News

News

• December 19, 2022 19 Dec'22

  The state of OT security: A rapidly evolving landscape

  Security experts weigh in on how the OT security landscape has evolved over the last decade, and where it could be going next as threats continue to mount.

• December 15, 2022 15 Dec'22

  Google drops TrustCor certificates as questions loom

  Google joined Mozilla and Microsoft in removing support for TrustCor Systems certificates following a Washington Post report on TrustCor's connections to spyware vendors.

• December 15, 2022 15 Dec'22

  Check Point classifies Azov as wiper, not ransomware

  While Azov was initially considered ransomware, Check Point researchers warned the polymorphic malware is designed to inflict maximum damage to targeted systems.

• December 14, 2022 14 Dec'22

  Cybereason warns of rapid increase in Royal ransomware

  Enterprises need to be aware of the group's partial encryption technique because the less data it encrypts, the less chance the activity will be detected by a security product.

• December 13, 2022 13 Dec'22

  Microsoft addresses two zero days in December Patch Tuesday

  December's Patch Tuesday features fixes for 48 new bugs, including several critical vulnerabilities and two zero days, one of which is currently being exploited in the wild.

• Sponsored News

  • Riding the Wave to Enterprise AI at Scale: The Transformation of Client Solutions

    Sponsored by Dell Technologies - While it’s true that AI is moving rapidly toward universal adoption, it is in the enterprise where AI is having its greatest impact. Enterprise AI certainly is an area of massive resource investment: Research pegs the size of the 2025 global enterprise AI market at $97 billion, growing to an astonishing $229 billion by 2030. All forms of AI—agentic AI, generative AI, machine learning, and predictive AI, to name a few—are transforming how, when, where, and why work is done. See More

  • The “Personal Touch” of AI is Undeniable, Thanks for Impressive Advances in Client Solutions

    Sponsored by Dell Technologies - The trend toward personal—and personalized—artificial intelligence (AI) has swiftly moved from interesting idea to undeniable market transformational catalyst. Research points out that 61% of U.S. adults have used AI in the past six months, with a growing number of those using it daily. This not only is an expected byproduct of widespread AI use in businesses and other enterprises, but the rapidly accelerating number of consumer-oriented use cases. See More

  • The Deepening Impact of “AI Everywhere” is Revolutionizing Client Solutions

    Sponsored by Dell Technologies - Artificial intelligence (AI) has rapidly become the technical development with the most profound impact on how we work, play, live, and interact. Although AI has been around for decades, earlier generations of expert systems, knowledge systems, and decision-support systems pale in comparison to the capabilities of the AI of today…and tomorrow. See More

  View All Sponsored News
• December 13, 2022 13 Dec'22

  Citrix ADC and Gateway zero day under active exploitation

  The NSA said that APT5, a suspected Chinese nation-state threat group, is actively exploiting the Citrix zero-day flaw, which affects the vendor's ADC and Gateway products.

• December 12, 2022 12 Dec'22

  Fortinet confirms VPN vulnerability exploited in the wild

  In an advisory Monday, Fortinet urged customers to take steps to immediately mitigate the critical flaw, which was disclosed earlier by French infosec firm Olympe Cyberdefense.

• December 09, 2022 09 Dec'22

  Claroty unveils web application firewall bypassing technique

  Claroty's attack technique bypasses web application firewalls, or WAFs, by tricking those that can't detect JSON as part of their SQL injection detection process.

• December 08, 2022 08 Dec'22

  Risk & Repeat: Breaking down Rackspace ransomware attack

  This Risk & Repeat podcast episode discusses the recent ransomware attack against cloud provider Rackspace, as well as the major service outage affecting its customers.

• December 07, 2022 07 Dec'22

  Vice Society ransomware 'persistent threat' to education sector

  New research from Palo Alto Networks supports recent government warnings that Vice Society poses an increased risk to K-12 schools and higher education.

• December 06, 2022 06 Dec'22

  MegaRAC flaws, IP leak impact multiple server brands

  MegaRAC BMC software from American Megatrends, Inc. have a trio of serious security vulnerabilities that were discovered following an intellectual property leak.

• December 06, 2022 06 Dec'22

  Rackspace confirms ransomware attack after Exchange outages

  The cloud service provider said that because the investigation of the ransomware attack is in the early stages, it is unknown what, if any, customer data was stolen.

