News

There have been a number of reports of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That’s to be expected, as production systems are commonly connected to ordinary corporate networks at this point. Though our data

By What is Windows Defender Exploit Guard? Microsoft Windows Defender Exploit Guard is antimalware software that provides intrusion protection for Windows 10 OS users. Exploit Guard is available as a part of Windows Defender Security Center and can protect machines against multiple attack types. For example, Exploit Guard provides memory safeguards that protect against attacks

Feb 11, 2023Ravie LakshmananRansomware / Endpoint Security After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a system administrator on

Feb 11, 2023Ravie LakshmananThreat Response / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage (TNAS) devices that could lead to unauthenticated remote

U.S. and U.K. authorities sanctioned seven alleged members of the TrickBot cybercriminal group, who also have ties to Russian intelligence services. The U.S. Department of the Treasury Thursday announced the joint sanctions and detailed the coordinated effort with the British government. Active since 2016, TrickBot malware is used to deploy ransomware and has infected more

In a first-of-its-kind coordinated action, the U.K. and U.S. governments on Thursday levied sanctions against seven Russian nationals for their affiliation to the TrickBot, Ryuk, and Conti cybercrime operation. The individuals designated under sanctions are Vitaly Kovalev (aka Alex Konor, Bentley, or Bergen), Maksim Mikhailov (aka Baget), Valentin Karyagin (aka Globus), Mikhail Iskritskiy (aka Tropa),

What is a reverse brute-force attack? A reverse brute-force attack is a type of brute-force attack in which an attacker uses a common password against multiple usernames in an attempt to gain access to a network. The term can also be written as reverse brute force attack, without the hyphen. How do reverse brute-force attacks

Feb 09, 2023Ravie LakshmananEncryption / Vulnerability The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to “read memory

Feb 08, 2023Ravie LakshmananCryptocurrency / Endpoint Security A Russian national on February 7, 2023, pleaded guilty in the U.S. to money laundering charges and for attempting to conceal the source of funds obtained in connection with Ryuk ransomware attacks. Denis Mihaqlovic Dubnikov, 30, was arrested in Amsterdam in November 2021 before he was extradited from

French police arrested a suspect Friday who is allegedly connected to the notorious cyber attack against Finnish psychotherapy center Vastaamo in 2018. Vastaamo disclosed the breach in late 2020, revealing that attackers stole patient records from the mental health organization. Vastaamo at the time had 25 locations and approximately 400 psychotherapists. After extorting the psychotherapy

Feb 06, 2023Ravie LakshmananCyber Attack / Endpoint Security E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month. The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for loading the malware.

By What is passive reconnaissance? Passive reconnaissance is an attempt to gain information about targeted computers and networks without actively engaging with the systems. In active reconnaissance, in contrast, the attacker engages with the target system, typically conducting a port scan to find any open ports. The term reconnaissance comes from its military use to

When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible for securing their data. What’s far murkier, however, is where the

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate. “PixPirate belongs to the newest generation of Android

Ok, I’m late to the party. Very late. Most analysts and just about all my Enterprise Strategy Group colleagues have already published their predictions for 2023. In my defense, the identity space is hot, hot, hot — which is keeping me busy, busy, busy. And that brings me to my first identity prediction. 1. Economic

Feb 04, 2023Ravie LakshmananEnterprise Security / Ransomware VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. “These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021,” the Computer Emergency Response Team (CERT) of France said in an

What is Dridex malware? Dridex is a form of malware that targets its victims’ banking information, with the main goal of stealing online account credentials to gain access to their financial assets. Malware, or malicious software, is a type of software intended to cause harm to a user. Specifically, Dridex malware is classified as a

Feb 03, 2023Ravie LakshmananCloud Security / Vulnerability Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and

Feb 02, 2023Ravie LakshmananDatabase Security / Cryptocurrency At least 1,200 Redis database servers worldwide have been corralled into a botnet using an “elusive and severe threat” dubbed HeadCrab since early September 2021. “This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number

Listen to this podcast This podcast episode discusses the law enforcement operation that led to the infiltration and takedown of the Hive network and what it could mean for other ransomware gangs. The U.S. Department of Justice last week announced a major victory in the fight against ransomware with the takedown and seizure of Hive’s

Feb 01, 2023The Hacker NewsSIEM / Kubernetes Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform

Threat actors exfiltrated encrypted customer account data and an encryption key for a number of GoTo services in a breach first disclosed last November. Remote work technology provider GoTo, formerly LogMeIn, published an update Monday to a blog post dedicated to a breach that occurred last year. At the time the breach was disclosed on

Jan 31, 2023Ravie LakshmananData Security / Vulnerability Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1

Endpoint detection and response products are a step up from the antivirus products of old, using automation and machine learning to combat emerging threats. Enterprises that rely on Windows Server will want to enlist multiple layers of protection to keep critical workloads from being overtaken by bad actors. In addition to malware safeguards, many endpoint

Jan 28, 2023Ravie LakshmananEmail Security / Cyber Threat Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. “Attackers looking to exploit unpatched Exchange servers are not going to go away,” the

In today’s world, cybercrime is evolving daily. According to a special report by Cybersecurity Ventures, cybercrime is expected to cause a staggering $10.5 trillion in annual losses by 2025. Therefore, it’s more crucial than ever for both businesses and individuals to stay up to date on the latest developments in cybersecurity. Podcasting is an excellent

Jan 29, 2023Ravie LakshmananCyber Threat / Malware The threat actors associated with the Gootkit malware have made “notable changes” to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is “exclusive to this group.” Gootkit,

Jan 28, 2023Ravie LakshmananServer Security / DNS The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. “A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and

Hive ransomware servers were seized in an international law enforcement operation led by the FBI, the U.S. Department of Justice announced in a press conference Thursday. Reports of the takedown first came Thursday morning when security researchers noted on Twitter that Hive’s dark web leak site had been replaced by an apparent takedown notice from

In what’s a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) operation has been seized as part of a coordinated law enforcement effort involving 13 countries. “Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying