News

News

• December 02, 2022 02 Dec'22

  Experts argue 'sludge' could muck up cyber attacks

  Network defenders can supplement their security postures with additional settings and policies that frustrate and discourage attackers, according to a new research paper.

• December 01, 2022 01 Dec'22

  Mozilla, Microsoft drop Trustcor as root certificate authority

  Mozilla and Microsoft removed support for TrustCor certificates after a Washington Post report revealed the company's ties to government contractors specializing in spyware.

• December 01, 2022 01 Dec'22

  LastPass warns some customer data accessed in new breach

  LastPass disclosed a new breach, related to the previously disclosed attack in August, that resulted in a threat actor obtaining access to some customer data.

• November 30, 2022 30 Nov'22

  Lockbit 3.0 has BlackMatter ransomware code, wormable traits

  LockBit 3.0 or 'LockBit Black' includes anti-debugging capabilities, the ability to delete Volume Shadow Copy files and the potential ability to self-spread via legitimate tools.

• November 30, 2022 30 Nov'22

  Exchange Server bugs caused years of security turmoil

  The four high-profile sets of security vulnerabilities in Microsoft Exchange Server, disclosed by researcher Orange Tsai, are set to remain a major concern for organizations.

• November 30, 2022 30 Nov'22

  Risk & Repeat: Twitter, Elon Musk and security concerns

  This podcast episode discusses Twitter's security concerns following Elon Musk's acquisition last month, as well as a possible data breach from 2021 that came to light recently.

• November 30, 2022 30 Nov'22

  Tenable: 72% of organizations remain vulnerable to Log4Shell

  New research shows the attack surface remains wide for the Log4j vulnerability, known as Log4Shell, which caused significant problems for organizations over the past year.

• November 28, 2022 28 Nov'22

  Infosec researcher reports possible 'massive' Twitter breach

  The alleged Twitter breach involves a data set from late 2021 and includes the phone numbers and personal information of millions of users in the U.S. and Europe.

• November 23, 2022 23 Nov'22

  Cybereason warns of fast-moving Black Basta campaign

  Threat actors with the Black Basta ransomware-as-a-service group are compromising networks in as little as one hour and stealing sensitive data before disabling DNS services.

• November 22, 2022 22 Nov'22

  Google's new YARA rules fight malicious Cobalt Strike use

  Google's YARA rules detect cracked versions of Cobalt Strike's older releases so that legitimate instances of the red teaming tool, which use the latest version, aren't targeted.

• November 17, 2022 17 Nov'22

  Magecart malware menaces Magento merchants

  Sansec researchers say as many as 38% of commercial customers running the Adobe Commerce and Magento platforms could be infected with Magecart's TrojanOrders malware.

• November 17, 2022 17 Nov'22

  CISA: Iranian APT actors compromised federal network

  CISA said Iranian nation-state actors exploited Log4Shell flaws on an unpatched VMware Horizon server before deploying a cryptominer and attempting to gain persistent access.

• November 17, 2022 17 Nov'22

  LockBit ransomware activity nose-dived in October

  LockBit, the most prolific ransomware group in 2022, had itself a down month as GuidePoint Security researchers reported a 49% decrease in its infections for October.

• November 16, 2022 16 Nov'22

  Risk & Repeat: Researchers criticize HackerOne

  This podcast episode discusses a recent TechTarget Security article about bug bounty platform HackerOne in which researchers aired several complaints about the company.

• November 16, 2022 16 Nov'22

  Rapid7 discloses more F5 BIG-IP vulnerabilities

  While the severity of the issues is relatively low, F5 devices are commonly targeted by attackers to gain persistence inside a network.

• November 15, 2022 15 Nov'22

  Twitter users experience apparent SMS 2FA disruption

  The 2FA notification disruption occurred after CEO Elon Musk announced plans to shutter a majority of Twitter's microservices, though reasons for the outage are unconfirmed.

