A new Lazarus-linked APT threat known as BlueNoroff has emerged and is actively targeting cryptocurrency startups in a campaign called "SnatchCrypto." Research by Kaspersky found that more than 15 venture businesses and their employees have fallen victim to the nation-state threat actors.
The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.
In the wake of the explosive Apache Log4j vulnerabilities, the White House hosted tech leaders and federal agencies in a summit to discuss ways to improve open-source software security. The meeting was hosted by Deputy National Security Adviser for Cyber and Emergency Technology Anne Neuberger.
Police in Ukraine have arrested five individuals on suspicion of using ransomware to extort more than 50 companies across the United States and Europe, as well as to provide an IP-changing service to international hackers to help them distribute malware, steal sensitive data and disrupt sites.
Attackers wielding Night Sky ransomware are among the latest groups that have been attempting to exploit critical vulnerabilities in widely used Apache Log4j software. Microsoft says that among other attacks, a China-based ransomware operator has been exploiting Log4j flaws in VMware Horizon.
Cybercrime gang FIN7 is impersonating the U.S. Department of Health and Human Services and Amazon to trick enterprises in the U.S. into using a malicious flash drive, according to the FBI. The threat actor targeted undisclosed companies in the transportation, defense and insurance sectors.
QNAP, a Taiwan-based company that manufactures network-attached storage devices, urges users to take immediate actions to secure QNAP NAS device suite amid reports of wide targeting of all its networking devices by ransomware and brute-force attacks.
Top U.S. cybersecurity leaders continue to warn against the peril of Apache Log4j vulnerabilities, confirming on Monday that hundreds of millions of devices worldwide are likely affected by the logging utility flaw, although the response, in terms of scope and speed, has been "exceptional."
The EU's law enforcement agency, Europol, has been ordered by a watchdog to not retain for longer than six months any personal data it stores pertaining to individuals who reside in the EU, unless it has ascertained that the individuals are tied to an investigation or criminal activities.
Researchers have identified a new wave of phishing attacks exploiting a vulnerability in the comments feature of Google Docs to deliver malicious phishing websites. It hit more than 500 inboxes across 30 tenants, with hackers using more than 100 different Gmail accounts, Avanan researchers say.
The increasingly connected home is a vulnerable part of the extended enterprise, especially as the line blurs between personal life and work, says Forrester principal analyst Heidi Shey. She encourages organizations to adopt a two-pronged approach to protecting the "work from home" workforce.
Sen. Gary Peters, D-Mich., who chairs the Homeland Security and Governmental Affairs Committee, said this week that his committee convened a virtual briefing with both CISA and National Cyber Director Chris Inglis to discuss efforts to mitigate the threat posed by the Log4j vulnerability.
A senior executive at a Russian cybersecurity services firm has been denied bail after being extradited from Switzerland to the U.S. to face charges that he participated in a hacking scheme that stole pre-public earnings information for publicly traded companies to make $82.5 million via insider trading.
In the latest update, four ISMG editors discuss key cybersecurity issues, including myth busting from the founder of Zero Trust, the reason behind the surge in high-profile cryptocurrency scams in India and how ransomware attackers routinely lie about their inclinations, motivations and tactics.
The latest edition of the ISMG Security Report features an analysis of the recent surge in Russian cyber interference in Ukrainian government and civilian networks, the impact of China's privacy law, and the battle against cryptocurrency cybercrime.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.