FireEye released a free tool on GitHub named Azure AD Investigator that can help companies determine if the SolarWinds hackers (aka UNC2452) used any of their attack techniques inside their networks.
The theft occurred after hackers infiltrated the Wentworth IT system and sent out a post to members, seemingly demanding a payment in bitcoins, a cyber currency, to “recover files”.
The company wrote to customers mid-last week to inform them of a “breach of security resulting in the unauthorised access to data from our user database,” according to the email seen by The Register.
Microsoft is stepping up security for users of Microsoft Defender for Endpoint by changing a key setting, switching the default from optional automatic malware fixes to fully automatic remediation.
Symantec identified another malware strain that was used during the SolarWinds supply chain attack, bringing the total number to four, after the likes of Sunspot, Sunburst (Solorigate), and Teardrop.
Its current targets include TerraMaster data storage units, web applications built on top of the Zend PHP Framework, and websites running the Liferay Portal content management system.
The Rogue malware targets Android devices with a keylogger, allowing attackers to monitor the use of websites and apps to steal login credentials and other sensitive data.
Thirty-five percent of breaches were linked to ransomware attacks, resulting in tremendous financial cost, while 14 percent of breaches were the result of email compromises, according to Tenable.
The FBI has issued a warning on ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees.
The rapid transition to remote working, more use of digital technology has exposed organizations to higher risks of cyberattacks, making it the biggest concern for chief executives globally.