• November 14, 2022 14 Nov'22

  Moreno Valley school system shores up ransomware defenses

  Moreno Valley Unified School District officials discuss the steps they've taken to better protect sensitive data and critical applications against the growing threat of ransomware.

• November 10, 2022 10 Nov'22

  DOJ charges accused Lockbit ransomware actor

  The U.S. Department of Justice filed criminal charges against a Canadian man with dual Russian citizenship who is accused of being part of the LockBit ransomware crew.

• November 10, 2022 10 Nov'22

  Flashpoint launches new 'ransomware prediction model'

  Flashpoint's new model assigns a 'ransomware likelihood' rating for vulnerabilities contained in the VulnDB database, which contains more than 300,000 flaws.

• November 10, 2022 10 Nov'22

  TrustCor under fire over certificate authority concerns

  TrustCor Systems, a certificate authority registered in Panama, is in hot water after a Washington Post report raised questions about its apparent connections to a spyware vendor.

• November 07, 2022 07 Nov'22

  Microsoft: Nation-state threats, zero-day attacks increasing

  Microsoft's Digital Defense Report 2022 pointed the finger at China, which enacted a new vulnerability disclosure law last year, as the source of many zero-day attacks.

• November 07, 2022 07 Nov'22

  Nozomi Networks CEO talks OT security and 'budget muscle'

  Nozomi Networks CEO Edgard Capdevielle sat down with TechTarget Editorial to discuss the evolution of OT security and the challenge of 'budget muscle' many organizations face.

• November 04, 2022 04 Nov'22

  Honeywell weighs in on OT cybersecurity challenges, evolution

  TechTarget Editorial sat down with Honeywell's Paul Griswold and Jeff Zindel to discuss the rapid growth and evolution of the operational technology cybersecurity industry.

• November 04, 2022 04 Nov'22

  Yanluowang ransomware gang goes dark after leaks

  The Yanluowang ransomware operation appears to have shut down for the time being after an anonymous individual published a series of internal code and chat leaks.

• November 03, 2022 03 Nov'22

  Ransomware on the rise, hitting schools and healthcare

  October ransomware disclosures and public reports tracked by TechTarget Editorial increased from previous months, with notable attacks on education and healthcare organizations.

• November 02, 2022 02 Nov'22

  U.S. Treasury: Ransomware attacks increased in 2021

  A new report from the U.S. Treasury's Financial Crimes Enforcement Network showed an increase in businesses reporting ransomware attacks in the second half of 2021.

• November 01, 2022 01 Nov'22

  OpenSSL vulnerabilities get high-priority patches

  The OpenSSL Project released version 3.0.7 Tuesday to address a pair of high-severity buffer overflow vulnerabilities in the widely used cryptography library.

• October 28, 2022 28 Oct'22

  Risk & Repeat: Microsoft, SOCRadar spar over data leak

  This podcast episode discusses threat intelligence vendor SOCRadar's disclosure of a large Microsoft data leak and the contentious exchange between the two companies that followed.

• October 26, 2022 26 Oct'22

  Ukraine: Russian cyber attacks aimless and opportunistic

  Victor Zhora, a key Ukrainian cybersecurity official, says Russia is acting with "no particular strategy" in its cyber attacks on his country as their military invasion drags on.

• October 26, 2022 26 Oct'22

  Cisco, CISA warn 2 AnyConnect flaws are under attack

  CISA added two Cisco AnyConnect flaws to its Known Exploited Vulnerabilities catalog, which signals active exploitation and an urgency to patch.

• October 26, 2022 26 Oct'22

  Researchers criticize HackerOne over triage, mediation woes

  HackerOne researchers told TechTarget Editorial that they regularly encountered months-long wait times for responses and a mediation process that rarely favors researchers.

• October 25, 2022 25 Oct'22

  Cryptomining campaign abused free GitHub account trials

  Cloud security vendor Sysdig uncovered the largest cryptomining operation it's ever seen as threat actors used free account trials to shift the costs to service providers.

