News

News

• January 11, 2022 11 Jan'22

  NetUSB flaw could impact millions of routers

  SentinelOne researcher Max Van Amerongen said the only way to fix the high-severity vulnerability is to update the router firmware, which can be a difficult process.

• January 10, 2022 10 Jan'22

  Chainalysis: Cryptocurrency crime reaches all-time high

  While illicit activity peaked at $14 billion in 2021, Chainalysis said it's a drop in the bucket compared with overall transactions amid 'roaring adoption' of cryptocurrency.

• January 10, 2022 10 Jan'22

  VMware ESXi 7 users vulnerable to hypervisor takeover bug

  A recent security update addressed a hypervisor takeover vulnerability in several VMware products, but the patch omitted one key server platform in ESXi 7.

• January 06, 2022 06 Jan'22

  New Zloader attacks thwarting Microsoft signature checks

  Check Point Software Technologies found a long-known trick of injecting code into valid file signatures remains effective for spreading malware such as Zloader.

• January 05, 2022 05 Jan'22

  NY AG's credential stuffing probe finds 1M exposed accounts

  The threat of credential stuffing attacks prompted an investigation by the New York Attorney General, which found stolen passwords for customer accounts across 17 companies.

• January 05, 2022 05 Jan'22

  FTC warns companies to mitigate Log4j vulnerability

  In a blog post about the critical Log4Shell vulnerability, the FTC mentioned 2017's Equifax breach and the legal consequences that followed.

• December 30, 2021 30 Dec'21

  Threat actors target HPE iLO hardware with rootkit attack

  Integrated Lights Out, HPE's remote server management platform, has been compromised by intruders who are using it to install a hard-to-detect rootkit in the wild.

• December 23, 2021 23 Dec'21

  ManageEngine attacks draw warning from FBI

  The FBI said a vulnerability in the ManageEngine Desktop Central IT management tool is being used by APT actors in targeted network attacks dating back to October.

• December 20, 2021 20 Dec'21

  5 Russians charged in hacking, illegal trading scheme

  A group of hackers based in Russia and tied to the GRU stand accused of breaking into companies and using confidential data to profit from illegal stock trades.

• December 20, 2021 20 Dec'21

  Log4j 2.17.0 fixes newly discovered exploit

  The Log4j 2.17.0 update is the third of its kind since Log4Shell was disclosed and the mass exploitation began. Versions 2.15.0 and 2.16.0 patched remote code execution bugs.

• December 20, 2021 20 Dec'21

  Apple v. NSO Group: How will it affect security researchers?

  While the full extent of impact won't be revealed until the lawsuit concludes, negative impacts on security researchers are possible.

• December 20, 2021 20 Dec'21

  Critical bugs could go unpatched amid Log4j concern

  Many organizations are focused on finding and patching Log4Shell, but there are other vulnerabilities, including Patch Tuesday bugs, already under active exploitation.

• December 17, 2021 17 Dec'21

  Risk & Repeat: Log4Shell shakes infosec industry

  This Risk & Repeat podcast episode looks at the latest developments with Log4Shell and the efforts to mitigate the critical remote code executive vulnerability.

• December 15, 2021 15 Dec'21

  Log4j gets a second update as security woes pile up

  Administrators who were already scrambling to patch up the Log4Shell flaw are now being advised to update to Log4j version 2.16.0 following the discovery of issues in 2.15.0.

• December 15, 2021 15 Dec'21

  Nation-state threat groups are exploiting Log4Shell

  Multiple nation-state actors are taking advantage of the critical log4j 2 vulnerability, making mitigation even more urgent for some enterprises and government agencies.

• December 15, 2021 15 Dec'21

  'Insane' spread of Log4j exploits won't abate anytime soon

  Experts say that the explosion in exploits for CVE-2021-44228 is only the early phase of what will be a long and tedious road to remediation for the critical vulnerability.

• December 14, 2021 14 Dec'21

  Hive ransomware claims hundreds of victims in 6-month span

  Group-IB research has revealed that Hive ransomware-as-a-service operations are back and busier than ever, with a rapidly growing victim list over a short amount of time.

