NEWSROOM

The NSA warned all federal employees, leading protection architects, and noncombat or civilian personnel that hackers could take an edge or advantage of the public Wi-Fi in coffee shops, airports, and hotel rooms.

Alejandro Mayorkas, the new DHS secretary, says his priorities include reviewing all available intelligence on the SolarWinds supply chain hack and scrutinizing government's cybersecurity programs.

Researchers identified two security bugs. One was a rate-limiting bypass under a non-default configuration, which defeats the purpose of the plugin, and the other was an unauthenticated reflected XSS.

The DoD's Cyber Crime Center will soon be accepting applications for a limited number of companies within the defense industrial base to benefit from security researchers already working for it.

The losses stemmed "primarily because of the Company's need to temporarily suspend its electronic data interfaces with its customers," Forward Air said in SEC documents filed today.

A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service (DDoS) attacks.

Cloud security company Digital Defense will join HelpSystems' growing cybersecurity portfolio to enable customers to access a more comprehensive security assessment toolkit.

Oxfam Australia told BleepingComputer they are investigating the breach and reported it to the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC).

Kaspersky has released a decryptor for the Fonix Ransomware (also known as Xinof and Fonixcrypter), which launched in June 2020, that allows victims to recover their encrypted files for free.

All the backdoored browser add-ons have been taken down by Google and Microsoft as of December 18, 2020, to prevent more users from downloading them from the official stores.

SonicWall issued a patch for two vulnerabilities in its Secure Mobile Access 100 series products featuring 10.x firmware, which malicious actors exploited in an attack against the firm last month.

Zero-day flaws are a problem because they may be exploited for long periods of time before they're detected and dealt with. There were 24 of them in 2020, four more than in 2019.

The TeamTNT gang has ramped up its attacks on the cloud over the past few months, this time launching a new malware campaign targeting Kubernetes clusters that culminated in a crytpojacking operation.

Microsoft announced that Defender for Endpoint will now also help admins discover OS and software vulnerabilities affecting macOS devices on their organization's network.

Various kinds of drones are increasingly breaching the security lines of restricted areas, and whenever a drone crosses into an unauthorized territory, security teams must determine if it's hostile.

Cisco has addressed multiple pre-auth RCE vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices.

The web shell provides attackers with tools to work with files and databases on the targeted server, collect sensitive information, infect files, and conduct brute force attacks.

An advisory by the NSA and the FBI shares information on how Drovorub works, how it can be detected, and how organizations can protect their systems against attacks involving the malware.

Vermont Labor Department officials remain on damage control a day after revealing a massive data breach involving tens of thousands of 1099-G unemployment tax forms sent to the wrong people.

The leaked database contains information of over 472,695 members, including their display name, email address, MD5 hashed passwords, optional Skype account names, optional birthday, and IP address.

Trickbot recently added a fresh module to scan local network systems with open ports for quick lateral movement. Names masrv,  the component incorporates a copy of the Masscan open-source utility.

A flaw can be harmless, but zero-days represent vulnerabilities that can be turned into weapons. And governments have been buying them and storing them in vaults, like vials of the bubonic plague.

The data broker, Predicio, has been linked to a supply chain of data involving a US government contractor that has worked with security agencies including Customs and Border Protection and the FBI.

Cyberspace Solarium Commission has called for a systematic way for critical private-sector entities to share cyber incidents toward gleaning more information about necessary defensive measures.

Researchers have linked recent TeamTNT botnet activity to extraction and stealing of Docker and AWS credentials. Previously, it would mine cryptocurrency only on misconfigured container platforms.

The Ryuk operators are believed to have earned over $150 million in ransom payments from its attacks around the world, according to a new report by Advanced Intelligence and HYAS.

Ellicott City-based cybersecurity firm Huntress has made its first acquisition. The firm has acquired a technology and intellectual property portfolio from San Antonio-based startup Level Effect.

North Korean APT37 group was found targeting the South Korean government in a new campaign using malware that finds its way through the memory of Microsoft Office.

Intel announced it is adding ransomware detection capabilities to its new 11th Gen Core vPro processors through improvements to its Hardware Shield and Threat Detection Technology (TDT).

The company, co-founded by Baton Rouge-based Plexos Group and several industry experts, specializes in supporting cyber insurance carriers, lawyers, brokers, and their clients through crises.

A wave of attacks against companies in Columbia uses a trio of RATs to steal confidential, sensitive data. The campaign, dubbed Operation Spalax, was revealed by ESET researchers on Tuesday.

