News
News
- February 01, 2021
01 Feb'21
The dark web in 2021: Should enterprises be worried?
SearchSecurity spoke with multiple experts to find out how the dark web has changed, what the security risks are for enterprises and the value of dark web monitoring services.
- January 28, 2021
28 Jan'21
DOJ charges suspect in NetWalker ransomware attacks
The Department of Justice launched a coordinated effort to disrupt the notorious ransomware operation, which has infected healthcare organizations during the COVID-19 pandemic.
- January 27, 2021
27 Jan'21
Emotet taken down in global law enforcement operation
Ukraine's National Police said two citizens of Ukraine face up to 12 years in prison for their role in maintaining and operating Emotet, and other suspects have been identified.
-
- January 26, 2021
26 Jan'21
Mimecast certificate compromised by SolarWinds hackers
Mimecast conducted an investigation after being alerted by Microsoft that a certificate for Microsoft 365 Exchange Web Services authentication was stolen by a sophisticated actor.
- January 26, 2021
26 Jan'21
Zero trust 2.0: Google unveils BeyondCorp Enterprise
BeyondCorp Enterprise, which replaces Google's BeyondCorp Remote Access, uses the Chrome browser to extend the zero-trust platform to customers for continuous authentication.
-
Sponsored News
-
Server Security in the Era of ChatGPT
Sponsored by Dell Technologies and Intel - The importance of security and compliance to applications and data environments cannot be overstated. A GenAI platform deployment is different from a typical infrastructure as a service (IaaS) implementation in terms of who holds the keys and who can read the data. Research by TechTarget's Enterprise Strategy Group has found that even cloud-first organizations are deploying some workloads on premises, rather than the cloud, due to concerns related to data governance and sovereignty (cited by 42% of respondents) and security (cited by 34%). These organizations understand the real potential for data leakage associated with GenAI. See More
-
Dell Technologies GenAI-validated Designs and Dell Reference Designs
Sponsored by Dell Technologies and Intel - It's important to have the right infrastructure in place to support generative AI solutions. The intent should be to keep control of both proprietary data and associated GenAI-related business outcomes. See More
-
Sustainability, AI and Dell PowerEdge Servers
Sponsored by Dell Technologies and Intel - When it comes to energy efficiency and sustainability in IT, rightsizing is critical. Optimizing the infrastructure model and the right hardware needed to run it should be the goal. See More
-
A Generative AI Use Case Brought to Life with Solutions from Dell Technologies
Sponsored by Dell Technologies and Intel - Generative AI is not science fiction. It is real. Implementing and using generative AI is a goal within reach of any organization, not just large technology-centric ones. According to research by TechTarget's Enterprise Strategy Group, 92% of organizations will have generative AI in production within the next year. IT vendors such as Dell Technologies are currently working to bring AI to businesses, organizations and institutions in a manner customized to their unique needs. See More
-
- January 26, 2021
26 Jan'21
Akamai: Extortion attempts increase in DDoS attacks
New research from Akamai Technologies shows record-breaking DDoS attacks surged in 2020 while extortion-related campaigns against a variety of targets also increased.
- January 25, 2021
25 Jan'21
SonicWall breached through 'probable' zero-day vulnerabilities
SonicWall's internal systems were breached, and the company is investigating its Secure Mobile Access (SMA) 100 series, a remote access product for SMBs, as a possible vector.
- January 20, 2021
20 Jan'21
FireEye releases new tool to fight SolarWinds hackers
The new tool, dubbed Azure AD Investigator, will help audit Microsoft 365 environments for techniques used by the nation-state actors behind the SolarWinds supply chain attack.
- January 19, 2021
19 Jan'21
SolarWinds supply chain attack explained: Need-to-know info
The SolarWinds supply chain breach is the talk of the town -- and will be for months and years to come. Get informed and be part of the conversation with our guide.
- January 19, 2021
19 Jan'21
Malwarebytes breached by SolarWinds hackers
Malwarebytes, which is not a SolarWinds customer, confirmed that nation-state actors used an entirely different vector to breach the antimalware vendor and access internal emails.
