Security Breaches April 28, 2021 Data Exfiltration Extortion Attacks Spike and Ransom Payments Increase Payments to resolve ransomware and data exfiltration extortion attacks increased in the first quarter of 2021, with the rise largely due to the Accellion legacy ... Read more
Security Breaches April 23, 2021 Even When Warned, Many Users Do Not Change Breached Passwords Google has launched its Password Checkup service on chrome, which displays a warning to users when they login to a website using a password that ... Read more
Trends & Reports April 23, 2021 External Email Message Warnings Can be Easily Hidden or Altered One of the ways that businesses help their employees identify potentially malicious emails is to flag any email that has been sent from an external ... Read more
Cyber Threats April 22, 2021 Bloomberg Clients Targeted in Phishing Campaign Distributing Remote Access Trojans Remote Access Trojans (RATs) according to a new report published by researchers at Cisco Talos. The relatively few emails that have been intercepted have made ... Read more
Cyber Threats April 21, 2021 Actively Exploited Zero Day Vulnerability Identified in Pulse Secure Connect VPN A critical zero-day vulnerability has been identified in Pulse Secure VPN appliances that is being actively exploited by a Chinese advanced persistent threat group. The ... Read more
Cyber Threats April 20, 2021 Patch These Actively Exploited SonicWall Vulnerabilities Now! SonicWall has released patches to correct three actively exploited vulnerabilities in its on-premises and hosted email security solutions. The vulnerabilities can be exploited remotely to ... Read more
Cyber Threats April 19, 2021 Google Project Zero Adds 30-Day Grace Period to Vulnerability Disclosure Policy Google Project Zero has added a new grace period to its zero-day vulnerability disclosure policy and will now provide an additional 30 days after a ... Read more
Security Breaches April 16, 2021 NSA Warns of Russian Government Hackers Exploiting These 5 Vulnerabilities The National Security Agency (NSA), in conjunction with the Federal Bureau of Investigation (FBI) and the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) have issued ... Read more
Tools & Practices April 15, 2021 FBI Removes Malicious Web Shells from Hundreds of Corporate Exchange Servers The Federal Bureau of Investigation (FBI) has removed malicious web shells from hundreds of corporate servers in at least 8 states without the knowledge or ... Read more
Trends & Reports April 14, 2021 Name:Wreck DNS Vulnerabilities Affect More than 100 Million IoT Devices More than 100 million consumer and enterprise IoT devices are believed to be affected by a new set of DNS vulnerabilities, according to Forescout and ... Read more
Compliance April 13, 2021 Microsoft Patches 108 Vulnerabilities Including 19 Critical Flaws April 2021 Patch Tuesday has seen Microsoft issue 108 patches to correct vulnerabilities across its range of products, including one actively exploited zero-day vulnerability and ... Read more
Cyber Threats April 12, 2021 IcedID Malware Distribution Increases as it Vies to Become the New Emotet A massive malspam campaign is underway distributing the IcedID banking Trojan. The malicious emails have Microsoft Excel attachments, which use Excel 4 macros to deliver ... Read more
Cyber Threats April 9, 2021 Collaboration Platforms Increasingly Abused by Threat Actors for Data Exfiltration and Malware Delivery Teleworking has been growing in popularity over the past few years, but the national lockdowns imposed by governments to limit the spread of COVID-19 forced ... Read more
Cyber Threats April 8, 2021 New Malware Variant with Worm-Like Capabilities Spoofs Netflix and Spreads via WhatsApp A new malware variant has been discovered by security researchers at Check Point that has been added to a fake Netflix application – FlixOnline – ... Read more
Security Breaches April 7, 2021 SAP and Onapsis Warn of Ongoing Attacks Exploiting Vulnerabilities in Mission-Critical SAP Applications 6 cybersecurity vulnerabilities in mission-critical SAP applications are being actively exploited by threat actors according to cybersecurity firm Onapsis. Exploitation of the flaws could result ... Read more
Security Breaches April 6, 2021 Are You One of the 533 Million Facebook Account Holders Affected by This Data Breach? The personal information of 533 million Facebook account holders has been leaked online on a public hacking forum. The incident that resulted in the theft ... Read more
Security Breaches April 5, 2021 Fortinet SSL VPN Vulnerabilities Being Actively Exploited by Nation State Hackers The Federal Bureau of Investigation (FBI) and the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint alert warning that Advanced Persistent Threat ... Read more
Security Breaches March 31, 2021 WannaCry Ransomware Attacks Up 53% Since January 2021 The latest research published by Check Point shows a resurgence in WannaCry ransomware attacks. It has been almost four years since the ransomware first appeared ... Read more
Compliance March 30, 2021 Critical Flaws Identified in Facebook for WordPress Plugin A critical flaw with a CVSS score of 9.0 has been identified in the official Facebook for WordPress plugin, which is used on more than ... Read more
Security Breaches March 29, 2021 FBI/CISA Warn of Increase in Mamba Ransomware Attacks The Federal Bureau of Investigation (FBI) in conjunction with the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) have issued a TLS:White alert about Mamba ransomware ... Read more
Insights March 26, 2021 The Minimum Standards for Password Regulatory Compliance Few federal or state laws stipulate minimum standards for password regulatory compliance. However, a growing number of consumer privacy laws require organizations to “implement and ... Read more
Insights March 26, 2021 Why Finance Companies Should Implement SOX Password Requirements Although the Sarbanes-Oxley (SOX) Act doesn´t contain specific IT provisions, companies subject to U.S. Securities and Exchange Commission regulations should implement SOX password requirements in ... Read more
Insights March 26, 2021 Why You Need to Exceed the PCI DSS Password Requirements The password requirements for the Payment Card Industry Data Security Standard (PCI DSS) are extremely weak, and a brute force attack on a business adopting ... Read more
Insights March 26, 2021 What are the CCPA Password Requirements? Although there are no specific CCPA password requirements in California´s Consumer Privacy Act, businesses could be subject to significant regulatory and civil penalties for failing ... Read more
Cyber Threats March 26, 2021 Purple Fox Malware Now Has Worm Capabilities for Propagating Across Windows Machines A new variant of Purple Fox malware has been detected by researchers at Guardicore Labs that has achieved far greater success at infecting systems thanks ... Read more
Compliance March 25, 2021 United States Data Protection and Privacy Laws Although not the first state law to address data protection and consumer privacy, the passage of the California Consumer Privacy Act (CCPA) made the headlines ... Read more
Security Breaches March 25, 2021 Verkada Hacker Indicted on 8 Counts of Computer Crimes and Fraud The hacktivist who gained access to the systems of the cloud-based enterprise security camera platform provider Verkada in March 2021 has been indicted on criminal ... Read more
Trends & Reports March 24, 2021 Retaliation Against Company Over Complaint Sees IT Worker Jailed for 2 Years It may be satisfying taking retaliatory action against a company that complains about the quality of your work and gets you fired, but consider the ... Read more
Security Breaches March 23, 2021 FBI Warns State and Local Governments of Increased Risk of BEC Attacks The Federal Bureau of Investigation (FBI) has issued a warning to state, local, tribal, and territorial (SLTT) governments in the United States about Business Email ... Read more
Cyber Threats March 23, 2021 Adobe Issues Out-of-Band Patch for Critical ColdFusion Vulnerability A patch has been issued to correct a critical vulnerability – CVE-2021-21087 – in Adobe ColdFusion that could be exploited by a remote attacker to ... Read more