Cyberespionage Implant Delivered via Targeted Government DNS Hijacking:
The newly discovered Tomiris backdoor contains technical artifacts that suggest the possibility of common authorship or shared development practices with the group that executed the SolarWinds supply chain compromise.
Read More
CISA Warns of Hikvision Camera Flaw as U.S. Aims to Rid Chinese Gear From Networks:
CISA is telling organizations to patch their Hikvision cameras, just as the FCC announced taking steps toward removing Chinese equipment from U.S. networks.
Read Feature
Russia Detains Head of Cybersecurity Firm Group-IB:
A Moscow court ordered the co-founder of Group-IB, one of Russia's leading cybersecurity firms, to be detained on charges of treason.
Read Feature
China Intensified Attacks on Major Afghan Telecom Firm as U.S. Finalized Withdrawal:
Four China-linked cyberespionage groups targeted a major Afghan telecom firm as the U.S. was finalizing its withdrawal from the country.
Read More
COVID-19's Healthcare Feeding Frenzy for Cybercriminals:
The vast increase in staff from all industries working from home, outside of their corporate network defenses and often on poorly protected home computers, has been a treasure trove for hackers.
Read More
Google Announces Rewards for Tsunami Security Scanner Plugins:
The search giant seeks to quickly extend the network scanner’s vulnerability detection and web application fingerprinting capabilities.
Read Feature
Behavioral Analytics Provider ForMotiv Raises $6 Million:
Real-time user behavior analysis platform ForMotiv this week announced it has raised $6 million in a third seed funding round.
Read More
Akamai to Acquire Guardicore in $600M Zero Trust Tech Deal:
Akamai adds new capabilities to help customers thwart ransomware attacks by blocking the spread of malware within an already-compromised enterprise.
Read More
Microsoft Details FoggyWeb Backdoor Used by SolarWinds Hackers:
Microsoft has detailed FoggyWeb, a post-exploitation backdoor that the hackers behind the SolarWinds attack have used to remotely exfiltrate data from AD FS servers.
Read Feature
Colossus Ransomware Hits Automotive Company in the U.S.:
The cybercriminals are demanding $400,000 to be paid in exchange for the decryption key.
Read Feature
FinSpy Surveillance Spyware Fitted With UEFI Bootkitk:
Security researchers at Kaspersky have spotted signs of the notorious FinSpy surveillance spyware hijacking -- and replacing -- the Windows UEFI bootloader to perform stealthy infections on target machines.
Read Feature
Tokenization vs. Encryption for Data Protection Compliance:
Cloud-based vaultless tokenization offers many advantages over current methods of protecting data and ensuring data compliance conformance. But it is in its infancy. It offers the potential for many new possibilities in the coming years.
Read Feature
QNAP Patches Critical Vulnerabilities in QVR Software:
Affecting only certain QNAP EOL devices running QVR, the security flaws can be exploited remotely to run arbitrary commands.
Read More
Enterprises Warned About Zix-Themed Credential Phishing Attacks:
Enterprise users have been warned that cybercriminals may be trying to phish their credentials using emails that spoof security company Zix.
Read More
Trend Micro Patches Critical Vulnerability in Server Protection Solution:
Tracked as CVE-2021-36745 (CVSS score of 9.8), the security hole exists because input during authentication isn’t properly validated.
Read More
Cyber Insurance Firm Coalition Raises $205 Million at $3.5 Billion Valuation:
Cyber insurance company Coalition has raised $205 million at a $3.5 billion valuation. The firm has raised more than $500 million to date.
Read More
ImmuniWeb Launches Free Tool for Identifying Unprotected Cloud Storage:
ImmuniWeb has launched a free online tool that organizations can use to identify unprotected cloud storage.
Read More
US Cryptocurrency Promoter Pleads Guilty to Advising NKorea:
A prominent American cryptocurrency promoter and former hacker has pleaded guilty to advising North Korea on using virtual money to avoid international controls.
Read More
OWASP Top 10 Updated With Three New Categories:
Broken Access Control becomes the top category with the most commonly encountered Common Weakness Enumerations (CWEs).
Read More
Quad Nations Commit to Fostering a Secure Technology Ecosystem:
The four countries will support new initiatives to improve the resilience of critical infrastructure against cyberattacks.
Read More
Cloudflare Introduces Email Security Tools:
Cloudflare announces email security solutions, including free tools for creating custom email addresses and preventing spoofing and phishing, as well as an Advanced Email Security Suite.
Read More
Frustrated Researcher Discloses Three Unpatched iOS Vulnerabilities:
A researcher has made public the details of three unpatched iOS vulnerabilities after he became frustrated with how Apple runs its bug bounty program.
Read More
UK-Based Threat Detection Firm SenseOn Raises $20 Million:
UK-based SenseOn has raised $20 million in Series A funding to scale its AI-based cybersecurity platform business.
Read More
Controversial Web Host Epik Confirms Customer Data Exposed in Breach:
Hackers accessed a non-public server and stole names, addresses, phone numbers, and in some cases credit card information.
Read More
|