While many details about the SolarWinds Orion hack and full victim list remain unknown, experts have ascribed the apparent espionage campaign to Russia. Now, however, Reuters reports that a separate group of Chinese hackers was also exploiting SolarWinds vulnerabilities to hack targets.
Several data breaches stemming from unpatched vulnerabilities in Accellion's File Transfer Appliance have been revealed. What went wrong? Where does the fault lie? And what can organizations do about it?
Ransomware operations continue to come and go. The notorious Maze ransomware gang retired last year, apparently replaced by Egregor, while new operators, such as Pay2Key, RansomEXX and Everest, have emerged. But in recent months, experts say, just six operations have accounted for 84% of attacks.
A data breach of a Washington state auditor's system exposed 1.4 million unemployment claimants’ records. The breach stemmed from an exploit of an unpatched system from Accellion, and the state says it was never notified of the flaw. But Accellion says it notified customers and offered a patch in December.
Biometrics, device-based risk scoring solutions and geo location can be helpful tools for tackling ID fraud, says Trace Fooshee, senior analyst at Aite Group, who calls for a layered approach.
The operators behind the Agent Tesla remote access Trojan have updated the malware to enable it to disable endpoint protection software and have added features to hide communications, according to a report from the security firm Sophos.
To take down bigger targets more easily and quickly, ransomware gangs are increasingly tapping initial access brokers, who sell ready access to high-value networks. Economically speaking, it's a no-brainer move for cybercrime gangs.
Up to 30% of the organizations hit as part of the cyberespionage campaign waged by the hackers responsible for the SolarWinds supply chain attack did not use the company’s compromised software, says Brandon Wales, acting director of CISA. These victims were targeted in a variety of other ways, he says.
Other darknet marketplaces apparently are preparing to fill the underground economy's need for a steady stream of stolen payment card data if the Joker's Stash site closes Feb. 15 as its administrator has announced. Some researchers believe the administrator may even launch a new marketplace.
More fraudsters are using artificial intelligence to generate “Frankenstein faces” for use in synthetic identity fraud. Kathleen Peters of Experian outlines this disturbing development in fraudster behavior, as outlined in a new report.
A recently updated cryptojacking malware variant called Pro-Ocean, which is associated with hacking group called Rocke, is targeting vulnerable Apache and Oracle WebLogic servers, according to Palo Alto Networks. It now includes rootkit and worming capabilities.
Ransomware attacks continue to pummel organizations, but fewer victims have been paying a ransom, and when they do, on average they're paying less than before, says ransomware incident response firm Coveware, which traces the decline to attackers failing to honor their data deletion promises.
Trickbot appears to be making a comeback with a fresh campaign that is targeting insurance companies and legal firms in North America, according to an analysis by Menlo Security. Researchers had warned the malware might surface again after a coordinated takedown of the botnet's infrastructure in 2020.
The number of data breaches being reported in the U.S. and elsewhere each year continues to decline. But security experts say this unfortunately can be explained by criminals increasingly focusing on lucrative ransomware and business email compromise scams, which require scant data to be successful.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.