Welcome to "Cyber Fail" - ISMG's roundup of all that's broken in the world of cybersecurity, where our panel of experts uncovers the fails so we can strengthen our defenses. In this episode, ISMG host Anna Delaney takes on bumbling cybercrooks, avoidable breaches and the ethics of paying a ransom.
A data security startup led by a Microsoft and Google veteran and backed by Samsung and CrowdStrike could soon be acquired by Palo Alto Networks. The company is in advanced talks to buy data security posture management startup Dig Security for between $300 million and $400 million.
A recent, brief disruption at Canadian airports is a reminder that Russia-aligned hacking groups' bark remains worse than their bite. Experts say these groups' impact largely remains minimal, which begs the question of how they disrupted arrival kiosks across Canadian airports.
It turns out SIEM isn't on life support after all. Cisco is providing 28 billion reasons to believe enterprises aren't scrapping the security operations center staple anytime soon, even though rivals with other types of security technology have attempted to write SIEM's obituary for years.
What's behind the profusion of reported attacks involving stolen or reused strains of ransomware? Blame a variety of factors, including law enforcement crackdowns, evolving ransomware business models and at least one case of a ransomware group leader with poor morale-building skills.
The demand for DDoS-for-hire services has surged significantly in recent years. Cameron Schroeder, chief of the Cyber and Intellectual Property Crimes Section at the U.S. Attorney’s Office, said the increase is driven by accessibility, ease of use and the need for only minimal technical proficiency.
Is the Akira ransomware story coming to an end? Security researchers say the group was competing in a competition designed by Royal to give it a new cryptolocker - but lost. Even with a free decryptor now available for Akira victims, however, it's too soon to say if the group might be doomed.
While self-proclaimed Russian hacktivist groups such as KillNet, Tesla Botnet and Anonymous Russia claim they're wreaking havoc on anti-Moscow targets, a fresh analysis of their attacks finds that despite rampant self-promotion, their real-world cybersecurity impact is typically negligible.
Pro-Russian and self-declared "hacktivist" group Anonymous Sudan appears to use expensive online infrastructure to perpetuate distributed denial-of-service attacks, undermining its claim to be a volunteer group operating from an impoverished East African country.
The litany of outages plaguing Azure and Microsoft 365 in recent weeks stems from DDoS attacks carried out by a pro-Russian hacktivist group. The threat actor since early June has launched DDoS attacks from multiple cloud services and open proxy infrastructures thanks to its collection of botnets.
Versions of the Mirai botnet are targeting a vulnerability present in numerous Zyxel network devices. Zyxel patched the vulnerability in April but it's not clear how many users have applied the fix. Security experts warn the flaw appears to be exploited at a massive scale.
An obscure routing protocol codified during the 1990s has come roaring back to attention after researchers found a flaw that would allow attackers to initiate massive distributed denial-of-service attacks. Researchers from Bitsight and Curesec say they found a bug in Service Location Protocol.
Most of the healthcare organizations hit by distributed denial-of-service attacks by pro-Russia hacktivists in January have one or more level 1 trauma centers, indicating that the attackers aimed to disrupt care for the most critically ill and injured patients, according to a new government report.
Warning to criminals: Could that cybercrime service you're about to access really be a sting by law enforcement agents who are waiting to identify and arrest you? That's the message from British law enforcement agents, who say they're running multiple DDoS-for-hire sites as criminal honeypots.
Europe's cybersecurity agency predicts hackers will take advantage of the growing overlap between information and operational technologies in the transport sector and disrupt OT processes in a targeted attack. Ransomware will become a tool wielded for political and financial motivations, says ENISA.