Kaspersky documented a new Chinese-speaking threat actor—GhostEmperor—targeting Microsoft Exchange flaws in high-profile attacks in Southeast Asia. The group uses a formerly unknown Windows kernel-mode rootkit to gain remote control over targeted servers. Recently, several Chinese APT groups have been reported targeting government agencies and private organizations across the globe.
The National Institute of Standards and Technology is working to develop risk management guidance around the use of artificial intelligence and machine learning, the agency has announced.
Experts uncovered an attack campaign by BazaLoader operators. These attacks are tricking users into calling a particular phone number, an actual human at a fake call center, to persuade them into downloading malware. The inclusion of the human element has made this threat even more serious.
While the average ransom demand steadily increased, the average payout made for ransomware claims decreased slightly from the first half of 2020 to the first half of 2021, according to Coalition.
Crime-as-a-Service is the practice of experienced cybercriminals selling access to the tools and knowledge needed to execute cybercrime – in particular, it’s often used to create phishing attacks.
Among the findings, ENISA revealed that around 50% of the supply chain attacks studied were attributed to known APT groups, while 42% were not attributed to a particular source.
With open source software (OSS) becoming a central pillar of the application development lifecycle, ensuring the security of open source code is essential to securing modern software.
If they are complacent, businesses will face risks of supply chain attacks even after doing due diligence in assessing their third-party suppliers’ security posture before establishing a partnership.
Founded in 2017, the Columbus, Ohio-based company provides cybersecurity controls at the firmware layer, in an attempt to secure the device supply chain and mitigate risks to OT and IT environments.
Released by the panel on Tuesday, the report expresses concerns about the state of federal agencies’ cyber posture during an overall 8% rise in security incidents across agencies.