Following the hacking of a Florida water treatment plant, CISA is warning the operators of other plants to be on the lookout for hackers who exploit remote access software and outdated operating systems - and to take risk mitigation steps. The advice applies to other organizations as well, some security experts say.
Finding, triaging and investigating cyberthreats has never been more time-consuming, difficult or important for enterprises.
This white paper provides a detailed description of Cysiv’s modern, data science-driven approach to more quickly, effectively and efficiently detecting and investigating cyber threats, and...
In order to detect actionable threats, organizations must collect, continuously monitor, query and analyze a massive volume of security telemetry and other relevant data for indicators of compromise (IOCs), indicators of attacks (IOAs) and other threats.
Doing this at scale, 24/7, across a hybrid cloud environment,...
Citing a lack of coordination and transparency, U.S. Sens. Mark Warner and Marco Rubio of the Intelligence Committee are urging the four federal agencies investigating the cyberattack that targeted SolarWinds and other organizations to designate a leader for their investigative efforts.
Researchers at the security firm Netlab have identified a previously undocumented botnet dubbed "Matryosh" that is targeting vulnerable Android devices to help build its network so it can conduct distributed denial-of-service attacks.
The operators behind the Trickbot malware are deploying a new reconnaissance tool dubbed "Masrv" to exfiltrate additional data from targeted networks, according to a Kryptos Logic report. Other researchers have noticed increases in the botnet's activity over the last month.
The National Counterintelligence and Security Center is calling attention to China's ongoing efforts to collect DNA data sets and other sensitive health data of Americans through hacking and other methods. It warns the data could be used to support surveillance or extortion efforts.
Ransomware operations continue to come and go. The notorious Maze ransomware gang retired last year, apparently replaced by Egregor, while new operators, such as Pay2Key, RansomEXX and Everest, have emerged. But in recent months, experts say, just six operations have accounted for 84% of attacks.
The operators behind the Agent Tesla remote access Trojan have updated the malware to enable it to disable endpoint protection software and have added features to hide communications, according to a report from the security firm Sophos.
To take down bigger targets more easily and quickly, ransomware gangs are increasingly tapping initial access brokers, who sell ready access to high-value networks. Economically speaking, it's a no-brainer move for cybercrime gangs.
Up to 30% of the organizations hit as part of the cyberespionage campaign waged by the hackers responsible for the SolarWinds supply chain attack did not use the company’s compromised software, says Brandon Wales, acting director of CISA. These victims were targeted in a variety of other ways, he says.
The law enforcement agencies behind this week's disruption - dubbed “Operation Ladybird” - of Emotet are helping victims by pushing out an update via the botnet’s infrastructure that will disconnect their devices from the malicious network.
An APT group known as Lebanese Cedar has launched a cyberespionage campaign targeting telecommunication companies and ISPs, according to the Israeli security firm ClearSky, which says the attacks have spread beyond the Middle East to the U.S. and Europe.