SecurityWeek

More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack

Security Week - 1 hour 44 min ago

Cybersecurity companies Mimecast and Qualys have apparently been targeted by the threat actor that breached the systems of IT management solutions provider SolarWinds as part of a sophisticated supply chain attack. Fidelis Cybersecurity has also confirmed being hit, but it’s unclear if it was specifically targeted.

read more

Categories: SecurityWeek

NAT Slipstreaming 2.0 Exposes Devices on Internal Networks to Remote Attacks

Security Week - 5 hours 27 min ago

A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise any device on the local network, according to researchers at enterprise IoT security firm Armis.

read more

Categories: SecurityWeek

Google Says Chrome Cookie Replacement Plan Making Progress

Security Week - 6 hours 6 min ago

Google says it’s making progress on plans to revamp Chrome user tracking technology aimed at improving privacy even as it faces challenges from regulators and officials.

read more

Categories: SecurityWeek

Several DDoS Attack Records Broken in 2020

Security Week - 6 hours 26 min ago

Several companies that provide services for mitigating distributed denial-of-service (DDoS) attacks reported seeing records being broken in 2020.

read more

Categories: SecurityWeek

Australian Corporate Regulator Discloses Breach Involving Accellion Software

Security Week - 7 hours 50 min ago

The Australian Securities and Investments Commission (ASIC) on Monday disclosed a security incident that involved Accellion software.

read more

Categories: SecurityWeek

Crane Maker Palfinger Says Cyberattack Had 'Massive' Impact on IT Infrastructure

Security Week - 9 hours 2 min ago

Austria-based crane manufacturer Palfinger on Monday informed customers that its IT infrastructure suffered serious disruptions as a result of an “ongoing global cyber attack.”

read more

Categories: SecurityWeek

Google Warning: North Korean Gov Hackers Targeting Security Researchers

Security Week - Mon, 01/25/2021 - 8:44pm

Google late Monday raised the alarm about a “government-backed entity based in North Korea” targeting -- and hacking into -- computer systems belonging to security researchers.

read more

Categories: SecurityWeek

South Carolina County Suffers Weekend Cyberattack

Security Week - Mon, 01/25/2021 - 8:14pm

A coastal South Carolina county says hackers broke into its computer network over the weekend.

A statement from Georgetown County’s local government Monday said the county’s computer network “suffered a major infrastructure breach over the weekend.” Most of the county’s electronic systems, including emails, were impacted.

read more

Categories: SecurityWeek

Phishers Target C-Suite with Fake Office 365 Password Expiration Reports

Security Week - Mon, 01/25/2021 - 3:16pm

An ongoing phishing campaign delivering fake Office 365 password expiration reports has managed to compromise tens of C-Suite email accounts to date, according to a warning from anti-malware vendor Trend Micro.

read more

Categories: SecurityWeek

Passwordless Authentication Provider Axiad Raises $20 Million

Security Week - Mon, 01/25/2021 - 2:59pm

Axiad, a provider of a cloud-based passwordless authentication solutions, has raised $20 million in growth funding from private equity firm from Invictus Growth Partners.

read more

Categories: SecurityWeek

Clothing Brand Bonobos Informs Users of Data Breach

Security Week - Mon, 01/25/2021 - 11:02am

Menswear brand Bonobos has started informing customers of a data breach that may have resulted in their personal information getting compromised.

read more

Categories: SecurityWeek

Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems

Security Week - Mon, 01/25/2021 - 10:42am

American packaging giant WestRock (NYSE: WRK) on Monday revealed that it was recently targeted in a ransomware attack that impacted both information technology (IT) and operational technology (OT) systems.

read more

Categories: SecurityWeek

CrowdStrike Discloses Details of Recently Patched Windows NTLM Vulnerability

Security Week - Mon, 01/25/2021 - 10:11am

One of the vulnerabilities that Microsoft addressed on January 2021 Patch Tuesday could allow an attacker to relay NTLM authentication sessions and then execute code remotely, using a printer spooler MSRPC interface.

read more

Categories: SecurityWeek

Russian Hack of US Agencies Exposed Supply Chain Weaknesses

Security Week - Mon, 01/25/2021 - 9:24am

The elite Russian hackers who gained access to computer systems of federal agencies last year didn’t bother trying to break one by one into the networks of each department.

read more

Categories: SecurityWeek

Industrial Firms Informed About Serious Vulnerabilities in Matrikon OPC Product

Security Week - Mon, 01/25/2021 - 9:09am

Industrial organizations have been informed about the existence of several potentially serious vulnerabilities affecting an OPC UA product made by Honeywell subsidiary Matrikon.

read more

Categories: SecurityWeek

Illinois Court Exposes More Than 323,000 Sensitive Records

Security Week - Mon, 01/25/2021 - 7:00am

Unsecured Server Exposed Records Containing Sensitive Personal Data and Case Notes From Cook County Court

read more

Categories: SecurityWeek

Chipmaker Intel Corp. Blames Internal Error on Data Leak

Security Week - Sat, 01/23/2021 - 3:23pm

The computer chipmaker Intel Corp. on Friday blamed an internal error for a data leak that prompted it to release a quarterly earnings report early. It said its corporate network was not compromised.

read more

Categories: SecurityWeek

SonicWall Says Internal Systems Targeted by Hackers Exploiting Zero-Day Flaws

Security Week - Sat, 01/23/2021 - 7:07am

Cybersecurity firm SonicWall said late on Friday that some of its internal systems were targeted by “highly sophisticated threat actors” exploiting what appear to be zero-day vulnerabilities affecting some of the company’s products.

read more

Categories: SecurityWeek

Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP

Security Week - Fri, 01/22/2021 - 12:53pm

Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials.   The browser refresh also drops support for the FTP protocol and for the Adobe Flash plugin.

read more

Categories: SecurityWeek

Pages