U.S. and Bulgarian authorities have seized servers and disrupted the infrastructure and darknet websites of the Netwalker ransomware gang. Police have also arrested one person and confiscated ransom money collected by the cybercriminal gang. The news comes the same week the Emotet botnet was disrupted.
Email security vendor Mimecast confirmed Tuesday that the hackers responsible for the SolarWinds supply chain hack also breached the security firm's network to compromise a digital certificate that encrypts data that moves between some of the firm's products and Microsoft's servers.
When he co-founded ThreatMark nearly six years ago, Michal Tresner saw it as a threat detection solution for online banking. Very quickly, he realized the future was in behavior profiling and fraud prevention. Tresner discusses the emergence of this science and biometrics technologies.
Symantec Threat Intelligence says it's uncovered another malware variant used in the SolarWinds supply chain hack - a loader nicknamed "Raindrop" that apparently was used to deliver Cobalt Strike, a legitimate penetration testing tool, to a handful of targets.
The U.S. Capitol siege and the impeachment of President Trump are being exploited for disinformation purposes ahead of Inauguration Day by Russia, Iran and China, a U.S. joint threat assessment reportedly warns. But in terms of violence, domestic extremists are the principal threat.
Many of the insurrectionists who marched on the Capitol on Jan. 6 and violently forced their way into the building livestreamed their activities or boasted about them via social media. Those self-identifying actions have helped law enforcement authorities identify some of the more than 70 individuals charged.
Investigators probing the supply chain attack that hit SolarWinds say attackers successfully hacked the company's Microsoft Visual Studio development tools to add a backdoor into Orion network monitoring security software builds. They warn that other vendors may have been similarly subverted.
The "Sunburst" backdoor deployed in the breach of SolarWinds' Orion network monitoring tool uses some of the same code found in the "Kazuar" backdoor, which security researchers have previously tied to Russian hackers, the security firm Kaspersky reports.
Mounting evidence points to the "serious compromise" of SolarWinds' Orion software having been an intelligence gathering operation "likely" run by Russia, according to U.S. government agencies probing the supply chain attack. It's the first official attack attribution to be issued by the Trump administration.
Britain's National Crime Agency says 21 individuals have been arrested on suspicion of purchasing personally identifiable information from the WLeakInfo website. Authorities say the site provided access to more than 12 billion personal records culled from 10,000 data breaches.
He's commanded armed forces, directed the National Security Agency, and now he is president of vendor IronNet Cybersecurity. From this unique perspective, retired General Keith Alexander says the SolarWinds breach is "a call for action."
An investigation at the U.S. Treasury Department has found that it suffered a "significant" breach as a result of the SolarWinds Orion supply chain attack, a top Democrat on the Senate Finance Committee reports. Meanwhile President-elect Joe Biden said of the attack: "I promise you, there will be a response."
Lawmakers are pressing government agencies for answers following disclosures this week about an advanced persistent threat group's massive hacking campaign involving compromised SolarWinds Orion network management software. Secretary of State Mike Pompeo said Friday Russians "engaged in this activity."
Microsoft says it has removed malware related to an expansive hacking campaign that has ensnared thousands of organizations and U.S. government agencies. Meanwhile, CISA warns the SolarWinds Orion supply chain compromise may not be the only infection vector.