Cybersecurity News

The latest news covering cybersecurity, compliance, cyberthreat, cloud and data breaches.

- Agency Says Hackers Can Use a Known Bug for Further Exploitation Cybersecurity and Infrastructure Security Agency is warning about a password leak that could affect vulnerable Fortinet VPNs, which could lead to possible further exploitation, according to a notice published Friday by the agency. The agency's latest alert comes a few days after security researchers reported that threat actors are claiming to have published the leaked passwords on various underground forums. While CISA stopped short of confirming the authenticity of the password leak, the agency is urging users of Fortinet gear ... [Read More]

- Ransomware, Social Engineering, Credential Stuffing and More Underpinned by Bots Cybercrime continues to become increasingly automated, and bots have been key to that trend. Bot refers to any type of automation - good or bad. In the crime realm, bots are used for automatically controlling malware-infected endpoints from a botnet command-and-control server, running highly automated and scalable social engineering attacks, web scraping, credential stuffing and more. For criminals who want to wield bots, "one of the big shifts in this fraudulent activity is that they don't really need a lot of ... [Read More]

- Insider attacks are growing in number, and they are becoming more difficult to detect, according to Insider Threat Report, a study by Cybersecurity Insiders, with support from Darktrace. For instance, 53% of cybersecurity professionals say the shift to cloud computing has made detection of insider attacks more difficult. Moreover, 72% say that insider attacks have increased in frequency over the previous 12 months, and 65% have experienced an attack in that time period. The most common accidental incident is the phishing attack, 73% report. But 63% also cite the sending of business ... [Read More]

- France's Sopra Steria Was Hit By Previously Unseen Version of Ryuk Ransomware French IT services firm Sopra Steria , which suffered a Ryuk ransomware attack in October, now estimates that recovering from the attack could cost up to 50 million euros ($59 million). Sopra Steria is one of the largest IT services and consulting groups in Europe, posting 2019 revenue of ($5.2 billion). On Oct. 21, Sopra Steria stated that it had suffered an attack using a version of the Ryuk ransomware that had not been publicly seen before. At the time, the company said it did not believe that any customer or ... [Read More]

- A recent FBI warned of an increase in the number of registered internet domains and email addresses spoofing legitimate FBI sites, which poses a potential cyberattack risk. November 27, 2020 released an alert warning of a new cybercriminal campaign that spoofs the internet domains and email addresses related to the FBI, which poses the risk of future cyberattacks and other nefarious operational activity. As noted in other agency alerts, in spoofing campaigns, threat actors, including nation-state hacking groups, leverage spoofed domains and email accounts to trick users into believing ... [Read More]

- Europol, Group IB Analyzed 90,000 Pieces of Card Data During The Three-Month Long Operation A operation led by law enforcement agencies from Italy, Hungary and supported by Europol prevented payment fraud losses of $47.5 million by targeting fraudsters that were selling stolen card data on darknet websites known as card shops. Europol, the EU's law enforcement intelligence agency, said in a Thursday statement the fraudsters were identified during a three-month-long operation called Carding Action 2020 that set out to disrupt card-skimming attacks against financial institutions and ... [Read More]

- Access is sold for $100 to $1500 per account, depending on the company size and exec role. A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named , ZDNet has learned this week. The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which he claims are owned by high-level executives occupying functions such as: Access to any of these accounts is sold for prices ranging ... [Read More]


- Perhaps it's not surprising that supply and demand affect online criminal enterprises. The more stolen credit cards and social security numbers that you monetize on the criminal underground forums, the lower the value of that data. That trend has been clear in recent years. "That is not the case with ransomware," Jason Rivera, Director, Strategic Threat Advisory Group at CrowdStrike, explained. "With ransomware, it is the exact opposite. The more ransomware attacks that occur, the more they succeed, the more the victims pay, other ransomware operators are like, 'Oh yeah, I can do that too? ... [Read More]


- Businesses can take extra steps to protect their remote workforce against cyber threats In the latest edition of the Chubb data reveals that the professional services industry need to take more proactive and protective measures against potential cyber attacks. Chubb has seen a 10% increase in cyber incidents relating to professional services companies. These are largely email-driven organizations, meaning there are many opportunities for employees to click on malicious links, driven by email phishing. "Most cyber attacks are coming from outside the company, leaving businesses at greater risk ... [Read More]

- Security Incident Affecting School District's Virtual Classes Officials with the Baltimore County Public Schools are investigating a ransomware attack that distributed virtual learning for students on Wednesday. Now, the district has been forced to call-off its virtual classes until next Monday, when children return from the Thanksgiving holiday break. On Wednesday, Mychael Dickerson, the district's chief of staff, confirmed via Twitter that several schools in Baltimore were affected after ransomware attackers targeted its IT systems and caused network interruption. Here is the latest update: ... [Read More]

