CyberSecure Specialist

13 Mar

Medusa Ransomware Gang Picks Up Steam as It Targets Companies Worldwide

Attacks, Malware

Organizations should initiate proactive measures to ensure they are protected from ransomware. The US DHS website, stopransomware.gov, has links to resources that help organizations protect their systems from intrusions that lead to ransomware. To protect against ransomware attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.•…

Read More
13 Mar

Essendant Facing Multi-Day Systems “Outage”

Attacks, Malware

Serving about 30,000 reseller customers, Essendant maintains inventories of more than 160,000 different products, including conventional office supplies, cleaning and break room supplies, office furniture, and technology. The systems outage will significantly impact the supply chain. Essendant has not yet disclosed the reason for this outage. It is unclear if it was a technical problem or the result of a cyber attack. Lately, we have seen different multi-day “outages,” including the incidents that happened in…

Read More
13 Mar

Be Cautious of AI-Generated YouTube Videos, Experts Warn

Attacks, Malware

To combat the dissemination of disinformation, experts advise individuals to exercise caution when watching videos that seem too good to be true and verify information from multiple sources. They also urge social media platforms to proactively identify and remove fraudulent content. Employing multi-factor authentication as well as avoiding clicking suspicious links from unknown sources is advised. https://thehackernews.com/2023/03/warning-ai-generated-youtube-video.html

Read More
13 Mar

Dark Pink APT group linked to new KamiKakaBot attacks in Southeast Asia

Data Breaches, Malware, Social Engineering

The recently identified Dark Pink advanced persistent threat (APT) group is likely behind a fresh set of KamiKakaBot malware attacks on ASEAN governments and military entities, according to Netherlands-based cybersecurity company EclecticIQ. The attacks, which took place in February, were “almost identical” to those reported by Singapore-based global cybersecurity firm Group-IB on January 11, ElectricIQ said. Multiple overlapping techniques used in the campaigns helped EclecticIQ analysts attribute the recent attacks as likely to be the…

Read More
13 Mar

NMFTA Appoints Cybersecurity Director to Help Protect Trucking Industry 

Information, News

The National Motor Freight Traffic Association (NMFTA) has appointed Antwan Banks as its director of enterprise security as the organization shifts focus to end-to-end security for the trucking industry. The NMFTA told SecurityWeek that this is a newly created position. Banks will lead the organization’s cybersecurity practice, and work with its partners and members to ensure the safety and security of the supply chain in the United States.  “As you can imagine, this is increasingly…

Read More
13 Mar

Blackbaud penalized $3M for not disclosing the full scope of ransomware attack

Data Breaches, Malware, Social Engineering

Software firm Blackbaud has agreed to pay a $3 million penalty for failing to disclose the full scope of the ransomware attack it suffered in 2020, according to the US Securities and Exchange Commission (SEC). South Carolina headquartered Blackbaud provides donor relationship management software to various non-profit organizations, including charities, higher education institutions, K-12 schools, healthcare organizations, religious organizations, and cultural organizations. The company detected unauthorized access to its systems on May 14, 2020, which…

Read More
13 Mar

6 reasons why your anti-phishing strategy isn’t working

Data Breaches, Malware, Social Engineering

Phishing attempts are typically like fishing in a barrel — given enough time, a bad actor is 100% likely to reel in a victim. Once they recognize organizations as habitually vulnerable, they will continue to target them and the barrel-fishing cycle goes on and on. “Bad actors are highly motivated and funded with the sole attempt to be successful at attracting only one victim,” says Johanna Baum, CEO and founder of Strategic Security Solutions Consulting.…

Read More
11 Mar

Cyber Madness Bracket Challenge – Register to Play

Information, News

As bracket-mania sweeps across the country for the 2023 NCAA Men’s Basketball Tournament, commonly referred to as “March Madness,” SecurityWeek will host its own “Cyber Madness” bracket challenge for those in the cybersecurity community to compete for a chance to win great prizes, earn bragging rights, and have some fun!  SecurityWeek’s Cyber Madness Bracket Challenge is a contest designed to bring the community together in a fun, competitive way through one of America’s top sporting…

Read More
11 Mar

Common WhatsApp scams and how to avoid them

Information

Here’s a roundup of some of the most common tricks that fraudsters use to dupe their victims on WhatsApp – and what you can do to protect yourself against them. With more than two billion users, WhatsApp offers a vast pool of potential targets for scammers. To make things more complicated, fraudsters aren’t known for resting on their laurels – instead, they’re learning new and sophisticated social engineering skills to entrap us in their trickery.…

Read More
11 Mar

APT hackers set a honeytrap to ensnare victims – Week in security with Tony Anscombe

Information

A request to move an online conversation to a supposedly more secure platform may not be as well-meaning as it sounds Have you ever been asked to move an online conversation to another – and supposedly more secure – platform? This technique, often used by romance scammers, was recently used against a number of Indian and Pakistani netizens, possibly with a military or political background. The targeted campaign – courtesy of the Transparent Tribe APT…

Read More