Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem.

Written by Tim Starks Jan 18, 2022 | CYBERSCOOP Ransomware is fundamentally about reaping massive profits from victims — payments were on pace to cross the billion-dollar threshold in 2021,…

Log4j flaw: This new threat is going to affect cybersecurity for a long time

If there ever was any doubt over the severity of the Log4j vulnerability, director of US cybersecurity and infrastructure agency CISA, Jen Easterly, immediately quashed those doubts when she described…

Malicious Exchange Server Module Hoovers Up Outlook Credentials

“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made. Researchers have uncovered a previously unknown malicious IIS module,…

Patch Tuesday December 2021 – Microsoft Fixes 67 Flaws, Including 6 Zero-Day Vulnerabilities

December’s Patch Tuesday comes with numerous security fixes and improvements, including two actively exploited zero-day vulnerabilities. The list features spoofing, denial of service, remote code execution, elevation of privilege, and…

IIS Extensible Web Server Used to Steal Microsoft Exchange Credentials

Cybercriminals are installing a new malicious add-on for the IIS web server on Microsoft Exchange Outlook Web Access (OWA) servers to collect login information and remotely perform commands on the…

In 2022, Expect More Supply Chain Pain and Changing Security Roles

If 2021 was the Year of Supply Chain Pain, 2022 will be the Year of Supply Chain Chronic Pain (or something worse than pain). This past year, the pain was…

How to Buy Precious Patching Time as Log4j Exploits Fly

Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed. Sure, Apache got a patch…

Court hands Microsoft control of websites linked to spying by Chinese hackers

Written by Tim Starks Dec 6, 2021 | CYBERSCOOP Microsoft obtained a court order to seize websites from a Chinese government-linked espionage group that was using the sites to attack…

Cuba Ransomware Gang Hauls in $44M in Payouts

The gang is using a variety of tools and malware to carry out attacks in volume on critical sectors, the FBI warned. The “Cuba” ransomware gang has settled into a…

Cuba Ransomware Nets Nearly $50m

Cuba Ransomware Nets Nearly $50m The threat actors behind the Cuba ransomware variant have already amassed $44m through targeting of at least 49 victims, according to the FBI. The bureau’s…