• December 14, 2021 14 Dec'21

  Log4Shell: Experts warn of bug's severity, reach

  Check Point Research said in a blog post 'anyone can make a Log4Shell exploit,' as it only requires a single string of malicious code.

• December 13, 2021 13 Dec'21

  Fixes for Log4j flaw arise as attacks soar

  Exploits against the Log4j security vulnerability are already commonplace just days after its disclosure, but some vendors are already offering mitigations and detection tools.

• December 13, 2021 13 Dec'21

  Critical Log4j flaw exploited a week before disclosure

  The Apache Software Foundation first found out about the Log4j 2 vulnerability in late November, but Cisco and Cloudflare detected exploitation in the wild shortly after.

• December 10, 2021 10 Dec'21

  Dark web posts shed light on Panasonic breach

  A network breach at Japanese electronics giant Panasonic was possibly set up as far back as January, according to researchers who were monitoring dark web forums.

• December 10, 2021 10 Dec'21

  Critical Apache Log4j 2 bug under attack; mitigate now

  The Log4j 2 flaw has a base CVSS score of 10 and enables remote code execution against applications, cloud services and PC games with vulnerable configurations.

• December 09, 2021 09 Dec'21

  17 Discord malware packages found in NPM repository

  These latest reports of Discord malware follow a trend of threat actors using open source software repositories to host malware, two JFrog researchers said.

• December 09, 2021 09 Dec'21

  Threat actors targeting MikroTik routers, devices

  Eclypsium researchers found vulnerable MikroTik devices have become a popular target for threat actors, who are exploiting known flaws that remain unpatched.

• December 07, 2021 07 Dec'21

  USB-over-Ethernet bugs put cloud services at risk

  SentinelOne says vulnerabilities in the Eltima SDK, which connects USB devices on virtual workstations, can put enterprises at risk of privilege escalation attacks.

• December 07, 2021 07 Dec'21

  BadgerDAO users' cryptocurrency stolen in cyber attack

  Following last week's attack, BadgerDAO sent the threat actor a message, offering to 'compensate' the individual for finding a vulnerability in the company's systems.

• December 07, 2021 07 Dec'21

  Google takes action against blockchain-based Glupteba botnet

  In a legal complaint made public Tuesday, Google said that it "has been and continues to be directly injured" by the actions of the Glupteba botnet.

• December 06, 2021 06 Dec'21

  BitMart the latest crypto exchange to suffer cyber attack

  BitMart, which describes itself as the 'most trusted crypto trading platform,' confirmed it was the victim of an attack where $150 million in assets were stolen.

• December 06, 2021 06 Dec'21

  One year later, SolarWinds hackers targeting cloud providers

  The hacking crew accused of breaking into SolarWinds a year ago is back at it and is trying to get to their targets through attacks on the networks of cloud computing providers.

• December 03, 2021 03 Dec'21

  Hundreds of new vulnerabilities found in SOHO routers

  Researchers credited vendors for their swift response to reports of widespread security vulnerabilities but warned users to make sure firmware is updated to avoid attacks.

• December 02, 2021 02 Dec'21

  Former Ubiquiti engineer arrested for inside threat attack

  Nickolas Sharp is accused of attacking his former employer, stealing confidential data and attempting to extort the company into paying him approximately $2 million.

• December 01, 2021 01 Dec'21

  New Yanluowang ransomware mounting targeted attacks in US

  Symantec threat analysts observed the new ransomware operation abusing legitimate tools such as ConnectWise's remote access product to move laterally inside networks.

• December 01, 2021 01 Dec'21

  CISA taps CrowdStrike for endpoint security

  The U.S. government's cybersecurity authority will be watched over by security vendor CrowdStrike as part of the larger government IT security overhaul.

• December 01, 2021 01 Dec'21

  BlackByte ransomware attacks exploiting ProxyShell flaws

  Red Canary said BlackByte's campaign is using wormable ransomware against organizations vulnerable to ProxyShell flaws in Microsoft Exchange.

