REvil/Sodinokibi Ransomware | Secureworks

Summary The REvil (also known as Sodinokibi) ransomware was first identified on April 17, 2019. It is used by the financially motivated GOLD SOUTHFIELD threat group, which distributes ransomware via exploit kits, scan-and-exploit techniques, RDP servers, and backdoored software installers. Secureworks® Counter Threat Unit™ (CTU) analysis suggests that REvil is likely associated with the GandCrab
Read more
No Comments

7 Ways VPNs Can Turn from Ally to Threat

VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN. 1 of 8 VPNs are critical pieces of the enterprise cybersecurity infrastructure. When it comes to protecting data in motion, there’s really no good
Read more
1 Comment

HP Purchases Security Startup Bromium

The purchase will bring new isolation and threat intelligence capabilities to the HP portfolio.
Read more
1 Comment

Ransomware Strikes 49 School Districts & Colleges …

The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019. Education is a hot target for ransomware: Nearly 50 school districts and colleges have been hit in 2019 so far, and more than 500 individual K-12 schools have potentially been compromised. Cloud security firm Armor
Read more
1 Comment

WeWork’s Wi-Fi Exposed Files, Credentials, Emails

For years, sensitive documents and corporate data have been easily viewable on the coworking space’s open network. WeWork’s weak Wi-Fi security has been leaving sensitive data accessible on its open network for years. That may have compromised both organizations that work in WeWork spaces as well as those that have never entered WeWork but do
Read more
1 Comment

Metasploit Creator HD Moore’s Latest Hack: IT Assets

Moore has built a network asset discovery tool that wasn’t intended to be a pure security tool, but it addresses a glaring security problem. HD Moore, famed developer of the wildly popular Metasploit penetration testing tool, is about to go commercial with a new project he originally envisioned would give him a nice break from
Read more
1 Comment

Security Pros Value Disclosure … Sometimes

Enterprise Vulnerabilities From DHS/US-CERT’s National Vulnerability Database CVE-2019-15032PUBLISHED: 2019-09-19 Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information. CVE-2019-15033PUBLISHED: 2019-09-19 Pydio
Read more
1 Comment

Saudi IT Providers Hit in Cyber Espionage Operation

Symantec identifies new ‘Tortoiseshell’ nation-state group as the attackers. In what appears to be a coordinated and targeted cyber espionage campaign, the networks of several major IT providers in Saudi Arabia were attacked in the past year as a stepping-stone to the attackers’ ultimate targets in that region. Researchers at Symantec say the attackers have
Read more
1 Comment

How Cybercriminals Exploit Simple Human Mistakes

A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets. “People make mistakes” is a common and relatable phrase, but it’s also a malicious one in the hands of cybercriminals, more of whom are exploiting simple human errors to launch successful attacks. The Information Security Forum (ISF) explored the topic in “Human-Centered
Read more
1 Comment