News

News

• October 31, 2024 31 Oct'24

  China-based APTs waged 5-year campaign on Sophos firewalls

  For years, several advanced persistent threat groups tied to the Chinese government targeted Sophos firewall products with custom malware and zero-day exploits.

• October 31, 2024 31 Oct'24

  Lottie Player NPM package compromised in supply chain attack

  Threat actors published compromised versions of the Lottie Player component on NPM, and the malicious code prompted users to access their cryptocurrency wallets.

• October 30, 2024 30 Oct'24

  Play ransomware attack tied to North Korean nation-state actor

  A relationship between North Korean actor Jumpy Pisces and Play ransomware would be unprecedented, as the former has not collaborated with cybercrime gangs previously.

• October 30, 2024 30 Oct'24

  Microsoft warns of Midnight Blizzard spear phishing campaign

  The tech giant is notifying users affected by a recently observed campaign, which has targeted more than 100 victim organizations globally so far.

• October 29, 2024 29 Oct'24

  Risk & Repeat: SEC cracks down on cybersecurity disclosures

  The SEC's charges against Unisys, Avaya, Check Point Software Technologies and Mimecast have raised questions about expectations for transparency in cybersecurity.

• October 29, 2024 29 Oct'24

  REvil convictions unlikely to curb Russian cybercrime

  In a rare action against cybercrime, a court in Russia sentenced four individuals tied to the Revil ransomware gang for money laundering and malware distribution charges.

• October 28, 2024 28 Oct'24

  Delta sues CrowdStrike over IT outage fallout

  Delta said it suffered $500 million in damages. CrowdStrike said the airline company's claims 'demonstrate a lack of understanding of how modern cybersecurity works.'

• October 24, 2024 24 Oct'24

  Cisco ASA and FTD zero day used in password spraying attacks

  One day after Cisco disclosed a zero-day vulnerability discovered in its VPN software, CISA added the flaw to its Known Exploited Vulnerabilities catalog.

• October 24, 2024 24 Oct'24

  Fortinet FortiManager zero-day flaw exploited since June

  Mandiant researchers first observed exploitation activity against CVE-2024-47575 on June 27, with more than 50 FortiManager devices compromised since.

• October 24, 2024 24 Oct'24

  AWS CDK security issue could lead to account takeovers

  Aqua Security researchers discovered AWS Cloud Development Kit is susceptible to an attack vector the vendor refers to as 'shadows resources,' which can put accounts at risk.

• October 24, 2024 24 Oct'24

  SolarWinds breach news center

  The massive SolarWinds supply chain attack continues to invade networks. Here's the latest news on the breach, how the malware infiltrates systems and the IT industry response.

• October 23, 2024 23 Oct'24

  Fortinet discloses critical zero-day flaw in FortiManager

  According to Fortinet, the FortiManager vulnerability 'may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.'

• October 22, 2024 22 Oct'24

  SEC charges 4 companies for downplaying SolarWinds attacks

  The U.S. Securities and Exchange Commission fined the companies for misleading investors about intrusions stemming from the SolarWinds supply chain attack.

• October 22, 2024 22 Oct'24

  Thoma Bravo-owned Sophos to acquire Secureworks for $859M

  Sophos said it plans to integrate Secureworks' products into a broader portfolio that serves both large enterprises and small and medium-sized businesses.

• October 21, 2024 21 Oct'24

  Cisco confirms attackers stole data from DevHub environment

  While Cisco said its systems were not breached, the vendor did confirm that attackers stole sensitive information from the public-facing portal.

• October 21, 2024 21 Oct'24

  Study outlines 'severe' security issues in cloud providers

  Possible security issues involving cloud systems should be taken seriously, as the paper noted the five vendors outlined are responsible for more than 22 million users.

• October 17, 2024 17 Oct'24

  Joe Sullivan: CEOs must be held accountable for security too

  The former CSO at Uber was found guilty in 2022 of obstruction of justice relating to a breach. Now he's calling for clearer regulatory frameworks for security.

