Security News

Palo Alto Networks' global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year - along with an estimation of the multimillion-dollar payouts it's receiving. REvil threat actors often encrypted the environment within seven days of the initial compromise.

Arthur J. Gallagher, a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September. "Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020," AJG said.

Trend Micro on Wednesday released a new report describing the threats affecting industrial control system endpoints in 2020. The highest number of organizations that had their industrial systems hit by ransomware was seen by the cybersecurity firm in the United States, far more than in any other country.

Governments worldwide are too often playing catch-up against private cyberspace operators in what is poised to become a key arena for defending national interests, the International Institute for Strategic Studies said Tuesday. While the US remains the dominant cyberspace power, China is rapidly gaining ground and could soon be a major rival in both the civil and military spheres, the Britain-based research group said after a two-year study.

A report looking into the security of the Linux kernel's release signing process has highlighted a range of areas for improvement, from failing to mandate the use of hardware security keys for authentication to use of static keys for SSH access. The most severe issue noted, though only rated as a medium on a scale from informational at the bottom to high at the top, was that developers who are able to commit code directly to the Linux kernel repositories were not mandated to use hardware security keys - making any breach of their personal systems, as in the 2011 attack, considerably more serious.

Most developers never update third-party libraries after including them in their software, a new report from application security company Veracode reveals. Compiled in partnership with the Cyentia Institute, Veracode's latest State of Software Security report focuses on open source software and the manner in which developers approach the security of third-party libraries they use.

The Water Sector Coordinating Council last week announced a new cybersecurity report focusing on water and wastewater utilities in the United States. The release of the report coincided with news that a threat actor in January attempted to poison the water at a facility in the U.S. The Water Sector Coordinating Council describes itself as "a policy, strategy and coordination mechanism for the Water and Wastewater Sector in interactions with the government and other sectors on critical infrastructure security and resilience issues."

HackerOne announced a new workflow automation integration with GitHub that enables the tracking and synchronization of high-priority vulnerability reports between HackerOne and GitHub. HackerOne is making its debut on GitHub's Marketplace.

A subcontractor for the U.S. Department of Energy that works on nuclear weapons with the National Nuclear Security Administration, last month was hit by a cyberattack that experts say came from the relentless REvil ransomware-as-a-service gang. As Javers noted, "We don't know everything this small company does," but he posted a sample job posting that indicates that it handles nuclear weapons issues: "Senior Nuclear Weapon System Subject Matter. Expert with more than 20 years of experience with nuclear weapons like the W80-4." The W80 is a type of nuclear warhead carried on air-launched cruise missiles.

United States trucks and military vehicles maker Navistar International Corporation has confirmed a cyberattack that resulted in some data being stolen. On Monday, in a Form 8-K filing with the Securities and Exchange Commission, Navistar said it earned of a credible potential cybersecurity threat to its information technology system on May 20, 2021.