• November 30, 2021 30 Nov'21

  Windows Installer zero-day under active exploitation

  McAfee said the Windows Installer vulnerability is being exploited in 23 countries around the world, including the United States, China, India and others.

• November 29, 2021 29 Nov'21

  Hack 'Sabbath': Elusive new ransomware detected

  A newly uncovered ransomware operation, dubbed UNC2190 or "Sabbath," has roots in a previous ransomware group but has so far been able to operate mostly undetected.

• November 23, 2021 23 Nov'21

  Apple files lawsuit against spyware vendor NSO Group

  Apple sued the Israeli technology vendor, whose Pegasus spyware has been implicated in several malicious attacks on journalists, activists and government officials.

• November 23, 2021 23 Nov'21

  Researcher drops instant admin Windows zero-day bug

  A newly-disclosed zero-day vulnerability in Windows could potentially allow local users to elevate their permissions to administrator status, and Microsoft has yet to post a fix.

• November 22, 2021 22 Nov'21

  GoDaddy discloses breach of 1.2M customer account details

  Web hosting provider GoDaddy said an attacker broke into its Managed WordPress service and accessed the account details and SSL keys of 1.2 million customers.

• November 22, 2021 22 Nov'21

  Cryptocurrency exchange BTC-Alpha confirms ransomware attack

  While it is common for threat actors to use cryptocurrency platforms to move and obfuscate ransom payments, this time an exchange platform was the victim of such an attack.

• November 19, 2021 19 Nov'21

  Cybercriminals discuss new business model for zero-day exploits

  Digital Shadows observed increased chatter on dark web forums about the possible emergence of a new business model that would rent out zero-day exploits as a service.

• November 19, 2021 19 Nov'21

  How enterprises need to prepare for 'cyberwar' conflicts

  Infosec expert Tarah Wheeler said increasing international conflicts are posing new compliance and regulatory standards, but adapting the changes may be difficult for enterprises.

• November 18, 2021 18 Nov'21

  CISA, Microsoft warn of rise in cyber attacks from Iran

  CISA and Microsoft this week issued alerts about increased threat activity Iranian nation-state hacking groups, including ransomware attacks on enterprises.

• November 18, 2021 18 Nov'21

  New side channel attack resurrects DNS poisoning threat

  A new side channel attack would potentially allow attackers to poison DNS servers and reroute traffic to malicious sites.

• November 17, 2021 17 Nov'21

  Malwarebytes slams Apple for inconsistent patching

  At the center of the Apple criticism is an exploit chain that utilized two vulnerabilities -- one of which was only patched in macOS Big Sur for several months.

• November 17, 2021 17 Nov'21

  Risk & Repeat: Are ransomware busts having an effect?

  International law enforcement agencies this year have stepped up efforts to address the ransomware threat with arrests, indictments and multimillion-dollar rewards.

• November 15, 2021 15 Nov'21

  Microsoft releases out-of-band update for Windows Server

  Less than a week after November's Patch Tuesday, Microsoft released an unscheduled security update for Windows Server to address an authentication vulnerability.

• November 11, 2021 11 Nov'21

  Aruba Central breach exposed customer data

  HPE-owned Aruba Networks said one of its cloud databases was accessed by hackers who were able to make off with location and telemetry data for its customers' Wi-Fi gear.

• November 11, 2021 11 Nov'21

  Trend Micro reveals 'Void Balaur' cybermercenary group

  New Trend Micro research revealed a cybermercenary group that has been actively targeting high-profile organizations and individuals across the globe since 2015.

• November 11, 2021 11 Nov'21

  'King of Fraud' sentenced for Methbot botnet operation

  Aleksandr Zhukov was sentenced to 10 years in prison for the theft of $7 million in a massive digital advertising fraud operation using his 'Methbot' botnet.

• November 09, 2021 09 Nov'21

  Medical devices at risk from Siemens Nucleus vulnerabilities

  Thirteen bugs, including a critical security flaw, have been patched in the Siemens Nucleus TCP/IP stack, a vital component for millions of connected medical devices.

