Gartner: Paying after ransomware attacks carries big risks The average cost of a ransomware payment in Q1 2020 was $178,254, according to a session at Gartner's Security & Risk Management Summit -- and that doesn't include downtime cost.

Maze ransomware gang uses VMs to evade detection A Sophos investigation into a Maze ransomware attack revealed that threat actors borrowed an attack technique pioneered by Ragnar Locker operators earlier this year.

Gartner: Securing remote workforce a top priority In a COVID-19 pandemic world with new security threats and risks emerging, Gartner analysts discussed the urgency of securing access and devices for remote employees.

Gartner: Privileged access management a must in 2020 Gartner's 2020 Security & Risk Management Summit focused on the importance of privileged access management to cybersecurity as threat actors increasingly target admin credentials.

Disinformation, mail-in ballots top election security concerns While there have been no major cyberattacks this election season, threat actors are waging disinformation campaigns around hot-button issues like mail-in ballots.

Intel patches critical flaw in Active Management Technology Intel's Patch Tuesday featured four security advisories, including a critical flaw in Active Management Technology that could allow an attacker privilege escalation.

CISA issues vulnerability disclosure order for federal agencies The U.S. Cybersecurity and Infrastructure Security Agency gives a directive for federal agencies to establish vulnerability disclosure policies in the next 180 calendar days.

CISA and FBI say there have been no hacks on voter databases After a false Russian news report circulated on the internet, CISA and the FBI released a joint statement that denied any hacks to election security.

Big ransomware attacks overshadowing other alarming trends Large ransomware attacks on major enterprises have dominated the news, but security experts say there are other alarming trends.

Cisco issues alert for zero-day vulnerability under attack Cisco discovered attempted exploitation of a high-severity vulnerability found in the IOS XR software used in some of its networking equipment.

The Uber data breach cover-up: A timeline of events The criminal charges against former Uber CSO Joe Sullivan were the latest development in the ongoing scandal over the ride-sharing company's concealment of a 2016 data breach.

North Korea's 'BeagleBoyz' target banks with ATM cash-out attacks The U.S. Government issued a joint alert for an ATM cash-out scheme run by a newly identified North Korean nation-state hacking group known as 'BeagleBoyz.'

Maze ransomware 'cartel' expands with new members Two more ransomware groups have apparently joined the Maze 'cartel' in an effort to expose victims' data on leak sites and shame them into paying expensive ransoms.

'Meow' attacks top 25,000 exposed databases, services One month after the notorious 'meow' attacks were first detected, the threat to misconfigured databases exposed on the internet shows little sign of slowing down.

FBI and CISA issue vishing campaign warning The FBI and CISA have issued a joint advisory related to a vishing campaign that began in mid-July, with numerous attacks that gained access to corporate VPN credentials.

Claroty: 70% of ICS vulnerabilities are remotely exploitable Out of 365 ICS vulnerabilities that were disclosed by the National Vulnerability Database in the first half of 2020, Claroty found more than 70% can be remotely exploited.

Former Uber CSO charged over 'hush money' payment to hackers Joe Sullivan, who was fired by Uber in 2017, was charged by federal prosecutors for allegedly covering up a massive 2016 data breach at the ride-sharing company.

Apache Struts vulnerabilities allow remote code execution, DoS The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities that were originally patched but not fully disclosed last fall.

Email enigma: Why is Canada hit with so many phishing attacks? Canada has become an increasingly popular target for phishing attacks, according to several security vendors, but the reasons for the increase remain a mystery.

Guide to the latest Black Hat 2020 Conference news This guide to Black Hat 2020 gathers breaking news, new ideas and technical expert insights from one of the leading cybersecurity conferences in the world.

Risk & Repeat: Black Hat 2020 highlights This week's Risk & Repeat podcast recaps Black Hat USA 2020 and discusses some of the best sessions, worst vulnerabilities and the overall virtual conference experience.

Kaspersky reveals 2 Windows zero-days from failed attack Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer.

Healthcare CISO offers alternatives to 'snake oil' companies Indiana University Health CISO Mitchell Parker discussed internal risk assessments, security snake oil salesmen and more at his Black Hat USA 2020 talk.

Games, not shame: Why security awareness training needs a makeover Elevate Security co-founder Masha Sedova spoke at Black Hat USA 2020 about why traditional security awareness training is ineffective and fails to change risky behavior.

10 years after Stuxnet, new zero-days discovered A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020.

Not just politics: Disinformation campaigns hit enterprises, too In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises.

Voting vendor ES&S unveils vulnerability disclosure program Election Systems & Software, the biggest vendor of U.S. voting equipment, will allow the security researcher community to test its elections equipment for vulnerabilities.