• December 05, 2022 05 Dec'22

  Education sector hit by Hive ransomware in November

  The education sector remained a popular target last month, particularly from Hive, a ransomware-a-as-a-service group, that even warranted a government alert in late November.

• December 05, 2022 05 Dec'22

  Rackspace 'security incident' causes Exchange Server outages

  Rackspace has not said what caused the security incident, but the cloud provider said it proactively disconnected its Hosted Exchange offering as it investigates the matter.

• December 02, 2022 02 Dec'22

  Experts argue 'sludge' could muck up cyber attacks

  Network defenders can supplement their security postures with additional settings and policies that frustrate and discourage attackers, according to a new research paper.

• December 01, 2022 01 Dec'22

  Mozilla, Microsoft drop Trustcor as root certificate authority

  Mozilla and Microsoft removed support for TrustCor certificates after a Washington Post report revealed the company's ties to government contractors specializing in spyware.

• December 01, 2022 01 Dec'22

  LastPass warns some customer data accessed in new breach

  LastPass disclosed a new breach, related to the previously disclosed attack in August, that resulted in a threat actor obtaining access to some customer data.

• November 30, 2022 30 Nov'22

  Lockbit 3.0 has BlackMatter ransomware code, wormable traits

  LockBit 3.0 or 'LockBit Black' includes anti-debugging capabilities, the ability to delete Volume Shadow Copy files and the potential ability to self-spread via legitimate tools.

• November 30, 2022 30 Nov'22

  Exchange Server bugs caused years of security turmoil

  The four high-profile sets of security vulnerabilities in Microsoft Exchange Server, disclosed by researcher Orange Tsai, are set to remain a major concern for organizations.

• November 30, 2022 30 Nov'22

  Risk & Repeat: Twitter, Elon Musk and security concerns

  This podcast episode discusses Twitter's security concerns following Elon Musk's acquisition last month, as well as a possible data breach from 2021 that came to light recently.

• November 30, 2022 30 Nov'22

  Tenable: 72% of organizations remain vulnerable to Log4Shell

  New research shows the attack surface remains wide for the Log4j vulnerability, known as Log4Shell, which caused significant problems for organizations over the past year.

• November 28, 2022 28 Nov'22

  Infosec researcher reports possible 'massive' Twitter breach

  The alleged Twitter breach involves a data set from late 2021 and includes the phone numbers and personal information of millions of users in the U.S. and Europe.

• November 23, 2022 23 Nov'22

  Cybereason warns of fast-moving Black Basta campaign

  Threat actors with the Black Basta ransomware-as-a-service group are compromising networks in as little as one hour and stealing sensitive data before disabling DNS services.

• November 22, 2022 22 Nov'22

  Google's new YARA rules fight malicious Cobalt Strike use

  Google's YARA rules detect cracked versions of Cobalt Strike's older releases so that legitimate instances of the red teaming tool, which use the latest version, aren't targeted.

• November 17, 2022 17 Nov'22

  Magecart malware menaces Magento merchants

  Sansec researchers say as many as 38% of commercial customers running the Adobe Commerce and Magento platforms could be infected with Magecart's TrojanOrders malware.

• November 17, 2022 17 Nov'22

  CISA: Iranian APT actors compromised federal network

  CISA said Iranian nation-state actors exploited Log4Shell flaws on an unpatched VMware Horizon server before deploying a cryptominer and attempting to gain persistent access.

• November 17, 2022 17 Nov'22

  LockBit ransomware activity nose-dived in October

  LockBit, the most prolific ransomware group in 2022, had itself a down month as GuidePoint Security researchers reported a 49% decrease in its infections for October.

• November 16, 2022 16 Nov'22

  Risk & Repeat: Researchers criticize HackerOne

  This podcast episode discusses a recent TechTarget Security article about bug bounty platform HackerOne in which researchers aired several complaints about the company.

• November 16, 2022 16 Nov'22

  Rapid7 discloses more F5 BIG-IP vulnerabilities

  While the severity of the issues is relatively low, F5 devices are commonly targeted by attackers to gain persistence inside a network.

