News

News

• July 17, 2023 17 Jul'23

  Microsoft still investigating stolen MSA key from email attacks

  While Microsoft provided additional attack details and techniques used by Storm-0558, it remains unclear how the Microsoft account signing key was acquired.

• July 17, 2023 17 Jul'23

  JumpCloud breached by nation-state threat actor

  JumpCloud's mandatory API key rotation earlier this month was triggered by a breach at the hands of a nation-state threat actor that gained access through spear phishing.

• July 14, 2023 14 Jul'23

  XSS zero-day flaw in Zimbra Collaboration Suite under attack

  A manual workaround is currently available for a cross-site scripting vulnerability in Zimbra Collaboration Suite, though a patch won't be available until later this month.

• July 13, 2023 13 Jul'23

  Microsoft: Government agencies breached in email attacks

  While Microsoft mitigated the attacks and found no evidence of further access beyond the email accounts, the Outlook breaches raised questions for the software giant.

• July 12, 2023 12 Jul'23

  Chainalysis observes sharp rise in ransomware payments

  The rise in total ransomware payments so far this year is a reversal of the decline Chainalysis saw in 2022, when payments fell sharply to $457 million from $766 million in 2021.

• July 12, 2023 12 Jul'23

  Threat actors forged Windows driver signatures via loophole

  Threat actors bypassed Microsoft's driver signing policy using a technical loophole and signature timestamp forging tools commonly used in the video game cheat community.

• July 12, 2023 12 Jul'23

  Russia-based actor exploited unpatched Office zero day

  Microsoft investigated an ongoing phishing campaign that leverages Word documents to deliver malicious attachments to targeted organizations in the U.S. and Europe.

• July 11, 2023 11 Jul'23

  Risk & Repeat: How bad is Clop's MoveIt Transfer campaign?

  Clop's data theft and extortion campaign against MoveIt Transfer customers marks some of the most high-profile threat activity this year, but its success level remains unclear.

• July 11, 2023 11 Jul'23

  Clop's MoveIt Transfer attacks lead to mixed results

  Clop's data theft extortion campaign against MoveIt Transfer customers has apparently compromised hundreds of organizations. But it's unclear how many victims have paid ransoms.

• July 10, 2023 10 Jul'23

  TPG Capital acquires Forcepoint's government unit for $2.45B

  Forcepoint's Global Governments and Critical Infrastructure unit will operate independently under TPG, while the commercial business will remain at Francisco Partners.

• July 06, 2023 06 Jul'23

  CISA: Truebot malware infecting networks in U.S., Canada

  CISA warned of Truebot attacks in a joint advisory alongside the FBI, the Canadian Centre for Cyber Security and the Multi-State Information Sharing and Analysis Center.

• July 06, 2023 06 Jul'23

  JumpCloud invalidates API keys in response to ongoing incident

  The cloud provider did not give any details about the incident that prompted a mandatory API key rotation, which might have caused service disruptions for customers.

• July 05, 2023 05 Jul'23

  June saw flurry of ransomware attacks on education sector

  As the school year culminated, ransomware attacks surged across K-12 schools and universities, causing class disruptions and putting sensitive data at risk.

• June 30, 2023 30 Jun'23

  TSMC partner breached by LockBit ransomware gang

  A cyber attack against Chinese systems integrator Kinmax led to the theft of TSMC proprietary data, which LockBit threatened to publish unless TSMC paid a $70 million ransom.

• June 28, 2023 28 Jun'23

  DDoS attacks surging behind new techniques, geopolitical goals

  A rise in massive DDoS attacks, some of which target the application layer and cause significant disruptions, might require new defense strategies from cybersecurity vendors.

• June 27, 2023 27 Jun'23

  Censys finds hundreds of exposed devices in federal orgs

  Censys found exposed instances of Progress Software's MoveIt Transfer and Barracuda Networks' Email Security Gateway appliances during its analysis of FCEB agency networks.

• June 27, 2023 27 Jun'23

  ChatGPT users at risk for credential theft

  As ChatGPT's user base continues to grow, Group-IB says threat actors have exploited stolen accounts to collect users' sensitive data and professional credentials.

