Malware & Threats Archives - Page 49 of 107

Cisco Smart Install Protocol Still Abused in Attacks, 5 Years After First Warning

Issued by: Security Week

Cisco describes Smart Install as a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. Smart Install can be very useful for organizations, but it can also pose a serious security risk. Once a device has been set up through Smart Install, the feature remains enabled and it can be accessed without…

Malware & Threats

Russian Hackers Use New ‘SkinnyBoy’ Malware in Attacks on Military, Government Orgs

Issued by: Security Week

Active since at least 2007 and also tracked as Fancy Bear, Pawn Storm, Sednit, Strontium, and Tsar Team, APT28 is well known for its cyber-espionage operations targeting the 2016 Presidential elections in the United States, but is also associated with attacks on NATO countries and with activities against organizations in the energy and transportation sectors….

Malware & Threats

White House urges private sector to enhance their ransomware defenses

Issued by: Help Net Security

In light of the ransomware attacks hitting high-profile targets such as the Colonial Pipeline and JBS, the White House has issued an open letter to private sector companies, urging them to do their part to stymie the threat. The Federal Government is working with partners around the world to disrupt and deter ransomware actors, by…

Malware & Threats

Chinese Hackers Using Previously Unknown Backdoor

Issued by: Security Week

Researchers have discovered a new cyber espionage weapon they believe was developed and is used by a China-based APT group they have named SharpPanda. A previously unknown Windows backdoor enables remote access and the collection of considerable live data – but only during Chinese working hours. An ongoing campaign is targeting the Ministry of Foreign…

Malware & Threats

Swedish Public Health Agency Says Disease Database Targeted in Cyberattacks

Issued by: Security Week

SmiNet was shut down on Thursday, after the agency identified several attempts to gain unauthorized access to the database, but it was restored by Friday night. On Thursday, the Public Health Agency announced that it had shut down the database to prevent hacking attempts, and immediately launched an investigation into the matter. The incident was…

Malware & Threats

Tulsa Cybersecurity Attack Similar to Pipeline Attack

Issued by: Security Week

“I can’t share anything other than we know who did it,” Mayor G.T. Bynum said, adding that the city did not pay the hackers. “They wanted to talk with us about what (a ransom) would be for them not to announce (the attack) and we never engaged them.” Bynum said Tulsa’s computer security system identified…

Malware & Threats

Hackers Targeted SolarWinds Earlier Than Previously Known

Issued by: Security Week

SolarWinds had previously traced the origins of the hack to the fall of 2019 but now believes that hackers were doing “very early recon activities” as far back as the prior January, according to Sudhakar Ramakrishna, the company’s president and CEO. “The tradecraft that the attackers used was extremely well done and extremely sophisticated, where…

Malware & Threats

A Renewed Push to Improve the Nation’s Cybersecurity

Issued by: Security Week

In response to recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline ransomware attack, President Biden on May 12, 2021 signed an Executive Order (EO) to improve the nation’s cybersecurity and protect federal government networks. For close observers, this seems to be like Groundhog Day, as past incoming administrations have issued similar…

Malware & Threats

Microsoft Build Engine Abused for Fileless Malware Delivery

Issued by: Security Week

Described as the build platform for Microsoft and Visual Studio, MSBuild has a feature that allows developers to specify for code to be executed in memory, and adversaries have abused this in a new campaign for the fileless delivery of their malicious payloads. The attacks, which were ongoing last week, likely started in April. As…