March 6, 2024 at 07:15AM Hackers are using new Golang-based malware to target misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis. The campaign exploits configuration weaknesses and an old vulnerability in Atlassian Confluence. Researchers at Cado Security identified the attack, which involves novel Golang payloads and common Linux attack techniques to install a … Read more
March 4, 2024 at 08:48AM Increased digital technologies and connectivity in industrial operations raise cybersecurity risks for Operational Technology (OT). Compliance with NIST, NIS2, ISA, and IEC standards is crucial for mitigating OT cybersecurity threats. Join SecurityWeek and Honeywell for a live webinar on March 5th at 11AM ET to gain insights from industry experts … Read more
February 29, 2024 at 04:46PM Troutman Pepper has established the Incidents + Investigations Team to address the increasing demand for legal services related to data breaches and cybersecurity incidents. The team provides 24/7 support and expertise in regulated industries, emphasizing effective communication and comprehensive assistance through all stages of incident response. The firm offers a … Read more
February 29, 2024 at 01:35PM The Cybersecurity and Infrastructure Security Agency (CISA) and its partners have issued a joint Cybersecurity Advisory to warn about cyber threat actors exploiting vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. Threat actors can bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges. Organizations are … Read more
February 23, 2024 at 07:33AM Telecommunications provider Tangerine revealed a recent cyberattack where the personal information of 230,000 individuals was stolen from a legacy customer database. The compromised data includes names, addresses, dates of birth, and contact details, but not credit card or banking information. The company is taking steps to prevent similar incidents and … Read more
February 22, 2024 at 10:28AM Cyber extortion reached a new peak in early 2023. Businesses face rising cyberattacks, especially targeting sensitive data holders like banks and hospitals. Financially motivated cybercriminals exploit victims’ willingness to pay. Brands must respond transparently to incidents. It is critical for boards to elevate cybersecurity, audit sensitive information, update incident response … Read more
February 22, 2024 at 09:15AM The US government released new guidance for water and wastewater sector entities to improve cyber resilience. The document, “Top Cyber Actions for Securing Water Systems,” includes instructions and free resources to assess and enhance security posture. It advises reducing internet exposure, conducting regular assessments, improving password hygiene, inventorying assets, updating … Read more
February 21, 2024 at 07:45AM New malware targets Redis servers with a user mode rootkit and cryptocurrency miners, bypassing security measures and deploying a Golang-based malware ‘Migo’. The attacks utilize persistence mechanisms, rootkit ‘libprocesshider’, and obfuscation to evade detection. Threat actors demonstrate evolving capabilities with both established and new techniques targeting Redis servers. Key takeaways … Read more
February 20, 2024 at 06:27AM In 2023, the Scattered Spider threat group conducted impactful ransomware attacks on major financial institutions. Silverfort’s threat research team responded with a real-time playbook. A webinar will detail their response to the attack, focusing on key response goals and insights into addressing various dimensions of lateral movement. Limited spots are … Read more
February 15, 2024 at 02:19PM CISA and MS-ISAC conducted an incident response assessment revealing a threat actor gaining unauthorized access to a state government organization’s network environment. Moreover, the attacker compromised network administrator credentials through the account of a former employee, successfully accessing the organization’s internal and Azure environments. A Cybersecurity Advisory containing mitigation strategies … Read more