News

News

• June 20, 2022 20 Jun'22

  Cleveland BSides takes heat for Chris Hadnagy appearance

  The Cleveland BSides security conference is experiencing turmoil after booking a 'surprise' keynote speaker who was recently barred from DEF CON for misconduct.

• June 20, 2022 20 Jun'22

  Paige Thompson found guilty in 2019 Capital One data breach

  The former Amazon engineer who hacked AWS and gained access to sensitive data belonging to Capital One customers has been convicted.

• June 20, 2022 20 Jun'22

  Healthcare breaches on the rise in 2022

  According to U.S. government data, the number of healthcare breaches in the first five months of 2022 has nearly doubled from the same period last year.

• June 17, 2022 17 Jun'22

  Hertzbleed disclosure raises questions for Intel

  Hertzbleed, a family of new side-channel attacks, was first reported to Intel in the third quarter of 2021, and it's unclear why it was kept under embargo for so long.

• June 16, 2022 16 Jun'22

  Risk & Repeat: Recapping RSA Conference 2022

  This Risk & Repeat episode discusses RSA Conference 2022 and major themes, such as the evolving ransomware landscape and the government's strategy to address nation-state threats.

• Sponsored News

  • Riding the Wave to Enterprise AI at Scale: The Transformation of Client Solutions

    Sponsored by Dell Technologies - While it’s true that AI is moving rapidly toward universal adoption, it is in the enterprise where AI is having its greatest impact. Enterprise AI certainly is an area of massive resource investment: Research pegs the size of the 2025 global enterprise AI market at $97 billion, growing to an astonishing $229 billion by 2030. All forms of AI—agentic AI, generative AI, machine learning, and predictive AI, to name a few—are transforming how, when, where, and why work is done. See More

  • The “Personal Touch” of AI is Undeniable, Thanks for Impressive Advances in Client Solutions

    Sponsored by Dell Technologies - The trend toward personal—and personalized—artificial intelligence (AI) has swiftly moved from interesting idea to undeniable market transformational catalyst. Research points out that 61% of U.S. adults have used AI in the past six months, with a growing number of those using it daily. This not only is an expected byproduct of widespread AI use in businesses and other enterprises, but the rapidly accelerating number of consumer-oriented use cases. See More

  • The Deepening Impact of “AI Everywhere” is Revolutionizing Client Solutions

    Sponsored by Dell Technologies - Artificial intelligence (AI) has rapidly become the technical development with the most profound impact on how we work, play, live, and interact. Although AI has been around for decades, earlier generations of expert systems, knowledge systems, and decision-support systems pale in comparison to the capabilities of the AI of today…and tomorrow. See More

  View All Sponsored News
• June 15, 2022 15 Jun'22

  Alphv ransomware gang ups pressure with new extortion scheme

  The ransomware operators this week launched a website for victims' employees and customers to search for any stolen personal information following an attack.

• June 15, 2022 15 Jun'22

  Microsoft takes months to fix critical Azure Synapse bug

  Orca Security discovered that inadequate tenant separation in Microsoft's Azure Synapse service could allow a threat actor to steal credentials from thousands of customers.

• June 14, 2022 14 Jun'22

  Critical Atlassian Confluence flaw remains under attack

  Researchers say a critical flaw in the Atlassian Confluence Data Center and Server is now being used to spread ransomware in the wild, making updates a top priority.

• June 14, 2022 14 Jun'22

  How Russian sanctions may be helping US cybersecurity

  Federal government officials say Russian sanctions decreased cyber attacks on the U.S. over the past few months but could potentially lead to significant threats down the road.

• June 13, 2022 13 Jun'22

  Tenable slams Microsoft over Azure vulnerabilities

  Tenable expressed its frustration after working with Microsoft on the disclosure of two cloud flaws that researchers ranked as critical, which the company later silently patched.

• June 13, 2022 13 Jun'22

  Skyhigh Security CEO, VP talk life after McAfee

  Gee Rittenhouse discusses the process of building Skyhigh Security, a new company created by Symphony Technology Group as a rebirth of McAfee's enterprise cloud security portfolio.

