Cybersecurity

Users are not the only ones to suffer from password re-use across multiple sites, services, or devices. Unfortunately, many system administrators use the same passwords for local administrator access across all workstations for ease of technical support. But what’s good for the sysadmin, is also good for the threat actor who gains access to password hashes. Pen Test Partners (PTP) briefly discusses the issues with admin password re-use and suggests a more secure solution than using the same local admin password across all workstations.

The FBI has published another TLP:WHITE FLASH providing indicators of compromise associated with “Hive” ransomware. The Flash indicates that Hive ransomware, which was first discovered in June 2021 and likely operates as an affiliate-based ransomware campaign, primarily employs phishing tactics and remote desktop protocol (RDP) attacks to infiltrate a company’s network. After compromising a network, attackers exfiltrate data and encrypt files on the network before leaving a ransom note with further instructions.

Utilities using the following SSL VPN products within their environment are strongly encouraged to apply all available patches: Pulse Connect Secure SSL VPN, Fortinet Fortigate SSL VPN, and Citrix Application Delivery Controller (ADC), Gateway and SD-WAN WANOP.

Today, virtually everyone shops online and expects electronic notifications from package couriers regarding order status. That’s why a recently discovered phishing campaign, purporting to be an email from UPS, could have potentially traversed inboxes. The email states that the person’s package had an “exception” and directs them to download an invoice for pickup. Additionally, the email is filled with multiple legitimate links that mask its malicious intent.