What is a Supply Chain Attack ❓

Presentation The Kaseya cyberattack disturbed more than 1,000 organizations over the Fourth of July weekend and may end up being perhaps the greatest hack ever. It’s additionally a typical case of an “Supply Chain” hack: a sort of cyberattack where hoodlums target programming merchants or IT...

Planned Parenthood Breach Opens Patients to Follow-On Attacks

Planned Parenthood’s Los Angeles PPLA division has been hacked, with cyberattackers making off with sensitive personal health information for at least 400,000 patients. In a data-breach notice PDF filed with the state of California, the organization said that it had detected the intrusion on Oct...

Behind the unprecedented effort to protect customers against the NOBELIUM nation-state attack

This is the third in a four-part blog series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. Microsoft’s four-part video series “Decoding NOBELIUM” pul...

Behind the unprecedented effort to protect customers against the NOBELIUM nation-state attack

This is the third in a four-part blog series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. Microsoft’s four-part video series “Decoding NOBELIUM” pul...

IKEA Hit by Email Reply-Chain Cyberattack

As of Friday – as in, shopping-on-steroids Black Friday – retail titan IKEA was wrestling with a then-ongoing reply-chain email phishing attack in which attackers were malspamming replies to stolen email threads. BleepingComputer got a look at internal emails – one of which is replicated below –...

Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers

An APT has attacked two separate vaccine manufacturers this year using a shape-shifting malware that appears at first to be a ransomware attack but later shows to be far more sophisticated, researchers have found. Dubbed Tardigrade by the Bioeconomy ​​Information Sharing and Analysis Center...

FBI server hijacked to send up to 100,000 bogus attack mails

If you received a scary missive from what appears to be from the FBI over the last few days, youre not alone. The emails, which may have reached as many as 100,000 people, blamed a fictitious cyberattack on an innocent party. The mail read as follows: Our intelligence monitoring indicates...

FBI Says Its System Was Exploited to Email Fake Cyberattack Alert

The FBI admitted on Monday morning that an attacker exploited a flaw in how an agency messaging system is configured: a flaw that let an unknown party send out a flood of fake “urgent” warnings about bogus cyberattacks. The Spamhaus Project, a European nonprofit that monitors email spam, detected...

Evasive maneuvers: HTML smuggling explained

Microsoft Threat Intelligence Center MSTIC last week disclosed “a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features” that it calls HTML smuggling. HTML smuggling has been used in targeted, spear-phishing email campaigns that deliver banking Trojans...

Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access

A critical security bug in the Citrix Application Delivery Controller ADC and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate. The two affected Citrix products formerly the NetScaler ADC and Gateway are used for application-aware traffi...

The hunt for NOBELIUM, the most sophisticated nation-state attack in history

This is the second in a four-part blog series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. Microsoft’s four-part video series “Decoding NOBELIUM”...

Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs

Three separate threat groups are all using a common initial access broker IAB to enable their cyberattacks, according to researchers – a finding that has revealed a tangled web of related attack infrastructure underpinning disparate and in some cases rival malware campaigns. The BlackBerry Resear...

Grief Ransomware Targets NRA

A ransomware group tied to Russia claims to have stolen data from the National Rifle Association NRA in a ransomware attack on the controversial gun-rights group, which has declined to comment on the situation. The Grief ransomware gang listed the NRA as a victim of its nefarious activity on its...

Iranian Gas Stations Crippled After Suffering Cyberattack

By Deeba Ahmed Soon after the cyberattack, videos and posts started surfacing on social media displaying messages that read: "Khamenei! Where is our gas?" Another sign read: "Free gas in Jamaran gas station." This is a post from HackRead.com Read the original post: Iranian Gas Stations Crippled...

Cyberattack Cripples Iranian Fuel Distribution Network

An attack on the fuel distribution chain in Iran reportedly forced the shutdown of a network of filling stations Tuesday, leaving motorists stranded at pumps across the country and unable to fill up their tanks. The incident disabled government-issued electronic cards providing subsidies that man...

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

The launch of a standing offer to pay for Windows virtual private network VPN software zero-day exploits came to light this week, even as the U.S. mulls new regulations on the export of tools that could be used in cyberattacks against the U.S. or its interests. The developments signal that the U....

Before and After a Pen Test: Steps to Get Through It

An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test pen test. The penetration test helps to discover vulnerabilities and weaknesses in...

Credential Stuffing Attack: ❗️ Definition and Protection

Introducing A new SecureAuth study discovered that 53% of shoppers reuse similar secret phrase for various accounts. When login credentials are presented to programmers, even once, they can be utilized to get to a large number of records, regardless of whether it is an email account, medical...

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in the field for so long, we have witnessed some major changes in the cybercrime worlds modus operandi. This report shares our insights into the Russian-speaking cybercrime worl...

Sinclair Confirms Ransomware Attack That Disrupted TV Stations

Sinclair Broadcast Group, which owns hundreds of local television stations across the U.S., confirmed Monday that it has suffered a ransomware attack. The incident is disrupting its advertising operations, among other things, and spread to many of its owned TV affiliates over the weekend, knockin...