Sat.Dec 12, 2020 - Fri.Dec 18, 2020

article thumbnail

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Krebs on Security

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds , a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just the first of many such disclosures.

Hacking 364
article thumbnail

NSA on Authentication Hacks (Related to SolarWinds Breach)

Schneier on Security

The NSA has published an advisory outlining how “malicious cyber actors” are “are manipulating trust in federated authentication environments to access protected data in the cloud.” This is related to the SolarWinds hack I have previously written about , and represents one of the techniques the SVR is using once it has gained access to target networks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

US Orders Rare Emergency System Shut-Downs After Severe CyberSecurity Breach Hits Government And Businesses

Joseph Steinberg

The U.S. government instructed all of its civilian agencies to immediately shut off various popular network and system management products being exploited as part of an ongoing cyberattack. Russian government hackers are believed to have poisoned with malware updates of the SolarWinds Orion products used in many government agencies and in over 80% of the Fortune 500, introducing vulnerabilities that the hackers then exploited to conduct espionage and to pilfer extremely sensitive materials.

article thumbnail

12 Online Resolutions for 2021

Adam Levin

If 2020 taught us anything, it’s to expect the unexpected–and do the best we can in a rapidly changing world. That’s always the case when it comes to cybersecurity. Here are 12 New Year Resolutions for a safer and more secure digital you in 2021: Think before you click that email link: 2020 was a record-breaking year for ransomware, malware, and phishing , and many, if not most of these attacks were launched with the click on a link in an email.

VPN 245
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

VMware Flaw a Vector in SolarWinds Breach?

Krebs on Security

U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware , which the U.S.

Software 362
article thumbnail

US Schools Are Buying Cell Phone Unlocking Systems

Schneier on Security

Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology. Known as mobile device forensic tools (MDFTs), this type of tech is able to siphon text messages, photos, and application data from student’s devices.

More Trending

article thumbnail

Predicting 2021 in cybersecurity: DDoS attacks, 5G speed, AI security, and more

Tech Republic Security

Expert pleads with companies to realize they are potential attack victims, no matter their size.

DDOS 218
article thumbnail

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

Krebs on Security

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned. Austin, Texas-based SolarWinds disclosed this week that a compromise of its software update servers earlier this year may have resulted in malicious code

Hacking 361
article thumbnail

More on the SolarWinds Breach

Schneier on Security

The New York Times has more details. About 18,000 private and government users downloaded a Russian tainted software update –­ a Trojan horse of sorts ­– that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised. Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies.

Software 361
article thumbnail

GUEST ESSAY: Here’s how Secure Access Service Edge — ‘SASE’ — can help, post Covid-19

The Last Watchdog

One legacy of the ongoing global pandemic is that companies now realize that a secured and well-supported remote workforce is possible. Recently, the University of Illinois and the Harvard Business School conducted a study, and 16% of companies reported switching their employees to work at home from offices at least twice a week. Related: SASE translates into secure connectivity.

IoT 214
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

With AI maturing, are humans still needed to fight cybercrime?

Tech Republic Security

Cybercriminals are clever, and AI cannot always account for that. This is where cybersecurity and AI professionals come in.

article thumbnail

The Asset Trap

Adam Shostack

As we look at what’s happened with the Russian attack on the US government and others via Solarwinds, I want to shine a spotlight on a lesson we can apply to threat modeling. An example of asset-driven thinking leads the article Hack may have exposed deep US secrets; damage yet unknown. And I don’t want to pick on this article in particular — anyone can fall into this trap: Some of America’s most deeply held secrets may have been stolen in a disciplined, monthslong operation being bl

article thumbnail

How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication

Schneier on Security

This is interesting : Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. This was unexpected for a few reasons, not least of which was the targeted mailbox was protected by MFA. Logs from the Exchange server showed that the attacker provided username and password authentication like normal but were not challenged for a second factor through Duo.

article thumbnail

Hackers target COVID-19 vaccine supply chain and sell the vaccine in Darkweb

Security Affairs

Threat actors continue to trade critical medical data in the Dark Web while organizations are involved in the response to the COVID-19 pandemic. Cybercrime organizations continue to be very active while pharmaceutical organizations are involved in the development of a COVID-19 vaccine and medicines to cure the infections. Experts from Cyble discovered in several forums on the dark web, the offer for enormous repositories of critical medical that wee stolen from multiple organizations.

Phishing 145
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Phone scammers were able to get 270% more personal information in 2020 than in 2019

Tech Republic Security

The COVID-19 crisis enabled scammers to take advantage of the guileless, as bad actors were able to extract personal information from targets, according to a new report from First Orion.

