Cybercriminals are leveraging zero-day vulnerabilities in Microsoft Exchange servers, dropping cryptocurrency mining malware as part of a campaign that seeks to secretly steal the processing power of …
Executive Level Action In Response to Ongoing Massive Attacks Leveraging Microsoft Vulnerabilities
This post provides executive level context and some recommendations regarding a large attack exploiting Microsoft Exchange, a system many enterprises use for mail, contact management, …
From Solar Sunrise to Solar Winds: The Questionable Value of Two Decades of Cybersecurity Advice
While the Ware Report of 1970 codified the foundations of the computer security discipline, it was the President’s Commission on Critical Infrastructure Protection report of 1997 that expanded those …
SolarWinds Hackers “Impacting” State and Local Governments
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning regarding the impact of the recent SolarWinds Orion software government espionage campaign likely conducted by …
Continue Reading about SolarWinds Hackers “Impacting” State and Local Governments
Russian Espionage Campaign: SolarWinds
The SolarWinds hacks have been described in every media outlet and new source, making this campaign perhaps the most widely reported cyber incident to date. This report provides context on this …
Continue Reading about Russian Espionage Campaign: SolarWinds
The NSA Warns That Russia Is Attacking Remote Work Platforms
The COVID-19 pandemic has created a massive movement towards working from home, inadvertently also creating more opportunities for hackers. The National Security Agency (NSA) released an advisory …
Continue Reading about The NSA Warns That Russia Is Attacking Remote Work Platforms
Apple Issues Security Updates
Apple has recently released three critical security updates affecting macOS Big Sur 11.0, macOS High Sierra 10.13.6, and macOS Mojave 10.14.6. The Department of Homeland Security's Cybersecurity and …
Ransomware Hits Dozens of Hospitals in an Unprecedented Wave
A string of ransomware attacks has hit US hospitals as they struggle to combat the COVID-19 pandemic. The attacks come just hours after the FBI and Cybersecurity and Infrastructure Security Agency …
Continue Reading about Ransomware Hits Dozens of Hospitals in an Unprecedented Wave
North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn
The North Korean APT group known as Kimsuky or Hidden Cobra has allegedly been actively attacking businesses posing as reporters located in South Korea. The US Cybersecurity and Infrastructure …
The Russian Hackers Playing ‘Chekhov’s Gun’ With US Infrastructure
In an advisory warning published last week by the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), the government notified the public of a sophisticated …
Continue Reading about The Russian Hackers Playing ‘Chekhov’s Gun’ With US Infrastructure