Security News

Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation...

"Our research found that there's much room for improvement in how global organizations can protect and manage their entire attack surface. It's not a question of if, but when, an attack will occur - especially against critical infrastructure that society so heavily relies upon." Employees increasingly are using their own assets in business environments, with clear gaps in the enforcement of BYOD policies: 22% of respondents report having an official BYOD policy that is not enforced across all employees, 23% say they either have guidelines that employees are encouraged to follow or admit they don't have any policies or guidelines around BYOD. Organizations, on average, can only account for around 60% of their assets when it comes to knowing things like asset location or the support status of these assets.

The latest warning to CNI operators of what the NCSC said is an enduring and significant threat comes after a year of serious assaults on critical services in the UK. Royal Mail International was the target of a serious attack by the LockBit group in January, and this was after a raid on software supplier Advanced forced the NHS to revert to pen and paper once again. The UK and its intelligence partners have also sought to bring attention to the cyber threat faced by allied CNI over the past year, including alerts covering Russia's cyber-espionage-enabling Snake malware and China's attacks on US organizations.

Danish critical infrastructure faced the biggest online attack in the country's history in May, according to SektorCERT, Denmark's specialist organization for the cybersecurity of critical kit. Zyxel firewalls are used extensively by the organizations protected by SektorCERT and the vulnerabilities in these, announced in April, which allow remote attackers to gain complete control of the firewall without authentication, were blamed for most of the attacks.

The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. While it's common for ransomware actors to regroup, rebrand, or disband their activities following such seizures, what can also happen is that the core developers can pass on the source code and other infrastructure in their possession to another threat actor.

Europol on Friday announced the takedown of the infrastructure associated with Ragnar Locker ransomware, alongside the arrest of a "key target" in France. "In an action carried out between 16 and...

In what's the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking groups have entered the fray in leveraging the...

The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint...

Security Configuration Assessment (SCA) is critical to an organization's cybersecurity strategy. SCA aims to discover vulnerabilities and misconfigurations that malicious actors exploit to gain...

Chalk is a free, open-source tool that helps improve software security. You add a single line to your build script, and it will automatically collect and inject metadata into every build artifact: source code, binaries, and containers.