• June 09, 2022 09 Jun'22

  Rob Joyce: China represents biggest long-term cyberthreat

  NSA director of cybersecurity Rob Joyce spoke at RSA Conference 2022 about the cyberthreat landscape for nation-state attacks from Russia and China.

• June 09, 2022 09 Jun'22

  CrowdStrike demonstrates dangers of container escape attacks

  CrowdStrike gave a live demonstration at RSA Conference 2022 of how an attacker can use a recently discovered Kubernetes flaw to obtain full control over a container's host system.

• June 09, 2022 09 Jun'22

  Mandiant: Cyberextortion schemes increasing pressure to pay

  At RSA Conference 2022, Mandiant executives discussed how attackers are pulling out all the stops to pressure victims to pay, from DDoS attacks to harassing victims' customers.

• June 08, 2022 08 Jun'22

  SANS lists bad backups, cloud abuse as top cyberthreats

  A panel of experts from the SANS Institute took the stage at RSA Conference 2022 to weigh in on some of the biggest threats and risks facing security teams.

• June 08, 2022 08 Jun'22

  CISA director promotes collaboration and trust at RSAC 2022

  Jen Easterly said there's growing momentum for stronger collaboration and communication between government agencies like CISA and private-sector cybersecurity companies.

• June 07, 2022 07 Jun'22

  Cisco Talos: Destructive malware, supply chain attacks rising

  At RSA Conference 2022, Cisco Talos discussed how adversaries have evolved and changed their tactics, leading to major shifts in the threat landscape.

• June 07, 2022 07 Jun'22

  Microsoft flags common pitfalls for cyber insurance

  Cyber insurance is getting more expensive and tougher to acquire. At RSA Conference 2022, Microsoft's Cynthia James discussed the common mistakes made when obtaining coverage.

• June 07, 2022 07 Jun'22

  Ransomware Task Force calls for better incident reporting

  Michael Phillips, co-chair of the Ransomware Task Force and chief claims officer at Resilience, pointed to a 'data gap' that prohibits a complete picture of the ransomware problem.

• June 07, 2022 07 Jun'22

  Microsoft details zero-trust transition, challenges

  Over the past three years, Microsoft has moved to a zero-trust framework. Security engineers outlined the transition and its challenges during a session at RSA Conference 2022.

• June 07, 2022 07 Jun'22

  DNI Avril Haines: Cybersecurity is getting harder

  During her RSA Conference 2022 keynote, the U.S. Director of National Intelligence discussed the increase in cyber threats, from nation-state attacks to commercial hacking tools.

• June 07, 2022 07 Jun'22

  Cybereason: Paying ransoms leads to more ransomware attacks

  Cybereason found that the majority of organizations that pay threat actors to decrypt data are attacked again -- usually within a month and at the hands of the same attackers.

• June 06, 2022 06 Jun'22

  MacOS malware attacks slipping through the cracks

  Apple security specialist Patrick Wardle told RSA Conference 2022 attendees that some of the worst security flaws in the macOS operating system come from overlooked bits of code.

• June 06, 2022 06 Jun'22

  Major DDoS attacks increasing after invasion of Ukraine

  DDoS attacks are a growing threat to both government and commercial entities across the globe, as Russia's invasion of Ukraine has increased the rate of attacks in 2022.

• June 03, 2022 03 Jun'22

  Critical Atlassian Confluence flaw exploited in the wild

  No patch is currently available for the critical Atlassian bug, which affects Confluence Server and Data Center products, though one is expected by end of day Friday.

• June 02, 2022 02 Jun'22

  May ransomware attacks strike municipal governments, IT firms

  A major agriculture machinery vendor as well as a handful of other private companies and municipal governments were the targets of ransomware attacks in May.

• June 02, 2022 02 Jun'22

  Conti ransomware group targeted Intel firmware tools

  A pair of Intel firmware management platforms were targeted by the notorious Conti ransomware group to create new attack techniques, according to Eclypsium researchers.

• June 02, 2022 02 Jun'22

  VMware launches 'threat intelligence cloud' Contexa

  The Contexa threat intelligence service is integrated into all VMware security products and will be available to all new and existing customers at no additional cost.

• June 01, 2022 01 Jun'22

  Hackers ransom 1,200 exposed Elasticsearch databases

  An extensive extortion operation didn't need exploits or vulnerabilities to take over more than 1,200 Elasticsearch databases and demand bitcoin payments, according to Secureworks.

