The Federal Bureau of Investigations (FBI) released a flash alert in which it warned organizations about the dangers of Netwalker ransomware. On July 28, the FBI revealed in Flash Alert MI-000130-MW that it had received notifications of attacks involving Netwalker against U.S. and foreign government organizations along with entities operating in the...

The audience in the room is weirdly quiet. The contestant is in a small plexiglass booth with nothing but a phone, a laptop computer and some notes. On a set of speakers outside, the booth broadcasts the sounds of a dial tone as a woman on the stage begins to dial a number. It is apparent she is not phoning a friend. The dial tone changes to a ring...

Vulnerabilities are weaknesses leveraged by adversaries to compromise the confidentiality, availability or integrity of a resource. The vulnerability ecosystem has matured considerably in the last few years. A significant amount of effort has been invested to capture, curate, taxonomize and communicate the vulnerabilities in terms of severity,...

A subsidiary of the Dussman Group suffered a ransomware infection in which malicious actors stole and publicly leaked its data. As reported by Bleeping Computer, the operators of Nefilim ransomware made good on a promise made back in March to begin publishing victims' stolen information by updating their data leaks website with a post entitled "The...

The COVID-19 pandemic revealed flaws in the American healthcare system that were always there. The only difference now is that those flaws have been brought to light. In the wake of the pandemic, a new host of cyberattacks occurred within the healthcare sector. Malicious hackers aimed to take advantage of the crisis with a combination of...

Phishers leveraged fake automated messages from collaborative platform Sharepoint as a means to target users' Office 365 credentials. Abnormal Security found that the phishing campaign began with an attack email that appeared to be an automated message from Sharepoint. To add legitimacy to this ruse, the attackers used spoofing techniques to...

Someone in my Twitter timeline wrote a post that resonated with me. Instead of advocating the idea of our firms mandating what we can and cannot do in our homes as working from home (WFH) standards, she said how gracious it was for us to let the firms into our home environments where we had already made investments in how and where we wanted to work...

The Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA) laid out a series of recommendations for critical infrastructure owners and operators to protect their operational technology (OT) assets. In an alert published on July 23, CISA published an alert in which it recognized malicious actors' growing...

Google Chrome may currently enjoy the numero uno position in the world of browsers, but it is starting to feel the pressure. The competition is heating up with its rivals like Microsoft Edge offering upgraded security features to lock in more users. The coronavirus pandemic has brought extensive changes to the way people operate, which in turn, has...

More information has emerged related to last week's attack which saw a number of high profile Twitter accounts hijacked for the purposes of spreading a cryptocurrency scam. Twitter has already said that 130 Twitter accounts were targeted by hackers, using tools that should only have been available to the site's internal support team. Those tools...

Security researchers discovered a multi-platform malware framework called "MATA" that had succeeded in targeting victims worldwide. On Securelist, Kaspersky Lab revealed that it had shared its discovery of MATA with its Threat Intelligence Portal customers. The Russian security firm explained in its analysis that the first artifacts pertaining to...

It goes without saying that innovations and trends in technology have a direct impact on digital security. Just look at what happened with COVID-19. As organizations switched their workforces to remote connectivity, many security teams shifted their attention to deploying enterprise-wide VPNs and partnering with employees to harden their home...

The COVID-19 pandemic has created a huge list of challenges for businesses. One that is potentially going unnoticed or under-reported is cybersecurity. Specifically, as lockdown ends and as individuals return to offices and places of work, it may be the case that something malicious is already waiting for them on their devices. Here we take a look...

The General Data Protection Regulation (GDPR) has been in effect for two years in the European Union (EU). As Americans continue to become attentive to GDPR and their own data privacy, it’s not surprising that some data protection guidelines are emerging in the United States. Indeed, it's safe to assume that California Consumer Privacy Act (CCPA)...

“Cybersecurity is the leading corporate governance challenge today, yet 87% of C-suite professionals and board members lack confidence in their company’s cybersecurity capabilities. Many CISOs and CSOs focus on implementing standards and frameworks, but what good is compliance if it does not improve your overall cybersecurity resilience?” – The CMMI...

Security researchers detected a clever new phishing campaign that abused three enterprise cloud services in an attempt to steal victims' credentials. On July 18, Bleeping Computer revealed that the phishing campaign's attack emails claimed to originated from the domain "servicedesk.com." The computer self-help site took a closer look. In the process...

A Security Analyst, A Lead Developer, And A Cloud IT Admin Walk Into A Bar... Stop me if you’ve heard this one before. When we talk to users about the ways that they handle roles and responsibilities associated with keeping their Cloud accounts secure, we get a multitude of answers. There’s often a wide range of people and teams from various parts...

The demand for cloud computing has skyrocketed in recent years. Lower costs, a faster time to market, increased employee productivity, scalability, and flexibility are some of the beneficial factors motivating organizations to move to the cloud. It’s not likely that organizations will slow down with their migration plans, either. According to market...

U.S. law enforcement arrested and charged a man with fraudulently obtaining loans via the Paycheck Protection Program (PPP). On July 16, Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division and U.S. Attorney Nicola T. Hanna of the Central District of...

Security researchers discovered a new Android banking malware family called "BlackRock" that targets 337 mobile applications. ThreatFabric found that BlackRock hid its icon when it first launched itself on a mobile device. It then posed as a Google update in an attempt to gain access to a user's Accessibility Service. Once it received access to...