In a recent Private Industry Notification to the higher education sector, the FBI warned that U.S. college and university credentials are being advertised “for sale on online criminal marketplaces and publically [sic] accessible forums.”

The Notification warns that the exposure of credentials and network access information, “especially privileged user accounts, could lead to subsequent cyber-attacks

Actor and comedian Seth Green, best known for creating Robot Chicken and portraying Dr. Evil’s son in the Austin Powers franchise, announced on Twitter last month that phishers stole his four “Bored Ape” NFTs. Let’s break down that mouthful: NFTs are a blockchain technology that creates indisputable ownership records that the art world has embraced

Although the U.S. Chamber of Commerce (the Chamber) “strongly urges Congress to pass durable, bipartisan national privacy legislation that protects all Americans equally,” it will “strongly oppose legislation that fails to provide meaningful preemption or any proposal that creates a blanket private right of action,” according to a letter sent to Senators yesterday.

The letter

CNBC surveys over 2,000 small businesses each quarter to get their thoughts on the overall business environment and their small business’ health. According to the latest CNBC/SurveyMonkey Small Business Survey, despite repeated warnings by the Cybersecurity and Infrastructure Security Agency and the FBI that U.S.-based businesses are at an increased risk of a cyber-attack following

This week, AGCO, a U.S. agricultural machinery manufacturer, suffered a ransomware attack that affected its business operations and shut down its systems.

AGCO, headquartered in Duluth, Georgia, designs, produces, and sells tractors, combines, foragers, hay tools, self-propelled sprayers, smart farming technologies, seeding and tillage equipment. AGCO first discovered this attack through its subsidiary, Massey-Ferguson, when

As we have pointed out before, it is cumbersome yet critical, to patch vulnerabilities on a timely basis. Cyber-attackers move swiftly to take advantage of known vulnerabilities and are aware of the challenges organizations have in closing those doors.

The Cybersecurity and Infrastructure Security Agency (CISA), along with its counterparts in other countries, issued a

Microsoft released its monthly patches this week to fix 128 vulnerabilities, including 10 rated as critical, 115 as important, and three flagged as moderately severe. One of the vulnerabilities (CVE-2022-24521 Windows Common Log File System Driver Elevations of Privilege) is being actively exploited by APT groups according to the National Security Agency, so addressing this

On April 5, 2022, the U.S. Department of Treasury Office of Foreign Assets Control (OFAC) sanctioned darkweb Hydra Marketplace and virtual currency Garantex and added both to the Specially Designated Nationals List (SDN) [view related post].

On October 1, 2020, OFAC issued a Ransomware Advisory “to alert companies that engage with victims of ransomware

Phishing, Smishing, Vishing, and QRishing. All of these schemes continue to pose risk to organizations that needs to be assessed and addressed.

Vishing made a strong debut during the pandemic [view related post], and continues to be a scheme that is surprisingly successful.

This week, Morgan Stanley Wealth Management (in the wake of another

The National Institute of Standards and Technology (NIST) recently released a Request for Information (RFI) that seeks to gather information to help evaluate and improve cybersecurity resources for the cybersecurity framework and cybersecurity supply chain risk management.

NIST indicated in its FAQs about the RFI that it is seeking feedback on the following objectives:

  • Evaluate