You are here

Home » Cybersecurity

Cybersecurity

Ransomware Awareness – Black Basta Borrowing from the Best

A new ransomware group has targeted almost 50 victims within the two months of its emergence in the wild and it hasn’t even begun its marketing or affiliate campaign yet. The Black Basta ransomware first became operational in April 2022 and is the latest ransomware gang seeking to extort enterprises. Researchers believe Black Basta’s quick rise to prominence is due to its potential close ties with and copying the techniques of other successful ransomware groups such as Conti and REvil.

2022 CWE Top 25 Most Dangerous Software Weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software.

(TLP:WHITE) Threat and Vulnerability Advisory: Important Notification Regarding Compromise of Unpatched VMware Horizon and Unified Access Gateway with Log4Shell Exploit

Attention: Action required if your utility uses affected VMware Horizon® and Unified Access Gateway (UAG) servers in your environment and they are not up-to-date with current vendor patches or recommended workarounds.

Joint Cybersecurity Information Sheet - Keeping PowerShell - Security Measures to Use and Embrace

The cybersecurity authorities from the U.S., New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed to removing or disabling it entirely due to its use by malicious actors after gaining access into victim networks.

Security Awareness – Social Engineering: It’s not About the Security, it’s About the People

While properly configured technical controls can go a long way in protecting from cyber threats, there are countless threats that defeat even the best technology solutions. Those threats most often emanate from email and are intentionally designed to bypass blocking controls in an attempt to trick our last line of cyber defense – the users. Furthermore, with email enduring as the most likely ingress for a cyber attack, threat actors have the odds of a successful attack on their side.

Security Awareness – Voice Mail Themed Campaign Targeting Office 365 and Outlook Users

An ongoing phishing campaign targeting U.S. organizations has been observed employing fake voicemail notifications to fool employees into providing their Office 365 or Outlook credentials. In this specific phishing campaign, users receive a phony email stating they have a new voicemail to listen to and are prompted to open an HTML attachment. To increase the chances of success, adversaries ensure the email's “From” field specifically references the targeted organization’s name.

Threat Awareness – Microsoft 365 AutoSave Features Can be Exploited to Encrypt Files

Security researchers have uncovered a potential new ransomware-related threat to Office 365 account users. In this case, adversaries could utilize compromised Office 365 accounts to encrypt files stored in SharePoint and OneDrive cloud services. The attack relies on manipulating the “AutoSave” feature which creates cloud backups of older file types when users make edits. To conduct this attack threat actors need only to compromise an employee’s Office 365 account, usually done via phishing or malicious OAuth apps.

Pages

Subscribe to Cybersecurity