BLOG

Update on SVR Cyber Operations and Vulnerability Exploitation

The Federal Bureau of Investigation (FBI), the National Security Agency (NSA), Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) released this Joint Cybersecurity Advisory to highlight the tactics, techniques, and procedures (TTPs) employed by the Russian Federation’s Foreign Intelligence Service (SVR) in recent cyber operations and provide network defenders with … Continue reading Update on SVR Cyber Operations and Vulnerability Exploitation
Fri, 11 Oct 2024 16:49:13 +0000

CISA: Avoid Scams After Disaster Strikes

As hurricanes and other natural disasters occur, CISA urges individuals to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, … Continue reading CISA: Avoid Scams After Disaster Strikes
Thu, 10 Oct 2024 18:25:37 +0000

GorillaBot Pounds Its Chest After Unleashing Over 300,000 DDOS Attacks

Image Source: NSFOCUS The newest threat to emerge from Mirai’s leaked source code has made itself known in a big way. The botnet, dubbed GorillaBot , issued over 300,000 attack commands across 113 countries from September 4 to September 27, with China (20 percent), the United States (19 percent), and Canada (16 percent) as the … Continue reading GorillaBot Pounds Its Chest After Unleashing Over 300,000 DDOS Attacks
Thu, 10 Oct 2024 18:23:30 +0000

DPRK Delivers Updated BeaverTail Malware to Job Seekers

Analysts recently identified a new iteration of BeaverTail malware associated with the CL-STA-240 Contagious Interview campaign , first discovered in November 2023. The threat actors, associated with the Democratic People’s Republic of Korea (DPRK), pose as prospective employers and target individuals seeking employment within the Information Technology sector through popular job search platforms such as … Continue reading DPRK Delivers Updated BeaverTail Malware to Job Seekers
Thu, 10 Oct 2024 18:21:46 +0000

Free Training: Defend Against Threats with Extended Detection and Response training day

Build the skills you need to create new opportunities and accelerate your understanding of Microsoft Cloud technologies at a free Microsoft Security Virtual Training Day from Microsoft Learn. Join us at Defend Against Threats with Extended Detection and Response to learn how to better protect apps and data in Microsoft 365 Defender, Microsoft Defender for … Continue reading Free Training: Defend Against Threats with Extended Detection and Response training day
Thu, 10 Oct 2024 18:09:55 +0000

NIST small business cybersecurity webinar

Event Date: October 23, 2024 Event Time: 2:00PM – 3:00PM EDT Event Location: Virtual Description: Identity and Access Management is a fundamental and critical cybersecurity capability for businesses of all sizes. To protect your business from fraud and unauthorized system and data access, you want to take steps to ensure that only the right people … Continue reading NIST small business cybersecurity webinar
Wed, 09 Oct 2024 13:58:34 +0000

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – PATCH NOW

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install … Continue reading Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – PATCH NOW
Wed, 09 Oct 2024 11:57:53 +0000

Protecting Against Iranian Targeting of Accounts Associated with National Political Organizations

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released this Fact Sheet, which provides information about threat actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) targeting and compromising accounts of Americans to stoke discord and undermine confidence in US democratic institutions.   IRGC actors have previously gained and … Continue reading Protecting Against Iranian Targeting of Accounts Associated with National Political Organizations
Wed, 09 Oct 2024 11:56:45 +0000

Security Property Verification by Transition Model | NIST Invites Public Comments on IR 8539

The initial public draft of NIST Internal Report (IR) 8539, Security Property Verification by Transition Model, is now available for public comment. Verifying the security properties of access control policies is a complex and critical task. The policies and their implementation often do not explicitly express their underlying semantics, which may be implicitly embedded in … Continue reading Security Property Verification by Transition Model | NIST Invites Public Comments on IR 8539
Wed, 09 Oct 2024 11:44:06 +0000

Critical Patches Issued for Microsoft Products, October 8, 2024 – PATCH NOW

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose … Continue reading Critical Patches Issued for Microsoft Products, October 8, 2024 – PATCH NOW
Wed, 09 Oct 2024 11:43:33 +0000