As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform.
 "This highly sophisticated and novel code was designed to inject the Sunburst malicious code into the SolarWinds Orion Platform without arousing the suspicion of our software development and build teams," SolarWinds' new CEO  explained.<a style="color:red" href="https://thehackernews.com/2021/01/unveiled-sunspot-malware-was-used-to.html">Continue Reading</a>

Called "Sunspot," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop.

XPfPy.gif

The Malware Used to Inject SolarWinds Backdoor has Been Unveiled

According to a new report published by Check Point Research today and shared with The Hacker News, this increase has made the sector the most targeted industry by cybercriminals when compared to an overall 22% increase in cyberattacks across all industry sectors worldwide seen during the same time period. The average number of weekly attacks in the healthcare sector reached 626 per organization in November as opposed to 430 the previous month, with attack vectors ranging from ransomware, botnets, remote code execution, and distributed denial-of-service (DDoS) attacks.<a style="color:red" href="https://thehackernews.com/2021/01/healthcare-industry-witnessed-45-spike.html">Continue Reading</a>

Cyberattacks targeting healthcare organizations have spiked by 45% since November 2020 as COVID-19 cases continue to increase globally.

medium_cybersecurity-health-care-struggling.jpg

small_cybersecurity-health-care-struggling.jpg

thumbnail_cybersecurity-health-care-struggling.jpg

cybersecurity-health-care-struggling.jpg

This sector witnessed a 45% Spike in Cyber Attacks Since Nov 2020 

Many of Google's products, including Google Docs, come with a "Send feedback" or "Help Docs improve" option that allows users to send feedback along with an option to include a screenshot — something that's automatically loaded to highlight specific issues. But instead of having to duplicate the same functionality across its services, the feedback feature is deployed in Google's main website ("www.google.com") and integrated to other domains via an iframe element that loads the pop-up's content from "feedback.googleusercontent.com."
<a style="color:red" href="https://thehackernews.com/2020/12/a-google-docs-bug-could-have-allowed.html">Continue Reading</a>


Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website.

large_google-docs-body-text.jpg

medium_google-docs-body-text.jpg

small_google-docs-body-text.jpg

thumbnail_google-docs-body-text.jpg

google-docs-body-text.jpg

Your Private Documents could have been compromised by the Hackers Bug 

Microsoft has become the latest victim of the ever-widening SolarWinds-driven cyberattack that has impacted rafts of federal agencies and tech targets. Its president, Brad Smith, warned late Thursday to expect many more victims to come to light as investigations continue. <a style="color:red" href="https://threatpost.com/microsoft-solarwinds-spy-attack-federal-agencies/162414/">Continue Reading</a>



Also referred to the Breach of the month. The ongoing, growing campaign is “effectively an attack on the United States and its government and other critical institutions,” Microsoft warned.

medium_solarwinds breach.jpg

small_solarwinds breach.jpg

thumbnail_solarwinds breach.jpg

solarwinds breach.jpg

Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies

Healthcare cybersecurity threats have been under the spotlight this past year, in particular with the rise of COVID-19 and the budgetary and resource strains that has put on hospitals. Beau Woods, a Cyber Safety Innovation Fellow with the Atlantic Council, founder and CEO of Stratigos Security and a leader with the I Am The Cavalry grassroots initiative, said that hospitals are facing widespread security threats from ransomware to data IP theft. <a style="color:red" href="https://threatpost.com/ransomware-ip-theft-top-covid-19-healthcare-security-scares/162247/">Continue Reading</a>

From ransomware attacks that crippled hospitals, to espionage attacks targeting COVID-19 vaccine supply chain, Beau Woods discusses the top healthcare security risks.

medium_covid healthcare security threat.jpg

small_covid healthcare security threat.jpg

thumbnail_covid healthcare security threat.jpg

covid healthcare security threat.jpg

Ransomware and IP Theft: Top COVID-19 Healthcare Security Scares

Exploiting these vulnerabilities could allow an attacker to take control of a device, thus using it as an entry point on a network (for internet-connected devices), as a pivot point for lateral movement, as a persistence point on the target network or as the final target of an attack,” Forescout researchers said in a Tuesday report. <a style="color:red" href="https://threatpost.com/amnesia33-tcp-ip-flaws-iot-devices/161928/">Continue Reading..</a>

