A threat actor linked to Babuk and Groove ransomware gangs leaked login credentials of 500,000 Fortinet VPN accounts to promote a new underground hacking forum.
The mass shift to working from home precipitated by the Covid-19 pandemic created massive security challenges. A full 30% of remote workers under the age of 24 say that they circumvent or ignore security policies when they get in the way of getting work done.
Yandex warded off the largest DDoS attack in history recorded at 22 million requests per second and attributed to a new botnet Meris that exploits MikroTik devices.
UN data breach appears to stem from an employee login that was sold on the dark web. The attackers used this entry point to move farther into the organization's networks and conducted reconnaissance between April and August.
Today's cybersecurity teams can’t get ahead of hackers because they’re drowning in data, fatigued by alerts, and dissatisfied with their jobs. Data elitism is the root cause of this negative environment, but companies can take steps to offset it.
President Biden’s Executive Order includes a provision that would require software vendors selling to the federal government to maintain a Software Bill of Materials (SBOM). Unfortunately, it’s not that simple.
Ransomware gangs regularly add new tactics and twists to their playbooks to increase pressure on victims. The latest development comes from the Ragnar Locker group, who are now threatening to publish sensitive information if the victim even makes contact with authorities.
In mid-July the REvil ransomware group, linked to the Kaseya and JBS incidents among other attacks, appeared to go out of business. It turns out they may have just been taking a refreshing summer break.
CISA added single-factor authentication to bad cybersecurity practices, adding that it was extremely risky for remote and administrative access to critical infrastructure.