News
News
- January 11, 2022
11 Jan'22
NetUSB flaw could impact millions of routers
SentinelOne researcher Max Van Amerongen said the only way to fix the high-severity vulnerability is to update the router firmware, which can be a difficult process.
- January 10, 2022
10 Jan'22
Chainalysis: Cryptocurrency crime reaches all-time high
While illicit activity peaked at $14 billion in 2021, Chainalysis said it's a drop in the bucket compared with overall transactions amid 'roaring adoption' of cryptocurrency.
- January 10, 2022
10 Jan'22
VMware ESXi 7 users vulnerable to hypervisor takeover bug
A recent security update addressed a hypervisor takeover vulnerability in several VMware products, but the patch omitted one key server platform in ESXi 7.
-
- January 06, 2022
06 Jan'22
New Zloader attacks thwarting Microsoft signature checks
Check Point Software Technologies found a long-known trick of injecting code into valid file signatures remains effective for spreading malware such as Zloader.
- January 05, 2022
05 Jan'22
NY AG's credential stuffing probe finds 1M exposed accounts
The threat of credential stuffing attacks prompted an investigation by the New York Attorney General, which found stolen passwords for customer accounts across 17 companies.
- January 05, 2022
05 Jan'22
FTC warns companies to mitigate Log4j vulnerability
In a blog post about the critical Log4Shell vulnerability, the FTC mentioned 2017's Equifax breach and the legal consequences that followed.
- December 30, 2021
30 Dec'21
Threat actors target HPE iLO hardware with rootkit attack
Integrated Lights Out, HPE's remote server management platform, has been compromised by intruders who are using it to install a hard-to-detect rootkit in the wild.
- December 23, 2021
23 Dec'21
ManageEngine attacks draw warning from FBI
The FBI said a vulnerability in the ManageEngine Desktop Central IT management tool is being used by APT actors in targeted network attacks dating back to October.
- December 20, 2021
20 Dec'21
5 Russians charged in hacking, illegal trading scheme
A group of hackers based in Russia and tied to the GRU stand accused of breaking into companies and using confidential data to profit from illegal stock trades.
- December 20, 2021
20 Dec'21
Log4j 2.17.0 fixes newly discovered exploit
The Log4j 2.17.0 update is the third of its kind since Log4Shell was disclosed and the mass exploitation began. Versions 2.15.0 and 2.16.0 patched remote code execution bugs.
-
- December 20, 2021
20 Dec'21
Apple v. NSO Group: How will it affect security researchers?
While the full extent of impact won't be revealed until the lawsuit concludes, negative impacts on security researchers are possible.
- December 20, 2021
20 Dec'21
Critical bugs could go unpatched amid Log4j concern
Many organizations are focused on finding and patching Log4Shell, but there are other vulnerabilities, including Patch Tuesday bugs, already under active exploitation.
- December 17, 2021
17 Dec'21
Risk & Repeat: Log4Shell shakes infosec industry
This Risk & Repeat podcast episode looks at the latest developments with Log4Shell and the efforts to mitigate the critical remote code executive vulnerability.
- December 15, 2021
15 Dec'21
Log4j gets a second update as security woes pile up
Administrators who were already scrambling to patch up the Log4Shell flaw are now being advised to update to Log4j version 2.16.0 following the discovery of issues in 2.15.0.
- December 15, 2021
15 Dec'21
Nation-state threat groups are exploiting Log4Shell
Multiple nation-state actors are taking advantage of the critical log4j 2 vulnerability, making mitigation even more urgent for some enterprises and government agencies.
- December 15, 2021
15 Dec'21
'Insane' spread of Log4j exploits won't abate anytime soon
Experts say that the explosion in exploits for CVE-2021-44228 is only the early phase of what will be a long and tedious road to remediation for the critical vulnerability.
- December 14, 2021
14 Dec'21
Hive ransomware claims hundreds of victims in 6-month span
Group-IB research has revealed that Hive ransomware-as-a-service operations are back and busier than ever, with a rapidly growing victim list over a short amount of time.
