Displaying items by tag: Mandiant

The NSW transport authority, Transport for NSW, says it has been hit by a second network attack which took aim at the online application used by vehicle examiners to conduct roadworthy inspections.

Security firm Mandiant has released details about a threat actor it has named UNC3524, which infiltrates and resides for long periods in Windows environments where it can collect emails in bulk. The active backdoor is named QUIETEXIT and it is based on the Dropbear SSH client-server software which is generally used in environments with low memory and processor resources.

Security firm Mandiant says it has not mentioned any zero-day exploit usage by Western government agencies in a report about incidents in 2021 because it did not find any exploits which it could identify with reasonable confidence as coming from these sources.

COMPANY NEWS: Mandiant today announced the findings of Mandiant M-Trends 2022, an annual report that provides timely data and insights based on Mandiant frontline investigations and remediations of high-impact cyber attacks worldwide. The 2022 report––which tracks investigation metrics between 1 October 2020 and 31 December 2021—reveals that while significant progress has been made in threat detection and response, Mandiant continues to see adversaries innovate and adapt to achieve their mission in targeted environments.

GUEST RESEARCH: Mandiant has published new research on a set of “exceptionally rare and dangerous cyber attack” tools, called Incontroller.

Proprietary video-telephony software company Zoom has abruptly sacked security researcher Bill Demirkapi who was working for the company's red team.

Search giant Google has announced it will acquire the security firm Mandiant for US$5.4 billion (A$7.4 billion) in an all-cash transaction, adding that the firm will join Google Cloud after the acquisition is complete.

Security, performance, and reliability company Cloudflare partners with cyber insurance companies to help businesses manage their risks online.

Cyber defence specialist Mandiant is now operating from cloud-based infrastructure within Australia.

Investors in SolarWinds have sued the directors of the company, claiming they were aware of the risks that the firm's software posed but failed to act to prevent devastating attacks that came to light last year.

A widely deployed SSL VPN device known as Pulse Secure Connect has been revealed to have a serious vulnerability, with a Common Vulnerability Scoring System score of 10, the maximum possible, that can be exploited remotely.

Microsoft and security firm FireEye's Mandiant Threat Intelligence division have published further details about the SolarWinds attacks, but neither company has fully verified the claims they make.

Security firm Qualys has become the latest to be affected by a breach of a file transfer system manufactured by the firm Accellion, the company says.

Transport for NSW has been hit by an attack on a file transfer system manufactured by the firm Accellion, the agency says.

Cyber security firm FireEye has released new guidance for those who have been compromised by the SolarWinds attackers to harden their environments and remediate areas where attacks are feared.

Whenever FireEye, the cyber security firm that just had its crown jewels compromised, publishes a report on some activity by malicious attackers, it always issues a judgment on where they come from – with high confidence most of the time.

Security outfit FireEye has renamed its expertise- and intelligence-backed offerings to its threat intelligence unit, Mandiant, raising the possibility that it may look to sell this unit, one which it acquired in 2013 for about US$1 billion.

Well-known Google security researcher Tavis Ormandy has taken a swipe at security industry veteran Richard Bejtlich, after the latter chided him for releasing details about a vulnerability in Microsoft software after the 90-day period normally given for patching expired.

The FIN6 cyber crime group, that has in the past been involved in stealing payment card data, has allegedly expanded its activities to deploying Windows ransomware, the security firm FireEye claims.

The British Information Commissioner's Office has hit American credit information provider Equifax with a fine of £500,000 (A$909,321) over a data breach which the US firm disclosed on 7 September 2017 and which it said had occurred between mid-May and July that year. Passwords of British customers were stored in plain text, the ICO said.