-
- January 19, 2021
19 Jan'21
FBI warns against vishing attacks targeting enterprises
Though the FBI vishing warning references attacks that began in December 2019, the alert is reminiscent of the Twitter social engineering attacks that took place last July.
- January 14, 2021
14 Jan'21
Tenable: Vulnerability disclosures skyrocketed over last 5 years
New research from Tenable shows a dramatic increase in vulnerability disclosures since 2015, as well as concerning data about data breaches, ransomware threats and unpatched bugs.
- January 12, 2021
12 Jan'21
Capitol building breach poses cybersecurity risks
While security experts are divided on the level of risk, they agree there is a potential for threats after rioters stormed the Capitol building and ransacked offices.
- January 12, 2021
12 Jan'21
SolarWinds confirms supply chain attack began in 2019
SolarWinds and CrowdStrike published updates Monday that added new information for the timeline of the supply chain attack and how threat actors first gained access.
- January 11, 2021
11 Jan'21
5 cybersecurity vendors to watch in 2021
Despite the COVID-19 pandemic and economic setbacks, 2020 was another big year for investments in cybersecurity vendors. Here are five startups that stood out from the crowd.
- January 07, 2021
07 Jan'21
Defending against SolarWinds attacks: What can be done?
While no defense is guaranteed, zero-trust access and behavioral monitoring can be useful against nation-state hackers and threats like the SolarWinds attacks.
- January 06, 2021
06 Jan'21
The SolarWinds attacks: What we know so far
The SolarWinds attacks have left a massive impact on security, tech and the world at large, and events are still unfolding nearly a month after the initial disclosure.
- January 05, 2021
05 Jan'21
10 of the biggest cyber attacks of 2020
Here is a list of 10 of the largest cyber attacks of a pandemic-dominated 2020, including several devastating ransomware incidents and a massive supply chain attack.
- January 04, 2021
04 Jan'21
Ransomware 'businesses': Does acting legitimate pay off?
Ransomware gangs such as Maze have portrayed themselves almost like penetration testing firms and referred to victims as 'clients.' What's behind this approach?
- December 23, 2020
23 Dec'20
Security measures critical for COVID-19 vaccine distribution
The COVID-19 vaccine supply chain is already under attack, which comes as no surprise to experts. The biggest potential threats, however, are still to come.
- December 21, 2020
21 Dec'20
SolarWinds backdoor infected tech giants, impact unclear
Reports that technology giants were also affected by the SolarWinds backdoor malware have been confirmed by several major vendors, though there's no evidence they were breached.
- December 18, 2020
18 Dec'20
Risk & Repeat: SolarWinds backdoor shakes infosec industry
This week's Risk & Repeat podcast discusses the latest developments around the devastating SolarWinds backdoor attacks, which impacted several U.S. government agencies.
- December 17, 2020
17 Dec'20
CISA: SolarWinds backdoor attacks are 'ongoing'
A joint statement from the FBI, CISA and Office of the Director of National Intelligence says the SolarWinds backdoor attacks are 'ongoing' and have comprised federal agencies.
- December 17, 2020
17 Dec'20
Microsoft, FireEye create kill switch for SolarWinds backdoor
The kill switch follows several other moves Microsoft made against the malware, including the removal of digital certificates and quarantining the malware in Windows Defender.
- December 16, 2020
16 Dec'20
SolarWinds struggles with response to supply chain attack
Security researchers discovered the Orion DLL component containing the backdoor used was still present in updates on SolarWinds' website as recently as Monday night.
- December 16, 2020
16 Dec'20
SolarWinds breach highlights dangers of supply chain attacks
While the scope of the breach is still unknown, the cyber attack on SolarWinds shows what can happen when sophisticated attackers target just one link of a software supply chain.
- December 14, 2020
14 Dec'20
SolarWinds backdoor used in nation-state cyber attacks
Nation-state hackers conducted a supply chain attack on SolarWinds and planted a backdoor in software updates issued to customers such as FireEye and various government agencies.
- December 11, 2020
11 Dec'20
FBI, CISA warn of growing ransomware attacks on K-12 schools
The FBI and the Cybersecurity and Infrastructure Security Agency warned that cyber attacks targeting K-12 schools are expected to continue through the 2020 - 2021 school year.