• October 25, 2022 25 Oct'22

  Apple patches actively exploited zero-day iOS bug

  The iOS zero-day was joined by a slew of other vulnerabilities in Apple's Oct. 24 security update. The iOS 16 update contained patches for 13 arbitrary code execution flaws.

• October 24, 2022 24 Oct'22

  CISA warns of ransomware attacks on healthcare providers

  A new CISA advisory warned administrators at hospitals and healthcare providers about newly discovered ransomware variant, dubbed Daixin Team, that poses a particular threat.

• October 21, 2022 21 Oct'22

  BlackByte ransomware using custom data exfiltration tool

  Symantec researchers say BlackByte ransomware may be poised to move into the elite ransomware ranks, as the group has begun developing its own custom malware tools.

• October 20, 2022 20 Oct'22

  Brazil arrests alleged Lapsus$ hacker

  Federal police in Brazil arrested a person accused of being a key member of the Lapsus$ hacking group on charges related to the takedown of government websites.

• October 19, 2022 19 Oct'22

  ProxyLogon researcher details new Exchange Server flaws

  After testing Microsoft's mitigations for ProxyLogon, security researcher Orange Tsai discovered new Exchange Server bugs, including one flaw that took more than a year to fix.

• October 19, 2022 19 Oct'22

  Mandiant launches Breach Analytics for Google's Chronicle

  Mandiant Breach Analytics for Google Cloud's Chronicle marks a new product launch from the security giant after its acquisition by Google was completed last month.

• October 19, 2022 19 Oct'22

  Azure vulnerability opens door to remote takeover attacks

  Orca Security researchers uncovered a flaw in Azure Service Fabric that was fixed in last week's Patch Tuesday. It allows elevation of privilege and remote takeover of nodes.

• October 18, 2022 18 Oct'22

  Python vulnerability highlights open source security woes

  A 15-year-old unpatched vulnerability in a tarfile module for the Python programming language prompted researchers from cybersecurity vendor Trellix to take action.

• October 14, 2022 14 Oct'22

  Risk & Repeat: Breaking down the Joe Sullivan conviction

  This podcast episode discusses conviction of former Uber CSO Joe Sullivan, who was found guilty last week of covering up the company's 2016 data breach.

• October 13, 2022 13 Oct'22

  NPM API flaw exposes secret packages

  A flaw in the API for NPM could potentially allow a threat actor to see the internal packages for corporate users -- a possible first step for a supply chain attack.

• October 13, 2022 13 Oct'22

  Despite LockBit rebound, ransomware attacks down in 2022

  LockBit cybercriminals are back in action with new ransomware attacks and publicity pushes. But many other new groups saw lower levels in activity in Q3, according to Cyberint.

• October 11, 2022 11 Oct'22

  NPM malware attack goes unnoticed for a year

  A cybercriminal crew known as "LofyGang" poisoned software supply chains with bad NPM packages for more than a year, according to Checkmarx researchers.

• October 11, 2022 11 Oct'22

  BlackByte ransomware uses new EDR evasion technique

  Attackers deploying the BlackByte ransomware strain are using vulnerable drivers to target a part of the operating system that many security products rely on for protection.

• October 11, 2022 11 Oct'22

  Critical Fortinet vulnerability under active exploitation

  Fortinet said the critical vulnerability affects three of its services -- FortiOS, FortiProxy and FortiSwitch Manager -- and urged customers to take immediate action.

• October 11, 2022 11 Oct'22

  LinkedIn scams, fake Instagram accounts hit businesses, execs

  Even the most secure business and executive social media accounts that have strong passwords and multifactor authentication are vulnerable to cloning schemes.

• October 11, 2022 11 Oct'22

  Google launches new supply chain security offerings

  Securing the software supply chain, especially open source libraries, was a major theme behind the new products released at the Google Cloud Next '22 conference.

• October 07, 2022 07 Oct'22

  CISA lists top vulnerabilities exploited by Chinese hackers

  The U.S. government published a list of the most commonly exploited vulnerabilities exploited by Chinese state-sponsored actors, including Log4Shell and the ProxyLogon bugs.

