28 Dec 2020

SolarWinds Hackers “Impacting” State and Local Governments

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning regarding the impact of the recent SolarWinds Orion software government espionage campaign likely conducted by Russia. The hack consisted of Russian nation-state hackers compromising SolarWinds’s popular Orion software supply chain, effectively installing a backdoor into hundreds of high profile

Read More
28 Dec 2020

Windows Zero-Day Still Circulating After Faulty Fix

A high-severity Windows zero-day allows an attacker to install programs and access admin privileges such as viewing, changing, and deleting data. It can lead to a complete desktop takeover and is located in the Print Spooler API. However, the critical flaw remains dangerous after Microsoft failed to effectively patch the

Read More
28 Dec 2020

Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack

The APT Lazarus Group and other threat actors have allegedly been actively trying to steal COVID-19 research, likely to speed up their own countries’ vaccine development efforts. Lazarus is likely seeking to steal intellectual property to report back to North Korea, according to Kaspersky researchers. Lazarus recently attacked both a

Read More
28 Dec 2020

Vietnam targeted in complex supply chain attack

According to the security firm ESET, a group of unknown hackers has conducted a sophisticated supply chain attack against Vietnamese private companies and government agencies. The threat actors targeted the Government Certification Authority (VGCA) by inserting malware inside an official software toolkit. The VGCA issues digital certificates used to sign

Read More
28 Dec 2020

Russian crypto-exchange Livecoin hacked after it lost control of its servers

On December 24, Russian cryptocurrency exchange Livecoin released a post stating that they had been the target of a cyberattack leading to loss of control over some of its servers. The warning advises customers to temporarily refrain from using its services, including depositing funds, making trades, and using API. The

Read More
23 Dec 2020

Emotet Campaign Restarts After Seven-Week Hiatus

An email campaign attempting to spread the malware with the Emotet downloader returned after being inactive after October 30. Three surges were seen in October with spam emails containing the Emotet downloader targeted vulnerable users. The malware often caused a Ryuk ransomware infection or there were also attempts to steal

Read More
23 Dec 2020

U.S. Urges American Firms to Shun Chinese Data Service Companies

The Department of Homeland Security issued a warning on Tuesday night advising US companies to steer clear of data services and equipment from firms linked to China, citing cybersecurity and national security risks. The advisory states that US networks become vulnerable to Chinese cyber threats when implementing Chinese equipment. According

Read More
22 Dec 2020

Microsoft, Google, Cisco, Dell join legal battle against hacking company NSO

On Monday, tech giants Microsoft, Cisco, Dell, and Google entered into a legal battle against hacking organization NSO. Facebook had already been battling the organization in court for a year and has now been backed by two industry leaders. The tech companies filed a brief in federal court alleging that

Read More
22 Dec 2020

Law enforcement take down three bulletproof VPN providers

This week, European and American law enforcement agencies have taken down the infrastructure of three VPN services used by cybercriminals to conduct cyberattacks. Authorities from the US, Germany, France, Switzerland, and the Netherlands coordinated on the seize, which will hopefully hinder the capabilities of cybercriminals using the VPNs to conduct

Read More
22 Dec 2020

Microsoft and McAfee headline newly-formed ‘Ransomware Task Force’

A new group consisting of 19 security firms, non-profits, and tech companies plans to combat the increasing threat of ransomware attacks. The coalition, named the Ransomware Task Force (RTF), contains well-known organizations such as McAfee and Microsoft. Other member companies include Aspen Digital, Citrix, Cybereason, The Institute for Security and

Read More