Cybersecurity News

The latest news covering cybersecurity, compliance, cyberthreat, cloud and data breaches.

- Cybersecurity firm SonicWall disclosed Friday night that hackers attacked the company’s internal networks by first exploiting zero-day vulnerabilities in its very own secure remote access products. SC Media received an anonymous tip Friday that SonicWall had suffered an attack, but did not get confirmation ahead of the disclosure by the company. SonicWall, whose product line includes firewalls; network security and access solutions; and email, cloud and endpoint security solutions acknowledged that an incident took place in a company statement late that evening. "Recently, SonicWall ... [Read More]

- Hackers Circle Back to Again Attack Victims Who Refused to Pay an Earlier Ransom Demand Threat actors behind a distributed denial-of-service campaign targeted the same set of victims again after the organizations failed to pay the initial ransom, a new report by security firm Radware finds. The report notes the victims were first hit by the unidentified group in August or September 2020. Then when the victims failed to pay the initial ransom demand, they were sent additional ransom extortion emails in December 2020 and January, with the threat actors demanding between five to 10 bitcoins ... [Read More]

- The cybersecurity company SonicWall Inc. said it had been the victim of a coordinated attack on its internal systems by “highly sophisticated” hackers. The Silicon Valley-based company said in a statement that the two products compromised provide users with remote access to internal resources. The attackers exploited so-called “zero days” -- a newly discovered software flaw -- on certain SonicWall remote access products, the company said in a statement. Shevaun Betzler, a company spokesperson, said no additional information was immediately available. It wasn’t clear if the SonicWall ... [Read More]

- Researchers Say It Hijacks Powerful Computer Systems to Mine Monero Zscaler's ThreatLabz research team is tracking a new botnet dubbed DreamBus that's installing the XMRig cryptominer on powerful enterprise-class Linux and Unix systems with the goal of using their computing power to mine monero. DreamBus presents a serious threat because of the many components it uses to spread via the internet and the wormlike behavior that enables it to move laterally once inside a targeted system, ThreatLabz says. Many of the bot's components have previously been detected, some as far back as 2018, the ... [Read More]

- Over the last year, the healthcare industry has become a target of strategic interest amongst cyber criminals. Owing to its troves of valuable data, healthcare has never been as vulnerable to cyber attacks as it is now. As per a report by HIPAA Journal, healthcare institutions reported 616 data breaches of 500 or more records in 2020. Moreover, t he report also revealed that 28,756,445 healthcare records were exposed . With the arrival of the COVID-19 pandemic, hackers rapidly evolved their tactics to exploit the fears escalating amongst the population. This has spurred the need to adopt ... [Read More]

- Ransomware gang publishes stolen data after Scottish Environment Protection Agency (SEPA) refuses to pay ransom - as agency confirms operations remain disrupted. How ransomware could get even more disruptive in 2021 Watch Now The hackers behind the ransomware attack on the Scottish Environment Protection Agency (SEPA) have published thousands of stolen files after the organisation refused to pay the ransom. Scotland's government regulator for protecting the environment was hit with a ransomware attack on Christmas Eve , with cybercriminals stealing 1.2 GB of data in the process. Almost a ... [Read More]


- Cybercriminal group ShinyHunters claimed that they have compromised Pixlr users’ records after while broke into stock photo website Over 1.9 million Pixlr’s compromised records are leaked in various hacking forums for free Pixlr, a free online photo-editing platform, is the latest victim of a data breach after the notorious threat actor group “ShinyHunters” leaked over 1.9 million users’ records online, as reported by SiliconAngle . The exposed information included usernames, hashed passwords, email addresses, country of origin, and other personal data. It’s suspected ... [Read More]

- Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks. Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to bounce and amplify junk traffic as part of DDoS attacks, security firm Netscout said in an alert on Tuesday. Not all RDP servers can be abused, but only systems where RDP authentication is also enabled on UDP port 3389 on top of the standard TCP port 3389. Netscout said that attackers can send malformed UDP packets to the UDP ports of RDP servers that will be reflected ... [Read More]


- CISA is beginning a coordinated effort to encourage public and private sector organizations to mitigate the threat of ransomware. Former CISA Director Chris Krebs. Source: The Cybersecurity and Infrastructure Agency, the U.S. agency tasked with shoring up the country’s cyber defenses, is beginning a coordinated effort to encourage public and private sector organizations to mitigate the threat of ransomware. The Reduce the Risk of Ransomware Campaign aims to help companies implement best practices, tools and resources to help prevent ransomware attacks, which ... [Read More]

- Companies are receiving emails from cyber-criminals threatening large DDoS attacks unless a ransom is paid. Some groups are delivering on their threats. Extortion groups that send emails threatening companies with DDoS attacks unless paid a certain fee are making a comeback, security firm Radware warned today. In a security alert sent to its customers and shared with ZDNet this week, Radware said that during the last week of 2020 and the first week of 2021, its customers received a new wave of DDoS extortion emails. Extortionists threatened companies with crippling DDoS attacks unless they ... [Read More]


- Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked. The number of data breaches declined by half last year — to less than 4,000 events — yet the number of leaked records more than doubled, as did the number of breaches that included a ransomware component, according to an annual analysis of breach events by Risk Based Security. The diverging trends suggests that attackers are focusing more on ransomware, which is often not reported as a data breach if information is not exfiltrated. In addition, ... [Read More]

- Share this article on: The Department of Health and Human Services’ Office for Civil Rights is the main enforcer of HIPAA compliance; however, state Attorneys General also play a role in enforcing compliance with the Health Insurance Portability and Accountability Act Rules. The Health Information Technology for Clinical and Economic Health (HITECH) Act gave state attorneys general the authority to bring civil actions on behalf of state residents who have been impacted by violations of the HIPAA Privacy and Security Rules and can obtain damages on behalf of state residents. The Connecticut ... [Read More]

- A sophisticated threat actor gained illegal access into the networks of high-tech and aviation companies by initially hacking into their cloud-based services. Attacker dwell time on the secretly infiltrated networks sometimes lasted as long as three years. The effectiveness of this operation serves as a reminder of the risks of openly sharing and storing plain-text network credentials or sensitive VPN/network access instructions on internet-accessible apps or servers. In a recently released report , the NCC Group and its subsidiary Fox-IT said researchers encountered this threat actor during ... [Read More]

- A mistake on the part of the cyberattackers led to their discovery -- and that of the data they pillaged. Operators of a phishing campaign targeting the construction and energy sectors exposed credentials stolen in attacks that were publicly viewable with a simple Google search. On Thursday, Check Point Research published a blog post describing the campaign, in which stolen information was dumped on compromised WordPress domains. The recent phishing attack began with one of several fraudulent email templates and would mimic Xerox/Xeros scan notifications including a target company employee's ... [Read More]


- New research from Digital Shadows shows how cybercriminals are increasingly setting their sights on asset and wealth management companies (AWM). The assets under management by AWM companies are set to grow by up to 5.6% a year by 2025, to USD 147.4 trillion, which presents a lot of financial upside for attackers. Not only AWM companies possess valuable client information, but valuable intellectual property to protect, as well as investment strategies and mechanisms that can be exposed by competitors, third parties or insider threats within the company. One possible reason for the increasing ... [Read More]

- Share this article on: Gainwell Technologies has discovered unauthorized individuals have potentially accessed the information of certain participants of Wisconsin’s Medicaid program, which was stored in emails and email attachments in a compromised account. Access to the email account was first gained on October 29, 2020 and continued until November 16, 2020. The account contained information such as names, member ID numbers, and billing codes for services. Approximately 1,200 Wisconsin Medicaid members have been affected. Affected individuals have been offered a 1-year complimentary ... [Read More]

- Despite the Sophos report ousting the MrbMiner group today, the botnet is expected to continue to operate with impunity. Illustration set of flags made from binary code targets. Cyber-security firm Sophos said it found evidence connecting the operators of the MrbMiner crypto-mining botnet to a small boutique software development company operating from the city of Shiraz, Iran. The MrbMiner botnet has been operational since the summer of 2020. It was first detailed in a Tencent Security report in September last year. Tencent said it saw MrbMiner launching brute-force attacks against Microsoft ... [Read More]


- Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says. More than one month after the SolarWinds breach that impacted numerous organizations was first uncovered, new details of the sophisticated operation are continue to trickle out. The latest information comes from Microsoft, which this week released details of its analysis of the tactics used by the threat actors to activate a second-stage payload for downloading the Cobalt Strike attack kit on infected systems. According to Microsoft, that particular aspect of the ... [Read More]

- Symantec says a fourth piece of malware associated with the SolarWinds attacks is used to spread across a victim's network. Cybersecurity firm Symantec has uncovered an additional piece of malware used in the SolarWinds attacks, becoming the fourth piece of malware associated with the wide-ranging compromise of the popular IT management software. Symantec is calling this malware “Raindrop,” which is “a loader that delivers a payload of Cobalt Strike,” the company wrote in a blog post. It appears to have been used to spread across a victim’s network. Raindrop is very similar to the ... [Read More]

- Threat Actors Accessed 'Limited Subset of Internal Company Emails' The CEO of security firm Malwarebytes says the hackers who attacked SolarWinds also targeted his company and gained access to a "limited subset of internal company emails." "While Malwarebytes does not use SolarWinds [hacked software], we, like many other companies, were recently targeted by the same threat actor," Malwarebytes CEO Marcin Kleczynski notes in a blog. The hackers appear to have exploited a dormant email protection tool within the company's Office 365 system to gain access to a subset of the firm's emails, he ... [Read More]