Search results for: supply chain compromise

US agricultural co-op hit by ransomware, expects food supply chain disruption

New Cooperative Inc., an agricultural cooperative owned by Iowa corn and soy farmers, has been hit by the BlackMatter ransomware group. The attackers are asking the co-op to pay $5,900,000 for the decryption key and not to release the stolen data. What we know about the ransomware attack on New Cooperative? New Cooperative is one of the largest farm cooperatives in the US. They confirmed the attack on Monday and said that the “cybersecurity incident” … More

Beyond Identity’s solution secures the software supply chain against insider threats and malicious attacks

Beyond Identity announced a solution that closes a critical vulnerability and secures the software supply chain against insider threats and malicious attacks. Beyond Identity’s new Secure DevOps product establishes a simple, secure, and automated way to confirm that all source code entering a corporate repository and processed by the continuous integration/continuous deployment (CI/CD) pipeline is signed by a key that is cryptographically bound to a corporate identity and device. This ensures trust, integrity, and auditability … More

network

OSI Layer 1: The soft underbelly of cybersecurity

As traditional cybersecurity solutions improve, they push cyberattackers toward alternative paths. Layer 1 of the OSI model (i.e., the physical layer) has become a fertile ground for attacks and, effectively, the soft underbelly of cybersecurity. What forms do attacks on the hardware level take? Cyberattacks on the physical, hardware level happen when, for instance, a disgruntled employee plants a rogue device within the organization’s infrastructure and runs off with his now-former company’s proprietary information. There … More

Stellar Cyber collaborates with Pentio to offer its Open XDR platform to Japanese enterprise customers

Stellar Cyber announced its partnership with Pentio, an IT distributor that provides a full range of IT security products and services to companies of all sizes in Japan. Pentio will resell Stellar Cyber’s security operations platform and also provide first-level support for Japanese customers. “Pentio is a major Japanese IT products distributor, and we believe they can provide us with entry into the Japanese market as no other company can,” said Changming Liu, CEO and … More

week in review

Week in review: How CISSP can change a career, rural hospitals cybersecurity, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles and interviews: Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444) Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise Windows/Office users in “a limited number of targeted attacks,” Microsoft has warned. September 2021 Patch Tuesday forecast: It’s new operating system season Microsoft has released Server 2022 … More

Shreekant Thakkar

The role of automation in staying on top of the evolving threat landscape

In this interview with Help Net Security, Dr Shreekant Thakkar, Chief Researcher, Secure Systems Research Centre at TII, talks about the ever evolving threat landscape and how automation could improve the way organizations detect and respond to attacks. The modern cybersecurity threat landscape is evolving faster than ever, particularly threatening critical infrastructures. What is driving this trend? As more physical systems get integrated into digital world and more digital edge devices connect to the cloud, … More

Crypto exchanges and their customers must protect themselves as attacks continue

Within the past several years, cryptocurrency has gone from a niche hobby to a mainstream concern. Cryptocurrencies like Bitcoin, Ethereum, and even Dogecoin have generated widespread interest, particularly as their value has risen. This interest has penetrated well beyond financial speculators and into the public at large. The rise of these currencies has also generated interest among cybercriminals. Many cryptocurrency exchanges have been compromised over the past several years, with cybercriminals making off with significant … More

StrikeReady Recon now provides access to the most active campaigns targeting the Middle East

StrikeReady announced that it has updated StrikeReady Recon to provide access to the most active and in-the-wild campaigns, intrusions and attacks that are affecting the Middle East. With this intelligence, customers or prospects have a comprehensive understanding of the threats affecting them, thus enabling them to protect mission-critical systems. “Middle Eastern organizations are seeing an increase in attacks in the wild, where threat actors are using Malspam, Phishing, Supply Chain Compromise, and Remote Service Exploitation … More

cloud

Enterprising criminals are selling direct access to cloud accounts

Lacework released its cloud threat report, unveiling the new techniques and avenues cybercriminals are infiltrating to profit from businesses. The rapid shift of applications and infrastructure to the cloud creates gaps in the security posture of organizations everywhere. This has increased the opportunities for cybercriminals to steal data, take advantage of an organization’s assets, and to gain illicit network access. “It’s in enterprises’ best interest to start thinking of cybercriminals as business competitors,” said James … More

risk

Getting ahead of a major blind spot for CISOs: Third-party risk

For many CISOs and security leaders, it was not long ago that their remit focused on the networks and digital ecosystems for their organization alone. In today’s digital world, those days are a thing of the past with a growing number of businesses relying on third-party vendors to scale, save time and outsource expertise in order to stay ahead. With this change, new security risks affiliated with third-party vendors are more prevalent than ever before. … More

money

The consumerization of the Cybercrime-as-a-Service market

The Cybercrime-as-a-Service (CCaaS) market has matured over the past few years. What began as a few lone rogue hackers selling zero-days and user credentials in IRC chatrooms or darknet forums has now evolved into professional and commercial entities. A massive injection of money has created huge incentives for criminals, and acted as a catalyst for professionalization and increasing specialization in the CCaaS marketplace. A diverse range of cybercrime offerings caters to anyone with sufficient cryptocurrency: … More

idea

Cybersecurity market soaring as threats target commercial and govt organizations

Over the past year, it’s been impossible to ignore the rising tide of threats targeting government and commercial organizations around the world, and the cybersecurity market is reacting. Ransomware, for one, increased 148% year over year with an estimated 2.9 million ransomware attacks so far in 2021, Momentum Cyber reveals. Beyond the numbers, these attacks have manifested in significant and increasingly concerning ways. There was the disruption of the flow of nearly half of the … More