Jen Burns, lead cybersecurity engineer at MITRE, walks us through the MITRE ATT&CK© Framework and discusses some important changes brought by a July 2020 update. She then highlights what the security community can expect to see in a couple of upcoming updates before sharing how individuals can get involved with the MITRE ATT&CKFramework going...

Government officials in Belarus announced they had arrested an individual on charges of having helped to distribute GandCrab ransomware. On July 30, the Ministry of Internal Affairs (MIA) of the Republic of Belarus revealed that it had arrested a 31-year-old resident of Gomel in cooperation with the...

Tripwire's July 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, F5 Networks, Cisco, and Oracle. Up first on the patch priority list this month are patches for F5 Networks and Cisco for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for F5 Networks' BIG...

Ships are increasingly using systems that rely on digitalization, integration, and automation, which call for cyber risk management on board. As technology continues to develop, the convergence of information technology (IT) and operational technology (OT) onboard ships and their connection to the Internet creates an increased attack surface that...

Security researchers came across a phishing email that used a Google Ad redirect as a part of its efforts to steal victims' Microsoft credentials. Cofense found that the email originated from the legitimate email address “info@jtpsecurity[.]co[.]za.” The security firm reasoned that attackers had compromised that email account and abused their access...

The pervasive impact of Internet of Things (IoT) devices on our lives is greater than that of traditional IT devices. There are several unknowns in IoT security, and it raises concerns for customers who are looking to incorporate IoT devices in their existing infrastructure. Fortunately, security by design can resolve some of the major root causes...

The Federal Bureau of Investigations (FBI) released a flash alert in which it warned organizations about the dangers of Netwalker ransomware. On July 28, the FBI revealed in Flash Alert MI-000130-MW that it had received notifications of attacks involving Netwalker against U.S. and foreign government organizations along with entities operating in the...

The audience in the room is weirdly quiet. The contestant is in a small plexiglass booth with nothing but a phone, a laptop computer and some notes. On a set of speakers outside, the booth broadcasts the sounds of a dial tone as a woman on the stage begins to dial a number. It is apparent she is not phoning a friend. The dial tone changes to a ring...

Vulnerabilities are weaknesses leveraged by adversaries to compromise the confidentiality, availability or integrity of a resource. The vulnerability ecosystem has matured considerably in the last few years. A significant amount of effort has been invested to capture, curate, taxonomize and communicate the vulnerabilities in terms of severity,...

A subsidiary of the Dussman Group suffered a ransomware infection in which malicious actors stole and publicly leaked its data. As reported by Bleeping Computer, the operators of Nefilim ransomware made good on a promise made back in March to begin publishing victims' stolen information by updating their data leaks website with a post entitled "The...

The COVID-19 pandemic revealed flaws in the American healthcare system that were always there. The only difference now is that those flaws have been brought to light. In the wake of the pandemic, a new host of cyberattacks occurred within the healthcare sector. Malicious hackers aimed to take advantage of the crisis with a combination of...

Phishers leveraged fake automated messages from collaborative platform Sharepoint as a means to target users' Office 365 credentials. Abnormal Security found that the phishing campaign began with an attack email that appeared to be an automated message from Sharepoint. To add legitimacy to this ruse, the attackers used spoofing techniques to...

Someone in my Twitter timeline wrote a post that resonated with me. Instead of advocating the idea of our firms mandating what we can and cannot do in our homes as working from home (WFH) standards, she said how gracious it was for us to let the firms into our home environments where we had already made investments in how and where we wanted to work...

The Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA) laid out a series of recommendations for critical infrastructure owners and operators to protect their operational technology (OT) assets. In an alert published on July 23, CISA published an alert in which it recognized malicious actors' growing...

Google Chrome may currently enjoy the numero uno position in the world of browsers, but it is starting to feel the pressure. The competition is heating up with its rivals like Microsoft Edge offering upgraded security features to lock in more users. The coronavirus pandemic has brought extensive changes to the way people operate, which in turn, has...

More information has emerged related to last week's attack which saw a number of high profile Twitter accounts hijacked for the purposes of spreading a cryptocurrency scam. Twitter has already said that 130 Twitter accounts were targeted by hackers, using tools that should only have been available to the site's internal support team. Those tools...

Security researchers discovered a multi-platform malware framework called "MATA" that had succeeded in targeting victims worldwide. On Securelist, Kaspersky Lab revealed that it had shared its discovery of MATA with its Threat Intelligence Portal customers. The Russian security firm explained in its analysis that the first artifacts pertaining to...

It goes without saying that innovations and trends in technology have a direct impact on digital security. Just look at what happened with COVID-19. As organizations switched their workforces to remote connectivity, many security teams shifted their attention to deploying enterprise-wide VPNs and partnering with employees to harden their home...

The COVID-19 pandemic has created a huge list of challenges for businesses. One that is potentially going unnoticed or under-reported is cybersecurity. Specifically, as lockdown ends and as individuals return to offices and places of work, it may be the case that something malicious is already waiting for them on their devices. Here we take a look...

The General Data Protection Regulation (GDPR) has been in effect for two years in the European Union (EU). As Americans continue to become attentive to GDPR and their own data privacy, it’s not surprising that some data protection guidelines are emerging in the United States. Indeed, it's safe to assume that California Consumer Privacy Act (CCPA)...