You are here

Home » Cybersecurity

Cybersecurity

Cyber Resilience – How Organizations Should Evolve after Implementing a Data Backup Process

Huntress has posted a blog discussing why simply having a backup process is not enough to protect an organization. Essentially, it is crucial that backups be verified and tested. Organizations need to define their recovery time objective, or how long it takes to recover from backups, and their recovery point objective, or what categories of data are necessary to back up in order to continue operations. Once these objectives are agreed upon, organizations have a metric to measure their current backup process against and see where it succeeds and fails.

Cuba Ransomware Group Joins Play Ransomware in Utilizing OWASSRF Vulnerability

Cyware has posted an alert detailing Microsoft sharing that the Cuba ransomware threat group has been observed targeting vulnerable Exchange servers using a zero-day exploit titled OWASSRF, or Outlook Web Access Server-Side Request Forgery. This is an escalation in criminal actors utilizing this exploit, as previously only the Play ransomware group had incorporated it into their malware.

CircleCI Releases Post-Attack Incident Report as Core Enterprise Apps Rise in Popularity to Target

Bleeping Computer has posted an article discussing newly released information regarding the CircleCI data breach. This was prompted by CircleCI, a backbone service for many developers, releasing an incident report revealing the initial breach was caused by an engineer’s device becoming “infected with information-stealing malware that [stole] their 2FA-backed SSO session cookie” and allowed criminal actors to begin stealing data beginning December 22, 2022.

Cyber Hygiene – Six Common Mistakes that Facilitate Data Breaches

Threat actors are increasingly targeting employee and customer data information while appearing less interested in financial information and credentials, according to research from the cybersecurity firm Imperva. Notably, Imperva’s research also found that 32 percent of data breaches are due to unsecured databases and social engineering attacks.

Imperva’s research identified the six most common mistakes made by organizations and individuals that enable data breaches:

Cyber Resilience – CISA Releases Supply Chain Handbook for Small and Medium-sized Businesses

On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA) published a handbook offering guidance to small and medium-sized businesses (SMBs) on best practices for securing their cyber supply chain. The guide provides methods and guidance to tackle the most common and highest priority risks faced by SMBs.

Threat Awareness – AnyDesk-Themed Campaign Infecting Victims with Information-Stealing Malware

Bleeping Computer has written an article covering research from a SEKOIA analyst regarding a Vidar malware campaign involving 1,300 domains impersonating the AnyDesk brand. Victims are likely directed to these domains through a phishing campaign or search engine results and are then  redirected to a DropBox folder to download the Vidar malware disguised as an AnyDesk installer. Vidar malware capabilities include copying browser histories, account credentials, passwords, cryptocurrency wallets, and banking data to send to its controller for further malicious use.

Pages

Subscribe to Cybersecurity