Software vendor SolarWinds has updated multiple versions of its Orion network-monitoring software to address the Sunburst backdoor that was added to its code and to block Supernova malware that exploited a vulnerability in Orion. But incident response experts have warned that full cleanup may take years.
Kawasaki Heavy Industries is reporting that an unknown threat actor gained access to its internal network through servers located in an overseas office, according to a company statement. The result: Some corporate data may have leaked to a third party.
A recently uncovered payment card skimmer is targeting several large content management systems that support the online checkout pages of dozens of e-commerce sites, according to researchers with Sansec. The malware works by using a keylogger to harvest payment and personal data.
The SolarWinds breach is a case study in how attackers can subvert a widely used piece of software to turn it to their advantage, says Lou Manousos, CEO of RiskIQ. The attack surface management expert details lessons all organizations must learn in the wake of this "unprecedented" attack.
Citrix is warning its customers that attackers are taking advantage of the company's ADC products to conduct and amplify DDoS attacks, according to a notification published by the firm. A permanent fix to address this security issue won't be available until January.
Britain's National Crime Agency says 21 individuals have been arrested on suspicion of purchasing personally identifiable information from the WLeakInfo website. Authorities say the site provided access to more than 12 billion personal records culled from 10,000 data breaches.
More than two years after Europe's tough new General Data Protection Regulation came into full effect, EU privacy watchdogs are finding more consensus, and consumers have been benefiting, experts say. But how regulators apply sanctions, in particular, remains a work in progress.
First you had 'shadow IT,' then 'shadow cloud.' Now enterprises are encountering 'shadow APIs' - and the lack of visibility into these interfaces is causing new, often overlooked cybersecurity vulnerabilities, says Subbu Iyer of Cequence Security.
Microsoft warned CrowdStrike of a failed attempt by unidentified attackers to access and read the company's emails, according to a blog post published by the security firm. The unsuccessful hacking incident is reportedly tied to the breach of SolarWinds.
Federal, state and local governments are among the many victims of the supply chain attack that backdoored the SolarWinds' Orion network-monitoring software, and victims "may need to rebuild all network assets" being monitored by the software, the U.S. Cybersecurity and Infrastructure Security Agency warns.
He's commanded armed forces, directed the National Security Agency, and now he is president of vendor IronNet Cybersecurity. From this unique perspective, retired General Keith Alexander says the SolarWinds breach is "a call for action."
The Department of Homeland Security is warning U.S. companies about data theft risks associated with the use of Chinese technology and digital services, citing a new law in China giving the government the right to access data.
The Lazarus Group, a North Korean advanced persistent threat gang, apparently recently targeted a national ministry of health and a drug manufacturer involved in developing a COVID-19 vaccine in an attempt to steal information, according to the security firm Kaspersky.
Cybercriminals are targeting online shoppers in the U.S. and Western Europe with fake Amazon gift cards that deliver the Dridex banking Trojan, the security firm Cybereason reports.
The FBI is warning that fraudsters are exploiting the recent news surrounding the availability of COVID-19 vaccines to launch schemes designed to steal personal information and money.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.