• October 17, 2024 17 Oct'24

  DOJ charges alleged Anonymous Sudan ringleaders

  Two Sudanese brothers are accused of leading the cybercriminal group that caused significant damage to healthcare organizations as well as other high-profile victims.

• October 17, 2024 17 Oct'24

  September a quiet month for ransomware attacks

  Notable ransomware attacks in September involved a Rhode Island public school district, a Texas hospital system, and Kawasaki Motors' European branch.

• October 16, 2024 16 Oct'24

  Microsoft sees drop in ransomware reaching encryption phase

  In its Digital Defense Report 2024, Microsoft observed a significant increase in the number of human-operated ransomware attacks, which often originated from unmanaged devices.

• October 16, 2024 16 Oct'24

  Microsoft: Nation-state activity blurring with cybercrime

  Microsoft's Digital Defense Report 2024 noted that Russia 'outsourced some cyberespionage operations' against Ukraine to otherwise independent cybercrime gangs.

• October 16, 2024 16 Oct'24

  Experts slam Chinese research on quantum encryption attack

  Researchers at Shanghai University claim to have cracked RSA encryption using D-Wave quantum systems, but infosec experts say the claims are overblown.

• October 15, 2024 15 Oct'24

  FIDO unveils new specifications to transfer passkeys

  The proposed FIDO Alliance specifications would enable users and organizations to securely transfer credentials from one identity provider to another.

• October 11, 2024 11 Oct'24

  Zero-day flaw behind Rackspace breach still a mystery

  More than two weeks after threat actors exploited a zero-day vulnerability in a third-party utility to breach Rackspace, the details about the flaw and the utility remain unknown.

• October 10, 2024 10 Oct'24

  FTC orders Marriott to pay $52M and enhance security practices

  The Federal Trade Commission says an investigation revealed that poor security practices led to three data breaches at Marriott and Starwood hotels between 2014 and 2020.

• October 10, 2024 10 Oct'24

  OpenAI details how threat actors are abusing ChatGPT

  While threat actors are using generative AI tools like ChatGPT to run election influence operations and develop malware, OpenAI says the efforts are rarely successful.

• October 10, 2024 10 Oct'24

  Coalition: Ransomware severity up 68% in first half of 2024

  The cyber insurance carrier examined claims trends for the first half of 2024, which showed policyholders experienced disruptive and increasingly costly ransomware attacks.

• October 08, 2024 08 Oct'24

  Risk & Repeat: Is Microsoft security back on track?

  Microsoft has made significant changes to its cybersecurity practices and policies under the Secure Future Initiative. Are they enough to right the ship?

• October 08, 2024 08 Oct'24

  High-severity Qualcomm zero-day vulnerability under attack

  Qualcomm urges customers to patch the memory corruption vulnerability as Google researchers have observed targeted exploitation in the wild against the flaw.

• October 07, 2024 07 Oct'24

  American Water discloses breach, utilities unaffected

  American Water says in its 8-K filing that it disconnected and deactivated certain systems in its incident response, though the nature of the cyberattack is unknown.

• October 03, 2024 03 Oct'24

  Microsoft SFI progress report elicits cautious optimism

  Infosec experts say the Secure Future Initiative progress report shows Microsoft has made important changes to its policies, practices and accountability structures.

• October 03, 2024 03 Oct'24

  'Defunct' DOJ ransomware task force raises questions, concerns

  A report from the Office of the Inspector General reviewed the U.S. Department of Justice's efforts against ransomware and found its task force was largely ineffective.

• October 03, 2024 03 Oct'24

  Cryptomining perfctl malware swarms Linux machines

  Aqua Security researchers believe that perfctl malware has infected thousands of Linux machines in the last three to four years and that countless more could be next.

• October 01, 2024 01 Oct'24

  Law enforcement agencies arrest 4 alleged LockBit members

  Operation Cronos' efforts to disrupt the LockBit ransomware gang continue as authorities announced the arrests of four alleged members, including one developer.

