Faced with a surge in state-sponsored mercenary spyware attacks targeting its flagship iOS platform, Apple plans to add a new ‘Lockdown Mode’ that significantly reduces attack surface and adds technical roadblocks to limit sophisticated software exploi…
Tag: Incident Response
Global Security News, Vulnerabilities
Researchers Flag ‘Significant Escalation’ in Software Supply Chain Attacks
by Ryan Naraine •
Security researchers at ReversingLabs are warning of a “significant escalation in software supply chain attacks” after discovering more than two dozen malicious NPM packages siphoning user data from mobile and desktop applications.
read more
Global Security News, Vulnerabilities
DoD Launches ‘Hack US’ Bounties for Major Flaws in Publicly Exposed Assets
by Ionut Arghire •
The United States Department of Defense (DoD) has launched a one-week bug bounty program to reward researchers who find high- and critical-severity vulnerabilities in publicly accessible assets owned by the DoD.
read more
Global Security News, Vulnerabilities
Security Automation Firm Swimlane Closes $70 Million Funding Round
by Ionut Arghire •
Security automation startup Swimlane on Wednesday announced it has raised $70 million in a Series C funding round that brings the total investment in the company to $170 million.
read more
Global Security News, Vulnerabilities
Evasive Rust-Coded Hive Ransomware Variant Emerges
by Ionut Arghire •
A new variant of the Hive ransomware written using the Rust programming language is more evasive and provides attackers with flexibility, courtesy of support for command-line parameters.
read more
Europe, Global Security News, North America
AMD Latest Victim of RansomHouse Gang
by Teri Robinson •
It’s been a challenging couple of years for AMD. After the last few years of disruption and amid the global chip shortage, the company has been attacked by the RansomHouse Extortion Group, which claims to have exfiltrated more than 450 GB of dat…
Europe, Global Security News, North America, Vulnerabilities
‘ChinaDan’ Hacks 1 BILLION Police Records from Shanghai: 23TB of PII for Sale
by Richi Jennings •
“China’s Largest Data Leak” is causing a kerfuffle in Beijing. A hacker calling themself ChinaDan is holding 23 terabytes of personal data for ransom.
The post ‘ChinaDan’ Hacks 1 BILLION Police Records from Shanghai: 23TB of PII for Sale appeared firs…
Malware Indicators (IoCs)
GRR Rapid Response Github Tool
by Tyler Loftus •
What is GRR? This incident response framework is an open source tool used for live…
GRR Rapid Response Github Tool on Latest Hacking News.
Global Security News
Google Workspace Now Warns Admins of Sensitive Changes
by Ionut Arghire •
Google this week announced that new warnings added in the Google Workspace Alert Center will keep administrators notified of critical and sensitive configuration changes.
read more
Europe, Global Security News, North America
GAO: CISA, Treasury Must Assess Critical Infrastructure Risks
by George V. Hulme •
When attackers breached Colonial Pipeline using a stolen password, it took a lot of people by surprise. But the reality is such attacks against critical infrastructure were brewing for some time. Last week, the U.S. Government Accountability Office (G…
Europe, Global Security News, North America
Adopting a Multifaceted Security Approach
by John Moschella •
Over the past decade, terms like malware and ransomware have increasingly entered into the public vernacular, especially as they relate to highly publicized, high-profile cybersecurity attacks. Most recently, the Biden administration issued a dire war…
Global Security News, Vulnerabilities
Normalyze Announces $22 Million for DSPM Technology
by Ryan Naraine •
Bay Area startup Normalyze on Monday announced a $22 million in Series A funding as venture capital investors rush to place bets on the newly coined Data Security Posture Management (DSPM) space.
read more
Europe, Global Security News, North America, Vulnerabilities
Russian Hackers Declare War on Lithuania — Killnet DDoS Panic
by Richi Jennings •
NATO member Lithuania is under attack from Russian hacking group Killnet. It raises serious concerns over Russia’s use of cyber warfare against NATO states.
The post Russian Hackers Declare War on Lithuania — Killnet DDoS Panic appeared first on Secur…
Global Security News, Vulnerabilities
Cyolo Banks $60M Series B for ZTNA Technology
by Ryan Naraine •
Cyolo, an Israeli startup building technology for zero trust networking, on Monday announced a new $60 million investment led by the venture investing arm of National Grid.
