You are here

Home » Cybersecurity

Cybersecurity

Security Awareness - Active Directory Vulnerabilities Could Allow for Easy Takeover of Windows Domain, Microsoft Warns

Yesterday, Microsoft encouraged customers to patch two Windows Active Directory domain service privilege escalation vulnerabilities that, combined, permit threat actors to effortlessly takeover Windows domains. Microsoft released patches for these vulnerabilities, tracked as CVE-2021-42287 and CVE-2021-42278, during its November security updates. Last week, a proof-of-concept tool leveraging these vulnerabilities was shared on public forums.

Microsoft Patches Windows Zero-Day Vulnerability Being Exploited to Deliver Emotet Malware

Microsoft’s newest security updates patches a high-severity Windows zero-day vulnerability threat actors are exploiting to distribute Emotet malware. The vulnerability, tracked as CVE-2021-43890, spoofs a security flaw in Windows AppX Installer that allows a threat actor to conduct a complex attack with lower user privileges. According to Microsoft, “an attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment.

Change Passwords, Implement Patches, and Other Important Steps to Take in Holiday Lead Up

With the holidays upon us and many organizations reducing their staffing to allow for time off, WaterISAC reminds its members of important steps to take now as emphasized in recent advisories from the White House and CISA. As Deputy Assistant to the President and Deputy National Security Advisor Anne Neuberger highlighted when the White House advisory was released, breaches often occur around holidays when cyber threat actors know security operations centers are short-staffed.

Ransomware Banks on Payroll Firm – Highlights how Attack on Vendor has Direct Impact to its Customers

If you utilize UKG (formerly Kronos) for human resources needs (e.g. payroll, time and attendance, etc.), you are aware of the ransomware incident that befell them on December 11 that affected the Kronos Private Cloud (KPC). Likewise, if you weren’t already convinced how a cyber incident on one of your vendors/partners could have direct negative impact on your internal operations, you are now. Hopefully, the impacted organizations had effective business continuity processes in place to react to this outage that Kronos expects to last several weeks.

Conti Ransomware Targets Multiple Entities in Australia, Government Warns

Multiple Australian organizations have been impacted by Conti ransomware attacks in November and December 2021, according to the Australian Cyber Security Centre (ACSC). The ransomware attacks have occurred across multiple sectors, such as electric utilities and healthcare. According to an ACSC advisory, “Victims have received demands for ransom payments.

Security Awareness – Unpacking a Qbot Malware Attack

Security researchers at Microsoft have broken down the attack chain of the Qbot malware into distinct “building blocks,” to help defenders understand and ultimately thwart the various tactics threat actors employ to infiltrate and then deploy the Qbot malware. Qbot is a widespread Windows malware cyber criminals use to steal credentials, propagate to other systems and networks, and provide remote access to ransomware groups. Qbot usually spreads via phishing campaigns or by another malware infection.

Pages

Subscribe to Cybersecurity