A new round of software attacks has raised another red flag concerning supply-chain security and the prevalence of third-party supply-chain targeting. Cybercriminals exploited four zero-day vulnerabilities in Accellion’s File Transfer Appliance (FTA) software, which was nearing End-of-Life (EoL) status, to access Accellion customers’ data. The attacks allegedly began in December 2020, and in the following two months victims received ransom notes from the cybercriminals who operate the “Clop” ransomware. The notes stated that the victims’ data would be exposed unless payments were made. These attacks mark a technical advancement for cybercriminal groups: Supply-chain attacks and exploitation of zero-day vulnerabilities are common, but are more typically the work of state-sponsored groups.
Four zero-day vulnerabilities in Microsoft Exchange Servers have been linked to more than 30,000 cyber atta...
Most Recent Flipbooks
The Federal Security Service of the Russian Federation (FSB) conducted a series of raids and arrests against at least 20 members of the "REvil" ransomware group.
Researchers have discovered a critical vulnerability in the popular open-source Java SQL database H2
For 2022, cyber-security practitioners must be extraordinarily nimble and adept. Plus information on telegram dropping malware, North Korean group exploits Russia, and Log4j crisis spilling in to 2022
Log4j bug exposes fragility of digital ecosystem worldwide. Plus information on Magecart home for the holidays, Emotet regaining power, and Muddywater APT group hunts for airline data via Slack.
Microsoft has allegedly halted a long-term cyber-espionage operation of “NICKEL”, a threat group linked to the People’s Republic of China (PRC).
Success of UK security bill depends on Internet of Things users
The well-established “Mozi” peer-to-peer (P2P) botnet has developed new persistence capabilities.