Meat supplier JBS USA announced in a statement Wednesday night that it had paid an $11 million ransom in response to a cyberattack that forced the shutdown of its entire U.S. beef processing plant last week, says abc NEWS. The company also says that the ransom was paid after most of the company's operations show more ...
were brought back online. Andre Nogueira, CEO of JBS USA stated "This was a very difficult decision to make for our company and for me personally". "However, we felt this decision had to be made to prevent any potential risk for our customers". The ransom was paid to mitigate any unforeseen issues related to the hack and ensure that no data was exfiltrated, the company said. The FBI blamed
When you visit an HTTPS-protected website, your browser does not pass data to the webserver until it has verified the website's digital certificate. This prevents hackers who can monitor or alter the flow of data between you and the website from collecting authentication cookies or running malicious malware on show more ...
your visiting device, says Ars Technica. The risk occurs when a cybercriminal can trick the browser into connecting to an email or FTP server that uses a certificate compatible with the one used by the website. Because the domain name of the Web site matches the domain name in the e-mail or FTP server certificate, the browser often connects Transport Layer Security to one of these servers rather than to the Web site the user intended to access. The danger of using HTTPS to communicate with an email o... (read more)
A growing ransomware strain in the threat landscape claims to have compromised 30 companies in just four months, following the reputation of a legendary ransomware ring, according to The Hacker News. Prometheus was first discovered in February 2021. It is a derivative of Thanos, a well-known ransomware strain that show more ...
was used against government entities last year in the Middle East and North Africa. According to new research released by Palo Alto Networks' Unit 42 Threat Intelligence Team, businesses in government, financial services, manufacturing, logistics, consulting, agriculture, healthcare, insurance agencies, energy, and law firms in the U.S., United Kingdom, and a dozen other count... (read more)
According to cybersecurity experts, the trend has shifted from data thefts focused on health and credit card information to the use of ransomware that effectively holds companies hostage until they pay with Bitcoin, says Centralillinoisproud. Ransomware is a type of software that prevents access to a system until a show more ...
ransom is paid, typically with cryptocurrencies like Bitcoin. Ransomware attacks have recently targeted Colonial Pipeline,
This week on the Transatlantic Cable podcast, Jeff, Ahmed, and I look at how the DarkSide gang was able to use an old VPN account to breach the Colonial pipeline network. Moving on, we also chat about two related stories, including one in which lawmakers try to force companies to disclose attacks and one about the FBI show more ...
reclaiming some of the $4.4 million ransom DarkSide has collected. We also discuss a story about Apple AirTags, which the company is planning to update based on fears that stalkers could use them to track victims. Finally, we have an interesting discussion about daters adding COVID vaccine stickers to their dating app profiles. This week’s episode also includes a chat with Ken Hollings – writer, broadcaster, and cultural theorist based in London and the author of Welcome to Mars and The Bright Labyrinth. The trio sat down with Ken to talk about the new audio documentary series, Fast Forward. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: Hackers breached Colonial pipeline using compromised VPN password Lawmakers say U.S. cyber ransom payments should be disclosed FBI claws back millions of DarkSide’s ransom profits Apple updates AirTags after stalking fears Covid vaccine stickers come to dating apps in UK Fast Forward: Full future tech audio series with Ken Hollings
When our Security Awareness team announced upcoming innovations using virtual reality, we were a bit worried our expert trainers had fallen for trendy technology hype, but it turns out the format only enhances Kaspersky Interactive Protection Simulation training. Kaspersky Interactive Protection Simulation Perhaps one show more ...
