Building stronger immunity to cyber threats is a collective responsibility
Prevention is better than cure – an adage that remains relevant today as Australia’s healthcare industry continues to struggle with delivering herd immunity against cyber risk.
What Will Take Emotet’s Place?
Emotet’s seven-year reign of terror will come to an end Sunday, April 25, 2021 – at least in theory, when law enforcement completes a scheduled mass uninstallation of its infrastructure.
LinkedIn Attacks Show Dangers of Professional Networking
Leveraging the human factor via social media to launch cyberattacks is a tried-and-true method, and one that will be with us for many more years to come. The recent LinkedIn attacks, where malicious actors used fake profiles linked to hostile states to target employees in key industries and government departments in the United Kingdom, demonstrate how those tactics continue to evolve.
22% of All Users Still Run Microsoft End-of-Life Windows 7
Researchers on Monday reported that 22% of PC users still use Windows 7, which Microsoft stopped supporting in January 2020. In a company release, Kaspersky said the study was based on anonymized OS metadata provided by consenting Kaspersky Security Network users.
REvil’s Big Apple Ransomware Gambit Looks to Pay Off
The REvil ransomware gang is known for audacious attacks on the world’s biggest organizations, and its demands for astronomical ransoms to match. But the gang’s latest squeeze on Apple just hours before its splashy new product launch was a bold move, even for the notorious ransomware-as-a-service gang.
Vectra AI Expands Integration Ecosystem to Enhance User Experience
Vectra released extended endpoint detection and response (EDR) native integration support in the Cognito platform to enhance the user experience for the security tools and procedures already deployed in their arsenal. By unifying the NDR and EDR experience in a single UI, users get fast, simple, turnkey integrations that offer comprehensive security coverage across the enterprise, IoT devices, hybrid cloud, and cloud native applications.
Managed Security Services Provider (MSSP) News: April 23, 2021
Vectra, a provider of network detection and response (NDR), has released extended EDR native integration support in the Cognito platform.
Vectra AI Expands Integration Ecosystem
Vectra has released extended endpoint detection and response (EDR) native integration support in the Cognito platform to enhance the user experience for the security tools and procedures already deployed in their arsenal.
Hacker group REvil steals Apple products’ blueprints, demands $50M ransomware
In yet another major ransomware attack, Russian hacker group, REvil has claimed to have stolen blueprints of Apple’s latest products. REvil infiltrated network of Apple’s supplier, Quanta which makes Macbooks. The attack coincided with Apple’s Spring Loaded event where the company revealed its new products.
Pulse Secure VPN vulnerabilities exploited by hackers to compromise global government agencies
According to FireEye report, hackers with suspected links to China have been actively exploiting vulnerabilities in Pulse Secure VPN since June 2020. The impacted organisations include financial institutions, defence, and government agencies in the US and across the globe.
Use of Defensive AI Against Cyberattacks Grows
Security leaders are increasingly turning to AI and ML-based defenses against cyberattacks as pessimism grows over the efficacy of human-based cybersecurity defense efforts. A recent survey from MIT Technology Review Insights found more than half of business leaders think security strategies based on human-led responses to fast-moving attacks are failing; nearly all have begun to bolster their defenses in preparation for AI-enabled attacks.
Vectra AI Expands Integration Ecosystem to Improve User Experience
Vectra AI, a leader in cloud and network detection and response (NDR), today released extended endpoint detection and response (EDR) native integration support in the Cognito platform to enhance the user experience for the security tools and procedures already deployed in their arsenal.
Vectra AI Expands Integration Ecosystem
In this newest release, Vectra adds additional support for VMware Carbon Black EDR, VMware Carbon Black Cloud, Sentinel One Singularity, and FireEye Endpoint Security to its extensive list of native EDR integration partners, including CrowdStrike and Microsoft Defender for Endpoint.
Biden Administration Issues Russian Sanctions in Response to SolarWinds Hack, Election Interference
This week, the Biden administration handed down new Russian sanctions for its interference in the 2020 U.S. election, the massive SolarWinds hack and human rights abuses in Crimea. According to CNN, the Russian sanctions followed the U.S. intelligence community’s annual report that says Russia “presents one of the most serious intelligence threats to the United States.”
EU Unveils Proposed Strict AI Regulation
The European Union has officially proposed a strict new regulation on artificial intelligence that would ban the use of "real time" biometrics for surveillance, citing privacy concerns. The regulation would prohibit the use of facial recognition and other biometrics in public places.
REvil Seeks to Extort Apple and Hits Supplier with $50 Million Ransom
REvil – which has been on a tear the past several weeks – wants Apple to pay an undisclosed ransom by May 1 to “buy back” 15 stolen schematics of unreleased MacBooks and gigabytes of personal data on several major Apple brands they obtained from Quanta. The ransomware gang also informed Quanta that it stole and encrypted all of its network data and was seeking a $50 million ransom to be paid by April 27. The ransom would go up to $100 million after the deadline passed.
FBI Removes Web Shells From Compromised Third-Party Microsoft Exchange Servers Without Notifying the Owners
The FBI removed web shells from compromised Microsoft Exchange Servers through a court order without notifying the server owners. Microsoft security threat intelligence earlier said that Chinese malicious cyber actors exploited Microsoft Exchange server vulnerabilities to install remote administration web shells for exfiltrating data and delivering additional malware payloads.
Monero Cryptominer Attack Exploits Exchange Server Flaw
It didn’t take threat actors long to jump on a vulnerability affecting Microsoft Exchange mail server software. While exploits involving an array of malware from ransomware to webshells are well-documented, Sophos researchers report that other payloads have been aimed at Exchange servers.
MI5 Warns of Spies using LinkedIn
According to MI5, at least 10,000 U.K. nationals have been approached by fake profiles linked to hostile states, on the professional social network LinkedIn, over the past five years. The 10,000-plus figure includes staff in virtually every government departments as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information, BBC reports.
Europol Report Highlights Pandemic's Effect on Cybercrime
Europol’s Serious Organized Crime Threat Assessment report 2021 summarizes the criminal threat of the last four years and provides insights into what to expect over the next four years. While focused on Europe, it will not be substantively different to other areas of the globe.
The United States Sanction Russia in Response to Cyberattacks
Back in February, U.S. President Joe Biden held a speech at the State Department, warning the Russian state to stop the hacks immediately or get ready for escalation. Putin never admitted to having any involvement in the Sunburst attacks that went so deep in the American intelligence, but officially, the US held them accountable without a doubt.
President Biden Issues Sanctions Against Russia For Cyberattacks, Election Interference
U.S. President Biden has signed a new executive order imposing new sanctions on Russia for actions by "its government and intelligence services against the U.S. sovereignty and interests." The administration formally named Russian Foreign Intelligence Service (SVR), also known as APT 29, Cozy Bear, and The Dukes, as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures.
Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign.
NSA: 5 Security Bugs Under Active Nation-State Cyberattack
The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies.
US Pulls Back Curtain on Russian Cyber Operations
While the Biden administration is betting that the latest round of sanctions against Russia will help deter the country's cyber operations, several U.S. agencies, including the National Security Agency, used the sanctions announcement as an opportunity to pull back the curtain on the tactics of Russia's Foreign Intelligence Service.