At the beginning of 2021, the threat actors behind the Cring ransomware were observed launching numerous attacks on European industrial enterprises, forcing at least one organization to shut down a production site. The initial vector of attack was later identified as CVE-2018-13379, a vulnerability in the FortiOS SSL VPN web portal that could allow unauthenticated…

With the acceleration of digital transformation and convergence of IT and operational technology (OT) networks, Internet of Things (IoT) and Industrial IoT (IIoT) devices are becoming essential tools for companies in sectors including oil and gas, energy, utilities, manufacturing, pharmaceuticals, and food and beverage. Whether optimizing individual processes or entire factories and other critical infrastructure…

A cybersecurity attack targeted a vulnerability in Accellion, a third-party vendor that is used to securely transfer files, the university said in a statement Wednesday. “We understand those behind this attack have published online screenshots of personal information, and we will notify members of the UC community if we believe their data was leaked in…

Manufacturing and energy became the second and third most targeted industries last year, respectively. Retail and professional services rounded up the top five most targeted sectors, IBM says. In the latest installment of their annual X-Force Threat Intelligence Index, IBM Security also reveals that ransomware was the most popular attack method in 2020, with a…

Multiple attack groups are exploiting the critical Microsoft Exchange Server vulnerabilities patched last week – and the growing wave of global activity began before Microsoft released emergency fixes on March 2. Security firms including Red Canary and FireEye are now tracking the exploit activity in clusters and anticipate the number of clusters will grow over…

Over the past few months, hackers have been trying to surreptitiously backdoor the computer systems of a number of security researchers working on vulnerability research and development at different companies and organizations, the Google Threat Analysis Group (TAG) has revealed on Monday. The hackers’ tactics The hackers, who Google TAG believes are backed by the…

A fourth malware strain wielded by the SolarWinds attackers has been detailed by Symantec researchers, followed by the disclosure of the attackers’ ingenous lateral movement techniques and the release of an auditing script by FireEye researchers that organizations can use to check their Microsoft 365 tenants for signs of intrusion. Then, on Tuesday, Malwarebytes CEO…