• June 01, 2022 01 Jun'22

  Forescout proof-of-concept ransomware attack affects IoT, OT

  Forescout's proof of concept showed how an attacker could use an IoT camera to gain access to an enterprise's IT network and then shut down operational technology hardware.

• May 31, 2022 31 May'22

  Microsoft zero day exploited in the wild, workarounds released

  A zero-day flaw in the Microsoft Support Diagnostic Tool has already been exploited in the wild. No patch is available yet, but Microsoft released temporary mitigations.

• May 26, 2022 26 May'22

  U.S. Senate report calls out lack of ransomware reporting

  The Senate Committee on Homeland Security published a report that points to a lack of ransomware reporting as a major issue in defending the U.S. from cyber attacks.

• May 26, 2022 26 May'22

  Twitter fined $150M for misusing 2FA data

  The DOJ and FTC said the social media company misused consumers' personal data for advertisement purposes, from which it gained benefit.

• May 26, 2022 26 May'22

  'Pantsdown' BMC vulnerability still present in Quanta servers

  Eclypsium found that a critical security flaw first disclosed in 2019 remains exposed in many internet-facing servers, leaving networks at risk for remote code execution attacks.

• May 25, 2022 25 May'22

  Verizon DBIR: Stolen credentials led to nearly 50% of attacks

  The Verizon 2022 Data Breach Investigations Report revealed enterprises' ongoing struggle with securing credentials and avoiding common mistakes such as misconfigurations.

• May 24, 2022 24 May'22

  Developers targeted by poisoned Python library

  A developer's expired domain led to a threat actor taking control of an open source library and poisoning it with malware that could steal private keys for AWS instances.

• May 24, 2022 24 May'22

  MFA technology is rapidly evolving -- are mandates next?

  The evolving landscapes of both the modern workplace and cyberthreats have paved the way for some organizations to require multifactor authentication protection. Will others join?

• May 24, 2022 24 May'22

  Verizon DBIR: Ransomware dominated threat landscape in 2021

  Though ransomware became an increasingly large threat to enterprises last year, Verizon's Data Breach Investigations Report found the model may not be as profitable as expected.

• May 23, 2022 23 May'22

  AdvIntel: Conti rebranding as several new ransomware groups

  According to AdvIntel's research, the Conti ransomware group's attack on the Costa Rican government was part of a rebranding effort, as the gang's ransom payments had dried up.

• May 19, 2022 19 May'22

  QNAP devices hit by DeadBolt ransomware again

  DeadBolt ransomware is once again targeting QNAP's NAS devices, and the vendor is urging customers to patch immediately.

• May 19, 2022 19 May'22

  VMware vulnerabilities under attack, CISA urges action

  Administrators are grappling with four VMware vulnerabilities -- two older flaws that are under active exploitation and two new bugs that CISA believes will be exploited soon.

• May 19, 2022 19 May'22

  Small businesses under fire from password stealers

  Kaspersky researchers tracked notable increases in password-stealing Trojans, RDP attacks and other cyberthreats against small businesses in various countries.

• May 18, 2022 18 May'22

  Axie Infinity hack highlights DPRK cryptocurrency heists

  The $620 million hack of developer Sky Mavis earlier this year is only the latest in a long line of cryptocurrency platform attacks conducted by North Korean nation-state actors.

• May 18, 2022 18 May'22

  CISA calls out security misconfigurations, common mistakes

  Poor security practices and misconfigured controls are allowing threat actors to compromise enterprise networks.

• May 17, 2022 17 May'22

  North Korean IT workers targeting US enterprises

  North Korean nationals are looking to land jobs at U.S. and European companies to collect sensitive data that could help the reclusive government's military programs.

• May 17, 2022 17 May'22

  Cardiologist charged with creating Thanos, Jigsaw ransomware

  Moises Luis Zagala Gonzalez, 55, faces up to five years in prison for each of the two charges connected to his alleged role in creating Thanos and Jigsaw ransomware.

• May 16, 2022 16 May'22

  Critical bug in Zyxel firewalls, VPNs exploited in the wild

  Initially discovered by Rapid7, the vulnerability poses a critical risk to enterprise networks and could allow attackers to gain remote access to Zyxel security products.

