Written by Shannon Vavra Jan 15, 2021 | CYBERSCOOP Rob Joyce, the National Security Agency's special U.S. liaison officer at the U.S. Embassy in London, will replace Anne Neuberger as director in the agency's Cybersecurity Directorate, the NSA announced Friday.
One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. How exactly does the jump from the Solorigate backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others) happen? What code gets triggered, and what indicators should defenders look for?
Threat Hunter Team Symantec Symantec, a division of Broadcom (NASDAQ: AVGO), has uncovered an additional piece of malware used in the SolarWinds attacks which was used against a select number of victims that were of interest to the attackers. In a second victim where the Raindrop loader was seen, it was installed in a file called astdrvx64.dll in late May.
Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members. IObit is a software developer known for Windows system optimization and anti-malware programs, such as Advanced SystemCare.
US cyber-security firm Malwarebytes today said it was hacked by the same group which breached IT software company SolarWinds last year. Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since the company doesn't use any of SolarWinds software in its internal network.
WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) announced the Reduce the Risk of Ransomware Campaign today, a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.
The U.S Government released on January 5, 2021, a cybersecurity plan to secure the nation's maritime sector against cybersecurity threats that could endanger national security. With International Maritime Organization's (IMO) mandate "to ensure that cyber risks are appropriately addressed in existing safety management systems" and the increasing number of cyber-attacks against maritime and shipping organizations, cybersecurity of maritime and shipping organizations is a top priority.
Parler, the beleaguered social network advertised as a "free speech" alternative to Facebook and Twitter, has had a tough month. Apple and Google removed the Parler app from its stores, and Amazon blocked the platform from using its hosting services. Parler has since found a home in DDoS-Guard, a Russian digital infrastructure company.
In the State of Financial Crime 2021, ComplyAdvantage explores how technology and geopolitics are set to shape financial crime compliance.
Cobalt Strike and Metasploit were the offensive security tools most commonly used to host malware command-and-control (C2) servers in 2020, researchers report. Researchers with Recorded Future's Insikt Group collected more than 10,000 unique C2 servers across at least 80 malware families last year.
But hold on a second: before getting to the attacks, we need to have some real talk about who would do such a thing. It's a question we're all asking about many aspects of this unbelievably painful moment. If "nation-state actor" is your go-to answer, you're echoing the focus of nearly everyone else pontificating right now about threat modeling.
The spate of cyber attacks launched by suspected Russian hackers through compromised SolarWinds software have no easy fix and the effects will be felt for years to come, says security company FireEye....
It's clear the SolarWinds incident has rocked the infosec community to its core, with the still-unfolding episode expected to reverberate in the industry for years to come. While there is still much to be uncovered, the public details point to a known Russian APT inserting code into a third-party IT provider's services, allowing for further targeting of approximately 50 organizations.
Powered By Sighteer's Algorithmic Content Platform