• October 06, 2022 06 Oct'22

  Former Uber CSO Joe Sullivan found guilty in breach cover-up

  Sullivan was convicted of obstruction of proceedings of the Federal Trade Commission and misprision of felony in connection with the cover-up of Uber's 2016 data breach.

• October 05, 2022 05 Oct'22

  APTs compromised defense contractor with Impacket tools

  A CISA alert warned that APT actors compromised a defense contractor's Microsoft Exchange server and used Impacket, an open source Python toolkit, to move laterally in the network.

• October 05, 2022 05 Oct'22

  Ransomware attacks ravage schools, municipal governments

  Attacks disclosed in September revealed that K-12 schools, universities and local governments continued to suffer at the hands of gangs such as Vice Society and BlackCat/Alphv.

• October 04, 2022 04 Oct'22

  Secureworks finds network intruders see little resistance

  A report from Secureworks found that in many network intrusions, the attackers only need to employ basic, unsophisticated measures to evade detection.

• October 04, 2022 04 Oct'22

  Tenable shifts focus, launches exposure management platform

  The company said it's expanding beyond vulnerability management to address the growing attack surface and the challenges customers face to address it.

• October 03, 2022 03 Oct'22

  Intermittent encryption attacks: Who's at risk?

  Threat analysts have observed some ransomware gangs using a new technique that only partially encrypts victims' files, which could evade some ransomware defenses.

• September 30, 2022 30 Sep'22

  Microsoft Exchange Server targeted with zero-day vulnerabilities

  Microsoft warned that two unpatched zero-day vulnerabilities are being exploited against Exchange Server, a problem that's causing déjà vu for some researchers.

• September 29, 2022 29 Sep'22

  Cobalt Strike malware campaign targets job seekers

  Cisco Talos researchers spotted a new wave of phishing attacks that target job seekers in the U.S. and New Zealand, infecting them with Cobalt Strike beacons.

• September 29, 2022 29 Sep'22

  Unit 42 finds polyglot files delivering IcedID malware

  Palo Alto Networks' Unit 42 says attackers are using decoy Microsoft Compiled HTML Help files containing multiple file formats to infect systems with information-stealing malware.

• September 29, 2022 29 Sep'22

  Mandiant spots new malware targeting VMware ESXi hypervisors

  Mandiant researchers said the backdoors were installed with a novel technique that used malicious vSphere Installation Bundles, though it's unclear how initial access was achieved.

• September 28, 2022 28 Sep'22

  NCC Group: IceFire ransomware gang ramping up attacks

  While the ransomware group was first observed in March, IceFire emerged on NCC Group's radar last month when attacks against English-speaking organizations soared.

• September 26, 2022 26 Sep'22

  Critical Sophos Firewall bug under active exploitation

  Sophos said the exploitation of the critical firewall vulnerability has, at this time, affected "an extremely small subset of organizations" predominantly located in South Asia.

• September 23, 2022 23 Sep'22

  Malicious NPM package discovered in supply chain attack

  Threat actors are circulating a look-alike version of the Material Tailwind NPM package to infect developers for supply chain malware attacks, according to ReversingLabs.

• September 23, 2022 23 Sep'22

  Risk & Repeat: Uber and Rockstar Games hacked

  This podcast episode discusses recent hacks against Uber and Rockstar Games, the techniques of the attackers and the possible connection to the Lapsus$ cybercrime group.

• September 22, 2022 22 Sep'22

  15-year-old Python vulnerability poses supply chain threat

  Trellix researchers issued a call for help to patch a vulnerable software module, which was found in more than 300,000 open source GitHub repositories.

• September 21, 2022 21 Sep'22

  Cybercriminals launching more MFA bypass attacks

  New research from Okta shows that cybercrime groups have stepped up their attacks on multifactor authentication systems in an effort to thwart account security measures.

• September 21, 2022 21 Sep'22

  Cobalt Strike gets emergency patch

  The developer of Cobalt Strike issued an out-of-band security update to address a cross-site scripting vulnerability in the popular penetration testing suite.

