Cybersecurity

Security Awareness – The Growing Scourge of Brand Impersonation Attacks

Phishing is one of the most widely used cyber attack techniques and has grown more sophisticated in the form of brand impersonation attacks. While many phishing scams are easy to spot, brand impersonation – through its use of impersonating the likeness of trusted brands – is typically more difficult to detect. Indeed, “brand impersonation emails increased 44% in 2020 vs. 2019. However, it’s not only a significant increase in frequency as much as an increasing level of sophistication,” according to Dirk Jan Koekkoek, VP DMARC at Mimecast.

Read more about Security Awareness – The Growing Scourge of Brand Impersonation Attacks

FBI Issues Multiple Reports on Current Ransomware Activity

FBI FLASH: Tactics, Techniques, and Indicators of Compromise Associated with Hello Kitty/FiveHands Ransomware

Read more about FBI Issues Multiple Reports on Current Ransomware Activity

2021 CWE Most Important Hardware Weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses List.

Read more about 2021 CWE Most Important Hardware Weaknesses

NSA-CISA Series on Securing 5G Cloud Infrastructures

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures.

Read more about NSA-CISA Series on Securing 5G Cloud Infrastructures

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 28, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 28, 2021

New Squirrelwaffle Malware Mimics Emotet Tactics

Security researchers at Cisco Talos recently uncovered a new malware threat, called Squirrelwaffle, that spreads via spam campaigns, providing threat actors with an initial entry into a compromised device or network and allowing them to deploy additional malware, such as Qakbot or Cobalt Strike. Squirrelwaffle, which was first identified last month, leverages stolen reply-chain emails to propagate across devices and networks.

Read more about New Squirrelwaffle Malware Mimics Emotet Tactics

Microsoft Warns of Increase in Password Spraying Attacks

Microsoft’s Detection and Response Team (DART) has detected an increase in password spray attacks over the past year. With increasing intelligence of security software and cybersecurity awareness, breaking into a network undetected has become more difficult. Therefore, threat actors are increasingly focused on stealing a victim’s credentials so they can access a network and carry out malicious activity that appears as normal network traffic. To gain these credentials, adversaries are employing password spraying.

Read more about Microsoft Warns of Increase in Password Spraying Attacks

Nearly Three-Quarters of Organizations Experienced a DNS Attack in the Last Year

Although ransomware and phishing attempts are often perceived as the most frequent and persistent cyber threats by many, a new survey by the Neustar International Security Council (NISC), however, shows that domain name system (DNS) attacks are impacting businesses at an increasing rate. According to the survey, which was conducted in September 2021, 72 percent of respondents experienced a DNS attack within the last year. Among the targeted respondents, 58 percent experienced business disruptions that lasted more than an hour and 14 percent took several hours to recover.

Read more about Nearly Three-Quarters of Organizations Experienced a DNS Attack in the Last Year

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 26, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Fuji Electric Tellus Lite V-Simulator and V-Server Lite

Alerts, Updates, and Bulletins:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 26, 2021

Russian-backed Nobelium Targets Hundreds of IT Service Providers in Latest Campaign

Microsoft has shared details on the latest campaign conducted by the Russian-backed threat actor NOBELIUM. It notes that since May 2021, NOBELIUM has targeted hundreds of cloud service providers (CSPs), managed service providers (MSPs), and other IT services organizations to exploit the administrative or privileged access provided to these companies by their downstream customers.

Read more about Russian-backed Nobelium Targets Hundreds of IT Service Providers in Latest Campaign

You are here

Cybersecurity

Security Awareness – The Growing Scourge of Brand Impersonation Attacks

FBI Issues Multiple Reports on Current Ransomware Activity

2021 CWE Most Important Hardware Weaknesses

NSA-CISA Series on Securing 5G Cloud Infrastructures

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 28, 2021

New Squirrelwaffle Malware Mimics Emotet Tactics

Microsoft Warns of Increase in Password Spraying Attacks

Nearly Three-Quarters of Organizations Experienced a DNS Attack in the Last Year

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 26, 2021

Russian-backed Nobelium Targets Hundreds of IT Service Providers in Latest Campaign

Pages

You are here

Cybersecurity

Pages

Footer Email Signup