Attacks

09 Dec

HR and Payroll Company Discloses Data Breach

Attacks, Malware

The company has offered identity protection services to anyone impacted in the breach. Sequoia declined to comment on the amount of victims it has offered identity protection services too. Anyone that has been notified that they may have been a victim of this breach should sign up for the free monitoring service being offered by Sequoia and go through credit reports to make sure nothing was created in between the time of breach and notification.…

Read More
09 Dec

Cisco Releases Security Advisory for IP Phone 7800 and 8800 Series

Attacks, Insights, Malware

Original release date: December 9, 2022 Cisco released a security advisory for a vulnerability affecting IP Phone 7800 and 8800 Series. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For more information, see the Cisco Security Advisories page. CISA encourages users and administrators to review Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability and apply the necessary updates. This product is provided subject to this Notification and…

Read More
09 Dec

The biggest data breaches and leaks of 2022

Attacks, Data Breaches

More than 4,100 publicly disclosed data breaches occurred in 2022 equating to approximately 22 billion records being exposed. Cyber security publication Security Magazine reported that the figures for 2022 are expected to exceed this figure by as much as five percent. In this article, we reveal which data breaches and leaks and the phishing, malware and cyber attacks ranked among our top ten most-read cyber security news stories of 2022. Read on to hear about…

Read More
08 Dec

Internet Explorer 0-day exploited by North Korean actor APT37

Attacks, Malware

TAG also identified other documents likely exploiting the same vulnerability and with similar targeting, which may be part of the same campaign. Although this campaign mainly targets South Korea, the tactic of using current events to lure potential victims into downloading malware is common and individuals should always verify the source of a link or document.Organizations should use the following preventative measures to protect themselves from an attack:• Implement network segmentation.• Install updates/patch operating systems,…

Read More
08 Dec

New Zerobot Malware Has 21 Exploits for BIG-IP, Zyxel, D-Link Devices

Attacks, Malware

It is highly recommended to make sure that all devices, including any network or IoT devices, that are exposed to the Internet are up-to-date on patching. The main infection vector of Zerobot is using one of the 21 exploits it supports to infect an Internet accessible device and propagating within the network from there. By making sure that all devices are properly patched, the attack surface that Zerobot can use to infect an environment is…

Read More
08 Dec

MENA IKEA Locations Affected by Vice Society

Attacks, Malware

Vice Society tends to target organizations that have the potential to pay out higher ransoms. To protect against Vice Society and other ransomware groups, companies should consider adopting a defense in depth strategy. Some suggestions for protecting against ransomware from the FBI and CISA include: • Maintain offline backups of data, and regularly maintain backup and restoration. By instituting this practice, the organization ensures they will not be severely interrupted, and/or only have irretrievable data.•…

Read More
08 Dec

CISA Releases Phishing Infographic

Attacks, Insights, Malware

Original release date: December 8, 2022 Today, CISA published a Phishing Infographic to help protect both organizations and individuals from successful phishing operations. This infographic provides a visual summary of how threat actors execute successful phishing operations. Details include metrics that compare the likelihood of certain types of “bait” and how commonly each bait type succeeds in tricking the targeted individual. The infographic also provides detailed actions organizations and individuals can take to prevent successful phishing…

Read More
08 Dec

CISA Releases Three Industrial Control Advisories

Attacks, Insights, Malware

Original release date: December 8, 2022 CISA has released three (3) Industrial Control Systems (ICS) advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-342-01 Advantech iView ICSA-22-342-02 AVEVA InTouch Access Anywhere ICSA-22-342-03 Rockwell Automation Logix Controllers   This product is provided subject to this Notification and this…

Read More
08 Dec

IOTW: Metallica encourages fans to seek and destroy crypto scams

Attacks, Data Breaches

Metal band Metallica has warned fans of scammers posing as them and offering fake cryptocurrency giveaways ahead of the launch of their album, 72 Seasons. ⚠️ pic.twitter.com/KmlofVdiBM — Metallica (@Metallica) December 6, 2022 In a tweet, the band warned fans that any websites, YouTube channels and livestreams claiming to offer Metallica cryptocurrency were fake. To avoid getting scammed, the band urged fans to “always look for official verification before believing something wild and crazy to…

Read More
07 Dec

Antwerp City Services Down After Digital Partner is Breached

Attacks, Malware

While there is currently not a lot of information available into how the breach of Digipolis occurred, the effects of the breach on the City of Antwerp are apparent. This attack is a recent example of a supply-chain attack, where a threat actor infiltrates one organization through a breach of another. Overall, the recommended strategy to protect against attacks such as these is to have a defense in depth strategy when it comes to security.…

Read More