- December 14, 2021
14 Dec'21
Log4Shell: Experts warn of bug's severity, reach
Check Point Research said in a blog post 'anyone can make a Log4Shell exploit,' as it only requires a single string of malicious code.
- December 13, 2021
13 Dec'21
Fixes for Log4j flaw arise as attacks soar
Exploits against the Log4j security vulnerability are already commonplace just days after its disclosure, but some vendors are already offering mitigations and detection tools.
- December 13, 2021
13 Dec'21
Critical Log4j flaw exploited a week before disclosure
The Apache Software Foundation first found out about the Log4j 2 vulnerability in late November, but Cisco and Cloudflare detected exploitation in the wild shortly after.
- December 10, 2021
10 Dec'21
Dark web posts shed light on Panasonic breach
A network breach at Japanese electronics giant Panasonic was possibly set up as far back as January, according to researchers who were monitoring dark web forums.
- December 10, 2021
10 Dec'21
Critical Apache Log4j 2 bug under attack; mitigate now
The Log4j 2 flaw has a base CVSS score of 10 and enables remote code execution against applications, cloud services and PC games with vulnerable configurations.
- December 09, 2021
09 Dec'21
17 Discord malware packages found in NPM repository
These latest reports of Discord malware follow a trend of threat actors using open source software repositories to host malware, two JFrog researchers said.
- December 09, 2021
09 Dec'21
Threat actors targeting MikroTik routers, devices
Eclypsium researchers found vulnerable MikroTik devices have become a popular target for threat actors, who are exploiting known flaws that remain unpatched.
- December 07, 2021
07 Dec'21
USB-over-Ethernet bugs put cloud services at risk
SentinelOne says vulnerabilities in the Eltima SDK, which connects USB devices on virtual workstations, can put enterprises at risk of privilege escalation attacks.
- December 07, 2021
07 Dec'21
BadgerDAO users' cryptocurrency stolen in cyber attack
Following last week's attack, BadgerDAO sent the threat actor a message, offering to 'compensate' the individual for finding a vulnerability in the company's systems.
- December 07, 2021
07 Dec'21
Google takes action against blockchain-based Glupteba botnet
In a legal complaint made public Tuesday, Google said that it "has been and continues to be directly injured" by the actions of the Glupteba botnet.
- December 06, 2021
06 Dec'21
BitMart the latest crypto exchange to suffer cyber attack
BitMart, which describes itself as the 'most trusted crypto trading platform,' confirmed it was the victim of an attack where $150 million in assets were stolen.
- December 06, 2021
06 Dec'21
One year later, SolarWinds hackers targeting cloud providers
The hacking crew accused of breaking into SolarWinds a year ago is back at it and is trying to get to their targets through attacks on the networks of cloud computing providers.
- December 03, 2021
03 Dec'21
Hundreds of new vulnerabilities found in SOHO routers
Researchers credited vendors for their swift response to reports of widespread security vulnerabilities but warned users to make sure firmware is updated to avoid attacks.
- December 02, 2021
02 Dec'21
Former Ubiquiti engineer arrested for inside threat attack
Nickolas Sharp is accused of attacking his former employer, stealing confidential data and attempting to extort the company into paying him approximately $2 million.
- December 01, 2021
01 Dec'21
New Yanluowang ransomware mounting targeted attacks in US
Symantec threat analysts observed the new ransomware operation abusing legitimate tools such as ConnectWise's remote access product to move laterally inside networks.
- December 01, 2021
01 Dec'21
CISA taps CrowdStrike for endpoint security
The U.S. government's cybersecurity authority will be watched over by security vendor CrowdStrike as part of the larger government IT security overhaul.
- December 01, 2021
01 Dec'21
BlackByte ransomware attacks exploiting ProxyShell flaws
Red Canary said BlackByte's campaign is using wormable ransomware against organizations vulnerable to ProxyShell flaws in Microsoft Exchange.