CISA chief: Ransomware could threaten election security During a Black Hat USA 2020 session, CISA Chief Christopher Krebs said ransomware attacks on city, state and local governments are a major concern for election security.

Ripple20 vulnerabilities still plaguing IoT devices Months after Ripple20 vulnerabilities were reported, things haven't gotten much better, say experts at Black Hat USA 2020. In fact, the world may never be fully rid of the flaws.

Matt Blaze warns of election security challenges amid COVID-19 In his Black Hat USA 2020 keynote, security researcher Matt Blaze discussed the challenges facing U.S. elections this year and what must be done to solve them.

Twitter breach raises concerns over phone phishing The alleged mastermind behind the Twitter breach has been arrested, and the method of social engineering attack has also been revealed: phone phishing, or vishing.

Risk & Repeat: Sophos warns of evolving ransomware threats Dan Schiappa and Chester Wisniewski of Sophos join the Risk & Repeat podcast to discuss how ransomware groups are evolving and embracing innovative evasion techniques.

'Meow' attacks continue, thousands of databases deleted More than one week later, the mysterious attacks on insecure databases on ElasticSearch, MongoDB and others have not only persisted but grown, with no explanation.

'BootHole' bug puts most Linux, Windows systems in jeopardy Hardware security vendor Eclypsium discovered a bootloader vulnerability that bypasses Secure Boot protection and affects a majority of modern Linux and Windows systems.

IBM: Compromised credentials led to higher data breach costs The average total cost of a data breach is $3.86 million, according to new research from IBM and the Ponemon Institute, and compromised credentials are the biggest reason why.

Emotet botnet hacked, malware replaced with humorous GIFs Malware distribution network Emotet has been hacked by a potential threat actor of unknown origin, with malware payloads now being replaced with GIFs of James Franco and others.

Digital ad networks tied to malvertising threats -- again Adsterra and Propeller Ads were implicated in past malvertising threats such the Master134 campaign. Now the two ad networks are linked to new malicious activity.

'Meow' attacks wipe more than 1,000 exposed databases A new threat has hit more than 1,000 unsecured databases on ElasticSearch, MongoDB and other platforms, destroying data and replacing files with a single word: meow.

Microsoft unveils new DLP, 'Double Key Encryption' offerings Microsoft revealed new security products and features this week, including an Endpoint Data Loss Prevention product as well as "Double Key Encryption" for Microsoft 365.

Evasive phishing campaign hid inside Google cloud services A new report by Check Point Software Technologies revealed attackers were abusing Google Cloud Functions to hide their phishing links within public cloud services.

Twitter breach caused by social engineering attack Twitter was breached last Wednesday though a social engineering attack. Forty-five accounts were hijacked and up to eight accounts may have had their private messages stolen.

'SigRed' alert: Experts urge action on Windows DNS vulnerability Experts are urging organizations to take immediate action on SigRed, a 17-year-old Windows DNS server vulnerability discovered by Check Point Research and patched by Microsoft.

Identity theft subscription services uncovered on dark web Identity theft subscriptions are now being offered on the dark web. This information is being used for carding operations, account generation and other cybercrime schemes.

Risk & Repeat: Twitter breach leads to account hijacking This week's Risk & Repeat podcast discusses how threat actors gained access to Twitter's internal systems and hijacked the accounts of Jeff Bezos, Bill Gates and others.

Advent, Forescout bury the hatchet with new acquisition deal Despite an ugly legal dispute and allegations of channel stuffing, Advent International and Forescout Technologies are moving forward with an amended acquisition agreement.

Attackers find new way to exploit Docker APIs Aqua Security released research detailing a new tactic where the attacker exploits a misconfigured Docker API port in order to build and run a malicious container image on the host.

Citrix data exposed in third-party breach Citrix CISO Fermin Serna said a third-party organization is investigating a data breach after some of the vendor's customer data ended up on a dark web marketplace.

RSA finds two-thirds of phishing attacks directed at Canada RSA Security researchers found that nearly 70% of phishing attacks were directed at users in Canada, while the majority of attacks come from U.S.-based ISPs and hosting providers.

Cybercriminals auction off admin credentials for $3,000 Threat actors are auctioning off domain administrator accounts, selling access to the highest bidder for an average of $3,139 and up to $140,000, according to Digital Shadows.

Data theft in ransomware attacks may change disclosure game Many ransomware attacks aren't publicly disclosed. But as ransomware gangs continue to steal, encrypt and threaten to publicly release data, that may be changing.

Microsoft seizes malicious domains used in COVID-19 phishing Microsoft went to court to seize several malicious domains that were used by cybercriminals in extensive phishing and BEC attacks on Office 365 accounts amid the current pandemic.

