News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
2020 was a tough year for cybersecurity. Security teams had to secure remote work environments in a matter of days as the COVID-19 pandemic triggered widespread, extended lockdowns. Then, they had to maintain secure operations throughout the year without physical access to the resources they typically use. Meanwhile, ransomware attacks expanded in scale and intensity,
0 Comments
Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubbed “Operation Spalax” — began in 2020, with the modus operandi sharing some similarities
0 Comments
Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker’s newly announced 11th generation Core vPro business-class processors. The hardware-based security enhancements are baked into Intel’s vPro platform via its Hardware Shield and Threat Detection Technology (TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU
0 Comments
Editor’s note The pervasiveness of SolarWinds backdoor attack, the sophistication of the hackers behind it and the number of high-profile victims make it the biggest cyber attack of 2020 — and possibly the past decade. The ongoing SolarWinds breach also shines a light on how dangerous a supply chain attack can be and gives infosec
0 Comments
Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage. Designed to masquerade apps such as the Pakistan Citizen Portal, a Muslim prayer-clock app called Pakistan Salat Time, Mobile Packages Pakistan, Registered SIMs Checker, and TPL
0 Comments
Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as Kazuar, a .NET-based malware first documented
0 Comments
Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in
0 Comments
A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote
0 Comments
Post-quantum cryptography, also called quantum encryption, is the development of cryptographic systems for classical computers that are able to prevent attacks launched by quantum computers. During the 1980s, scientists speculated that if computers could take advantage of the unique properties of quantum mechanics, they could perform complicated computations much faster than classical, binary computers. It
0 Comments
Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump. The emails, which carry with the subject line “GOOD LOAN OFFER!!,” come attached with a Java archive (JAR) file called “TRUMP_SEX_SCANDAL_VIDEO.jar,” which, when downloaded, installs Qua or
0 Comments
Enterprises use virtual LANs, or VLANs, to segment traffic, enforce security, improve performance and generally streamline operations. VLANs are virtual overlays enabled by tagging traffic with a VLAN ID. Once tagged, network traffic is then virtually segmented across devices. Like many other enterprise capabilities, VLAN technology rarely finds its way into home networks due to
0 Comments
A British court has rejected the U.S. government’s request to extradite Wikileaks founder Julian Assange to the country on charges pertaining to illegally obtaining and sharing classified material related to national security. In a hearing at Westminster Magistrates’ Court today, Judge Vanessa Baraitser denied the extradition on the grounds that Assange is a suicide risk
0 Comments
Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The “very sophisticated nation-state actor” used the unauthorized access to view, but not modify, the source code present in its repositories, the
0 Comments
Chief information security officers who work with the U.S. Department of Defense must understand and comply with the Cybersecurity Maturity Model Certification requirements, but even organizations that do not work with the government can learn from the CMMC. In early 2020, the U.S. Office of the Under Secretary of Defense for Acquisition and Sustainment released
0 Comments
Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller (ADC) devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks against several targets. “An attacker or bots can overwhelm the Citrix ADC [Datagram Transport Layer Security] network throughput, potentially leading to outbound bandwidth
0 Comments
An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that’s used to interface with all other Orion system monitoring and management products suffers from
0 Comments
IBM Security X-Force’s COVID-19 threat intelligence task force discovered a massive phishing campaign earlier this month aimed at organizations within the vaccine distribution cold chain. Caleb Barlow, president and CEO of healthcare cybersecurity firm CynergisTek, said that part of the supply chain, which ensures vaccines are stored at the proper temperature, is especially vital for
0 Comments
New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company’s email. The hacking endeavor was reported to the company by Microsoft’s Threat Intelligence Center on December 15, which identified a third-party reseller’s Microsoft Azure account to be making “abnormal