SUNSPOT Malware: A Technical Analysis | CrowdStrike

In December 2020, the industry was rocked by the disclosure of a complex supply chain attack against SolarWinds, Inc., a leading provider of network performance monitoring tools used by organizations of all sizes across the globe.


Sealed U.S. Court Records Exposed in SolarWinds Breach

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.


Cyber Threat Intelligence Summit and Cyber Security Training | SANS Institute

Thursday, January 21 (times are EST) 9:15-9:45 am Chris Krebs @C_C_Krebs, Fmr. Director, US Cybersecurity and Infrastructure Security Agency (CISA) 10:05-10:40 am Riding the WAVE to Better Collaboration and Security Kelsey Helms, Lead Cyber Threat Intelligence Analyst, Target Nate Icart, Lead Threat Intelligence Detection Engineer, Target Corporation Many organizations strive to build an intelligence-led security program, but aligning to a single, effective intel model is often an obstacle.


CISA: Hackers bypassed MFA to access cloud service accounts

The US Cybersecurity and Infrastructure Security Agency (CISA) said today that threat actors bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts. "CISA is aware of several recent successful cyberattacks against various organizations' cloud services," the cybersecurity agency said on Wednesday.


Iranian cyberspies behind major Christmas SMS spear-phishing campaign | ZDNet

An Iranian cyber-espionage group known as Charming Kitten (APT35 or Phosphorus) has used the recent winter holiday break to attack targets from all over the world using a very sophisticated spear-phishing campaign that involved not only email attacks but also SMS messages. Cyberwar and the Future of Cybersecurity Today's security threats have expanded in scope and seriousness.


DarkMarket: world's largest illegal dark web marketplace taken down

DarkMarket, the world's largest illegal marketplace on the dark web, has been taken offline in an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the United Kingdom (the National Crime Agency), and the USA (DEA, FBI, and IRS). Europol supported the takedown with specialist operational analysis and coordinated the cross-border collaborative effort of the countries involved.


Cybersecurity teams are struggling with burnout, but the attacks keep coming | ZDNet

Cybersecurity teams are facing new challenges to how they work as the Covid-19 pandemic has forced many security operation centres (SOC) to work remotely while also having to deal with new threats - all of which is leading to higher workloads and an increase in burnout for staff.


United Nations data breach exposed over 100k UNEP staff records

This week, researchers have responsibly disclosed a vulnerability by exploiting which they could access over 100K private records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories which let researchers clone Git repositories and gather PII of a large number of employees.


A Golden SAML Journey: SolarWinds Continued

TL;DR: In this blog post we will review what SAML is, how what is old is new again, and how you can start detecting and mitigating SAML attacks. Our focus for detection is intended as scaffolding to get you started, rather than a solution that will work for everyone and all installations.


Leading Cyber Ladies

The CTF Organizers: @Reutooo_ and @ElLicho007 Timetable The CTF will start on February 3rd 2021 at exactly 16:00 Israel time (GMT+2) and will be closed on February 5th at exactly 16:00 Israel time (GMT+2). click here to add it to your Google calendar Rules and Guidelines 1.


Rioters Open Capitol's Doors to Potential Cyberthreats

Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks Security Experts: Federal Computer System in Capitol Building Is Endangered The massive pro-Trump demonstrations that saw large crowds riot and then occupy the U.S. Capitol building in Washington on Wednesday pose a significant cybersecurity risk, some experts say.


Ransomware Gangs Are Targeting Executives

The public sector has seen a great deal of ransomware activity, as their environments often are more vulnerable. In addition, their constituents, students, etc... are not able to do without the services this public organizations provide. It creates what is effectively a perfect storm and one in which the bad actors and ransomware gangs are able to enrich themselves with repeatedly.


Hackers have leaked the COVID-19 vaccine data they stole in a cyberattack | ZDNet

Hackers have leaked the information they stole about the COVID-19 vaccines as part of a cyberattack targeting the European Union's medical agency, the organisation has admitted. The attack against the European Medicines Agency (EMA) was first disclosed last month and now it has been determined that those behind the hack gained access to information about coronavirus medicines.


FBI aims for stronger cyber strategy as US grapples with SolarWinds fallout - CyberScoop

While dealing with a massive cyber-espionage campaign against the U.S. government, the FBI is trying to quietly implement a new strategy aimed at better tracking foreign hackers.