• May 12, 2022 12 May'22

  Iranian APT Cobalt Mirage launching ransomware attacks

  Secureworks researchers said a new Iranian state-sponsored threat group is melding government and financial interests by targeting U.S. organizations with ransomware attacks.

• May 12, 2022 12 May'22

  Vendors, governments make ransomware decryptors more common

  Ransomware decryption tools are increasingly common today, thanks to cybersecurity vendors and law enforcement agencies working on cracking past and present ransomware threats.

• May 11, 2022 11 May'22

  Critical F5 vulnerability under exploitation in the wild

  A remote code vulnerability in F5 BIG-IP network appliances is now being scanned for by threat actors, and some experts have observed exploitation in the wild.

• May 11, 2022 11 May'22

  US, allies warn of nation-state attacks against MSPs

  The joint advisory did not name any specific nation-states, though co-sponsor agencies expect threat actors to 'step up their targeting' of managed service providers (MSPs).

• May 10, 2022 10 May'22

  New clues point to REvil ransomware gang's return

  New research from Secureworks' Counter Threat Unit provides further evidence that the REvil ransomware group, once thought to be defunct, is indeed back on the scene.

• May 10, 2022 10 May'22

  US, EU attribute Viasat hack to Russia

  The U.S. and U.K. governments, along with the EU, confirmed the suspicions around the attack that disrupted satellite services for customers in Ukraine as Russia invaded the country.

• May 09, 2022 09 May'22

  Victims of Horizon Actuarial data breach exceed 1M

  Five months after the data breach was discovered, the number of Horizon Actuarial Services customers and individuals affected by the attack has climbed significantly.

• May 09, 2022 09 May'22

  US offers $10M bounty for Conti ransomware information

  The bounty follows a recent Conti ransomware attack that Costa Rica suffered in April. The country's new president, Rodrigo Chaves, declared a national emergency Sunday.

• May 06, 2022 06 May'22

  Cryptocurrency mixer sanctioned over Lazarus Group ties

  North Korea's Lazarus Group is accused of stealing more than $600 million in the Axie Infinity hack and laundering a chunk through the Blender.io mixing service.

• May 05, 2022 05 May'22

  Hackers exploit vulnerable Adminer for AWS database thefts

  Mandiant researchers spotted a threat group using an exploit for older versions of Adminer to get their hands on metadata that included secret keys for AWS accounts.

• May 05, 2022 05 May'22

  SentinelOne finds high-severity flaws in Avast, AVG

  The Avast and AVG vulnerabilities, which have been patched, went undiscovered for 10 years and potentially impact millions of devices, according to SentinelOne.

• May 05, 2022 05 May'22

  Google cloud misconfiguration poses risk to customers

  Cloud security vendor Mitiga discovered 'dangerous functionality' in the Google Cloud Platform that could allow attackers to compromise virtual machines.

• May 04, 2022 04 May'22

  Coveware: Double-extortion ransomware attacks fell in Q1

  Coveware said double-extortion ransomware may be replaced with 'big shame ransomware,' in which an attacker threatens to leak sensitive data without encrypting it.

• May 04, 2022 04 May'22

  Winnti threat group rides again with IP theft campaign

  A Chinese cyberespionage campaign, dubbed 'Operation CuckooBees' by Cybereason, went unnoticed for years as spies siphoned off intellectual property from companies.

• May 03, 2022 03 May'22

  Trend Micro discovers AvosLocker can disable antivirus software

  AvosLocker operators are using legitimate tools and previously disclosed vulnerabilities to disable antivirus software and evade detection on infected machines.

• May 03, 2022 03 May'22

  RCE vulnerabilities found in Avaya, Aruba network switches

  Armis told SearchSecurity that depending on device model, it was 'not too hard to develop an exploit' for the Avaya and Aruba flaws, heightening concern for administrators.

• May 03, 2022 03 May'22

  April ransomware attacks slam US universities

  April's ransomware attacks were highlighted by several universities and colleges in the U.S. reporting attacks, plus a possible data breach at one of the world's largest beverage companies.

• May 02, 2022 02 May'22

  Cyberespionage group exploiting network and IoT blind spots

  Researchers with Mandiant have uncovered a new espionage-focused hacking operation that takes advantage of IoT and networking gear that security tools don't cover.

• April 28, 2022 28 Apr'22

  Lapsus$ targeting SharePoint, VPNs and virtual machines

  From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung.

• April 28, 2022 28 Apr'22

  Check Point: Ransomware attacks lasted 9.9 days in 2021

  Check Point Research and Kovrr found ransomware attack victims paid out 89% of the ransom demand on average in 2019. The figure dropped to 27% in 2020 before rising to 49% in 2021.

• April 28, 2022 28 Apr'22

  Phishing attacks benefiting from shady SEO practices

  Cybercriminals running phishing operations are now making use of SEO specialists that break Google's rules to get themselves placed above legitimate search results to lure victims.

• April 27, 2022 27 Apr'22

  Five Eyes reveals 15 most exploited vulnerabilities of 2021

  Law enforcement agencies from five countries share the top flaws they've observed being exploited this year, some of which were disclosed as early as 2018.

• April 27, 2022 27 Apr'22

  REvil ransomware attacks resume, but operators are unknown

  The notorious REvil ransomware gang appears to be up and running once more, as new attacks and malware samples have been observed, but it's unclear who is behind the operation.

• April 27, 2022 27 Apr'22

  Sophos: 66% of organizations hit by ransomware in 2021

  Forty-four percent of organizations surveyed by Sophos said they used multiple approaches to recover data following a ransomware attack, including paying ransoms and using backups.

• April 26, 2022 26 Apr'22

  Cisco Talos observes 'novel increase' in APT activity in Q1

  The security vendor uncovered new trends during Q1, including increased APT attacks, 'democratized' ransomware threats and significant exploitation of Log4j bugs.

• April 25, 2022 25 Apr'22

  LemonDuck botnet evades detection in cryptomining attacks

  While the botnet is not new, it appears operators are honing their skills and evading Alibaba Cloud's monitoring service to take advantage of rising cryptocurrency prices.

• April 25, 2022 25 Apr'22

  T-Mobile breached in apparent Lapsus$ attack

  Lapsus$'s alleged theft of T-Mobile source code is in line with its previous activity; the cybercrime group previously stole code from Microsoft and Samsung.

• April 21, 2022 21 Apr'22

  Zero-day vulnerability exploitation soaring, experts say

  Researchers with Mandiant and Google Project Zero say they observed significant increases in exploitation of zero-day vulnerabilities over the past year.

• April 21, 2022 21 Apr'22

  Cryptocurrency theft leaves Beanstalk Farms' future in doubt

  Beanstalk Farms' founders confirmed they found many aspects of activity during the attack 'strange' but saw no reason for concern. Now, the company's future is uncertain.

• April 21, 2022 21 Apr'22

  FBI warns of 'timed' ransomware attacks on agriculture sector

  In a recent alert, the FBI warned that food and agriculture businesses could become a target of ransomware attacks at the sector's busiest times of the year.

• April 20, 2022 20 Apr'22

  U.S. warns of 'increased' threats from Russian hacking groups

  The U.S. government and its Five Eyes intelligence partners issued a joint advisory warning of the dangers posed by both state-sponsored hackers and cybercriminal crews in Russia.

• April 20, 2022 20 Apr'22

  Kaspersky releases decryptor for Yanluowang ransomware

  Kaspersky is offering users and admins a tool to decrypt data that had been locked away by the emerging Yanluowang ransomware gang, which was first revealed in December.

• April 20, 2022 20 Apr'22

  BlackCat emerges as one of the top ransomware threats

  After several notable ransomware attacks against major enterprises, the BlackCat gang is drawing the attention of security researchers who have connected it to other groups.

• April 20, 2022 20 Apr'22

  AWS Log4Shell hot patch vulnerable to privilege escalation

  Amazon's initial Log4Shell fix had 'severe security issues,' a Palo Alto Networks security researcher said. Amazon released new patches to fix those issues Tuesday.

• April 18, 2022 18 Apr'22

  Pegasus spyware discovered on U.K. government networks

  Citizen Lab confirmed it spotted the notorious spyware running on systems within the U.K. prime minister's office, and it believes the United Arab Emirates is to blame.