• November 15, 2022 15 Nov'22

  Twitter users experience apparent SMS 2FA disruption

  The 2FA notification disruption occurred after CEO Elon Musk announced plans to shutter a majority of Twitter's microservices, though reasons for the outage are unconfirmed.

• November 14, 2022 14 Nov'22

  Moreno Valley school system shores up ransomware defenses

  Moreno Valley Unified School District officials discuss the steps they've taken to better protect sensitive data and critical applications against the growing threat of ransomware.

• November 10, 2022 10 Nov'22

  DOJ charges accused Lockbit ransomware actor

  The U.S. Department of Justice filed criminal charges against a Canadian man with dual Russian citizenship who is accused of being part of the LockBit ransomware crew.

• November 10, 2022 10 Nov'22

  Flashpoint launches new 'ransomware prediction model'

  Flashpoint's new model assigns a 'ransomware likelihood' rating for vulnerabilities contained in the VulnDB database, which contains more than 300,000 flaws.

• November 10, 2022 10 Nov'22

  TrustCor under fire over certificate authority concerns

  TrustCor Systems, a certificate authority registered in Panama, is in hot water after a Washington Post report raised questions about its apparent connections to a spyware vendor.

• November 07, 2022 07 Nov'22

  Microsoft: Nation-state threats, zero-day attacks increasing

  Microsoft's Digital Defense Report 2022 pointed the finger at China, which enacted a new vulnerability disclosure law last year, as the source of many zero-day attacks.

• November 07, 2022 07 Nov'22

  Nozomi Networks CEO talks OT security and 'budget muscle'

  Nozomi Networks CEO Edgard Capdevielle sat down with TechTarget Editorial to discuss the evolution of OT security and the challenge of 'budget muscle' many organizations face.

• November 04, 2022 04 Nov'22

  Honeywell weighs in on OT cybersecurity challenges, evolution

  TechTarget Editorial sat down with Honeywell's Paul Griswold and Jeff Zindel to discuss the rapid growth and evolution of the operational technology cybersecurity industry.

• November 04, 2022 04 Nov'22

  Yanluowang ransomware gang goes dark after leaks

  The Yanluowang ransomware operation appears to have shut down for the time being after an anonymous individual published a series of internal code and chat leaks.

• November 03, 2022 03 Nov'22

  Ransomware on the rise, hitting schools and healthcare

  October ransomware disclosures and public reports tracked by TechTarget Editorial increased from previous months, with notable attacks on education and healthcare organizations.

• November 02, 2022 02 Nov'22

  U.S. Treasury: Ransomware attacks increased in 2021

  A new report from the U.S. Treasury's Financial Crimes Enforcement Network showed an increase in businesses reporting ransomware attacks in the second half of 2021.

• November 01, 2022 01 Nov'22

  OpenSSL vulnerabilities get high-priority patches

  The OpenSSL Project released version 3.0.7 Tuesday to address a pair of high-severity buffer overflow vulnerabilities in the widely used cryptography library.

• October 28, 2022 28 Oct'22

  Risk & Repeat: Microsoft, SOCRadar spar over data leak

  This podcast episode discusses threat intelligence vendor SOCRadar's disclosure of a large Microsoft data leak and the contentious exchange between the two companies that followed.

• October 26, 2022 26 Oct'22

  Ukraine: Russian cyber attacks aimless and opportunistic

  Victor Zhora, a key Ukrainian cybersecurity official, says Russia is acting with "no particular strategy" in its cyber attacks on his country as their military invasion drags on.

• October 26, 2022 26 Oct'22

  Cisco, CISA warn 2 AnyConnect flaws are under attack

  CISA added two Cisco AnyConnect flaws to its Known Exploited Vulnerabilities catalog, which signals active exploitation and an urgency to patch.

• October 26, 2022 26 Oct'22

  Researchers criticize HackerOne over triage, mediation woes

  HackerOne researchers told TechTarget Editorial that they regularly encountered months-long wait times for responses and a mediation process that rarely favors researchers.

• October 25, 2022 25 Oct'22

  Cryptomining campaign abused free GitHub account trials

  Cloud security vendor Sysdig uncovered the largest cryptomining operation it's ever seen as threat actors used free account trials to shift the costs to service providers.