• November 08, 2021 08 Nov'21

  DOJ charges REvil ransomware members, seizes $6.1M

  One of the accused cybercriminals, who was directly involved in the ransomware attack on Kaseya earlier this year, was arrested and faces extradition from Poland.

• November 04, 2021 04 Nov'21

  DDoS botnet exploiting known GitLab vulnerability

  A botnet is using a critical GitLab vulnerability, which was disclosed and patched in April, to launch powerful DDoS attacks that have surpassed 1 Tbps.

• November 03, 2021 03 Nov'21

  CISA requires agencies to patch nearly 300 vulnerabilities

  The Cybersecurity and Infrastructure Security Agency issued a directive for government agencies that requires patching for hundreds of known software security vulnerabilities.

• November 02, 2021 02 Nov'21

  Trojan Source bugs enable 'invisible' source code poisoning

  A pair of flaws in nearly every popular programming language enables attackers to hide malicious code in plain sight without the ability to be detected prior to compiling.

• October 29, 2021 29 Oct'21

  Europol 'targets' 12 suspects in ransomware bust

  Europol has not said whether the suspected ransomware actors were arrested or detained, but the 12 were allegedly involved in attacks that affected 1,800 victims in 71 countries.

• October 28, 2021 28 Oct'21

  Hackers upping SSL usage for encrypted attacks, communications

  A report from cloud security vendor Zscaler found that cybercriminals are using secure connections to evade detection while carrying out network attacks.

• October 22, 2021 22 Oct'21

  Risk & Repeat: Apple bug bounty frustrations boil over

  Security researchers criticized the Apple Security Bounty program and claimed the company ignored bug reports, denied bounty payments and silently patched vulnerabilities.

• October 15, 2021 15 Oct'21

  Accenture sheds more light on August data breach

  The IT services giant disclosed in an SEC filing that threat actors stole and leaked proprietary data during a LockBit ransomware attack earlier this year.

• October 14, 2021 14 Oct'21

  Google digs into Iran's APT35 hacking group

  Covert phishing tactics and cleverly disguised notifications are among the calling cards of the increasingly sophisticated operation aimed at Iran's opponents.

• October 14, 2021 14 Oct'21

  Enterprises ask Washington to step up cyber collaboration

  During CISA's National Cybersecurity Summit, critical infrastructure companies said they need better information on cyberthreats from the federal government.

• October 13, 2021 13 Oct'21

  How hackers exploited RCE vulnerabilities in Atlassian, Azure

  Barracuda researchers examined exploitation activity and attack patterns for two remote code execution vulnerabilities affecting Atlassian's Confluence and Microsoft's Azure.

• October 12, 2021 12 Oct'21

  Apple patches iOS vulnerability actively exploited in the wild

  Apple said in a security advisory that it had received a report that the iOS flaw, which impacts kernel extension IOMobileFrameBuffer, 'may have been actively exploited.'

• October 11, 2021 11 Oct'21

  Iranian password spraying campaign hits Office 365 accounts

  The Iran-backed DEV-0343 threat group has launched a password spraying offensive against Office 365 accounts in the defense, maritime and oil industries.

• October 11, 2021 11 Oct'21

  Cyber insurance premiums, costs skyrocket as attacks surge

  As cyber attacks and losses have increased, so has demand for cyber insurance. But now premiums are reflecting a harsh new reality.

• October 08, 2021 08 Oct'21

  Senators want FTC to enforce a federal data security standard

  U.S. Senators debated creating federal data privacy and security standards and providing the FTC with enough resources to enforce them.

• October 08, 2021 08 Oct'21

  Admins: Patch management is too complex and cumbersome

  A new survey from Ivanti shows a majority of administrators and infosec professionals feel the shift to decentralized workspaces has made patch management an even bigger headache.

