You are here

Home » Cybersecurity

Cybersecurity

Threat Awareness – Microsoft 365 AutoSave Features Can be Exploited to Encrypt Files

Security researchers have uncovered a potential new ransomware-related threat to Office 365 account users. In this case, adversaries could utilize compromised Office 365 accounts to encrypt files stored in SharePoint and OneDrive cloud services. The attack relies on manipulating the “AutoSave” feature which creates cloud backups of older file types when users make edits. To conduct this attack threat actors need only to compromise an employee’s Office 365 account, usually done via phishing or malicious OAuth apps.

Threat Awareness – New Report Highlights Increasing Phishing Attacks

The first quarter of this year saw the most phishing attacks ever observed, according to a new report. The APWG Phishing Activity Trends Report for the first quarter of 2022 revealed there were 1,025,968 total phishing attacks. This quarter was the first time the three-month total number of phishing attacks exceeded one million. In March alone there were 384,291 attacks, which was also a record monthly total. The report identified webmail services as one of the most targeted sectors.

Cyber Resilience – Performing Asset Inventories

Conducting asset inventories is one of the foundational first steps in setting up a cyber risk management strategy. Since you cannot defend or secure what you do not know you have, performing asset inventories to gain network visibility is critical for all organizations large and small. Despite the overwhelming benefits of performing asset inventories, a recent report from the cybersecurity firm CYREBRO found that many organizations lack full network visibility. Network visibility is a clear awareness of the components, devices, servers, and data that make up a company’s network.

CISA Needs YOUR Help for Greater Cyber Resilience! – Request for Participation

Collaborative defense and information sharing is most effective when we all work together; otherwise, it’s just a one-way flow of information, and the providers are left wondering if their efforts are useful to the constituents. In that respect, CISA offers numerous no-cost products and services, including various types of assessments to critical infrastructure entities. Historically, the water and wastewater sector has been one of the largest groups (typically second only to the electricity sector) availing themselves of CISA’s services.

(Update 6/16/2022) Patch Available for Windows Zero-Day Vulnerability (“Follina”) – Exploitation Still On-Going

Microsoft has provided a security update for this vulnerability. Due to continued active exploitation, system administrators are highly encouraged to address accordingly and continue tracking new information regarding the zero-day Microsoft vulnerability (CVE-2022-30190) – dubbed Follina – that was disclosed over the Memorial Day weekend.

 

June 9, 2022

Security Awareness - Increase in Post-COVID Travel Sees Surge in Vacation-Themed Phishing

Bitdefender has released a security blog noting the recently observed upswing in travel-related spam campaigns. While this is typically a common trend, 2020 and 2021 saw a lot less travel-related phishing than usual due to COVID restrictions. However, it appears scammers are just as eager to get a jump on those getting a jump on vacation planning, as travel-themed phishing lures began to increase in March with an expected peak in June. Popular nations being targeted include the United States, Ireland, India, and the UK.

Pages

Subscribe to Cybersecurity