Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals. In early November 2020, Ragnar Locker ransomware hit the Japanese game developer and publisher, forcing Capcom to shut down portions of their network. In typical fashion for human-operated ransomware attacks, the threat actor stole sensitive information. READ MORE...
Data from FireEye's Mandiant incident response division shows that the time it takes organizations to detect a malicious hacker attack continues to drop, but it's not only due to better threat detection capabilities. According to Mandiant, the surge in ransomware attacks, which are meant to be noisy and detected, is partially the reason for shorter dwell times observed in live attacks over the last year. READ MORE...
About a quarter of roughly 1,500 electric utilities sharing data with the North American power grid regulator said they installed the malicious SolarWinds software used by suspected Russian hackers, the regulator said on Tuesday. The electric utilities did not report any significant follow-on activity from the hackers, but the broad exposure of the sector points to the challenges of protecting utilities from supply-chain breaches. READ MORE...
The organization that oversees Sweden's national sports federations was hacked by Russian military intelligence in 2017-18, officials said Tuesday, in a data-breaching campaign that also affected some of the world's leading sporting bodies, including FIFA and the World Anti-Doping Agency. Swedish prosecutors said the "repeated and comprehensive breaches" of the Swedish Sports Confederation by GRU resulted in athletes' personal details, such as medical records, being accessed. READ MORE...
Of course you do - it was the name behind a foursome of Exchange bugs that got patched in an emergency update early in March 2021. Even though there was just a week to go until March 2021's Patch Tuesday, Microsoft decided to issue what have become known as the "Hafnium fixes" in a so-called out-of-band update. The fixes closed four security holes that could be chained together to produce an attack that has now been dubbed ProxyLogon. READ MORE...
Malware distributors are rotating payloads once again, switching between trojans that are many times an intermediary stage in a longer infection chain. In one case, the tango seems to be with QBot and IcedID, two banking trojans that are often seen delivering various ransomware strains as the final payload in attacks. Earlier this year, researchers observed a malicious email campaign spreading weaponized Office documents that delivered QBot trojan, only to change the payload after a short while. READ MORE...
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday. Today, Microsoft released security updates for four Microsoft Exchange vulnerabilities discovered by the NSA. These Exchange vulnerabilities are capable of remote code execution, with two vulnerabilities not requiring attackers to authenticate first. READ MORE...
Over the past year, 65% of people around the world report spending more time online than ever before, likely a result of the COVID-19 pandemic. As we connected to the internet for everything from work and school to entertainment, social connection and even groceries, cybercriminals took advantage and launched coordinated attacks and convincing scams. NortonLifeLock revealed that in the past year nearly 330 million people across 10 countries were victims of cybercrime. READ MORE...
Hackers are hitting Microsoft Exchange Servers with a Monero cryptominer, according to Sophos research published Tuesday. The attackers, which Sophos does not identify, began their apparently financially-motivated campaign shortly after Microsoft announced four zero-day vulnerabilities, according to Sophos. The attacker has lost several of the servers it has compromised to steal Moneroa kind of cryptocurrency - from victims. READ MORE...