The lack of automation and actionable threat intelligence may be preventing enterprises from developing the fully functional Cyber Fusion Centers they envision. Anomali's Mark Alba shares ideas on how to change that.
The Iranian-linked threat group TA453, also known as Charming Kitten and Phosphorus, conducted a phishing campaign, dubbed "BadBlood," in late 2020 that targeted senior U.S. and Israeli medical researchers in an attempt to obtain their Microsoft Office credentials, according to Proofpoint.
Security practitioners often tread a fine and not entirely well-defined legal line in collecting current and meaningful research. This research can also pose ethical questions when commercial sources for stolen data fall into a gray area.
Microsoft says ransomware activity against compromised on-premises Exchange servers remains limited, but it warns that organizations are far from out of the woods.
The SolarWinds supply chain attack demonstrates that Russian intelligence services have learned from previous operations and adjusted their tactics, says Dmitri Alperovitch, the former CTO of security firm CrowdStrike, which investigated Russian interference in the 2016 election.
Criminals operating online continue to tap ransomware in their pursuit of an illicit payday. That was the cybercrime reality throughout 2020, and unfortunately it still appears to be holding true in the first months of this year, the Cisco Talos Incident Response team reports.
The developers behind the Purple Fox fileless downloader malware have upgraded their operation and are using worm capability to target internet-facing devices running Windows, the security firm Guardicore Labs reports.
The SolarWinds supply chain attackers manipulated OAuth app certificates to maintain persistence and access privileged resources, including email, according to researchers at Proofpoint.
To help prevent and defend against emerging cyberthreats, CISOs must develop a multi-line defense strategy and invest in threat-hunting capabilities and orchestration, a panel of cybersecurity experts advises.
Swiss cybersecurity firm Prodaft says it has accessed several servers used by an advanced persistent threat group tied to the SolarWinds supply chain attack. These attackers continue to target large corporations and public institutions worldwide, with a focus on the U.S. and the European Union, the researchers say.
Finland's Security and Intelligence Service now believes that the 2020 hacking incident that targeted the country's Parliament was the work of a China-linked advanced persistent threat group APT31, also known as Zirconium.
Email security vendor Mimecast, which was targeted by the SolarWinds supply chain hack in January, reports in a Tuesday update that the hackers used the "Sunburst" backdoor as an initial attack vector to steal some source code. But Mimecast says it "found no evidence of any modifications" to that code.
The Pysa ransomware strain is increasingly targeting educational institutions in the U.S. and U.K., the FBI warns in a new flash alert. The hackers may threaten to leak exfiltrated data if a ransom is not paid.
An ongoing spear-phishing campaign by the threat group TA800 is distributing a new malware loader based on the Nim programming language that's designed to help avoid detection, according to the cybersecurity company Proofpoint.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.