• October 25, 2022 25 Oct'22

  Apple patches actively exploited zero-day iOS bug

  The iOS zero-day was joined by a slew of other vulnerabilities in Apple's Oct. 24 security update. The iOS 16 update contained patches for 13 arbitrary code execution flaws.

• October 24, 2022 24 Oct'22

  CISA warns of ransomware attacks on healthcare providers

  A new CISA advisory warned administrators at hospitals and healthcare providers about newly discovered ransomware variant, dubbed Daixin Team, that poses a particular threat.

• October 21, 2022 21 Oct'22

  BlackByte ransomware using custom data exfiltration tool

  Symantec researchers say BlackByte ransomware may be poised to move into the elite ransomware ranks, as the group has begun developing its own custom malware tools.

• October 20, 2022 20 Oct'22

  Brazil arrests alleged Lapsus$ hacker

  Federal police in Brazil arrested a person accused of being a key member of the Lapsus$ hacking group on charges related to the takedown of government websites.

• October 19, 2022 19 Oct'22

  ProxyLogon researcher details new Exchange Server flaws

  After testing Microsoft's mitigations for ProxyLogon, security researcher Orange Tsai discovered new Exchange Server bugs, including one flaw that took more than a year to fix.

• October 19, 2022 19 Oct'22

  Mandiant launches Breach Analytics for Google's Chronicle

  Mandiant Breach Analytics for Google Cloud's Chronicle marks a new product launch from the security giant after its acquisition by Google was completed last month.

• October 19, 2022 19 Oct'22

  Azure vulnerability opens door to remote takeover attacks

  Orca Security researchers uncovered a flaw in Azure Service Fabric that was fixed in last week's Patch Tuesday. It allows elevation of privilege and remote takeover of nodes.

• October 18, 2022 18 Oct'22

  Python vulnerability highlights open source security woes

  A 15-year-old unpatched vulnerability in a tarfile module for the Python programming language prompted researchers from cybersecurity vendor Trellix to take action.

• October 14, 2022 14 Oct'22

  Risk & Repeat: Breaking down the Joe Sullivan conviction

  This podcast episode discusses conviction of former Uber CSO Joe Sullivan, who was found guilty last week of covering up the company's 2016 data breach.

• October 13, 2022 13 Oct'22

  NPM API flaw exposes secret packages

  A flaw in the API for NPM could potentially allow a threat actor to see the internal packages for corporate users -- a possible first step for a supply chain attack.

• October 13, 2022 13 Oct'22

  Despite LockBit rebound, ransomware attacks down in 2022

  LockBit cybercriminals are back in action with new ransomware attacks and publicity pushes. But many other new groups saw lower levels in activity in Q3, according to Cyberint.

• October 11, 2022 11 Oct'22

  NPM malware attack goes unnoticed for a year

  A cybercriminal crew known as "LofyGang" poisoned software supply chains with bad NPM packages for more than a year, according to Checkmarx researchers.

• October 11, 2022 11 Oct'22

  BlackByte ransomware uses new EDR evasion technique

  Attackers deploying the BlackByte ransomware strain are using vulnerable drivers to target a part of the operating system that many security products rely on for protection.

• October 11, 2022 11 Oct'22

  Critical Fortinet vulnerability under active exploitation

  Fortinet said the critical vulnerability affects three of its services -- FortiOS, FortiProxy and FortiSwitch Manager -- and urged customers to take immediate action.

• October 11, 2022 11 Oct'22

  LinkedIn scams, fake Instagram accounts hit businesses, execs

  Even the most secure business and executive social media accounts that have strong passwords and multifactor authentication are vulnerable to cloning schemes.

• October 11, 2022 11 Oct'22

  Google launches new supply chain security offerings

  Securing the software supply chain, especially open source libraries, was a major theme behind the new products released at the Google Cloud Next '22 conference.

• October 07, 2022 07 Oct'22

  CISA lists top vulnerabilities exploited by Chinese hackers

  The U.S. government published a list of the most commonly exploited vulnerabilities exploited by Chinese state-sponsored actors, including Log4Shell and the ProxyLogon bugs.

• October 06, 2022 06 Oct'22

  Former Uber CSO Joe Sullivan found guilty in breach cover-up

  Sullivan was convicted of obstruction of proceedings of the Federal Trade Commission and misprision of felony in connection with the cover-up of Uber's 2016 data breach.