In addition to National Grid Partners, Cyolo said it scored investments from Gl…
Europe, Global Security News, North America
Using AI and ML to Fight Zero-Day Attacks
by Sue Poremba •
If it felt like you were asked to download a lot of patches in May and June, it’s because there were a lot of patches in May and June. An increase in zero-day vulnerabilities and exploits led to an increase in attacks. In fact, Mandiant reported that …
Global Security News
FTC Takes Action Against CafePress Over Massive Data Breach, Cover-Up
by Ionut Arghire •
The Federal Trade Commission (FTC) on Friday announced that it has finalized an order against CafePress, requiring it to improve its security posture following a cybersecurity incident that the company attempted to cover up.
read more
Europe, Global Security News, North America, Vulnerabilities
NSA Wants To Help you Lock Down MS Windows in PowerShell
by Richi Jennings •
A new cheatsheet from four infosec agencies tells us how to use PowerShell for good, rather than let scrotes misuse it to “live off the land.”
The post NSA Wants To Help you Lock Down MS Windows in PowerShell appeared first on Security Boulevard.
Global Security News, Vulnerabilities
CrowdStrike: Ransomware Actor Caught Exploiting Mitel VOIP Zero-Day
by Ryan Naraine •
Security researchers at CrowdStrike have stumbled upon ransomware actors deploying zero-day exploits against Mitel VOIP appliances sitting on the network perimeter.
read more
Global Security News
Hadrian Raises $11 Million for Offensive Security Platform
by Ionut Arghire •
Offensive security startup Hadrian today announced that it has received €10.5 million ($11 million) in unsolicited seed funding that brings the total invested in the company to $13.7 million.
The investment round was led by HV Capital, with participati…
Global Security News
MCG Health Faces Lawsuit Over Data Breach Impacting 1.1 Million Individuals
by Ionut Arghire •
Patient care guidelines provider MCG Health faces a proposed class lawsuit over the compromise of patient information during a March 2022 data breach.
A wholly-owned subsidiary of the New York-based Hearst Health network, MCG Health combines artificial…
Global Security News, Vulnerabilities
Aqua Security Ships Open-Source Tool for Auditing Software Supply Chain
by Ryan Naraine •
Cloud security startup Aqua Security has partnered with the Center for Internet Security (CIS) to create guidelines for software supply chain security and followed up by shipping an open-source auditing tool to ensure compliance with the new benchmark….
Europe, Global Security News, North America
The Million-Dollar Question: To Pay or Not to Pay Ransom?
by Aamir Lakhani •
Ransomware is one of the most serious threats to businesses today. In fact, a recent survey found that 85% of enterprises are more concerned about the prospect of ransomware attacks than any other kind of attack. The decision of whether or not to pay …
Europe, Global Security News, North America
Machine Learning Tackles Ransomware Attacks
by Sue Poremba •
There are approximately 250 known ransomware families, and these families are directly related to the rise of ransomware-as-a-service, according to Bitdefender. “Ransomware infection is just the final step; these modern attacks take some time to prepa…
Europe, Global Security News, North America, Vulnerabilities
Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’
by Richi Jennings •
Capital One hacker Paige A. Thompson has been found guilty. But it has to be said that Capital One’s security design was absolutely awful.
The post Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’ appeared first on S…
Global Security News, Vulnerabilities
RevealSecurity Raises $23M for Application Detection and Response
by Ryan Naraine •
RevealSecurity, an Israeli data security startup building technology to thwart malicious insider threats, on Tuesday announced the closing of a $23 million funding round led by SYN Ventures.
In addition to SYN Ventures, Hanaco Ventures, SilverTech Vent…
Europe, Global Security News, North America, Vulnerabilities
HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook
by Richi Jennings •
A study shows many U.S. hospitals are leaking personal information to Facebook. Experts say it’s a HIPAA violation.
The post HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook appeared first on Security Boulevard.