• April 18, 2022 18 Apr'22

  Stolen OAuth tokens lead to 'dozens' of breached GitHub repos

  Stolen OAuth tokens issued to Heroku and Travis CI were used to download data from the private repositories of 'dozens of organizations,' including GitHub subsidiary npm.

• April 18, 2022 18 Apr'22

  Attack on Beanstalk Farms results in $182M loss

  High payouts and security weaknesses make cryptocurrency a growing target, which was highlighted even further in the latest attack involving virtual currency and a DeFi platform.

• April 15, 2022 15 Apr'22

  Corvus: Ransomware costs, ransom payments declining

  Cyber insurance provider Corvus examined how the cost of ransomware attacks declined over the past year and a half and what it means for different industries moving forward.

• April 14, 2022 14 Apr'22

  Critical Windows RPC vulnerability raises alarm

  Security experts warn that a newly disclosed vulnerability in a critical Windows networking component is opening the door for remote takeover attacks.

• April 14, 2022 14 Apr'22

  VMware Workspace One flaw actively exploited in the wild

  Multiple threat intelligence providers have detected threat activity related to the VMware Workspace One flaw, including cryptocurrency mining activity.

• April 14, 2022 14 Apr'22

  US government, security vendors warn of new ICS malware

  As attacks on critical infrastructure increase, experts warn that threat actors have developed new malware designed to take control of ICS and SCADA systems in the energy sector.

• April 13, 2022 13 Apr'22

  Microsoft dismantles ZLoader botnet

  Microsoft and ESET security teams explained how they were able to identify and dismantle the command and control infrastructure of the notorious ZLoader malware network.

• April 13, 2022 13 Apr'22

  Sophos: LockBit affiliates hacked regional government agency

  Sophos said attackers spent at least five months inside an unnamed regional government agency's network, remotely Googling for hacking tools before deploying LockBit ransomware.

• April 12, 2022 12 Apr'22

  Ukraine energy grid hit by Russian Industroyer2 malware

  The 2016 malware known as 'Industroyer' has resurfaced in a new series of targeted attacks against industrial controller hardware at a Ukraine power company.

• April 12, 2022 12 Apr'22

  Synopsys: Enterprises struggling with open source software

  To curb open source risk, Synopsys advises enterprises to keep a comprehensive inventory of all software within its environment and to understand that securing open source requires strong management.

• April 12, 2022 12 Apr'22

  Law enforcement takedowns continue with RaidForums seizure

  The hacker forum, which used to sell and purchase sensitive information including login credentials, has been dismantled, and its alleged founder was arrested and indicted.

• April 11, 2022 11 Apr'22

  Apple Security Bounty improves, but problems remain

  Security researchers told SearchSecurity that Apple Security Bounty improved its communication earlier this year, which had been a key issue for participants.

• April 08, 2022 08 Apr'22

  Fin7 hacker sentenced to 5 years in prison

  A Ukrainian man has been sentenced to five years in prison after being convicted as one of the primary hackers behind the notorious Fin7 financial malware ring.

• April 07, 2022 07 Apr'22

  Government officials: AI threat detection still needs humans

  At the Ai4 Cybersecurity Summit, infosec professionals from CISA and the state of Tennessee discussed the promise and potential obstacles of AI for threat detection.

• April 07, 2022 07 Apr'22

  How the FBI took down the Cyclops Blink botnet

  The FBI's operation copied and removed Cyclops Blink's malware from victims' systems that were used as command and control devices, severing Sandworm's control of the botnet.

• April 06, 2022 06 Apr'22

  US sanctions Garantex for laundering over $100M

  The latest action follows a string of sanctions imposed during the past year against cryptocurrency exchanges operating out of Russia.

• April 06, 2022 06 Apr'22

  Conti ransomware leaks show a low-tech but effective model

  The Conti ransomware gang runs largely on elbow grease, according to Akamai security researchers who analyzed the group's training materials and operating policies.

• April 05, 2022 05 Apr'22

  German authorities behead dark web Hydra Market

  Police in Germany raided facilities hosting the infamous Hydra Market site as part of an international effort to crack down on dark web forums and marketplaces.