Cybersecurity News & Analysis | SC Media | Info Security News

Security News

Coalition of nonprofits push to secure remote workforce

While work from home (WFH) ostensibly protects workers safe from COVID-19, it has exposed them and their companies to a bevy of cybersecurity risks – now a coalition of 13 nonprofit organizations are offering if not a cure, then a treatment, through a Work From Home. Secure Your Business campaign. The campaign focuses on common…

GOP Logo

GOP canvassing app credentials exposed in code repository

Access credentials for Campaign Sidekick app, used by Republican campaigns for voter contacts, surveys and canvassing, were exposed in a code repository within a publicly accessible .git directory, a version control system that records code base changes during software development so that developers can work from the same code.   “The same operations that make…

Sale of Dharma ransomware source code draws hackers’ scrutiny, but the price is right

An unidentified party has reportedly placed the source code for Dharma ransomware up for sale on at least two Russian hacker forums, adding a formidable new competitor to an already crowded underground market. And while cybercriminals have met the offer with some healthy skepticism, the bargain-basement selling price of $2,000 may be alluring enough for…

zero day

Zero-day vulnerabilities used against DrayTek routers and switches

Two zero-day vulnerabilities were being used by two different groups to infiltrate DrayTek Vigor enterprise routers and switch devices, enabling the attackers to access traffic and install backdoors. The invasive action was noticed first on Dec. 4, 2019 by Netlab 360 researchers affecting the Vigor2960 v1.5.1, Vigor300B v1.5.1 and Vigor3900 v1.5.1 routers along with the…

Adobe patches critical flaw in Creative Cloud

Adobe issued a security advisory and patch for Creative Cloud Desktop Application version 5.0 and earlier for Windows. The advisory was issued late last week and centers on a single critical vulnerability, CVE-2020-3808, which is a time-of-check to time-of-use race condition that if exploited can lead to arbitrary file deletion. The issue can be mitigated…

Locky Ransomware

Ransomware attacks vs Kimchuk, Visser reveal supply chain threat to DOD

The operators behind DoppelPaymer ransomware reportedly attacked electronics manufacturer Kimchuk earlier this month, disrupting the company’s operations and stealing sensitive data that they have been publishing online as part of an extortion plot. Meanwhile, the cybercriminal outfit has continued to also publish information stolen earlier this year from Visser Precision, a parts maker and manufacturing solutions…

SC Media’s complete coverage: Threat and Preparation

The novel coronavirus is challenging organizations on all fronts. Leaders must contend not only with cyberattackers leveraging COVID-19, but also employee, customer and partner concerns, and business continuity and risk management planning. Visit this page for ongoing updates to coverage from SC Media and other CyberRisk Alliance affiliates — including news analysis, business guidance and insights…

Maze ransomware group claims Chubb as victim

In the middle of a pandemic, insurance companies are likely targets for cyberattackers so it’s not surprising that Chubb this week reportedly found itself a victim of the Maze ransomware’s operators, who encrypted the company’s files. The group put a notice on its news site claiming that it had encrypted the insurance company’s network. If…

Next post in Ransomware