Security vendor SonicWall is investigating what the company calls a "coordinated attack" against its internal network by threat actors using a zero-day exploit within the company's remote access products. SonicWall is urging customers to apply temporary fixes to secure VPNs and gateways.
Threat actors behind a distributed denial-of-service campaign targeted the same set of victims again after the organizations refused to pay the initial ransom demand, a new report by security firm Radware finds.
Fraudsters are using Google forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to identify targets for a possible follow-up business email compromise attack.
The latest edition of the ISMG Security Report features an analysis of the cybersecurity challenges the Biden administration must address. Also featured: payments security advice from Verizon; the outlook for the lifting of restrictions tied to the COVID-19 pandemic.
Joker's Stash, the notorious underground marketplace that has specialized in the sale of stolen payment card data, is reportedly shutting down in February with its administrator claiming he will "retire" at that time, according to Gemini Advisory. Researchers say fraudsters will quickly move to other sites.
The FBI has issued a warning about the growing threat from the operators behind the Egregor ransomware variant and other cybercriminal gangs affiliated with the group. Since September, the crypto-locking malware has been associated with nearly 100 attacks worldwide.
The major appliances giant Whirlpool acknowledges it was hit with a ransomware attack in November, with the cyber gang Nefilim taking responsibility for the cyber incident and claiming to have stolen company data.
Ransomware gangs entered 2020 with a full and dangerous set of weapons at their disposal and then rolled out additional tools such as extortion and new distribution methods, a trend that is expected to continue into 2021.
A recently uncovered payment card skimmer is targeting several large content management systems that support the online checkout pages of dozens of e-commerce sites, according to researchers with Sansec. The malware works by using a keylogger to harvest payment and personal data.
The SolarWinds breach is a case study in how attackers can subvert a widely used piece of software to turn it to their advantage, says Lou Manousos, CEO of RiskIQ. The attack surface management expert details lessons all organizations must learn in the wake of this "unprecedented" attack.
Britain's National Crime Agency says 21 individuals have been arrested on suspicion of purchasing personally identifiable information from the WLeakInfo website. Authorities say the site provided access to more than 12 billion personal records culled from 10,000 data breaches.
Researchers with Palo Alto Networks' Unit 42 are tracking a relatively new cryptomining botnet called "PGMiner," which is targeting PostgreSQL database servers to illegally mine for monero. Currently, the malware only targets Linux-based database servers.
Hackers are targeting thousands of vulnerable MySQL servers around the world, using ransomware to exfiltrate data from organizations and then demanding payment, according to Guardicore Labs. The attackers are also selling access to over 250,000 stolen databases.