Android Mobile Security alert against SMS Stealer Malware

A new type of malware, known as SMS Stealer, is making waves in the cybersecurity world. Designed to harvest one-time passwords (OTPs) and other sensitive information, this malware has already targeted over 600 global brands, according to experts from Zimperium. Zimperium reports that SMS Stealer is spreading rapidly and affecting businesses in more than 113 countries, with a significant number of victims in Russia and India. The malware operates using 13 command-and-control (C&C) servers and enlists the help of over 2,600 Telegram bots to...

Read More

VMware vulnerability leads ransomware to encrypt mass virtual machines

All these days we have seen hackers targeting Windows and Linux machines. But now they seem to be after the encryption of mass virtual machines by exploiting a vulnerability in VMware ESXi software. Hackers are now exploiting this flaw to encrypt virtual machines on a massive scale. The vulnerability, identified as CVE-2024-37085, has been rated 7 out of 10 on the severity scale. It serves as a gateway for attackers to gain access to Active Directory and subsequently encrypt virtual machines extensively. This has led to a surge in ransomware attacks...

Read More

Can Negotiations Yield Success in Ransomware Attacks

In the escalating world of cybercrime, ransomware attacks have become a pervasive threat, affecting businesses of all sizes and industries. When faced with a ransomware attack, organizations are often confronted with a critical decision: to pay the ransom or not. In many cases, negotiations with the attackers become a key strategy in determining whether to comply with their demands. But can these negotiations truly lead to a successful resolution? Understanding Ransomware Negotiations Ransomware is a type of malicious software that encrypts a victim’s...

Read More

DDoS Attack on Microsoft Azure Cloud leads to another global IT Outage

Microsoft has issued a statement apologizing for a recent IT outage, which they attribute to a DDoS (Distributed Denial of Service) cyber attack on the infrastructure managed by Microsoft Azure Cloud. Under the leadership of Satya Nadella, and amid a surge of media attention on his daughter Tara Nadella, the company revealed that the outage resulted from a malfunction in the automated protection system of their Microsoft Threat Intelligence software. This failure compromised the protection of IT assets against DDoS attacks. The outage impacted...

Read More

Western Maryland Community Colleges Receive Edwards Fund Grant for Cyber Ranges

Students Provided Training Opportunities and Help Meet Maryland’s Cybersecurity Talent Gap Allegany College of Maryland, Garrett College, and Hagerstown Community College have received a $617,400 grant from the Senator George C. Edwards Fund toward a $686,000 project to implement two cyber ranges through the Cyber Workforce Accelerator program to assist cybersecurity students to prepare for careers, using real-world, cutting-edge simulation. Created by the Maryland Association of Community Colleges (MACC) and BCR Cyber, the Cyber Workforce Accelerator...

Read More

Crowdstrike preliminary report as sourced from Richard Ford

Crowdstrike have now published their preliminary post incident report (PIR) into the issue that brought 8.5m Windows hosts, and a lot of the world, to a halt. Their preliminary report is available in full on the CrowdStrike website (here: https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/) but here are initial thoughts after reviewing the report and considering against the backdrop of what we’ve observed within our affected customer base. With such a wide scale, and brand affecting, incident, the recovery for CrowdStrike...

Read More

X allows users to turn off GROK AI Training due to data concerns

X, the social media platform formerly known as Twitter, is introducing a new feature that allows users to opt out of its AI training program involving Grok. Grok is an AI assistant developed by xAI, a company owned by Elon Musk, which learns from user posts and interactions. Previously, users were automatically included in this training program, meaning their posts and interactions were used to help Grok improve its responses. However, due to growing concerns about data privacy, X has decided to make participation in this program optional. Grok...

Read More

Ransomware attacks are inevitable on Paris Olympics 2024

A recent study by ExtraHop reveals that ransomware attacks on the Paris 2024 Olympics are almost unavoidable. Over the past year, the IT infrastructure supporting the games has been a frequent target, with some incidents resulting in ransom payments totaling $2 million. The scale of the event, featuring over 15,000 athletes competing in 54 sports and attracting millions of visitors, places immense pressure on the IT systems. Cisco, the official security partner for Paris 2024 and also responsible for securing the Tokyo 2020 Games—which faced more...

Read More

Strategies for Mitigating the Human Element of Cyber Risk

The primary cause of the majority of data breaches today is human error. Verizon’s 2024 Data Breach Investigations Report (DBIR) found that 68% of all breaches involved a non-malicious human element in 2023. This data highlights the critical need for enterprises to mitigate the human element of cyber risk to keep digital assets safe and secure. As cyber threats continue to grow in frequency and sophistication and the human factor remains a threat to cybersecurity, more CISOs than ever (80%) see human risk, in particular negligent employees, as...

