Cyberwarfare

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-21982 and featuring a CVSS score of 9.1, the recently addressed vulnerability resides in the administrative interface for the appliance and exists because attackers could bypass authentication through manipulation of a URL on the interface. “A malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance…

Malware & Threats

Issued by: Security Week

The intelligence value of the hacking of then-acting Secretary Chad Wolf and his staff is not publicly known, but the symbolism is stark. Their accounts were accessed as part of what’s known as the SolarWinds intrusion and it throws into question how the U.S. government can protect individuals, companies and institutions across the country if…

Network Security

Issued by: Security Week

Gen. Paul Nakasone, in prepared remarks to the Senate Armed Services Committee, did not describe those operations, so it was not immediately clear whether these were efforts strictly at defending the United States against intrusions or offensive measures to shut down intruders. He said his command’s operations were designed “to get ahead of foreign threats…

Network Security

Issued by: Security Week

Jolted by a sweeping hack that may have revealed government and corporate secrets to Russia, U.S. officials are scrambling to reinforce the nation’s cyber defenses and recognizing that an agency created two years ago to protect America’s networks and infrastructure lacks the money, tools and authority to counter such sophisticated threats. The breach, which hijacked…

Malware & Threats

Issued by: Security Week

Taking advantage of the COVID-19 pandemic, which has forced the broad adoption of telework, cyber-criminals and threat actors are attempting to exploit possible misconfiguration and lack of monitoring for remote network access and user privileges. An observed shift in tactics, the FBI says, is the targeting of all employee credentials, not exclusively of those individuals…

Vulnerabilities

Issued by: Security Week

The EU last year recorded around 450 cyber incidents involving European infrastructure, notably in the financial and energy sectors, and the pandemic has highlighted Europe’s deep dependence on the internet and exposed security weaknesses. The EU’s current Network Information System regulations date from 2008, and the European Commission’s new proposals aim to bring them up…

Malware & Threats

Issued by: Security Week

FireEye, which disclosed the attack earlier this month after the threat actor managed to breach its systems and steal some Red Team tools, revealed that the attacker had compromised SolarWinds systems and used its access to deliver a piece of malware named SUNBURST. The malware, which is configured to remain dormant for a certain period…

Malware & Threats

Issued by: Security Week

“The number of cyber threat actors is rising, and they are becoming more sophisticated”, the Canadian Centre for Cyber Security said. The center found that those four countries are very likely attempting to build up capacities to disrupt key Canadian infrastructure — like the electricity supply — to further their goals. The report said they…