• October 06, 2021 06 Oct'21

  Apache HTTP Server vulnerability under active attack

  Security experts are urging administrators to update their installations of Apache HTTP Server following the disclosure of a zero-day vulnerability that had been under attack.

• October 06, 2021 06 Oct'21

  Iranian hackers abusing Dropbox in cyberespionage campaign

  A group of hackers believed to be based in Iran is targeting organizations in the U.S. and elsewhere with a campaign that uses cloud storage service Dropbox.

• October 06, 2021 06 Oct'21

  Twitch confirms data breach following massive leak

  Leakers claim to have stolen almost 6,000 internal Git repositories, including 'the entirety of Twitch.tv' and content creator payouts.

• October 04, 2021 04 Oct'21

  2 suspected ransomware operators arrested in Ukraine

  A coordinated international law enforcement operation led to the arrest of two alleged ransomware operators, though the ransomware gang has not been identified.

• September 30, 2021 30 Sep'21

  FireEye and McAfee Enterprise announce product mashup

  Merger-happy investment firm STG has let slip that it will integrate the product lines of McAfee Enterprise and FireEye. Analysts say it will be a challenging road ahead.

• September 30, 2021 30 Sep'21

  Researchers hack Apple Pay, Visa 'Express Transit' mode

  Academic researchers discover an attack technique that enables them to make fraudulent transactions on locked iPhones when Apple Pay and Visa cards are set up for transit mode.

• September 29, 2021 29 Sep'21

  Telegram bots allowing hackers to steal OTP codes

  A simplified new attack tool based on Telegram scripts is allowing criminals to steal one-time password credentials and take over user accounts and drain bank funds.

• September 29, 2021 29 Sep'21

  Group-IB CEO Ilya Sachkov charged with treason in Russia

  Group-IB maintains the innocence of CEO and founder Ilya Sachkov and said that co-founder and CTO Dmitry Volkov will assume leadership of the company.

• September 28, 2021 28 Sep'21

  Microsoft releases emergency Exchange Server mitigation tool

  Microsoft turned its attention to organizations that are slower to patch by releasing an emergency mitigation tool as a temporary fix against current threats.

• September 28, 2021 28 Sep'21

  Ransomware: Has the U.S. reached a tipping point?

  The ransomware problem has grown more severe in recent years due to a growing number of attacks against large organizations and the standardization of double-extortion tactics.

• September 28, 2021 28 Sep'21

  SolarWinds hackers Nobelium spotted using a new backdoor

  Microsoft researchers believe Nobelium, the Russian-backed group that breached SolarWinds, has been using a backdoor tool called FoggyWeb since at least April.

• September 24, 2021 24 Sep'21

  Spurned researcher posts trio of iOS zero days

  An anonymous bug hunter critical of Apple's handling of reports to its bounty program has released details on three zero-day vulnerabilities in its iOS mobile platform.

• September 24, 2021 24 Sep'21

  Cybersecurity leaders back law for critical infrastructure

  In the wake of cyberattacks like Colonial Pipeline, U.S. senators want a national law requiring critical infrastructure companies to report cybersecurity incidents to CISA.

• September 23, 2021 23 Sep'21

  Autodiscover flaw in Microsoft Exchange leaking credentials

  Guardicore found that exploiting a design flaw in Autodiscover allowed it to capture more than 372,000 Windows domain credentials and nearly 97,000 unique application credentials.

• September 22, 2021 22 Sep'21

  Turla deploying 'secondary' backdoor in state-sponsored attacks

  Cisco Talos said hackers connected to the Russian APT Turla are using a new piece of malware to get persistent access on infected networks in the U.S., Germany and Afghanistan.

• September 22, 2021 22 Sep'21

  Marcus & Millichap hit with possible BlackMatter ransomware

  The real estate firm confirmed in a SEC filing this week that it had suffered a recent cyber attack but claimed there was no 'material disruption' to its business.

• September 22, 2021 22 Sep'21

  Symantec: Staging activity observed on Exchange servers

  Threat actors appear to be targeting Microsoft Exchange servers with pre-ransomware activity, including one attempt to exfiltrate data.

