If you are a customer of CrowdStrike, you are working on recovering from the outage that occurred on July 19, 2024. As if that isn’t enough disruption, CrowdStrike is warning customers that threat actors are taking advantage of the situation by using fake websites and domains, sending phishing emails impersonating CrowdStrike, and offering malicious products
threat actors
CISA Warns of Three New Vulnerabilities Actively Exploited by Threat Actors
On July 17, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued an Alert adding three vulnerabilities to its Known Vulnerabilities Catalog. The three vulnerabilities related to Adobe, SolarWinds, and VMWare products are:
Privacy Tip #398 – Cybersecurity Agencies Issue Guidance for Civil Society on Mitigating Cyber Threats
The Cybersecurity and Infrastructure Security Agency (CISA) and its partners recently issued helpful guidance for entities that have limited resources to address cyber threats. The guidance, entitled “Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society,” is targeted to assist civil society—“nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities…
HC3 Warns Health Sector About Social Engineering Attacks Against IT Help Desks
The Health Sector Cybersecurity Coordination Center (HC3) recently issued an Alert warning that “threat actors employing advanced social engineering tactics to target IT help desks in the health sector and gain initial access to target organizations” have been on the rise.
The social engineering scheme starts with a telephone call to the IT help desk…
Privacy Tip #389 – FTC Outlines Top Scams in 2023
The Federal Trade Commission (FTC) keeps track of scams that are reported to it and summarizes those scams in a report outlining the most successful scams of the prior year.
Last year’s statistics are disturbing, as many of the same techniques from previous years are still being used successfully by threat actors. Old scams are…
Ransomware Hitting U.S. Companies at Increasing Rate
Unfortunately, according to Unit 42 of Palo Alto’s recently published “Ransomware and Extortion Report,” ransomware groups had a good year in 2022. They found that threat actors are using multi-extortion tactics to get paid by victims, including data exfiltration. In addition, there was “a 49% increase in victims reported by ransomware leak sites, with a…
Privacy Tip #379 – Protecting Veterans from Scams
Let us take time this week to thank current members of the military and all veterans for their service in protecting our country and democracy. As the daughter of a veteran, I am profoundly grateful to all of our service members who put their lives and families at risk every day, and those that forged…
Privacy Tip #378 – Bad Actors Selling Data of 23andMe Users of Ashkenazi Jewish and Chinese Descent
We previously reported on the unfortunate data breach suffered by 23andMe last month and its implications. We never imagined how horrible it could be.
According to an October 6, 2023, posting by Wired earlier that week, hackers involved with the 23andMe breach posted “an initial data sample on the platform BreachForums…claiming that it contained 1…
Resilience Midyear 2023 Claims Report: Ransomware Cybercriminals Shift Tactics
Resilience issued its Midyear 2023 Claims Report, which is well worth the read.
In addition to commenting on the impact of the MOVEit incident, some of the key findings include:
Urgent Joint Cybersecurity Advisory on Atlassian Vulnerability Issued
The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and MS-ISAC recently released an urgent Joint Advisory on the Atlassian Confluence Vulnerability CVE-2023-22515.
According to the Alert, “this critical vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious threat actors to obtain initial access to Confluence instances by creating unauthorized Confluence administrator…