SecurityWeek
More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack
Cybersecurity companies Mimecast and Qualys have apparently been targeted by the threat actor that breached the systems of IT management solutions provider SolarWinds as part of a sophisticated supply chain attack. Fidelis Cybersecurity has also confirmed being hit, but it’s unclear if it was specifically targeted.
NAT Slipstreaming 2.0 Exposes Devices on Internal Networks to Remote Attacks
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise any device on the local network, according to researchers at enterprise IoT security firm Armis.
Google Says Chrome Cookie Replacement Plan Making Progress
Google says it’s making progress on plans to revamp Chrome user tracking technology aimed at improving privacy even as it faces challenges from regulators and officials.
Several DDoS Attack Records Broken in 2020
Several companies that provide services for mitigating distributed denial-of-service (DDoS) attacks reported seeing records being broken in 2020.
Australian Corporate Regulator Discloses Breach Involving Accellion Software
The Australian Securities and Investments Commission (ASIC) on Monday disclosed a security incident that involved Accellion software.
CISO Conversations: Intel, Cisco Security Chiefs Discuss the Making of a Great CISO
Crane Maker Palfinger Says Cyberattack Had 'Massive' Impact on IT Infrastructure
Austria-based crane manufacturer Palfinger on Monday informed customers that its IT infrastructure suffered serious disruptions as a result of an “ongoing global cyber attack.”
Google Warning: North Korean Gov Hackers Targeting Security Researchers
Google late Monday raised the alarm about a “government-backed entity based in North Korea” targeting -- and hacking into -- computer systems belonging to security researchers.
South Carolina County Suffers Weekend Cyberattack
A coastal South Carolina county says hackers broke into its computer network over the weekend.
A statement from Georgetown County’s local government Monday said the county’s computer network “suffered a major infrastructure breach over the weekend.” Most of the county’s electronic systems, including emails, were impacted.
Phishers Target C-Suite with Fake Office 365 Password Expiration Reports
An ongoing phishing campaign delivering fake Office 365 password expiration reports has managed to compromise tens of C-Suite email accounts to date, according to a warning from anti-malware vendor Trend Micro.
Passwordless Authentication Provider Axiad Raises $20 Million
Axiad, a provider of a cloud-based passwordless authentication solutions, has raised $20 million in growth funding from private equity firm from Invictus Growth Partners.
Clothing Brand Bonobos Informs Users of Data Breach
Menswear brand Bonobos has started informing customers of a data breach that may have resulted in their personal information getting compromised.
Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems
American packaging giant WestRock (NYSE: WRK) on Monday revealed that it was recently targeted in a ransomware attack that impacted both information technology (IT) and operational technology (OT) systems.
CrowdStrike Discloses Details of Recently Patched Windows NTLM Vulnerability
One of the vulnerabilities that Microsoft addressed on January 2021 Patch Tuesday could allow an attacker to relay NTLM authentication sessions and then execute code remotely, using a printer spooler MSRPC interface.
Russian Hack of US Agencies Exposed Supply Chain Weaknesses
The elite Russian hackers who gained access to computer systems of federal agencies last year didn’t bother trying to break one by one into the networks of each department.
Industrial Firms Informed About Serious Vulnerabilities in Matrikon OPC Product
Industrial organizations have been informed about the existence of several potentially serious vulnerabilities affecting an OPC UA product made by Honeywell subsidiary Matrikon.
Illinois Court Exposes More Than 323,000 Sensitive Records
Unsecured Server Exposed Records Containing Sensitive Personal Data and Case Notes From Cook County Court
Chipmaker Intel Corp. Blames Internal Error on Data Leak
The computer chipmaker Intel Corp. on Friday blamed an internal error for a data leak that prompted it to release a quarterly earnings report early. It said its corporate network was not compromised.
SonicWall Says Internal Systems Targeted by Hackers Exploiting Zero-Day Flaws
Cybersecurity firm SonicWall said late on Friday that some of its internal systems were targeted by “highly sophisticated threat actors” exploiting what appear to be zero-day vulnerabilities affecting some of the company’s products.
Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP
Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials. The browser refresh also drops support for the FTP protocol and for the Adobe Flash plugin.