Today is the last day to send us your feedback in exchange for a chance to win a $100 Amazon gift card. We'd love to hear how we can provide the best content for you, and help make your life easier (and more cybersecure).
Today developers largely outnumber security engineers by 100:1 and there are few people with access to security expertise. Turning to ethical hackers for knowledge to bolster security toolboxes is a growing trend in the community. Detectify CEO Rickard Carlsson discusses how security startups are challenging conventional cybersecurity solutions using the speed of automation and hacker expertise, and how these game changers are involving developers with security. View the full discussion.
Vaccination phishbait. Ransomware vs. Exchange Server. Purple Fox's wormy rootkit. Ransomware hits Sierra Wireless. ICS alerts.
Palo Alto Networks’ Unit 42 this morning released a report describing how cybercriminals are taking advantage of the COVID-19 pandemic. Their reliance on hurrying the victims with a factitious sense of urgency has continued to shift: as vaccines are rolled out, the phishbait now tends to include vaccine availability and vaccination scheduling.
DearCry and Black Kingdom ransomware continue being deployed against vulnerable Microsoft Exchange servers. WIRED notes that DearCry’s relative lack of sophistication renders it a less dangerous threat. The Record reports that Black Kingdom’s kickoff of its own operations against Exchange Servers was sloppy (they’d failed to encrypt victims’ files) but that by yesterday they’d rectified their mistake.
Guardicore describes Purple Fox, an active malware campaign targeting Windows machines. It's backed by an extensive infrastructure, and it includes a rootkit with worm capabilities.
In a Form 6-K filed yesterday with the Securities and Exchange Commission, Sierra Wireless disclosed that on March 20th it discovered a ransomware attack that led it to suspend manufacturing. The company believes only internal systems were hit, with "customer facing products and services" unaffected.
The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday released six advisories on industrial control systems: Ovarro TBox, GE MU320E, Weintek EasyWeb cMT, Rockwell Automation MicroLogix 1400 (Update A), Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers (Update A), Ovarro TBox, and GE Reason DR60. Claroty published its own research on one system's vulnerabilities, Ovarro TBox, which the researchers believe illustrates the risks of connecting unprotected control systems to the Internet.
Today's issue includes events affecting Canada, China, India, Israel, Japan, the Democratic People Republic of Korea, Montenegro, NATO/OTAN, Russia, the United Kingdom, and the United States.
In a remote work world, managing and securing endpoints has never been more important. Tanium, provider of endpoint management and security built for the world's most demanding IT environments, published a report with PSB Insights on the new security challenges facing organizations as a result of the COVID-19 pandemic. IT Leads the Way: How the Pandemic Empowered IT features intelligence from 500-senior level IT decision makers. Visit tanium.com/EmpowerIT to download the full report.