Security News
Access management outfit BeyondTrust has urged organizations to remove admin rights from users, arguing that doing so would have at least mitigated more than 100 vulnerabilities in Microsoft products last year. There are businesses and groups out there that are pressured internally into handing people admin rights to keep folks working with awkward software deployments.
Access management outfit BeyondTrust has urged organizations to remove admin rights from users, arguing that doing so would have at least mitigated more than 100 vulnerabilities in Microsoft products last year. There are businesses and groups out there that are pressured internally into handing people admin rights to keep folks working with awkward software deployments.
HackerOne released its 2021 Hacker Report that reveals a 63% increase in the number of hackers submitting vulnerabilities in 2020. Reports for vulnerabilities caused by trends like moving to the cloud have proliferated in the past year, with misconfiguration vulnerabilities rising by 310%. Other key findings 38% of hackers spent more time hacking since the COVID-19 pandemic started.
Hacker groups linked to Russian intelligence conducted cyber-attacks against top Lithuanian officials and decision-makers last year and used the Baltic nation's technology infrastructure as a base to hit targets elsewhere, a report by Lithuania's intelligence service said Thursday. The annual national security threat assessment report claimed that, among others, the Russian cyber-espionage group APT29 with alleged links to Russia's intelligence services "Exploited" Lithuania's information technology infrastructure "To carry out attacks by APT29 against foreign entities developing a COVID-19 vaccine."
Cybercriminals have changed tactics since COVID-19, with surgically precise social engineering attacks targeting business apps replacing batch-and-blast phishing. A survey of IT professionals and leaders from email security firm GreatHorn finds big changes afoot in the world of email-targeting cyberattacks: The daily quantity of attacks has decreased, but those that remain are more precise and easier to miss.
SolarWinds has reported expenses of $3.5 million from last year's supply-chain attack, including costs related to incident investigation and remediation. Further expenses were recorded by SolarWinds after paying for legal, consulting, and other professional services related to the December hack and provided to customers for free.
New research has found evidence that a Chinese-affiliated threat group has hijacked a hacking tool previously used by the Equation Group. "Although we don't show any conclusive evidence that there is there any connection between China and the ShadowBrokers, we do show conclusive evidence that this Chinese group had in their possession a tool that was made by Equation Group, and not only that they had this tool, but they also repurposed it and used it, probably to attack many targets, including American targets," Yaniv Balmas, head of cyber research with Check Point Software, said.
In a new report, analysts from Forrester touted the Zero Trust Edge model as a way for organizations to unify networking and security infrastructure while also securing and enabling remote workers. "The Zero Trust Edge model is a safer on-ramp to the internet for organizations' physical locations and remote workers. A ZTE network is a virtual network that spans the internet and is directly accessible from every major city in the world. It uses Zero Trust Network Access to authenticate and authorize users as they connect to it and through it," Holmes wrote.
Kia Motors America has publicly acknowledged an "Extended system outage," but ransomware gang DoppelPaymer claimed it has locked down the company's files in a cyberattack that includes a $20 million ransom demand. The ransom note from DoppelPaymer, first published by BleepingComputer, said the attack was on Hyundai Motor America, the parent company of Kia Motors America, based in Irvine, Calif. It went on to say that the company has two to three weeks to pay up 404 Bitcoins, which is around $20 million as of this writing.
The 2021 State of Malware Report from Malwarebytes found that cybercriminals are learning from the past to build smarter software and starting to modularize their products to make distribution easier. The report examined what malware was most active during 2020, as well as trends in attacks on specific devices such as Android phones and Mac laptops.