April 2022

The need for organisations to guard against the dangers of ransomware is not new, yet never has the threat to data been so pervasive as in 2022.   In addition to the perpetually ongoing growth in the scale and sophistication of the capabilities which threat actors possess, there’s been the requirement for businesses to rapidly shift to work-from-home models since the outbreak of the Covid-19 pandemic –...

Read More

The ongoing struggle to update vulnerable software by finding and applying the right patches in a timely manner has led half of enterprise IT departments to use Web application firewalls (WAFs) either in lieu of patching or to offer some protection before patching can be achieved.   This comes from a new Dark Reading report, "How Enterprises Are Securing the Application Environment." The survey asked 136 IT,...

Read More

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards.   Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891, with some of the group's tactics, techniques, and procedures sharing overlaps...

Read More

  As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471.   The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively. In all, 34 different ransomware variants were detected during the three-month-period...

Read More

Three months after the Apache Foundation disclosed the infamous Lo4j vulnerability [CVE-2021-44228] and issued a fix for it, more than 4 in 10 downloads of the logging tool from the Maven Central Java package repository continue to be known vulnerable versions.   A dashboard that Maven Central administrator Sonatype launched soon after news of the so-called Log4Shell flaw first surfaced shows that 41% of Log4j packages downloaded...

Read More

The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems.   "The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy ransomware and destructive malware in an enterprise," Cisco Talos researchers Asheer Malhotra,...

Read More

The hacker group that recently broke into systems belonging to graphics chip maker Nvidia has released two of the company's old code-signing certificates. Researchers warn the drivers could be used to sign kernel-level malware and load it on systems that have driver signature verification.   The certificates were part of a large cache of files that hackers claim totals 1TB and includes source code and API documentation...

Read More

Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host.   The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1 (v1), which allows processes to be organized into hierarchical groups, thereby making it possible to limit and...

Read More

The Great Resignation hits every company hard, but it can be terrifying when your security pros leave in droves. There are more than the obvious risks at stake, and CISOs must manage them all. A checklist can help ensure mistakes aren't made and regrets aren't expensive.   "As companies deal with increased rates of employee turnover, they must also consider the fact that highly skilled ex-employees are...

Read More