New infosec products of the week: May 7, 2021

Assessing third-party security controls with Panorays Smart Questionnaires Unlike manual security questionnaires, Smart Questionnaires include only the questions that are relevant for each supplier based on the business relationship context. Customers … Continue reading New infosec products of the week: May 7, 2021

Mandiant Managed Defense now supports Microsoft Defender for Endpoint

FireEye announced that Mandiant Managed Defense, Mandiant’s managed detection and response service, now supports Microsoft Defender for Endpoint. This integration reflects the Mandiant strategy to augment security teams with actionable intelligence fro… Continue reading Mandiant Managed Defense now supports Microsoft Defender for Endpoint

Hackers exploit SonicWall email software in a banner week for zero-day flaws

It’s only Wednesday, and it’s already been a banner week for previously unknown exploits in popular security software. Unidentified hackers have exploited three “zero-day,” or newly discovered, vulnerabilities in email software made by SonicWall to access an unnamed victim organization’s network, according to Mandiant, the incident response unit of security firm FireEye. “The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files and emails, and move laterally into the victim organization’s network,” Mandiant said in a blog on Tuesday evening. Security fixes are available for the flaws, and SonicWall urged customers to apply them. The news came after Mandiant revealed on Tuesday that suspected Chinese hackers had used bugs in another popular enterprise software made by Pulse Secure to break into government and defense-sector networks. Those breaches followed separate intrusion campaigns allegedly carried out by Russian and Chinese hackers exploiting software made […]

The post Hackers exploit SonicWall email software in a banner week for zero-day flaws appeared first on CyberScoop.

Continue reading Hackers exploit SonicWall email software in a banner week for zero-day flaws

Hackers found leveraging three SonicWall zero-day vulnerabilities

Attackers that seem to have “intimate knowledge” of the SonicWall Email Security product have been discovered leveraging three (at the time) zero-day vulnerabilities in the popular enterprise solution. Exploited in conjunction, the flaws al… Continue reading Hackers found leveraging three SonicWall zero-day vulnerabilities

Attackers are exploiting zero-day in Pulse Secure VPNs to breach orgs (CVE-2021-22893)

Attackers have been exploiting several old and one zero-day vulnerability (CVE-2021-22893) affecting Pulse Connect Secure (PCS) VPN devices to breach a variety of defense, government, and financial organizations around the world, Madiant has warned on … Continue reading Attackers are exploiting zero-day in Pulse Secure VPNs to breach orgs (CVE-2021-22893)

State-linked hackers hit American, European organizations with Pulse Secure exploits

Two hacking groups, including one with ties to China, have in recent months exploited popular enterprise software to break into defense, financial and public sector organizations in the U.S. and Europe, security firm FireEye warned Tuesday.   Attackers are exploiting old vulnerabilities — and one new one — in virtual private networking software made by Pulse Secure. Corporations and  governments alike use the technology to manage data on their networks, though it has proven a popular foothold for spies over the years. One of the hacking groups in question uses techniques similar to a Chinese state-backed espionage group, according to FireEye incident response unit Mandiant. “We have also uncovered limited evidence to suggest that [the hacking group] operates on behalf of the Chinese government,” Mandiant said in a blog post. The company did not say, specifically, what evidence it uncovered tying the incident to China. More broadly, Mandiant Senior Vice President and […]

The post State-linked hackers hit American, European organizations with Pulse Secure exploits appeared first on CyberScoop.

Continue reading State-linked hackers hit American, European organizations with Pulse Secure exploits

How (and why) cyber specialists hacked a North American utility’s smart meter

The hackers behind some of the most impactful intrusions of industrial organizations in the last five years have meticulously searched for ways to move from facilities’ IT networks to the more sensitive computers that interact with machinery.  Before alleged Russian hackers cut power in Ukraine in 2015, for example, they spent many months mapping out utility computer networks and gathering grid workers’ credentials. And the hackers that triggered the 2017 shutdown of a Saudi petrochemical plant with the so-called Triton malware are known for using dozens of different tools to maintain access to IT and industrial networks. As state-sponsored hackers continue to probe U.S. infrastructure, cybersecurity experts regularly emulate those landmark attacks today to break into their clients’ networks in order to protect them. The latest example comes from Mandiant, FireEye’s incident response unit, which this week publicized the techniques it used to infiltrate a North American utility’s industrial control systems […]

The post How (and why) cyber specialists hacked a North American utility’s smart meter appeared first on CyberScoop.

Continue reading How (and why) cyber specialists hacked a North American utility’s smart meter

Detection capabilities improve, but ransomware surges on

A FireEye report outlines critical details on trending attacker techniques and malware, the proliferation of multifaceted extortion and ransomware, preparing for expected UNC2452 / SUNBURST copycat threat actors, growing insider threats, plus pandemic … Continue reading Detection capabilities improve, but ransomware surges on

FireEye insider threat security services from Mandiant protect orgs against malicious activities

FireEye unveiled two new insider threat security services from Mandiant. The new services help organizations establish or scale up insider threat programs and are designed to provide ongoing protection against rapidly evolving and dynamic malicious act… Continue reading FireEye insider threat security services from Mandiant protect orgs against malicious activities

Accellion FTA attacks, extortion attempts might be the work of FIN11

Mandiant/FireEye researchers have tentatively linked the Accellion FTA zero-day attacks to FIN11, a cybercrime group leveraging CLOP ransomware to extort targeted organizations. Accellion has also confirmed on Monday that “out of approximately 30… Continue reading Accellion FTA attacks, extortion attempts might be the work of FIN11