Agency Warns Attackers Could Use IT Exploits to Pivot to OT Systems Akshaya Asokan (asokan_akshaya) • May 1, 2021 The U.S. National Security Agency is offering operational technology security guidance for the Defense Department as well as third-party military contractors and firms in the wake of the attack that targeted SolarWinds in 2020….
Cryptocurrency Fraud , Cybercrime , Fraud Management & Cybercrime Prosecutors: Yearslong Scheme Resulted in Theft of $530,000 Prajeet Nair (@prajeetspeaks) • April 29, 2021 A Massachusetts man has pleaded guilty to running a yearslong scam that used SIM swapping and other hacking techniques to steal more than $530,000 worth of cryptocurrency, the U.S….
Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash. “These remote code execution (RCE) vulnerabilities cover more than…
Student researcher is concerned security gap may exist on many other sites. A student and security researcher recently informed credit-reporting bureau Experian about a vulnerability on a partner website that lets anyone look up credit scores with only a name and mailing address. KrebsOnSecurity is reporting the incident after receiving the tip from Rochester Institute of Technology sophomore…
For at least the third time since the beginning of this year, the U.S. government is investigating a hack against federal agencies that began during the Trump administration but was only recently discovered, according to senior U.S. officials and private sector cyber defenders. It is the latest so-called supply chain cyberattack, highlighting how sophisticated, often…
Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash.“These remote code execution (RCE) vulnerabilities cover more than 25…
Fraud Management & Cybercrime , Governance & Risk Management , Patch Management FireEye: Attacks Happened Before Patch Issued for VPN Vulnerability Doug Olenick (DougOlenick) • April 30, 2021 A cyberthreat gang that’s been active since 2020 exploited a now-patched zero-day vulnerability in the SonicWall SMA 100 Series appliance to plant ransomware in attacks…
Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Fraud Risk Management Suspicious Activity Detected; Investigation Continues Scott Ferguson (Ferguson_Writes) • April 30, 2021 The Cybersecurity and Infrastructure Security Agency is investigating whether five government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to…
Fraud Management & Cybercrime , Governance & Risk Management , Patch Management FireEye: Attacks Happened Before Patch Issued for VPN Vulnerability Doug Olenick (DougOlenick) • April 30, 2021 A cyberthreat gang that’s been active since 2020 exploited a now-patched zero-day vulnerability in the SonicWall SMA 100 Series appliance to plant ransomware in attacks…
A zero-day vulnerability addressed by SonicWall in its Secure Mobile Access (SMA) appliances earlier this year was exploited by a sophisticated and aggressive cybercrime group before the vendor released a patch, FireEye’s Mandiant unit reported on Thursday. Over the past half a year, a new cybercrime group has been observed using a broad range of…
