Security News > 2020 > December

An advanced hacking group believed to be working for the Russian government has compromised the internal network of a think tank in the U.S. three times. Incident responders from cybersecurity company Volexity investigating the attacks between late 2019 and July 2020 named the threat actor Dark Halo, a versatile adversary capable to quickly switch to different tactics and techniques to carry out long-term, stealthy operations.

An advanced hacking group believed to be working for the Russian government has compromised the internal network of a think tank in the U.S. three times. Incident responders from cybersecurity company Volexity investigating the attacks between late 2019 and July 2020 named the threat actor Dark Halo, a versatile adversary capable to quickly switch to different tactics and techniques to carry out long-term, stealthy operations.

Whether your organization uses the vulnerable SolarWinds software or you want to defend yourself against similar exploits, here are recommendations from four sources. Customers running Orion Platform version 2019.4 HF 5 are urged to update to 2019.4 HF 6.Further, the hotfix release 2020.2.1 HF 2 is available in the SolarWinds Customer Portal.

The Federal Bureau of Investigation has released a Private Industry Notification to warn of DoppelPaymer ransomware attacks on critical infrastructure. DoppelPaymer emerged as a forked version of BitPaymer, both believed to be the work of TA505, the threat actor best known for the infamous Dridex Trojan and Locky ransomware families.

We look at phishing tricks that really work, investigate a bizarre scam involving Subway sandwiches, and ask whether cybercriminals have lost their interest in the rest of us now they have coronavirus-related targets to go after. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

Few people were aware of SolarWinds, a Texas-based software company providing vital computer network monitoring services to major corporations and government agencies worldwide. It's raising questions about whether company insiders knew of its security vulnerabilities as its biggest investors sold off stock.

A threat actor is distributing fake Windows and Android installers for the Cyberpunk 2077 game that is installing a ransomware calling itself CoderWare. This week, Kaspersky malware analyst Tatyana Shishkova discovered an Android ransomware masquerading as a mobile version of the Cyberpunk 2077 game.

The COVID-19 crisis enabled scammers to take advantage of the guileless, as bad actors were able to extract personal information from targets, according to a new report from First Orion. First Orion's Annual Phone Scam Call Report exposed how scammers were able to get 270% more personal information in 2020 than they did in 2019.

Trend Micro informed customers this week that an update for its InterScan Web Security Virtual Appliance patches several potentially serious vulnerabilities, including ones that can be exploited to remotely take control of the appliance. The vulnerabilities were discovered by Wolfgang Ettlinger, a researcher at Austria-based cybersecurity consultancy SEC Consult, and they were reported to Trend Micro in the summer of 2019.

"By improving our understanding of biases, it becomes easier to identify and mitigate the impact of flawed reasoning and decision-making conventions," writes Margaret Cunningham, PhD, principal research scientist, in her Forcepoint report Thinking About Thinking: Exploring Bias in Cybersecurity with Insights from Cognitive Science. "Our efforts to build harmony between the best characteristics of humans and the best characteristics of technology to tackle cybersecurity challenges depend on understanding and overcoming bias," says Cunningham.