Forcepoint, formerly known as Websense, provides behavior-based cybersecurity solutions that protect the critical data and networks of thousands of customers worldwide by adapting to risk in realtime.

Cybercriminals have modified these otherwise legitimate apps (available on the Google Play Store) to add malicious features that seem completely focused on covert surveillance and espionage.

Insufficient validation of authentication parameters in GitLab Page for GitLab versions 11.5 onwards gives potential attackers the ability to steal a user's API access token through GitLab Pages.

Founded in 2005 and headquartered in Montréal, In Fidem has expertise in cloud security, digital identity, risk management, security operations, digital forensics, and cyber breach response.

A recently observed variant makes analyzing even more difficult as it embeds a run-only AppleScript into another scripts and uses URLs in public web pages to download the actual Monero miner.

The bug was fixed in January 2020, after it was identified in December 2019, by David Schütz, a computer science student in Hungary, and reported to Google through the company's bug bounty program.

The 'Rogue' RAT infects victims with a keylogger, allowing attackers to easily monitor the use of websites and apps in order to steal usernames and passwords, as well as financial data.

Microsoft has released a new version of the Sysinternals package and updated the Sysmon utility with the ability to detect Process Herpaderping and Process Hollowing attacks.

Those best practices would need to comply with recommendations from or protecting data from the National Institute of Standards and Technology or some other government-endorsed standards body.

The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.

"We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider," Ubiquiti said in emails sent to customers today.

The Pentagon has six months to release a full report on what they know about the existence of Unidentified Aerial Phenomena (UAP) - or UFOs to the rest of us. This creates room for new phishing scams.

Colorado-based short line rail operator and logistics provider OmniTRAX was hit by a recent ransomware attack and data theft that targeted its corporate parent, Broe Group.

Enterprise use of biometrics for security may see an uptick by organizations looking to defend themselves from attacks, but they must weigh the concerns against the benefits.

The company's unsecured ElasticSearch database contained personally identifiable information (PII) from at least 214 million people from around the world using Facebook, Instagram, and LinkedIn.

The number of U.S. federal agencies confirmed to have been breached in a suspected Russian espionage campaign will likely increase as the investigation continues, the head of the CISA said.

CrowdStrike, one of the companies directly involved in investigating the SolarWinds supply chain attack, said today it identified a third malware strain directly involved in the recent hack.

Microsoft Teams is prone to the same phishing hazards, impersonation scams and privacy violations as email is, yet many users naïvely treat this and other workplace communications platforms with inherent trust.

The most important of these use-after-free issues affect autofill, drag and drop, and media components, and are tracked as CVE-2021-21106, CVE-2021-21107, and CVE-2021-21108, respectively.

Columbia, Maryland-based cybersecurity company Owl Cyber Defense Solutions LLC announced Tuesday it has acquired Fairfax-based Trident's Assured Collaboration Systems (ACS) product line.

Nvidia fixed a slew of high-severity flaws affecting its graphics driver, which could lead to denial of service attacks, privilege escalation, and tampering with or spying on sensitive data.

A newly identified malware attack campaign has been exfiltrating emails from targeted organizations using a JavaScript backdoor injected into a webmail system widely used in Taiwan.

This PsExec zero-day is caused by a named pipe hijacking vulnerability which allows attackers to trick PsExec into re-opening a maliciously created named pipe and giving it Local System permissions.

COVID-19 vaccines have been approved in some countries while many are conducting their trials. Cybercriminals are taking advantage of these much-awaited developments to steal credential and payment data from unsuspecting users.

Lacework, which provides automated containerized workload defense, intrusion detection, and compliance solutions, announced its $525 million Series D funding round valuing it at over $1 billion.

This vulnerability in the user interface of FortiWeb allowed an unauthenticated, remote attacker to execute arbitrary SQL queries or commands before it was resolved, an advisory from Fortinet admits.

Dragos has hired Steve Applegate, former VP and Deputy CISO at PepsiCo, as Chief Information Security Officer (CISO). The cybersecurity veteran took to LinkedIn to share the news this week.

The UK's flag-carrier airline is planning to begin settlement discussions that could see customers who became the victims of a data breach receive a compensation payout of up to ~$4 billion.

Seven years ago, Mozilla opened a bug post to discuss whether the backspace key should be disabled but decided at the time not to make any changes. Now, it is finally disabled to prevent data loss.

In the early hours of October 1, 2019, Alabama's DCH Health System fell victim to an extended ransomware attack which forced it to close all three of its state hospitals.

