Zero Trust Race is On: Do You Have the Right Engine?
The shift to a Zero Trust security model has become a top priority for many organizations, driven by record levels of ransomware attacks and a rapidly expanding attack surface stemming from the move to remote work and accelerated cloud adoption ... Read More
Microsoft Publishes Veiled Mea Culpa Disguised as Research
The Microsoft Threat Intelligence Center (MSTIC) shared a report warning that NOBELIUM—the threat actor behind the SolarWinds attacks—is targeting delegated administrative privileges as part of a larger malicious campaign. Microsoft cautions that attackers are attempting to gain access to downstream customers of multiple cloud providers, managed service providers (MSPs), and ... Read More
Update Your Apple Devices to Guard Against Pegasus Spyware Attacks
Apple issued an emergency update yesterday for a critical vulnerability discovered in its iPhones, Apple Watches, and Mac computers. Researchers at Citizen Lab discovered a no-click zero-day exploit that works on all Apple devices that do not have the latest update. ... Read More
UN Breach Highlights Escalation of Cyber Threats
Hackers have been inside the United Nations network for months. According to a report from Bloomberg, stolen credentials of a UN employee were sold on the Dark Web for as little as $1,000. The report claims that Russian-speaking cybercriminals sold access to the UN systems for months—from April through August ... Read More
Ransomware Attackers Don’t Take Holidays
Not everyone took time off for Labor Day weekend. While millions of Americans enjoyed an extended weekend in honor of the holiday, cybercriminals were busy targeting Howard University with a ransomware attack ... Read More
Implications of the Alleged State Department Breach
The US State Department was reportedly hit by another cyber attack, although it has not been officially confirmed. Whether or not the attack occurred, it is a simple fact that government agencies and private organizations are under constant siege, and that the security professionals tasked with protecting against attacks need ... Read More
T-Mobile Data Breach Amplifies Larger Cybersecurity Challenge
Reports came out this week that T-Mobile had suffered a data breach. T-Mobile claims that the leak has been sealed. They deserve credit for responding quickly, but for some the damage may already be done. The data itself may not pose a direct risk to anyone, but the more information ... Read More
REvil Ransomware Attacks: Implications for Kaseya, MSPs and Businesses
In some ways, the ransomware attack involving Kaseya is a perfectly logical extension of everything we’ve seen since the end of last year with the disclosure of the SolarWinds attacks: the merger of supply chain exploits with ransomware to kickstart distribution, an even higher bar for extortions, and the same ... Read More
Biden-Putin Summit and Why Threat Actors Just Won’t Give it a Rest
On June 11, McDonald’s said in a message to its U.S. employees that it had discovered unauthorized activity on an internal security system. The burger chain responded by bringing on some external consultants to investigate what had happened, reported the Wall Street Journal. ... Read More
Report: Ransomware Attacks and the True Cost to Business
Ransomware attacks have continued to make headlines, and for good reason: on average, there is a new ransomware attack every 11 seconds, and the losses to organizations from ransomware attacks is projected to reach $20 billion over the course of 2021 following a record increase in losses of more than ... Read More