Cyber Security News

The latest news covering cyber security, network security, cyber threat and data breaches.

- Researchers: Hacking Group Used Cloud Infrastructure for Phishing Attacks An advanced persistent threat group that Microsoft calls Gadolinium was using 18 Azure Active Directory applications as part of its malicious infrastructure to launch phishing emails starting earlier this year, according to the company. Many of these malicious messages used subject lines and attached documents to entice victims to click. by other security researchers, has been active since at least 2014 and has primarily targeted the U.S. and Western Europe, including victims in the maritime industry, naval defense ... [Read More]

-  reported a 109% increase in ransomware the US during the first half of 2020. Due to relatively low execution costs, high rates of return, and minimal risk of discovery compared with other forms of malware, ransomware has quickly become a preferred method of attack for cybercriminals. Although computer systems remain the most common source of ransomware infection, Internet of Things (IoT) devices are also prime targets for several reasons, including the fact that hackers know enterprises often have less visibility into these devices, and can therefore inflict devastating effects without ... [Read More]

- Seven in every ten CISOs (71%) believe cyberwarfare is a threat to their organization, and yet just over a fifth (22%) admit to not having a strategy in place to mitigate this risk. This is especially alarming during a period of unprecedented global disruption, as half of infosec professionals (50%) agree that the increase of cyberwarfare will be detrimental to the economy in the next 12 months. CISOs and infosec professionals however are shoring up their defenses — with 51% and 48% respectively stating that they believe they will need a strategy against cyberwarfare in the next 12-18 ... [Read More]

- Penalty Is Second Largest Ever Issued ) •     Premera Blue Cross has agreed to pay a $6.85 million fine, the second largest HIPAA settlement ever announced by federal regulators. The case stems from a 2014 breach, which went undetected for nine months and exposed the information of 10.4 million individuals. In a Friday statement, the Department of Health and Human Services' Office for Civil Rights says its investigation into the Premera breach , which was reported in March 2015, found "systemic noncompliance" with the HIPAA rules, including failure to conduct an enterprisewide risk ... [Read More]

- DALLAS — A major U.S. provider of software services to state and local governments acknowledged Friday it was hit by a ransomware attack two days after telling clients an unknown intruder had compromised its phone and information technology systems. Tyler Technologies said in a statement that it confirmed the intruder used ransomware but did not provide further details on its response, citing an ongoing investigation. A spokesperson for the Dallas-area company did not directly answer a question about whether it had paid to have its systems unlocked. Ransomware purveyors are increasingly ... [Read More]

- CISA: Hacker Apparently Exploited VPN Vulnerabilty ) •     The U.S. Cybersecurity and Infrastructure Security Agency has issued a report describing how a threat actor apparently used a well-known VPN vulnerability and compromised Office 365 credentials to gain administrative privileges to a federal agency's network. The CISA report, which does not identify the agency, says a highly skilled malicious actor implanted a "sophisticated multistage malware that evaded the affected agency's anti-malware protection and gained persistent access through two reverse Socket Secure proxies that ... [Read More]

- A virtual private network vulnerability that has been known since December. Stolen credentials of a power user. A poorly configured firewall. It didn’t take long for the hacker to own this unnamed federal agency. In what was a matter of days, maybe weeks, this bad actor, possibly a nation state given how sophisticated the attack was, set up two remote command-and-control points, reviewed email and other documents to look for passwords and started networking hopping to find more valuable data and information. And now the Cybersecurity and Infrastructure Security Agency at the Homeland ... [Read More]

- Campaign Designed to Steal Credentials ) •     An example of a phishing email using GDPR compliance as a lure (Source: Area 1 Security) A recently uncovered phishing campaign used the European Union's General Data Protection Regulation as a lure to steal login credentials. The campaign enticed victims with subject lines indicating their email security system was not in compliance with the law, according to Area 1 Security . Fraudsters were attempting to take advantage of uncertainties and misconceptions surrounding GDPR, using the fear factor about law violations, which can carry ... [Read More]

- CHSPSC, a Community Health Systems business associate, reported a breach of 6 million patients in 2019. The OCR audit found longstanding, systemic noncompliance with HIPAA. September 24, 2020 - The Department of Health and Human Services Office for Civil Rights   a  $2.3  million  settlement   with  CHSPSC  provides services to hospitals and clinics indirectly owned by Community Health Systems , after a data breach impacted more than 6 million patients in 2014.   CHS owns over 200 hospitals across the country and is one of the largest hospital networks in the US.  On  , 2014,  ... [Read More]

- Tyler Technologies, the self-proclaimed largest provider of US public sector software and technology services, is struggling with a cyberattack that disrupted many of its operations. As of yesterday, the official website is offline, and a maintenance notice greets users accessing the page: "Our Tyler Technologies corporate website is temporarily unavailable. We are aware of the issue and are working to bring the site back online. Please check back soon." The Texas-based company offers end-to-end management solutions to over 15,000 government offices across all US states, Canada, ... [Read More]

