GAO auditors say in a new report that the federal government's response to both the SolarWinds software supply chain attack and the exploitation of Microsoft Exchange Servers in 2021 sharpened its coordination efforts, but also exposed information-sharing gaps.
The defacement of Ukrainian government websites may have been intended as a smokescreen for a destructive malware attack that failed to execute or has yet to be unleashed, some security experts warn. Ukraine continues to investigate the attack, which it suggests may trace to Russia, Belarus or both.
With 16% of U.S. citizens using a cryptocurrency trading platform, OCC acting Chief Michael Hsu urges collaborative efforts to pass cryptocurrency regulations, which he says could lead to greater innovation in the space.
North Korean cybercriminals escalated their illicit campaigns throughout 2021, frequently carrying out crypto hacks to siphon funds, launder gains and cash out using a decentralized exchange. New data from Chainalysis says North Korean hackers lifted nearly $400 million in cryptoassets last year.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...
Multiple government sites in Ukraine, as well as Swedish, U.K. and U.S. embassy websites, have been defaced with warnings to "be afraid and expect the worst." The defacements occurred after a week of "intensive" but unresolved talks between NATO and Russia, which continues to mass troops on Ukraine's border.
A new Lazarus-linked APT threat known as BlueNoroff has emerged and is actively targeting cryptocurrency startups in a campaign called "SnatchCrypto." Research by Kaspersky found that more than 15 venture businesses and their employees have fallen victim to the nation-state threat actors.
The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.
In the wake of the explosive Apache Log4j vulnerabilities, the White House hosted tech leaders and federal agencies in a summit to discuss ways to improve open-source software security. The meeting was hosted by Deputy National Security Adviser for Cyber and Emergency Technology Anne Neuberger.
Police in Ukraine have arrested five individuals on suspicion of using ransomware to extort more than 50 companies across the United States and Europe, as well as to provide an IP-changing service to international hackers to help them distribute malware, steal sensitive data and disrupt sites.
Amid a surge in cryptocurrency investment - particularly across DeFi - blockchain experts warn that lax security was a main factor in $1.3 billion in cryptoassets being lost to hacks, exploits and scams in 2021. The losses, according to CertiK, rose from $500 million in 2020.
Attackers wielding Night Sky ransomware are among the latest groups that have been attempting to exploit critical vulnerabilities in widely used Apache Log4j software. Microsoft says that among other attacks, a China-based ransomware operator has been exploiting Log4j flaws in VMware Horizon.
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
The U.S. Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency warn in a joint advisory that state-sponsored Russian attackers are actively exploiting and seeking to cause disruption to critical infrastructure, and it urges defenders to mitigate commonly seen attack vectors.