Dive Brief: Nearly 800 instances of Forta’s GoAnywhere MFT remain unpatched and potentially exposed to a critical vulnerability disclosed earlier this week, according to Shadowserver data published Friday. While many instances of the file-transfer service remain unpatched, less than 30 are vulnerable to exploits due to admin panel exposure on the public internet, Shadowserver said. […]
Dive Brief: The vast majority of U.S. companies, 96%, were targeted with at least one payment fraud attempt in the past 12 months, according to automated fraud prevention services provider Trustpair, which surveyed more than 260 senior finance and treasury leaders. The fraud attempts mark a 71% increase from the prior year as criminals stepped […]
Technical Analysis In the following sections, we dive into the technical details surrounding Zloader’s new updates to their anti-analysis techniques, embedded configuration, DGA, and network encryption. Anti-analysis techniques Zloader uses a combination of API import hashing, junk code, a filename check, and string obfuscation. The following sections analyze each technique. Imports and API resolution The […]
Dive Brief: A cyber event — such as ransomware, data breaches and IT disruptions – has become the top concern for U.S. businesses, replacing business interruption, according to the annual Allianz Risk Barometer, released Tuesday. Cyber events are a leading global concern of businesses for the third-consecutive year, Allianz found. Business interruption and natural catastrophes […]
Dive Brief: Mimecast, a specialist in email and collaborative workspace security, reached an agreement to buy Elevate Security, a human risk management solutions provider. Mimecast said the deal will help protect digital work environments by providing additional insight into human behavior. The company did not disclose the financial terms of the deal. The companies have […]
Dive Brief: The Cybersecurity and Infrastructure Security Agency is seeking comment on a global effort to improve software security through major changes in development practices. The request for information, released Wednesday, seeks input about how to best incorporate security into the software development life cycle. Specifically, CISA is asking for input on how to tackle […]
Dive Brief: The White House plans to work with the Department of Health and Human Services on a plan to develop minimum standards to protect the healthcare sector from ransomware and other malicious cyber activity, according to Anne Neuberger, deputy national security advisor for cyber and emerging technologies, said Thursday. The administration is working with […]
Dive Brief: Henry Schein has notified Maine’s attorney general that the personal information of 29,112 people, including more than three dozen residents of the state, may have been accessed in a Sept. 27 cyber incident that affected part of the company’s manufacturing and distribution businesses. The hackers acquired information that included individuals’ names and financial account […]
Dive Brief: Two years after the historic disclosure of a critical zero-day vulnerability in the Apache Log4j library sent organizations racing to contain the damage, nearly 2 in 5 applications are still using vulnerable versions, according to a report released Thursday from Veracode. The report found nearly one-third of applications are running Log4j2 1.2.x, which […]