Skip to content
FIN7 'technical guru' sentenced to 10 years in prisonA U.S. federal judge on Friday sentenced Fedir Hladyr to 10 years in prison for his alleged role as an administrator of the multibillion-dollar cybercrime group known as FIN7, which has breached hundreds of U.S. firms. The 10-year sentence includes three years Hladyr has already spent in detention since his arrest, and $2.5 million in restitution…
Codecov dev tool hit in another supply chain hackThere’s another supply chain hack on the block. Starting in January, attackers began altering Codecov’s Bash Uploader script and accessing Codecov customers’ information, the firm announced Thursday. Codecov, a platform that provides customers with reviews of code, found out about the unauthorized access and meddling on April 1. Bash Uploader is a tool that customers…
How (and why) cyber specialists hacked a North American utility's smart meterThe hackers behind some of the most impactful intrusions of industrial organizations in the last five years have meticulously searched for ways to move from facilities’ IT networks to the more sensitive computers that interact with machinery. Before alleged Russian hackers cut power in Ukraine in 2015, for example, they spent many months mapping out utility…
A push for cybersecurity philanthropic giving launchesOver nearly a decade, cybersecurity-related philanthropic giving has constituted a fraction of one percent of the billions of dollars devoted to peace and security causes. An open letter Friday signed by trade associations, non-profits, charitable foundations, think tanks and well-known cybersecurity professionals aims to change that trend as part of what could be a series…
U.S. government accuses Russian companies of recruiting spies, hacking for MoscowThe Biden Administration took a sideswipe at the Russian government’s network of companies it allegedly relies on to conduct intelligence and military hacking Thursday — part of a broader effort to beat back Russian government hacking and information operations targeting Americans, the U.S. private sector and the federal government. In one of the most striking…
White House slaps sanctions on Russian cyber activities while blaming SVR for SolarWinds campaignThe Biden administration on Thursday imposed sweeping sanctions on Russian intelligence operatives for their alleged interference in the 2020 U.S. election, and on Russian companies for allegedly supporting Moscow’s extensive cyber-espionage operations. The Treasury Department sanctioned 32 organizations and individuals for their alleged influence operations aimed at the U.S. election. The White House said it…
NSA, FBI, DHS expose Russian intelligence hacking tradecraftThe U.S. government warned the private sector Thursday that Russian government hackers working for Russia’s Foreign Intelligence Service (SVR) are actively exploiting five known vulnerabilities to target U.S. companies and the defense industrial base. The National Security Agency, the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) urged system administrators…
Lawmakers press spy leaders on lagging efforts to block foreign hackersWhen companies become aware they have been targeted by criminal or nation-state hackers, they need to fess up and come to the U.S. government with information to help feds get a better handle on foreign nation-state hacking, FBI Director Chris Wray emphasized during testimony on Capitol Hill Wednesday. Wray noted that companies coming forward when…
Unpatched Microsoft Exchange Servers hit with cryptojackingHackers are hitting Microsoft Exchange Servers with a Monero cryptominer, according to Sophos research published Tuesday. The attackers, whom Sophos did not identify, began their apparently financially-motivated campaign shortly after Microsoft announced four zero-day vulnerabilities, according to Sophos. The attackers have lost several of the servers they used to steal Monero — a kind of…
BazarLoader Malware Abuses Slack, BaseCamp CloudsTwo cyberattack campaigns are making the rounds using unique social-engineering techniques.
iOS Kids Game Morphs into Underground Crypto CasinoA malicious ‘Jungle Run’ app tricked security protections to make it into the Apple App Store, scamming users out of money with a casino-like functionality.
NSA: 5 Security Bugs Under Active Nation-State CyberattackWidely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware are all in the crosshairs of APT29, bent on stealing credentials and more.
Mandiant Front Lines: How to Tackle Exchange ExploitsMatt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses (SMBs) can identify and clear ProxyLogon Microsoft Exchange infections.
Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace PeriodThe zero-day flaw research group has revised its disclosure of the technical details of vulnerabilities in the hopes of speeding up the release and adoption of fixes.
Biden Races to Shore Up Power Grid Against HacksA 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said.
Gafgyt Botnet Lifts DDoS Tricks from MiraiThe IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.
Attackers Target ProxyLogon Exploit to Install CryptojackerThreat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered.
Security Bug Allows Attackers to Brick Kubernetes ClustersThe vulnerability is triggered when a cloud container pulls a malicious image from a registry.
Ransomware Attack Creates Cheese Shortages in NetherlandsNot a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw.
FBI Clears ProxyLogon Web Shells from Hundreds of OrgsIn a veritable cyber-SWAT action, the Feds remotely removed the infections without warning businesses beforehand.
A Post-Data Privacy World and Data-Rights ManagementJoseph Carson, chief security scientist at Thycotic, discusses the death of data privacy and what comes next.
100,000 Google Sites Used to Install SolarMarker RATSearch-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.
Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange FixesMicrosoft fixes 110 vulnerabilities, with 19 classified as critical and another flaw under active attack.
CreativeMinds WordPress Plugin Curated RSS Aggregator
