Cyber News

A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said.

Jack Wallen shows you how to add an SSH tarpit to Ubuntu Server with the help of endlessh.

The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.

Despite the coronavirus pandemic, 2020 was a record year in terms of venture capital funding for cybersecurity companies, with more than $7.8 billion invested, according to a new report from business information platform Crunchbase.

Hackers with apparent ties to North Korea that hit e-commerce shops in 2019 and 2020 to steal payment card data also tested functionality for stealing cryptocurrency, according to the cybersecurity firm Group-IB.

Sophos researchers discovered that the threat actors are using Exchange servers compromised using the highly publicized exploit chain—which suffered a barrage of attacks from advanced persistent threat (APT) groups to infect systems.

On August 2016, the Asian Bitfinex suffered a security breach that resulted in the theft of 120,000 Bitcoin, the incident had serious repercussions on the Bitcoin value that significantly dropped after the security breach (-20% decrease).

The NSA, the CISA, and the FBI jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” today to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities.

Targeting global companies, the attackers are likely seeking confidential data on the distribution and storage of the coronavirus vaccines, says IBM Security X-Force.

Though it's normal for victims to remain unaware of how their stolen data is being put to use by cybercriminals, there's are gangs in ransomware cartels who have made millions of dollars exploiting stolen data.

An analysis by Barracuda and Columbia University revealed that the majority of phishing emails originate from countries in Eastern Europe, Central America, the Middle East, and Africa.

Six days after installing the webshell, the actor used the installed webshell to run PowerShell commands to gather information from the local server and the Active Directory and stole credentials from the compromised Exchange server.

According to Intel 471, some cybercriminal groups are leveraging Ettersilent maldoc builder to bypass Windows Defender, Windows AMSI, and top email services including Gmail.

Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble.

The banks are being exploited in attacks targeting people filing taxes, getting stimulus checks and ordering home deliveries, says Check Point.

The White House is reportedly moving swiftly forward with a plan to harden the security of the US power grid against hacking attacks. Read more in my article on the Tripwire State of Security blog.

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Recorded Future provides deep, detailed insight into emerging threats by automatically collecting, analyzing, and organizing billions of data points from the Web. And now, with its FREE Cyber Daily email all IT … Continue reading "Get FREE threat intelligence on hackers and exploits with the Recorded Future Cyber Daily"

Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered.

Siemens released a total of 14 new advisories on Tuesday, including five describing the impact and remediations for the NAME:WRECK vulnerabilities disclosed on the same day.

Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a Remote Access Trojan (RAT) capable of carrying out a wide range of attacks.