Latest

Fraud Management & Cybercrime

Phishing Campaign Features Fake Office 365 Update

Akshaya Asokan  •  January 27, 2021

A targeted phishing campaign is using a fake Microsoft Office 365 update to steal email credentials from business executives, and the credentials are then being offered for sale in underground forums, security firm Trend Micro reports.

DDoS Protection

Netscout: 10 Million DDoS Attacks in 2020

Doug Olenick  •  January 27, 2021

The number of distributed denial-of-service attacks launched in 2020 surpassed 10 million, up from 8.5 million in 2019, according to NetScout's Atlas Security Engineering and Response Team.

Cybercrime

Mimecast Confirms SolarWinds Hackers Breached Company

Scott Ferguson  •  January 26, 2021

Email security vendor Mimecast confirmed Tuesday that the hackers responsible for the SolarWinds supply chain hack also breached the security firm's network to compromise a digital certificate that encrypts data that moves between some of the firm's products and Microsoft's servers.

►

3rd Party Risk Management

Supply Chain Integrity: The Role of Verified Reproducible Builds

Jeremy Kirk  •  January 26, 2021

The SolarWinds supply chain compromise has raised questions over how to detect software that has been tainted during the vendor's development and build process. A concept called verified reproducible builds could help, says David Wheeler of the Linux Foundation.

Breach Notification

Cyber Incident Knocks Construction Firm Palfinger Offline

Doug Olenick  •  January 25, 2021

The Austrian construction equipment manufacturing firm Palfinger AG reports being hit with a cyberattack that has knocked the majority of its worldwide IT infrastructure offline, eliminating its ability to use email and conduct business.

►

Fraud Management & Cybercrime

Assessing the SolarWinds Hack's Impact on Fraud

Suparna Goswami  •  January 25, 2021

What impact could the SolarWinds supply chain hack have on fraud trends? Al Pascual of Breach Clarity offers an analysis.

DDoS Protection

DDoS Attackers Exploit Vulnerable Microsoft RDP Servers

Prajeet Nair  •  January 25, 2021

Threat actors are exploiting vulnerable Microsoft Remote Desktop Protocol servers to amplify DDoS attacks, according to a report from Netscout, which offers mitigation advice.

►

Security Operations

Automating the SOC: 'Start Small'

Anna Delaney  •  January 25, 2021

When deploying automation in their security operations centers, organizations should start with "small and simple things," advises Nat Smith of Gartner, who also offers tips on retaining skilled SOC analysts.

Fraud Management & Cybercrime

Tesla Sues Former Employee, Alleges IP Theft

Doug Olenick  •  January 25, 2021

Tesla has filed a lawsuit against a former employee who the carmaker says stole thousands of confidential software files almost immediately after being hired in December.

Application Security

SonicWall Investigating Zero-Day Attacks Against Its Products

Scott Ferguson  •  January 24, 2021

Security vendor SonicWall is investigating what the company calls a "coordinated attack" against its internal network by threat actors using a zero-day exploit within the company's remote access products. SonicWall is urging customers to apply temporary fixes to secure VPNs and gateways.

Cybercrime as-a-service

DDoS Attackers Revive Old Campaigns to Extort Ransom

Akshaya Asokan  •  January 23, 2021

Threat actors behind a distributed denial-of-service campaign targeted the same set of victims again after the organizations refused to pay the initial ransom demand, a new report by security firm Radware finds.

Breach Notification

Intel Investigating Hack of Confidential Financial Report

Doug Olenick  •  January 23, 2021

Intel is investigating an incident in which an unauthorized person accessed a portion of the company's latest quarterly financial report, forcing the chipmaker to release its earnings slightly earlier than planned.