Malware

14 Mar

Government Entities Attacked by Threat Actor Using Recent Fortinet Exploit

Attacks, Malware

As always, companies should patch as soon as their vulnerability management process allows. Additionally, this is a reminder that the true criticality of a CVE is dependent on multiple factors, and depending on an organization’s specific environment, threat model, and attack surface area the vulnerability may be more relevant or dangerous than the assigned CVSS score. For detection, companies may be able to leverage netflow data compared against a baseline of normal netflow to identify…

Read More
14 Mar

LA Housing Authority Discloses Data Breach After Ransomware Attack

Attacks, Malware

It is highly recommended that individuals who may have been affected by the breach to monitor their financial accounts and credit reports for any signs of fraudulent activity. Affected individuals should also take steps to protect themselves from identity theft, such as placing a fraud alert or security freeze on their credit reports. https://www.bleepingcomputer.com/news/security/la-housing-authority-discloses-data-breach-after-ransomware-attack/

Read More
14 Mar

Today, CISA is announcing the…

Attacks, Insights, Malware

Today, CISA is announcing the creation of the Ransomware Vulnerability Warning Pilot (RVWP). Through the RVWP, CISA:      Proactively identifies information systems—belonging to critical infrastructure entities—that contain vulnerabilities commonly associated with ransomware intrusions. Notifies the owners of the affected information systems, which enables the owners to mitigate the vulnerabilities before damaging intrusions occur.  Review the RVWP webpage for details, including information on the authorities and services CISA leverages to enable RVWP notifications.  

Read More
14 Mar

Universities and colleges cope silently with ransomware attacks

Data Breaches, Malware, Social Engineering

Although some cybersecurity researchers say that ransomware attacks are on the downswing as cybercriminals face declining payments, a spate of recent ransomware attacks makes it feel like the scourge is continuing at the same, or even an elevated, pace. Nowhere is this more apparent than in the higher education sector, with at least eight colleges and universities in North America reporting ransomware attacks since December 2022. Among recent incidents are: On December 30, 2022 Bristol…

Read More
14 Mar

ReversingLabs adds new context-based secret detection capabilities

Data Breaches, Malware, Social Engineering

ReversingLabs has added new secret detection capabilities to its software supply chain security (SSCS) tool to help developers prioritize remediation with context-based data on secrets. In a development environment, secrets refer to digital authentication credentials used in software components including login credentials, API tokens, and encryption keys. “We are using our knowledge of exposed secrets in the billions of files we’ve previously analyzed to provide that context,” said Tomislav Pericin, co-founder and chief software architect, ReversingLabs.…

Read More
14 Mar

Amazon-owned Ring reportedly suffers ransomware attack

Data Breaches, Malware, Social Engineering

Ring, a home security and smart home company owned by Amazon, has reportedly suffered a ransomware attack by Russia-linked ALPHV group, according to a tweet by VX-Underground. The ALPHV ransomware group, also known as BlackCat, has posted the company’s logo on its website along with a message that reads, “There’s always an option to let us leak your data.” The group has threatened to leak the stolen data if the company refuses to pay the ransom. It is…

Read More
14 Mar

Can a quantum algorithm crack RSA cryptography? Not yet

Data Breaches, Malware, Social Engineering

Every CISO has encryption implementation decisions to make at a variety of levels and instances as they sort the support needed for business operations such as production, sales, support, data retention, and communication. These decisions tend to lean heavily on the “ease of use” doctrine and ubiquitousness of the various product offerings being considered. Therefore the alarming report on “research” conducted by a pool of Chinese researchers on the “possibility” that RSA cryptographic algorithm was…

Read More
13 Mar

Medusa Ransomware Gang Picks Up Steam as It Targets Companies Worldwide

Attacks, Malware

Organizations should initiate proactive measures to ensure they are protected from ransomware. The US DHS website, stopransomware.gov, has links to resources that help organizations protect their systems from intrusions that lead to ransomware. To protect against ransomware attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.•…

Read More
13 Mar

Essendant Facing Multi-Day Systems “Outage”

Attacks, Malware

Serving about 30,000 reseller customers, Essendant maintains inventories of more than 160,000 different products, including conventional office supplies, cleaning and break room supplies, office furniture, and technology. The systems outage will significantly impact the supply chain. Essendant has not yet disclosed the reason for this outage. It is unclear if it was a technical problem or the result of a cyber attack. Lately, we have seen different multi-day “outages,” including the incidents that happened in…

Read More
13 Mar

Be Cautious of AI-Generated YouTube Videos, Experts Warn

Attacks, Malware

To combat the dissemination of disinformation, experts advise individuals to exercise caution when watching videos that seem too good to be true and verify information from multiple sources. They also urge social media platforms to proactively identify and remove fraudulent content. Employing multi-factor authentication as well as avoiding clicking suspicious links from unknown sources is advised. https://thehackernews.com/2023/03/warning-ai-generated-youtube-video.html

Read More