Leveraging Knowledge to Manage Your Data Risks
Researchers at WithSecure cybersecurity firm have seen two malware attacks against Veeam Backup and Replication servers believed to be initiated by cybercrime group FIN7, also known as Carbon Spider, which has also been linked to Darkside, BlackMatter, and BlackCat/ALPHV ransomware variants.
The WithSecure investigators believe that the attacks may be part of a larger campaign…
The Foundation for Defense of Democracies issued a Report late last week entitled Time to Designate Space Systems as Critical Infrastructure which cogently outlines the risks associated with space systems (which are basically the same as any other electronic system) in order to designate space systems as the seventeenth critical infrastructure sector.
Space systems are…
Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, and was successful in stealing data from those organizations. The vulnerability is CVE-2023-0669, which allows attackers to execute remote code execution.
The manufacturer of GoAnywhere MFT notified…
New York Attorney General Letitia James announced on March 27, 2023 that she had levied a fine against law firm Heidell, Pittoni, Murphy & Bach LLP for failing to secure personal and health information of clients exposing the information in a data breach.
According to the press release, the law firm agreed to pay…
The FBI, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a joint cybersecurity advisory, warning organizations about indicators of compromise, and tactics, techniques, and procedures that have been associated with LockBit 3.0 ransomware.
The Advisory, #StopRansomware: LockBit 3.0, states that LockBit 3.0 is an affiliate-based ransomware variant that functions as…
It used to be that one of the sure ways to identify a phishing email was to notice grammatical errors or broken English in the text of the communication. Thanks to new translation tools like Google Translate, which are available worldwide, threat actors can translate a phishing email into any language, so it sounds authentic…
Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global Cybersecurity Outlook 23 Insight Report (published in collaboration with Accenture), although business leaders are more aware of the risk of cyber issues to their organizations, there remain challenges on how organizations are…
The California Privacy Protection Agency (CPPA) Board will hold its third public hearing on February 3, 2023, at 10 am PST.
The meeting will open with the Chairperson’s Update, during which CPPA Chairperson Jennifer Urban will likely address the status of the delayed California Privacy Rights Act (CPRA) regulations. Chairperson Urban is also a…
Israeli cybersecurity firm Hudson Rock has reported that the email addresses of more than 235 million Twitter users have been stolen and posted by more than one hacker on an online hacking forum. According to the security researcher’s Twitter posts, the compromise “is real and has an impact on almost every Twitter user. The database…
According to research by Palo Alto’s Unit 42, the most recent campaign by advanced persistent threat Cloaked Ursa (aka APT 20, Nobelium, or Cozy Bear), “demonstrate[s] sophistication and the ability to rapidly integrate popular cloud storage services to avoid detection.” Cloaked Ursa is believed to be affiliated with the Russian government.
Unit 42 found that…