- December 09, 2020
09 Dec'20
FireEye red team tools stolen in cyber attack
While no zero-day exploits were included in the red team tools, FireEye released detection rules and known vulnerabilities to help organizations defend themselves.
- December 08, 2020
08 Dec'20
Forescout reports 33 new TCP/IP vulnerabilities
The lack of consistent updates (and the open source nature of the stacks) make the Amnesia:33 vulnerabilities difficult to fix as well as make it difficult to comprehend the full impact.
- December 08, 2020
08 Dec'20
New Microsoft Teams RCE vulnerability also wormable
In his GitHub post, researcher Oskars Vegeris discussed Microsoft classifying the vulnerability as 'Important' rather than 'Critical,' despite it being exploitable via RCE.
- December 08, 2020
08 Dec'20
Salesforce advised users to skip Chrome browser updates
Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps.
- December 07, 2020
07 Dec'20
Russian state-sponsored hackers exploit VMware vulnerability
The NSA issued a cybersecurity advisory warning government agencies to mitigate as soon as possible, as the vulnerability was disclosed and patched last week.
- December 03, 2020
03 Dec'20
Updated Trickbot malware threatens firmware security
Despite recent takedown efforts, the operators behind the malicious botnet are back with a new module called 'TrickBoot' that detects UEFI/BIOS firmware vulnerabilities.
- December 01, 2020
01 Dec'20
Ransomware attack shuts down Baltimore County schools
Ransomware incapacitated Baltimore County Public Schools' network just before Thanksgiving, but the school system said students' Chromebooks and Google accounts were not impacted.
- December 01, 2020
01 Dec'20
Online education vendor K12 hit with ransomware, pays ransom
A spokesperson for K12 told SearchSecurity that based on the current status of the investigation, the attack did not affect student devices or school networks.
- November 20, 2020
20 Nov'20
Risk & Repeat: Christopher Krebs out as CISA director
This week's Risk & Repeat podcast discusses President Trump's firing of CISA Director Christopher Krebs, which was a controversial move in the infosec community.
- November 19, 2020
19 Nov'20
White House questions election security; experts do not
A number of infosec experts, election officials and government agencies say Election Day was free from hacking and cyber attacks, but the White House disagrees.
- November 18, 2020
18 Nov'20
President Trump fires CISA director Christopher Krebs
President Trump fired Krebs as director of CISA after the agency pushed back on unfounded accusations about widespread voter fraud and voting system hacks during the election.
- November 18, 2020
18 Nov'20
Sophos: Ransomware 'heavyweights' demand sky-high payments
Sophos principal research scientist Chet Wisniewski explains the presence of 'weight classes' in ransomware and offers his thoughts on its future.
- November 17, 2020
17 Nov'20
CrowdStrike: Ransomware hit 56% of organizations in last year
A new survey from CrowdStrike revealed more than half of 2,200 respondents' organizations were hit with a ransomware attack at least once in the past 12 months.
- November 13, 2020
13 Nov'20
Risk & Repeat: 2020 election security in review
This week's Risk & Repeat podcast looks back at the 2020 election, which was free of major cyber attacks or hacks but has seen a rise in disinformation campaigns online.
- November 12, 2020
12 Nov'20
25,000 criminal reports: Vastaamo breach sets new precedent
The recent data breach at the Vastaamo Psychotherapy Centre in Finland shows threat actors are willing to threaten and extort patients directly, setting a dangerous new precedent.
- November 12, 2020
12 Nov'20
Life after Maze: Is Egregor ransomware next?
Cybersecurity experts have noted similarities between newly discovered Egregor ransomware and the now-defunct Maze, but it's unclear whether the same threat actors are involved.
- November 11, 2020
11 Nov'20
Palo Alto Networks buys Expanse for $800 million
Palo Alto Networks continued its acquisition spree with an agreement to purchase San Francisco-based security vendor Expanse, which specializes in attack surface management.