• October 01, 2024 01 Oct'24

  T-Mobile reaches $31.5M breach settlement with FCC

  After suffering several breaches, T-Mobile agreed to pay a $15.75 million civil penalty and make a $15.75 million investment to bolster its security over the next two years.

• September 30, 2024 30 Sep'24

  Risk & Repeat: Inside the Microsoft SFI progress report

  The first Secure Future Initiative progress report highlighted improvements to Microsoft's security posture. But the company still faces major SecOps challenges.

• September 27, 2024 27 Sep'24

  CUPS vulnerabilities could put Linux systems at risk

  Security researcher Simone Margaritelli discovered vulnerabilities in the Common UNIX Printing System that attackers could exploit during print jobs against Linux systems.

• September 26, 2024 26 Sep'24

  Ransomware Task Force finds 73% attack increase in 2023

  The Institute for Security and Technology's Ransomware Task Force says a shift to big game hunting tactics led to a significant rise in attacks last year.

• September 25, 2024 25 Sep'24

  More Ivanti vulnerabilities exploited in the wild

  Three vulnerabilities in Ivanti products have come under attack by unknown threat actors in recent weeks, including two flaws in the company's Cloud Services Appliance.

• September 24, 2024 24 Sep'24

  CrowdStrike exec apologizes to Congress, shares updates

  CrowdStrike changed the way it rolls out content updates as a result of the global IT outage caused by a faulty update in July.

• September 24, 2024 24 Sep'24

  Risk & Repeat: What's next for Telegram and Pavel Durov?

  Telegram made updates to its FAQ and privacy policy following Pavel Durov's arrest. But will the changes influence cybercriminals' abuse of the platform?

• September 24, 2024 24 Sep'24

  Arkansas City water treatment facility hit by cyberattack

  While disruptions are limited, the attack on the water treatment facility highlights how the critical infrastructure sector remains a popular target for threat actors.

• September 23, 2024 23 Sep'24

  Microsoft issues first Secure Future Initiative report

  In the first progress report since the launch of its Secure Future Initiative, Microsoft said it's made key improvements to identity and supply chain security.

• September 19, 2024 19 Sep'24

  Microsoft warns of Russian election threats, disinformation

  As the 2024 U.S. presidential election nears, Microsoft detailed new influence campaigns, such as fake videos aimed at discrediting Vice President Kamala Harris.

• September 19, 2024 19 Sep'24

  FBI disrupts another Chinese state-sponsored botnet

  The FBI said the massive botnet, which included 260,000 connected devices, was developed and operated by a publicly traded Chinese company named Integrity Technology Group.

• September 18, 2024 18 Sep'24

  Huntress warns of attacks on Foundation Software accounts

  The cybersecurity company observed a brute force attack campaign targeting Foundation customers that did not change default credentials in their accounting software.

• September 18, 2024 18 Sep'24

  Orca: AI services, models falling short on security

  New research from Orca Security shows that AI services and models in cloud contain a number of risks and security shortcomings that could be exploited by threat actors.

• September 17, 2024 17 Sep'24

  Infosec experts detail widespread Telegram abuse

  Cybersecurity vendors say threat activity on Telegram has grown rapidly in recent years, and they don't expect the arrest of founder and CEO Pavel Durov to change that trend.

• September 16, 2024 16 Sep'24

  Windows spoofing flaw exploited in earlier zero-day attacks

  Microsoft reveals that CVE-2024-43461, which was disclosed in September's Patch Tuesday, was previously exploited as a zero-day vulnerability in an attack chain.

• September 13, 2024 13 Sep'24

  Fortinet confirms data breach, extortion demand

  Fortinet confirmed that a threat actor stole data from a third-party cloud-based shared file drive, which affected a small number of customers, but many questions remain.

• September 12, 2024 12 Sep'24

  Mastercard to acquire Recorded Future for $2.65B

  Mastercard says the addition of threat intelligence vendor Recorded Future will bolster its cybersecurity services as threats against the financial sector continue to rise.