- November 30, 2021
30 Nov'21
Windows Installer zero-day under active exploitation
McAfee said the Windows Installer vulnerability is being exploited in 23 countries around the world, including the United States, China, India and others.
- November 29, 2021
29 Nov'21
Hack 'Sabbath': Elusive new ransomware detected
A newly uncovered ransomware operation, dubbed UNC2190 or "Sabbath," has roots in a previous ransomware group but has so far been able to operate mostly undetected.
- November 23, 2021
23 Nov'21
Apple files lawsuit against spyware vendor NSO Group
Apple sued the Israeli technology vendor, whose Pegasus spyware has been implicated in several malicious attacks on journalists, activists and government officials.
- November 23, 2021
23 Nov'21
Researcher drops instant admin Windows zero-day bug
A newly-disclosed zero-day vulnerability in Windows could potentially allow local users to elevate their permissions to administrator status, and Microsoft has yet to post a fix.
- November 22, 2021
22 Nov'21
GoDaddy discloses breach of 1.2M customer account details
Web hosting provider GoDaddy said an attacker broke into its Managed WordPress service and accessed the account details and SSL keys of 1.2 million customers.
- November 22, 2021
22 Nov'21
Cryptocurrency exchange BTC-Alpha confirms ransomware attack
While it is common for threat actors to use cryptocurrency platforms to move and obfuscate ransom payments, this time an exchange platform was the victim of such an attack.
- November 19, 2021
19 Nov'21
Cybercriminals discuss new business model for zero-day exploits
Digital Shadows observed increased chatter on dark web forums about the possible emergence of a new business model that would rent out zero-day exploits as a service.
- November 19, 2021
19 Nov'21
How enterprises need to prepare for 'cyberwar' conflicts
Infosec expert Tarah Wheeler said increasing international conflicts are posing new compliance and regulatory standards, but adapting the changes may be difficult for enterprises.
- November 18, 2021
18 Nov'21
CISA, Microsoft warn of rise in cyber attacks from Iran
CISA and Microsoft this week issued alerts about increased threat activity Iranian nation-state hacking groups, including ransomware attacks on enterprises.
- November 18, 2021
18 Nov'21
New side channel attack resurrects DNS poisoning threat
A new side channel attack would potentially allow attackers to poison DNS servers and reroute traffic to malicious sites.
- November 17, 2021
17 Nov'21
Malwarebytes slams Apple for inconsistent patching
At the center of the Apple criticism is an exploit chain that utilized two vulnerabilities -- one of which was only patched in macOS Big Sur for several months.
- November 17, 2021
17 Nov'21
Risk & Repeat: Are ransomware busts having an effect?
International law enforcement agencies this year have stepped up efforts to address the ransomware threat with arrests, indictments and multimillion-dollar rewards.
- November 15, 2021
15 Nov'21
Microsoft releases out-of-band update for Windows Server
Less than a week after November's Patch Tuesday, Microsoft released an unscheduled security update for Windows Server to address an authentication vulnerability.
- November 11, 2021
11 Nov'21
Aruba Central breach exposed customer data
HPE-owned Aruba Networks said one of its cloud databases was accessed by hackers who were able to make off with location and telemetry data for its customers' Wi-Fi gear.
- November 11, 2021
11 Nov'21
Trend Micro reveals 'Void Balaur' cybermercenary group
New Trend Micro research revealed a cybermercenary group that has been actively targeting high-profile organizations and individuals across the globe since 2015.
- November 11, 2021
11 Nov'21
'King of Fraud' sentenced for Methbot botnet operation
Aleksandr Zhukov was sentenced to 10 years in prison for the theft of $7 million in a massive digital advertising fraud operation using his 'Methbot' botnet.
- November 09, 2021
09 Nov'21
Medical devices at risk from Siemens Nucleus vulnerabilities
Thirteen bugs, including a critical security flaw, have been patched in the Siemens Nucleus TCP/IP stack, a vital component for millions of connected medical devices.
