By Elizabeth Montalbano on Apr 30, 2021 07:49 am
Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash.
By Jai Vijayan Contributing Writer on Apr 29, 2021 07:00 pm
Ironically, EDR's success has spawn demand for technology that extends beyond it.
By Lisa Vaas on Apr 29, 2021 06:44 pm
The RaaS operators have been posting, tweaking and taking down a goodbye note, saying that they'll be open-sourcing their data encryption malware for other crooks to use.
By Tim Starks on Apr 29, 2021 06:03 pm
A hacking group exploited a SonicWall zero-day software flaw before a fix was available in order to deploy a previously unreported ransomware strain, FireEye researchers said Thursday. The disclosure of the ransomware comes one week after FireEye revealed three previously unknown vulnerabilities in SonicWall’s email security software. But the latest hacking tool emerges from an earlier zero-day found in SonicWall’s mobile networking gear. Mandiant, FireEye’s incident response unit, dubbed the malware FiveHands, which bears similarities to another hacking tool, dubbed HelloKitty, that attackers deployed against a video game company. The security firm linked it to a group they call UNC2447. “UNC2447 monetizes intrusions by extorting their victims first with FIVEHANDS ransomware followed by aggressively applying pressure through threats of media attention and offering victim data for sale on hacker forums,” reads a blog post from the company. “UNC2447 has been observed targeting organizations in Europe and North America and has […]
The post Hacking group exploited SonicWall zero-day for ransomware attacks, FireEye says appeared first on CyberScoop.
By Robert Lemos Contributing Writer on Apr 29, 2021 05:55 pm
Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link.
By Sean Lyngaas on Apr 29, 2021 04:10 pm
Microsoft researchers have discovered some two dozen vulnerabilities in software that is embedded in popular medical and industrial devices that an attacker could use to breach those devices, and in some cases cause them to crash. The so-called “BadAlloc” vulnerabilities the researchers revealed on Thursday are in code that makes its way into infusion pumps, industrial robots, smart TVs and wearable devices. No less than 25 products made by the likes of Google Cloud, Samsung and Texas Instruments are affected. The research serves as a critique of the coding practices of the designers of billions of so-called “internet of things” devices that are a feature of modern life. There’s no evidence that the vulnerabilities have been exploited, according to Microsoft. But the Department of Homeland Security’s cybersecurity agency issued an advisory urging organizations to update their software. It’s unclear just how many devices are affected by the software bugs, but […]
The post Researchers find two dozen bugs in software used in medical and industrial devices appeared first on CyberScoop.
By Tara Seals on Apr 29, 2021 04:04 pm
The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console.
By Dark Reading Staff on Apr 29, 2021 03:49 pm
Student researcher is concerned security gap may exist on many other sites.
By Shannon Vavra on Apr 29, 2021 03:08 pm
The National Security Agency warned defense contractors in a memo on Thursday to reexamine the security of the connections between their operational technology and information technology in light of recent alleged Russian hacking. The alert, which references the sweeping SolarWinds espionage operation that U.S. officials have blamed on the Russian government, is meant to convince operational technology (OT) owners and operators in the defense industrial base to limit the scope and scale of any potential attack surface for U.S. adversaries to exploit, the NSA said in the alert. “Each IT-OT connection increases the potential attack surface,” the NSA said. “To prevent dangerous results from OT exploitation, OT operators and IT system administrators should ensure only the most imperative IT-OT connections are allowed, and that these are hardened to the greatest extent possible.” The alert comes weeks after the Biden administration formally attributed the recent espionage campaign to hackers working for […]
The post NSA warns defense contractors to double check connections in light of Russian hacking appeared first on CyberScoop.
By Dark Reading Staff on Apr 29, 2021 02:54 pm
More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices.
By Becky Bracken on Apr 29, 2021 02:42 pm
Researchers fear wider exposure, amidst a tepid response from Experian.
By Tara Seals on Apr 29, 2021 01:39 pm
A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations.
By Robert Lemos Contributing Writer on Apr 29, 2021 01:00 pm
The One-Stop Anomaly Shop (OSAS) project packages machine-learning algorithms into a Docker container for finding anomalies in security log data.
By Sam Crowther Founder, Kasada on Apr 29, 2021 01:00 pm
In the wrong hands, these shady shadows are stealthy means to bypass security systems by hiding behind a proxy with legitimate IP addresses and user agents.
By Lisa Vaas on Apr 29, 2021 12:17 pm
Sorry, we’ve upchucked your COVID test results and other medical and personal data into public GitHub storage buckets, the Wyoming Department of Health said.
By Eric Kedrosky Chief Information Security Officer at Sonrai Security on Apr 29, 2021 11:55 am
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.
By Tim Starks on Apr 29, 2021 10:00 am
Malicious use of manipulated visual and audio files — technology known as deepfakes — is swiftly migrating toward crime and influence operations, according to findings published Thursday. Threat intelligence company Recorded Future pointed to a recent surge in such activities and a burgeoning underground marketplace that could spell trouble for individuals and companies that use tools like facial identification technology as part of multi-factor authentication. The report mirrors similar conclusions from an FBI alert last month warning that nation-backed hackers would themselves begin using deepfakes more frequently for cyber operations as well as misinformation and disinformation. “We believe that threat actors have begun to advertise customized deepfake services that are directed at threat actors interested in bypassing security measures and to facilitate fraudulent activities, specifically fake voices and facial recognition,” the company’s Insikt Group wrote in a blog post. Recorded Future’s work focuses more on that development in the criminal […]
The post Deepfakes advertised on underground markets, signaling possible shift, Recorded Future says appeared first on CyberScoop.
By Becky Bracken on Apr 29, 2021 09:58 am
The perp faces jail time, but the incident highlights the growing cyber-abuse of QR codes.
By Shannon Vavra on Apr 29, 2021 09:54 am
Chinese hackers with suspected ties to the People’s Liberation Army have been hacking into military and government organizations in Southeast Asia over the course of the last two years, according to Bitdefender research published Wednesday. The Chinese hackers, known as the Naikon group, have been conducting espionage against the organizations and stealing data from the victims since at least June of 2019, the researchers said in a blog post on the campaign. Bitdefender does not identify victims by name in its report. It’s just the latest evidence security researchers have gathered in the last several years that Naikon, which was first exposed in 2015, is still actively conducting espionage years later. Just last year Check Point revealed the suspected Chinese hackers were running a hacking campaign targeting government entities in Australia, Indonesia, the Philippines and Vietnam. Researchers have previously tied the Naikon hackers to China’s PLA, which is host to several […]
The post Suspected Chinese hackers are breaking into nearby military targets appeared first on CyberScoop.
|