Program slicing is a way of abstracting code into smaller groups of statements called slices. Slices are formed by following how a particular variable's value affects or is affected by other variables

The use of scalping bots was once the domain of tickets for sporting events or concerts. But recently, it has become increasingly prevalent in e-commerce and online retail.

Multiple malware authors are using the "Ezuri" crypter and memory loader to make their code undetectable to antivirus products. Source code for Ezuri, written in Golang, is available on GitHub.

The risk of these supply chain hacks is much higher than previously acknowledged, due to the high level of connectivity across different critical infrastructure sectors in the economy.

The Git server, a Bitbucket instance, was taken offline yesterday after the data started circulating on Monday in the form of torrent links shared on Telegram channels and hacking forums.

President-elect Joe Biden plans to pluck a career intelligence official from the National Security Agency to serve in a newly created cybersecurity role on his National Security Council.

After hacking masked credit and debit card data of crores of Juspay users, the same hacker possibly known as 'ShinyHunters' is now selling databases belonging to three more Indian companies.

According to court documents, the six conspirators placed credit card skimming devices on gas pumps located in Northampton County within the Eastern District of Virginia.

The UK's vital 'goal-line' protection against such threats has also been well covered, especially since the creation of the UK's innovative National Cyber Security Centre (NCSC).

The DDoSecrets group is also offering to privately share an additional 1.9 terabytes of data from more than a dozen other firms with selected journalists or academic researchers.

For months hackers have been poking around computer networks at U.S. government departments, Fortune 500 companies, and possibly higher education institutions and research organizations -- undetected.

New research from security firm Veritas found that 86% of public sector respondents targeted with ransomware refused to pay, compared to an average of 43% across all verticals.

A recent psychological study found that people are more likely to reveal personal and confidential information in less-formal settings, such as casual conversation or on social networks.

In the shadow of the recent Conti ransomware attack on Advantech, the question of just how long the golden goose of ransomware can continue to pay dividends is on everyone's minds.

The Dridex banking trojan first appeared in 2014 and is still one of the most prevalent malware families. In March 2020, Dridex topped the list of the most wanted malware.

The group uses a file with an embedded macro that uses a VBA self decoding technique to decode itself within the memory spaces of Microsoft Office without writing to the disk.

Newly promoted Brig. Gen. Robert Powell will serve as a deputy commanding general of cyber for the 335th Signal Command, specializing in overseeing the unit's cyber activities.

This sample is using the known technique of blurring images in documents to encourage users to enable macros. While quite simple this is fairly common and effective against users.

Hack the Army 3.0, whose goal is to help the U.S. Army secure its digital assets and protect its systems against cyberattacks, takes place between January 6 and February 17.

The DOJ learned of the hack on December 24th, at which point it closed the vulnerability. It said it doesn't have any evidence that suggests the hackers accessed any classified information.

Scammers have been impersonating Singapore government officials since December in what police on Tuesday (Jan 5) described as a new variant of bank-related phishing scams.

Russian hackers may have piggybacked on a tool developed by JetBrains, which is based in the Czech Republic, to gain access to federal government and private sector systems in the United States.

The latest funding comes in the form of $65m in debt financing from US investment firm Keybanc Capital Markets, the Irish Times reports. Sysnet also announced the acquisition of NuArx.

A new worm written in Golang turns Windows and Linux servers into XMRig Miner. Researchers say it may be preparing to target additional weak configured services in its future updates.

Experts reveal the StrongPity APT group could have links with state-sponsored campaigns with the ability to search and exfiltrate multiple files or documents from the victim's machine.

Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump.

The National Security Agency (NSA) has shared guidance on how to detect and replace outdated Transport Layer Security (TLS) protocol versions with up to date and secure variants.

A researcher who noted that using the "People Nearby" feature of popular messaging app Telegram exposed the exact location of the user has been told that it's working as expected.

A data breach at Aurora Cannabis has exposed the personal information of an unknown number of the Canadian company's current and former employees, Marijuana Business Daily has learned.

COVID-19 vaccine scams offering cheap and quick shots are on the rise, according to European and U.S. government officials who are warning the public of fraudsters out for money and personal data.

Cisco Talos recently discovered multiple vulnerabilities in SoftMaker's TextMaker software. A user could trigger these vulnerabilities by opening an attacker-created, malicious document.

Attackers leverage holes in default security configurations on Magento stores to inject a CSS code that has the capability to siphon off the credit card details of unsuspecting users.

The funding round was led by NightDragon and global investment firm Francisco Partners. The fresh financing will be spent on supporting the company's "rapid growth" in a market it says is worth $25bn.

