Cyberespionage Campaign in Ukraine Uses Free and Custom RATs

Cyberespionage Campaign in Ukraine Uses Free and Custom RATs

Security researchers have been tracking a sustained cyberespionage campaign against Ukrainian government institutions that uses a combination of free and custom-made remote access Trojans (RATs). The malware programs involved in the years-long campaign are Quasar RAT, Sobaken RAT and Vermin and have been documented before, either as standalone threats or ... Read More
Cybersecurity Job Seekers

Cybersecurity Job Seekers: Go West (or South)

Job seekers looking to get into the cybersecurity field: Now is the time. Talented cybersecurity candidates are in such high demand that hiring managers are having trouble closing the deal when they present job offers. Unemployment is so low that if companies aren’t willing to offer raises, employees will quit and ... Read More
VPNFilter Attack Hits Chlorine Plant in Ukraine

VPNFilter Attack Hits Chlorine Plant in Ukraine

Ukraine’s internal security agency, the SBU, reports blocking a VPNFilter attack against a plant that produces liquid chlorine used for treating the water supply in the country. The SBU has not provided technical details about the attack, but said that it targeted the networking equipment of the “Aul Chlorotransfer Station” in ... Read More
Security Boulevard's 5 Most Read Stories for the Week, July 9-13

Security Boulevard’s 5 Most Read Stories for the Week, July 9-13

A new week, a new crop of security stories. Last week, Privacy in Public Places, Fileless Malware, Spam Bots and Fake Accounts and Cryptomining Worm MassMiner made headlines. Also, we offered some insight into Securing the Network—and Your Organization’s Future. Missed out on any of the news? Here are the ... Read More
Criminals Use Jackpotting Attack

CPU Speculative Execution Hits Again with 2 New Spectre Variants

At the beginning of this year, the Spectre and Meltdown vulnerabilities shined a spotlight on the security risks associated with the speculative execution feature of modern CPUs. Since then, researchers have kept digging and found new issues, the latest additions being two new variants of the Spectre flaw dubbed Spectre ... Read More
Protect Tomorrow's Critical Infrastructure

How to Protect Tomorrow’s Critical Infrastructure

Imagine a city the size of London thrown into chaos, as public transport grinds to a halt and traffic lights stop functioning. This is no longer the stuff of nightmares or the scenario of a disaster movie but a prospect that is getting more likely every day. Critical infrastructure facilities, ... Read More
Cisco Report Cyber Attacks

Dark Market Shop Sells RDP Access to Airport System for $10

Stolen or brute-forced remote desktop protocol (RDP) credentials have played a central role in many data breaches over the years and cybercriminals have made a business out of selling them on the underground market. For as little as $3, hackers can buy remote access into sensitive systems belonging to businesses, ... Read More
Mitigating Risks of Shadow IT

Mitigating Risks of Shadow IT with CASBs

According to the RightScale “2018 State of the Cloud Report,” 81 percent of companies are now using the cloud, an indication that it has more than delivered on its promises of efficiency, convenience and cost optimization. Despite mass adoption, there are recognizable security gaps resulting from both misconfiguration issues and ... Read More
SolarWinds Acquires Trusted Metrics

SolarWinds Acquires Trusted Metrics

SolarWinds moved to expand its portfolio of security technologies by acquiring Trusted Metrics, a provider of real-time threat monitoring and management software. SolarWinds immediately then launched SolarWinds Threat Monitor, a tool for detecting suspicious activity and malware by aggregating asset data, security events, host intrusion detections and network intrusion detections ... Read More
Criminals Use Jackpotting Attack

Microsoft Fixes 54 Vulnerabilities on July’s Patch Tuesday

Microsoft fixed 54 vulnerabilities across its products July 10 as part of its monthly patch cycle. Seventeen of those flaws are rated critical and three of them have been publicly disclosed before the patches were released. In terms of impact, nearly half of the flaws—27—can lead to remote code execution ... Read More