Clicky

Most Frequently Exploited CVEs Listed

Governance & Risk Management , Patch Management Experts Say Advisory Highlights Vulnerability Management Challenges Dan Gunderman (dangun127) • July 30, 2021     Source: CISA A joint cybersecurity advisory issued by several agencies this week highlighting the ongoing exploits of longstanding software vulnerabilities illustrates the woeful state of patch management, security experts say. See Also: …

Most Frequently Exploited CVEs Listed Read More »

New destructive Meteor wiper malware used in Iranian railway attack

A new file wiping malware called Meteor was discovered used in the recent attacks against Iran’s railway system. Earlier this month, Iran’s transport ministry and national train system suffered a cyberattack, causing the agency’s websites to shut down and disrupting train service. The threat actors also displayed messages on the railway’s message boards stating that trains …

New destructive Meteor wiper malware used in Iranian railway attack Read More »

Ransomware Changes: DoppelPaymer Rebrands; Babuk Evolves

Business Continuity Management / Disaster Recovery , Cybercrime , Fraud Management & Cybercrime New ‘Pay or Grief’ CryptoLocking Malware Is DoppelPaymer in Disguise, Experts Say Mathew J. Schwartz (euroinfosec) • July 30, 2021     The Grief ransomware operation’s dedicated data leak site (victims’ names redacted) The ransomware landscape constantly changes, which can make it …

Ransomware Changes: DoppelPaymer Rebrands; Babuk Evolves Read More »

Iranian Hackers Posed as Aerobics Instructors to Target Aerospace Employees

TA456 was discovered as the perpetrator of a social engineering and targeted malware campaign on behalf of the Iranian government after spending years impersonating an aerobics instructor on Facebook, according to Proofpoint.  The Iranian state-sponsored cybercrime gang developed a contact with an employee working at a subsidiary of an aerospace defense contractor using the social …

Iranian Hackers Posed as Aerobics Instructors to Target Aerospace Employees Read More »

What is a DDoS Extortion Attack and How do you Respond to it?

DDoS extortion attacks have skyrocketed over the past year and are expected to trend upwards in the future too. DDoS attacks aren’t new threats. However, cybercriminals are leveraging these attacks to extort money from organizations by causing downtimes and preventing legitimate users from accessing the web application. With the global pandemic forcing organizations to adopt …

What is a DDoS Extortion Attack and How do you Respond to it? Read More »

ACSC, allies list top 30 routinely exploited vulnerabilities

The Australian Cyber Security Centre (ACSC), Cybersecurity and Infrastructure Security Agency (CISA), United Kingdom’s National Cyber Security Centre (NCSC) and Federal Bureau of Investigation (FBI) have released a joint cybersecurity advisory, highlighting the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by cyber actors in 2020 and those vulnerabilities being widely exploited thus far in 2021. Cyber actors …

ACSC, allies list top 30 routinely exploited vulnerabilities Read More »

China ‘propped the doors open’ for criminals in Microsoft hack, Australian spy agency boss says | China

Australia’s top cyber spy says China’s actions in the hack of Microsoft Exchange email server software were akin to propping open the doors of thousands of homes and leaving them ajar for criminals to get inside. Rachel Noble, the director general of the Australian Signals Directorate (ASD), drew the analogy as she said the Chinese …

China ‘propped the doors open’ for criminals in Microsoft hack, Australian spy agency boss says | China Read More »

Researchers Describe Windows 11 Preview Scam

Fraud Management & Cybercrime , Fraud Risk Management Malware Distributed Using Fake Windows Installer Prajeet Nair (@prajeetspeaks) • July 27, 2021     Unofficial Windows 11 downloads hide malware. (Source: Kaspersky) Although Microsoft is slated to release the Windows 11 operating system in December, it’s already available for a limited pre-release preview. And cybercriminals are …

Researchers Describe Windows 11 Preview Scam Read More »

Are we taking zero trust too far in cybersecurity? | #government | #hacking | #cyberattack | #cybersecurity | #infosecurity | #hacker | National Cyber Security

Aug. 1—Depending on who you talk to, zero trust is a new concept for stopping data breaches, the preferred network architecture for cybersecurity, the most secure model for online interactions, the best security framework or even a mantra for life — and its influence is growing rapidly. Wherever you turn, experts and thought leaders are …

Are we taking zero trust too far in cybersecurity? | #government | #hacking | #cyberattack | #cybersecurity | #infosecurity | #hacker | National Cyber Security Read More »

9 Ransomware Enablers – And Tactics for Combating Them

Fraud Management & Cybercrime , Governance & Risk Management , IT Risk Management Patch Management and Locking Down Remote Desktop Protocol Remain Essential Defenses Mathew J. Schwartz (euroinfosec) • July 29, 2021     Buyers’ and sellers’ listings on darknet forums for access to organizations’ networks (Source: Positive Technologies) Ransomware operations continue to thrive thanks …

9 Ransomware Enablers – And Tactics for Combating Them Read More »

Scroll to Top 200return