• September 19, 2022 19 Sep'22

  Uber says Lapsus$ hackers behind network breach

  Uber said a hacker from the Lapsus$ group used stolen credentials from a contractor to gain access to several important silos within its internal network.

• September 19, 2022 19 Sep'22

  Rockstar Games confirms hack after 'Grand Theft Auto' leak

  A threat actor this weekend published in-development footage from a forthcoming 'Grand Theft Auto' video game and claimed to have breached its publisher, Rockstar Games.

• September 16, 2022 16 Sep'22

  DOJ drops report on cryptocurrency crime efforts

  The U.S. Department of Justice issued a report to President Biden on its various enforcement efforts around cybercrime and digital currency, as well as looming challenges.

• September 16, 2022 16 Sep'22

  Risk & Repeat: The White House wants secure software

  This podcast episode discusses the implications of the Biden administration's new purchasing and usage guidelines for software utilized by U.S. federal agencies.

• September 16, 2022 16 Sep'22

  Uber responds to possible breach following hacker taunts

  Security researchers spotted suspicious activity on Uber's HackerOne page when the alleged hacker posted messages claiming they had compromised the ride-share company's network.

• September 15, 2022 15 Sep'22

  Transparency, disclosure key to fighting ransomware

  Current and former CISA members say the best methods for curbing ransomware attacks are organizations reporting attacks and assisting in investigations.

• September 15, 2022 15 Sep'22

  Webworm retools old RATs for new cyberespionage threat

  Symantec's Threat Hunter Team uncovered a new cyberespionage campaign run by a threat group named Webworm, which uses customized versions of old remote access Trojans.

• September 14, 2022 14 Sep'22

  U.S. drops the hammer on Iranian ransomware outfit

  The departments of Justice and the Treasury announced criminal charges and sanctions against a group of Iranian nationals accused of running an international ransomware operation.

• September 14, 2022 14 Sep'22

  Biden issues cybersecurity guidance for software vendors

  The guidance is an extension of President Biden's cybersecurity executive order from 2021 and includes new requirements for software deployed in federal agencies.

• September 13, 2022 13 Sep'22

  Secureworks reveals Azure Active Directory flaws

  Secureworks published details of what it claims are significant security flaws in Azure's authentication system, but Microsoft has dismissed them as non-issues.

• September 13, 2022 13 Sep'22

  CrowdStrike threat report: Intrusions up, breakout time down

  According to a new report by CrowdStrike's threat hunting team, Falcon OverWatch, attempted intrusions against the healthcare sector doubled year over year.

• September 08, 2022 08 Sep'22

  LockBit gang leads the way for ransomware

  New research from Malwarebytes shows LockBit is far and away the most prolific ransomware gang, with hundreds of confirmed attacks across the globe in recent months.

• September 08, 2022 08 Sep'22

  Cisco Talos traps new Lazarus Group RAT

  The North Korean-backed Lazarus Group has deployed a new type of remote access Trojan that has already been turned against foreign government networks and private energy companies.

• September 07, 2022 07 Sep'22

  Google: Former Conti ransomware members attacking Ukraine

  Google said former members of the Conti ransomware gang are operating as part of threat group UAC-0098, which is conducting attacks of both political and financial nature.

• September 06, 2022 06 Sep'22

  Healthcare and education remain common ransomware targets

  August disclosures showed ransomware attacks against education and healthcare entities resulted in slow recovery times and the potential loss of highly sensitive information.

• September 06, 2022 06 Sep'22

  Ransomware hits Los Angeles Unified School District

  The second-largest public school system in the U.S. confirmed a ransomware attack caused districtwide disruption to various services over the holiday weekend.

• September 01, 2022 01 Sep'22

  Researcher unveils smart lock hack for fingerprint theft

  An academic researcher demonstrated how IoT smart locks could become tools for attackers to covertly steal fingerprints and potentially access more sensitive personal data.