218
218
article thumbnail

Latest on SolarWinds Cyber Attack: 'Grave Impact'

SecureWorld News

When news broke a few days ago that IT management company SolarWinds was compromised in a supply chain cyber attack, we discovered that attackers accessed both the U.S Treasury Department and the Department of Commerce. Read the related story. Now we know that was just the start. Here are updates coming in: CISA emergency directive to unplug SolarWinds Orion products.

article thumbnail

Mexican Drug Cartels with High-Tech Spyware

Schneier on Security

Sophisticated spyware, sold by surveillance tech companies to Mexican government agencies, are ending up in the hands of drug cartels : As many as 25 private companies — including the Israeli company NSO Group and the Italian firm Hacking Team — have sold surveillance software to Mexican federal and state police forces, but there is little or no regulation of the sector — and no way to control where the spyware ends up, said the officials.

Spyware 341
article thumbnail

Microsoft confirms breach in SolarWinds hack, but denies its clients were affected

Security Affairs

Microsoft confirms that it was also breached in the SolarWinds supply chain hack, but excluded that the attack impacted its customers. Microsoft has confirmed that it was one of the companies breached in the recent SolarWinds supply chain attack, but the IT giant denied that the nation-state actors compromised its software supply-chain to infect its customers.

Hacking 145
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Cybersecurity experts hail new IoT law

Tech Republic Security

The bill would increase protection for the billions of connected devices "owned or controlled by the government" in homes and businesses.

IoT 218
article thumbnail

No One Knows How Deep Russia's Hacking Rampage Goes

WIRED Threat Level

A supply chain attack against IT company SolarWinds has exposed as many as 18,000 companies to Cozy Bear's attacks.

Hacking 145
article thumbnail

Another Massive Russian Hack of US Government Networks

Schneier on Security

The press is reporting a massive hack of US government networks by sophisticated Russian hackers. Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal systems in the past five years. Several said national security-related agencies were also targeted, though it was not clear whether the systems contained highly classified material. […].

article thumbnail

PyMICROPSIA Windows malware includes checks for Linux and macOS

Security Affairs

Experts discovered a new Windows info-stealer, named PyMICROPSIA, linked to AridViper group that is rapidly evolving to target other platforms. Experts from Palo Alto Networks’s Unit 42 discovered a new Windows info-stealing malware, named PyMICROPSIA, that might be used soon to also target Linux and macOS systems. Experts spotted the PyMICROPSIA info stealer while investigating attacks of the AridViper group (also tracked as Desert Falcon and APT-C-23 ).

Malware 145
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

AI, ML can bolster cybersecurity, and vice versa, professor says

Tech Republic Security

Howard University professor talks about his research in emerging technologies.

article thumbnail

2021 Security Budgets: Top Priorities, New Realities

Dark Reading

An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.

article thumbnail

Authentication Failure

Schneier on Security

This is a weird story of a building owner commissioning an artist to paint a mural on the side of his building — except that he wasn’t actually the building’s owner. The fake landlord met Hawkins in person the day after Thanksgiving, supplying the paint and half the promised fee. They met again a couple of days later for lunch, when the job was mostly done.

article thumbnail

Norwegian cruise company Hurtigruten was hit by a ransomware

Security Affairs

Norwegian cruise company Hurtigruten disclosed a cyber attack that impacted its entire worldwide digital infrastructure. The Norwegian cruise company Hurtigruten announced its entire worldwide digital infrastructure was the victim of a cyber attack. “It’s a serious attack,” said the Hurtigruten’s chief digital officer Ole-Marius Moe-Helgesen in a statement. “The entire worldwide digital infrastructure of Hurtigruten seems to have been hit.” “The attack s

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The worst bugs in the top programming languages

Tech Republic Security

A heatmap shows PHP has the most flaws followed by C++, then Java,Net, JavaScript, and Python in Veracode's annual security report.

215
215
article thumbnail

Nuclear Weapons Agency Hacked in Widening Cyberattack – Report

Threatpost

Sources said the DoE suffered "damage" in the attack, which also likely extends beyond the initially known SolarWinds Orion attack vector.

Hacking 141
article thumbnail

Zodiac Killer Cipher Solved

Schneier on Security

The SF Chronicle is reporting (more details here ), and the FBI is confirming, that a Melbourne mathematician and team has decrypted the 1969 message sent by the Zodiac Killer to the newspaper. There’s no paper yet, but there are a bunch of details in the news articles. Here’s an interview with one of the researchers: Cryptologist David Oranchak, who has been trying to crack the notorious “340 cipher” (it contains 340 characters) for more than a decade, made a crucial bre

Software 255
article thumbnail

Microsoft partnered with security firms to sinkhole the C2 used in SolarWinds hack

Security Affairs

Microsoft and its partners have seized the primary domain used in the SolarWinds attack to identify the victims through sinkholing. Microsoft partnered with other cybersecurity firms to seize the primary domain used in the SolarWinds attack ( avsvmcloud[.]com ) in an attempt to identify all victims and prevent other systems from being served malicious software. here is list of DGA subdomain c2: avsvmcloud[.]com #SolarWinds #backdoor c2 domain list: [link] pic.twitter.com/NufyhDB5Zj — R.

Hacking 145
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!