Researchers have found a fourth strain of malware – Raindrop – that was used in the SolarWinds supply chain attack, a loader similar to the Teardrop tool. But while Teardrop was delivered by the original Sunburst backdoor in early July 2020, Raindrop was used just under two weeks later for spreading laterally across the victim’s…
Threat actors have used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a so-called “pass-the-cookie” attack that bypassed multifactor authentication to exploit cloud security weaknesses.
Google’s Project Zero this week introduced a six-part series that offers an analysis of four zero-day vulnerabilities on Windows and Chrome, and known-day Android exploits it found during the team’s extensive research last year.
IoT networking device vendor Ubiquiti experienced a breach of a web portal it uses to manage remote devices and as a support portal. The web servers stored information pertaining to user profiles for the account.ui.com portal that Ubiquiti makes available to customers who bought one of its router or webcam products, a ZDNet report said.…
While researchers may want to invest time and energy towards attributing the latest high-profile attack to a particular adversary, more productive is the ability to see similarities in the underlying techniques employed in the attack were to prior attacks.
News that source code of Nissan North America tools leaked online because of a misconfigured Git server spurs questions not only about potential cyberattacks by bad actors, but also whether competitors could use the sensitive data against the automobile giant.
In a new report on governance, risk and compliance, Forrester advises top security officials that they have to prepare for more regulations around privacy and personal control over data, especially when it comes to handling medical data during the pandemic.