• September 01, 2022 01 Sep'22

  Microsoft discloses 'high-severity' TikTok vulnerability

  The flaw in TikTok's Android app is the latest security concern for the social media company, which was criticized last month for having keylogging functionality in its iOS app.

• August 30, 2022 30 Aug'22

  Microsoft Excel attacks fall out of fashion with hackers

  Hornetsecurity researchers say newly introduced safety measures from Microsoft have driven cybercriminals away from using Excel as a malware infection tool.

• August 30, 2022 30 Aug'22

  FBI warns attacks on DeFi platforms are increasing

  As cryptocurrency interest soars, cybercriminals are cashing in on the immaturity of some DeFi platforms and stealing hundreds of millions of dollars from investors.

• August 30, 2022 30 Aug'22

  VMware aims to improve security visibility with new services

  Unveiled at VMware Explore, the company's new security services include Project Trinidad, Project Watch and Project Northstar. All three offer customer visibility enhancements.

• August 26, 2022 26 Aug'22

  LastPass discloses data breach

  LastPass CEO Karim Toubba said no customer data or password details were compromised, and the company does not recommend an immediate course of action to users.

• August 25, 2022 25 Aug'22

  Ransomware defies seasonal trends with increase

  The return and rebranding of major crews saw the volume of ransomware attacks in July jump 47%, defying seasonal trends, according to researchers at NCC Group.

• August 25, 2022 25 Aug'22

  Mitiga: Attackers evade Microsoft MFA to lurk inside M365

  During an incident response investigation, Mitiga discovered attackers were able to create a second authenticator with no multifactor authentication requirements.

• August 25, 2022 25 Aug'22

  Twitter whistleblower report holds security lessons

  The whistleblower report from Twitter's former security lead should provide companies and boards with lessons on how not to handle internal security concerns.

• August 24, 2022 24 Aug'22

  Risk & Repeat: Whistleblower spells trouble for Twitter

  A new whistleblower report unveiled troubling accusations against Twitter from the social media company's former head of security, Peiter 'Mudge' Zatko.

• August 22, 2022 22 Aug'22

  CEO of spyware vendor NSO Group steps down

  Current NSO Group COO Yaron Shohat will replace outgoing CEO Shalev Hulio as part of a reorganization for the vendor, which has come under fire from the U.S. government.

• August 18, 2022 18 Aug'22

  Shunned researcher Hadnagy sues DEF CON over ban

  Researcher Christopher Hadnagy is seeking damages from DEF CON and founder Jeff Moss over their decision to ban him citing multiple claims of conduct violations.

• August 18, 2022 18 Aug'22

  Russian cyber attacks on Ukraine driven by government groups

  Researchers with Trustwave say the cyber attacks against Ukraine are not the work of enlisted private hacking groups but Russian government intelligence agencies.

• August 17, 2022 17 Aug'22

  Google patches yet another Chrome zero-day vulnerability

  Google issued an update Wednesday to address a potentially serious security vulnerability in its Chrome browser, and the company urged users to patch their browsers immediately.

• August 17, 2022 17 Aug'22

  Risk & Repeat: Black Hat 2022 recap

  This Risk & Repeat podcast episode discusses the Black Hat 2022 conference in Las Vegas and the notable sessions, major themes and hot topics from the show.

• August 17, 2022 17 Aug'22

  CISA: Threat actors exploiting multiple Zimbra flaws

  Cybersecurity vendor Volexity found earlier this month that one flaw, CVE-2022-27925, had compromised more than 1,000 Zimbra Collaboration Suite instances.

• August 16, 2022 16 Aug'22

  Mailchimp suffers second breach in 4 months

  While the source of the breach has not been confirmed, an attacker got into Mailchimp and gained access to the customer account of cloud hosting provider DigitalOcean.

• August 16, 2022 16 Aug'22

  For cyber insurance, some technology leads to higher premiums

  Though cyber insurance demand is exceeding supply and companies might receive less coverage with higher premiums, experts say there are ways enterprises can reduce risk.