News


  • Ransomware attack hits Italy’s Lazio region, affects COVID-19 site

    August 4, 2021

    The Lazio region in Italy has suffered a reported ransomware attack that has disabled the region’s IT systems, including the COVID-19 vaccination registration portal. Early Sunday morning, the Lazio region suffered a ransomware attack that encrypted every file in its data center and disrupted its IT network. “The attack blocked almost every file in the data center. ...

  • MILIPOL PARIS 2021, 22nd edition – The leading event for homeland security and safety – Paris-Nord Villepinte exhibition centre from October 19 to 22, 2021

    August 4, 2021

    For several decades now, Milipol Paris has been the world’s top event dedicated to safety and security professionals. It is the place where technological innovations are presented as an effective response to the sector’s needs and the major threats. Organised under the patronage of the French Ministry of the Interior, this new edition of Milipol ...

  • ‘DeadRinger’ Targeted Exchange Servers Long Before Discovery

    August 4, 2021

    Threat actors linked to China exploited the notorious Microsoft Exchange ProxyLogon vulnerabilities long before they were publicly disclosed, in attacks against telecommunications companies aimed at stealing sensitive customer data and maintaining network persistence, researchers have found. Researchers from Cybereason have been tracking multiple cyberespionage campaigns – collectively dubbed “DeadRinger” – since 2017, reporting initially on findings ...

  • The Pentagon says its new AI can see events ‘days in advance’

    August 4, 2021

    The US military is testing the use of cutting-edge data gathering tools combined with artificial intelligence to predict enemies’ next moves with up to days of advance. Speaking at a press conference, the commander of the US Northern Command (NORTHCOM) Glen VanHerck revealed that trials have been on-going to improve the military’s use of data when ...

  • NSA, CISA release Kubernetes Hardening Guidance

    August 3, 2021

    FORT MEADE, Md. – The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,” today. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk. Kubernetes is an open source system that automates the deployment, scaling, and management of applications run ...

  • PwnedPiper critical bug set impacts major hospitals in North America

    August 2, 2021

    Pneumatic tube system (PTS) stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively referred to as PwnedPiper. PTS solutions are part of a hospital’s critical infrastructure as they are used to quickly deliver items like blood, tissue, lab samples, or medication to where they’re needed. Read more… Source: Bleeping ...

  • DarkSide ransomware gang returns as new BlackMatter operation

    July 31, 2021

    Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. After conducting an attack on Colonial Pipeline, the US’s largest fuel pipeline, and causing fuel shortages in the southeast of the USA, the DarkSide ransomware group faced ...

  • Here’s 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ

    July 30, 2021

    Details of 30 servers thought to be used by Russia’s SVR spy agency (aka APT29) as part of its ongoing campaigns to steal Western intellectual property were made public today by RiskIQ. Russia’s Foreign Intelligence Service “is actively serving malware (WellMess, WellMail) previously used in espionage campaigns targeting COVID-19 research in the UK, US, and Canada,” ...

  • DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices

    July 30, 2021

    The US Department of Justice says that the Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russian Foreign Intelligence Service (SVR) during the SolarWinds global hacking spree. “The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020,” the DOJ said ...

  • Security team finds Crimea manifesto buried in VBA Rat using double attack vectors

    July 29, 2021

    Hossein Jazi and Malwarebytes’ Threat Intelligence team released a report on Thursday highlighting a new threat actor potentially targeting Russian and pro-Russian individuals. The attackers included a manifesto about Crimea, indicating the attack may have been politically motivated. The attacks feature a suspicious document named “Manifest.docx” that uniquely downloads and executes double attack vectors: remote template ...

  • Hackers used never-before-seen wiper in recent attack on Iranian train system

    July 29, 2021

    Researchers with cybersecurity company SentinelOne reconstructed the recent cyberattack on Iran’s train system in a new report, uncovering a new threat actor — which they named ‘MeteorExpresss’ — and a never-before-seen wiper. On July 9, local news outlets began reporting on a cyberattack targeting the Iranian train system, with hackers defacing display screens in train stations ...

  • Israeli Government Agencies Visit NSO Group Offices

    July 29, 2021

    Authorities from multiple agencies of the Israeli government paid a visit the offices of the NSO Group as part of a new investigation into claims that the secretive firm is selling its spyware to threat actors for targeted attacks, according to the Israeli Ministry of Defense. A single tweet from the ministry announced the raid on ...

  • Iran’s secret cyber files on how cargo ships and petrol stations could be attacked

    July 29, 2021

    Classified documents, allegedly from Iran, reveal secret research into how a cyber attack could be used to sink a cargo ship or blow up a fuel pump at a petrol station. The internal files, obtained by Sky News, also include information on satellite communication devices used by the global shipping industry as well as a computer-based ...

  • Phishing Attacks Often Target Small Businesses – Here’s What to Watch for

    July 29, 2021

    Scammers target businesses with phishing emails all the time, pretending to be legitimate customers or vendors asking for payment. While any company can be vulnerable to this type of attack, small- to medium-size companies are particularly vulnerable because it is easier for a scammer to do a bit of research online and identify the right ...

  • NSA Issues Guidance on Securing Wireless Devices in Public Settings

    July 29, 2021

    FORT MEADE, Md. – NSA released the Cybersecurity Information Sheet, “Securing Wireless Devices in Public Settings” today to help National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) teleworkers identify potential threats and minimize risks to their wireless devices and data. Cyber actors can compromise devices over Bluetooth, public Wi-Fi, and Near-Field ...

  • APT trends report Q2 2021

    July 29, 2021

    Investigating the recent Microsoft Exchange vulnerabilities Kaspersky and their colleagues from AMR found an attacker deploying a previously unknown backdoor, “FourteenHi”, in a campaign that we dubbed ExCone, active since mid-March. During our investigation we revealed multiple tools and variants of FourteenHi, configured with infrastructure that FireEye reported as being related to the UNC2643 activity ...

  • Risks in Telecommunications IT

    July 29, 2021

    Telecommunications is just one aspect of a 200-year-old field of research in IT. In our latest report, “Islands of Telecoms: Risks in IT,” we liken this field to what seems to be separate islands that are in fact connected by a larger landmass underneath an ocean of IT. Indeed, the features of telecommunications might seem ...

  • CISA announces new vulnerability disclosure policy (VDP) platform

    July 29, 2021

    Last fall, CISA issued the final version of Binding Operational Directive (BOD 20-01), which was issued in support of the Office of Management and Budget M-20-32, “Improving Vulnerability Identification, Management, and Remediation”. This Directive reflects CISA’s commitment to strengthening cybersecurity and resilience for federal civilian agencies by requiring agencies to establish policies enabling the public ...

  • Biden pushes for stronger cybersecurity in critical infrastructure, wants companies to do more

    July 28, 2021

    President Joe Biden will sign a national security memorandum on Wednesday that aims to strengthen cybersecurity for critical infrastructure, as concern mounts about the vulnerability of the U.S. in the wake of a series of recent ransomware attacks. The memo will include directives for federal departments, while the administration is also calling for tougher action from ...

  • Haron and BlackMatter are the latest groups to crash the ransomware party

    July 28, 2021

    July has so far ushered in at least two new ransomware groups. Or maybe they’re old ones undergoing a rebranding. Researchers are in the process of running down several different theories. Both groups say they are aiming for big-game targets, meaning corporations or other large businesses with the pockets to pay ransoms in the millions of ...