Cybersecurity

Security Awareness – Microsoft Phishing Attack Redirects Victims to a Catering Voice Recording

Security researchers at Cofense recently observed credential phishing campaigns that use a novel deception technique, directing victims to a voice recording that lures them into a false sense of security after they’ve provided their Microsoft credentials.

Read more about Security Awareness – Microsoft Phishing Attack Redirects Victims to a Catering Voice Recording

Cyber Resilience – Microsoft Universally Enables Number Matching for Microsoft Authenticator

Microsoft announced the implementation of number matching for push notifications via Microsoft Authenticator in an effort to counter the increasing prevalence of multi-factor authentication (MFA) fatigue attacks.

Read more about Cyber Resilience – Microsoft Universally Enables Number Matching for Microsoft Authenticator

Ransomware Resilience – Federal Government: Low Victim Reporting Hampers Ransomware Response Efforts

CyberScoop has written an article discussing federal concerns over victims’ reluctance to report ransomware attacks to the broader community, as outlined in the Institute for Security and Technology’s Ransomware Task Force May 2023 Progress Report. The FBI and Justice Department have stated that only 20% of victims report if they’ve been infected.

Read more about Ransomware Resilience – Federal Government: Low Victim Reporting Hampers Ransomware Response Efforts

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 9, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Hitachi Energy MSM - Product used in the Energy Sector
Mitsubishi Electric MELSEC and MELIPC Series (Update F)

Alerts, Updates, and Bulletins:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 9, 2023

Threat Awareness – IcedID and QBot Malware Continue to Propagate with Various Techniques to Compromise more Victims

Commodity malware continues to plague businesses and the threat actors employing them are utilizing a diverse toolset of tactics, techniques, and procedures in order to proliferate the malware, such as IcedID and Qbot/Qakbot, and compromise more victims.

Read more about Threat Awareness – IcedID and QBot Malware Continue to Propagate with Various Techniques to Compromise more Victims

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 4, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Dataprobe iBoot-PDU (Update A)

Alerts, Updates, and Bulletins:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 4, 2023

Security Awareness – Chrome Removes Lock Icon Symbolizing the Use of HTTPS

The Chromium Project has posted a blog announcing the removal of the lock symbol used to represent whether a page is utilizing HTTPS in Chrome. The project’s reasoning behind this change is that HTTPS has become such a ubiquitous protocol that the purpose of the lock to signify whether a page is secure has become redundant.

Read more about Security Awareness – Chrome Removes Lock Icon Symbolizing the Use of HTTPS

Courts Rule in Favor of Merck in Major Cyber Insurance Claim Case

Security Week has written an article covering the Superior Court of New Jersey Appellate Division’s ruling in favor of Merck in the company’s $1.4 billion claim against insurers for the fallout of the NotPetya attack it suffered in 2017. Insurers argued that the property insurance offered to Merck had a war exclusion clause that was “clear and unambiguous, and it plainly applies to the NotPetya attack.”

Read more about Courts Rule in Favor of Merck in Major Cyber Insurance Claim Case

May the 4th Be with… Your Passwords (on World Password Day)

- by Jennifer Lyn Walker

Read more about May the 4th Be with… Your Passwords (on World Password Day)

Cyber Hygiene – Phishing Resistant MFA and Complex Passwords

Despite all the hype, many organizations implementing multifactor authentication (MFA) and complex passwords can still fall victim to cyber attacks. Multiple threat actor types are increasingly bypassing MFA controls, typically through MFA push notification fatigue or exploiting weaknesses in self-enrollment configurations, to gain access to a victim’s network.

Read more about Cyber Hygiene – Phishing Resistant MFA and Complex Passwords

You are here

Cybersecurity

Security Awareness – Microsoft Phishing Attack Redirects Victims to a Catering Voice Recording

Cyber Resilience – Microsoft Universally Enables Number Matching for Microsoft Authenticator

Ransomware Resilience – Federal Government: Low Victim Reporting Hampers Ransomware Response Efforts

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 9, 2023

Threat Awareness – IcedID and QBot Malware Continue to Propagate with Various Techniques to Compromise more Victims

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 4, 2023

Security Awareness – Chrome Removes Lock Icon Symbolizing the Use of HTTPS

Courts Rule in Favor of Merck in Major Cyber Insurance Claim Case

May the 4th Be with… Your Passwords (on World Password Day)

Cyber Hygiene – Phishing Resistant MFA and Complex Passwords

Pages

You are here

Cybersecurity

Pages

Footer Email Signup