You are here

Home » Cybersecurity

Cybersecurity

Security Awareness – Top Brands Impersonated in Phishing Attacks

Phishing attacks remain one of the most common entry vectors for threat actors seeking to compromise an organization or an individual’s device or network. A particularly effective phishing tactic is brand impersonation, when adversaries attempt to mimic a website or domain of a well-known brand by using a similar domain name and webpage designed like the actual site. A recent report from the IT company Check Point identifies the top brands criminals impersonated in brand phishing attacks in the fourth quarter of 2021.

Threat Awareness – Ukraine Targeted by Wiper Malware Designed to Look Like Ransomware

On Friday, the Microsoft Threat Intelligence Center (MSTIC) identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. According to MSTIC, the malware first appeared on victim systems in Ukraine on January 13, 2022. At this time, MSTIC has not been able to assess intent of the identified destructive actions or trace this to any known threat activity groups.

Security Awareness – The Benefits of Executive Leadership Cybersecurity Training

Cybersecurity training is imperative for every employee of an organization, including C-suite executives. With the near saturation of Business Email Compromise (BEC) scams, threat actors are also targeting executive level accounts, in part because of their privileged access and sensitive communications. Thus, it’s important for executives to receive specialized role-based awareness training. To begin, executives should understand the financial risk associated with not maintaining an adequate cyber defense posture. Its also important for senior leadership to lead by example.

Encouraging a Zero Trust Culture

A zero trust framework can significantly reduce a threat actor’s ability to move laterally within a network and greatly enhance an organization’s overall cybersecurity posture. Unfortunately, despite federal guidance, zero trust has not gained much momentum. The concept of zero trust, to “never trust, always verify,” may seem daunting. However, according to an article in ThreatPost, zero trust isn’t necessarily about buying the next shiny thing, but “a change in mindset on how one wishes to operate their business in a secure way.”

Security Awareness – Google Products Exploited by Threat Actors

Threat actors are exploiting multiple Google products to scam victims for potential account takeovers. Fraudsters have been exploiting Google Docs to spread malware and harvest credentials. Since December 2021, security researchers at Avanan have observed a massive campaign of threat actors exploiting the comments feature in Google Docs to target victims. The attacks have mostly been observed targeting Outlook users.

(TLP:WHITE) Joint Cybersecurity Advisory (AA22-011A) Issued to U.S. Critical Infrastructure for Understanding and Mitigating Russian State-Sponsored Cyber Threats

Akin with public guidance and recommendations shared in mid-December by CISA and the White House regarding protecting against malicious cyber activity before the holidays, federal agencies have jointly released Understanding

Pages

Subscribe to Cybersecurity