Global Security News, Vulnerabilities
‘MaliBot’ Android Malware Steals Financial, Personal Information
by Ionut Arghire •
Researchers at F5 Labs have nabbed a new Android malware family capable of exfiltrating financial and personal information after taking control of infected devices.
read more
Global Security News, Vulnerabilities
Volexity Blames ‘DriftingCloud’ APT For Sophos Firewall Zero-Day
by Ryan Naraine •
Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors and launch man-in-the-middle attacks.
read more
Global Security News, Vulnerabilities
Adobe Plugs 46 Security Flaws on Patch Tuesday
by Ryan Naraine •
Adobe’s security response team has pushed out a massive batch of patches to cover at least 46 vulnerabilities in a wide range of enterprise-facing software products.
As part of its scheduled Patch Tuesday release for June, Adobe warned of “critical” co…
Global Security News, Vulnerabilities
Report: L3 Emerges as Suitor for Embattled NSO Group
by Ryan Naraine •
L3 Technologies, a U.S. government contractor that sells aerospace and defense technology, has emerged as a suitor for Israeli exploit merchant NSO Group.
read more
Global Security News, Vulnerabilities
Avast: New Linux Rootkit and Backdoor Align Perfectly
by Ionut Arghire •
Malware hunters at Avast have analyzed a newly discovered rootkit and backdoor that target Linux and appear designed to function in synergy with each other.
read more
Global Security News, Vulnerabilities
Avast: New Linux Rootkit and Backdoor Align Perfectly
by Ionut Arghire •
Malware hunters at Avast have analyzed a newly discovered rootkit and backdoor that target Linux and appear designed to function in synergy with each other.
read more
Global Security News, Vulnerabilities
Drupal Patches ‘High-Risk’ Third-Party Library Flaws
by Ryan Naraine •
The Drupal security team has released a “moderately critical” advisory to call attention to serious vulnerabilities in a third-party library and warned that hackers can exploit the bugs to remotely hijack Drupal-powered websites.
read more
Global Security News, Vulnerabilities
HYCU Raises $53 Million for Data Backup Technology
by Ionut Arghire •
Backup-as-a-service firm HYCU has raised $53 million in a Series B funding round that brings the total invested in the company to $140.5 million.
The new funding round was led by Acrew Capital, with participation from all previous investors, along with…
Europe, Global Security News, North America, Vulnerabilities
Apple M1 Flaw Can’t be Fixed — PACMAN Panic
by Richi Jennings •
Apple’s M1 chip isn’t as safe from buffer overflows as previously thought. M1 and other designs based on ARMv8.3 can have their ‘PAC’ protection neutered.
The post Apple M1 Flaw Can’t be Fixed — PACMAN Panic appeared first on Security Boulevard.
…
Europe, Global Security News, North America
19 Ways to Vet Your MSP for Cybersecurity Best Practices
by Anas Baig •
When you choose a managed service provider (MSP), you are putting a lot of trust in their ability to keep your systems up and running and to keep your data safe. That’s why it’s so important to vet your potential managed service provider t…
Europe, Global Security News, North America, Vulnerabilities
Tesla Fails Yet Again: Hackers can Steal Cars via NFC
by Richi Jennings •
Tesla Models 3 and Y can be unlocked and stolen via a bug in their NFC software. Two separate research groups found this new bug at around the same time.
The post Tesla Fails Yet Again: Hackers can Steal Cars via NFC appeared first on Security Bouleva…
Europe, Global Security News, North America, Vulnerabilities
Radware Finds New Era of DDoS Attacks Dawning
by Michael Vizard •
A report published by Radware this week indicated the number of malicious distributed denial-of-service (DDoS) attacks rose nearly 75% in the first quarter of 2022. The increase is mainly due to an increase in so-called “micro floods” that are classif…
Europe, Global Security News, North America
Arctic Wolf Aims to Accelerate Cyberinsurance Assessments
by Michael Vizard •
Arctic Wolf is making available a tailored benchmark framework for vulnerability and insurability assessments to help cyberinsurers speed up evaluations and quickly determine whether organizations qualify for cyberinsurance. The number of organization…
Europe, Global Security News, North America
The Basics of Data Breaches
by Millie Fuller •
For businesses, the risk of cyberattacks is a very real threat. Businesses hold significant amounts of data about their customers – often financial – so it’s vital to have processes in place to protect against data breaches. A data breach occurs when …