Cybercrime , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime State Department, DHS Focus on Ransomware Threats to Critical Infrastructure Scott Ferguson (Ferguson_Writes) • July 15, 2021 Source: US State Department The U.S. Department of State is now offering rewards of up to $10 million for information about cyberthreats to the nation’s…
Endpoint Security , Fraud Management & Cybercrime , Fraud Risk Management Both Companies Confirm ‘Advanced Discussions’; Avast’s Market Valuation Is $7.2 Billion Mathew J. Schwartz (euroinfosec) • July 15, 2021 Avast’s headquarters in Prague (Photo: Avast) Security software firm NortonLifeLock says it is in discussions to acquire Avast, a rival security firm known…
An “imminent ransomware campaign” will be impacting SonicWall’s Secure Mobile Access 100 series and Secure Remote Access products, according to a security advisory from the vendor. SonicWall, a security vendor known for firewall and access offerings, published a security advisory Wednesday for unpatched and end-of-life (EOL) 8.x firmware versions of its SMA 100 and SRA…
Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management DDoS-Guard Disputes Exploit.in Listing for Customer Data. But What’s the Risk to Users? Mathew J. Schwartz (euroinfosec) • July 15, 2021 Cybercrime forum advertisement for allegedly stolen DDoS-Guard customer information (Source: Kela) Leaked data getting offered for sale via cybercrime forums and markets…
SonicWall is just the latest security vendor to see its products used to perpetuate ransomware attacks. SonicWall has issued an urgent security notice warning users of unpatched End-Of-Life (EOL) SRA & SMA 8.X remote access devices that they have been made aware of an imminent ransomware campaign using stolen credentials. The exploitation targets a known…
SonicWall is warning of an imminent risk of a ransomware attack targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products in a security notice today. “Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted…
Business Continuity Management / Disaster Recovery , COVID-19 , Critical Infrastructure Security Former Head of GCHQ Highlights Need for Getting Basics Right, Plus Government Action Mathew J. Schwartz (euroinfosec) • July 14, 2021 Robert Hannigan, who formerly headed Britain’s GCHQ intelligence agency, delivers a virtual keynote speech at the Infosecurity Europe conference on…
Microsoft’s Threat Intelligence Centre has found a new zero-day vulnerability in SolarWinds software, which is currently being exploited by a Chinese hacking group. SolarWinds network monitoring software was in the headlines at the end of last year and throughout the first half of 2021 after a software update was compromised and used to hack around 18,000 customers…
Cybercrime , Fraud Management & Cybercrime , Social Engineering Proofpoint Describes Campaign That Uses Conference as a Lure Doug Olenick (DougOlenick) • July 14, 2021 A spear-phishing letter sent by TA453 using University of London’s School of Oriental and African Studies letterhead to fool its victims (Source: Proofpoint) The Iranian advanced persistent threat…
WASHINGTON: Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an emergency directive last night requiring the Pentagon and all other executive branch agencies to fix a Microsoft Windows vulnerability that could allow attackers to gain control of entire networks. The vulnerability, formally called CVE-2021-34527 and dubbed PrintNightmare by security researchers, affects a Microsoft Windows service…
