It has been reported that state-sponsored hackers who breached US software provider SolarWinds earlier this year pivoted to Microsoft’s internal network, and then used Microsoft’s own products to further the attacks against other companies. Reports have also stated that Microsoft has identified more than 40 of its customers that installed trojanised versions of the SolarWinds Orion platform and where hackers escalated intrusions with additional, second-stage payloads. The OS maker said it was able to discover these intrusions using data collected by Microsoft Defender antivirus product, a free antivirus product built into all Windows installations. Microsoft President Brad Smith said his company is now in the process of notifying…
ISBuzz Team
Microsoft said it identified more than 40 of its customers that installed trojanized versions of the SolarWinds Orion platform and where hackers escalated intrusions with additional, second-stage payloads.
In response to reports that British cryptocurrency exchange EXMO has disclosed that unknown attackers withdrew almost 5% of its total assets after compromising its hot wallets, cybersecurity experts at Cerberus Sentinel and Clear Skies offer perspective.
This holiday season, more consumers than ever will be shopping digitally — and cybercriminals are already capitalising on the opportunity. Greg Foss, Senior Cybersecurity Strategist at VMware Carbon Black, looked through the dark web to find that: There’s a continued rise in e-skimming attacks in the retail sector, where attackers inject JavaScript into website payment processing pages in order to siphon credit cards and account credentials from customers. Magecart is one of the most prominent groups behind this activity, consistently extending their capabilities and improving their tactics to infiltrate e-commerce applications, evade detections, and siphon off sensitive card data. Swiped credit cards are going for…
Flavor and fragrance developer Symrise has suffered a Clop ransomware attack where the attackers allegedly stole 500 GB of unencrypted files and encrypted close to 1,000 devices. Symrise is a major developer of flavors and fragrances used in over 30,000 products worldwide, including those from Nestle, Coca-Cola, and Unilever. Symrise generated €3.4 billion in revenue for 2019 and employs over 10,000 people.
2021 will be another challenging year for cybersecurity professionals. Security teams now face a plethora of new challenges brought on by the rapid deployment of tools, technologies and processes that enabled business continuity over the last 12 months. Many of these challenges stem from the widespread shift to remote working which, in a matter of days, completely changed the threat landscape for most organisations. The rushed nature of the remote working rollout now poses some major data security issues, which are compounded by the impending shift to a hybrid working model in the long term. In a recent Gartner survey…
The recent cyber-attack on SolarWinds is a prime example of the integral role password security plays in the fight against cyber-crime. This year’s shift to remote working has made us all susceptible to new security risks as cybercriminals look to capitalise on the situation. With reports that the single password of ‘SolarWinds123’ was previously used to access the software maker’s server, this latest large scale cybersecurity attack serves as an important reminder of the importance of instilling a strong security culture within organisations.
If 2020 has shown us anything, it’s that organisations need to be ready to face challenges beyond what they’ve considered in their risk assessments. The coronavirus pandemic has presented businesses with a challenge – adapt or fail. As we’ve seen with several famous High Street retailers, the pandemic has exacerbated problems that businesses have been struggling with for years. Suddenly, that digital transformation project that was years in the making needed to be fast-tracked, as businesses watched their digitally-savvy and digital-native competitors thrive. And when push came to shove, they succeeded, when before it would have ended in debate. Alongside…
Security researchers have discovered a new variant of spyware that’s targeting iOS and Android users as part of an international sextortion scam. According to a blog post by researchers at cyber security firm Lookout, the spyware, called Goontact, has been found in multiple Asian countries and targets users of illicit sites and steals personal information stored on their mobile devices. Researchers said the types of sites used to distribute these malicious apps and the information exfiltrated suggests that the ultimate goal is extortion or blackmail. The spyware often disguises itself as secure messaging applications and can exfiltrate a wide range…
It’s been reported that business leaders have joined forces with Greater Manchester Mayor Andy Burnham to explore the potential use of new vein ID biometric technology that could be used in the region’s transport, education and healthcare services. The group, chaired by Mike Blackburn OBE, director of The Growth Company and Marketing Manchester, will examine the technology which uses the unique finger vein pattern to provide secure, identity-enabled transactions. The company behind the technology, FinGo, believes the biometric solution could connect people to key services in the region more seamlessly and securely. It was initially launched in the hospitality sector…