• October 05, 2022 05 Oct'22

  APTs compromised defense contractor with Impacket tools

  A CISA alert warned that APT actors compromised a defense contractor's Microsoft Exchange server and used Impacket, an open source Python toolkit, to move laterally in the network.

• October 05, 2022 05 Oct'22

  Ransomware attacks ravage schools, municipal governments

  Attacks disclosed in September revealed that K-12 schools, universities and local governments continued to suffer at the hands of gangs such as Vice Society and BlackCat/Alphv.

• October 04, 2022 04 Oct'22

  Secureworks finds network intruders see little resistance

  A report from Secureworks found that in many network intrusions, the attackers only need to employ basic, unsophisticated measures to evade detection.

• October 04, 2022 04 Oct'22

  Tenable shifts focus, launches exposure management platform

  The company said it's expanding beyond vulnerability management to address the growing attack surface and the challenges customers face to address it.

• October 03, 2022 03 Oct'22

  Intermittent encryption attacks: Who's at risk?

  Threat analysts have observed some ransomware gangs using a new technique that only partially encrypts victims' files, which could evade some ransomware defenses.

• September 30, 2022 30 Sep'22

  Microsoft Exchange Server targeted with zero-day vulnerabilities

  Microsoft warned that two unpatched zero-day vulnerabilities are being exploited against Exchange Server, a problem that's causing déjà vu for some researchers.

• September 29, 2022 29 Sep'22

  Cobalt Strike malware campaign targets job seekers

  Cisco Talos researchers spotted a new wave of phishing attacks that target job seekers in the U.S. and New Zealand, infecting them with Cobalt Strike beacons.

• September 29, 2022 29 Sep'22

  Unit 42 finds polyglot files delivering IcedID malware

  Palo Alto Networks' Unit 42 says attackers are using decoy Microsoft Compiled HTML Help files containing multiple file formats to infect systems with information-stealing malware.

• September 29, 2022 29 Sep'22

  Mandiant spots new malware targeting VMware ESXi hypervisors

  Mandiant researchers said the backdoors were installed with a novel technique that used malicious vSphere Installation Bundles, though it's unclear how initial access was achieved.

• September 28, 2022 28 Sep'22

  NCC Group: IceFire ransomware gang ramping up attacks

  While the ransomware group was first observed in March, IceFire emerged on NCC Group's radar last month when attacks against English-speaking organizations soared.

• September 26, 2022 26 Sep'22

  Critical Sophos Firewall bug under active exploitation

  Sophos said the exploitation of the critical firewall vulnerability has, at this time, affected "an extremely small subset of organizations" predominantly located in South Asia.

• September 23, 2022 23 Sep'22

  Malicious NPM package discovered in supply chain attack

  Threat actors are circulating a look-alike version of the Material Tailwind NPM package to infect developers for supply chain malware attacks, according to ReversingLabs.

• September 23, 2022 23 Sep'22

  Risk & Repeat: Uber and Rockstar Games hacked

  This podcast episode discusses recent hacks against Uber and Rockstar Games, the techniques of the attackers and the possible connection to the Lapsus$ cybercrime group.

• September 22, 2022 22 Sep'22

  15-year-old Python vulnerability poses supply chain threat

  Trellix researchers issued a call for help to patch a vulnerable software module, which was found in more than 300,000 open source GitHub repositories.

• September 21, 2022 21 Sep'22

  Cybercriminals launching more MFA bypass attacks

  New research from Okta shows that cybercrime groups have stepped up their attacks on multifactor authentication systems in an effort to thwart account security measures.

• September 21, 2022 21 Sep'22

  Cobalt Strike gets emergency patch

  The developer of Cobalt Strike issued an out-of-band security update to address a cross-site scripting vulnerability in the popular penetration testing suite.

• September 19, 2022 19 Sep'22

  Uber says Lapsus$ hackers behind network breach

  Uber said a hacker from the Lapsus$ group used stolen credentials from a contractor to gain access to several important silos within its internal network.

• September 19, 2022 19 Sep'22

  Rockstar Games confirms hack after 'Grand Theft Auto' leak

  A threat actor this weekend published in-development footage from a forthcoming 'Grand Theft Auto' video game and claimed to have breached its publisher, Rockstar Games.

