The Senate Intelligence Committee's hearing about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered some questions about what went wrong but also raised four key issues.
The cybersecurity agencies of five countries have issued a joint advisory warning that hackers are exploiting vulnerabilities in the Accellion File Transfer Appliance to steal data and execute ransomware. Australia's Transport for New South Wales and Canada's Bombardier are the latest victims to be revealed.
The "Cuba" ransomware gang has hit Seattle-based Automatic Funds Transfer Services, which processes data from California's Department of Motor Vehicles as well as many cities in Washington. Victim organizations say AFTS is investigating the incident and that an unknown amount of individuals' data was exposed.
In an update on the investigation into the SolarWinds supply chain attack, Deputy National Security Adviser Anne Neuberger said the Biden administration is preparing "executive action" to address security shortcomings that have come to light.
In 2020, a cybercrime operation known as ShinyHunters breached nearly 50 organizations, security researchers say. And this year, it shows no signs of slowing down - it's already hacked e-commerce site Bonobo and dating site MeetMindful.
More than 1,000 developers likely worked on rewriting code for the massive SolarWinds supply chain attack that affected many companies and U.S. government agencies, Microsoft President Brad Smith said in a Sunday interview, pointing out the attack is most likely continuing.
Following the hacking of a Florida water treatment plant, CISA is warning the operators of other plants to be on the lookout for hackers who exploit remote access software and outdated operating systems - and to take risk mitigation steps. The advice applies to other organizations as well, some security experts say.
Citing a lack of coordination and transparency, U.S. Sens. Mark Warner and Marco Rubio of the Intelligence Committee are urging the four federal agencies investigating the cyberattack that targeted SolarWinds and other organizations to designate a leader for their investigative efforts.
The developers of LodaRAT malware, which has previously only targeted Windows devices, have developed a new variant, Loda4Android, that targets Android devices, according to Cisco Talos.
The operators behind the Trickbot malware are deploying a new reconnaissance tool dubbed "Masrv" to exfiltrate additional data from targeted networks, according to a Kryptos Logic report. Other researchers have noticed increases in the botnet's activity over the last month.
Ransomware operations continue to come and go. The notorious Maze ransomware gang retired last year, apparently replaced by Egregor, while new operators, such as Pay2Key, RansomEXX and Everest, have emerged. But in recent months, experts say, just six operations have accounted for 84% of attacks.
The operators behind the Agent Tesla remote access Trojan have updated the malware to enable it to disable endpoint protection software and have added features to hide communications, according to a report from the security firm Sophos.
To take down bigger targets more easily and quickly, ransomware gangs are increasingly tapping initial access brokers, who sell ready access to high-value networks. Economically speaking, it's a no-brainer move for cybercrime gangs.
Up to 30% of the organizations hit as part of the cyberespionage campaign waged by the hackers responsible for the SolarWinds supply chain attack did not use the company’s compromised software, says Brandon Wales, acting director of CISA. These victims were targeted in a variety of other ways, he says.
The law enforcement agencies behind this week's disruption - dubbed “Operation Ladybird” - of Emotet are helping victims by pushing out an update via the botnet’s infrastructure that will disconnect their devices from the malicious network.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing fraudtoday.io, you agree to our use of cookies.
