The National Security Agency (NSA) this week published a set of best practices for organizations looking to improve the overall security of their networks The guidance is meant to be generic, applicable to a broad range of network devices, and should help administrators prevent adversaries from exploiting their networks. According to the NSA, organizations looking to ensure that a network is protected from threats and that resources are secured should implement multiple defensive layers and also adopt a zero-trust security model. When it comes to network architecture, the NSA...
A Chinese security firm released a detailed report about what it says is malware created by Equation Group, a hacking group widely believed to be the NSA Researchers Say They’ve Spotted an NSA Hacking Tool Security researchers from Pangu Labs say they’ve pieced together the origins of a nearly decade-old hacking tool, and that it traces back to the Equation Group, which is widely thought to be the US National Security Agency. They say they were able to make the link thanks in part to a leak by the...
Amid renewed tensions between the U.S. and Russia over Ukraine and Kazakhstan, American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors. To that end, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) have laid bare the tactics, techniques, and procedures (TTPs) adopted by the adversaries, including spear-phishing, brute-force, and exploiting known vulnerabilities to gain initial access to target networks. The list of flaws exploited by Russian hacking groups to...
Threat actors are increasingly using advanced tactics to obfuscate and launder their illicit gains, a report by the US Government finds As much as US$5.2 billion worth of outgoing Bitcoin transactions may be tied to ransomware payouts involving the top 10 most common ransomware variants alone, according to a report by the Financial Crimes Enforcement Network (FinCEN) of the United States Department of the Treasury. The report also looked at ransomware-related Suspicious Activity Reports (SARs), i.e. reports made by financial institutions about suspected ransomware payments, in the first half of this...
Blockchain company Harmony has offered a $1 million bounty to hackers who stole $100 million worth of Ethereum tokens. It also says it won’t push for criminal charges if the funds are returned. The Horizon bridge is a cross-chain protocol connecting the Ethereum, Binance and Harmony blockchains. It allows the transfers of cryptocurrencies, stablecoins and non-fungible tokens between the Harmony blockchain and the other networks, DataBreachToday.co.uk Reports The company has attempted to contact the hackers via a transaction to their Ethereum wallet address, Harmony tells Information Security Media Group. At the...
Blockchain company Harmony said $100 million in cryptocurrency was stolen from the platform on Thursday evening. The company said the FBI is now investigating the theft alongside several cybersecurity firms. A cross-chain bridge – also known as a blockchain bridge – allows people to transfer tokens, assets, smart contract instructions and data between blockchains. They have become a ripe target for hackers in recent months and exploits in bridges have led to millions of dollars in losses. Harmony – which helps people send cryptocurrency, stablecoins and NFTs between different blockchains like Ethereum and...
UK legislators have proposed an amendment to the Product Security and Telecommunications Infrastructure (PSTI) bill that would give cybersecurity professionals a legal defence for their activities under the Computer Misuse Act (CMA). A cross-party group in the House of Lords, the UK’s second chamber, tabled the amendment on Tuesday (June 21). The PSTI bill is designed to support the UK’s 5G rollout while also mandating vulnerability disclosure policies for vendors of Internet of Things (IoT) products, among other security provisions. ‘Acting in good faith’ The CyberUp campaign, a security industry coalition calling for wholesale reform...
Plus: The US admits to cyber operations supporting Ukraine, SCOTUS investigates its own, and a Michael Flynn surveillance mystery is solved. NOT TO FREAK out anyone, but there’s a serious flaw in all supported versions of Microsoft Windows that allows attackers to take over your machine. The so-called Follina vulnerability can be exploited using a weaponized Word document, and security researchers say they’ve already spotted government-backed hackers using this attack in the wild. Fingers crossed that Microsoft, which has downplayed the severity of the flaw, issues a patch soon. We also explored the...
U.S. cybersecurity and intelligence agencies have warned about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private sector organizations since at least 2020. The widespread intrusion campaigns aim to exploit publicly identified security flaws in network devices such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices with the goal of gaining deeper access to victim networks. In addition, the actors used these compromised devices as route command-and-control (C2) traffic to break into other targets at scale, the U.S. National Security Agency (NSA), the Cybersecurity...
This story is still developing: As seen today on twitter, Lockbit ransomware group claims to have ransomed Mandiant. Realinfosec.net reached out to Mandiant and the threat intel firm said it hadn’t yet found evidence of a breach. Update: 07/07/2022 Mandiant: “No evidence” we were hacked by LockBit ransomware American cybersecurity firm Mandiant is investigating LockBit ransomware gang’s claims that they hacked the company’s network and stole data. The ransomware group published a new page on its data leak website earlier today, saying that the 356,841 files they allegedly stole...
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of the cookies. Cookie & Privacy Policy
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.