Each Babuk Locker executables analyzed by BleepingComputer has been customized on a per-victim basis to contain a hardcoded extension, ransom note, and a Tor payment URL.

North Korean hacking group Thallium aka APT37 has targeted users of a private stock investment messenger service in a software supply chain attack, according to a report published this week.

This week a threat actor leaked data of 10,000 Mexico-based American Express credit cardholders on a forum. The finding was brought to light by threat intelligence analyst, Bank Security.

The plan sets forth how the United States government will defend the American economy through enhanced cybersecurity coordination, policies and practices, aimed at mitigating maritime cyber risks.

The campaign, first detected in December, is believed to have claimed over 6,500 victims based on the number of unique visitors to the Pastebin pages used to locate the command and control servers.

Caveonix, which was founded in 2017, announced it has raised $7.3 million in Series A funding. The round was led by First In Capital, as well as other early investors in the company.

Scammers coordinating these attacks are also actively attempting to convince potential victims to install remote administration and desktop sharing software to steal the targets' banking information.

A group of U.S. intelligence agencies on Tuesday formally accused Russia of being linked to the recently discovered hack of IT group SolarWinds that compromised much of the federal government.

Researchers at Morphisec Labs have published fresh details about a malware variant called JSSLoaderwritten in the .NET language, that the FIN7 hacking group has used for several years.

Ho Mobile, an Italian mobile operator, owned by Vodafone, has confirmed a massive data breach on Monday and is now taking the rare step of offering to replace the SIM cards of all affected customers.

This development is being driven by the many immediate gains that can be achieved using machine learning models in diverse domains, from image recognition to credit risk prediction.

Websites of multiple Indian government departments, including national health and welfare agencies, are leaking COVID-19 lab test results for thousands of patients, the BleepingComputer reported.

According to a new report by Check Point Research, cyberattacks targeting healthcare organizations have spiked by 45% since November 2020 as COVID-19 cases continue to increase globally.

Addressed as part of the 2021-01-01 security patch level and tracked as CVE-2021-0316, the most important of these flaws is a critical remote code execution bug in System.

The NameSouth archive leaked by NetWalker includes financial and accounting data, credit card statements, personally identifiable employee information, and various legal documents.

With students returning to online classrooms after the holidays, the FBI expects a proliferation of cyber threats targeting K-12 schools and distance learning platforms.

SolarWinds and some of its top executives have been hit with a class-action lawsuit by stockholders, who allege the firm lied and misled them about security practices leading up to the recent breach.

Supply chain attacks have gained a lot of popularity among cybercriminals as inclusion or intrusion in a project can impact plenty of users and go undetected for a long time.

The agenda created by the Aspen Group aims to help federal lawmakers in prioritizing, strategizing, and implementing actionable cybersecurity initiatives.

Users who sell their devices without wiping them first could be handing their personal information and passwords on to others who might be unscrupulous when dealing with that data.

While ransomware is an act of extortion aimed at separating users and enterprises from their money, some operators appear to look at the relationship with victims as a kind of business partnership.

According to reports that have surfaced starting with December 21st, 2020, a DDOS attack used DTLS to amplify traffic from susceptible Citrix ADC devices dozens of times.

Online users are more likely to reveal private information based on how website forms are structured to elicit data, Ben-Gurion University of the Negev (BGU) researchers have determined.

Before the idea of CMMC, companies within the defense industrial base simply pledged their adherence to cybersecurity practices outlined by the National Institute of Standards and Technology.

Egregor, in recent months, appears to have hacked more than 130 targets, including schools, manufacturing firms, logistics companies, and financial institutions, according to security firm Sophos.

Payment services provider Juspay, which processes transactions for online giants like Amazon, Swiggy, and other companies, on Monday admitted to a data breach that took place in August 2020.

Hacking incidents, including ransomware and phishing attacks, as well as security incidents involving vendors dominated the federal tally of major health data breaches in 2020.

As companies continue to peel back the layers of the SolarWinds compromise and investigate its impact, some are seeing security strategies implemented years ago put to the test.

The New York Times also learned that some SolarWinds software is maintained in Eastern Europe and investigators in the U.S. are now trying to determine if the breach originated there.

Thoma Bravo announced the completion of its strategic growth investment in Venafi. J.P. Morgan Securities served as financial advisor to Venafi and Orrick served as its legal counsel.

Rock RMS, a 'relationship management system' for churches, was affected by a pair of critical vulnerabilities that could lead to account takeover and remote code execution (RCE).

Cyberspace Solarium Commission co-chairs called the legislation "the most comprehensive and forward-looking piece of national cybersecurity legislation in the nation's history."

