Security News

Mimecast announced the Mimecast CyberGraph solution, a new add-on for Mimecast Secure Email Gateway that is engineered to use Artificial Intelligence to help detect sophisticated phishing and impersonation attacks. "Phishing and impersonation attacks are getting more sophisticated, personalized and harder to stop. If not prevented, these attacks can have devastating results for an enterprise organization," said Josh Douglas, VP, Product Management for Threat Intelligence at Mimecast.

Network appliance vendor SonicWall has issued an urgent security notice to warn of imminent data-encrypting ransomware attacks targeting known - and already patched - firmware vulnerabilities. The San Jose, Calif.-based SonicWall said its own threat-intelligence indicates that ransomware actors are "Actively targeting" security defects in its Secure Mobile Access 100 series and Secure Remote Access products running unpatched and end-of-life 8.x firmware.

Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322.". While it was previously revealed that the attacks were limited in scope, SolarWinds said it's "Unaware of the identity of the potentially affected customers."

Microsoft has attributed a new attack on SolarWinds to a group operating in China. The software giant on Tuesday posted details of the attack, which SolarWinds on Monday patched and revealed as a Return Oriented Programming attack that targets its Serv-U managed file transfer product and allows an attacker to run arbitrary code with privileges, install programs and alter data on cracked targets.

54% of businesses now have a defined policy in place to deal with ransomware attacks - whether this means paying a ransom, relying on insurance policies or refusing to pay at all, according to Databarracks. A ransomware policy may differ 21% have a policy to never pay a ransom.

China-based hackers known to target US defense and software companies are now targeting organizations using a vulnerability in the SolarWinds Serv-U FTP server. Today, SolarWinds released a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.

The Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service. The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP products, arrive after Microsoft notified the IT management and remote monitoring software maker that the flaw was being exploited in the wild.

A February ransomware attack on fashion label Guess linked to Colonial Pipeline attackers DarkSide is still causing damage. It's Guess's breach notification filing with Maine's Attorney General's Office that said more than 1,300 people had their information compromised during the ransomware attack, including account numbers, debit- and credit-card numbers, and even the related security codes, access codes and personal identification numbers.

Microsoft's embattled security response unit is urging Windows fleet administrators to prioritize fixes for three documented vulns that have already been exploited in live malware attacks. In all, Microsoft documented 117 vulnerabilities in the Windows ecosystem, some dangerous enough to expose users to remote code execution attacks.

SolarWinds has issued a hotfix for a zero-day remote code execution vulnerability already under active, yet limited, attack on some of the company's customers. Though the current threat appears to be from a sole actor and "Involves a limited, targeted set of customers," SolarWinds wanted to remedy the situation before it could escalate, the company said.