Users of Australian software company Passwordstate emailed customers last week warning them to ‘reset all passwords’ after attackers compromised the system to steal passwords from users connecting to networked devices such as VPNs, internal databases and more.
CISA is aware of ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities compromising U.S. government agencies, critical infrastructure entities, and private sector organizations.
Russian hackers exploited gaps in U.S. defenses and spent months in government and corporate networks in one of the most effective cyber espionage campaigns of all time. This is how they did it.
Tehran is blaming Israel for a recent cyberattack on the Natanz nuclear facility that, according to an Israeli media outlet, was targeted by the Mossad. The shutdown happened hours after Natanz reactor’s new centrifuges were started.
Businesses are too busy patching to worry about firmware attacks, according to a Microsoft-commissioned study. Microsoft’s inaugural Security Signals report for March 2021 shows that 80% of enterprises have experienced one firmware attack during the past two years, but less than a third of security budgets are dedicated to protecting firmware.
According to Microsoft, more than 80% of enterprises have experienced at least one firmware attack in the past two years, but only 29% of security budgets are allocated to protect firmware
Krebs reports on how hackers infiltrated devices at IoT vendor Ubiquiti, gaining backdoor access to Ubiquiti’s AWS cloud service servers. Access could have allowed intruders to authenticate on countless Ubiquiti devices globally but the company responded quickly to avoid disaster. But not without lessons…
The Cybersecurity and Infrastructure Security Agency won’t be fully up and running until it implements its third and final phase of organizational changes, according to a new report. While CISA undertook multiple new initiatives in 2018, 57 planned tasks were incomplete as of mid-February 2021, the Government Accountability Office reported. Until CISA’s organizational changes are finished, it will remain “difficult” for the agency to confront national cyber incidents like the SolarWinds hack that compromised at least nine federal agencies, reads GAO’s report.
A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.