Diving into the Colonial Pipeline ransomware attack - culprits, impact, recovery, and the increasing political firestorm it’s triggered - is the focus of the latest edition of the ISMG Security Report. Security leaders weigh in on the attack's significance and potential long-term ramifications.
President Joe Biden signed an extensive executive order Wednesday that describes the government's plan to increase cybersecurity protection across the public and private sectors as well as secure the nation's infrastructure against the type of attack that targeted SolarWinds and its customers.
In April, Cybereason published a blog describing its research into the DarkSide ransomware strain that infected Colonial Pipeline this past week. Sam Curry, CSO of Cybereason, shares insights on DarkSide and the tactics behind the new breed of ransomware attacks.
An ongoing advanced persistent threat campaign dubbed "Operation TunnelSnake" has been using a Windows rootkit named Moriya to deploy a passive backdoor to spy on victims, the security firm Kaspersky reports.
Gregory Touhill, the retired Air Force general and former federal CISO under President Obama, minces no words when he describes the Colonial Pipeline ransomware attack as a "global day of reckoning" for critical infrastructure protection.
Tom Kellerman of VMware Carbon Black shares his opinions about whether a nation-state was behind the recent ransomware attack on Colonial Pipeline and what the U.S. government should do to prevent other cyberattacks.
U.S. and U.K. cybersecurity, law enforcement and intelligence agencies issued a joint advisory Friday offering detailed information on how to defend against the activities of the Russian Foreign Intelligence Service, or SVR, in the wake of the 2020 SolarWinds supply chain attack.
Iran's Islamic Revolutionary Guard Corps was behind a ransomware campaign that used a contracting company called "Emen Net Pasargard" to target more than a dozen organizations, according to the security firm Flashpoint. But could cyberespionage be the campaign's true mission?
An attack group, likely based in China, recently conducted a spear-phishing attack against a defense contractor that develops nuclear submarine technology for the Russian Navy, according to the security firm Cybereason.
The NSA is offering operational technology security guidance for the Defense Department as well as third-party military contractors and others in the wake of the SolarWinds supply chain attack. The agency notes that attackers could use IT exploits to pivot to OT systems.
CISA is investigating whether five U.S. government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior official. Security researchers believe that at least two nation-state groups have been attempting to exploit these flaws.
The latest edition of the ISMG Security Report features an analysis of British spy chief Jeremy Fleming’s "cybersecurity call to arms." Also featured: Insights on COVID-19 business continuity planning; the wisdom of the late Dan Kaminsky.
A Chinese advanced persistent threat group known as Naikon deployed a new malware backdoor to wage a lengthy cyberespionage campaign against military organizations in Southeast Asia, security firm Bitdefender reports.
An ongoing disinformation campaign dubbed "Ghostwriter," which leverages compromised social media accounts, is targeting several NATO member countries in Europe, attempting to undermine confidence in the defensive organization as well as spread discord in Eastern Europe, according to FireEye.
The FBI and CISA are warning of continued cyberthreats stemming from Russia's Foreign Intelligence Service, or SVR, which the Biden administration formally accused of carrying out the SolarWinds supply chain attack. A joint alert describes how Russian attackers are targeting vulnerable networks.