The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Coast Guard Cyber Command (CGCYBER) have shared new details on in-the-wild attacks targeting a recently patched flaw in Zoho’s ManageEngine ADSelfService Plus product.
GoDaddy Breach Exposes 1.2 Million Managed WordPress Customer Accounts
Domain registrar and web hosting giant GoDaddy has been hacked and customer data for some 1.2 million WordPress users were exposed to the attacker for more than three months.
Wind Turbine Giant Vestas Fending Off Cyberattack
Danish wind turbine giant Vestas Wind Systems has been hit by what appears to be a ransomware attack that took out parts of its internal IT infrastructure and caused unspecified data compromise.
New ‘SharkBot’ Android Banking Malware Hitting U.S., UK and Italy Targets
A new Android banking trojan has been found, targeting international banks from the United Kingdom and Italy (including in the U.S.). and five different cryptocurrency services. Twenty-two instances have been discovered, but more are expected.
Supply Chain Security Fears Escalate as Iranian APTs Caught Hitting IT Services Sector
Fears of software supply chain attacks escalated again this week with a new warning from Microsoft that it has caught Iranian threat actors breaking into IT services shops in India and Israel and using that access to hit the real targets.
Cloud Data Protection Startup Laminar Closes $32M Funding Round
Public cloud data protection provider Laminar on Wednesday emerged from stealth with $32 million in Series A funding. To date, the startup has raised $37 million in venture capital investments.
The new investment round was led by Insight Partners. Meron Capital, SentinelOne, and TLV Partners also participated.
Chrome 96 Plugs High-Risk Browser Flaws
Google this week announced the availability of Chrome 96 in the stable channel with fixes for 25 security flaws, including 18 bugs reported by external security researchers.
Mandiant Attributes Ghostwriter APT Attacks to Belarus
The Belarusian government is at least partially responsible for the Ghostwriter disinformation campaign, according to security researchers at the Mandiant Threat Intelligence team.
Blacksmith: Rowhammer Fuzzer Bypasses Existing Protections
A group of security researchers devised a new attack that completely bypasses the existing mitigations against the Rowhammer vulnerability in dynamic random-access memory (DRAM) chips.
GitHub Confirms Another Major NPM Security Defect
Microsoft-owned GitHub is again flagging major security problems in the npm registry, warning that a pair of newly discovered vulnerabilities continue to expose the soft underbelly of the open-source software supply chain.