Cybersecurity News

The latest news covering cybersecurity, compliance, cyberthreat, cloud and data breaches.

- Strikes Surged After ProxyLogon Proof-of-Concept Released There has been a spike in TR/Downloader.Gen Trojan web shell detection, as ransomware gangs and other threat groups increasingly target vulnerable Microsoft Exchange Servers following publication of proof-of-concept attacks using ProxyLogon - one of four zero-days patched by Microsoft in March. A new report by security firm F-Secure says that since the free-to-use ProxyLogon proof-of-concept file was released on March 13, it is being ... [Read More]

- Acer has purportedly become the victim of a massive ransomware attack, in which hackers are asking for $50 million to release the company’s stolen data, Bleeping Computer reported on Friday. Nonetheless, the company has not publicly confirmed the attack, vaguely stating that, “companies like us are constantly under attack.” According to Bleeping Computer, the attack was carried out by the REvil hacker group, which announced on its data leak site that it had breached Acer. As proof, the ... [Read More]


- Colleges a ‘Juicy Target’ for Cyberextortion Cybercriminals using ransomware increasingly focus on colleges and universities. What steps can institutions take to minimize their own risks -- and threats to the sector? A spate of recent cyberattacks on colleges, universities, seminaries and K-12 schools prompted a warning from the FBI’s Cyber Division this week. The advisory notice , published Tuesday , warned that criminals using malicious software called PYSA ransomware are increasingly ... [Read More]

- Stored XSS Attacks, Also Known as Persistent XSS Attacks, Are the Type With the Farthest Reach and Highest Potential Damage Recently, we took a closer look at one of the items on the OWASP Top 10 Vulnerability List – cross-site scripting (XSS). In that post, we covered the basics of XSS attacks and performed a quick overview on each of the various types of XSS. Today, we’re going to continue our series on XSS and do a deep dive on one of those specific types of XSS attack – Stored XSS, ... [Read More]

- Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials. A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft 365 credentials and launch business email compromise (BEC) attacks, according to a new report from Area 1 Security. These new, sophisticated attacks are aimed at C-suite executives, their assistants and financial departments, and can work around email security and Office 365 ... [Read More]

- The new CISA Hunt and Incident Response Program (CHIRP) tool from DHS is meant to support entities with detection of threat activity and compromise of on-prem environments. The Department of Health and Human Services Cybersecurity and Infrastructure Security Agency unveiled the CISA Hunt and Incident Response Program (CHIRP) tool, which is designed to support entities detect threat activity within on-prem environments. CHIRP is a forensics collection tool that will help network defenders find ... [Read More]

- Hackers Try to Use Remote Access Trojans to Take Control of Devices This tax season, as in years past, a major phishing campaign is targeting U.S. taxpayers in an effort to deliver malware, according to researchers at security firm Cybereason . The phishing messages contain malicious documents that purport to contain tax-related content but ultimately deliver NetWire and Remcos remote access Trojans that enable hackers to take control of victims’ devices, the researchers say. The malware has ... [Read More]

- NetWalker hackers stole PACE program patient data from Peak PTA's cloud servers; ransomware, more Accellion victims, network hack, phishing, and a misconfiguration complete this week’s breach roundup. March 18, 2021 - Healthcare business associate Peak TPA is notifying 50,000 PACE program patients that their data was stolen from two of its cloud servers by an attacker. The third-party administrator supports claims management on behalf of PACE programs. Peak TPA learned of the hack on December ... [Read More]

- A sophisticated group of cybercriminals are emerging in a new TrickBot malware campaign. To secure your organization, the Cybersecurity and Infrastructure Security Agency and the FBI recommend 10 tips for users and administrators on implementing mitigation measures. TrickBot is a highly modular, multi-stage malware that allows criminals to conduct a wide range of illegal cyber activities. TrickBot's operators are using phishing emails that claim to have proof of traffic violations to entice ... [Read More]

- $1.8 Billion Stolen via Business Email Compromise Scams, FBI Reports Online crime has surged during the pandemic, with more than $4.2 billion in losses reported by victims to U.S. authorities in 2020. So says the FBI in its latest annual Internet Crime Report , noting that its Internet Crime Complaint Center, or IC3, received nearly 792,000 victim reports of suspected internet-facilitated crime last year. That record-setting number was a 69% increase from the 300,000 complaints it logged in ... [Read More]

