Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an “aggressive” hacking crew called APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved […]
Listen to the article 5 min This audio is auto-generated. Please let us know if you have feedback. The Biden administration came out forcefully this week against a congressional effort to undo the U.S. Securities and Exchange Commission’s recently adopted rule requiring public companies to disclose cybersecurity incidents. President Joe Biden would veto the joint […]
82% of cybersecurity professionals have been working on implementing zero trust last year, and 16% should be on it by the end of this year. The challenges of zero trust implementation You’ve probably heard it before: zero trust is not a single product, but a security strategy that follows the principle of “never trust, always […]
Feb 02, 2024NewsroomCryptojacking / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency attributed the campaign to a threat actor it calls UAC-0027. DirtyMoe, active since at least 2016, is capable of carrying […]
Breach Notification , Governance & Risk Management , Healthcare What Will 2024 Be Like If the Healthcare Sector Doesn’t Step Up? Marianne Kolbasuk McGee (HealthInfoSec) • February 1, 2024 Image: Getty For nearly a decade, no matter how bad things seemed to get each year, 2015 remained the record year for U.S. health […]
The cybersecurity landscape has witnessed a new, sophisticated threat in the form of ApateWeb, a large-scale scareware and Potentially Unwanted Programs (PUPs) delivery campaign. Uncovered by Unit 42 researchers at Palo Alto Networks, the campaign is notable for its use of over 130,000 domains to propagate various forms of malicious content. Diving into Details ApateWeb […]
A variant of a long-running botnet is now abusing the Log4Shell vulnerability but is going beyond internet-facing applications and is targeting all hosts in a victim’s internal network. Researchers at Akamai explain the shift in the FritzFrog botnet — which has existed since 2020 — in a report released Thursday. The botnet typically uses brute-force […]
Myanmar authorities handed over to the Chinese government 10 suspects accused of involvement in the organized cyber fraud industry, including the heads of three prominent crime families. The arrests come after China’s Ministry of Public Security released a wanted list in December for the members of the “family crime syndicates,” which have ties to Myanmar’s […]
Feb 01, 2024NewsroomCryptojacking / Linux Security Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. “The campaign deploys a benign container generated using the Commando project,” Cado security researchers Nate Bill and Matt Muir said in a new report published today. “The attacker escapes this container […]