• September 11, 2024 11 Sep'24

  Microsoft: Zero-day vulnerability rolled back previous patches

  On Patch Tuesday, Microsoft addresses a critical zero-day vulnerability that reversed previous fixes for older vulnerabilities and put Windows 10 systems at risk.

• September 09, 2024 09 Sep'24

  Akira ransomware gang targeting SonicWall VPN accounts

  Arctic Wolf recently observed the Akira ransomware gang compromising SonicWall SSL VPN accounts, which could be connected to a critical vulnerability in SonicOS.

• September 06, 2024 06 Sep'24

  Ransomware rocked healthcare, public services in August

  Ransomware remained a highly disruptive threat last month, as notable attacks claimed victims in healthcare, technology, manufacturing and the public sector.

• September 04, 2024 04 Sep'24

  White House unveils plan to improve BGP security

  The Office of the National Cyber Director has published a roadmap for internet routing security that outlines recommendations for mitigating BGP hijacking and other threats.

• September 03, 2024 03 Sep'24

  FBI: North Korean hackers targeting cryptocurrency employees

  North Korean state-sponsored threat actors have been conducting successful social engineering campaigns against cryptocurrency employees over the last several months.

• August 29, 2024 29 Aug'24

  Russia's APT29 using spyware exploits in new campaigns

  A new report from Google TAG suggests that Russia's APT29 is using vulnerability exploits first developed from spyware vendors to target Mongolian government websites.

• August 28, 2024 28 Aug'24

  Infosec experts applaud DOJ lawsuit against Georgia Tech

  The Department of Justice joined a whistleblower lawsuit against Georgia Tech for allegedly misleading the Department of Defense about its cybersecurity posture.

• August 28, 2024 28 Aug'24

  Volt Typhoon exploiting Versa Director zero-day flaw

  Lumen Technologies researchers have observed exploitation of CVE-2024-39717 against four U.S. organizations in the ISP, MSP and IT sectors.

• August 27, 2024 27 Aug'24

  Infosec industry calls for more public sector collaboration

  As cyberattacks continue to rise, infosec professionals address the need to increase private and public sector partnerships to assist law enforcement operations.

• August 27, 2024 27 Aug'24

  Port of Seattle grappling with 'possible cyberattack'

  A possible cyberattack against Washington's Port of Seattle has caused significant service disruptions to airline travel at the Seattle-Tacoma International Airport.

• August 26, 2024 26 Aug'24

  Risk & Repeat: National Public Data breach questions remain

  The breach of National Public Data may have put billions of personal records at risk, but the scope of the attack and impact on consumers are still unclear.

• August 22, 2024 22 Aug'24

  GuidePoint talks ransomware negotiations, payment bans

  GuidePoint Security's Mark Lance discusses the current ransomware landscape and the steps that go into negotiating potential payments with cybercriminal gangs.

• August 22, 2024 22 Aug'24

  CrowdStrike exec refutes Action1 acquisition reports

  A CrowdStrike vice president said the cybersecurity giant had an exploratory group conversation with Action1 and then 'disengaged after a surface level conversation.'

• August 22, 2024 22 Aug'24

  NCC Group: Ransomware down in June, July YoY

  While ransomware activity in July increased from the previous month, NCC Group researchers found the number of attacks was much lower compared to earlier this year.

• August 21, 2024 21 Aug'24

  Microchip Technology discloses cyberattack, business delays

  The microprocessor manufacturer says it detected malicious activity in its network over the weekend, which disrupted business operations and impaired its ability to fulfill orders.

• August 20, 2024 20 Aug'24

  U.S. agencies attribute Trump campaign hack to Iran

  CISA, the FBI and the Office of the Director of National Intelligence attributed a recent hack-and-leak attack on former President Donald Trump's 2024 election campaign to Iran.

