Cox’s bad customer service stymies users who don’t want upload speeds cut
Cox told media that customers can keep speed plans but didn't tell sales reps.
Ukraine says Russia hacked its document portal and planted malicious files
Ukraine says Russia also backed massive DDoS attack using never-before-seen methods.
Cybercriminals Target QuickBooks Databases
Stolen financial files then get sold on the Dark Web, researchers say.
New APT Group Targets Airline Industry & Immigration
LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.
61% of Malware Delivered via Cloud Apps: Report
Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year.
DHL Express and FedEx targeted by phishing scam
Researchers have discovered that around 10,000 employee mailboxes at DHL Express and FedEx have been hit by two phishing attacks that sought to extract recipients work email account. A blog post shared by Armorblox this week detailed the attacks. The pos
Google Invests in Linux Kernel Developers to Focus on Security
Google will fund two full-time Linux kernel developers to maintain and improve Linux security in the long term.
Kaseya Buys Managed SOC Provider
Purchase extends offerings for MSP and SMB customers
How Security Culture Invokes Secure Behaviour
It has always been suspected that security culture and secure behaviour were closely linked, although proof was hard to produce. Today, KnowBe4 released research that shows not only have researchers been able to validate that link, but they also give dat
The Realities of Extended Detection and Response (XDR) Technology
While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.
Android users now have an easy way to check the security of their passwords
Feature checks user credentials against a list of billions of compromised passwords.
Universities Face Double Threat of Ransomware, Data Breaches
Lack of strong security policies put many schools at risk of compromise, disrupted services, and collateral damage.
Cartoon Caption Winner: Be Careful Who You Trust
And the winner of The Edge's February cartoon caption contest is ...
Bombardier suffers ransomware and data leak
The Canadian airplane manufacturer has today revealed that it suffered a security breach. In a press release, Bombardier disclosed that some of its data has been published on the dark web portal operated by the Clop ransomware gang: “An initial inv
Healthcare Organisations increasingly targeted in cyberattacks
Research has shown that in the past year cyberattackers have increasingly targeted healthcare organisations for deploying ransomware and other cyber-attacks. The annual X-Force Threat Intelligence research was released on Wednesday, which tracks the evol
3 Security Flaws in Smart Devices & IoT That Need Fixing
The scope and danger of unsecured, Internet-connected hardware will only continue to deepen.
Botnet Uses Blockchain to Obfuscate Backup Command & Control Information
The tactic makes it much harder for defenders to take down botnets via sinkholing and other standard techniques, Akamai says.
Confirmed: Fry’s Electronics going out of business, shutting down all stores
Former king of build-your-own-PC retailers couldn't survive COVID, consignment shift.
SolarWinds Attackers Lurked for 'Several Months' in FireEye's Network
Top execs from FireEye, SolarWinds, Microsoft, and CrowdStrike testified before the US Senate Intelligence Committee today on the aftermath - and ongoing investigations - into the epic attacks.
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Also on Krebs' radar: the cyber-response to COVID-19 and intelligence-sharing between private and public sectors.
SonicWall Releases Second Set of February Firmware Patches
The latest patches, for its SMA 100 series products, comes less than three weeks after an updates to patch a zero-day vulnerability.
Musk: Starlink will hit 300Mbps and expand to “most of Earth” this year
SpaceX CEO teases higher speeds, lower latency, and near-global coverage.
10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express
The two campaigns aimed to steal victims' business email account credentials by posing as the shipping companies.
The bitcoin blockchain is helping keep a botnet from being taken down
Wallet transactions camouflage the IP address of the botnet's control server.
Augmenting SMB Defense Strategies With MITRE ATT&CK: A Primer
Any organization can use MITRE ATT&CK as a force multiplier, but it's especially valuable for small ones.
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
When siloed functions unite in the face of cyberthreats, organizations can continue, uninterrupted, along their paths to digital transformation.