• June 22, 2023 22 Jun'23

  Apple patches zero days used in spyware attacks on Kaspersky

  Two Apple zero days were used in the spyware campaign Kaspersky Lab named 'Operation Triangulation,' which was initially discovered on iOS devices of Kaspersky employees.

• June 21, 2023 21 Jun'23

  Critical VMware Aria Operations bug under active exploitation

  Reports of exploitation for a critical command injection flaw in VMware Aria Operations for Networks came roughly a week after a researcher published a proof-of-concept for it.

• June 21, 2023 21 Jun'23

  May ransomware activity rises behind 8base, LockBit gangs

  LockBit was the most active group last month, but NCC Group researchers were surprised by 8base, which started listing victims from attacks that occurred beginning in April 2022.

• June 20, 2023 20 Jun'23

  Risk & Repeat: More victims emerge from MoveIt Transfer flaw

  CISA last week said several federal agencies suffered data breaches resulting from a MoveIt Transfer zero-day vulnerability, though it's unclear what type of data was stolen.

• June 20, 2023 20 Jun'23

  Attackers discovering exposed cloud assets within minutes

  Cloud security vendor Orca Security used honeypots to learn more about how threat actors compromise cloud resources such as misconfigured AWS S3 buckets and GitHub repositories.

• June 19, 2023 19 Jun'23

  Microsoft: DDoS attacks caused M365, Azure disruptions

  Microsoft confirmed widespread service disruptions earlier this month were caused by layer 7 DDoS attacks by a threat group it identified as Storm-1359.

• June 16, 2023 16 Jun'23

  U.S. government agencies breached via MoveIt Transfer flaw

  CISA Director Jen Easterly said 'several' U.S. agencies suffered intrusions via their MoveIt Transfer instances, but have not seen significant effects from the attacks.

• June 15, 2023 15 Jun'23

  Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks

  Barracuda Networks attempted to fix the critical ESG zero-day vulnerability, but a Chinese nation-state threat actor was able to maintain access on compromised devices.

• June 15, 2023 15 Jun'23

  Chinese nation-state actor behind Barracuda ESG attacks

  Mandiant said the zero-day attacks on Barracuda Email Security Gateway appliances were part of a 'wide-ranging campaign in support of the People's Republic of China.'

• June 14, 2023 14 Jun'23

  State governments among victims of MoveIT Transfer breach

  The Clop ransomware gang, which claimed responsibility for multiple data breaches tied to the MoveIT Transfer flaw, said it would delete data stolen from government agencies.

• June 13, 2023 13 Jun'23

  AWS launches EC2 Instance Connect Endpoint, Verified Permissions

  At re:Inforce 2023, AWS launched a new service that allows customers to connect to their EC2 instances through SSH and RDP connections, removing the need for a public IP address.

• June 13, 2023 13 Jun'23

  Fortinet warns critical VPN vulnerability 'may' be under attack

  Fortinet said the heap buffer overflow flaw might have been exploited already and warned that Chinese nation-state threat group Volt Typhoon would likely attack the vulnerability.

• June 13, 2023 13 Jun'23

  Mandiant: New VMware ESXi zero-day used by Chinese APT

  VMware said the ESXi flaw was 'low severity' despite being under active exploitation because it requires the attacker to already have gained root access on the target's system.

• June 12, 2023 12 Jun'23

  MoveIT Transfer attacks highlight SQL injection risks

  Security vendors say SQL injection flaws, like the zero-day vulnerability recently disclosed by Progress Software, can be challenging for companies to identify and resolve.

• June 08, 2023 08 Jun'23

  Risk & Repeat: Moveit Transfer flaw triggers data breaches

  Several organizations, predominantly in the U.K., have confirmed data breaches that stemmed from exploitation of the critical Moveit Transfer zero-day vulnerability.

• June 08, 2023 08 Jun'23

  Barracuda: Replace vulnerable ESG devices 'immediately'

  Customers with email security gateway appliances affected by a recent zero-day flaw, CVE-2023-2868, are being urged to replace devices, even if the hardware has been patched.

