Security News

NCSC says cyber-readiness of UK’s critical infrastructure isn’t up to scratch
2023-11-14 07:02

The latest warning to CNI operators of what the NCSC said is an enduring and significant threat comes after a year of serious assaults on critical services in the UK. Royal Mail International was the target of a serious attack by the LockBit group in January, and this was after a raid on software supplier Advanced forced the NHS to revert to pen and paper once again. The UK and its intelligence partners have also sought to bring attention to the cyber threat faced by allied CNI over the past year, including alerts covering Russia's cyber-espionage-enabling Snake malware and China's attacks on US organizations.

Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks
2023-11-13 14:33

Danish critical infrastructure faced the biggest online attack in the country's history in May, according to SektorCERT, Denmark's specialist organization for the cybersecurity of critical kit. Zyxel firewalls are used extensively by the organizations protected by SektorCERT and the vulnerabilities in these, announced in April, which allow remote attackers to gain complete control of the firewall without authentication, were blamed for most of the attacks.

New Ransomware Group Emerges with Hive's Source Code and Infrastructure
2023-11-13 12:12

The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. While it's common for ransomware actors to regroup, rebrand, or disband their activities following such seizures, what can also happen is that the core developers can pass on the source code and other infrastructure in their possession to another threat actor.

Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer
2023-10-21 13:10

Europol on Friday announced the takedown of the infrastructure associated with Ragnar Locker ransomware, alongside the arrest of a "key target" in France. "In an action carried out between 16 and...

Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure
2023-10-17 14:48

In what's the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking groups have entered the fray in leveraging the...

FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure
2023-10-13 10:25

The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint...

Protecting your IT infrastructure with Security Configuration Assessment (SCA)
2023-10-03 11:48

Security Configuration Assessment (SCA) is critical to an organization's cybersecurity strategy. SCA aims to discover vulnerabilities and misconfigurations that malicious actors exploit to gain...

Chalk: Open-source software security and infrastructure visibility tool
2023-10-03 03:30

Chalk is a free, open-source tool that helps improve software security. You add a single line to your build script, and it will automatically collect and inject metadata into every build artifact: source code, binaries, and containers.

Hidden dangers loom for subsea cables, the invisible infrastructure of the internet
2023-09-21 03:30

More than 97% of the world's internet traffic passes through subsea cables at some point, according to ENISA. Subsea cables are a vital component of the global internet infrastructure, and it is critical to protect them from cyberattacks, physical attacks and other threats. The cable landing stations as well as subsea areas, where many cables are close to each other are considered weak points.

CISA Aims For More Robust Open Source Software Security for Government and Critical Infrastructure
2023-09-18 18:23

CISA also plans to create a guide to best practices in open source security for government entities and critical infrastructure organizations, according to the roadmap. CISA notes that open source software can lead to great innovation; however, CISA said, vulnerabilities like the widespread Log4shell vulnerability in 2021 mean open source software can introduce insidious flaws in widely-used code.