- A cybersecurity report from cloud security provider CDNetworks revealed that distributed denial-of-service (DDoS), web application, and botnet attacks have surged exponentially in H1 2020 compared to the first half of 2019. In its report , “State of the Web Security for H1 2020,” CDNetworks highlighted that, in particular, web application attacks rose by 800%. Nearly 4.2 billion web application attacks were blocked in H1 2020, which is 8x higher than the same period in 2019. According to the report, DDoS attacks saw a 147.63% year-on-year increase. On average, 660 bot attack incidents ... [Read More]

- In the space of 24 hours, Europol and Interpol have announced a salvo of major cybercrime actions. First came the arrests of three individuals in Nigeria over their alleged breaches of as many as 50,000 companies and government entities, followed by the completion of a three-month operation that police believe has prevented $48 million ending up in the hands of credit card thieves. Interpol said Wednesday that a joint operation with Nigerian police and cybercrime company Group-IB that three individuals were apprehended in Lagos, and alleged to have targeted hundreds of thousands of ... [Read More]


- Exclusive: Company says that only a small subset of customers were impacted. UK-based cyber-security vendor Sophos is currently notifying customers via email about a security breach the company suffered earlier this week. "On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support," the company said in an email sent to customers and obtained by ZDNet . Exposed information included details such as customer first and last names, email addresses, and phone numbers (if provided). A Sophos spokesperson ... [Read More]


- TMT Group Targeted 500,000 Companies in More Than 150 Countries Members of the TMT BEC Group have been arrested by Interpol with help by Nigerian police and Group-IB (Source: Interpol) Interpol , along with Nigerian law enforcement agencies and security firm Group-IB, has uncovered a massive Nigerian business email compromise gang that was active across more than 150 countries. The group, dubbed TMT, has been active since 2017 and has targeted nearly 500,000 government and private organizations with BEC scams that used phishing and advanced social engineering techniques to extort payments ... [Read More]

- Profits Drive Demand for Initial Access Brokers, Affiliates Driven by the profits to be achieved via ransomware, most botnet operators have dropped banking Trojans in favor of supporting and running crypto-locking malware attacks, according to security experts who spoke Wednesday at cybersecurity firm Group-IB's CyberCrimeCon 2020 virtual conference. Data-Exfiltrating Ransomware Gangs Pedal False Promises ). Cybercriminals have also been attempting to cash in on the COVID-19 pandemic. Since it began, "nothing really majorly changed in in terms of what cybercriminals were doing: They were ... [Read More]

- With more commerce occurring online this year, and with the holiday season upon us, the Cybersecurity and Infrastructure Security Agency (CISA) reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions. According to Hank Schless, Senior Manager, Security Solutions at Lookout , a San Francisco, Calif.-based provider of mobile security solutions, Lookout saw a massive spike in COVID-19-related scams when the pandemic first broke out: a 37% increase in ... [Read More]

- Egregor is gaining traction after only emerging in September - and researchers warn this ransomware family is only just getting started. Why ransomware has become the biggest cyber threat to your network in 2020 Watch Now A new form of ransomware is becoming increasingly prolific as cyber criminals turn to it as a preferred means of encrypting vulnerable networks in an effort to exploit bitcoin from victims. Egregor ransomware first emerged in September but has already become notorious following several high profile incidents, including attacks against bookseller Barnes & Noble , as well as ... [Read More]


- The FBI warns entities of a rise in Ragnar Locker ransomware, where hackers gain a foothold on the network, perform reconnaissance, and steal data before deploying the final attack. November 25, 2020 - The FBI is urging private sector organizations to be on alert for Ragnar Locker ransomware attacks, which frequently lead to data theft, following a rapid increase in cyberattacks. First observed in April, Ragnar Locker ransomware actors are known to target a range of victims, including those in the cloud service provider, communication, construction, enterprise software, and travel ... [Read More]

- A vulnerability in MobileIron mobile device management software is being used by state-backed hackers and organised crime, warns security agency. Ransomware: 27% of victims pay to get their networks back Watch Now State-backed hackers and criminal gangs are now actively using a vulnerability in mobile device management (MDM) software to successfully gain access to networks across government, healthcare and other industries. The UK's National Cyber Security Centre (NCSC) has issued an alert warning that a number of groups are currently using a vulnerability in MDM software from MobileIron . ... [Read More]


- The latest ransomware update shows multiple health providers are continuing to operate under EHR downtime procedures following attacks; UVM Health Network restored EHR access. November 25, 2020 - The University of Vermont Health Network restored access to its Epic EHR, following a month of downtime procedures brought on by a massive ransomware attack across its care network. A November 24 update reports access has been restored to its electronic medical record system at the UVM Medical Center inpatient and ambulatory sites, as well as the ambulatory clinics at Central Vermont Medical Center, ... [Read More]