Critical F5 Networks vulnerability under attack A critical remote code execution vulnerability that was disclosed and patched just days ago is already being exploited by threat actors.

Microsoft fixes Windows Codecs flaws with emergency patches Microsoft addressed two vulnerabilities, one rated critical and the other rated important, after being alerted by a researcher with Trend Micro's Zero Day Initiative.

Snake ransomware poses unique danger to industrial systems The new ransomware family known as Snake, or Ekans, is designed for organizations with industrial control systems and has already struck at least two enterprises.

Record-setting DDoS attacks indicate troubling trend Akamai Technologies recently mitigated two of the largest DDoS attacks ever recorded on its platform, including a massive 809 million packets per second attack against a bank.

Maze ransomware hit biggest target yet with LG breach The operators of Maze ransomware claim to have breached LG, offering three screenshots as proof. One of those screenshots features LG product source code.

Open source vulnerabilities down 20% in 2019 Snyk recently released its fourth annual 'State of Open Source Security' report, which analyzed open source statistics, vulnerability trends and security culture.

MSPs scramble to bolster security amid ransomware spike After a flurry of devastating ransomware attacks in 2019, MSPs and vendor partners are improving security to prevent history from repeating during the pandemic.

Microsoft acquires CyberX to strengthen IoT security offering Microsoft is acquiring CyberX to boost its IoT security offerings, though it's unknown whether CyberX will remain a separate entity or be integrated into Microsoft.

Risk & Repeat: Vault 7 report slams CIA security practices This week's Risk & Repeat podcast discusses the CIA's internal task force report on the Vault 7 leak, which blasted the agency for a variety of serious security lapses.

New Cisco Webex vulnerability exposes authentication tokens Trustwave SpiderLabs researchers disclosed a vulnerability in Cisco Webex software that leaks information stored in memory, including authentication tokens.

ZDI drops 10 zero-day vulnerabilities in Netgear router Trend Micro's Zero Day Initiative published 10 vulnerabilities in Netgear's R6700 router that have gone unpatched for seven months.

CIA unaware of Vault 7 theft until WikiLeaks dump An internal CIA report from the Wikileaks Task Force blasted the agency over the leak of the Vault 7 cyberweapons, which exposed dangerous hacking tools and vulnerabilities.

Repeat ransomware attacks: Why organizations fall victim Some organizations get hit with ransomware multiple times. Threat researchers explain why repeat attacks happen and how victims can prevent it from occurring again.

Italian company implicated in GuLoader malware attacks While analyzing the network dropper GuLoader, researchers found an almost identical commercial software tool called CloudEye offered by a legitimate-looking Italian company.

New 'Thanos' ransomware weaponizes RIPlace evasion technique Recorded Future's Insikt Group uncovered a new ransomware-as-a-service tool named 'Thanos' that's the first ransomware to use the hard-to-detect RIPlace technique.

Maze ransomware builds 'cartel' with other threat groups Operators behind the Maze ransomware posted data leaks from competing ransomware gangs to their victim shaming website, suggesting they have joined forces.

'CallStranger' vulnerability affects billions of UPNP devices A new vulnerability in the Universal Plug and Play protocol could be used to exfiltrate enterprise data and launch DDoS attacks, and patches may not arrive for a long time.

CISA warns Microsoft SMB v3 vulnerability is under attack CISA issued an alert Friday about attacks on a Microsoft Server Message Block v3 vulnerability and a proof-of-concept code that exploits the flaw in unpatched systems.

Chinese, Iranian hackers targeted Trump and Biden campaigns Shane Huntley, director of Google's Threat Analysis Group, announced that two state-backed APT groups targeted campaign staff for both Joe Biden and President Donald Trump.

Risk & Repeat: Are ransomware groups joining forces? This week's Risk & Repeat podcast discusses the prospect of ransomware gangs working together and what it could mean for enterprises and the overall threat landscape.

Remote work cybersecurity a concern during pandemic Recent surveys by NordVPN and Kaspersky found that more than 60% of employees use personal devices as they work from home due to the coronavirus -- which creates cybersecurity issues.

Attacks on Exim vulnerability continue one year later Though the Exim mail transfer agent vulnerability was publicly disclosed in June 2019, a significant number of unpatched versions remain online and are at risk of attacks.

VMware vulnerability enables takeover of cloud infrastructure A new vulnerability in VMware Cloud Director allowed any user to obtain control of any virtual machine on a public or private cloud, according to ethical hacking firm Citadelo.

Cisco servers breached through SaltStack vulnerabilities Threat actors exploited critical SaltStack flaws, which were disclosed and patched last month, in a Cisco product to breach several of the networking company's salt-master servers.