• June 08, 2023 08 Jun'23

  MoveIt Transfer flaw leads to wave of data breach disclosures

  Organizations that have confirmed a data breach tied to the critical MoveIt flaw disclosed in May include the government of Nova Scotia, the BBC and HR software firm Zellis.

• June 07, 2023 07 Jun'23

  What generative AI's rise means for the cybersecurity industry

  ChatGPT's moment in cybersecurity is significant for both technological and marketing reasons. Security analysts and experts have their own reasons why.

• June 06, 2023 06 Jun'23

  Ransomware takes down multiple municipalities in May

  City and local governments experienced severe disruptions to public services due to ransomware attacks in May, particularly from the Royal ransomware group.

• June 06, 2023 06 Jun'23

  Verizon 2023 DBIR: Ransomware remains steady but complicated

  Chris Novak, managing director of cybersecurity consulting at Verizon Business, said 2023 was a "retooling year" for ransomware threat actors adapted to improved defenses.

• June 05, 2023 05 Jun'23

  Ransomware actors exploiting MoveIt Transfer vulnerability

  Microsoft said the recently disclosed zero-day flaw in Progress Software's managed file transfer product is being exploited by threat actors connected to the Clop ransomware gang.

• June 01, 2023 01 Jun'23

  Zyxel vulnerability under 'widespread exploitation'

  Researchers warn that threat actors are widely exploiting an unauthenticated command injection vulnerability to target multiple Zyxel network devices.

• June 01, 2023 01 Jun'23

  Zero-day vulnerability in MoveIt Transfer under attack

  Rapid7 observed exploitation of a SQL injection vulnerability in Progress Software's managed file transfer product, which was disclosed this week but has not been patched.

• June 01, 2023 01 Jun'23

  Mitiga warns free Google Drive license lacks logging visibility

  The ability to view logs is critical for enterprises to detect and attribute malicious activity. Mitiga said the Google Drive issue allows data exfiltration without a trace.

• May 31, 2023 31 May'23

  Barracuda zero-day bug exploited months prior to discovery

  Barracuda said a zero-day flaw used to target its email security gateway appliance customers is a remote command injection vulnerability exploited since at least October 2022.

• May 31, 2023 31 May'23

  Many Gigabyte PC models affected by major supply chain issue

  Eclypsium researchers say the insecure implementation of PC hardware manufacturer Gigabyte's App Center could potentially result in supply chain attacks.

• May 30, 2023 30 May'23

  Vendors: Threat actor taxonomies are confusing but essential

  Despite concern about the proliferation of naming taxonomies used to identify threat groups, vendors say they are crucial their understanding and visibility into threat activity.

• May 25, 2023 25 May'23

  Chinese hackers targeting U.S. critical infrastructure

  Microsoft uncovered a Chinese nation-state threat group that is compromising Fortinet FortiGuard devices to gain access to critical infrastructure entities in the U.S. and Guam.

• May 25, 2023 25 May'23

  Risk & Repeat: A troubling trend of poor breach disclosures

  This Risk & Repeat episode covers three data breach disclosures from Dish Network, Gentex Corporation and Clarke County Hospital and the troubling trends that connect all three.

• May 24, 2023 24 May'23

  Updated 'StopRansomware Guide' warns of shifting tactics

  CISA's updates to the 'StopRansomware Guide' address shifts in the threat landscape as more threat actors skip the encryption step and focus on data theft and extortion.

• May 24, 2023 24 May'23

  Barracuda discloses zero-day flaw affecting ESG appliances

  Barracuda Networks said threat actors exploited the zero-day to gain 'unauthorized access to a subset of email gateway appliances,' though it did not say how many.

• May 23, 2023 23 May'23

  Threat actors leverage kernel drivers in new attacks

  Fortinet detailed a campaign using a malicious driver in attacks against organizations in the Middle East, and Trend Micro detailed a driver-based attack by BlackCat ransomware.

