Malware

08 Dec

MENA IKEA Locations Affected by Vice Society

Attacks, Malware

Vice Society tends to target organizations that have the potential to pay out higher ransoms. To protect against Vice Society and other ransomware groups, companies should consider adopting a defense in depth strategy. Some suggestions for protecting against ransomware from the FBI and CISA include: • Maintain offline backups of data, and regularly maintain backup and restoration. By instituting this practice, the organization ensures they will not be severely interrupted, and/or only have irretrievable data.•…

Read More
08 Dec

CISA Releases Phishing Infographic

Attacks, Insights, Malware

Original release date: December 8, 2022 Today, CISA published a Phishing Infographic to help protect both organizations and individuals from successful phishing operations. This infographic provides a visual summary of how threat actors execute successful phishing operations. Details include metrics that compare the likelihood of certain types of “bait” and how commonly each bait type succeeds in tricking the targeted individual. The infographic also provides detailed actions organizations and individuals can take to prevent successful phishing…

Read More
08 Dec

CISA Releases Three Industrial Control Advisories

Attacks, Insights, Malware

Original release date: December 8, 2022 CISA has released three (3) Industrial Control Systems (ICS) advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-342-01 Advantech iView ICSA-22-342-02 AVEVA InTouch Access Anywhere ICSA-22-342-03 Rockwell Automation Logix Controllers   This product is provided subject to this Notification and this…

Read More
08 Dec

Microsoft’s rough 2022 security year in review

Data Breaches, Malware, Social Engineering

We soon close out the security year of 2022. Only time will tell what 2023 will bring, but for IT and security admins of Microsoft networks, 2022 has been the year of blended attacks, on-premises Exchange Server flaws, and vulnerabilities needing more than patching to mitigate. Here’s a month-by-month look at the past year. January: A bad start for on-premises Microsoft Exchange Server vulnerabilities It seems fitting that 2022 began with the release of the…

Read More
07 Dec

Apple finally adds encryption to iCloud backups

Data Breaches, Malware, Social Engineering

Apple today introduced several new security features focused on fending off threats to user data in the cloud, including end-to-end encryption for backups for iCloud users. Along with end-to-end encryption for iCloud, Apple’s cloud storage and computing platform, the company announced iMessage Contact Key Verification, allowing users to verify they are communicating only with whom they intend. Apple Apple also announced hardware Security Keys for Apple ID, giving users the choice to require two-factor authentication to sign…

Read More
07 Dec

Antwerp City Services Down After Digital Partner is Breached

Attacks, Malware

While there is currently not a lot of information available into how the breach of Digipolis occurred, the effects of the breach on the City of Antwerp are apparent. This attack is a recent example of a supply-chain attack, where a threat actor infiltrates one organization through a breach of another. Overall, the recommended strategy to protect against attacks such as these is to have a defense in depth strategy when it comes to security.…

Read More
07 Dec

Elon Musk’s Twitter Followers Targeted in Fake Crypto Giveaway Scam

Attacks, Malware

As with any crypto giveaway scam, the victim ends up sending the funds to the attacker’s wallet but never receives any amount back. Twitter accounts following famous personalities should be wary of suspicious messages and notifications heading their way. https://www.bleepingcomputer.com/news/security/elon-musks-twitter-followers-targeted-in-fake-crypto-giveaway-scam/

Read More
07 Dec

US Congress rolls back proposal to restrict use of Chinese chips

Data Breaches, Malware, Social Engineering

The US Congress is rolling back proposed legislation that would place restrictions on the use of Chinese-made chips by the government and its contractors, after  companies argued that the measures would raise costs. While the draft legislation still provides for restrictions to be enacted, contractors now have five years to comply with them, rather than the two years stipulated in an earlier version of the proposal, and the language of the new draft leaves room…

Read More
07 Dec

Athletic shoe maker Brooks runs down cyberattacks with zero-trust segmentation

Data Breaches, Malware, Social Engineering

Ransomware was again the top attack type in 2021, with manufacturing replacing financial services as the top industry in a Brooks Jon Hocut, director of information security for Brooks ssailants’ crosshairs—representing 23.2% of the global attacks remediated last year by IBM Security’s X-Force, according to the company’s Threat Intelligence Index 2022 report. With news like this, it is not surprising that “ransomware is the threat that keeps me up the most at night,” says Jon…

Read More
06 Dec

Ransomware attack knocks Rackspace’s Exchange servers offline

Data Breaches, Malware, Social Engineering

Cloud services and hosting provider Rackspace Technology acknowledged Tuesday that a recent incident that took most of its Hosted Exchange email server business offline was the product of a ransomware attack. The company shut the service down last Friday. It was not, initially, clear what had caused the outage, but Rackspace quickly moved to shift Exchange customers over to Microsoft 365, as this part of the company’s infrastructure was apparently unaffected. Rackpsace offers migration to…

Read More