- In 2020, ransomware targeted the manufacturing sector, healthcare organizations, and construction companies, with the average ransom reaching $312,000, a report finds. Ransomware gangs aimed to bilk business victims of even more money in 2020, causing the average ransom paid by companies to jump 171% to more than $312,000. A new report from Palo Alto Networks -- which uses data from ransomware investigations, data-leak sites, and the Dark Web — found 337 victims in 56 industries, with ... [Read More]

- Share this article on: The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint security alert about TrickBot malware. TrickBot was first identified in 2016 and started out as a banking Trojan; but the malware has since had a host of new capabilities added and is now extensively used as a malware loader for delivering other malware variants, including ransomware such as Ryuk and Conti. “TrickBot has evolved into a ... [Read More]

- Hackers appear to be targeting Apple developers with a backdoor that has worked its way into a shared Xcode project, according to SentinelOne research published Thursday. In a blog post, SentinelOne says an external researcher alerted the company about malicious code that was tainting a development project in Xcode, Apple ’s integrated development environment (IDE) for macOS. The nefarious project, which the researchers say abuses the Run Script feature in Xcode, is a malicious version of an ... [Read More]

- PYSA Ransomware Targets Education Institutions: FBI The FBI issued alerted education institutions against the surge in PYSA ransomware attacks. Educational institutions are concerned about security after the increase in cyberattacks. These institutions became more vulnerable to ransomware operators after the transition to remote education, globally. Recently, the FBI’s Cyber Division issued an alert warning about an uptick in cyberattacks against higher education institutions and K-12 ... [Read More]

- HP Inc. released its new Quarterly Threat Insights Report, providing analysis of real-world attacks against customers worldwide. The report found that 29% of malware captured was previously unknown* – due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection. 88% of malware was delivered by email into users’ inboxes, in many cases having bypassed gateway filters. It took 8.8 days, on average, for threats to become known by hash to antivirus ... [Read More]

- These current strains of malware should be ultra-concerning to IT departments at companies of any size. Here's how to stop them. Hundreds of thousands of new malware variants emerge every single day, according to the AV-TEST Institute . We often hear about the most devastating malware attacks or those that spread most broadly, but unfortunately, there are many malware strains that slip under the radar and escape widespread attention due to the sheer volume of malware. "These days, like ... [Read More]

- Share this article on: On January 12, 2021, Denver-based Colorado Retina Associates discovered the email account of one of its employees had been accessed by an unauthorized individual who used it to send phishing emails to individuals in the employee’s contact list. The email account was immediately secured and a cybersecurity firm was engaged to investigate the incident to determine the extent of the breach. That investigation concluded on February 24, 2021 and revealed other email accounts ... [Read More]

- There's been a big rise in ransom payments over the last year - and some ransomware gangs demanding vast amounts. DDoS attacks and ransomware: How to protect yourself against them Watch Now Ransomware shows no sign of slowing down as the average ransom paid to cyber criminals by organisations which fall victim to these attacks has nearly tripled over the last year. Cybersecurity researchers at Palo Alto Networks analysed ransomware attacks targeting organisations across North America and Europe ... [Read More]


- TL;DR First and foremost, apply patches to the Exchange infrastructure. Assume compromise. It’s been reported that the attackers launched a massive compromise attack against 60,000+ Exchange Servers before patches became available, and many other attackers are actively looking for exploited Exchange servers . Look for AI Engine events involving your Exchange infrastructure (Host Names, IPs, Privileged Users and Service Accounts) starting January 5 th , 2021 to the present . Use the Microsoft ... [Read More]

- But the amount of code downloaded is too little to be of any use, the email security vendor says in its latest update. Hackers who gained access to Mimecast's systems via a poisoned SolarWind's software update late last year appear to have caused more damage than originally thought. The email security vendor's continuing investigation of the breach has revealed that the attackers accessed and downloaded at least some of its source code repositories and also email addresses, contact information ... [Read More]