Read More

Microsoft CrowdStrike Software Update leading to Phishing Attacks

A couple weeks ago, an IT outage hit Microsoft Windows 10 and 11 servers shortly after CrowdStrike released a Falcon Sensors software update. Rather than resolving, the update transformed into a software bug , affecting over 8.2 million PCs and servers globally. The disruption, initially caused by the software update, has since been exploited by hackers, who are using the vulnerability to launch phishing attacks. The Computer Emergency Response Team (CERT) of India has issued a worldwide alert, warning that CrowdStrike Threat Monitoring software...

Read More

Crowdstrike Threat Intelligence data leaked by hackers

The threat actor known as USDoD, infamous for leaking sensitive information from major databases including those of Airbus, TransUnion, and the US Environmental Agency, has resurfaced in the news. On July 25, 2024, USDoD released a portion of a dataset related to threat intelligence compiled by CrowdStrike, the Florida-based cybersecurity firm. The leaked information was posted on a data breach forum and included a link shared with CrowdStrike’s partners and some of its clients. Following the breach, CrowdStrike confirmed the authenticity of the...

Read More

Harnessing Defensive AI: Safeguarding the Digital Realm

In an increasingly interconnected world where digital threats loom large, the integration of Defensive Artificial Intelligence (AI) emerges as a critical bulwark against cyberattacks. From sophisticated ransomware assaults on critical infrastructure to relentless phishing schemes targeting sensitive data, the need for proactive defense mechanisms has never been more apparent. Defensive AI, with its ability to preempt, detect, and respond to threats autonomously, stands poised at the vanguard of cybersecurity, offering multifaceted benefits to organizations...

Read More

NHS Ransomware Attack leads to extreme blood shortage

On June 3rd of this year, Synnovis, a provider of technology and pathology services, fell victim to a ransomware attack, causing significant disruptions to IT systems within Britain’s National Health Service (NHS). The British healthcare organization has issued a public warning that the malware incident has now led to a severe shortage of blood supplies. Despite having adequate stocks earlier this month, blood repositories are now experiencing a steady decline. In response to the crisis, the NHS is urgently calling for blood donors to come forward,...

Read More

Ransomware shift from Cyber Espionage for North Korea

APT45, a cyber threat group associated with North Korea’s Reconnaissance General Bureau, known by aliases such as Stonefly, Silent Colima, Nickey Hayatt, Andriel, and Onyx Sleet, has recently shifted its focus from cyber espionage to spreading ransomware. The group has been observed targeting organizations in South Korea, Japan, and the United States. Security researchers from Google’s Mandiant have analyzed the group’s activities and found them deploying Shattered Glass Ransomware. This ransomware variant was last detected between June 2021 and...

Read More

Akira Ransomware Gang targets Split Airport of Croatia

It’s deeply concerning to hear about the ransomware attack on Split Airport, affecting its operations and causing significant disruptions to flights and passenger services. Ransomware attacks targeting critical infrastructure such as transit systems can have severe consequences, not just for the organizations involved but also for public safety and trust. The response of the Split Saint Jerome Airport staff in resorting to manual operations shows their dedication to mitigating the impact and ensuring some level of service continuity despite the...

Read More

KnowBe4 targeted by North Korea with Insider Threat

In recent years, cybersecurity threats have often involved hackers stealing identities through various digital channels to gather sensitive information. However, a recent incident within the administrative environment of cybersecurity firm KnowBe4 has highlighted concerns about insider threats. According to a blog post by KnowBe4, the incident unfolded when the company advertised a software engineer position for an AI development project and received applications from candidates worldwide. One applicant from the United States stood out to recruiters...

Read More

Ransomware attack shuts down Superior Court of Los Angeles County

A ransomware attack has crippled operations at the Superior Court of Los Angeles County, shutting down court services since last Friday morning. The incident affected all 36 courthouse locations across the county, prompting ongoing efforts to recover compromised systems. Initially, it was anticipated that court services would resume by Tuesday afternoon. However, technical challenges, exacerbated by issues with a faulty CrowdStrike software update on Windows 10 and 11 devices, delayed the restoration of IT infrastructure. Security experts involved...