- November 08, 2021
08 Nov'21
DOJ charges REvil ransomware members, seizes $6.1M
One of the accused cybercriminals, who was directly involved in the ransomware attack on Kaseya earlier this year, was arrested and faces extradition from Poland.
- November 04, 2021
04 Nov'21
DDoS botnet exploiting known GitLab vulnerability
A botnet is using a critical GitLab vulnerability, which was disclosed and patched in April, to launch powerful DDoS attacks that have surpassed 1 Tbps.
- November 03, 2021
03 Nov'21
CISA requires agencies to patch nearly 300 vulnerabilities
The Cybersecurity and Infrastructure Security Agency issued a directive for government agencies that requires patching for hundreds of known software security vulnerabilities.
- November 02, 2021
02 Nov'21
Trojan Source bugs enable 'invisible' source code poisoning
A pair of flaws in nearly every popular programming language enables attackers to hide malicious code in plain sight without the ability to be detected prior to compiling.
- October 29, 2021
29 Oct'21
Europol 'targets' 12 suspects in ransomware bust
Europol has not said whether the suspected ransomware actors were arrested or detained, but the 12 were allegedly involved in attacks that affected 1,800 victims in 71 countries.
- October 28, 2021
28 Oct'21
Hackers upping SSL usage for encrypted attacks, communications
A report from cloud security vendor Zscaler found that cybercriminals are using secure connections to evade detection while carrying out network attacks.
- October 22, 2021
22 Oct'21
Risk & Repeat: Apple bug bounty frustrations boil over
Security researchers criticized the Apple Security Bounty program and claimed the company ignored bug reports, denied bounty payments and silently patched vulnerabilities.
- October 15, 2021
15 Oct'21
Accenture sheds more light on August data breach
The IT services giant disclosed in an SEC filing that threat actors stole and leaked proprietary data during a LockBit ransomware attack earlier this year.
- October 14, 2021
14 Oct'21
Google digs into Iran's APT35 hacking group
Covert phishing tactics and cleverly disguised notifications are among the calling cards of the increasingly sophisticated operation aimed at Iran's opponents.
- October 14, 2021
14 Oct'21
Enterprises ask Washington to step up cyber collaboration
During CISA's National Cybersecurity Summit, critical infrastructure companies said they need better information on cyberthreats from the federal government.
- October 13, 2021
13 Oct'21
How hackers exploited RCE vulnerabilities in Atlassian, Azure
Barracuda researchers examined exploitation activity and attack patterns for two remote code execution vulnerabilities affecting Atlassian's Confluence and Microsoft's Azure.
- October 12, 2021
12 Oct'21
Apple patches iOS vulnerability actively exploited in the wild
Apple said in a security advisory that it had received a report that the iOS flaw, which impacts kernel extension IOMobileFrameBuffer, 'may have been actively exploited.'
- October 11, 2021
11 Oct'21
Iranian password spraying campaign hits Office 365 accounts
The Iran-backed DEV-0343 threat group has launched a password spraying offensive against Office 365 accounts in the defense, maritime and oil industries.
- October 11, 2021
11 Oct'21
Cyber insurance premiums, costs skyrocket as attacks surge
As cyber attacks and losses have increased, so has demand for cyber insurance. But now premiums are reflecting a harsh new reality.
- October 08, 2021
08 Oct'21
Senators want FTC to enforce a federal data security standard
U.S. Senators debated creating federal data privacy and security standards and providing the FTC with enough resources to enforce them.
- October 08, 2021
08 Oct'21
Admins: Patch management is too complex and cumbersome
A new survey from Ivanti shows a majority of administrators and infosec professionals feel the shift to decentralized workspaces has made patch management an even bigger headache.
