Mandiant is currently tracking 12 malware families associated with the exploitation of Pulse Secure VPN devices. These families are related to the circumvention of authentication and backdoor access to these devices, but they are not necessarily related to each other and have been observed in separate investigations. It is likely that multiple actors are responsible for the creation and deployment of these various code families, says Mandiant.
MI5 has warned about spies luring people on LinkedIn. At least 10,000 U.K. nationals have been approached by fake profiles linked to hostile states, on the professional social network LinkedIn, over the past five years.
With more powerful malware, a tightening regulatory environment, and greater consumer security consciousness raising the stakes for organizational cybersecurity, understanding how personal data monitoring impacts cybersecurity has never been more vital.
Through observation and analysis of open source information and behavior on multiple closed forums, Intel 471 found actors adopting the use of legitimate big data technology for cybercrime and monetizing the data they obtain on the Chinese-language underground.
Hiscox reveals that U.S. businesses’ cybersecurity spending is on the rise and they are leaders in cyber expertise, but still have more work to do when it comes to ransomware and phishing emails. The annual Hiscox Cyber Readiness Report, which gauges businesses’ preparedness to combat cyber incidents and breaches, surveyed over 6,000 professionals responsible for their company’s cybersecurity from the U.S., U.K., Belgium, France, Germany, the Netherlands, Spain and Ireland. Key findings specific to the more than 1,000 U.S. professionals surveyed include:
The U.S. Department of Energy (DOE) today announced that Puesh M. Kumar will serve as Acting Principal Deputy Assistant Secretary (PDAS) for DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER).
Netenrich announced the appointment of Christopher Morales as Chief Information Security Officer (CISO) and Head of Security Strategy to its leadership team. Morales will oversee the strategic development, implementation, and market execution of the company’s security solutions and processes.
A security team can sink an infinite amount of time and resources into strengthening your infrastructure, but it’s all for nothing if a default password is used by an exec, or someone in HR makes the mistake of responding to a clever phishing message.
Cybercriminals will always find the path of least resistance and for most organizations the easiest way in is through the people.
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them.
U.S. President Biden has signed a new executive order imposing new sanctions on Russia for actions by "its government and intelligence services against the U.S. sovereignty and interests." The administration formally named Russian Foreign Intelligence Service (SVR), also known as APT 29, Cozy Bear, and The Dukes, as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures.
RSS
