Data Breaches

Attacker uses the Azure Serial Console to gain access to Microsoft VM

Financially motivated threat actor UNC3944 is using phishing and SIM swapping attacks to take over Microsoft Azure admin accounts and gain access to virtual machines (VM), according to cybersecurity firm Mandiant. Using access to virtual machines the attackers employed malicious use of the Serial Console on Azure Virtual Machines to install third-party remote management software within client environments, Mandiant said in a blog. UNC3944 has been active since May 2022. The threat actor has been…

Read More

Insider threats surge across US CNI as attackers exploit human factors

Over three-quarters (77%) of organizations across US critical national infrastructure (CNI) have seen a rise in insider-driven cyberthreats in the last three years, according to new research from cybersecurity services firm Bridewell. The Cyber Security in CNI: 2023 report surveyed 525 cybersecurity decision makers in the US in the transport and aviation, utilities, finance, government, and communications sectors. It revealed that increased insider threat could be linked to heightened economic pressures and remote working. Threats…

Read More

Security breaches push digital trust to the fore

As digital transactions with customers, employees, suppliers, and other stakeholders grow, digital trustworthiness is set to become one of the most important enterprise-wide initiatives with the biggest potential impact (both negative and positive), even though it often has the smallest budget allocation. “Organizations are focusing on security and privacy, but if your customers don’t trust you, they will go elsewhere,” says Mark Thomas president of Escoute Consulting, which specializes in compliance. This view is borne…

Read More

Arnica’s real-time, code-risk scanning tools aim to secure supply chain

Software supply chain security provider Arnica has added new real-time scanning tools to its namesake code-security suite, including static application security testing (SAST), infrastructure as code (IaC) scanning, software component analysis (SCA), and third-party package reputation checks. With the enhancements, the company claims to provide a comprehensive security solution that identifies and prevents the introduction of code risks in real time using a pipeline-less approach. “Arnica implements a pipeline-less security approach, which means that all…

Read More

Aqua Security releases Real-Time CSPM to tackle multi-cloud security risks

Cloud native security vendor Aqua Security has announced the launch of Real-Time CSPM, a new cloud security posture management solution designed to provide visibility and risk prioritization across multi-cloud security risks. Real-Time CSPM uses “real-time scanning” to pinpoint threats that evade agentless detection and reduce noise so security practitioners can identify, prioritize, and remediate the most important cloud security risks, according to the firm. It is the latest addition to the Aqua Cloud Security Platform.…

Read More

New APT targets South and Southeast Asia with custom-written backdoor

Lancefly, an APT group, is using a custom-written backdoor in attacks targeting government, aviation, education, and telecom organizations in South and Southeast Asia in an activity that has been ongoing for the past five years, according to Symantec. The group has been seen carrying out the activity with the motive of intelligence gathering. Lancefly has been deploying the Merdoor backdoor in highly targeted attacks since 2018 to establish persistence, execute commands, and perform keylogging on…

Read More

New ransomware gang RA Group quickly expanding operations

Researchers warn of a new ransomware threat dubbed RA Group that also engages in data theft and extortion and has been hitting organizations since late April. The group’s ransomware program is built from the leaked source code of a different threat called Babuk. “Like other ransomware actors, RA Group also operates a data leak site in which they threaten to publish the data exfiltrated from victims who fail to contact them within a specified time…

Read More

Law enforcement crackdowns and new techniques are forcing cybercriminals to pivot

It can seem like cybercriminals are running rampant across the world’s digital infrastructure, launching ransomware attacks, scams, and outright thefts with impunity. Over the last year, however, US and global authorities seized $112 million from cryptocurrency investment scams, disrupted the Hive ransomware group, broke up online illegal drug marketplaces, and sanctioned crypto money launderers, among other operations to crack down on internet-enabled crimes. These developments highlight how quickly investigative tools have evolved to track and…

Read More

New security tool lets you bypass SSL errors

Endpoint-based web and cloud security provider Dope Security has launched a new instant secure socket layer (SSL) error resolution feature on its secure web gateway (SWG) offering, Dope.swg. The new feature is added to simplify SSL inspection conducted by Dope’s SWG and helps admins bypass SSL errors generated as a result of the inspection. “Dope’s main differentiation is its ‘fly-direct’ architecture — rather than re-route all of your Internet traffic to a data center for…

Read More

Brightly Software Notifying 3 Million SchoolDude Users of Data Breach

Brightly Software last week started informing roughly three million individuals that their personal information might have been compromised in a recent data breach. A Siemens subsidiary, Brightly provides asset management solutions, including CMMS, EAM, IoT remote monitoring, strategic asset management, and more. The company claims to have over 12,000 clients worldwide, across different industries. On May 11, the company started sending out notification letters to its SchoolDude users, to flag a cybersecurity incident that occurred…

Read More