• May 22, 2023 22 May'23

  Iowa hospital discloses breach following Royal ransomware leak

  Clarke County Hospital revealed that it took network services offline after an attack in April, but did not address the reported data leak by the Royal ransomware gang.

• May 19, 2023 19 May'23

  Dish 'received confirmation' ransomware gang deleted stolen data

  A line in Dish Network's breach notification sent to affected employees this week suggested the satellite TV provider had paid a ransomware gang to delete stolen data.

• May 18, 2023 18 May'23

  Acronis adds EDR to endpoint security

  Acronis EDR uses Intel threat detection technology to uncover sophisticated attacks, such as fileless malware, but it also has to compete in a crowded market.

• May 18, 2023 18 May'23

  Gentex confirms data breach by Dunghill ransomware actors

  The Dunghill ransomware gang last month claimed responsibility for an attack against Gentex Corporation, which confirmed this week that it suffered a breach several months ago.

• May 17, 2023 17 May'23

  KeePass vulnerability enables master password theft

  KeePass developer Dominik Reichl said the vulnerability should be fixed in KeePass version 2.54, which is expected to release in July along with other security updates.

• May 16, 2023 16 May'23

  Chinese APT exploits TP-Link router firmware via implant

  Check Point Software Technologies said the malicious implant, which it attributed to Chinese APT "Camaro Dragon," was firmware agnostic and could be used against other vendors.

• May 16, 2023 16 May'23

  Coalition: Employee actions are driving cyber insurance claims

  After analyzing cyber insurance claims data, Coalition determined that phishing escalated in 2022, ransomware dropped and timely patching remained a consistent problem.

• May 15, 2023 15 May'23

  CrowdStrike warns of rise in VMware ESXi hypervisor attacks

  As enterprise adoption of virtualization technology increases, CrowdStrike has observed a rise in ransomware attacks on servers running VMware's ESXi bare-metal hypervisors.

• May 12, 2023 12 May'23

  Bl00dy ransomware gang targets schools via PaperCut flaw

  The Bl00dy ransomware gang is targeting schools via a critical remote code execution flaw present in unpatched instances of PaperCut MF and NG print management software.

• May 12, 2023 12 May'23

  Experts question San Bernardino's $1.1M ransom payment

  While no public safety services were compromised in the ransomware attack on San Bernardino County's Sheriff's Department, the government opted to $1.1 million to threat actors.

• May 10, 2023 10 May'23

  CISOs face mounting pressures, expectations post-pandemic

  Proofpoint's 2023 Voice of the CISO report shows deep concern among executives about impending data loss and exposure from negligent -- and malicious -- employees.

• May 10, 2023 10 May'23

  Dragos discloses blocked ransomware attack, extortion attempt

  Dragos Inc. published a blog post that outlined a likely ransomware attack it stopped this week, though a threat actor obtained 'general use data' for new hires.

• May 10, 2023 10 May'23

  Akamai bypasses mitigation for critical Microsoft Outlook flaw

  Enterprises might remain vulnerable to a critical Outlook flaw that Microsoft patched in March, as an Akamai researcher uncovered a way to bypass remediation efforts.

• May 09, 2023 09 May'23

  Risk & Repeat: Ex-Uber CSO Joe Sullivan sentenced

  This podcast episode covers the sentencing of former Uber CSO Joe Sullivan over the 2016 breach cover-up, and what it means for other security executives and the industry at large.

• May 08, 2023 08 May'23

  Intel BootGuard private keys leaked following MSI hack

  Intel said it was "actively investigating" reports that OEM BootGuard keys were stolen and leaked by ransomware actors following a breach at motherboard maker MSI

• May 08, 2023 08 May'23

  Western Digital confirms ransomware actors stole customer data

  Western Digital issued an update late Friday that confirmed customer data was stolen in an attack for which Alphv ransomware actors claimed responsibility.

• May 05, 2023 05 May'23

  Former Uber CSO Joe Sullivan avoids jail for breach cover-up

  A U.S. district judge sentenced former Uber security chief Joe Sullivan to three years of probation and 200 hours of community service for his role in the 2016 breach cover-up.

