A post-exploitation framework dubbed IceApple has been targeting global organizations that use Internet Information Services - Microsoft's extensible web server software - and Microsoft Exchange servers since at least 2021, says Falcon OverWatch, the proactive threat hunting team at CrowdStrike.
In the latest update, four editors at Information Security Media Group discuss the intriguing insights exposed by the leak of ransomware gang Conti's internal communications, the U.S. Treasury's first-ever sanctions on a cryptocurrency mixer and the latest cyber activity in Russia's hybrid war.
As the Russia-Ukraine war continues, cybersecurity officials say the risk of attack spillover - and perhaps the direct targeting of critical infrastructure sectors outside Ukraine - remains high. The memo for CISOs is clear: Remain prepared.
In the latest "Troublemaker CISO" post, security director Ian Keller discusses the issue of supply chain security and whether you should disclose information about your supply chain to companies as part of the effort to secure it. His conclusion: Build your defenses and trust no one.
Viasat's satellite communications suffered an outage an hour before the Russian invasion of Ukraine began on Feb. 24. The company said it was a cyberattack, but did not identify the attacker. The U.S., U.K., EU and Ukraine have now attributed this attack to Russia.
As the Russia-Ukraine war continues, what cybersecurity lessons should be learned? At the CyberUK conference in Wales, cybersecurity czars focused on surprises - including low online attack volume and the role of hacktivists - and lauded Ukraine's cyber resilience, honed by years of stress testing.
Russia's use of wiper malware, DDoS attacks and targeted disinformation show it no longer depends on traditional methods in its war with Ukraine. John Walker, a professor and counterintelligence expert, says organizations need to be "more realistic" about how they handle cyberattacks.
A hacking group called Lapsus$ caused major headaches for identity vendor Okta in March when it dropped incriminating but misleading screenshots of a security breach. Brett Winterford of Okta breaks down what happened and discusses why visibility into third-party support operations is important.
An exploit has been created using critical remote code execution vulnerability CVE-2022-1388 in BIG-IP network traffic security management appliances. F5 BIG-IP admins are advised to immediately implement the patches for this vulnerability, which were released last week.
The Ukrainian CERT has issued a statement saying that a "massive" Jester Stealer malware distribution campaign, designed to steal authentication data, is currently underway. The malware, operated by an unknown attacker, self-destructs after its operation is complete, the agency's statement says.
The massive leak of internal communications from the Conti ransomware group has highlighted the extent to which cybercrime syndicates regularly beg, borrow, steal or sometimes even partner or collaborate, all in pursuit of increasing their illicit profits.
The U.S. Department of State is offering rewards of up to $10 million for information that leads to the identification or location of any individual who holds a key leadership position in the Conti ransomware variant transnational organized crime group.
U.S. President Joe Biden on Thursday signed into the law the Better Cybercrime Metrics Act, which aims to improve data collection on cybercrimes. The law requires the DOJ and the FBI to compile detailed statistics about cybercrime and develop a taxonomy to help contextualize and sort this data.
New York state officials are investigating a data breach at Illuminate Education, maker of a widely used software platform for K-12 schools. More than 1 million current and former New York students' personal details were exposed, and some students in California, Colorado and Connecticut were also affected.
A new malicious campaign that siphons off intellectual property and sensitive data - including documents, blueprints, diagrams, formulas and manufacturing-related proprietary data - has been identified by researchers at Cybereason as being the work of Chinese APT Winnti, based on forensic analysis.