On Monday, cybersecurity researchers connected a series of attacks targeting Accellion File Transfer Appliance (FTA) servers over the past two months to a data breach and extortion campaign orchestrated by the UNC2546 cybercrime group. Threat actors targeted up to 100 companies using Accellion’s FTA and stole sensitive files by combining multiple zero-day vulnerabilities and a…
Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Finance & Banking Operational Error Blamed for Nationwide System Crash Doug Olenick (DougOlenick) • February 24, 2021 The Federal Reserve’s online money transfer system, including Fedwire Funds and Fedcash, suffered an outage for more than three hours Wednesday afternoon, citing technical issues…
3rd Party Risk Management , Breach Notification , Critical Infrastructure Security FireEye, Microsoft, CrowdStrike Offer New Details and Recommendations Doug Olenick (DougOlenick) • February 23, 2021 (From the left) Microsoft President Brad Smith, SolarWinds CEO Sudhakar Ramakrishna and FireEye CEO Kevin Mandia The CEOs of SolarWinds, Microsoft, FireEye and CrowdStrike rolled out a…
Cyberwarfare / Nation-State Attacks , Forensics , Fraud Management & Cybercrime Issues Include Attackers’ Use of Amazon’s Infrastructure Scott Ferguson (Ferguson_Writes) • February 24, 2021 (Source: Jarek Tuszyński via Wikipedia) The Senate Intelligence Committee’s hearing Tuesday about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered…
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure.
Cyberpunk 2077’s next big patch has been delayed following developer CD Projekt Red’s disclosure that it fell victim to a ransomware attack earlier this month. The next big patch, 1.2, is now scheduled for a release sometime in the second half of March. “While we dearly wanted to deliver Patch 1.2 for Cyberpunk 2077 in…
MONTREAL, Feb. 23, 2021 (GLOBE NEWSWIRE) — Bombardier (TSX: BBD.B) announced today that it recently suffered a limited cybersecurity breach. An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network. In…
Fraud Management & Cybercrime , Social Engineering Zscaler: Malware Buries Itself Into TeamViewer Theo Nassiokas, Head of Technology, Governance & Risk Controls, Westpac Group • February 24, 2021 Attack flow for Minebridge malware (Source: Zscaler) The operators behind the Minebridge remote-access Trojan have updated the malware, which is targeting security researchers by using…
There is excitement in Ghana at becoming the first country to receive coronavirus vaccines through the Covax vaccine-sharing initiative, the One campaign’s executive director for Africa has said. Edwin Ikhuoria told BBC World News the delivery of the vaccine had been long awaited and was welcome news. The Covax programme was set up by World…
Nearly eight in 10 businesses globally feel that the pandemic has increased the likelihood of a state-led or -sponsored cyberattack on their organisation, revealed a new survey by the Economist Intelligence Unit (EIU) and the Cybersecurity Tech Accord on Monday. The businesses call for greater international political cooperation to mitigate these state-sponsored threats. The survey…
