Scammers are impersonating governmental departments within the State of Texas to send out fake Requests For Quotations (RFQs). On September 21, Abnormal Security revealed that it had spotted an attack email that impersonated the Texas Department of State Health Services. Scammers used spoofing techniques to camouflage the sender address as an...

For many organizations, security flows from the top down. That’s a problem when executives don’t emphasize security as much as they should. Cisco learned as much in its CISO Benchmark Study “Securing What's Now and What's Next 20 Cybersecurity Considerations for 2020.” Here are just some of the findings from Cisco’s study: A majority (89%) of...

Burnout is a health hazard in any high-stress workplace, especially in any industry where highly skilled professionals must tackle urgent demands at unpredictable intervals and where effective response is time-sensitive or even urgently needed. Employee burnout is a security and business continuity issue. It directly impacts both an employee’s...

By now, we know a lot about secure configuration management (SCM). We know the way it works, the integral processes of which it consists, the areas of your IT infrastructure that it can help secure as well as the different types of best practice frameworks and regulatory compliance standards with which it can help you to maintain compliance. All we...

A patient died after being redirected to another medical facility as the result of a German hospital having suffered a ransomware infection. On September 17, the Associated Press reported that a woman who needed urgent medical attention died after being transferred from University Hospital of...

The gang responsible for the Maze ransomware family conducted an attack in which they distributed their malware payload inside of a virtual machine (VM). Sophos’ Managed Threat Response (MTR) observed the technique in action while investigating an attack that occurred back in July 2020. In that incident, the attackers packaged the ransomware payload...

US authorities have charged two Russian men with allegedly defrauding cryptocurrency exchanges and their customers out of at least $16.8 million. The men - Danil "Cronuswar" Potekhin, 25, and 35-year-old Dmitrii Karasavidi, of Voronezh and Moscow respectively - are said to be responsible for a phishing campaign that targeted customers of...

In a fast-changing world, stopping to assess your success isn’t really an option anymore. It is increasingly important that security teams are constantly proving their worth and tracking their successes with a view to constantly improving so as to not to get caught behind the times and therefore exposed. How to Make Sure You’ve Got the Momentum You...

During the late 1990s, security professionals were using information assurance tools in concert with vulnerability scanners to detect and remove vulnerabilities from the systems for which they are responsible. There’s just one problem – each security vendor has its own database with little to no crossover. Each vendor’s tool generates its own alert...

A new SMS-based phishing ("smishing") campaign is using the United States Postal Service (USPS) as a disguise to target mobile users. On September 15, SlickRockWeb CEO Eric JN Eliason tweeted out two examples of the operation. Both attack SMS messages claimed to contain important information about a USPS package. Using that lure, they attempted to...

Security culture matters to executives, but these individuals are struggling to implement it. In a November 2019 study commissioned by KnowBe4, 94% of individuals with managerial duties or higher in security or risk management said that security culture was important for their organization’s success. Even so, Security Magazine shared that 92% of...

The Office of Management at the U.S. Department of Veterans Affairs (VA) disclosed a security incident involving the personal data of 46,000 veterans. The VA detailed the data breach in a statement published on its website on September 14. According to this press release, the VA's Financial Services...

A joint cybersecurity advisory released on September 1st detailed technical methods for uncovering and responding to malicious activity including best practice mitigations and common missteps. A collaborative effort, this advisory (coded AA20-245A) is the product of research from the cybersecurity organizations of five nations. Those include the...

The 2020 Cost of Data Breach report from IBM and the Ponemon is out. It provides a detailed analysis of causes, costs and controls that appeared in their sampling of data breaches. The report is full of data, and the website allows you to interact with its information so that you can do your own analysis and/or dig into aspects relevant to you and...

A National Health Service (NHS) Trust revealed that it had mistakenly uploaded the personal information of over 18,000 people who had previously tested positive for coronavirus 2019 (COVID-19). On September 14, Public Health Wales announced in a web statement that the data breach had occurred back on...

Security configuration management (SCM) can help organizations do much more than just harden their attack surfaces against intrusions. This fundamental control also has the ability to make your audits flow more smoothly. Indeed, it allows organizations to pull reports from any point in time and demonstrate how their configuration changes and...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned election-related entities to be on the lookout for phishing attacks. In an insight piece published on September 10, CISA highlighted malicious actors' preference for phishing attacks in their efforts to target political parties,...

A phishing attack used real-time validation against an organization's Active Directory in order to steal users' Office 365 credentials. According to Armorblox, the phishing attack targeted an executive working at an American brand that was named one of the world's Top 50 most innovative companies for 2019 on a Friday evening. The email used spoofing...

European cryptocurrency exchange platform Eterbase has announced that it has suffered a security breach which saw malicious hackers access its network and steal funds worth US $5.4 million. In a message posted on Telegram, the Slovakian cryptocurrency exchange listed the six hot wallets plundered by cybercriminals for their Ether, Tezos, Bitcoin,...

The U.S. Department of Defense released the first version of the Cybersecurity Maturity Model Certification (CMMC) back on January 31, 2020. Since that time, there has been a flurry of different industry experts working towards helping clients understand and prepare for getting certified under CMMC. But what is it? The Cybersecurity Maturity Model...