Security News

60% of IT security decision makers believe their overall security strategy does not keep pace with the threat landscape, and that they are either lagging behind, treading water, or merely running to keep up, according to a survey by Sapio Research. This Help Net Security video uncovers why companies have a long way to go to protect privileged identities and access.

The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company. The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the ransomware strain by North Korean government-backed hackers to target the healthcare sector since at least May 2021.

7-Eleven Denmark has confirmed that a ransomware attack was behind the closure of 175 stores in the country on Monday. "This is a so-called ransomware attack, where the criminals have forced access to the network and locked the systems," 7-Eleven DK said in a statement on Facebook.

At least three groups split from the Conti ransomware operation have adopted BazarCall phishing tactics as the primary method to gain initial access to a victim's network. This allows the threat actors to deploy highly-targeted attacks that are more difficult to detect and stop because of the social engineering component.

At least three groups split from the Conti ransomware operation have adopted BazarCall phishing tactics as the primary method to gain initial access to a victim's network. Currently, there is evidence of three groups, all part of the former Conti ransomware operation, that used BazarCall or a version of those tactics: Silent Ransom Group, Quantum, and Roy/Zeon.

A member of the Cuba ransomware operation is employing previously unseen tactics, techniques, and procedures, including a novel RAT and a new local privilege escalation tool. The threat actor was named 'Tropical Scorpius' by researchers at Palo Alto Networks Unit 42 and is likely an affiliate of the Cuba ransomware operation.

A new large-scale phishing campaign targeting Coinbase, MetaMask, Kraken, and Gemini users is abusing Google Sites and Microsoft Azure Web App to create fraudulent sites. Posting links to phishing pages on various legitimate sites aims to increase traffic and boost the malicious site's search engine rankings.

In this interview for Help Net Security, Kunal Modasiya, VP of Product Management at Qualys, discusses how the new component, integrated into CyberSecurity Asset Management 2.0, adds the external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface. The new component adds the outside-in external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface.

Microsoft has released security updates to address a high severity Windows zero-day vulnerability with publicly available exploit code and abused in attacks. DogWalk was publicly disclosed by security researcher Imre Rad more than two years ago, in January 2020, after Microsoft replied to his report saying it won't provide a fix because this isn't a security issue.

VMware found a quarter of all ransomware attacks included double-extortion techniques, with top methods including blackmail, data auction and name and shame The use of deepfakes also shot up this year, by 13 percent to 66 percent of respondents reporting they had featured in an attack. 65 percent of respondents noted that cyberattacks had increased since Russia invaded Ukraine and 62 percent said they'd been on the receiving end of zero-day exploits.