of the most pressing cybersecurity problems we see to this day is a lack of understanding between infrastructure security personnel and corporate management. It is particularly common in industrial companies, where emergency cybersecurity measures are likely to affect production. Top managers understand the importance of information security in theory but have a poor idea of its real-life implementation, the infosec team’s decisions, and the likely consequences of those decisions. How do we get the managers and the infosec team onto the same page? Lectures? Not an option for busy top managers. It was with such managers in mind that we developed an interactive simulation format a few years ago: the Kaspersky Interactive Protection Simulation. In our sessions, teams of several players (ideally including somebody from the infosec team and a representative business decision-maker) strive to protect a virtual enterprise from attacks and other IT incidents. The players use a limited budget and input from the moderator to try and build an optimal corporate protection strategy. Even if they fail in that safe environment, they’ll gain unique experience and a better understanding of the inner workings of protective mechanisms and, most important, of how security directly affects income. Over the years, many companies have used Kaspersky Interactive Protection Simulation with great success. According to feedback on the program, it’s resulted in managers and directors asking fewer questions and approving cybersecurity budgets a lot more easily — all because the format avoids rote instruction and instead encourages team-building and participation. Why VR? Originally, the simulation required all players to be in the same room and share physical playing accessories — in this case, a game field and action cards — so a while back, we started thinking about how to migrate the simulation online. Then came 2020, with its pandemic, to accelerate the transition. As of last year, remote participation is not just a matter of convenience; many people have or had no choice. Testing, however, revealed that something was lacking in the online simulation setup. Some people needed direct contact. Otherwise, the process felt a lot like any other conference call — routine and frankly a bit of a chore. The training had lost its immersiveness. How could we keep the remote aspect of the simulation without losing players’ interest? Judging by the pilot sessions, virtual reality was a winning choice. Now, VR goggles transport team members to a virtual control center from which they manage the security of a virtual industrial facility. VR shows rather than just tells them the results of their work. You can learn more about Kaspersky Interactive Protection Simulation Virtual Reality here. How to join a simulation We offer several Kaspersky Interactive Protection Simulation scenarios, representing several industries. So far only one — the power plant protection scenario — is available in VR, but others will follow soon. Participants need an Oculus Quest 2 VR system and a reliable Internet connection. A Kaspersky instructor acts as the simulation moderator (and can also help with VR goggle rental as needed). To participate, contact us or your local Kaspersky partners.
In this episode of the podcast (#216) we talk with Brian Trzupek, Digicert’s Vice President of Product, about the growing urgency of securing software supply chains, and how digital code signing can help prevent compromises like the recent hack of the firm SolarWinds. The post Episode 216: Signed, Sealed and show more ...
Delivered: The Future of Supply Chain...Read the whole entry... » Related StoriesWhat SolarWinds Tells Us About Securing the Software Development Supply ChainEpisode 210: Moving The Goal Posts On Vendor Transparency: A Conversation With Intel’s Suzy GreenbergEpisode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware
This time, in addition to Minecraft mods, a file recovery utility called File Recovery – Recover Deleted Files. Version 1.1.0, available from Google Play until February 2021 had a malicious payload.
The PCI Council made several clarifications to controls within the standard, added additional guidance to a couple of sections, and added its new module specific to Terminal Software Requirements.
CrowdStrike has identified big game hunting (BGH) ransomware actors leveraging this vulnerability against these older SonicWall SRA 4600 VPN devices during various incident response investigations.
The intrusion was uncovered by the Dutch intelligence service AIVD after it saw a Dutch police IP address communicating with known malicious servers operated by Russian state-sponsored threat actors.
Microsoft said it detected a new malicious campaign that is hijacking Azure infrastructure typically used for machine learning operations in order to deploy cryptocurrency mining workloads.
A type of malformed message that causes a DoS condition has been identified for RabbitMQ, EMQ X, and VerneMQ, but there does not appear to be a single message that impacts all three brokers.
In a new study, Agari researchers found that the accounts are actively accessed within hours of the login credentials being posted online on phishing websites and forums.
Because the MSGraph component can be embedded in most Microsoft Office documents, an attacker can use it to deliver a malicious payload without the need for special functions.
ESET researchers have linked a stealthy cyberespionage group known as Gelsemium to the NoxPlayer Android emulator supply-chain attack that targeted gamers earlier this year.
Testifying before the Senate Homeland Security and Governmental Affairs Committee, CEO Joseph Blount admitted that the company had had "no discussion about ransom" before the attack.
The move helps protect millions of applications built by Ruby and Python developers who may inadvertently be committing secrets and credentials to their public GitHub repos.
Attackers used the password to a VPN account that was no longer in use but still allowed them to remotely access Colonial Pipeline’s network, Charles Carmakal, SVP at Mandiant told Bloomberg.
A new ransomware operation appears to have links to a veteran cyber-criminal group in the space – while also attempting to piggyback on the reputation of one of the most notorious forms of ransomware.
Aura, a Burlington, MA-based company that specializes in digital security for consumers, raised $150 million in its Series E funding. The round was led by Warburg Pincus.
The F.B.I. said last week that it believed REvil, a Russian-based group that is one of the most prolific ransomware organizations, was responsible for the attack on the meat processing giant.
The Cybersecurity and Infrastructure Security Agency has launched a vulnerability disclosure program allowing ethical hackers to report security flaws to federal agencies.
