Digital attackers compromised the website of kitchen and household products manufacturer Tupperware with a credit card skimmer. On March 20, researchers at Malwarebytes observed that attackers had compromised tupperware[.]com by hiding malicious code within an image file. This code activated when a user attempted to check out and complete their...

Past and present employees of General Electric (GE) are learning that their sensitive information has been exposed by a data breach at a third-party service provider. Fortune 500 company GE says it was recently informed of a security breach at one of its partners, Canon Business Process Services. According to GE, between approximately February 3 -...

By now, many organizations have adopted the cloud in some way. We saw organizations moving whole servers over to the cloud at the beginning, but now we see small parts of a system being moved to the cloud and new cloud native offerings. We’ll use the analogies of Lincoln Logs and Legos to describe these deployment models. Infrastructure-as-a...

Whether you are reading this from somewhere in the United States or overseas, chances are you are doing it from the comfort of your home. Not because you chose to but because you were asked to do so in order to prevent Coronavirus disease 2019 (COVID-19) from spreading any further. If you are a parent, working remotely with your kids at home, you...

Malicious actors are increasingly leveraging COVID-19 as a theme for new digital fraud attacks. In February 2020, for instance, Action Fraud received 21 reports of fraud relating to the coronavirus. This number of reports more than doubled to 46 between March 1 and March 13, 2020. Between March 14 and March 18, 2020, the United Kingdom's national...

Although ATT&CK is not laid out in any linear order, Initial Access will be the point at which an attacker gains a foothold in your environment. This tactic is a nice transition point from PRE-ATT&CK to ATT&CK for Enterprise. What is different about the techniques within Initial Access is that they are more high-level than some of the other...

In a previous post, I shared some expert insight into how organizations can address the challenges of hiring skilled talent despite the ongoing infosec skills gap. Organizations can’t rest easy once they’ve brought on new talent, however. They need to make sure they hold onto their existing workforce. That’s easier said than done. Cybersecurity...

A couple of years ago it felt like you couldn't turn your head in any direction without seeing another headline about cryptomining and - its more evil sibling - cryptojacking. Countless websites were hijacked, and injected with cryptocurrency-mining code designed to exploit the resources of visiting computers. Victims included the likes of the LA...

Malicious individuals targeted a food delivery website located in Germany with a distributed denial-of-service (DDoS) attack. Jitse Groen, founder and CEO of the Germany-based food delivery service Takeaway (Lieferando.de), announced on March 18 that his company had suffered a DDoS attack. https://twitter.com/jitsegroen/status/1240332307262832642 In...

A newly discovered ransomware family called "Nefilim" told its victims that it would publish their stolen data within a week unless they paid their ransom. According to Bleeping Computer, Nefilim started up near the end of February 2020. The threat attracted the attention of security researchers because it shared much of the same code with version 2...

We have seen great strides in improving security tooling and processes over the past ten years. Via constantly maturing security models, security teams have become increasingly dependent upon an ever-more complex toolchain of products and services. But what happens when these systems fail. How much effort are we putting into planning and maintaining...

Security researchers spotted BlackWater malware leveraging a Cloudflare Worker for command-and-control (C&C) functionality. MalwareHunterTeam observed that the threat activity began with an RAR file called "Important - COVID-19.rar." The file pretended to contain important information about the global COVID-19 outbreak, an event which other malware...

First and foremost, our hearts go out to those around the world impacted by the COVID-19 virus. The director of the U.S. Center for Disease Control & Prevention (CDC), who advises the country on public health, has indicated that the risk to the general public remains low and encourages Americans to go about their lives. Businesses and local...

The website for a public health department in Illinois went down after the agency suffered a NetWalker ransomware attack. According to local media reports, officials at the Champaign-Urbana Public Health District (C-UPHD) became aware of the ransomware attack on March 10 when the department's website went down. It took the agency, which serves 210...

Attackers are increasingly exploiting the fact that email gateways turn a blind eye to links to popular sites such as YouTube, in order to phish passwords from unsuspecting computer users. Researcher Ashley Trans of Cofense highlighted the threat in a blog post describing a recent phishing campaign. In the attack, an unsuspecting user receives an...

MITRE has been doing exceptional work in advancing cybersecurity as a public good, and it is an excellent resource for security professionals. Possibly best known for their ATT&CK Framework, a rich source of adversarial tactics and techniques and their mitigations, MITRE is also known for another resource: the Common Weakness Enumeration (CWE). The...

The skills gap is weighing heavily on the minds of digital security team members. In a survey of 342 security professionals, Tripwire found that 83% of infosec personnel felt more overworked in 2020 than they did a year earlier. An even greater percentage (85%) stated that it had become more difficult for their organizations to hire skilled security...

Security researchers detected a spam campaign leveraging Internet Query (IQY) files in an attempt to distribute Paradise ransomware. Lastline observed that the campaign began by trying to trick users into opening an IQY file, an Excel-readable text file which downloads data from the web. As such, this file retrieved a malicious Excel formula from...

Arguably, the first malware extortion attack occurred in 1988 – the AIDS Trojan had the potential to be the first example of ransomware, but due to a design flaw, the victims didn’t end up actually having to pay up the 189 bucks. It’s safe to say that over the past 31 years, attackers have perfected the ransomware craft, with organizations shelling...