- November 09, 2020
09 Nov'20
CISA: No election hacking, but plenty of misinformation
Election Day in the U.S. occurred with no evidence of cyber attacks or voting machine hacks, but CISA has its hands full with disinformation and conspiracy theories.
- November 04, 2020
04 Nov'20
SaltStack discloses critical vulnerabilities, urges patching
The SaltStack vulnerabilities, disclosed Tuesday, allow remote attackers to execute arbitrary code on affected installations of the popular open source software.
- November 02, 2020
02 Nov'20
Maze gang shuts down its ransomware operation
Maze ransomware has shut down, according to an announcement it posted Sunday, although some evidence suggests that Maze operators have resumed attacks under a different name.
- October 29, 2020
29 Oct'20
FBI, CISA warn of impending ransomware attacks on hospitals
Trickbot and Ryuk ransomware actors are targeting hospitals and other healthcare providers, according to a joint cybersecurity advisory from the CISA and the FBI.
- October 28, 2020
28 Oct'20
Ping Identity launches passwordless authentication system
Ping's new suite of authentication features looks to secure accounts and login processes by eliminating the need for usernames and passwords, which are often reused and an easy target.
- October 28, 2020
28 Oct'20
'Lives at stake': How ransomware impacts hospitals
Some ransomware gangs pledged to not target medical facilities during the COVID-19 pandemic, but hospitals are still getting hit. And the attacks affect more than just IT systems.
- October 27, 2020
27 Oct'20
Mitre ATT&CK: How it has evolved and grown
Adoption of the Mitre ATT&CK framework, which saw version 8.0 released Tuesday, has grown rapidly over the last years, though challenges still remain for enterprise users.
- October 22, 2020
22 Oct'20
Iranian hackers pose as far-right group to threaten U.S. voters
The FBI said Russia and Iran have obtained voter information, and Iranian hackers have also been sending threatening emails to voters that appeared to be from a far-right group.
- October 22, 2020
22 Oct'20
McAfee launches IPO, raises $620 million
McAfee has returned to Wall Street, which comes months after the endpoint security vendor's previous CEO, Christopher Young, was replaced by Peter Leav in January.
- October 21, 2020
21 Oct'20
Microsoft: 94% of Trickbot's infrastructure disabled
In a new blog post, Microsoft said its legal takedown last week, which sought to decrease Trickbot activity, disabled the vast majority of the botnet's servers.
- October 21, 2020
21 Oct'20
NSA issues advisory against Chinese state-sponsored hackers
Among the 25 vulnerabilities listed in the NSA advisory, numerous were critical and carried a CVSS score either at or close to 10, the highest possible.
- October 20, 2020
20 Oct'20
NSS Labs ceases operations amid financial turmoil
Product testing firm NSS Labs shut down last week, citing negative effects of COVID-19, but former employees say the company's troubles started well before the pandemic.
- October 20, 2020
20 Oct'20
After a brief pause, Trickbot rebounds from takedown efforts
Attempts to disrupt the notorious Trickbot botnet, most recently through Microsoft's legal takedown, have proven short-lived as ransomware attacks have resumed.
- October 19, 2020
19 Oct'20
Combating disinformation campaigns ahead of 2020 election
As the 2020 election approaches, more focus needs to be on overcoming disinformation campaigns that manipulate voters as they vote early or head to the polls on Election Day.
- October 14, 2020
14 Oct'20
Blockchain or bust? Experts debate applications for elections
Blockchain has been proposed as a solution for security issues around e-voting. But some infosec experts are skeptical that the technology is the right fit for U.S. elections.
- October 13, 2020
13 Oct'20
Trickbot takedown: Will it make a dent in ransomware attacks?
A court order allowed Microsoft and several partners to take down the Trickbot botnet, which is commonly used to deploy ransomware, but it's unclear how long the impact will last.
- October 12, 2020
12 Oct'20
Hackers exploit Netlogon flaw to attack government networks
CISA issued an alert stating those government networks that were targeted by the APT were close to election systems and the activity may pose some risk to those systems.
- October 08, 2020
08 Oct'20
Should ransomware payments be banned? Experts weigh in
Two events -- a new advisory and what might be the first ransomware-related death -- have reignited the debate of whether ransomware payments should be banned.