The attack exploits misconfigurations in TLS servers to redirect HTTPS traffic from a victim's browser to a different TLS service endpoint located on another IP address to steal sensitive information.
Alla Witte, now 55, assumed the identity “Max” and started writing illicit code, according to a federal indictment unsealed on February 8 after she was detained in Miami.
RSA Security is spinning out its anti-fraud and payments security business into a new standalone company called Outseer. The new organization will be led by CEO Reed Taussig.
Researchers have uncovered a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware.
Researchers found a new malware that relies on the Steam gaming platform for distributing its payload. It uses Steam profile images to evade detection.
The most-wanted Russian hacking group recently rebranded itself as new PayloadBIN ransomware to evade sanctions imposed by the U.S. Treasury. Previously, the gang had mimicked the Hades ransomware to bypass U.S. sanctions. The gang started rebranding its ransomware operations to different names (Hades, Phoenix, and WastedLocker) to avoid these sanctions.
The most common attack methods dominating the conversation in cybercriminal forums are reverse proxy phishing, cryptojacking, dusting, and clipping, according to a new study from Digital Shadows.
By focusing on the “where” or “who,” organizations can often end up neglecting to analyze the nature of past attacks and discover the lessons that can be learned from them.
The Intertrust report comes at a time where finance mobile app usage has rapidly accelerated, with the number of user sessions in finance apps increasing by up to 49% over the first half of 2020.
The FBI warned private sector companies of scammers impersonating construction companies in BEC attacks targeting organizations from multiple US critical infrastructure sectors.
Under its Cyber Hygiene Improvement Programs (CHIPs), the ACSC was able to identify vulnerable, internet-exposed MobileIron systems across Commonwealth, state and territory, and local governments.
A surveillance operation by SharpPanda APT is active right now and targeting the Southeast Asian government. According to researchers, malware has been under development for the past three years. Additionally, attackers behind this campaign are using anti-analysis and anti-debugging techniques to install the Victory backdoor.
Phishing scams witnessed a staggering 974% spike, the majority of which were aimed at male-sounding names within an organization. Is it time organizations rethink their IT operations and risk-management strategies to effectively manage phishing threats?
Red Hat Security Advisory 2021-2375-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include an integer overflow vulnerability.
This Metasploit module allows an attacker with knowledge of the admin password of NSClient++ to start a privileged shell. For this module to work, both web interface of NSClient++ and ExternalScripts feature should be enabled.
Red Hat Security Advisory 2021-2372-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include an integer overflow vulnerability.
GravCMS version 1.10.7 unauthenticated arbitrary YAML write/update exploit. This is a variant exploit of the original discovery made by Mehmet Ince in April of 2021.
Red Hat Security Advisory 2021-2370-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Student Result Management System version 1.0 remote SQL injection exploit. This is a variant of the original discovery of SQL injection in this version by Ritesh Gohil.
Red Hat Security Advisory 2021-2371-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Ubuntu Security Notice 4986-2 - USN-4986-1 fixed a vulnerability in rpcbind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2021-2150-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.452.
Red Hat Security Advisory 2021-2363-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
Red Hat Security Advisory 2021-2364-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. show more ...
Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include buffer overflow and use-after-free vulnerabilities.
Red Hat Security Advisory 2021-2365-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. show more ...
Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include buffer overflow and use-after-free vulnerabilities.
Petalus is a crypto wallet microservice in python that allows users to store any type of information on a virtual wallet. The main functionalities of Petalus are blockchain support on the storage data, multiple hashes for the blockchain (sha256, blake2s and sha3-256), multiple process execution, support for read/write triggers on the wallets, and authorization of write blocks with public/private key.
Ubuntu Security Notice 4971-2 - USN-4971-1 fixed several vulnerabilities in libwebp. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially show more ...
crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
Meat processing company JBS on Wednesday confirmed it paid extortionists $11 million in bitcoins to regain access to its systems following a destructive ransomware attack late last month. "In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated,"
Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today. Google on Wednesday rolled out an urgent update for Chrome browser to address 14 newly discovered security issues, including a zero-day flaw that it says is being actively exploited in the wild. Tracked as
Bolstering password policies in your organization is an important part of a robust cybersecurity strategy. Cybercriminals are using compromised accounts as one of their favorite tactics to infiltrate business-critical environments; as we've seen in recent news, these attacks can be dangerous and financially impactful. Unfortunately, account compromise is a very successful attack method and
An emerging ransomware strain in the threat landscape claims to have breached 30 organizations in just four months since it went operational, riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organizations in the Middle
