Security News

Hensoldt, a multinational defense contractor headquartered in Germany, has confirmed that some of its UK subsidiary's systems were compromised in a ransomware attack. While the company is yet to issue a public statement regarding this incident, the Lorenz ransomware gang has already claimed the attack.

Contractors employed via umbrella company Parasol Group are increasingly nervous about a multi-day outage of some IT systems used to process payroll, with several suspecting a security attack as the root cause. Greet Borsens, the chief sales officer at Parasol Group, itself part of Optionis Group, wrote to its contractor customers on 12 January confirming "a systems outage in parts of our group" affecting the MyParasol portal.

Google has finally rolled out an option on Android allowing users to disable 2G connections, which come with a host of privacy and security problems exploited by cell-site simulators. While Google has given Android users the option not to allow 2G cellular connections on their device, the setting is turned on by default.

New York Attorney General Letitia James reported 1.1 million credentials tied to 17 "Well known" state businesses were compromised in recent cyberattacks. According to the alert, many of the firms were unaware that that their customer's passwords had been compromised.

Hackers believed to be part of the Iranian APT35 state-backed group has been observed leveraging Log4Shell attacks to drop a new PowerShell backdoor. As part of their research, the analysts also spotted something new in the form of a PowerShell modular backdoor named 'CharmPower.

A high-severity remote code execution flaw tracked as CVE-2021-45388 has been discovered in the KCodes NetUSB kernel module, used by millions of router devices from various vendors. NetUSB is a kernel module connectivity solution developed by KCodes, allowing remote devices in a network to interact with the USB devices directly plugged into a router.

FinalSite announced today the findings of a six-day investigation into last week's ransomware attack, stating it found no evidence schools' data accessed or stolen by hackers. After a six-day investigation, FinalSite states that they have determined what ransomware gang performed the attack and how they gained access to their network but would not be disclosing their names due to ongoing investigations.

Extortion or ransom DDoS attacks started to become a new threat in August 2020 and grew bigger and more complex since then. One of the largest DDoS attacks that Cloudflare mitigated lasted for 60 seconds and came from a botnet with 15,000 systems that hurled close to 2Tbps of junk packets at a customer.

With millions of Log4j-targeted attacks clocking in per hour since the flaw's discovery last month, there's been a record-breaking peak of 925 cyberattacks a week per organization, globally. The number comes out of a Monday report from Check Point Research, which found Log4Shell attacks to be a major contributor to a 50-percent increase year-over-year in overall attacks per week on corporate networks for 2021.

Threat hunters have shed light on the tactics, techniques, and procedures embraced by an Indian-origin hacking group called Patchwork as part of a renewed campaign that commenced in late November 2021, targeting Pakistani government entities and individuals with a research focus on molecular medicine and biological science. "Ironically, all the information we gathered was possible thanks to the threat actor infecting themselves with their own , resulting in captured keystrokes and screenshots of their own computer and virtual machines," Malwarebytes Threat Intelligence Team said in a report published on Friday.