- October 07, 2020
07 Oct'20
Raccine: A ransomware 'vaccine' with a few catches
Raccine, an open source 'vaccine,' prevents ransomware threat actors from using a Windows utility to delete shadow copies of a system's data, but there are a few drawbacks.
- October 07, 2020
07 Oct'20
Ping acquires blockchain identity startup ShoCard
Ping accelerated its push into the personal identity management market with the acquisition of ShoCard, which uses a blockchain-based platform to manage consumer identities.
- October 05, 2020
05 Oct'20
Surge in ransomware attacks threatens student data
Ransomware attacks are not the only threats facing K-12 schools during the COVID-19 pandemic. Cybercriminals are stealing and exposing students' personal data as well.
- October 01, 2020
01 Oct'20
Potential ransomware-related death still under investigation
German authorities say they are still investigating the death of a patient in connection with a ransomware attack on Düsseldorf University Hospital in Germany last month.
- September 28, 2020
28 Sep'20
Ivanti makes double acquisition of MobileIron, Pulse Secure
Ivanti will acquire all outstanding shares of MobileIron stock for approximately $872 million. The financial terms of Pulse Secure's acquisition were not disclosed.
- September 28, 2020
28 Sep'20
IBM: Ransomware attacks surged in Q2, ransom demands rising
IBM Security examined several concerning ransomware for this year, as well as an exponential increase in ransom demands and massive spike in attacks during the spring.
- September 24, 2020
24 Sep'20
Microsoft detects Netlogon vulnerability exploitation in the wild
While Microsoft released a patch last month for the Netlogon flaw, the company said it detected threat actors using exploits for the critical vulnerability.
- September 24, 2020
24 Sep'20
Shopify discloses data breach caused by insider threats
Canadian e-commerce company Shopify disclosed a data breach involving two insider threats, but questions remain about the breach and how it was discovered.
- September 23, 2020
23 Sep'20
FBI: Disinformation attacks on election results 'likely'
Foreign threat actors and cybercriminals are "likely" to spread disinformation around 2020 election results through social media and also alter election-related websites.
- September 23, 2020
23 Sep'20
ConnectWise launches bug bounty program to boost security
ConnectWise, which provides remote management software to MSPs, partnered with HackerOne in its first bug bounty program, which is part of a larger strategy to improve security.
- September 21, 2020
21 Sep'20
Cyber attacks on schools increasing amid remote learning shift
The pandemic forced schools to make a quick transition to remote learning with little resources and weak security postures, and threat actors have increased their attacks.
- September 17, 2020
17 Sep'20
Gartner: Paying after ransomware attacks carries big risks
The average cost of a ransomware payment in Q1 2020 was $178,254, according to a session at Gartner's Security & Risk Management Summit -- and that doesn't include downtime cost.
- September 17, 2020
17 Sep'20
Maze ransomware gang uses VMs to evade detection
A Sophos investigation into a Maze ransomware attack revealed that threat actors borrowed an attack technique pioneered by Ragnar Locker operators earlier this year.
- September 16, 2020
16 Sep'20
Gartner: Securing remote workforce a top priority
In a COVID-19 pandemic world with new security threats and risks emerging, Gartner analysts discussed the urgency of securing access and devices for remote employees.
- September 15, 2020
15 Sep'20
Gartner: Privileged access management a must in 2020
Gartner's 2020 Security & Risk Management Summit focused on the importance of privileged access management to cybersecurity as threat actors increasingly target admin credentials.
- September 10, 2020
10 Sep'20
Disinformation, mail-in ballots top election security concerns
While there have been no major cyberattacks this election season, threat actors are waging disinformation campaigns around hot-button issues like mail-in ballots.
- September 09, 2020
09 Sep'20
Intel patches critical flaw in Active Management Technology
Intel's Patch Tuesday featured four security advisories, including a critical flaw in Active Management Technology that could allow an attacker privilege escalation.
- September 03, 2020
03 Sep'20
CISA issues vulnerability disclosure order for federal agencies
The U.S. Cybersecurity and Infrastructure Security Agency gives a directive for federal agencies to establish vulnerability disclosure policies in the next 180 calendar days.
