Security News

Analyzing the illegitimate use of Cobalt Strike, Proofpoint said it found that the tool is increasingly being used by attackers as an initial access payload, meaning it's enlisted to deploy the initial malicious payload onto victimized machines. This is a change from past instances when Cobalt Strike was used more as a second-stage tool that played a role once the targeted systems had already been accessed.

More than 3.5 million people worldwide are needed to play defense against cyberattacks. TechRepublic's Karen Roby spoke with Tom Kellerman, head of cybersecurity strategy for VMware, about ransomware and cybersecurity.

Intermedia Cloud Communications launched AI Guardian - the artificial intelligence-based security solution designed to protect businesses and their employees from dangerous and targeted cyberattacks. Integrated within Intermedia Email Protection - the email security engine that currently protects millions of mailboxes globally - and powered by Armorblox, developer of a leading natural language understanding platform for cybersecurity, AI Guardian's algorithms analyze thousands of signals involving the language, context, and historical pattern of emails to prevent increasingly more complex spam, viruses, ransomware, malware, and phishing attempts from ever reaching mailboxes.

Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "Small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "Sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware, implying that the targeted devices are publicly accessible over the internet.

Cyberattack traffic targeting the video game industry grew more than any other industry during the COVID-19 pandemic. According to Akamai's report, the video game industry suffered more than 240 million web application attacks in 2020, a 340% increase over 2019.

Attorney General Merrick Garland said Tuesday that private industry needs better safeguards to avoid calamitous consequences in the event of cyberattacks like the ones that have targeted American infrastructure and corporations. "You have to have a secondary method if your first method is shut down. You have to have depth, and we need to work with them on that," Garland said, one week after a meeting between President Joe Biden and Russian President Vladimir Putin that included discussion of a spate of Russia-linked ransomware attacks in recent months.

The South Korean Atomic Energy Research Institute has confirmed that an unknown third-party gained unauthorized access to its systems. "Currently, the Atomic Energy Research Institute is investigating the subject of the hacking and the amount of damage," the institute also said.

A recent "Large scale" cyberattack targeting top Polish politicians was launched from Russia, Jaroslaw Kaczynski, the leader of Poland's governing right-wing party, said on Friday. "Analyses by our services and the secret services of our allies allow us to unequivocally say that the cyberattack was carried out from the territory of the Russian Federation," Kaczynski said in a statement.

Carnival Corp., the world's largest cruise-ship operator, has sprung another leak: For the second time in a year, attackers have breached email accounts and accessed personal, financial and health information belonging to guests, employees and crew. Fifteen months ago, in March 2020, Carnival Cruise Lines disclosed that it was hit with a data breach: Threat actors accessed names, addresses, Social Security numbers, passport numbers or driver's-license numbers, credit-card and financial account information, and health-related information.

The cyber assault on Air India that came to light last month lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate confidence to a Chinese nation-state threat actor called APT41. On May 21, India's flag carrier airline, Air India, disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years in the wake of a supply chain attack directed at its Passenger Service System provider SITA earlier this February.