• August 19, 2024 19 Aug'24

  Microsoft to roll out mandatory MFA for Azure

  Following several high-profile attacks across the globe on MFA-less accounts, Microsoft will make the security measure mandatory for Azure sign-ins beginning in October.

• August 15, 2024 15 Aug'24

  July ransomware attacks slam public sector organizations

  The global IT outage caused by an errant CrowdStrike channel file update dominated security news last month. But there were still plenty of ransomware attacks to go around.

• August 15, 2024 15 Aug'24

  National Public Data confirms breach, scope unknown

  Reports suggest billions of personal records could have been compromised in the attack against data aggregator National Public Data, but the reality is more complicated.

• August 14, 2024 14 Aug'24

  GitHub Copilot Autofix tackles vulnerabilities with AI

  GitHub says Copilot Autofix drastically reduced the median time to remediate vulnerabilities in beta testing from 90 minutes for manual fixes to 28 minutes with the GenAI tool.

• August 13, 2024 13 Aug'24

  Law enforcement disrupts Radar/Dispossessor ransomware group

  The now-disrupted Radar/Dispossessor ransomware gang was launched in August 2023, and its members have targeted dozens of SMBs across critical sectors via dual extortion.

• August 12, 2024 12 Aug'24

  Risk & Repeat: Recapping Black Hat USA 2024

  Highlights from Black Hat USA 2024 include a keynote panel on securing election infrastructure as well as several sessions on potential threats against new AI technology.

• August 12, 2024 12 Aug'24

  Flashpoint CEO: Cyber, physical security threats converging

  Although Flashpoint is known for their cybersecurity threat intelligence services, the vendor also provides physical security intelligence to its clientele.

• August 09, 2024 09 Aug'24

  Evolving threat landscape influencing cyber insurance market

  Many aspects of cyber insurance were addressed throughout Black Hat USA 2024, including changes in the threat landscape that affect policies and coverage.

• August 08, 2024 08 Aug'24

  CrowdStrike, AI dominate conversation at Black Hat USA 2024

  Although the trend of vendors pitching AI-powered products nonstop has continued at Black Hat USA 2024, CrowdStrike and the recent IT outage was an even larger point of discussion.

• August 08, 2024 08 Aug'24

  Zenity CTO on dangers of Microsoft Copilot prompt injections

  Zenity's CTO describes how hidden email code can be used to feed malicious prompts to a victim's Copilot instance, leading to false outputs and even credential harvesting.

• August 08, 2024 08 Aug'24

  Wiz researchers hacked into leading AI infrastructure providers

  During Black Hat USA 2024, Wiz researchers discussed how they were able to infiltrate leading AI service providers and access confidential data and models across the platforms.

• August 07, 2024 07 Aug'24

  Akamai warns enterprises that VPN attacks will only increase

  During Black Hat USA 2024, Akamai's Ori David revealed new VPN post-exploitation techniques that open the attack vector to threat actors of all skill levels.

• August 07, 2024 07 Aug'24

  CISA: Election infrastructure has never been more secure

  CISA Director Jen Easterly emphasized at Black Hat 2024 that election stakeholders cannot be complacent because 'the threat environment has never been so complex.'

• August 07, 2024 07 Aug'24

  Veracode highlights security risks of GenAI coding tools

  At Black Hat USA 2024, Veracode's Chris Wysopal warned of the downstream effects of how generative AI tools are helping developers write code faster.

• August 07, 2024 07 Aug'24

  Researchers unveil AWS vulnerabilities, 'shadow resource' vector

  During a Black Hat USA 2024 session, Aqua Security researchers demonstrated how they discovered six cloud vulnerabilities in AWS services and a new attack vector.

• August 07, 2024 07 Aug'24

  Nvidia AI security architect discusses top threats to LLMs

  Richard Harang, Nvidia's principal AI and ML security architect, said two of the biggest pain points for LLMs right now are insecure plugins and indirect prompt injections.

• August 07, 2024 07 Aug'24

  CrowdStrike details errors that led to mass IT outage

  CrowdStrike's investigation into the recent defective update found that a 'confluence' of issues led to the release of the channel file last month, causing a mass IT outage.

