MOVEit Transfer Vulnerability Going Wild

MOVEit Transfer Vulnerability Going Wild

The Clop ransomware organization purportedly exploited a critical zero-day flaw in the MOVEit file transfer program. Security…
FTC Penalizes Amazon with Millions in Fines

FTC Penalizes Amazon with Millions in Fines

Yesterday, the FTC took a significant enforcement step against Amazon claiming that The Children’s Online Privacy and…
Record 1.3 Billion GDPR Penalty Slapped on Meta

Record 1.3 Billion GDPR Penalty Slapped on Meta

Meta, better known for Facebook and Instagram, has been fined a record $1.3 billion (€1.2 billion) for…

ESG Risk 

What is ESG Risk? ESG risk refers to the potential negative impacts on a company’s performance and…
Health Sector Warned of Veeam Vulnerability

Health Sector Warned of Veeam Vulnerability

Threat actors are increasingly targeting Veeam Backup & Replication in cyber attacks. Veeam Software’s Veeam Backup &…
Malware Strain Disguised as a Chrome Updater

Malware Strain Disguised as a Chrome Updater

A recently spotted campaign tricked users with an in-browser Windows update simulation to deliver the Aurora information-stealing…
Critical Flaw Found in DNA Sequencers

Critical Flaw Found in DNA Sequencers

A significant vulnerability in Illumina gene sequencing software puts a spotlight on the need to bolster cybersecurity…
The NIST CSF Makeover Scheduled for the Summer

The NIST CSF Makeover Scheduled for the Summer

NIST plans for a significant update to the NIST CSF Framework this summer. They recently published a…
Privacy in the Age of ChatGPT

Privacy in the Age of ChatGPT

One of the main concerns with language models like ChatCPT is privacy risks. The model uses any…
Emergency Update for Apple Devices

Emergency Update for Apple Devices

Apple has released emergency security updates to address two zero-day vulnerabilities that have already been exploited in…
Operation Cookie Monster

Operation Cookie Monster

On Tuesday, more than a dozen law enforcement organizations from around the world shut down the Genesis…
Call for Restraint in the Race to AI

Call for Restraint in the Race to AI

Is the World Adopting AI Models Too Fast? That’s what an elite group of tech leaders and…
Saks Fifth Avenue Added to GoAnywhere Victim List 

Saks Fifth Avenue Added to GoAnywhere Victim List 

Dozens of organizations have been added to Clop ransomware’s victim list over the last couple of months,…
Beware: SVB’s Collapse Being Exploited By Scammers

Beware: SVB’s Collapse Being Exploited By Scammers

Cybersecurity experts caution that scammers are profiting from the turmoil caused by the collapse of Silicon Valley…

HITECH Act

What is the HITECH Act? The Health Information Technology for Economic and Clinical Health (HITECH) Act is…
New TSA Regulations for Airlines Facing “Persistent Cybersecurity Threats”

New TSA Regulations for Airlines Facing “Persistent Cybersecurity Threats”

The Transportation Security Administration on Tuesday announced regulations to force airports, along with aircraft owners and operators,…

Business Email Compromise

What is the Business Email Compromise? Business Email Compromise (BEC) is a type of cyber attack in…
CISA Calls on Tech Developers to Put Security into Digital Products 

CISA Calls on Tech Developers to Put Security into Digital Products 

CISA called on technology development companies to “fundamentally shift” product design to one that puts cybersecurity at…

Health Industry Cybersecurity Practices (HICP)

What is HICP? The Health Industry Cybersecurity Practices: Handling Risks and Safeguarding Patients article was created as…
Social Engineering “Smishing” Attack on Coinbase

Social Engineering “Smishing” Attack on Coinbase

Coinbase and other crypto platforms are frequently targeted by fraudsters. That’s because currency in any form is…
GoodRx Gets a Taste of its Own Medicine

GoodRx Gets a Taste of its Own Medicine

GoodRx has recently come under fire for breaking its privacy promises and the HBNR (Health Breach Notification…

What is the CPRA Act?