Read More

Play Ransomware targets VMware ESXi Servers

In June of this year, the SE#i Ransomware group, now rebranded as APT Inc, targeted VMware ESXi server environments, employing double extortion tactics to extort money from victims. Following this trend, the Play Ransomware group has also adopted similar strategies, focusing primarily on companies operating within the United States. According to cybersecurity firm Trend Micro, which disclosed these findings in a recent blog post, the Play Ransomware group has been adept at infiltrating ESXi environments while evading detection by security measures...

Read More

How To Manage Alert Overload and Build the Skills of Your Security Team

The security operations center faces significant challenges in the form of data overload and the resulting increases in ingestion costs. But companies looking to sufficiently protect their systems also face heavy pressure inside their own four walls. To overcome this challenge, they must manage and alleviate internal pressure that pops up from things like alert overload, skill shortages, analyst retention and growth, and an overall lack of time and resources. It won’t be easy, but as we’ve worked to understand how those pressures manifest within...

Read More

Standalone Service Mesh Solution or Lightweight Option: Which is Right for You?

Service mesh is a tool for adding observability, security, and traffic management capabilities at the application layer. A service mesh is intended to help developers and site reliability engineers (SREs) with service-to-service communication within Kubernetes clusters. The challenges involved in deploying and managing microservices led to the creation of the service mesh, but service mesh solutions themselves introduce complexities and challenges. Here, we’ll explore use cases, challenges, and how to decide if a service mesh is right for you. Use...

Read More

Major Cyber Threats lurking at Paris Olympic Games 2024

The 2024 Paris Olympic Games, set to begin later this week and extend through mid-August, are anticipated to face significant cybersecurity risks according to experts. Here are the primary concerns: 1. State-sponsored Hacking: French intelligence agency ANSSI has issued warnings that state-funded actors, particularly from Russia, may target the digital infrastructure of the games. This comes in response to Russia’s ban from participation due to doping and geopolitical tensions. Hackers may aim to disrupt the event and attract global media attention...

Read More

Indian PM Narender Modi asks to Log Off of each Microsoft Windows Sessions

Indian Prime Minister Narendra Modi has offered a valuable tip to enhance cybersecurity for home PCs and laptops: consistently logging out of Microsoft Windows sessions. This advice applies universally across Windows 10 and Windows 11 operating systems. Highlighting this cybersecurity principle, Prime Minister Modi emphasized its critical application in both private and public sectors. He suggested assigning responsibility for logging out at the end of each day in IT environments. From a technical standpoint, regularly logging out clears session...

Read More

How to Negotiate Ransomware Attacks: A Strategic Guide

In an increasingly digital world, ransomware attacks have become a prevalent threat to businesses and individuals alike. These malicious attacks involve cyber-criminals encrypting data or locking users out of their systems, demanding payment (often in cryptocurrency) to restore access. While prevention and robust cybersecurity measures are crucial, knowing how to negotiate in the unfortunate event of a ransomware attack can also be essential. Here’s a strategic guide on navigating through such a crisis: 1. Assess the Situation: Upon discovering...

Read More

Microsoft 2024 Windows IT meltdown impacts about 8.5 million devices

The recent update to CrowdStrike Falcon sensor software has caused widespread issues, leading to the infamous BSOD “blue screen of death” on over 8.2 million Windows OS devices globally. Despite initial fears of a cyber attack, experts indicate this incident could mark one of the worst in history, echoing concerns akin to the Y2K bug in 2038. While Microsoft works to gradually restore affected IT infrastructures, former U.S. President Joe Biden and industry leaders like Satya Nadella of Microsoft have expressed concern and commitment to preventing...

Read More

AI for Identity Security: 5 Ways AI Augments SecOps and IAM Teams Today

Identity security has become increasingly complex, presenting a formidable challenge for CISOs, security operations (SecOps), and identity and access management (IAM) teams worldwide. It’s not surprising then that a staggering 80% of today’s cyber attacks begin with compromised identities, making them everyone’s business as the most critical attack vector to protect.  Unfortunately, many organizations are struggling to effectively get ahead and stay ahead of malicious attackers and compliance demands. Many times, awareness of an attack comes...

Read More

Microsoft outage Windows not a cyber attack says Crowdstrike

Millions of PCs running Windows 10 and 11 Operating Systems have been experiencing a widespread issue identified as the Blue Screen of Death (BSOD) over the past few hours. This technical problem has resulted in significant global disruptions across various sectors, including government agencies, transit hubs such as airports, private companies, and municipalities. Initially, speculation pointed towards a potential cyber attack originating from foreign entities like China or Russia. Certain Reddit groups even suggested state-sponsored hackers aimed...

Read More