• May 04, 2023 04 May'23

  Cybersecurity execs ponder software liability implementation

  Reactions to the Biden Administration's push for legislation enforcing software liability were mostly positive, but questions remain regarding implementation.

• May 04, 2023 04 May'23

  Ransomware attack disrupts Dallas police, city services

  The city said less than 200 government devices were compromised by the Royal ransomware attack, though it's unclear if threat actors exfiltrated sensitive data.

• May 04, 2023 04 May'23

  Ransomware gangs display ruthless extortion tactics in April

  Ransomware groups are pressuring enterprises into paying with harsher extortion tactics, contacting individual victims directly and leaking stolen photos and video footage.

• May 03, 2023 03 May'23

  Google rolls out passkeys in service of passwordless future

  Google referred to its new passkey option, which features facial recognition, fingerprint and PIN-based authentication, as 'the beginning of the end of the password.'

• May 03, 2023 03 May'23

  Studies show ransomware has already caused patient deaths

  No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality.

• May 02, 2023 02 May'23

  CrowdStrike focuses on ChromeOS security, rising cloud threats

  Raj Rajamani, CrowdStrike's chief product officer of data, identity, cloud and endpoint security, said ChromeOS devices are gaining increasing adoption in the enterprise space.

• May 02, 2023 02 May'23

  Risk & Repeat: Security industry bets on AI at RSA Conference

  This podcast episode covers the focus on AI-powered security products and uses at RSA Conference 2023 in San Francisco last week, as well as other trends at the show.

• May 01, 2023 01 May'23

  1Password execs outline shift to passwordless authentication

  1Password CEO Jeff Shiner and Anna Pobletts, head of passwordless, discuss the power of passkeys, the adoption challenges ahead, and the threat of generative AI attacks.

• April 28, 2023 28 Apr'23

  ChatGPT uses for cybersecurity continue to ramp up

  The use of OpenAI's technology in cybersecurity products is growing as companies look to improve threat detection and assist short-staffed and fatigued security teams.

• April 27, 2023 27 Apr'23

  Secureworks CEO weighs in on XDR landscape, AI concerns

  Secureworks CEO Wendy Thomas talks with TechTarget Editorial about the evolution of the threat detection and response market, as well as the risks posed by new AI technology.

• April 26, 2023 26 Apr'23

  CISA aims to reduce email threats with serial CDR prototype

  CISA officials at RSA Conference 2023 showed off a prototype designed to measure the risk of suspicious files and remove them from email and web services.

• April 26, 2023 26 Apr'23

  How ransomware victims can make the best of a bad situation

  At RSA Conference 2023, Mandiant's Jibran Ilyas provided tips for ransomware victims that decide to pay, including a list of counterdemands to make to the threat actors.

• April 26, 2023 26 Apr'23

  CrowdStrike details new MFA bypass, credential theft attack

  At RSA Conference 2023, CrowdStrike demonstrated an effective technique that a cybercrime group used in the wild to steal credentials and bypass MFA in Microsoft 365.

• April 25, 2023 25 Apr'23

  RSAC panel warns AI poses unintended security consequences

  A panel of experts at RSA conference 2023 warned of hallucinations and inherent biases but also said generative AI can assist in incident response and other security needs.

• April 25, 2023 25 Apr'23

  Rising AI tide sweeps over RSA Conference, cybersecurity

  AI is everywhere at RSA Conference 2023, though experts have differing views about why the technology has become omnipresent and how it will best serve cybersecurity.

• April 25, 2023 25 Apr'23

  RSAC speaker offers ransomware victims unconventional advice

  Triton Tech Consulting CEO Brandon Clark advised organizations to set aside the stigma of 'negotiating with terrorists' when deciding whether to pay a ransomware gang.

• April 25, 2023 25 Apr'23

  Bugcrowd CTO talks hacker feedback, vulnerability disclosure

  Bugcrowd CTO Casey Ellis said the company's new penetration testing service helps establish the company beyond public perception of it being purely a bug bounty platform.

