30% of ‘SolarWinds’ Hacking Victims Did Not Actually Use SolarWinds Software, Feds Say

The hacker group behind the ongoing SolarWinds scandal found other ways to intrude on U.S. firms and public agencies than just compromising the titular software company. In fact, nearly a third of the victims of the hack—approximately 30%—have no connection to SolarWinds at all, said a senior federal security official this week. Brandon Wales, acting director of the Cybersecurity and Infrastructure Security [...]

2021-02-26T18:09:30-05:00January 29th, 2021|Privacy|

Apple quietly installs new iOS feature after zero day attacks, and Google promptly uncovers it

On Thursday, Google project Zero unveiled details of a new protection feature which Apple secretly introduced to iOS 14 as a countermeasure to deter recent attacks that its messaging app uses zero-days. Samuel Groß, security researcher with Project Zero, a Google team of security researchers experimenting with zero-day vulnerabilities in hardware and software systems, disclosed "BlastDoor," an enhanced sandbox framework for iMessage [...]

2021-02-26T18:09:30-05:00January 29th, 2021|General News|

27 Arrests, convictions related to Netwalker Ransomware

This week, the American and Bulgarian authorities confiscated the website for the release of data taken from their victims by the NetWalker Ransomware cybercrime Group. A Canadian national accused of theft of over $27 million by selling NetWalker in a Florida court was charged with the arrest. NetWalker is a crimeware program that supplies associates with ransomware as a commodity in return [...]

2021-02-26T18:09:30-05:00January 29th, 2021|General News|

CVE-2020-23161

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read frail files via the Maintenance > Logs menu and manipulating the file-path in the URL. (CVSS:4.0) (Concluding Update:2021-03-30)

2021-01-25T20:00:00-05:00January 25th, 2021|File Inclusion|

How can healthcare organisations fight increased cyber crime in 2021?

ContentItemController, generated at 18:49:15 Wed Feb 10, 2021, by cds6 As the Covid-19 pandemic enters what may be its most dangerous phase, we explore how healthcare organisations can ward off cyber threats while preserving their ability to deliver critical care Healthcare organisations have come under intense pressure following the outbreak of the Covid-19 coronavirus in 2020. But they are also battling [...]

2021-02-26T18:09:29-05:00January 21st, 2021|Cloud Security, General News, Vunerabilities, Web Security|

CVE-2020-19360

Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to frail information disclosure. (CVSS:5.0) (Concluding Update:2021-07-21)

2021-01-19T20:00:00-05:00January 19th, 2021|File Inclusion|

Ransomware attacks now to blame for half of healthcare data breaches

Almost half of all data breaches in hospitals and the wider healthcare sector are as a result of ransomware attacks according to new research.Ransomware gangs are increasingly adding an extra layer of extortion to attacks by not only encrypting networks and demanding hundreds of thousands or even millions of dollars in bitcoin to restore them, but also stealing sensitive information and threatening [...]

2021-02-26T18:09:29-05:00January 15th, 2021|Ransomware|

Some ransomware gangs are going after top execs to pressure companies into paying

A new trend is emerging among ransomware groups where they prioritize stealing data from workstations used by top executives and managers in order to obtain "juicy" information that they can later use to pressure and extort a company's top brass into approving large ransom payouts. ZDNet first learned of this new tactic earlier this week during a phone call with a company [...]

2021-02-26T18:09:29-05:00January 9th, 2021|Ransomware|

Ryuk gang estimated to have made more than $150 million from ransomware attacks

The operators of the Ryuk ransomware are believed to have earned more than $150 million worth of Bitcoin from ransom payments following intrusions at companies all over the world. In a joint report published today, threat intel company Advanced Intelligence and cybersecurity firm HYAS said they tracked payments to 61 Bitcoin addresses previously attributed and linked to Ryuk ransomware attacks. "Ryuk receives a [...]

2021-02-26T18:09:29-05:00January 7th, 2021|Hackers, Malware, Ransomware, Web Security|

FBI warns of Egregor ransomware extorting businesses worldwide

The US Federal Bureau of Investigation (FBI) has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide. The FBI says in a TLP:WHITE Private Industry Notification (PIN) shared on Wednesday that Egregor claims to have already hit and compromised more than over 150 victims since the agency first observed this malicious [...]

2021-02-26T18:09:29-05:00January 7th, 2021|General News, Ransomware, Web Security|
Go to Top