attacks

Vulnerabilities

Issued by: Security Week

Initially observed in December 2020, the self-named Hades ransomware (a different malware family from the Hades Locker ransomware that emerged in 2016) employs a double-extortion tactic, exfiltrating victim data and threatening to leak it publicly unless the ransom is paid. The adversary appears mainly focused on enterprises, with some of the victims being multi-national organizations…

Cloud Security

Issued by: Security Week

In the Creative Cloud desktop application, Adobe fixed three flaws rated critical, including arbitrary file overwrite and OS command injection issues that can lead to code execution, and an improper input validation issue that can be exploited for privilege escalation. In its Connect product, the company addressed one critical input validation issue that can result…

Malware & Threats

Issued by: Security Week

Initially observed in 2019, SystemBC enables persistent access to the system, providing attackers with means to conceal communications and remotely control the infected devices. Designed with support for the execution of commands and to allow adversaries to download and execute scripts, executables, and DLLs, the backdoor is continuously evolving, with recent samples having switched from…

Malware & Threats

Issued by: Help Net Security

High volumes of attacks were used to target video game companies and players between 2018 and 2020, an Akamai report reveals. It also notes an uptick in attack traffic that correlates with COVID-19-related lockdowns. In addition, the report examines motivations driving the attacks and steps gamers can take to help protect their personal information, accounts,…

Network Security

Issued by: CSO

Phishing ranks low on the list of cyberattacks in terms of technological sophistication. Even more sophisticated phishing variants like spear phishing (focused and often personalized phishing attacks) and whaling (phishing attacks focused on high-profile or high-dollar targets) are focused more on social engineering than on technology. Yet phishing remains one of the most effective types…

Vulnerabilities

Issued by: Help Net Security

Report: The cybersecurity impact of COVID-19

Cybersecurity company Cynet has released a report detailing changes in cyberattacks they’ve observed across North America and Europe since the beginning of the COVID-19 pandemic. The report shares the cyberattack volume change observed across industry sectors, the increased use of spear phishing as an initial attack vector, and the approaches being used to distribute malware…

Vulnerabilities

Issued by: Help Net Security

Cybercriminals will never run out of ways to breach the security protocols enterprises put in place. As security systems upgrade their defenses, attackers also level up their attacks. They develop stealthier ways to compromise networks to avoid detection and enhance the chances of penetration. Adversarial machine learning, for example, emerges as one of the stealthy…

Network Security

Issued by: Help Net Security

Trend Micro’s XDR offerings simplify and optimize detection and response

Trend Micro announced Worry-Free XDR: a new version of its XDR platform designed to extend the power of correlated detection and response beyond the endpoint for smaller businesses. This unmatched channel offering is available now as a standalone or managed solution tailored for SMBs. Today, 85% of organizations believe threat detection and response is getting…

Software Security

Issued by: CSO

After a compromise, the first thing investigators will do is review the log files. The default logging on Windows machines, however, does not capture enough information to identify forensic artifacts. You can adjust your logging settings to get enough information to investigate attacks. First, download and install Sysmon on outward-facing machines. Sysmon remains resident across…