Month: April 2021
How to Conduct Vulnerability Assessments: An Essential Guide for 2021
29 April 2021Hackers are scanning the internet for weaknesses all the time, and if you don’t want your organization to fall victim, you need to be the first to find these weak spots. In other words, you have to adopt a proactive approach to managing your vulnerabilities, and a crucial first step in achieving this is performing […]
Read More
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years
29 April 2021A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind to harvest and exfiltrate sensitive information from infected systems. Dubbed “RotaJakiro” by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that […]
Read More
Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware
28 April 2021Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research. The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious. “The […]
Read More
F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability
28 April 2021Cybersecurity researchers on Wednesday disclosed a new bypass vulnerability in the Kerberos Key Distribution Center (KDC) security feature impacting F5 Big-IP application delivery services. “The KDC Spoofing vulnerability allows an attacker to bypass the Kerberos authentication to Big-IP Access Policy Manager (APM), bypass security policies and gain unfettered access to sensitive workloads,” Silverfort researchers Yaron […]
Read More
Attention! FluBot Android Banking Malware Spreads Quickly Across Europe
28 April 2021Attention, Android users! A banking malware capable of stealing sensitive information is “spreading rapidly” across Europe, with the U.S. likely to be the next target. According to a new analysis by Proofpoint, the threat actors behind FluBot (aka Cabassous) have branched out beyond Spain to target the U.K., Germany, Hungary, Italy, and Poland. The English-language […]
Read More
Time to stop the money-making business of kicking hospitals when they’re down
28 April 2021Late last year, CISA, HHS and the FBI issued a joint warning on impending cyberattacks on hospitals during the pandemic. Today’s columnist, Jeff Costlow of ExtraHop, offers strategies to help hospitals defeat those attacks. U.S.SecretaryofDefense CreativeCommons CC BY 2.0 The recent spate of ransomware attacks against hospitals must stop. It’s unconscionable. We’re in an ongoing […]
Read More
Hackers Threaten to Leak D.C. Police Informants’ Info If Ransom Is Not Paid
27 April 2021The Metropolitan Police Department (MPD) of the District of Columbia has become the latest high-profile government agency to fall victim to a ransomware attack. The Babuk Locker gang claimed in a post on the dark web that they had compromised the DC Police’s networks and stolen 250 GB of unencrypted files. Screenshots shared by the […]
Read More
Cybersecurity Webinar: Understanding the 2020 MITRE ATT&CK Results
27 April 2021The release of MITRE Engenuity’s Carbanak+Fin7 ATT&CK evaluations every year is a benchmark for the cybersecurity industry. The organization’s tests measure how well security vendors can detect and respond to threats and offers an independent metric for customers and security leaders to understand how well vendors perform on a variety of tasks. However, for the […]
Read More
FBI, CISA Uncover Tactics Employed by Russian Intelligence Hackers
27 April 2021The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI) on Monday published a new joint advisory as part of their latest attempts to expose the tactics, techniques, and procedures (TTPs) adopted by the Russian Foreign Intelligence Service (SVR) in its attacks targeting the U.S […]
Read More
Hackers Exploit 0-Day Gatekeeper Flaw to Attack MacOS Computers
27 April 2021Security is only as strong as the weakest link. As further proof of this, Apple released an update to macOS operating systems to address an actively exploited zero-day vulnerability that could circumvent all security protections, thus permitting unapproved software to run on Macs. The macOS flaw, identified as CVE-2021-30657, was discovered and reported to Apple […]
Read More