The Biden administration has declared a state of emergency that covers 17 states and Washington D.C. in the wake of the ransomware attack on the Colonial Pipeline Co., and is working with Colonial to restart operations. On Monday morning, FireEye also confirmed to Threatpost that it's been called in to help with the investigation, but it wasn't at liberty to say anything more. The news came as security researchers mulled possible perpetrators of the attack, and warned that the incident could be a harbinger of things to come. READ MORE...
Major US pipeline operator Colonial Pipeline is investigating and responding to a ransomware attack on its IT network that ultimately disrupted its pipeline operations late last week, putting a spotlight on how the industrial sector remains vulnerable to growing cyberattacks that could have far-reaching consequences. The company's pipeline system runs 5,500 miles between Houston, Texas, and northern New Jersey, transporting millions of gallons of fuel each day. READ MORE...
The City of Tulsa, Oklahoma, has suffered a ransomware attack that forced the City to shut down its systems to prevent the further spread of the malware. Tulsa is the second-largest city in Oklahoma, with a population of approximately 400,000 people. Over the weekend, threat actors deployed a ransomware attack on the City of Tulsa's network that led to the City shutting down all of its systems and disrupting online services. READ MORE...
Researchers at anti-malware vendor Kaspersky are documenting a previously unknown Windows rootkit being used in the toolkit of an APT actor currently targeting diplomatic entities in Asia and Africa. Dubbed Moriya, the rootkit provides the threat actor with the ability to intercept network traffic and hide commands sent to the infected machines, thus allowing the attackers to stay hidden within the compromised networks for months. READ MORE...
The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That's according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework into its malware toolkit and has beefed up anti-detection capabilities. On the latter front, it's using fake domains on East Asian top-level domains (TLDs) to hide command-and-control (C2) infrastructure. READ MORE...
The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors in the US and worldwide. The FBI said in a TLP:GREEN flash alert last week that Avaddon ransomware affiliates are trying to breach the networks of manufacturing, healthcare, and other private sector organizations around the world. READ MORE...
Apple recently announced a tracking device that it calls the AirTag, a new competitor in the "smart label" product category. The AirTag is a round button about the size of a key fob that you can attach to a suitcase, laptop or, indeed, to your keys, to help you find said item if you misplace it. If you remember those whistle-and-they-bleep-back-at-you keyrings that were all the rage for a while in the 1990s, well, this is the 21st century version of one of those. READ MORE...
A computer science professor from Sweden has discovered an arbitrary code execution vuln in the Universal Turing Machine, one of the earliest computer designs in history - though he admits it has "no real-world implications". Yet what the amusing little caper really brings to the world is a philosophical point: if one of the simplest concepts of a computer is vulnerable to user meddling, where in the design process should we start trying to implement security features? READ MORE...