Tools & Practices February 3, 2021 Three Vulnerabilities Identified in SolarWinds Products Patches have been released to fix three vulnerabilities SolarWinds products. Two of the flaws affect the SolarWinds Orion platform, and the third affects the Serv-U ... Read more
Tools & Practices February 2, 2021 Phishers Target US Businesses in Scam Offering Fake PPP Loans A phishing campaign has been detected which is targeting U.S. businesses that are struggling to stay in operation during the pandemic. The emails attempt to ... Read more
Trends & Reports February 1, 2021 TrickBot Returns with a New Malspam Campaign A botnet that was severely disrupted in late 2020 by a coalition led by Microsoft is now back with a new malspam campaign. The infrastructure ... Read more
Cyber Threats January 27, 2021 Europol Announces Takedown of the Emotet Botnet Europol has announced that following a global operation by law enforcement and judicial authorities, the Emotet botnet has been disrupted and law enforcement agencies have ... Read more
Trends & Reports January 26, 2021 Survey Reveals Security is the Biggest Barrier to Public Cloud Adoption in the UK The biggest barrier to public cloud adoption in the United Kingdom is the ability to secure public cloud environments, according to a recent study by ... Read more
Cyber Threats January 22, 2021 Mistake with Phishing Campaign Saw Stolen Credentials Accessible Through Google Searches A mistake by the operators of a phishing campaign has resulted in stolen credentials being accessible through Google searches. Compromised WordPress sites were used to ... Read more
Compliance January 21, 2021 Interpol Warns of Rise in Investment Scams Targeting Dating App Users With opportunities for meeting potential partners now limited due to the COVID-19 pandemic and many people isolated due to lockdown measures, use of dating apps ... Read more
Compliance January 21, 2021 Patients Rerouted to Other Hospitals After Cyberattack on Belgian Hospital A hospital in Belgium has suffered a cyberattack that has seen approximately between 40 and 80 of its 300 servers encrypted using Windows BitLocker. The ... Read more
Cyber Threats January 20, 2021 FreakOut Malware Campaign Targets Linux Devices A new malware variant is being used in attacks on Linux devices that sees the devices added to a botnet and used for cryptocurrency mining ... Read more
Tools & Practices January 19, 2021 Microsoft Warns Windows Zerologon Patch Enforcement Starts on February 9, 2021 The critical Windows Zerologon vulnerability (CVE-2020-1472) was patched by Microsoft on August Patch Tuesday; however, despite the seriousness of the vulnerability – rated 10/10 for severity ... Read more
Security Breaches January 18, 2021 Hackers Altered Stolen Pfizer Vaccine Documentation Prior to Publication In November 2020, hackers gained access to a server used by the European Medicines Agency (EMA), the drug and vaccine regulator in the European Union, ... Read more
Tools & Practices January 15, 2021 Cloud and Medical Device Security are the Top Challenges for Healthcare IT Teams A recent 2021 IDG research study sponsored by Masergy and Fortinet explored the state of IT in the healthcare industry and revealed the key challenges ... Read more
Compliance January 14, 2021 Healthcare Sector Cyberattacks Have Increased by 45% in the Past 2 Months A recent joint CISA, FBI, and HHS cybersecurity alert warned that the healthcare sector was being targeted by threat actors who were deploying ransomware. Attacks ... Read more
Security Breaches January 14, 2021 Hackers Behind European Medicines Agency Cyberattack Publish Stolen COVID-19 Vaccine Data The hackers behind the cyberattack on the European Medicines Agency (EMA) have leaked some of the COVID-19 vaccination data that was stolen in the attack. ... Read more
Cyber Threats January 13, 2021 Microsoft Releases Patch for Actively Exploited Windows Defender Zero Day and 9 Other Critical Flaws The first Patch Tuesday of 2021 has seen Microsoft release patches to fix 83 vulnerabilities across its range of products, including one zero-day vulnerability in ... Read more