Transport for NSW affected by Accellion breach
Accellion systems are used to share and store files by as many as 300 organisations all around the world. Recently, they suffered a data breach following an attack linked to the ransomware gangs, Clop and FIN11. Accellion has claimed that less than 100 c
Sequoia Capital investor information stolen
Sequoia Capital, one of the most famous venture capital firms in Silicon Valley announced that it suffered a data breach. The firm officially referred to it as a “cybersecurity incident”, in which investor data, including personal information
CVSS as a Framework, Not a Score
The venerable system has served us well but is now outdated. Not that it's time to throw the system away -- use it as a framework to measure risk using modern, context-based methods.
Austin Energy: Scammers threaten to cut power
Unknown individuals have been impersonating Austin Energy in an attempt to scam customers. The scammers were threatening to cut customers’ power unless a fictitious overdue bill was paid immediately. They typically requested reloadable prepaid debi
AT&T and Frontier have let phone networks fall apart, Calif. regulator finds
AT&T raised phone prices 153% over a decade as service got steadily worse.
Chinese-Affiliated APT31 Cloned & Used NSA Hacking Tool
APT31 cloned and reused a Windows-based hacking tool for years before Microsoft patched the vulnerability, researchers report.
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Almost four of every five attacks attributed in 2020 were conducted by cybercriminal groups, a significant jump from 2019, with attacks on healthcare or using the pandemic rising fast.
Accellion Data Breach Resulted in Extortion Attempts Against Multiple Victims
FireEye Mandiant says it discovered data stolen via flaw in Accellion FTA had landed on a Dark Web site associated with a known Russia-based threat group.
Clubhouse suffer a ‘data breach’
Researcher Reports Vulnerability in Apple iCloud Domain
A stored cross-site scripting vulnerability in the iCloud website reportedly earned a security researcher $5,000.
Sequoia Capital Suffers Data Breach
The attack began with a successful phishing email.
8 Ways Ransomware Operators Target Your Network
Security researchers explore how criminals are expanding their arsenals with new, more subtle, and more effective ransomware attack techniques.
Cybersecurity Responsibility in a Post-Pandemic World
In this video, Omdia Cybersecurity Senior Research Director Maxine Holt explains why a more sustainable approach to post-pandemic cybersecurity is necessary.
What Can Your Connected Car Reveal About You?
App developers must take responsibility for the security of users' data.
New malware found on 30,000 Macs has security pros stumped
With no payload, analysts are struggling to learn what this mature malware does.
Comcast reluctantly drops data-cap enforcement in 12 states for rest of 2021
ISP grants reprieve in Northeast but still caps users in most of its US territory.
International law firm Jones Day hacked with data posted on dark web
This week, it was confirmed that international law firm Jones Day had data stolen from cybercriminals and is a direct result of the wider data breach suffered by file-sharing service Accellion. The hacker, which goes by the name Clop, had uploaded much o
Kia Denies Ransomware Attack as IT Outage Continues
Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack.
Companies unprepared for cloud migration
A new report from Virtana reveals that most organisations are forcing to revert some of their applications back to on-prem infrastructure. 350 IT professionals were included in the report, which found that 72% had moved at least one app back onto on-prem
US cities affected after ATFS Ransomware attack
Automatic Funds Transfer Services was targeted in a ransomware attack on the 3rd of February. The payment processor is used by many cities and agencies throughout the US. The data used for billing and verifying customers and residents is extremely varie
Attackers Already Targeting Apple's M1 Chip with Custom Malware
A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.
New browser-tracking hack works even when you flush caches or go incognito
At least 4 top browsers affected by "powerful tracking vector," researchers say.
