NIST selects four encryption algorithms designed to withstand future quantum computing hacking threats and underpin its future cryptography standards by 2024
For years, the National Institute for Standards and Technology have been working on a project to identify and vet a handful …
The CISA and US Coast Guard Cyber Command warn companies of Log4Shell exploits in the wild, citing one incident of threat actors exfiltrating over 130GB of data
The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) …
Microsoft identifies a destructive malware operation targeting Ukrainian organizations; the malware looks like ransomware but lacks a ransom recovery mechanism
European Union simulated a cyber attack on a fictitious Finnish power company Vilius Petkauskas / cybernews.com : Belarus state hackers suspected behind Ukraine cyberattack Grugq /...
US Cyber Command says malware group MuddyWater is tied to Iranian intelligence, the first time the US government has publicly linked the threat actor to Tehran
U.S. Cyber Command on Wednesday revealed that a hacking group reputed for its cyberespionage campaigns is actually part of Iran's intelligence apparatus. Source: U.S. Cyber Command...
A vulnerability in the Apache log4j Java logging library allows for remote code execution, impacting Steam, iCloud, Minecraft, and other services
A few hours ago, a -day exploit in the popular Java logging library, log4j, was tweeted along with a POC posted on GitHub that results …
CISA warns of malware discovered in npm package UAParser.js, which has 6M-7M downloads weekly, that installs a password stealer and a crypto miner
A massively popular JavaScript library (npm package) was hacked today and modified with malicious code that downloaded and installed … Source: GitHub , CISA , and GitHub .
President Biden says he has directed US intelligence agencies to investigate the Kaseya ransomware attack and adds “we're not certain” who is behind the attack
Trevor Hunnicutt / Reuters :
In a post on the REvil dark web blog, the gang takes credit for the Kaseya attack, claims it infected 1M+ systems, and demands $70M in bitcoin for the decryptor
The REvil ransomware gang is asking for a $70 million ransom payment to publish a universal decryptor that can unlock …
REvil is pushing ransomware via an update for Kaseya's IT management software, hitting hundreds of managed service providers with thousands of customers
A massive REvil ransomware attack affects multiple managed service providers and their clients through a reported Kaseya supply-chain attack.
REvil is pushing ransomware via an update for Kaseya's IT management software, hitting eight or more large managed service providers with thousands of customers
A massive REvil ransomware attack affects multiple managed service providers and their clients through a reported Kaseya supply-chain attack.
Microsoft: hackers behind SolarWinds recently breached State Dept. aid agency to send emails with malicious code to 150 orgs, including NGOs critical of Putin
Microsoft reported that it had detected the intrusion and that the same hackers behind the earlier SolarWinds attack were responsible.
Microsoft says SolarWinds hackers seized an email system used by State Department's international aid agency to breach NGOs and organizations critical of Putin
Microsoft reported that it had detected the intrusion and that the same hackers behind the earlier SolarWinds attack were responsible.
The DOJ says the FBI performed a court-approved operation to “copy and remove malicious web shells” on hundreds of hacked Exchange servers across the US
The FBI obtained court approval to access vulnerable computers across the United States. — Joseph Cox
In its April batch of patches, Microsoft fixes 108 flaws, including 19 “critical” flaws, five 0-days, and four NSA-discovered critical Exchange flaws
Today is Microsoft's April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities.
CISA, FBI say an Iran-linked APT targeted unsecured state election websites to harvest US voter info used to send threatening emails to some Democratic voters
Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data Raphael Satter / Reuters : U.S. says Iranian hackers behind threatening emails accessed voter ...
CISA, FBI say an Iran-linked APT targeted unsecured state election websites to harvest US voter info used to send threatening emails to some Democratic voters
DHS CISA and the FBI today shared more info on how an Iranian state-sponsored hacking group was able to harvest voter registration info …
CISA: hacking groups linked to China's Ministry of State Security have exploited F5, Citrix, Pulse Secure, and Microsoft Exchange bugs to hack US gov't networks
Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity Ravie Lakshmanan / The Hacker News : CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Age...
Several US agencies jointly share details on a North Korean hacking campaign, as US-provided attribution for nation state-led cyber attacks becomes more common
Malicious wares are used in attacks to steal money and conduct other illegal activities. — The US Pentagon, the FBI …
Microsoft knows about an actively exploited bug in Internet Explorer on all Windows versions but likely won't have a fix until the next Patch Tuesday on Feb. 11
Zack Whittaker / TechCrunch :
Microsoft knows about an actively exploited bug in Internet Explorer on all Windows versions, but likely won't have a fix until the next Patch Tuesday on Feb 11
Microsoft has confirmed a security flaw affecting Internet Explorer is currently being used by hackers, but that it has no immediate plans to fix.