admin

0 Comments
Intelligence-led security firm FireEye yesterday announced the acquisition of Respond Software, a company that uses automation to assist customers to comprehend and investigate security incidents. The transaction closed on November 18, 2020, and is valued at approximately $186m in cash and stock.  FireEye said that the acquisition of Respond Software will open new market opportunities to deliver eXtended Detection and Response
0 Comments
A critical vulnerability uncovered in Real-Time Automation’s (RTA) 499ES EtherNet/IP (ENIP) stack could open up the industrial control systems to remote attacks by adversaries. RTA’s ENIP stack is one of the widely used industrial automation devices and is billed as the “standard for factory floor I/O applications in North America.” “Successful exploitation of this vulnerability
0 Comments
A data breach at an Iowa hospital has exposed the Social Security numbers and private medical information of more than 60,000 patients.  Mercy Iowa City began notifying patients on November 13 of a data breach that occurred in spring 2020 after an employee’s email account was accessed by a threat actor.  The hospital detected the breach
0 Comments
Emotet is one of the most dangerous and widespread malware threats active today. Ever since its discovery in 2014—when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for distributing other kinds of computer viruses. Being constantly under development, Emotet updates itself regularly to improve stealthiness,
0 Comments
A former Green Beret in the United States Army has admitted passing classified information to Russian intelligence agents. Peter Rafael Dzibinski Debbins was arrested in August 2020 and charged with conspiring to provide United States national defense information to agents of a foreign government. On November 18, the 45-year-old Gainesville, Florida, resident pleaded guilty to the charge and now faces a
0 Comments
An Oregon county hit by wildfires and a fall surge in Covid-19 cases is now dealing with the fallout from a cyber-attack. Jackson County’s website is currently down following a recent ransomware attack on the county’s web-hosting service provider, Managed.com. The company took down all its servers on Monday after reportedly becoming the latest target of REvil.  A status update issued by
0 Comments
The information at risk of theft due to API flaws included people’s pictures, locations, dating preferences and Facebook data Security vulnerabilities in Bumble, one of today’s most popular dating apps, could have exposed the personal information of its entire, almost 100 million-strong user-base. The bugs – which affected Bumble’s application programming interface (API) and stemmed
0 Comments
An Irish cyber-thief has been jailed for his part in a SIM-swap conspiracy that robbed victims of their life savings. Conor Freeman was identified by US Homeland Security as a member of a criminal group that stole over $2m worth of cryptocurrency from multiple victims in 2018. Freeman, of Dun Laoghaire, Dublin, pleaded guilty to stealing cryptocurrency, dishonestly operating a
0 Comments
by Paul Ducklin We know what you’re thinking: “Another year; another vendor; another threat report… …and when I open it, I’ll be stuck in a thinly disguised product brochure.” Well, not this one. We’ve combined research from a number of threat prevention groups inside Sophos, including SophosLabs, Sophos Managed Threat Response, Sophos Rapid Response, Sophos
0 Comments
Sound security budget planning and execution are essential for CIO’s/CISO’s success. Now, for the first time, the Ultimate Security Budget Plan and Track Excel template (download here) provide security executives a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that security needs are addressed while maintaining the budgetary frame. The
0 Comments
American telecommunications company Verizon today released its first ever data-driven report on cyber-espionage attacks.  The 2020 “Cyber Espionage Report” (CER) draws from seven years of Verizon “Data Breach Investigations Report” (DBIR) content and more than 14 years of the company’s Threat Research Advisory Center (VTRAC) Cyber-Espionage data breach response expertise.  Verizon said that it published the CER
0 Comments
ESET researchers uncover a novel Lazarus supply-chain attack leveraging WIZVERA VeraPort software ESET telemetry data recently led our researchers to discover attempts to deploy Lazarus malware via a supply-chain attack in South Korea. In order to deliver its malware, the attackers used an unusual supply-chain mechanism, abusing legitimate South Korean security software and digital certificates
0 Comments
Data breaches in the healthcare industry are likely to triple in volume in the coming year, according to a new report by Black Book Market Research. The “2020 State of the Healthcare Cybersecurity Industry” report is based on a survey of 2,464 security professionals from 705 provider organizations. Respondents were asked to identify gaps, vulnerabilities, and deficiencies
0 Comments
Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools (RATs) on target systems. Attributing the operation to the Lazarus Group, also known as Hidden Cobra, Slovak internet security company ESET said the state-sponsored threat actor leveraged
0 Comments
An international construction engineering and mobility services company is joining forces with a software business to launch a new center that aims to protect the cybersecurity of the railway industry. The new partnership between France-based Egis Group and Israeli tech company Cylus was announced today along with their plan to construct a Center for Excellence for advanced, rail-focused cybersecurity services. Built in line
0 Comments
Backdoor authors show deep knowledge of the targeted POS software, decrypting database passwords from Windows registry values ESET researchers have discovered ModPipe, a modular backdoor that gives its operators access to sensitive information stored in devices running ORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS – a management software suite used by hundreds of thousands of
0 Comments
Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices. The backdoor — dubbed “ModPipe” — impacts Oracle MICROS Restaurant Enterprise Series (RES) 3700 POS systems, widely used software suite restaurants, and hospitality establishments
0 Comments
Summary In 2017, Secureworks® Counter Threat Unit™ (CTU) researchers continued to track GOLD SKYLINE, a financially motivated Nigerian threat group involved in business email compromise (BEC) and business email spoofing (BES) fraud. During the investigation, CTU™ researchers discovered a previously unidentified BEC group that they have named GOLD GALLEON. Unlike other BEC groups, GOLD GALLEON
0 Comments
A British ticketing company has been financially penalized over a 2018 data breach that exposed the personal information of millions of customers across Europe.  The Information Commissioner’s Office (ICO) has fined Ticketmaster UK Limited £1.25m for failing to keep its customers’ personal data secure. Ticketmaster issued a data breach notice in June 2018 after a third-party platform provider Inbenta Technologies was infected with