• August 06, 2024 06 Aug'24

  Security framework to determine whether defenders are winning

  Columbia University researcher and longtime security practitioner Jason Healey will present at Black Hat USA a new framework to determine defensive advantage.

• August 05, 2024 05 Aug'24

  CrowdStrike fires back at Delta over outage allegations

  After Delta Air Lines said it would seek damages against CrowdStrike over last month's IT outage, the cybersecurity vendor's legal counsel warned it would 'respond aggressively.'

• August 01, 2024 01 Aug'24

  InfoSec community sounds off on CrowdStrike outage, next steps

  Security experts offered their thoughts on the recent IT outage, praising CrowdStrike's response time but saying the outage highlights issues in the software updating process.

• July 31, 2024 31 Jul'24

  Microsoft confirms DDoS attack disrupted cloud services

  Microsoft suffered a DDoS attack on Tuesday that caused massive outages for customers around the world.

• July 30, 2024 30 Jul'24

  Microsoft: Ransomware gangs exploiting VMware ESXi flaw

  VMware ESXi has proven to be a popular target for ransomware threat actors and a challenge for enterprises to patch.

• July 29, 2024 29 Jul'24

  How the Change Healthcare attack may affect cyber insurance

  UnitedHealth's Change Healthcare attack continued to show the devastating aftermath of supply chain attacks. Experts say it could change contingent language for future policies.

• July 26, 2024 26 Jul'24

  Researcher says deleted GitHub data can be accessed 'forever'

  Truffle Security researcher Joe Leon warned GitHub users that deleted repository data is never actually deleted, which creates an "enormous attack vector" for threat actors.

• July 26, 2024 26 Jul'24

  BitLocker workaround may offer aid for CrowdStrike customers

  CrowdStrike customers grappling with blue screens of death from the recent IT outage may be able to sidestep BitLocker encryption schemes and recover their Windows systems.

• July 26, 2024 26 Jul'24

  CrowdStrike: 97% of Windows sensors back online after outage

  While most Windows systems are back online after last week's outage, CrowdStrike CEO George Kurtz said the vendor remains 'committed to restoring every impacted system.'

• July 24, 2024 24 Jul'24

  KnowBe4 catches North Korean hacker posing as IT employee

  KnowBe4 says it hired a new principal security engineer for its internal AI team, but quickly detected suspicious activity originating from the employee's workstation.

• July 24, 2024 24 Jul'24

  CrowdStrike: Content validation bug led to global outage

  CrowdStrike said last week's global outage was caused by a bug in the Falcon platform's content validator, which missed a defective configuration update for its Windows sensor.

• July 23, 2024 23 Jul'24

  Risk & Repeat: Faulty CrowdStrike update causes global outage

  Friday's outage, which was caused by a defective CrowdStrike channel file update, resulted in significant disruptions for airlines, critical infrastructure and more.

• July 23, 2024 23 Jul'24

  Dragos: New ICS malware FrostyGoop abuses Modbus

  Dragos published research Tuesday unveiling an industrial control systems-focused malware it dubbed FrostyGoop that targets Modbus to disrupt critical infrastructure.

• July 22, 2024 22 Jul'24

  Microsoft: Faulty CrowdStrike update affected 8.5M devices

  Microsoft says less than 1% of all Windows machines were affected by a defective CrowdStrike Falcon update on Friday, but the disruption has been widespread.

• July 19, 2024 19 Jul'24

  Defective CrowdStrike update triggers mass IT outage

  A faulty update for CrowdStrike's Falcon platform crashed customers' Windows systems, causing outages at airlines, government agencies and other organizations across the globe.

• July 18, 2024 18 Jul'24

  Fin7 helps ransomware gangs with EDR bypass

  SentinelOne found the Russia-based cybercriminal group is helping other threat actors, including ransomware gangs, to evade detection with a custom tool named AvNeutralizer.