expired domain led to a threat actor taking control of an open source library and poisoning it with malware that could steal private keys for AWS instances.

• May 24, 2022 24 May'22

  MFA technology is rapidly evolving -- are mandates next?

  The evolving landscapes of both the modern workplace and cyberthreats have paved the way for some organizations to require multifactor authentication protection. Will others join?

• May 24, 2022 24 May'22

  Verizon DBIR: Ransomware dominated threat landscape in 2021

  Though ransomware became an increasingly large threat to enterprises last year, Verizon's Data Breach Investigations Report found the model may not be as profitable as expected.

• May 23, 2022 23 May'22

  AdvIntel: Conti rebranding as several new ransomware groups

  According to AdvIntel's research, the Conti ransomware group's attack on the Costa Rican government was part of a rebranding effort, as the gang's ransom payments had dried up.

• May 19, 2022 19 May'22

  QNAP devices hit by DeadBolt ransomware again

  DeadBolt ransomware is once again targeting QNAP's NAS devices, and the vendor is urging customers to patch immediately.

• May 19, 2022 19 May'22

  VMware vulnerabilities under attack, CISA urges action

  Administrators are grappling with four VMware vulnerabilities -- two older flaws that are under active exploitation and two new bugs that CISA believes will be exploited soon.

• May 19, 2022 19 May'22

  Small businesses under fire from password stealers

  Kaspersky researchers tracked notable increases in password-stealing Trojans, RDP attacks and other cyberthreats against small businesses in various countries.

• May 18, 2022 18 May'22

  Axie Infinity hack highlights DPRK cryptocurrency heists

  The $620 million hack of developer Sky Mavis earlier this year is only the latest in a long line of cryptocurrency platform attacks conducted by North Korean nation-state actors.

• May 18, 2022 18 May'22

  CISA calls out security misconfigurations, common mistakes

  Poor security practices and misconfigured controls are allowing threat actors to compromise enterprise networks.

• May 17, 2022 17 May'22

  North Korean IT workers targeting US enterprises

  North Korean nationals are looking to land jobs at U.S. and European companies to collect sensitive data that could help the reclusive government's military programs.

• May 17, 2022 17 May'22

  Cardiologist charged with creating Thanos, Jigsaw ransomware

  Moises Luis Zagala Gonzalez, 55, faces up to five years in prison for each of the two charges connected to his alleged role in creating Thanos and Jigsaw ransomware.

• May 16, 2022 16 May'22

  Critical bug in Zyxel firewalls, VPNs exploited in the wild

  Initially discovered by Rapid7, the vulnerability poses a critical risk to enterprise networks and could allow attackers to gain remote access to Zyxel security products.

• May 12, 2022 12 May'22

  Iranian APT Cobalt Mirage launching ransomware attacks

  Secureworks researchers said a new Iranian state-sponsored threat group is melding government and financial interests by targeting U.S. organizations with ransomware attacks.