[TheRecord] Meet Prometheus, the secret TDS behind some of today’s malware campaigns

A recently discovered cybercrime service is helping malware gangs distribute their malicious payloads to unsuspecting users using a network of hacked websites. Named Prometheus, the service is what security researchers call a “traffic distribution system,” also known as a TDS. How the Prometheus TDS works Consisting of a network of hacked websites, Prometheus provides on-demand servers […]

Read More

[TheRecord] Microsoft announces new ‘Super Duper Secure Mode’ for Edge

Microsoft said today it plans to run an experiment in its Edge web browser where it will intentionally disable an important performance and optimization feature in order to enable more advanced security upgrades in what the company is calling Edge Super Duper Secure Mode. Announced today by Johnathan Norman, Microsoft Edge Vulnerability Research Lead, the idea behind […]

Read More

[TheRecord] Amazon and Google patch major bug in their DNS-as-a-Service platforms

At the Black Hat security conference today, two security researchers have disclosed a security issue impacting hosted DNS service providers that can be abused to hijack the platform’s nodes, intercept some of the incoming DNS traffic, and then map customers’ internal networks. Discovered by Shir Tamari and Ami Luttwak from cloud security company Wiz, the vulnerability highlights the […]

Read More

[TheRecord] White House sees ‘sign’ in new ransomware group’s pledge

A senior White House official on Wednesday said remarks by a new Russia ransomware gang that it wouldn’t target U.S. critical infrastructure is a sign that the administration’s calls for the Kremlin to crack down on cybercriminals is working. In an interview with a Recorded Future analyst published by The Record, representatives from BlackMatter — […]

Read More

[TheRecord] INFRA:HALT vulnerabilities affect OT devices from more than 200 vendors

Security researchers have disclosed today 14 vulnerabilities that impact a popular TCP/IP library commonly used in industrial equipment and Operational Technology (OT) devices manufactured by more than 200 vendors. Collectively referred to as INFRA:HALT, the 14 vulnerabilities have been found as part of a joint research effort by the security teams at Forescout and JFrog. Project […]

Read More

[TheRecord] NSA, CISA publish Kubernetes hardening guide

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published today a 59-page technical report containing guidance for hardening Kubernetes clusters. Initially developed by Google engineers and later open-sourced under the Cloud Native Computing Foundation, Kubernetes is one of today’s most popular container orchestration software. Used primarily inside cloud-based infrastructure, Kubernetes allows […]

Read More

[TheRecord] SEC Chair Gensler: Cryptocurrency market is ‘Wild West’ in need of more oversight

The nation’s top financial regulator on Tuesday highlighted the role Bitcoin and other cryptocurrencies play in the ransomware epidemic, and called on Congress to grant additional power to oversee the market for such digital assets. In his first extensive remarks on the subject since he assumed office in April, U.S. Securities and Exchange Commission Chair […]

Read More

[TheRecord] LemonDuck botnet evolves to allow hands-on-keyboard intrusions

Over the past two years, a once-tiny crypto-mining malware strain has evolved into a massive botnet and is now experimenting with hands-on-keyboard intrusions into hacked networks, signaling a dangerous turn that could see the group’s operators deliver ransomware or more dangerous threats in the coming future. Tracked as LemonDuck, the botnet was first spotted by Israeli […]

Read More

[TheRecord] Researchers decide ‘Hacker Summer Camp’ is too risky as Covid-19 cases spike

Every summer for decades, thousands of hackers have made the pilgrimage to Las Vegas for Black Hat and DEF CON—back-to-back security conferences affectionately known as by attendees as “Hacker Summer Camp.” Well, almost every summer.  The Covid-19 pandemic pushed both conferences online last year. This year, the conferences bet on the virus being contained enough […]

Read More

[TheRecord] Bipartisan report finds agencies plagued by cyber woes

Several major federal agencies continue to fail to address recurring cybersecurity vulnerabilities or implement basic standards that would protect the public’s sensitive information, according to the results of a new bipartisan congressional investigation. A review issued on Tuesday by the Senate Homeland Security Committee found that, despite years of warnings, agencies such as the State, […]

Read More