- October 06, 2021
06 Oct'21
Apache HTTP Server vulnerability under active attack
Security experts are urging administrators to update their installations of Apache HTTP Server following the disclosure of a zero-day vulnerability that had been under attack.
- October 06, 2021
06 Oct'21
Iranian hackers abusing Dropbox in cyberespionage campaign
A group of hackers believed to be based in Iran is targeting organizations in the U.S. and elsewhere with a campaign that uses cloud storage service Dropbox.
- October 06, 2021
06 Oct'21
Twitch confirms data breach following massive leak
Leakers claim to have stolen almost 6,000 internal Git repositories, including 'the entirety of Twitch.tv' and content creator payouts.
- October 04, 2021
04 Oct'21
2 suspected ransomware operators arrested in Ukraine
A coordinated international law enforcement operation led to the arrest of two alleged ransomware operators, though the ransomware gang has not been identified.
- September 30, 2021
30 Sep'21
FireEye and McAfee Enterprise announce product mashup
Merger-happy investment firm STG has let slip that it will integrate the product lines of McAfee Enterprise and FireEye. Analysts say it will be a challenging road ahead.
- September 30, 2021
30 Sep'21
Researchers hack Apple Pay, Visa 'Express Transit' mode
Academic researchers discover an attack technique that enables them to make fraudulent transactions on locked iPhones when Apple Pay and Visa cards are set up for transit mode.
- September 29, 2021
29 Sep'21
Telegram bots allowing hackers to steal OTP codes
A simplified new attack tool based on Telegram scripts is allowing criminals to steal one-time password credentials and take over user accounts and drain bank funds.
- September 29, 2021
29 Sep'21
Group-IB CEO Ilya Sachkov charged with treason in Russia
Group-IB maintains the innocence of CEO and founder Ilya Sachkov and said that co-founder and CTO Dmitry Volkov will assume leadership of the company.
- September 28, 2021
28 Sep'21
Microsoft releases emergency Exchange Server mitigation tool
Microsoft turned its attention to organizations that are slower to patch by releasing an emergency mitigation tool as a temporary fix against current threats.
- September 28, 2021
28 Sep'21
Ransomware: Has the U.S. reached a tipping point?
The ransomware problem has grown more severe in recent years due to a growing number of attacks against large organizations and the standardization of double-extortion tactics.
- September 28, 2021
28 Sep'21
SolarWinds hackers Nobelium spotted using a new backdoor
Microsoft researchers believe Nobelium, the Russian-backed group that breached SolarWinds, has been using a backdoor tool called FoggyWeb since at least April.
- September 24, 2021
24 Sep'21
Spurned researcher posts trio of iOS zero days
An anonymous bug hunter critical of Apple's handling of reports to its bounty program has released details on three zero-day vulnerabilities in its iOS mobile platform.
- September 24, 2021
24 Sep'21
Cybersecurity leaders back law for critical infrastructure
In the wake of cyberattacks like Colonial Pipeline, U.S. senators want a national law requiring critical infrastructure companies to report cybersecurity incidents to CISA.
- September 23, 2021
23 Sep'21
Autodiscover flaw in Microsoft Exchange leaking credentials
Guardicore found that exploiting a design flaw in Autodiscover allowed it to capture more than 372,000 Windows domain credentials and nearly 97,000 unique application credentials.
- September 22, 2021
22 Sep'21
Turla deploying 'secondary' backdoor in state-sponsored attacks
Cisco Talos said hackers connected to the Russian APT Turla are using a new piece of malware to get persistent access on infected networks in the U.S., Germany and Afghanistan.
- September 22, 2021
22 Sep'21
Marcus & Millichap hit with possible BlackMatter ransomware
The real estate firm confirmed in a SEC filing this week that it had suffered a recent cyber attack but claimed there was no 'material disruption' to its business.
- September 22, 2021
22 Sep'21
Symantec: Staging activity observed on Exchange servers
Threat actors appear to be targeting Microsoft Exchange servers with pre-ransomware activity, including one attempt to exfiltrate data.