• April 25, 2023 25 Apr'23

  Google, Mandiant highlight top threats, evolving adversaries

  Enterprises are struggling to keep up as adversary groups improve tactics. But one of the most difficult groups to defend against, according to Google and Mandiant, was a surprise.

• April 25, 2023 25 Apr'23

  DOJ's Monaco addresses 'misperception' of Joe Sullivan case

  In her RSA Conference keynote, Deputy Attorney General Lisa Monaco was asked if the prosecution of former Uber CSO Joe Sullivan damaged trust with the private sector.

• April 24, 2023 24 Apr'23

  IBM launches AI-powered security offering QRadar Suite

  IBM aims to use QRadar Suite's AI features, which it calls the 'unified analyst experience,' to enable security analysts to focus on higher-priority work.

• April 20, 2023 20 Apr'23

  Fortra completes GoAnywhere MFT investigation

  An investigation around the zero-day attack that affected a growing number of victims revealed that activity started earlier than Fortra initially reported.

• April 20, 2023 20 Apr'23

  DC Health Link breach caused by misconfigured server

  Mila Kofman, executive director of the District of Columbia Health Benefit Exchange Authority, blames "human error" for the DC Health Link breach.

• April 20, 2023 20 Apr'23

  Mandiant: 3CX breach caused by second supply chain attack

  Trading Technologies said in a statement it had 'not had the ability to verify the assertions in Mandiant's report' that its software played a role in the 3CX supply chain attack.

• April 19, 2023 19 Apr'23

  Point32Health confirms service disruption due to ransomware

  A ransomware attack interrupted access to services provided by one of New England's largest healthcare insurers, though the scope of affected customers and data remains unknown.

• April 18, 2023 18 Apr'23

  Mandiant: 63% of breaches were discovered externally in 2022

  Mandiant said the 2022 increase is most likely affected by the threat intelligence firm proactively investigating threat activity targeting Ukraine last year.

• April 13, 2023 13 Apr'23

  Western Digital restores service; attack details remain unclear

  While Western Digital confirmed that it suffered a data breach on March 26, the storage company has not offered details about the attack scope or whether ransomware was involved.

• April 13, 2023 13 Apr'23

  Hacking Policy Council launches, aims to improve bug disclosure

  Founding members for the Hacking Policy Council, launched Thursday by the Center for Cybersecurity Policy and Law, include HackerOne, Bugcrowd, Google and others.

• April 12, 2023 12 Apr'23

  OpenAI launches bug bounty program with Bugcrowd

  ChatGPT publisher OpenAI said its new Bugcrowd bug bounty program will not accept submissions involving "issues related to the content of model prompts and responses."

• April 12, 2023 12 Apr'23

  Nokoyawa ransomware exploits Windows CLFS zero-day

  The Nokoyawa ransomware attacks highlight the growing use of zero-day exploits by a variety of threat groups, including financially motivated cybercriminals.

• April 11, 2023 11 Apr'23

  FTX bankruptcy filing highlights security failures

  Debtors claim that defunct cryptocurrency exchange FTX lacked any dedicated security personnel and failed to implement critical access controls for billions of dollars in assets.

• April 11, 2023 11 Apr'23

  Recorded Future launches OpenAI GPT model for threat intel

  The new OpenAI GPT model was trained on Recorded Future's large data set and interprets evidence to help support enterprises struggling with cyberdefense.

• April 07, 2023 07 Apr'23

  Microsoft, Fortra get court order to disrupt Cobalt Strike

  Microsoft, Fortra and the Health Information Sharing and Analysis center announced they obtained a court order in an effort to curb malicious Cobalt Strike use.

• April 06, 2023 06 Apr'23

  119 arrested in Genesis Market takedown

  The FBI and Dutch National Police led the takedown of Genesis Market alongside more than a dozen partners, including the U.K., Italy, Spain and Romania.

• April 05, 2023 05 Apr'23

  42% of IT leaders told to maintain breach confidentiality

  While transparency and prompt reporting are important steps following an attack, Bitdefender found that many IT professionals were told to maintain confidentiality after a breach.