The California Privacy Rights Act (CPRA) is a state-wide data privacy law that governs how businesses all…
Malicious Apps Abused Microsofts Verification Standard

Malicious Apps Abused Microsofts Verification Standard

In December, a group of threat actors abused the Microsoft “certified publishers” status of the Microsoft Cloud…
Drop in Ransomware Payments Show Victims Becoming Bold 

Drop in Ransomware Payments Show Victims Becoming Bold 

A report conducted by Chainalysis noted a 40% drop in payments made to ransomware extortion groups in…
POC of CWP Flaw Leads to Live Attacks

POC of CWP Flaw Leads to Live Attacks

The popular and free Control Web Panel software has a significant security flaw that has already been…
What Can’t You Do With Chat GPT?

What Can’t You Do With Chat GPT?

Since its release, there has been an explosion of interest in Chat GPT in the media and…
Google Sued Again For Deceptive Location Tracking

Google Sued Again For Deceptive Location Tracking

Google settled two privacy lawsuits last week. The data and information goliath will pay $9.5 million to…
LastPass Attacker Did Reach Password Vaults

LastPass Attacker Did Reach Password Vaults

What does your human logic dictate? Using third-party password managers like LastPass, sometimes thought to be more…
Game Over for Epic

Game Over for Epic

Fortnite developer, Epic Games, was charged a whopping $275,000,000 penalty in settlement fees in violation of federal…
96% of Classroom Apps Share Student’s Personal Data

96% of Classroom Apps Share Student’s Personal Data

Internet Safety Labs, a non-profit organization on a mission to ensure online product safety, released a new…
Will the FBI Block Tik Tok?

Will the FBI Block Tik Tok?

On Friday, Christopher Wray of the FBI raised concerns that Chinese owned Tik Tok “is in the…
Massive Twitter Leak

Massive Twitter Leak

Chad Loder, the founder of cyber security awareness company Habitu8, received evidence last week of a massive…
World Cup Cyber 

World Cup Cyber 

This Sunday marked the commencement of the FIFA World Cup in Qatar, and threat actors will be…
FTX Has Been Hacked

FTX Has Been Hacked

On Friday, crypto exchange FTX recommended users delete FTX apps and avoid using its website, backing up…
Insurance Giant Settles Groundbreaking Lawsuit with Oreo Cookie Brand Mondelez

Insurance Giant Settles Groundbreaking Lawsuit with Oreo Cookie Brand Mondelez

A settlement was reached last week in a $100,000 lawsuit between Zurich, a global insurance giant, and…
White House Convenes Ransomware Summit

White House Convenes Ransomware Summit

A two-day International Counter Ransomware Summit was held this past Monday and Tuesday. Leaders and experts from…
FBI Warns of Iranian Hacking Group Ahead of Elections

FBI Warns of Iranian Hacking Group Ahead of Elections

Misinformation and disinformation are pressing problems that have mingled with traditional cybersecurity to evolve into a form…
Verizon Verifies Data Breach

Verizon Verifies Data Breach

Verizon notified an unknown volume of its prepaid customers that attackers breached Verizon accounts and were able…
Nullmixer Malware Madness

Nullmixer Malware Madness

Using a single Windows executable file, Nullmixer infects devices with 12 different streams of malware, all at…
Uber: MFA Bombing Attack

Uber: MFA Bombing Attack

Love may conquer all, but apparently MFA won’t. That pesky human factor again. Unmanaged risk surrounding the…
Twitter: Don’t Shut Down- Get Better!

Twitter: Don’t Shut Down- Get Better!

“Twitter was and continues to be one of the world’s most influential communications platforms.What happens on Twitter…
Education Hit Hard by Ransomware

Education Hit Hard by Ransomware

IT systems of the second largest school district in the U.S. were hit over the weekend by…
Third-party Services Breached for 2.5 million Loan Application Records!

Third-party Services Breached for 2.5 million Loan Application Records!

Both EdFinancial and the Oklahoma Student Loan Authority (OSLA) use technology services from Nelnet Servicing, including giving…
Credential Stuffing via Residential Proxy is on the Rise!

Credential Stuffing via Residential Proxy is on the Rise!

