Earlier this month, McAfee Enterprise's Advanced Threat Research team, working with McAfee's Professional Services IR team, reported that an APT campaign dubbed Operation Harvest had been in operation for years. Their analysis provides insight into the group's tools, tactics and techniques.
Like his peer CISOs, Amit Basu of International Seaways is concerned about complexity and the shifting landscape. But not just the threat landscape – he also is challenged by the shifting dynamics of business priorities and processes, as well as what "protection" in this new environment now entails.
Alaska's Department of Health and Social Services says it is notifying "all Alaskans" that their personal and protected health information may have been compromised in a nation-state-sponsored cyberattack that was detected in May, from which the department is still recovering.
CISA must update its plans to improve the security - both physical and cyber - within the nation's critical infrastructure, according to a report that specifically looked at issues related to the country's dams and levees. Attacks targeting critical infrastructure have raised the issue.
The Biden administration may soon unveil plans to curtail the ransomware attacks that have crippled corporate networks this year. According to a report from The Wall Street Journal, the Treasury Department will announce sanctions and similar guidance designed to disrupt the ransomware model.
Score one for the good guys in the fight against ransomware: Anyone who fell victim to REvil, aka Sodinokibi, crypto-locking malware before July 13 can now decrypt their files for free, thanks to a decryptor released by security firm Bitdefender.
The latest edition of the ISMG Security Report features an analysis of the state of the Biden administration's efforts to disrupt ransomware attackers, as well as how a newly patched Apple iMessage flaw was being targeted by Pegasus spyware to effect zero-click exploits.
Regarding the recent tactical innovation by the Grief ransomware gang that is threatening to wipe a victim's data and decryption key if the victim engages a ransom negotiator, analysts are calling this a desperate ploy to scare a target into paying the ransom demand.
The Republican Governors Association was one of several U.S. organizations targeted in March when a nation-state group took advantage of vulnerabilities in Microsoft Exchange email servers, according to a breach notification letter filed with Maine authorities. It appears some PII was exposed.
Senior U.S. officials say that there have been no signs that Moscow has begun to crack down on ransomware-wielding criminals operating from inside Russia's borders. President Biden has called on Russia to act responsibly, and U.S. intelligence has been sharing information on top suspects.
Federal regulators are alerting healthcare and public health sector entities of the "elevated threat" for potential ransomware attacks by BlackMatter, despite the gang's purported claims that it is not targeting "critical infrastructure" organizations, such as hospitals.
A bipartisan group of lawmakers wants to better insulate the director of CISA from political pressure by giving the role a defined five-year term that could keep the agency's leader in place even when presidential administrations change. Currently, the position of CISA director lacks a set term.
Security experts say the notorious REvil - aka Sodinokibi - ransomware-as-a-service operation, which went dark in July, appears to be back in business. The group's data leak site and payment portal are back online, and one expert says the group appears to have begun amassing new victims.
Nine months after discover of the attack that targeted SolarWinds and clients of its network monitoring tool, the incident continues to spur investigations into what happened. The SEC is reportedly probing those businesses involved, and lawmakers want answers about the breach of DOJ emails.
A recently discovered backdoor named Sidewalk has been linked to Grayfly, the espionage arm of the China-linked group called APT41, and used to strike telcos and other organizations in the U.S., Taiwan, Vietnam and Mexico, Symantec researchers say.