A new set of vulnerabilities has been discovered affecting millions of routers and IoT and OT devices from more than 150 vendors, new research warns.

small_iot-security.jpg

thumbnail_iot-security.jpg

iot-security.jpg

‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices


According to the Information Security Forum (ISF), the information security industry is playing catch-up when it comes to positively influencing behavior – the proliferation of remote-working arrangements, exacerbated by the stress associated with the pandemic, has underlined the importance of strengthening the human elements of security. <a style="color:red" href="https://threatpost.com/changing-employee-security-behavior-awareness/161607/">Read More</a>

Designing a behavioral change program requires an audit of existing security practices and where the sticking points are.

large_Human-Centred-Security-2_PWS_Carousel_1600x1050.png

medium_Human-Centred-Security-2_PWS_Carousel_1600x1050.png

small_Human-Centred-Security-2_PWS_Carousel_1600x1050.png

thumbnail_Human-Centred-Security-2_PWS_Carousel_1600x1050.png

Human-Centred-Security-2_PWS_Carousel_1600x1050.png

Changing Employee Security Behavior Takes More Than Simple Awareness

The raging pandemic has forced many retailers to re-imagine their businesses, shifting from in-person to contactless interactions through online sales. This new socially distanced reality is colliding with the crush of an upcoming holiday shopping season, creating an unprecedented opportunity for cybercriminals to capitalize. But experts are warning retailers not to focus only on one threat or on protecting one particular system. Increasingly, attacks are attempting to infiltrate systems from multiple entry points simultaneously, supercharged by bots and automation, and lured by flocks of unsuspecting newbie online shoppers. <a style="color:red" href="https://threatpost.com/experts-weigh-in-ecommerce-security/160630/">Read More</a>

How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.


large_e-commerce-security.jpg

medium_e-commerce-security.jpg

small_e-commerce-security.jpg

thumbnail_e-commerce-security.jpg

e-commerce-security.jpg

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

IT teams have had to learn to be dynamic as workforces continue to shift strategies while COVID-19 drags on. As security professionals, it’s our job to help users — including employees, customers, vendors, suppliers and partners — seamlessly access the resources they need to do their jobs, whether that’s on office desktops or on their mobile devices. COVID-19 hasn’t changed any of that, it’s just made it a lot harder.

<a style="color:red" href="https://threatpost.com/cybersecurity-playbook-during-pandemic/158538/">Read More</a>

If it feels like you’re constantly revising the draft of your cybersecurity playbook these days, it’s because you probably are.

medium_work-from-home-e1584131629686.jpg

small_work-from-home-e1584131629686.jpg

thumbnail_work-from-home-e1584131629686.jpg

work-from-home-e1584131629686.jpg

How to Write a Cybersecurity Playbook During a Pandemic

Cisco Systems disclosed eight high-severity bugs impacting a range of its networking gear, including its switches and fiber storage solutions. Cisco’s NX-OS was hardest hit, with six security alerts tied to the network operating system that underpins the networking giant’s Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.

<a style="color:red" href="https://threatpost.com/cisco-high-severity-bugs-impact-switches-fibre-storage/158691/">Read More</a>

Nine bugs were patched, eight of which are rated ‘high’ severity.

medium_Cisco_Systems_Sign.jpg

small_Cisco_Systems_Sign.jpg

thumbnail_Cisco_Systems_Sign.jpg

Cisco_Systems_Sign.jpg

Cisco Patches ‘High-Severity’ Bugs Impacting Switches, Fibre Storage

Bugs in the multi-factor authentication system used by Microsoft’s cloud-based office productivity platform, Microsoft 365, opened the door for hackers to access cloud applications via a bypass of the security system, according to researchers at Proofpoint.

Vulnerabilities ‘that have existed for years’ in WS-Trust could be exploited to attack other services such as Azure and Visual Studio.

Saudi Arabia

United Arab Emirates

Email

Interesting articles updated daily