CyberSecurity Updates

07 May

U.S. Charges Russian Man as Boss of LockBit Ransomware Group

Information, Insights

The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments. Image: U.K. National Crime Agency. Khoroshev (Дмитрий Юрьевич Хорошев), a resident of Voronezh, Russia, was charged in a…

Read More
06 May

Why Your VPN May Not Be As Secure As It Claims

Information, Insights

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user. Image: Shutterstock. When a device initially tries to connect to a…

Read More
05 May

Pay up, or else? – Week in security with Tony Anscombe

Information

Video Organizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or not 03 May 2024 The Simone Veil hospital in Cannes, France – which fell victim to a disruptive ransomware attack two weeks ago – has announced that it refused to pay the extortion demand from the LockBit 3.0 ransomware gang. The facility had to take all…

Read More
03 May

Adding insult to injury: crypto recovery scams

Information

Scams Once your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over Phil Muncaster 02 May 2024  •  , 4 min. read It’s a nightmare scenario for any cryptocurrency user. You fall victim to a crypto scam or cyberattack, resulting in stolen funds. You feel regret and shame – not to mention anger…

Read More
02 May

Protecting Model Updates in Privacy-Preserving Federated Learning: Part Two

Insights

The problem  The previous post in our series discussed techniques for providing input privacy in PPFL systems where data is horizontally partitioned. This blog will focus on techniques for providing input privacy when data is vertically partitioned.  As described in our third post, vertical partitioning is where the training data is divided across parties such that each party holds different columns of the data. In contrast to horizontally partitioned data, training a model on vertically partitioned data is…

Read More
02 May

CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities

Attacks, Insights, Malware

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare and Public Health Sector. Additionally, this Alert highlights the prevalence, and continued threat actor exploitation of, directory traversal defects. Currently,…

Read More
01 May

MDR: Unlocking the power of enterprise-grade security for businesses of all sizes

Information

In this day and age, technology and business are inextricably linked. Digital transformation has ushered in unparalleled opportunities for organizations that act with agility in response to the blistering pace of change and look for ways to harness the potential of technology to advance their business. However, the growing reliance on digital systems, coupled with their interconnectedness and convergence, has also introduced new challenges, particularly an evolving and increasingly complex cybersecurity landscape. Recent history has…

Read More
01 May

Take A Tour! NIST Cybersecurity Framework 2.0: Small Business Quick Start Guide

Insights

Credit: NIST The U.S. Small Business Administration is celebrating National Small Business Week from April 28 – May 4, 2024. This week recognizes and celebrates the small business community’s significant contributions to the nation. Organizations across the country participate by hosting in-person and virtual events, recognizing small business leaders and change-makers, and highlighting resources that help the small business community more easily and efficiently start and scale their businesses.  To add to the festivities, this NIST…

Read More
01 May

CERT/CC Reports R Programming Language Vulnerability

Attacks, Insights, Malware

CERT Coordination Center (CERT/CC) has released information on a vulnerability in R programming language implementations (CVE-2024-27322). A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following advisories and apply the necessary updates: CERT/CC VU#23819 Hidden Layer Blog: R-Bitrary Code Execution–Vulnerability in R’s Deserialization Comprehensive R Archive Network

Read More
01 May

CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity

Attacks, Insights, Malware

Today, CISA, in collaboration with U.S. and international partners, published a joint fact sheet, Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity. This fact sheet provides information and mitigations associated with cyber operations conducted by pro-Russia hacktivists who seek to compromise industrial control systems (ICS) and small-scale operational technology (OT) systems in North American and European critical infrastructure sectors, including Water and Wastewater Systems, Dams, Energy, and Food and Agriculture Sectors. The pro-Russia hacktivist activity…

Read More