Collaborate Disseminate
The exploitation of Microsoft Exchange Server made headlines earlier this year, sending security teams scrambling to patch their servers before malicious actors had a chance to compromise their system. According to Microsoft, they have attributed the … Continue reading When a Ripple Becomes a Wave: Cyberattack Fallout
Security information and event management (SIEM) solutions provide organizations centralized visibility into their IT and even sometimes OT environments. At a high level, a SIEM turns data into actionable insights by: Ingesting a vast amount of event data from across the enterprise, including on-premise and cloud-based environments; Applying real-time analytics to aggregate related security events […]
The post What Is SIEM and How Does it Work? The Past, Present and Future appeared first on Security Intelligence.
Continue reading What Is SIEM and How Does it Work? The Past, Present and Future
Two hacking groups, including one with ties to China, have in recent months exploited popular enterprise software to break into defense, financial and public sector organizations in the U.S. and Europe, security firm FireEye warned Tuesday. Attackers are exploiting old vulnerabilities — and one new one — in virtual private networking software made by Pulse Secure. Corporations and governments alike use the technology to manage data on their networks, though it has proven a popular foothold for spies over the years. One of the hacking groups in question uses techniques similar to a Chinese state-backed espionage group, according to FireEye incident response unit Mandiant. “We have also uncovered limited evidence to suggest that [the hacking group] operates on behalf of the Chinese government,” Mandiant said in a blog post. The company did not say, specifically, what evidence it uncovered tying the incident to China. More broadly, Mandiant Senior Vice President and […]
The post State-linked hackers hit American, European organizations with Pulse Secure exploits appeared first on CyberScoop.
During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019. Although these early versions did not contain the malicious backdoor (this was added in March […]
The post Combating Sleeper Threats With MTTD appeared first on Security Intelligence.
Advanced hackers are exploiting old flaws in popular enterprise software made by Fortinet in a possible attempt to access networks in multiple critical infrastructure sectors, the FBI and Department of Homeland Security warned on Friday. “Advanced persistent threat” actors — a term that usually refers to state-linked groups — are likely using the software flaws to breach “multiple government, commercial, and technology services networks,” states the advisory from the FBI and DHS’s Cybersecurity and Infrastructure Security Agency. The agencies said that the attackers, whom they did not identify, could be using the bugs in Fortinet software to access “key networks as pre-positioning for follow-on data exfiltration or data encryption attacks.” The three vulnerabilities are in FortiOS, security software that government agencies and big corporations use to manage their networks. Hackers could exploit the bugs to intercept sensitive data on networks. Fortinet disclosed the vulnerabilities in 2018, 2019 and 2020 and […]
The post Advanced hackers use Fortinet flaws in likely attempt to breach government networks, feds warn appeared first on CyberScoop.
Critical vulnerabilities in Microsoft software have turned into a feeding frenzy for state-linked hackers. At least 10 such hacking groups have exploited the flaws in the Exchange Server email program in recent days in operations around the world, anti-virus firm ESET said Wednesday. Many of the groups have well-documented links to China. The surge in hacking suggests multiple sets of espionage groups had access to the software exploit before Microsoft released fixes for it on March 2. It also compounds the challenges facing incident responders who are rushing to deal with the breaches, and bracing for additional exploitation of the bugs by criminal hackers. “It is still unclear how the distribution of the exploit happened, but it is inevitable that more and more threat actors, including ransomware operators, will have access to it sooner or later,” ESET researchers wrote in a blog post Wednesday. The intrusions by advanced persistent threat […]
The post At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns appeared first on CyberScoop.
Continue reading At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns
Critical vulnerabilities in Microsoft software have turned into a feeding frenzy for state-linked hackers. At least 10 such hacking groups have exploited the flaws in the Exchange Server email program in recent days in operations around the world, anti-virus firm ESET said Wednesday. Many of the groups have well-documented links to China. The surge in hacking suggests multiple sets of espionage groups had access to the software exploit before Microsoft released fixes for it on March 2. It also compounds the challenges facing incident responders who are rushing to deal with the breaches, and bracing for additional exploitation of the bugs by criminal hackers. “It is still unclear how the distribution of the exploit happened, but it is inevitable that more and more threat actors, including ransomware operators, will have access to it sooner or later,” ESET researchers wrote in a blog post Wednesday. The intrusions by advanced persistent threat […]
The post At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns appeared first on CyberScoop.
Continue reading At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns
Humanity has been through a number of industrial revolutions since the 1760s, and is now at its fourth cycle of sweeping industrial innovation, known as Industry 4.0. It is characterized by the ongoing automation of traditional manufacturing and industrial practices using modern smart technology. As such, it inherits risks and threats that apply to connected […]
The post Smell the Attack? Sensory-Immersive Cyber Range Training for Industry 4.0 appeared first on Security Intelligence.
Continue reading Smell the Attack? Sensory-Immersive Cyber Range Training for Industry 4.0
President-elect Joe Biden said on Thursday he has instructed his advisers to learn as much as possible about a hacking campaign that’s roiled the U.S. government, as the investigators warned that the suspected Russian effort represented a “grave risk.” In a statement, Biden pledged to “elevate cybersecurity as an imperative across the government,” following revelations about how hackers have exploited technology built by SolarWinds, a federal contractor, to worm their way into networks belonging to reported victims including the departments of Treasury, Commerce and Homeland Security. “Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation,” Biden said in a statement. The Department of Homeland Security also on Thursday released additional technical details on the hacking effort that the Washington Post has connected to a Russian intelligence agency, calling it a “grave risk” to federal and state networks […]
The post Biden says he will ‘elevate’ cybersecurity as US hack investigation goes on appeared first on CyberScoop.
Continue reading Biden says he will ‘elevate’ cybersecurity as US hack investigation goes on
FireEye, one of the most influential cybersecurity companies in the world, on Tuesday revealed that it had been breached by a suspected state-sponsored hacking group. FireEye CEO Kevin Mandia said that the FBI and security experts at Microsoft were helping investigate the incident, in which attackers accessed the tools FireEye uses to simulate attacks against clients. “Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques,” Mandia said in a blog post. Attackers stole so-called red team tools, which security firms use to imitate real-world hacks on behalf of their clients. Such red team tools from a respected firm like FireEye would provide malicious attackers with a kind of roadmap on how to subvert defenses, and breach victims. Mandia said his firm was taking the extraordinary step of developing “more than 300 countermeasures for our customers, and the community at […]
The post FireEye says hackers stole its red-team tools, suggests state-sponsored group is to blame appeared first on CyberScoop.