- September 02, 2020
02 Sep'20
CISA and FBI say there have been no hacks on voter databases
After a false Russian news report circulated on the internet, CISA and the FBI released a joint statement that denied any hacks to election security.
- September 01, 2020
01 Sep'20
Big ransomware attacks overshadowing other alarming trends
Large ransomware attacks on major enterprises have dominated the news, but security experts say there are other alarming trends.
- August 31, 2020
31 Aug'20
Cisco issues alert for zero-day vulnerability under attack
Cisco discovered attempted exploitation of a high-severity vulnerability found in the IOS XR software used in some of its networking equipment.
- August 31, 2020
31 Aug'20
The Uber data breach cover-up: A timeline of events
The criminal charges against former Uber CSO Joe Sullivan were the latest development in the ongoing scandal over the ride-sharing company's concealment of a 2016 data breach.
- August 27, 2020
27 Aug'20
North Korea's 'BeagleBoyz' target banks with ATM cash-out attacks
The U.S. Government issued a joint alert for an ATM cash-out scheme run by a newly identified North Korean nation-state hacking group known as 'BeagleBoyz.'
- August 27, 2020
27 Aug'20
Maze ransomware 'cartel' expands with new members
Two more ransomware groups have apparently joined the Maze 'cartel' in an effort to expose victims' data on leak sites and shame them into paying expensive ransoms.
- August 25, 2020
25 Aug'20
'Meow' attacks top 25,000 exposed databases, services
One month after the notorious 'meow' attacks were first detected, the threat to misconfigured databases exposed on the internet shows little sign of slowing down.
- August 24, 2020
24 Aug'20
FBI and CISA issue vishing campaign warning
The FBI and CISA have issued a joint advisory related to a vishing campaign that began in mid-July, with numerous attacks that gained access to corporate VPN credentials.
- August 21, 2020
21 Aug'20
Claroty: 70% of ICS vulnerabilities are remotely exploitable
Out of 365 ICS vulnerabilities that were disclosed by the National Vulnerability Database in the first half of 2020, Claroty found more than 70% can be remotely exploited.
- August 21, 2020
21 Aug'20
Former Uber CSO charged over 'hush money' payment to hackers
Joe Sullivan, who was fired by Uber in 2017, was charged by federal prosecutors for allegedly covering up a massive 2016 data breach at the ride-sharing company.
- August 18, 2020
18 Aug'20
Apache Struts vulnerabilities allow remote code execution, DoS
The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities that were originally patched but not fully disclosed last fall.
- August 17, 2020
17 Aug'20
Email enigma: Why is Canada hit with so many phishing attacks?
Canada has become an increasingly popular target for phishing attacks, according to several security vendors, but the reasons for the increase remain a mystery.
- August 14, 2020
14 Aug'20
Risk & Repeat: Black Hat 2020 highlights
This week's Risk & Repeat podcast recaps Black Hat USA 2020 and discusses some of the best sessions, worst vulnerabilities and the overall virtual conference experience.
- August 12, 2020
12 Aug'20
Kaspersky reveals 2 Windows zero-days from failed attack
Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer.
- August 11, 2020
11 Aug'20
Healthcare CISO offers alternatives to 'snake oil' companies
Indiana University Health CISO Mitchell Parker discussed internal risk assessments, security snake oil salesmen and more at his Black Hat USA 2020 talk.
- August 10, 2020
10 Aug'20
Games, not shame: Why security awareness training needs a makeover
Elevate Security co-founder Masha Sedova spoke at Black Hat USA 2020 about why traditional security awareness training is ineffective and fails to change risky behavior.
- August 07, 2020
07 Aug'20
10 years after Stuxnet, new zero-days discovered
A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020.
- August 07, 2020
07 Aug'20
Not just politics: Disinformation campaigns hit enterprises, too
In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises.
- August 06, 2020
06 Aug'20
Voting vendor ES&S unveils vulnerability disclosure program
Election Systems & Software, the biggest vendor of U.S. voting equipment, will allow the security researcher community to test its elections equipment for vulnerabilities.