Over 500,000 stolen credentials tied to the top 25 gaming firms were found on caches of breached data online and up for sale at criminal marketplaces, according to researchers at Kela.

T-Mobile reported a breach that compromised customer data, the company's fourth in three years, raises questions about whether its massive merger with Sprint left the combined company more vulnerable.

It wasn't the best of New Year's Day mornings for some Check Point customers; in addition to possible hangovers, those who lagged with their patching had been left with inoperable systems.

Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stole employees' banking and social security information.

An attack method called unCaptcha discovered in 2017 for defeating the audio version of Google's reCAPTCHA system using speech-to-text services has once again been resurrected.

Unless resilience starts to be factored into the considerations of complex logistical networks behind the global economy, disruption to supply chains will remain a significant operational risk factor.

In a blog post last month, Xavier Mertens, a security researcher with the SANS Internet Storm Center, said he discovered a new malware strain that is using WiFi BSSID for victim identification.

Security companies Netwrix and Stealthbits today confirmed their merger. The new company will operate under the Netwrix name and sell seven core products focused on information security.

The New York-based clinical laboratory Apex fell victim to a cyberattack claimed by the DoppelPaymer ransomware gang on December 15, 2020, the company has confirmed in a notification on its website.

An untrusted deserialization vulnerability, tracked as CVE-2021-3007, disclosed this week in how Zend Framework can be exploited by attackers to achieve remote code execution on PHP sites.

Researchers have discovered that the Chinese espionage group APT27 has moved into more financially-motivated cybercrimes, using ransomware to encrypt core servers at major gaming companies worldwide.

So much remains unknown about what is now being called the Sunburst hack, the cyberattack against U.S. government agencies and corporations. U.S. officials widely believe that Russian state-sponsored hackers are responsible.

Security researchers have warned gaming companies to improve their cybersecurity posture after discovering 500,000 breached employee credentials and a million compromised internal accounts on the dark web.

The extent and impact of the SolarWinds hack became even more apparent - and terrifying - over the holiday break. On New Year's Eve, SolarWinds confirmed that it has identified malware that exploited the flaws introduced to Orion products.

This PowerShell script is also used by threat actors to download a legitimate image file from image hosting service Imgur and decode an embedded Cobalt Strike script to target Windows systems.

Fileless malware is a bit of a misnomer. While traditional malware contains the bulk of its malicious code within an executable file saved to the victim's storage drive, fileless malware's malicious actions reside solely in memory.

In a recent report, Octoverse revealed that almost a fifth (around 17%) of all software bugs in GitHub were intentionally placed as backdoors by cybercriminals.

During a routine Dark web monitoring, the Research team at Cyble found multiple posts where threat actors are offering for sale alleged data leaks related to Chinese citizens.

A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft purposes.

Russian hackers staged their attacks from servers inside the U.S. - sometimes using computers in the same town or city as the victims, cybersecurity company FireEye revealed to the New York Times.

Financial institutions in the U.S. and Canada are under threat from a new credential stealer that targets various browsers such as Chrome, Opera, and Microsoft Edge.

Researchers from security firm ThreatNix spotted a new large-scale campaign abusing Facebook ads. Threat actors are using Facebook ads to redirect users to Github accounts hosting phishing pages used to steal victims' login credentials.

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices.

Security experts from threat intelligence firm Cyble have found several documents relating to the Covid-19 vaccine allegedly stolen from the European Medicines Agency (EMA) leaked in the Darkweb.

From SolarWinds hack to vaccine-related attacks, the final weeks of a challenging year have proven even more difficult with the exposure of the latest serious nation-state cyberattack.

Researchers have found a new credit card skimmer that is capable of affecting multiple e-commerce hosting platforms such as Shopify, Zencart, Woocommerce, and BigCommerce.

Researchers reported a new strand of malware, purportedly by the MuddyWater APT group, that downloads a PowerShell script from GitHub, Imgur to targeted systems.

The disclosure highlights the broad reach of the attackers, whom investigators have described as extremely sophisticated and well-resourced. And it suggests that corporate espionage may have been as much a motive as a hunt for government secrets.

One of the biggest brands in the music and events business, Ticketmaster, has agreed to pay a $10 million fine for "computer intrusion and fraud offenses" after employees used stolen credentials to spy on a competitor.

With the Flash Player officially reaching the end of life tomorrow, Adobe has started to display alerts on Windows computers recommending that users uninstall Flash Player.

The City of Cornelia's data system is offline following a ransomware attack the day after Christmas. City Manager Donald Anderson confirmed the attack in a press release to local media on Tuesday.

