Based on the malware features, the researchers said the attackers use the compromised systems for further attacks, spreading laterally across the victim company’s network, or launching attacks on outside targets while masquerading as the compromised company.
Washington, D.C. is on high alert, extending a special designation for security that always applies to inaugurations to Jan. 21, and calling in the National Guard. But in the wake of the attack on the Capitol, protection of digital assets is paramount.
Today’s columnist, James Stanger of CompTIA, says the SolarWinds hack was an outgrowth of “status quo” IT management. Stanger urges companies to update code, deploy monitoring and embrace better governance by bringing CISOs and other security leaders into the organization.
Tactics expose the need for organizations to develop cohesive playbooks for breaches affecting hybrid environments.
While Teardrop was delivered by the original Sunburst backdoor in early July 2020, Raindrop was used just under two weeks later for spreading laterally across the victim’s network, Symantec said in a report.
IoT networking device vendor Ubiquiti experienced a breach of a web portal it uses to manage remote devices and as a support portal. The web servers stored information pertaining to user profiles for the account.ui.com portal that Ubiquiti makes available to customers who bought one of its router or webcam products, a ZDNet report said.…
Organizations that can show they did their due diligence in protecting medical information will be better off, should a breach occur.
SC Media spoke to author and former CISO Neil Daswani about his upcoming new book “Big Breaches: Cybersecurity Lessons for Everyone.”
News that source code of Nissan North America tools leaked online because of a misconfigured Git server spurs questions not only about potential cyberattacks by bad actors, but also whether competitors could use the sensitive data against the automobile giant.
When we think of privileged accounts, we think of Unix root accounts or Windows domain admins. We think of database administrator accounts, service accounts, shared accounts, and so on. But we should treat every account as a privileged account.