Supply chain attack hits 26 open source projects on GitHub Threat actors conducted an unprecedented supply chain attack by using malware known as Octopus Scanner to create backdoors in open source projects, which were uploaded to GitHub.

StrandHogg 2.0 allows attackers to imitate most Android apps A new elevation-of-privilege vulnerability on Android, dubbed StrandHogg 2.0, allows threat actors to gain access to most apps, according to Norwegian mobile security firm Promon.

Mandiant dishes on notorious Maze ransomware group Mandiant threat researchers navigate the tools, tactics and procedures of the Maze ransomware group, which has become notorious for "shaming" victims with stolen data.

Ragnar Locker ransomware attack hides inside virtual machine Threat actors have developed a new type of attack method by hiding Ragnar Locker ransomware inside a virtual machine to avoid detection.

Risk & Repeat: When will mobile voting be ready? This week's Risk & Repeat podcast examines the rise of mobile voting apps and how security experts have expressed concerns about the risks deploying the technology for elections.

Forescout sues Advent for calling off acquisition Forescout Technologies filed a lawsuit against Advent International, claiming the private equity firm violated the terms of its $1.9 billion acquisition agreement.

Verizon DBIR: Breaches doubled, but plenty of silver linings The 2020 Verizon Data Breach Investigations Report showed the number of confirmed breaches last year nearly doubled, but it also highlighted some positive trends.

Texas struck by two ransomware attacks in one week The Texas Department of Transportation was hit with a ransomware attack last Thursday, marking the second ransomware incident on a state agency in less than a week.

Advent calls off Forescout acquisition On what was scheduled to be the closing day, Forescout Technologies instead announced Advent International will not proceed with the $1.9 billion acquisition as planned.

Risk & Repeat: Black Hat, DEF CON canceled This week's Risk & Repeat podcast looks at the recent cancellations of Black Hat USA 2020 and DEF CON 28 and what their virtual replacements will try to accomplish.

CISA identifies malware from North Korean hacking group The Cybersecurity and Infrastructure Security Agency, in conjunction with the FBI and DoD, has identified three variants of malware used by the North Korean government.

Experts say mobile voting tech isn't the answer to COVID-19 Despite the mounting need for another alternative to in-person voting amid the COVID-19 pandemic, experts say mobile and online voting is just not ready for the general public.

Q1 data breaches down, but exposed records reach new high Threat intelligence firm Risk Based Security released its 2020 Q1 Report, which shows a 273 percent increase in exposed records and 42 percent decrease in publicly reported breaches.

Volunteers join forces to tackle COVID-19 security threats The COVID-19 Cyber Threat Coalition has amassed approximately 4,000 volunteers from the infosec community to monitor, analyze and block pandemic-themed threats across the globe.

Advanced Computer Software leak exposes nearly 200 law firms Researchers at cybersecurity vendor TurgenSec discovered an exposed database owned by Advanced Computer Software that contained legal documents with data from 190 law firms.

GitHub security features tackle data exposures, vulnerabilities In in effort to curb accidental data exposures in repositories, GitHub unveiled a new 'secret' scanning tool that examines public and private code repositories for sensitive data.

Healthcare organizations sitting on 'unexploded' ransomware While threat reports show ransomware attacks against healthcare organizations are down, experts say threat actors may be lurking in networks and waiting to strike at a later date.

Research finds ransomware payments, demands increasing Research from incident response vendor Coveware and national law firm BakerHostetler show massive increases in both ransomware demands and payments from victims.

Critical SaltStack vulnerabilities exploited in several data breaches SaltStack patched two critical vulnerabilities in its software last week, but hackers used the flaws over the weekend to breach several unpatched networks and systems.

Risk & Repeat: RDP security under fire amid COVID-19 This week's Risk & Repeat podcast looks at how Microsoft's Remote Desktop Protocol, already a popular vector with hackers, has received even more attention during the pandemic.

Shade ransomware decryptor released with 750,000 keys Kaspersky Lab released a decryptor tool after operators behind the ransomware variant announced a shutdown of operations and issued an apology for any harm caused.

Bugcrowd launches 'classic' penetration testing service The crowdsourcing security company launched the Bugcrowd Classic Pen Test service to offer enterprises a more cost-effective and efficient way to test their cybersecurity posture.

Zero-day flaw in Sophos XG Firewall exploited in attacks Sophos released an emergency patch over the weekend for its XG firewalls after threat actors exploited a zero-day SQL vulnerability in the products to steal customer data.

Emsisoft: U.S. ransomware attacks declined during pandemic In the first quarter of 2020, the number of successful ransomware attacks on government and healthcare organizations in the U.S. decreased to a level unseen in years, Emsisoft said.