Security Breaches January 12, 2021 Third Malware Variant was Used by SolarWinds Hackers As the investigations into the SolarWinds hack continue, CrowdStrike reports a third malware variant was used in the attack. Researchers at CrowdStrike discovered a malware ... Read more
Trends & Reports January 11, 2021 Kaspersky Researchers Link Sunburst Backdoor to Kazuar Backdoor Used by Russian Turla APT Group Researchers at Kaspersky have identified similarities between the backdoor used in the SolarWinds supply chain attack and another backdoor – Kazuar – which is believed ... Read more
Security Breaches January 8, 2021 FBI Issues Warning About Ongoing Egregor Ransomware Activity The Federal Bureau of Investigation (FBI) has issued a warning to private sector companies about ongoing Egregor ransomware attacks. Since September 2020, when the ransomware ... Read more
Tools & Practices January 8, 2021 NVIDIA Software Update Corrects Multiple High Severity Graphics Driver Flaws NVIDIA has released patches to correct 16 vulnerabilities in its graphics drivers and vGPU software for Windows and Linux systems, most of which are high ... Read more
Insights January 7, 2021 HTTPS Web Filtering HTTPS web filtering software inspects the information of “secure” sites along with “regular” websites. “Secure” websites are all those authenticated by a certification Authority and ... Read more
Insights January 7, 2021 Website Blocking Software Website Blocking Software has two objectives – to minimize contact with web based threats and control Access to the internet for network users. The advantage ... Read more
Insights January 7, 2021 Web Filtering Service While all provide a similar objective, only the best web filtering service will work quickly, be adaptable and complete a large number of tasks. Some ... Read more
Cyber Threats January 7, 2021 Hardcoded Password Vulnerability in Zyxel Devices Being Actively Exploited Cybercriminals have started exploiting the hardcoded credential vulnerability (CVE-2020-29583) in Zyxel networking products that was announced by Zyxel on December 23, 2020. The vulnerability, identified ... Read more
Cyber Threats January 5, 2021 New PayPal Phishing Scam Advises Users via SMS that their Account has been Limited A new PayPal phishing scam is being conducted via SMS messages that informs users that their PayPal account has been permanently set to ‘limited’ status, ... Read more
Compliance January 4, 2021 Hidden Backdoor Identified in Zyxel Firewalls and AP Controllers A security researcher has identified a hidden backdoor in Zyxel firewalls and AP controllers, caused by the use of hardcoded administrative credentials for an account ... Read more
Security Breaches January 2, 2021 Microsoft Says SolarWinds Hackers Viewed its Source Code In December, Microsoft confirmed that it had downloaded the compromised SolarWinds Orion software update that contained the Sunburst/Solarigate backdoor. Microsoft previously announced that the backdoor ... Read more
Security Breaches December 30, 2020 FinCEN Advises Financial Institutions to be Alert to COVID-19 Vaccine-Related Scams and Cyberattacks The Financial Crimes Enforcement Network (FinCEN) has issued a warning to financial institutions that ransomware gangs are actively targeting organizations involved in vaccine research. Financial ... Read more
Trends & Reports December 29, 2020 CISA and CrowdStrike Release Free Azure/O365 Analysis Tools to Identify Malicious Activity The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool for detecting unusual and potentially malicious activity in Azure/Office ... Read more
Security Breaches December 28, 2020 Lazarus Group Targeting COVID-19 Research and Vaccine Data Kaspersky has confirmed the Lazarus Advanced Persistent Threat (APT) group has conducted two cyberattacks on entities involved in COVID-19 vaccine research. The cyberattacks occurred in ... Read more
Tools & Practices December 22, 2020 US Federal Government Seizes Domains Spoofing COVID-19 Vaccine Developers Two domains spoofing the COVID-19 vaccine developers Moderna and Regeneron have been seized by the U.S. Department of Justice. The websites were almost perfect clones ... Read more