Iranian actors leveraged the Remote Desktop Protocol (RDP) as part of an international campaign to target companies with Dharma ransomware. Group-IB uncovered the campaign while conducting an incident response engagement for a Russian company in June 2020. As part of its investigation, the digital security solutions provider's digital forensics team...

After the global outbreak of coronavirus 2019 (COVID-19), organizations quickly transitioned to remote work in order to enforce social distancing and to keep their employees safe. But this work-from-home arrangement opened up organizations to more risk as well as less redundancy and resilience. That’s especially the case for organizations with...

Accidents or mistakes are bound to happen. Even if healthcare providers and business associates are compliant to HIPAA Standards, there is always a possibility of unintentional or accidental disclosure of Protected Health Information (PHI). Accidental disclosure of PHI includes sending an email to the wrong recipient and an employee accidentally...

The University of Utah paid a fee of more than $450,000 to attackers after they infected a portion of its servers with ransomware. The University of Utah's CSBS building. On July 19, 2020, the Information Security Office (ISO) notified the university's College of Social and Behavioral Science (CSBS)...

Experian South Africa announced that it's in the process of investigating a security incident involving a fraudulent data inquiry. On August 19, the South African branch of the consumer credit reporting agency said in a web statement that a South African individual purporting to represent a...

On August 15th the NSA and FBI published a joint security alert containing details about a previously undisclosed Russian malware. The agencies say that the Linux strain malware has been developed and deployed in real-world attacks by Russian military hackers. The FBI says, “The Russian General Staff Main Intelligence Directorate (GRU) 85th Main...

A friend of mine received an interesting piece of snail mail the other day. It was one of those inheritance scam letters that usually arrive in E-Mail. An image of the letter is shown below: In summary, the author, a high-ranking bank official, has an unclaimed inheritance that he is willing to split...

Security researchers released a decryption tool that enables victims of WannaRen ransomware to recover their files for free. On August 19, Bitdefender announced that it had made a WannaRen decryption utility publicly available for download. The security firm urged victims of this ransomware to save the decryptor somewhere on their computer after...

“Send it to the cloud” has been the increasingly common response over the years for dealing with the issue of how to handle massive amounts of data. On one side, I understand it. Another infrastructure owned by a third party who has teams dedicated to implementing security by design, continuous testing and validation – this all sounds attractive. ...

British-American cruise operator Carnival Corporation & plc revealed it had detected a ransomware attack on some of its IT systems. In a regulatory filing submitted to the U.S. Securities and Exchange Commission (SEC), Carnival revealed that it had detected a ransomware attack on August 15. A...

At the outset of the global coronavirus 2019 (COVID-19) pandemic, many organizations decided to enforce social distancing by requiring that their employees begin working from home. This decision changed the fundamental way in which many employees were accustomed to working. It also created new security challenges for organizations that had larger...

Tripwire is very much household name within the cybersecurity community. It's been around from the early days of creating intrusion detection software that would later be known as File Integrity Monitoring (FIM) all the way through to deploying a portfolio of products that focuses on SCM, Vulnerability Management, Asset Management, Industrial...

Malicious actors launched credential stuffing attacks that targeted Canada's GCKey service and Canada Revenue Agency (CRA) accounts. On August 15, the Treasury Board of Canada Secretariat announced that the Government of Canada was in the process of responding to a series of credential stuffing...

Digital attackers can compromise a system in a matter of minutes. But it generally takes organizations much longer to figure out that anything has happened. In its 2020 Data Breach Investigations Report (DBIR), for instance, Verizon Enterprise found that more than half of large organizations took days or even months to detect a security incident....

The National Cyber Security Centre (NCSC) revealed it had shut down more than 300,000 URLs that linked to investment scams in a four-month period. In a news bulletin published on August 14, NCSC warned users to be on the lookout for investment scams. Many of these ruses began with fake news articles...

Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cybersecurity assessment. The ATO Problem However, the ATO process can pose several challenges to the...

The Cybersecurity & Infrastructure Security Agency (CISA) warned that phishing emails are redirecting recipients to spoofed COVID-19 loan relief pages. On August 12, CISA announced its discovery of the attack campaign in Alert (AA20-225A): The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber...

It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us. If you don’t believe me, just take a look at the news. Last month, Virginia-based cybersecurity firm GRIMM announced that they had found a vulnerability that affects many...

A phishing campaign abused both the Google App Engine and the Azure App Service to steal victims' Microsoft Outlook credentials. Netskope observed that the attack campaign started with a shortened link "https://bitly[.]com/33nMLkZ" distributed by a phishing email. This link redirected a recipient of the email to a Google App Engine domain "https:/...