Category Archives: Recorded Future

Suspected Russian operatives tried using forged diplomatic documents, social media to create divisions

Posted on by

A Russian information operation relied on forged diplomatic emails and planted articles on a number of social media sites in an attempt to undermine multiple governments and impersonate U.S. lawmakers, according to a new analysis of recent social media activity. Massachusetts-based Recorded Future on Wednesday published findings detailing how Russian-language operatives spent months using popular internet services to try to interfere in Estonia, the Republic of Georgia and the U.S. The effort appears to be a continuation of a prior Russian campaign, dubbed Operation Secondary Infektion, that utilized Facebook and dozens of online platforms to sow division in the West and discredit political efforts. The ongoing covert influence effort revealed Wednesday, known as Operation Pinball, involved activity on discussion sites like Reddit, LiveJournal, an array of self-publishing sites, falsified social media profiles that prioritized strong operational security over reaching a large audience. In one instance, Recorded Future detected a Reddit […]

The post Suspected Russian operatives tried using forged diplomatic documents, social media to create divisions appeared first on CyberScoop.

Continue reading Suspected Russian operatives tried using forged diplomatic documents, social media to create divisions

Hackers had access to European electricity organization’s email server for weeks: report

Posted on by

When the organization that oversees Europe’s electricity market announced on Monday that hackers had infiltrated its IT network, it didn’t provide many details. The European Network of Transmission System Operators for Electricity (ENTSO-E) said a data breach had been confined to its office network, and that no critical power systems were affected. It didn’t mention how or why the intrusion began. But a public analysis of a cybersecurity incident, which multiple people familiar with the matter said matches the details of the ENTSO-E breach, indicates that the attackers were communicating with the victim organization’s email server for more than a month. There was repeated, high-volume communication between the server and the hackers’ malware, according to the analysis, which was published in January by threat intelligence firm Recorded Future. The report did not name ENTSO-E as the victim, but a source close to senior cybersecurity officials at multiple European electric utilities said the two incidents […]

The post Hackers had access to European electricity organization’s email server for weeks: report appeared first on CyberScoop.

Continue reading Hackers had access to European electricity organization’s email server for weeks: report

Microsoft Patch Tuesday, March 2020 Edition

Posted on by

Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows operating systems and associated software. If you (ab)use Windows, please take a moment to read this post, backup your system(s), and patch your PCs. Continue reading Microsoft Patch Tuesday, March 2020 Edition

OpenDXL Ontology: An open source language for connecting cybersecurity tools

Posted on by

The Open Cybersecurity Alliance (OCA) today announced the availability of OpenDXL Ontology, the first open source language for connecting cybersecurity tools through a common messaging framework. With open source code freely available to the security c… Continue reading OpenDXL Ontology: An open source language for connecting cybersecurity tools

Microsoft Patch Tuesday, February 2020 Edition

Posted on by

Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Also, Adobe… Continue reading Microsoft Patch Tuesday, February 2020 Edition

Which vulnerabilities were most exploited by cybercriminals in 2019?

Posted on by

Which ten software vulnerabilities should you patch as soon as possible (if you haven’t already)? Table of top exploited CVEs between 2016 and 2019 (repeats are noted by color) Recorded Future researchers have analyzed code repositories, undergro… Continue reading Which vulnerabilities were most exploited by cybercriminals in 2019?

Patch Tuesday, December 2019 Edition

Posted on by

Microsoft today released updates to plug three dozen security holes in its Windows operating system and other software. The patches include fixes for seven critical bugs — those that can be exploited by malware or miscreants to take control over a Windows system with no help from users — as well as another flaw in most versions of Windows that is already being exploited in active attacks. Continue reading Patch Tuesday, December 2019 Edition

Scammers just posted 1.3 million payment card numbers on Joker’s Stash, a market for ID theft

Posted on by

A database containing roughly 1.3 million credit and debit card numbers belonging primarily to Indian bank customers was uploaded this week to Joker’s Stash, an online market specializing in stolen personal data, according to new findings by security researchers. Group-IB, in a statement e-mailed Tuesday to CyberScoop, said the database was uploaded Oct. 28, and is worth more than $130 million, the equivalent value of roughly one dollar per record. Ninety-eight percent of the files belong to Indian banks, while 1% originate with a Colombian entity. Group-IB did not name any of the banks affected, victims included in the database or speculate on who may have uploaded the information. This addition of credit card information came just days after researchers determined that Joker’s Stash is growing. Over its four-year lifespan, the illicit card shop has become a dumping ground for financial information stolen from organizations like Hy-Vee, Sonic Drive-In and others. Now, […]

The post Scammers just posted 1.3 million payment card numbers on Joker’s Stash, a market for ID theft appeared first on CyberScoop.

Continue reading Scammers just posted 1.3 million payment card numbers on Joker’s Stash, a market for ID theft

Recorded Future and ServiceNow offer faster incident response and third-party risk analysis

Posted on by

Recorded Future, the leading provider of security intelligence, announced a new relationship with ServiceNow to expedite security professionals’ decision-making processes across security operations programs. Two new integrations are designed to r… Continue reading Recorded Future and ServiceNow offer faster incident response and third-party risk analysis

As health sector grapples with ransomware, a search for better incident data

Posted on by

In recent years, a slew of ransomware infections has forced health care organizations across the U.S. to confront their security weaknesses. The fact that the file-locking malware can disrupt medical services or compromise sensitive patient data has brought urgency to the struggle. Yet largely missing from the equation has been a reliable and thorough set of public data on health care ransomware incidents that tracks things like payouts, the number of victims, and strains of malware. On Wednesday, Allan Liska, a ransomware connoisseur and threat intelligence analyst at cybersecurity company Recorded Future, took a stab at filling the void by releasing data on ransomware incidents over the last three and half years. Some of Liska’s findings, which he shared exclusively with CyberScoop, surprised him. From 2016 through 2018, for example, the number of documented ransomware incidents in the health care sector stayed relatively flat at around 30 per year, fewer […]

The post As health sector grapples with ransomware, a search for better incident data appeared first on CyberScoop.

Continue reading As health sector grapples with ransomware, a search for better incident data