The Russian-linked group that targeted SolarWinds using a supply chain attack compromised at least one email account at 27 U.S. attorneys' offices in 15 states and Washington, D.C., throughout 2020, according to an update posted by the Justice Department.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the challenges ahead for the new director of the U.S. Cybersecurity and Infrastructure Security Agency and vendor security risk management in the healthcare sector.
This edition of the ISMG Security Report features an analysis of comments from the former head of Britain's GCHQ intelligence agency, Robert Hannigan, on the changing nature of ransomware attacks. Also featured: Disrupting the ransomware-as-a-service business model; supply chain security management tips.
Attackers have been exploiting a zero-day flaw in SolarWinds' Serv-U Managed File Transfer Server and Serv-U Secured FTP software, the security software vendor warns. The company has released patched versions that mitigate the flaw, discovered by Microsoft, and is urging users to update.
This edition of the ISMG Security Report features three segments on battling ransomware. It includes insights on the Biden administration's efforts to curtail ransomware attacks, comments on risk mitigation from the acting director of CISA, plus suggestions for disrupting the ransomware business model.
The Biden administration has a message for Russia: Rein in the criminal hackers operating from inside your borders who hit Western targets, or we'll do it for you. But experts say disrupting ransomware will take more than diplomacy or even using offensive cyber operations to target criminal infrastructure.
It was stealthy, and it was widespread. But perhaps the Kaseya VSA ransomware attack wasn't quite as effective and damaging as initially feared, says Michael Daniel, president and CEO of the Cyber Threat Alliance. He explains where defenses succeeded.
The Kaseya VSA ransomware attack was discussed exhaustively over the Fourth of July holiday weekend. But there's one big question that hasn’t been answered, says Tom Kellermann, head of cybersecurity strategy at VMware Carbon Black: "Who gave REvil the zero-day?"
Software vendor Kaseya suspects that 800 to 1,500 organizations - mostly small businesses - were compromised via a ransomware attack that exploited its VSA remote management software. The company won't say if it's negotiating with the attackers for a universal decryption tool that would unlock all victims' files.
A bipartisan bill introduced by Sens. Gary Peters and Ron Johnson would create a standardized cybersecurity training program for federal employees who purchase technology services. This bill follows a wave of attacks over the last two months that have targeted U.S. critical infrastructure.
The REvil ransomware operation behind the massive attack centering on Kaseya, which develops software used by managed service providers, has offered to decrypt all victims - MSPs as well as their customers - for $70 million in bitcoins. Experts note this isn't the first time REvil has hit MSPs, or even Kaseya.
U.S. President Joe Biden has ordered federal intelligence agencies to investigate the incident involving IT management software vendor Kaseya. Attackers reportedly compromised Kaseya's remote monitoring system, VSA, potentially affecting scores of managed service providers and their clients.
Since Friday afternoon, Mark Loman of Sophos has been immersed in studying the scope and impact of the ransomware attack spread through Kaseya VSA's remote management platform. And he's learned enough about it to say without reservation: This the largest ransomware attack he's seen.
The Centers for Medicare and Medicaid Services is considering new cybersecurity requirements for hospitals participating in Medicare after a watchdog agency recommended CMS should require the facilities to address the cybersecurity of their networked medical devices.
An unidentified hacking group is deploying a rootkit dubbed Netfilter, which is signed in as a legitimate Microsoft driver but used to affect gaming outcomes, researchers at German security firm G Data CyberDefense say.