Governance & Risk Management , Patch Management Experts Say Advisory Highlights Vulnerability Management Challenges Dan Gunderman (dangun127) • July 30, 2021 Source: CISA A joint cybersecurity advisory issued by several agencies this week highlighting the ongoing exploits of longstanding software vulnerabilities illustrates the woeful state of patch management, security experts say. See Also:…
A new file wiping malware called Meteor was discovered used in the recent attacks against Iran’s railway system. Earlier this month, Iran’s transport ministry and national train system suffered a cyberattack, causing the agency’s websites to shut down and disrupting train service. The threat actors also displayed messages on the railway’s message boards stating that trains…
Business Continuity Management / Disaster Recovery , Cybercrime , Fraud Management & Cybercrime New ‘Pay or Grief’ CryptoLocking Malware Is DoppelPaymer in Disguise, Experts Say Mathew J. Schwartz (euroinfosec) • July 30, 2021 The Grief ransomware operation’s dedicated data leak site (victims’ names redacted) The ransomware landscape constantly changes, which can make it…
TA456 was discovered as the perpetrator of a social engineering and targeted malware campaign on behalf of the Iranian government after spending years impersonating an aerobics instructor on Facebook, according to Proofpoint. The Iranian state-sponsored cybercrime gang developed a contact with an employee working at a subsidiary of an aerospace defense contractor using the social…
DDoS extortion attacks have skyrocketed over the past year and are expected to trend upwards in the future too. DDoS attacks aren’t new threats. However, cybercriminals are leveraging these attacks to extort money from organizations by causing downtimes and preventing legitimate users from accessing the web application. With the global pandemic forcing organizations to adopt…
The Australian Cyber Security Centre (ACSC), Cybersecurity and Infrastructure Security Agency (CISA), United Kingdom’s National Cyber Security Centre (NCSC) and Federal Bureau of Investigation (FBI) have released a joint cybersecurity advisory, highlighting the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by cyber actors in 2020 and those vulnerabilities being widely exploited thus far in 2021. Cyber actors…
Australia’s top cyber spy says China’s actions in the hack of Microsoft Exchange email server software were akin to propping open the doors of thousands of homes and leaving them ajar for criminals to get inside. Rachel Noble, the director general of the Australian Signals Directorate (ASD), drew the analogy as she said the Chinese…
Fraud Management & Cybercrime , Fraud Risk Management Malware Distributed Using Fake Windows Installer Prajeet Nair (@prajeetspeaks) • July 27, 2021 Unofficial Windows 11 downloads hide malware. (Source: Kaspersky) Although Microsoft is slated to release the Windows 11 operating system in December, it’s already available for a limited pre-release preview. And cybercriminals are…
Aug. 1—Depending on who you talk to, zero trust is a new concept for stopping data breaches, the preferred network architecture for cybersecurity, the most secure model for online interactions, the best security framework or even a mantra for life — and its influence is growing rapidly. Wherever you turn, experts and thought leaders are…
Fraud Management & Cybercrime , Governance & Risk Management , IT Risk Management Patch Management and Locking Down Remote Desktop Protocol Remain Essential Defenses Mathew J. Schwartz (euroinfosec) • July 29, 2021 Buyers’ and sellers’ listings on darknet forums for access to organizations’ networks (Source: Positive Technologies) Ransomware operations continue to thrive thanks…