• September 21, 2021 21 Sep'21

  Treasury Department sanctions cryptocurrency exchange Suex

  In the ongoing battle against ransomware attacks, the Treasury Department sanctioned Suex, a cryptocurrency exchange accused of laundering ransom payments.

• September 20, 2021 20 Sep'21

  Italian Mafia implicated in massive cybercrime network

  A recent spate of phishing attacks and SMS fraud scams in Spain is being blamed on cybercriminals who were operating from the Canary Islands with backing from the Italian mob.

• September 20, 2021 20 Sep'21

  Microsoft details 'OMIGOD' Azure vulnerability fixes, threats

  Microsoft fixed the open source OMI software during last week's Patch Tuesday, but the tech giant has struggled to get the updated agents to Azure customers.

• September 16, 2021 16 Sep'21

  Bitdefender releases REvil universal ransomware decryptor

  The REvil decryptor key helps victims recover their encrypted files, as long as the attacks were made before July 13, which is when REvil went off the grid for two months.

• September 16, 2021 16 Sep'21

  ExpressVPN stands behind CIO named in UAE hacking scandal

  ExpressVPN said it will not cut ties with CIO Daniel Gericke, who was implicated by the DOJ in state-sponsored hacking on behalf of the United Arab Emirates government.

• September 15, 2021 15 Sep'21

  ‘OMIGOD’ vulnerabilities put Azure customers at risk

  OMI, the software agent at the center of a remote code execution flaw, is "just one example" of silent, pre-installed software in cloud environments, according to one researcher.

• September 15, 2021 15 Sep'21

  McAfee discovers Chinese APT campaign 'Operation Harvest'

  McAfee Enterprise found the threat actors had not only breached a company's network, but had spent 'multiple years' siphoning data from the victim before getting caught.

• September 14, 2021 14 Sep'21

  Google patches actively exploited Chrome zero-days

  Two more vulnerabilities in Google's web browser joined a growing list of Chrome zero-days that have been actively exploited in the wild this year.

• September 14, 2021 14 Sep'21

  SolarWinds CEO: Breach transparency 'painful' but necessary

  SolarWinds CEO Sudhakar Ramakrishna discusses his company's ongoing breach investigation, shares lessons learned from the attack and cautions IT pros on zero trust.

• September 14, 2021 14 Sep'21

  Apple patches zero-day, zero-click NSO Group exploit

  The Citizen Lab said that it found the Apple zero-day vulnerability when it was 'analyzing the phone of a Saudi activist infected with NSO Group's Pegasus spyware.'

• September 13, 2021 13 Sep'21

  Hackers port Cobalt Strike attack tool to Linux

  An unknown group of cybercriminals has created a version of the Windows-only Cobalt Strike Beacon tool that works against Linux machines, which has been used in recent attacks.

• September 13, 2021 13 Sep'21

  Tenable acquires cloud security startup Accurics for $160M

  The acquisition will be Tenable's first expansion into securing infrastructure as code, as it makes a push to identify and fix flaws in cloud-native software.

• September 09, 2021 09 Sep'21

  'Azurescape': New Azure vulnerability fixed by Microsoft

  The Azure Container Instances vulnerability would have allowed malicious actors to execute code on other customers' containers, but there have been no reports of exploitation.

• September 08, 2021 08 Sep'21

  Microsoft zero-day flaw exploited in the wild

  Microsoft and the Cybersecurity and Infrastructure Security Agency have issued advisories warning users to mitigate against a zero-day flaw, as no patch has been released.

• September 08, 2021 08 Sep'21

  CrowdStrike threat report: Breakout time decreased 67% in 2021

  CrowdStrike's latest research shows threat actors have reduced the time it takes for them to move laterally in victim environments, thanks in part to ransomware as a service.

• September 07, 2021 07 Sep'21

  ProxyShell attacks ramping up on unpatched Exchange Servers

  Security experts say active attacks on the series of Microsoft Exchange Server flaws, which can be chained to take control of servers, are already being launched in the wild.