Red Canary closes $81 million Series C financing round led by Summit Partners
Red Canary has closed its $81 million Series C financing round led by global growth equity investor Summit Partners. The new funding will help to support continued investment in both product and team expansion as the company continues to work toward enab
Omdia's On-Demand Webinars
People’s Postcode Lottery scam claims you could have won £1,000
The People’s Postcode Lottery has issued a statement warning players of a phishing scam which offers £1,000 in exchange for personal details. The scam claims to be from the People’s Postcode Lottery and states that players have won £1,000 aft
Millions of Californian DMV records possibly exposed in breach
The Californian Department of Motor Vehicles (DMV) has suffered a data breach that could have possibly exposed over a year’s worth of data after a third-party contractor was compromised during a cyberattack. During this breach customer addresses an
How to Fine-Tune Vendor Risk Management in a Virtual World
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
Microsoft says SolarWinds hackers stole source code for 3 products
The company said it found no indication the breach allowed customers to be hacked.
Microsoft Concludes Internal Investigation into Solorigate Breach
The software giant found no evidence that attackers gained extensive access to services or customer data.
CrowdStrike Buys Log Management Startup Humio for $400M
CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform.
Apple Offers Closer Look at Its Platform Security Technologies, Features
In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.
Microsoft Azure Front Door Gets a Security Upgrade
New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
Data security accountability in an age of regular breaches
As the number of vendors impacted by supply-chain breaches grows, one constant question remains: where exactly does accountability for data security lie, and what part do end users play in their own data breach protection?
How to Run a Successful Penetration Test
These seven tips will help ensure a penetration test improves your organization's overall security posture.
Virginia Takes Different Tack Than California With Data Privacy Law
Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute.
The Edge Pro Tip: Say What You Know
During the immediate period following a breach, it's vital to move fast - but not trip over yourself.
Egregor Arrests a Blow, But Ransomware Will Likely Bounce Back
Similar to previous ransomware takedowns, this disruption to the ransomware-as-a-service model will likely be short-lived, security experts say.
US Unseals Indictments Against North Korean Cyberattackers for Thefts Totaling $1.3B
FBI, CISA, and Treasury Department also release details about North Korean malware used in cryptocurrency thefts since 2018.
White House Says 100 Private Sector Orgs Hit in SolarWinds Campaign
Anne Neuberger, a top Biden cybersecurity official, provided an update on the government's investigation into the massive breach.
Kia Faces $20M DoppelPaymer Ransomware Attack
Kia Motors America this week experienced a nationwide IT outage; now, reports indicate the company was hit with ransomware.
Ransomware? Let's Call It What It Really Is: Extortionware
Just as the targets of these attacks have shifted from individuals to corporations, so too has the narrow focus given way to applying force and pressure to pay.
Breach Etiquette: How to Mind Your Manners When It Matters
Panic-stricken as you may be in the face of a cyberattack, keeping calm and, perhaps most importantly, responding appropriately are critical to limiting the damage.
Enterprise Windows Threats Drop as Mac Attacks Rise: Report
An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.
4 Predictions for the Future of Privacy
Use these predictions to avoid pushback, find opportunity, and create value for your organization.
France ties Russia’s Sandworm to a multiyear hacking spree
Destructively minded group has exploited an IT monitoring tool from Centreon.
Compromised Credentials Show That Abuse Happens in Multiple Phases
The third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says.
North Korea may have hacked into Pfizer servers looking for COVID data
South Korea's NIS warned lawmakers of Russian and North Korean hacking activity.
Firms Patch Greater Number of Systems, but Still Slowly
Fewer systems have flaws; however, the time to remediate vulnerabilities stays flat, and many issues targeted by in-the-wild malware remain open to attack.
Strata Identity Raises $11M in Series A Round
The series A round of funding, led by Menlo Ventures, will help Strata scale its distributed identity technology.
Under Attack: Hosting & Internet Service Providers
The digital universe depends on always-on IT networks and services, so ISPs and hosting providers have become favorite targets for cyberattacks.
New type of supply-chain attack hit Apple, Microsoft and 33 other companies
Researcher who got targets to automatically install his code gets $130,000 payout.