Sberbank, a major money lender in the Russian Federation, has released a report that claims that the loss incurred by Russian companies because of cyberattacks in 2020 was about $49 billion.

This breach occurred when GetSchooled, a charity founded by the Bill & Melinda Gates Foundation in collaboration with Viacom, left a database open to anyone with a browser and internet connection.

The archive was leaked on November 27-28. It appears to have been posted on the hacker forum after Door Controls USA seemingly refused to pay ransom to attackers who breached the company's network.

The Virginia senator, Mark Warner, said gaps in U.S, and international law are making it difficult for the government to prevent large-scale hacks and called for tighter controls to be enacted.

The internal networks of Lithuania's National Center for Public Health (NVSC) and several municipalities have been infected with Emotet following a large campaign targeting the country's institutions.

T-Mobile states that the breach did not expose account holders' names, physical addresses, email addresses, financial data, credit card details, social security numbers, tax IDs, passwords, or PINs.

FireEye has named the threat actor "UNC2452," and Volexity dubbed the threat actor "Dark Halo," stating that the actor is the same as UNC2452, though FireEye has not substantiated that claim.

The unprecedented cyber attack on U.S. government agencies reported this month may have started earlier than last spring as previously believed, a U.S. senator involved in cybersecurity said.

In an update posted late last night, CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version by the end of the year.

The files DataBreaches.net saw contain a lot of operational files and documents, including human resources files involving named personnel who were tested for COVID-19 and their test results.

Security consulting firm Cerberus Cyber Sentinel Corporation has acquired penetration testing company Alpine Security, to beef up their penetration testing and regulatory compliance offerings.

The attack uses three files: a dropper script (bash or PowerShell), a Golang binary worm, and an XMRig Miner-all of which are hosted on the same command and control server.

While in 2020 organizations were focused on adapting existing technology to borderless and disconnected environments, we will see a massive shift to cloud-native solutions in 2021.

According to security experts, about one in 20 web servers could be vulnerable to cross-layer and DNS poisoning attacks due to a flaw in the Linux kernel. The flaw also affects millions of Android devices.

The European Medicines Agency (EMA) was recently targeted in a cyberattack, in which documents associated with vaccine development had been accessed.

GenRx Pharmacy, a Scottsdale, Arizona-based healthcare organization, has warned hundreds of thousands of patients over a potential data breach following a ransomware attack earlier this year.

The college has become aware of a data security incident that may have involved the personal information of certain community members. It is offering complimentary credit monitoring services to them.

More than 4 in 10 firms in North America use out-of-date technology and lose nearly 50% more money in a data breach than companies running updated software and hardware, a new Kaspersky report said.

In almost 44% of cases, developers of computer programs fix discovered vulnerabilities in products from the point of view of information security only after three months due to slow software updates.

Limited visibility into complex cloud infrastructure makes it harder for CISOs to monitor and report on risk profiles; and compliance efforts can't keep up with the cloud's fast development cycle.

The attack took place on the General Medical Laboratory (AML) in the Antwerp district of Hoboken. Hackers installed ransomware on the lab's website, bringing it to a standstill.

The Voyager crypto brokerage platform halted trading yesterday after suffering an attack targeting their DNS configuration. It was later disclosed that an attack was conducted against the platform.

Hackers installed keylogger and copied NZBGeek database exposing personal details of all users. While operating smoothly, as the site normally does, suddenly the site became unreachable.

"Recently, offenders have been using victims' smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks," the FBI said in a PSA published today.

Though some researchers say that the scale and severity of ransomware attacks crossed a bright line in 2020, others describe this year as simply the next step in a gradual and predictable devolution.

The United States Treasury's Financial Crime Enforcement Network (FinCEN) asked the financial sector to watch for and report evidence of COVID-19 vaccine fraud, ransomware and other scams.

Microsoft fixed a zero-day vulnerability in June, but the company did a poor job. Security researchers from Google's Project Zero showed that attackers could still use the zero-day, despite the patch.

Yesterday, Wasabi users suddenly found that they could no longer access their storage buckets hosted on the wasabisys.com domain as one of its endpoints was used to host malware.

Microsoft says that the end goal of the SolarWinds supply chain compromise was to pivot to the victims' cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks.

An employee of Freedom Finance fell victim to a phishing email, resulting in the loss of data of 16,000 clients from 2018. The attack also disrupted the internal network of the company.

With a large user base, it makes it quite easy for cybercriminals to publish malicious browser extensions that perform illicit activities, including spying and data theft, among others.