- Group breaks an unofficial rule in the cybercrime underground not to target the former Soviet space. The 2020 election and ransomware attacks Watch Now Security firm Group-IB says it identified a new cybercrime group that, for the past six months, has repeatedly and intentionally targeted Russian businesses with malware and ransomware attacks. Named  , Group-IB says the hackers are behind targeted attacks with a new strain ransomware called  TinyCryptor  (aka  decr1pt ). "They have been trying to target  only Russian companies  so far," Oleg Skulkin, Group-IB's senior DFIR analyst, ... [Read More]


- The U.S. is warning of an uptick in attacks using LokiBot, an information stealer capable of sweeping up credentials. In a Tuesday alert, CISA notes that attacks using LokiBot have steadily increased since July. Earlier, Microsoft noted in an analysis that fraudsters were using this malware variant in phishing emails that contain a COVID-19 theme (see: CISA notes that its intrusion detection and prevention program, known as Einstein, had been picking up an increasing amount of malicious activity using LokiBot malware. LokiBot is "known for being simple, yet effective, making it an attractive ... [Read More]

- The year 2020 isn’t over yet, but so far, it’s been unprecedented from a threat landscape point of view – including the impact of the global pandemic and social movements on the cybersecurity landscape. The threat researchers at FortiGuard Labs have taken a good hard look at what was happening over the first six months of 2020 from a cybersecurity perspective, and we’ve identified some key trends that the industry needs to be aware of.   First, it will come as a shock to no one that cyber actors aren’t willing to let a crisis go to waste.  Cybercriminals across the spectrum, from ... [Read More]

- New alerts about a spike in Emotet activity come after France, Japan, New Zealand issued similar warnings at the start of the month. Two weeks after cyber-security agencies from  France ,  Japan , and  New Zealand  published warnings about an uptick in Emotet activity, new alerts have been published this past week by agencies in  Italy  and  the Netherlands , but also by  Microsoft . These new warnings come as Emotet activity has continued to increase, dwarfing any other malware operation active today. "It has been very heavy for [Emotet] spam lately,"  Joseph Roosen , a member of  ... [Read More]


- Starting in July, the cybercriminals behind LokiBot malware, aimed at credential theft and information stealing, have increasingly targeted enterprise networks. September 23, 2020 - The Department of Homeland Security Cybersecurity and Infrastructure Security Agency  and Multi-State Information Sharing & Analysis Center (MS-ISAC)    an alert warning of an increase in  LokiBot  malware  through t he cyberattacks a imed at  credential theft and information stealing, often sent in malicious email attachments.   Credential   is a common risk in the healthcare sector, and hackers have ... [Read More]

- Security professionals worry about being targeted by state-backed hackers; or more likely getting caught in the crossfire. Why Iranian hacking operations could be a threat to your network Watch Now Almost two-thirds of information security professionals believe that cyberwarfare  is a threat to their organisation as nation-state-backed cyberattacks become more common and larger in scale – and the concerns are even higher for chief information security officers, with almost three-quarters considering cyberwar a threat to their organisations. But there's still a significant proportion who ... [Read More]


- Some of these solutions will help find and stop phishing emails before they can cause damage, while others will find phishers fraudulently using your business's brand. Phishing ranks low on the list of cyberattacks in terms of technological sophistication. Even more sophisticated phishing variants like spear phishing (focused and often personalized phishing attacks) and whaling (phishing attacks focused on high-profile or high-dollar targets) are focused more on social engineering than on technology. Yet phishing remains one of the most effective types of attacks because it bypasses many ... [Read More]

- Phishing, Spam, Malware, Social Engineering and Other Recent Attack Trends After reviewing online attack trends for the first half of the year, numerous cybersecurity firms agree: was king. As the pandemic has reshaped how many live and work, so too has it driven attackers to attempt to exploit work-at-home challenges and virus fears. But that's only part of the attack landscape picture involving broader phishing, social engineering, malware, business email compromise and other attack, fraud and scam trends that security firms have traced for the first six months of this year - as described ... [Read More]

- "Persistent malicious" activity sees a "notable increase" since July, feds say. Federal and state officials are seeing a big uptick in infections coming from LokiBot, an open source DIY malware package for Windows that’s openly sold or traded for free in underground forums. It steals passwords and cryptocurrency wallets, and it can also download and install new malware. In an alert published on Tuesday , the Department of Homeland Security’s Cybersecurity and Infrastructure Agency and the Multi-State Information Sharing & Analysis Center said LokiBot activity has scaled up dramatically in ... [Read More]

- "CISA has observed a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020." The US government's cyber-security agency has issued a security advisory today warning federal agencies and the private sector about "a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020." The Cybersecurity and Infrastructure Security Agency (CISA) said that its in-house security platform (the EINSTEIN Intrusion Detection System) has detected persistent malicious activity traced back to LokiBot infections. The July spike in LokiBot activity seen ... [Read More]