• September 16, 2022 16 Sep'22

  DOJ drops report on cryptocurrency crime efforts

  The U.S. Department of Justice issued a report to President Biden on its various enforcement efforts around cybercrime and digital currency, as well as looming challenges.

• September 16, 2022 16 Sep'22

  Risk & Repeat: The White House wants secure software

  This podcast episode discusses the implications of the Biden administration's new purchasing and usage guidelines for software utilized by U.S. federal agencies.

• September 16, 2022 16 Sep'22

  Uber responds to possible breach following hacker taunts

  Security researchers spotted suspicious activity on Uber's HackerOne page when the alleged hacker posted messages claiming they had compromised the ride-share company's network.

• September 15, 2022 15 Sep'22

  Transparency, disclosure key to fighting ransomware

  Current and former CISA members say the best methods for curbing ransomware attacks are organizations reporting attacks and assisting in investigations.

• September 15, 2022 15 Sep'22

  Webworm retools old RATs for new cyberespionage threat

  Symantec's Threat Hunter Team uncovered a new cyberespionage campaign run by a threat group named Webworm, which uses customized versions of old remote access Trojans.

• September 14, 2022 14 Sep'22

  U.S. drops the hammer on Iranian ransomware outfit

  The departments of Justice and the Treasury announced criminal charges and sanctions against a group of Iranian nationals accused of running an international ransomware operation.

• September 14, 2022 14 Sep'22

  Biden issues cybersecurity guidance for software vendors

  The guidance is an extension of President Biden's cybersecurity executive order from 2021 and includes new requirements for software deployed in federal agencies.

• September 13, 2022 13 Sep'22

  Secureworks reveals Azure Active Directory flaws

  Secureworks published details of what it claims are significant security flaws in Azure's authentication system, but Microsoft has dismissed them as non-issues.

• September 13, 2022 13 Sep'22

  CrowdStrike threat report: Intrusions up, breakout time down

  According to a new report by CrowdStrike's threat hunting team, Falcon OverWatch, attempted intrusions against the healthcare sector doubled year over year.

• September 08, 2022 08 Sep'22

  LockBit gang leads the way for ransomware

  New research from Malwarebytes shows LockBit is far and away the most prolific ransomware gang, with hundreds of confirmed attacks across the globe in recent months.

• September 08, 2022 08 Sep'22

  Cisco Talos traps new Lazarus Group RAT

  The North Korean-backed Lazarus Group has deployed a new type of remote access Trojan that has already been turned against foreign government networks and private energy companies.

• September 07, 2022 07 Sep'22

  Google: Former Conti ransomware members attacking Ukraine

  Google said former members of the Conti ransomware gang are operating as part of threat group UAC-0098, which is conducting attacks of both political and financial nature.

• September 06, 2022 06 Sep'22

  Healthcare and education remain common ransomware targets

  August disclosures showed ransomware attacks against education and healthcare entities resulted in slow recovery times and the potential loss of highly sensitive information.

• September 06, 2022 06 Sep'22

  Ransomware hits Los Angeles Unified School District

  The second-largest public school system in the U.S. confirmed a ransomware attack caused districtwide disruption to various services over the holiday weekend.

• September 01, 2022 01 Sep'22

  Researcher unveils smart lock hack for fingerprint theft

  An academic researcher demonstrated how IoT smart locks could become tools for attackers to covertly steal fingerprints and potentially access more sensitive personal data.

• September 01, 2022 01 Sep'22

  Microsoft discloses 'high-severity' TikTok vulnerability

  The flaw in TikTok's Android app is the latest security concern for the social media company, which was criticized last month for having keylogging functionality in its iOS app.

• August 30, 2022 30 Aug'22

  Microsoft Excel attacks fall out of fashion with hackers

  Hornetsecurity researchers say newly introduced safety measures from Microsoft have driven cybercriminals away from using Excel as a malware infection tool.

• August 30, 2022 30 Aug'22

  FBI warns attacks on DeFi platforms are increasing

  As cryptocurrency interest soars, cybercriminals are cashing in on the immaturity of some DeFi platforms and stealing hundreds of millions of dollars from investors.