Four nation-state-backed APTs abused Pegasus phone-surveillance solution to target 36 Al Jazeera members by exploiting a zero-day in iPhones, in an espionage attack.

A threat intelligence analyst first spotted on a popular hacking forum a threat actor that is selling a database allegedly containing the database of the Italian mobile service provider Ho mobile.

In February 2020, Malwarebytes reported that its Mac users encountered about twice as many "threats" as Windows users. However, it mainly included potentially unwanted programs (PUPs) and adware.

The scam is designed to make e-commerce users believe that Flipkart is offering a year-end carnival, although there is no such information this year on the e-commerce player's official website.

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents.

Attackers are targeting the healthcare sector for its intellectual property (IP), as critical research of COVID-19 therapeutics are developed and biotech firms begin to mass-produce vaccines.

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020.

Kawasaki Heavy said it found fraudulent server access via a company base in Thailand during a system audit on June 11 this year, and confirmed the possibility of a data breach.

Over the weekend, the ransomware gang published files stolen from Whirlpool, including employee benefits documents, accommodation requests, medical information requests, background checks, and more.

When Zix acquired cloud backup and recovery provider CloudAlly for $30 million, it picked up backup for such popular SaaS apps as Microsoft 365, Google Workspace, Salesforce, Box, and Dropbox.

In an official statement, KRP Commissioner Tero Muurman said the attack did not cause any damage to the Parliament's internal IT system but was not an accidental intrusion either.

Zero trust architecture is the opposite of the old "trust, but verify" methodology-instead, it's a risk management approach that translates to: "trust nothing and record everything."

The Facebook users targeted span from a number of countries including Egypt, the Philippines, Pakistan, and Nepal with more than 615,000 of them being affected in totality.

Last week's Brexit deal solidifies the terms under which the United Kingdom will leave the EU. But the issue of data transfers remains open, with great potential for confusion among privacy officers.

The survey carried out by Brazilian credit intelligence company Boa Vista with over 500 consumers between August and September 2020 suggests that over 70% of those polled do not know what the GDPR is.

21 WeLeakInfo customers have been arrested across the UK for using stolen credentials downloaded from WeLeakInfo following an operation coordinated by the UK National Crime Agency (NCA).

The Cybersecurity and Infrastructure Security Agency (CISA) released a PowerShell-based tool that helps detect potentially compromised applications and accounts in Azure/Microsoft 365 environments.

While usually designed to target a single type of e-commerce platform, this new type of web skimming malware can take over the checkout process on shops using multiple online store management systems.

President-elect Joe Biden stressed the need to modernize U.S. military forces to account for attacks in cyberspace following a massive hack of multiple government agencies that came to light recently.

Sophos published new research into the SystemBC malware that acts as a Tor proxy and is being used in ransomware-as-a-service attacks for communications and data exfiltration.

A group of researchers analyzed 13 messaging apps and revealed standard security features and practices embraced by each while they capture and store user data.

Neopets, a website that allows children to care for "virtual pets," exposed a wide range of sensitive data online including credentials for company databases, employee emails, and code repositories.

Koei Tecmo is a Japanese video game and anime company. The hacker claimed to have hacked into the koeitecmoeurope.com website through a spear-phishing campaign on December 18th.

Ads created by cybercriminals can lead users to malicious phishing websites where they can be tricked into buying counterfeit or unsafe products, fall victim to financial scams, or worse.

The Hospital Group has confirmed the ransomware attack and notified the Information Commissioner about the security breach. The Hospital Group also notified via email all customers.

The malware strand which looks "like MuddyWater," according to the researcher, ships as an embedded macro within a legacy Microsoft Word (*.doc) file, in the style of the APT group.

Connected cars are complex systems composed of numerous units that exchange large amounts of data, and threat hackers can manipulate those systems in order to gain control of smart vehicles.

Nonprofit cybersecurity challenges are made worse by slender budgets and the fact that inadequate attention is paid to risk reduction which is not seen as critical by many boards and donors.

Unfortunately, fraudsters have taken advantage of the pandemic to rob and steal. And just as beating the virus, beating COVID-19-related fraud will also require a multiparty approach.

The Scottish Environment Protection Agency (Sepa) has been targeted in a significant cyberattack in the early hours of Christmas Eve, it's executive director, David Pirie, confirmed.

Companies have to make sure SaaS vendors keep their company's data secure, and that their employees' use of these SaaS solutions is secure also when end users are not connected to the office network.

Microsoft warned CrowdStrike earlier this month of a failed attempt by unidentified attackers to access and read the company's emails, according to a blog post published by the security firm.

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments.

