When a company is suffering from a cyberattack or corporate data is leaked, the business frantically tries to solve two problems: minimize the damage and return to normal workflow as soon as possible. The main burden of solving those problems falls on the incident response team. The efficiency of their actions will show more ...
Welcome to episode 251 of the Transatlantic Cable. This week, the team look at some of the more interesting stories in the cybersecurity world. To kick off this weeks episode, the team look at a recent story suggesting that San Francisco Police are looking at ways to leverage the always recording feature of driverless show more ...
"According to the investigation by the QNAP Product Security Incident Response Team ... the affected models were mainly TS-x51 series and TS-x53 series," the advisory said.
The Spanish police have announced the arrest of 13 people and the launch of investigations on another seven for their participation in a phishing ring that stole online bank credentials.
"We found that devices first infected with XorDdos were later infected with additional malware such as the Tsunami backdoor, which further deploys the XMRig coin miner," Microsoft notes.
The Department of Justice (DOJ) on Thursday announced that it would reverse its policy on issuing charges for violations of a federal computer fraud law, saying that it will not prosecute “good-faith security research” efforts.
In April 2022, ThreatLabz discovered several newly registered domains, which were created by a threat actor to spoof the official Microsoft Windows 11 OS download portal.
A research from Tessian and the Ponemon Institute reveals that nearly 60% of organizations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months.
An internal probe carried out by Razorpay Software Private Limited found that some person, or persons, had tampered, altered and manipulated the ‘authorisation and authentication process’.
Bad bots, software applications that run automated tasks with malicious intent, accounted for a record-setting 27.7% of all global website traffic in 2021, up from 25.6% in 2020, an Imperva report reveals.
Microsoft has released emergency out-of-band (OOB) updates to address Active Directory (AD) authentication issues after installing Windows Updates issued during the May 2022 Patch Tuesday on domain controllers.
The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers.
Consistent with findings from CitizenLab, Google TAG assesses that government-backed actors purchasing these exploits are located (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain, and Indonesia.
In tracking the Trojan PSW attacks for 219 countries, territories and unions, Kaspersky found some of the largest increases in Brazil, Canada, Colombia, Hungary, Mexico, Russia, Serbia and the U.S.
Even before Russia's invasion of Ukraine started, in January, the country and its government's websites were subject to defacement and tampering, with Russian hackers accused of being behind the attack.
Security researchers at SentinelLabs are calling attention to a software chain supply attack targeting Rust developers with malware aimed directly at infecting GitLab Continuous Integration (CI) pipelines.
Advanced Intel's Yelisey Boguslavskiy told BleepingComputer that instead of rebranding as another large ransomware operation, the Conti leadership has instead partnered with other smaller ransomware gangs to conduct attacks.
A threat research from Cyber Security Works (CSW) has revealed a 7.6% increase in ransomware vulnerabilities since the publication of the Ransomware Spotlight Report in January 2022.
"Nikkei Group Asia immediately shut down the affected server and took other measures to minimize the impact." Nikkei says it's currently investigating if the attackers accessed any of the customer data that was likely stored on the impacted servers.
The CISA is ordering federal agencies and contractors to fix a series of vulnerabilities affecting multiple VMWare products, some of which the agency says are being actively exploited on unpatched systems in the wild.
Smart technology is increasingly being used to make farms more efficient and productive - for example, until now the labour-intensive harvesting of delicate food crops such as asparagus has been beyond the reach of machines.
This week, the Cl0p ransomware group’s leak site displayed sensitive information from students, faculty members, and parents from Fort Sumner Municipal Schools. The leak included scans of driver’s licenses and more.
Recently, during December 2021, Unit 42 researchers received various Dridex samples, which were exploiting XLL and XLM 4.0 in combination with Discord and OneDrive to download the final payload.
That’s despite an overwhelming 93% of respondents that require password management training, with 63% holding training more than once per year, according to a survey conducted by Pulse on behalf of Hitachi ID.
Security researchers are warning that external remote access services continue to be the main vector for ransomware gangs to breach company networks but there's a notable uptick in exploiting vulnerabilities.
Russia's banking and financial services company Sberbank is being targeted in a wave of unprecedented hacker attacks. Earlier this month, the bank fought off the largest distributed denial-of-service (DDoS) attack in its history.
The report uncovered 22 new vulnerabilities tied to ransomware (bringing the total to 310) and connected Conti, a prolific ransomware group that sided with the Russian government following the invasion of Ukraine, to 19 of those new vulnerabilities.
Ubuntu Security Notice 5424-2 - USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.
Linux usbnet code tells minidrivers to unbind while netdev is still up, causing use-after-free conditions.
Fraudulent domains masquerading as Microsoft's Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware. "The spoofed sites were created to distribute malicious ISO files which lead to a Vidar info-stealer infection on the endpoint," Zscaler said in a report. "These variants of Vidar malware
Taiwanese network-attached storage (NAS) devices maker QNAP on Thursday warned its customers of a fresh wave of DeadBolt ransomware attacks. The intrusions are said to have targeted TS-x51 series and TS-x53 series appliances running on QTS 4.3.6 and QTS 4.4.1, according to its product security incident response team. "QNAP urges all NAS users to check and update QTS to the latest version as
A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its command-and-control (C2) server, is known to have been active since at least 2014. "XorDdos' modular
Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched
A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack "CrateDepression." Typosquatting attacks take place when an adversary mimics the name of a popular package on a public registry in hopes that developers
The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant against targets located in its southern counterpart. "The attacker used the Log4j vulnerability on VMware Horizon products that were not applied with the security patch," AhnLab Security Emergency Response Center (ASEC) said in a
I'm not sure if it would be enough for me to switch bank accounts, but I have something of a sneaking respect for the Bank of Zambia...
For the past week and a half, Greenland's health service has reportedly been struggling to recover from a cyber attack that has crippled its IT systems, causing long waiting times and forcing doctors to resort to using pen and paper instead of computers. Read more in my article on the Hot for Security blog.