- September 21, 2021
21 Sep'21
Treasury Department sanctions cryptocurrency exchange Suex
In the ongoing battle against ransomware attacks, the Treasury Department sanctioned Suex, a cryptocurrency exchange accused of laundering ransom payments.
- September 20, 2021
20 Sep'21
Italian Mafia implicated in massive cybercrime network
A recent spate of phishing attacks and SMS fraud scams in Spain is being blamed on cybercriminals who were operating from the Canary Islands with backing from the Italian mob.
- September 20, 2021
20 Sep'21
Microsoft details 'OMIGOD' Azure vulnerability fixes, threats
Microsoft fixed the open source OMI software during last week's Patch Tuesday, but the tech giant has struggled to get the updated agents to Azure customers.
- September 16, 2021
16 Sep'21
Bitdefender releases REvil universal ransomware decryptor
The REvil decryptor key helps victims recover their encrypted files, as long as the attacks were made before July 13, which is when REvil went off the grid for two months.
- September 16, 2021
16 Sep'21
ExpressVPN stands behind CIO named in UAE hacking scandal
ExpressVPN said it will not cut ties with CIO Daniel Gericke, who was implicated by the DOJ in state-sponsored hacking on behalf of the United Arab Emirates government.
- September 15, 2021
15 Sep'21
‘OMIGOD’ vulnerabilities put Azure customers at risk
OMI, the software agent at the center of a remote code execution flaw, is "just one example" of silent, pre-installed software in cloud environments, according to one researcher.
- September 15, 2021
15 Sep'21
McAfee discovers Chinese APT campaign 'Operation Harvest'
McAfee Enterprise found the threat actors had not only breached a company's network, but had spent 'multiple years' siphoning data from the victim before getting caught.
- September 14, 2021
14 Sep'21
Google patches actively exploited Chrome zero-days
Two more vulnerabilities in Google's web browser joined a growing list of Chrome zero-days that have been actively exploited in the wild this year.
- September 14, 2021
14 Sep'21
SolarWinds CEO: Breach transparency 'painful' but necessary
SolarWinds CEO Sudhakar Ramakrishna discusses his company's ongoing breach investigation, shares lessons learned from the attack and cautions IT pros on zero trust.
- September 14, 2021
14 Sep'21
Apple patches zero-day, zero-click NSO Group exploit
The Citizen Lab said that it found the Apple zero-day vulnerability when it was 'analyzing the phone of a Saudi activist infected with NSO Group's Pegasus spyware.'
- September 13, 2021
13 Sep'21
Hackers port Cobalt Strike attack tool to Linux
An unknown group of cybercriminals has created a version of the Windows-only Cobalt Strike Beacon tool that works against Linux machines, which has been used in recent attacks.
- September 13, 2021
13 Sep'21
Tenable acquires cloud security startup Accurics for $160M
The acquisition will be Tenable's first expansion into securing infrastructure as code, as it makes a push to identify and fix flaws in cloud-native software.
- September 09, 2021
09 Sep'21
'Azurescape': New Azure vulnerability fixed by Microsoft
The Azure Container Instances vulnerability would have allowed malicious actors to execute code on other customers' containers, but there have been no reports of exploitation.
- September 08, 2021
08 Sep'21
Microsoft zero-day flaw exploited in the wild
Microsoft and the Cybersecurity and Infrastructure Security Agency have issued advisories warning users to mitigate against a zero-day flaw, as no patch has been released.
- September 08, 2021
08 Sep'21
CrowdStrike threat report: Breakout time decreased 67% in 2021
CrowdStrike's latest research shows threat actors have reduced the time it takes for them to move laterally in victim environments, thanks in part to ransomware as a service.
- September 07, 2021
07 Sep'21
ProxyShell attacks ramping up on unpatched Exchange Servers
Security experts say active attacks on the series of Microsoft Exchange Server flaws, which can be chained to take control of servers, are already being launched in the wild.