In this technique, malicious Office documents containing VBA code are saved within streams of CFBF files, with VBA macros saving data in a hierarchy including various types of streams.

In a recent attack, the group has been observed actively using a newly developed Internet Relay Chat (IRC) bot dubbed TNTbotinger, which can be used to perform DDoS attacks.

The recent attacks use payloads hosted on a new GitHub repository, which includes a Linux-based cryptominer, a list of passwords for brute-force attacks, and a statically linked Python 3.9 interpreter.

The attackers made changes to software installers available for download from a Vietnam government website. In addition, they added a backdoor to target users of a legitimate application.

After a successful infiltration of the supply-chain, the SunBurst backdoor- a file named SolarWinds.Orion.Core.BusinessLayer.dll-was inserted into the software distribution system and installed as part of an update package from the vendor.

The recent supply chain attack has proven to be one of the most damaging attacks of 2020. Several distinct malware families have emerged in relation to the compromise. These include the SUNBURST backdoor, SUPERNOVA, COSMICGALE & TEARDROP.

SolarWinds has released an updated security advisory for the additional SuperNova malware discovered to have been distributed through the company's network management platform.

These extensions installed in more than 8 million users' browsers accessed a remote server in the background, trying to download malicious code, a process that our security solutions detect as dangerous.

The digital landscape is far too complex for those who rely on it-us-to monitor all the ways we're exposed. Major factors determining whether our data will be used against us are completely out of our control.

Before reaching out to its C2 server, SUNBURST performs numerous checks to ensure no analysis tools are present. It checks process names, file write timestamps, and Active Directory (AD) domains before proceeding.

LogRhythm Labs has gathered up the IOCs from CISA, Volexity, and FireEye associated with the recent SolarWinds supply chain attack and made them available in GitHub repository.

The Sponsors are acquiring the business from previous investors Paladin Capital Group, Grotech Ventures, and other shareholders, and the acquisition follows Goldman Sachs' and ClearSky's initial investment in the Company earlier this year.

The list, by Rapid7, is focused on the top offenders for the last half of the year and provides a smoothed trending view (vs. discrete daily counts) to help you make your Naughty/Nice inclusion decisions.

"Cosmin Iordache" is the first bug bounty hunter to earn more than $2,000,000 in bug bounty awards through the vulnerability coordination and bug bounty program HackerOne.

Around 2013, U.S. intelligence began noticing an alarming pattern: Undercover CIA personnel, flying into countries in Africa and Europe for sensitive work, were being rapidly and successfully identified by Chinese intelligence.

Russian cryptocurrency exchange Livecoin posted on message on its official website on Christmas Eve claiming it was hacked and lost control of some of its servers, warning customers to stop using its services.

The operators behind Dridex have a nefarious trick up their sleeves this holiday season. A widespread phishing scam promises victims a $100 Amazon gift card but instead delivers the prolific banking Trojan to target machines.

Researchers say attackers are using different attack vectors to target Media agencies in Western Europe, Southeast Asia, and North America. Recently, the Al-Jazeera group fell victim to a crime.

Emotet botnet  has returned a fter a two-month hiatus with Christmas and COVID-19-themed campaigns that touch base with at least 100,000 targets per day.

The NSA has released a security advisory detailing to attack techniques allegedly used by the SolarWinds hackers to escalate access from local networks to cloud resources.

A web skimming group inadvertently leaked a list of dozens of online stores it hacked while attempting to deploy a stealthy RAT on compromised e-commerce sites.

Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online. The Conti ransomware gang published over 26 GB of data on their ransomware data leak site.

The discovery of the breach comes after a string of cyberattacks targeted companies in Israel. Earlier this month, sensitive data of Israeli citizens was leaked and sold after the Shirbit insurance company was targeted in a ransomware attack.

The local privilege-escalation bug in Windows 8.1 and Windows 10 (CVE-2020-0986) exists in the Print Spooler API. It could allow a local attacker to elevate privileges and execute code in the context of the current user.

Internet domain company GoDaddy used a holiday bonus notification to test employees on email phishing scams, after workers had already been told they would not receive a bonus this year.

Microsoft identified a reseller's Microsoft Azure account used for managing CrowdStrike's Microsoft Office licenses making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago.

The vulnerability allows hackers to mount so-called "cross-layer" attacks against the Linux kernel and cause further damage by exploiting a weakness in its pseudo-random number generator (PRNG).

Sabre Corp. will make a $2.4 million payout and shore up its cybersecurity policies under an agreement with 27 state attorneys general who investigated a breach of its hotel-booking technology.