The U.S. Capitol siege and the impeachment of President Trump are being exploited for disinformation purposes ahead of Inauguration Day by Russia, Iran and China, a U.S. joint threat assessment reportedly warns. But in terms of violence, domestic extremists are the principal threat.
A new leaks site claims to be selling data from Cisco, FireEye, Microsoft and SolarWinds that was stolen via the SolarWinds supply chain attack. Security experts question whether the offer is legitimate and note that it parallels previous efforts, including by Russia, designed to foil hack attack attribution.
A recently identified mobile remote access Trojan dubbed "Rogue," which exploits Google's Firebase development platform, targets Android devices to exfiltrate personal data and can deliver other malware, according to Check Point Research. The RAT is being offered for sale or rent in darknet forums.
Investigators probing the supply chain attack that hit SolarWinds say attackers successfully hacked the company's Microsoft Visual Studio development tools to add a backdoor into Orion network monitoring security software builds. They warn that other vendors may have been similarly subverted.
The "Sunburst" backdoor deployed in the breach of SolarWinds' Orion network monitoring tool uses some of the same code found in the "Kazuar" backdoor, which security researchers have previously tied to Russian hackers, the security firm Kaspersky reports.
Reacting to reports claiming hackers may have used JetBrains' TeamCity tool as an initial infection vector during the attack against SolarWinds, JetBrains CEO Maxim Shafirov says the company has not been contacted by investigators. But he says customer misconfiguration of TeamCity could have enabled a hack.
ESG Estimates a 233% ROI from Anomali Threat Intelligence Solutions
Never before has it been so critical for enterprises to effectively empower an increasingly remote workforce with access to applications and resources across several geographic regions, networks, and devices.
Enterprises have been forced to...
One of the most exciting, useful, and needed efforts in recent years for information security is the MITRE ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) framework, a way to describe and categorize adversarial behaviors based on real-world observations. The goal of ATT&CK is to be a living dataset that is...
Overcoming the Cybersecurity Skills Gap and Data Overload Requires Technologies Like ThreatStream
Cybersecurity is a daily, ongoing battle between sophisticated and motivated adversaries and defenders seeking not only to mitigate breaches and attacks but also to prevent them from occurring. A key strategy for...
Benchmarking Future Growth Potential
Within a field of eight competitors, Anomali was positioned on the Frost Radar as the clear innovation leader and ranked second in the growth index. Frost & Sullivan profiled companies that demonstrate a commitment to improving their products and growing their market share....
Threat Intelligence for Improved Cyber Threat Mitigation and Accelerated Remediation
Understanding threat intelligence and implementing a threat intelligence solution to enhance your cybersecurity strategy should not be an intimidating process. With a solid plan, your transition to threat intelligence can be...
Mounting evidence points to the "serious compromise" of SolarWinds' Orion software having been an intelligence gathering operation "likely" run by Russia, according to U.S. government agencies probing the supply chain attack. It's the first official attack attribution to be issued by the Trump administration.
As investigators probe the SolarWinds hack, they're finding that the supply chain campaign appears to have deeply compromised more than the 50 organizations originally suspected. Meanwhile, the federal agencies overseeing the investigation now officially believe a Russian-linked hacking group is responsible.