Singtel Suffers Zero-Day Cyberattack, Damage Unknown

The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform. Mit dem Laden des Tweets akzeptieren Sie die Datenschutzerklärung von Twitter.Mehr erfahren Inhalt laden Twitter Tweets immer entsperren    

DDoS attacks intensify — Driven in part by COVID-19 and 5G

Cybercriminals had a busy year in 2020, with rapidly increasing numbers of distributed denial of service (DDoS) weapons, widespread botnet activity, and some of the largest DDoS attacks ever recorded. As COVID-19 drove an urgent shift online for everything from education and healthcare, to consumer shopping, to office work, hackers had more targets available than ever—many of them under protected …

Hackers ask only $1,500 for access to breached company networks

The number of offers for network access and their median prices on the public posts on hacker forums dropped in the final quarter of last year but the statistics fail to reflect the real size of the initial access market. https://www.bleepingcomputer.com/news/security/hackers-ask-only-1-500-for-access-to-breached-company-networks/  

North Korean hackers stole more than $300 million to pay for nuclear weapons, says confidential UN report

North Korea’s army of hackers stole hundreds of millions of dollars throughout much of 2020 to fund the country’s nuclear and ballistic missile programs in violation of international law, according to a confidential United Nations report. https://www.9news.com.au/world/north-korean-hackers-stole-more-than-300-million-to-pay-for-nuclear-weapons-says-un-report/5e382a51-2501-4990-ae16-fbdd01627661

Mobile Device Security: Corporate-Owned Personally-Enabled

The NCCoE has released the final version of NIST Cybersecurity Practice Guide Special Publication (SP) 1800-21, Mobile Device Security: Corporate-Owned Personally-Enabled (COPE). Use the button below to view this publication in its entirety, or scroll down for links to a specific section. https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/corporate-owned-personally-enabled https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-21.pdf    

Researchers discover new malware from Chinese hacking group

Researchers have discovered new “highly malleable, highly sophisticated” malware from a state-backed Chinese hacker group, according to Palo Alto Network’s Unit 42 threat intelligence team. https://www.axios.com/malware-chinese-hacking-researchers-7c3d1c66-0bea-46c2-bad6-d13f0eb69a5a.html    

Plex Media SSDP (PMSSDP) Reflection/Amplification DDoS Attack Mitigation Recommendations

ASERT Threat Summary Date/Time: February 7, 2020 2200UTC Severity: Warning Distribution: TLP: WHITE Categories: Availability Contributors: Ben Crowther, Ion Schiopu, Jon Belanger, Chris Conrad, Andrew Bartholomew. Changes for Version 1.2 (February 7, 2020):  Added information concerning new Plex Media Server (PMS) update which prevents PMS from being abused to launch reflection/amplification DDoS attacks Added link to Baidu Labs Chinese-language initial disclosure post. Changes for Version 1.1 (February …

Do you understand what Schrems II means for your business?

Since the Schrems II case ruling, there has been a concerning lack of understanding across the board among C-level executives who have misconceptions about the penalties of non-compliance, and what is required of their organisation to move forward without breaching data protection regulations. As a result, many businesses are now facing a challenge on two fronts; typically they do not …

Top 5 Bug Bounty Programs to Watch in 2021

While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the „Application Crowdtesting Services“ category. https://thehackernews.com/2021/02/top-5-bug-bounty-programs-to-watch-in.html    

Over 3 billion emails and passwords hacked in possibly the largest breach ever

Hacker harvest 2021 has begun. According to CyberNews, 3.27 billion unique pairs of emails and passwords were leaked on a popular hacking forum, aggregating past leaks from Netflix, LinkedIn, and other platforms. https://www.consumeraffairs.com/news/over-3-billion-emails-and-passwords-hacked-in-possibly-the-largest-breach-ever-020421.html    

Critical Cisco Flaws Open VPN Routers Up to RCE Attacks

The vulnerabilities exist in Cisco’s RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses. Mit dem Laden des Tweets akzeptieren Sie die Datenschutzerklärung von Twitter.Mehr erfahren Inhalt laden Twitter Tweets immer entsperren

Highlights of the Cybersecurity Standardisation Conference

The 2021 edition of the Conference presented the developments and upcoming challenges in European standardisation under the Cybersecurity Act. The European Standards Organisations, CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organise its annual conference virtually this year. The event, which took place from 2nd to 4th February, attracted over 2000 participants from …

3 New Severe Security Vulnerabilities Found In SolarWinds Software

Cybersecurity researchers on Wednesday disclosed three severe security vulnerabilities impacting SolarWinds products, the most severe of which could have been exploited to achieve remote code execution with elevated privileges. https://thehackernews.com/2021/02/3-new-severe-security-vulnerabilities.html    

Zero-day vulnerability in SonicWall products actively exploited in the wild

The warning comes following a cyber-attack on the network security company last month A zero-day vulnerability in SonicWall enterprise security products is being actively exploited in the wild, cybersecurity firm NCC Group has warned. https://portswigger.net/daily-swig/zero-day-vulnerability-in-sonicwall-products-actively-exploited-in-the-wild