Governance & Risk Management , Patch Management Experts Say Advisory Highlights Vulnerability Management Challenges Dan Gunderman (dangun127) • July 30, 2021     Source: CISA A joint cybersecurity advisory issued by several agencies this week highlighting the ongoing exploits of longstanding software vulnerabilities illustrates the woeful state of patch management, security experts say. See Also:

A new file wiping malware called Meteor was discovered used in the recent attacks against Iran’s railway system. Earlier this month, Iran’s transport ministry and national train system suffered a cyberattack, causing the agency’s websites to shut down and disrupting train service. The threat actors also displayed messages on the railway’s message boards stating that trains

Business Continuity Management / Disaster Recovery , Cybercrime , Fraud Management & Cybercrime New ‘Pay or Grief’ CryptoLocking Malware Is DoppelPaymer in Disguise, Experts Say Mathew J. Schwartz (euroinfosec) • July 30, 2021     The Grief ransomware operation’s dedicated data leak site (victims’ names redacted) The ransomware landscape constantly changes, which can make it

TA456 was discovered as the perpetrator of a social engineering and targeted malware campaign on behalf of the Iranian government after spending years impersonating an aerobics instructor on Facebook, according to Proofpoint.  The Iranian state-sponsored cybercrime gang developed a contact with an employee working at a subsidiary of an aerospace defense contractor using the social

DDoS extortion attacks have skyrocketed over the past year and are expected to trend upwards in the future too. DDoS attacks aren’t new threats. However, cybercriminals are leveraging these attacks to extort money from organizations by causing downtimes and preventing legitimate users from accessing the web application. With the global pandemic forcing organizations to adopt

The Australian Cyber Security Centre (ACSC), Cybersecurity and Infrastructure Security Agency (CISA), United Kingdom’s National Cyber Security Centre (NCSC) and Federal Bureau of Investigation (FBI) have released a joint cybersecurity advisory, highlighting the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by cyber actors in 2020 and those vulnerabilities being widely exploited thus far in 2021. Cyber actors