Chinese hackers use Log4j exploit to go after academic institution

A Chinese hacking group known for industrial espionage and intelligence collection used a vulnerability in Log4j to go after a large academic institution, researchers at CrowdStrike revealed Wednesday. Threat analysts observed the group attempting to install malware after gaining access using a modified version of a Log4j exploit for VMWare Horizon, a virtual workspace technology. CrowdStrike also observed the Chinese hackers trying to harvest credentials for further exploitation. CrowdStrike analysts believe that the group behind the attack, which it is calling “Aquatic Panda,” has likely been active since at least May 2020. Its operations have primarily focused on targets in the telecommunications, technology and government sectors. “Because OverWatch disrupted the attack before AQUATIC PANDA could take action on their objectives, their exact intent is unknown,” Param Singh, vice president of CrowdStrike OverWatch, wrote to CyberScoop in an email. “This adversary, however, is known to use tools to maintain persistence in environments […]

The post Chinese hackers use Log4j exploit to go after academic institution appeared first on CyberScoop.

Continue reading Chinese hackers use Log4j exploit to go after academic institution

Why is trust in legacy vendors on shaky ground?

A Vanson Bourne survey report highlights ransomware payout demands and extortion fees are massively increasing, while trust in legacy IT vendors has dipped and organizations are in fact getting slower at detecting cybersecurity incidents. “The survey p… Continue reading Why is trust in legacy vendors on shaky ground?

Cloudflare collaborates with leading cyber insurers to help businesses reduce their cyber risk

Cloudflare announced it is partnering with leading cyber insurance companies to help businesses manage their risks online. Eligible Cloudflare customers can qualify for discounts or other added benefits from insurance providers like At-Bay, Coalition, … Continue reading Cloudflare collaborates with leading cyber insurers to help businesses reduce their cyber risk

SOC Prime Quick Hunt delivers one-click threat hunting capabilities to security teams

SOC Prime announced the availability of Quick Hunt, a module powered by SOC Prime’s Detection as Code platform that delivers one-click threat hunting capabilities to security teams across the world. With access to the SOC Prime Threat Detection M… Continue reading SOC Prime Quick Hunt delivers one-click threat hunting capabilities to security teams

Iranian government-backed hackers target critical infrastructure with ransomware, US says

U.S., U.K. and Australian cyber agencies on Wednesday accused Iranian government-sponsored hacking groups of exploiting Microsoft and Fortinet vulnerabilities this year in a bid to deploy ransomware against critical infrastructure. The hackers are interested in taking advantage of known software flaws where they can, the agencies said. The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in March, May and June saw Iranian “advanced persistent threat” groups capitalizing on Fortinet vulnerabilities, in one case for a server associated with a U.S. municipal government and in another involving networks associated with a U.S.-based hospital focused on children’s care. In October the hackers relied on a Microsoft Exchange ProxyShell vulnerability “to gain initial access to systems in advance of follow-on operations,” the subject of another recent CISA alert. “The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including […]

The post Iranian government-backed hackers target critical infrastructure with ransomware, US says appeared first on CyberScoop.

Continue reading Iranian government-backed hackers target critical infrastructure with ransomware, US says

Rockwell Automation announces investments to enhance its incident response services

Rockwell Automation announced new investments to enhance its information technology (IT) and operational technology (OT) cybersecurity offering, better equipping customers with the protection they need in today’s perilous environment. These initiatives… Continue reading Rockwell Automation announces investments to enhance its incident response services

A China-aligned espionage group is targeting global telecoms, sweeping up call data dating back years

An advanced network of digital spies with a nexus to Chinese interests has successfully compromised parts of the global telecommunications network, in some cases allowing access to subscriber information, call metadata, text messages, and other data, according to research released Tuesday by CrowdStrike. The hacking group, dubbed “LightBasin” by the firm and known publicly as UNC1945, has targeted the telecommunications sector since at least 2016, investigators found. New research has identified 13 telecommunications companies as having been compromised by the network dating back to least 2019. The specific companies were not identified. “People leverage their cellphones like they’re magic,” said Adam Meyers, CrowdStrike’s senior vice president of intelligence. “They don’t think about the fact that there’s this whole infrastructure that makes it work … and that infrastructure is not something that you can take for granted.” The report lays out how this group has developed highly customized tools and a precise […]

The post A China-aligned espionage group is targeting global telecoms, sweeping up call data dating back years appeared first on CyberScoop.

Continue reading A China-aligned espionage group is targeting global telecoms, sweeping up call data dating back years

Fletch releases two security offerings to help organizations stay ahead of cybercriminals

Fletch launched their first two offerings that continuously analyzes trending threats and insider risk, free of charge. For the past two and half years, Fletch has collaborated with top industry experts to create a platform where all it takes is a few … Continue reading Fletch releases two security offerings to help organizations stay ahead of cybercriminals

Fletch releases two security offerings to help organizations stay ahead of cybercriminals

Fletch launched their first two offerings that continuously analyzes trending threats and insider risk, free of charge. For the past two and half years, Fletch has collaborated with top industry experts to create a platform where all it takes is a few … Continue reading Fletch releases two security offerings to help organizations stay ahead of cybercriminals

deepwatch appoints two cybersecurity industry executives to Board of Advisors

deepwatch announced the appointment of two prominent cybersecurity industry executives to its newly formed board of advisors, which will provide support and guidance for deepwatch’s strategic growth initiatives. The advisors include Jody Len, previousl… Continue reading deepwatch appoints two cybersecurity industry executives to Board of Advisors