Palo Alto Networks Plans to Acquire Cloud Security Firm
Most of Fortune 100 firms have used Bridgecrew's service in their application development processes.
Fighting Fileless Malware, Part 3: Mitigations
Attackers can dodge the countermeasures you employ against fileless malware. So how do you mitigate the damage?
Black History Month 2021: Time to Talk Diversity and Cybersecurity
In an industry that consistently needs new ideas, it's essential to have individuals who think, speak, and act in diverse ways.
Parler says it’s back without “Big Tech” after being kicked off Amazon
Parler said it's using "independent technology" to get online after Amazon ban.
U.S Internal Revenue Service warns of phishing scam
An urgent warning has been issued by the U.S Internal Revenue Service (IRS) about a phishing scam that is trying to steal Electronic Filing Identification Numbers. The scam emerged in early February, just before the start of tax filing season on Feb. 12
Cyber security companies miss million of email attacks
New research by Barracuda has found that cybersecurity protection organisations have missed millions of email attacks. The research discovered 2,029,413 unique attacks in 2,600,531 unique mailboxes. The cybersecurity firm said that an average of 512 atta
3.2 billion emails and passwords leaked in data breach
Over 3.2 billion email addresses and paired passwords have been posted online in what is being called one of the biggest breaches of all time. The database of passwords and emails are thought to have been compiled following data breaches carries out on v
French and Ukrainian police arrested Egregor ransomware members
Several members of the Egregor ransomware group were arrested following a joint operation between Ukrainian and French law enforcement. French law enforcement officers made the arrests after they were able to trace ransom payments to group members based
How Healthcare Organizations Can Protect Themselves Against IoT Ransomware
Healthcare delivery organizations are increasingly deploying medical devices, IoT, and other medical platforms to improve connectivity and support patient care. Weak cybersecurity evaluations, inappropriate network segmentation, and legacy devices expand
Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees
Users' distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities.
100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020
Consumer banks, exchanges, payment firms, and card issuing companies around the globe were among those hit.
How to Submit a Column to Dark Reading
Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here's how to submit your Commentary pieces to Dark Reading.
Prosecutor charges former phone company employee in SIM-swap scheme
Charges filed as soaring cryptocurrency prices drive increase in SIM swapping crimes.
A Windows Defender vulnerability lurked undetected for 12 years
Microsoft patched the bug in its A/V program after researchers spotted it last fall.
Frontier raises sneaky “Internet Infrastructure Surcharge” from $4 to $7
Fee covers Frontier's basic network costs but isn't included in advertised rates.
Top 5 privacy-conscious social media platforms
223 vulnerabilities identified in recent ransomware attacks
Researches from RiskSense, a risk-based vulnerability management service, discovered 223 different vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database that were used in ransomware attacks throughout 2020. This is four times the num
AT&T scrambles to install fiber for 90-year-old after his viral WSJ ad
From 3Mbps DSL to 300Mbps fiber: Aaron Epstein's newspaper ad gets amazing result.
Warning: Increase in Web Shell Attacks
Web shells are tools deployed by threat actors on already hacked servers to gain and maintain access. They allow these hackers to remotely execute arbitrary code or commands, move laterally within a network or deliver malicious payloads. Last year the nu
Microsoft is seeing a big spike in Web shell use
Spike shows just how useful and hard to detect these simple programs can be.
2021 CyberFirst Girls Competition
More than 6,500 girls entered this years qualifying round of the 2021 CyberFirst Girls Competition, run by the National Cyber Security Centre (NCSC). Teams from more than 600 schools took part in online cyber security puzzles. 9 of the teams are from Sco
Confucious APT found targeting Pakistan and Indian officials using Android Spyware
Two new Android survellanceware have been discovered by the Lookout Threat Intelligence Team. Named Hornbill and SubBird, these two campaigns are believed to be connected to the Confucius APT, a well-known pro-India state-sponsored advanced persistent th
source : arstechnica, darkreading, itsecurityguru