Latest

Business Continuity Management / Disaster Recovery

Kaseya Says It Did Not Pay Ransom to Obtain Universal Decryptor

Doug Olenick  •  July 26, 2021

Remote management software company Kaseya said Monday that it obtained a universal decryptor key without paying a ransom to the REvil - aka Sodinokibi - gang that hit the firm with a ransomware attack. But it still has not revealed how it obtained the key, other than to say it was supplied by a third party.

Cybercrime

Attackers Rely on 'Exotic' Languages for Malware Creation

Rashmi Ramesh  •  July 26, 2021

Malware developers increasingly are relying on "exotic" programming languages - such as Go, Rust, DLang and Nim - to create malicious code that can avoid detection by security tools and add a layer of obfuscation to an attack, according to a report released Monday by BlackBerry.

Cryptocurrency Fraud

Hackers Target Kubernetes Using Misconfigured Argo Workflows

Akshaya Asokan  •  July 26, 2021

A hacking campaign is targeting Kubernetes environments using misconfigured Argo Workflows to deploy cryptominers, a report by security firm Intezer finds.

Business Continuity Management / Disaster Recovery

IoT Security Dangers Loom as Office Workers Return

Doug Olenick  •  July 24, 2021

With corporate America beginning to ask employees to come back to their offices in the fall, cybersecurity teams have the huge task of ensuring that the work environment is safe. This is particularly true of IoT devices, as many have been left unprotected for months.

►

Cyberwarfare / Nation-State Attacks

ISMG Editors’ Panel: Examining the Pegasus Project

Anna Delaney  •  July 23, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the use of commercially available spyware and security risk management in the telecom sector.

Business Continuity Management / Disaster Recovery

Resiliency Is Key to Surviving a CDN Outage

Doug Olenick  •  July 23, 2021

A short-lived outage at the content delivery network supplier Akamai on Thursday which briefly knocked offline many corporate websites, is another indicator that companies need resiliency built into their systems. That means they should avoid relying on just one CDN provider, security experts say.

Application Security

Analysis: Implications of the Pegasus Spyware Investigation

Anna Delaney  •  July 23, 2021

This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.

Governance & Risk Management

Patch Roundup: Windows, Linux, Oracle, Juniper

Prajeet Nair  •  July 22, 2021

A patch is forthcoming for a privilege escalation vulnerability in the Windows operating system that can allow hackers to gain a foothold. Meanwhile, Linux OS users also need to adopt system upgrades to fix a flaw, and Oracle and Juniper have announced product patches.

Fraud Management & Cybercrime

Has REvil Disbanded? White House Says It Doesn't Know

Mathew J. Schwartz  •  July 22, 2021

What's up with REvil? Questions have been mounting since the notorious ransomware operation went quiet on July 13, not long after unleashing a mega-attack via remote management software vendor Kaseya's software. The Biden administration has welcomed REvil's online shutdown but says it doesn't know the cause.

Cyberwarfare / Nation-State Attacks

Spyware Zero-Day Hits Show Apple Ecosystem's Imperfections

Mathew J. Schwartz  •  July 21, 2021

Following revelations that commercial spyware vendor NSO Group was able to exploit the latest model of the Apple iPhone to install surveillance software, experts describe how Apple could be doing more to lock down its iOS mobile operating system as well as curtail attacks by making them much costlier to run.

Business Email Compromise (BEC)

Microsoft Disrupts Business Email Compromise Domains

Doug Olenick  •  July 21, 2021

Microsoft has announced the takedown of 17 domains that an unnamed threat group operating out of West Africa used to host fake Microsoft websites when conducting business email compromise attacks.

Network Detection & Response

Cybereason, Rapid7 and Microsoft Announce Acquisitions

Doug Olenick  •  July 21, 2021

Cybereason, Rapid7 and Microsoft announced acquisitions this week designed to boost their security capabilities. Meanwhile, DevOps security firm Sysdig made a move to add infrastructure-as-code security to its portfolio.