Last week, the FBI released a PIN (Private Industry Notification) on their Internet Crime Complaint Center (IC3).…
Meraki Firewall False Positive Triggers Microsoft 365 Outage

Meraki Firewall False Positive Triggers Microsoft 365 Outage

Did you experience trouble connecting to Exchange Online, Microsoft Teams, Outlook desktop clients, and OneDrive for Business…
CosmicStrand: Getting Down to the Root of the Problem

CosmicStrand: Getting Down to the Root of the Problem

How do you rid your computer of a rootkit that tunnels its way into the lowest levels…
4 “High Impact” Security Risks for Okta

4 “High Impact” Security Risks for Okta

Researchers at Authomize discovered 4 ‘high impact’ attack paths in Okta’s trusted management solution. Authomize clearly points…
Phishing for Credentials

Phishing for Credentials

A huge web of phishing attacks were performed on over 10,000 organizations! Tricking victims with fake Office…
ToddyCat APT Aims High

ToddyCat APT Aims High

A new Advanced Persistent Threat (APT) actor has been spotted by Kaspersky cybersecurity researchers attempting attacks on…
Interpol Takes Down 2000 Social Engineers

Interpol Takes Down 2000 Social Engineers

Justice prevailed for the victims of worldwide social engineering scams as police from 76 countries worked together…
Keep China Out: Patch Network Devices ASAP

Keep China Out: Patch Network Devices ASAP

The US government, specifically the NSA, FBI and CISA, have issued explicit warnings that hackers working for…
Hijacked Whatsapp Accounts- Protect Yourself!

Hijacked Whatsapp Accounts- Protect Yourself!

Sometimes the simplest scams are the most effective. Hackers managed to hijack victims’ Whatsapp accounts using mobile…
Pwn2Own- Successful Hacks

Pwn2Own- Successful Hacks

The annual Pwn2Own hacking contest, held in Vancouver, brought together security researchers from all over the world…
The Critical F5 BIG-IP Vulnerability

The Critical F5 BIG-IP Vulnerability

A huge and critical vulnerability broke this week making headlines across cyber news sites. Why is this…
Tricked at the Top: US Dept. of Defense

Tricked at the Top: US Dept. of Defense

Quite amazingly, a resident of California conducted a phishing operation and managed to successfully reroute government money…
Coca-Cola Breach: The Real Thing? 

Coca-Cola Breach: The Real Thing? 

The infamous Stormous ransomware gang claims to have breached Coca Cola’s servers, stealing 161 GB of data.…
Dwell-Time Down, Vigilance Up!

Dwell-Time Down, Vigilance Up!

Mandiant, the cybersecurity company to be acquired by Google later this year, have released their Mandiant M-Trends…
Illegal Legal Hacks

Illegal Legal Hacks

Looks like Apple and meta will be undergoing some social engineering awareness training! Hackers posing as various…
You’ve Been Hacked: Roskomnadzor

You’ve Been Hacked: Roskomnadzor

Ukrainian anonymous hacking group, appropriately called Anonymous, announced over Twitter this week that they had breached and…
Using the Shed Light: Twitter vs. Russia

Using the Shed Light: Twitter vs. Russia

Defending and respecting the user’s voice is one of Twitter’s core values, according to their website. This…
Next-gen Botnets

Next-gen Botnets

It’s the plague of frogs- but not as you know it. First spotted in August 2020, “FritzFrog”…
Russian Hackers Infiltrate Ukrainian Organizations via Spear-Phishing

Russian Hackers Infiltrate Ukrainian Organizations via Spear-Phishing

The world is watching with bated breath as Russia lines up its army along the borders of…
The British are Coming- with SOX!

The British are Coming- with SOX!

The UK’s corporate landscape begins the 2-year countdown to prepare for new governance, audit and reporting requirement:…
RCE Alert: Managing Vulnerabilities

RCE Alert: Managing Vulnerabilities

Two critical bugs discovered in Control Web Panel means that an unauthenticated attacker can gain remote code…
When Imitation Isn’t the Best Form of Flattery

When Imitation Isn’t the Best Form of Flattery

There is an exclusive top ten list that NO company wants to find themselves on: the Top…
Ransomware Shuts Down US Prison

Ransomware Shuts Down US Prison

Ransomware is always consequential to the company experiencing the attack, but in this case, the staff and…
Y2K22 Surprise!

Y2K22 Surprise!

Microsoft Exchange users were surprised when emails could not be delivered on January 1st, 2022.  MEServers from…
DuckDuckGo For It!

DuckDuckGo For It!

Everyone is talking about DuckDuckGo, the search engine that has experienced enormous growth in 2021 and performs…
Securing from the Inside Out

Securing from the Inside Out

Take your mind off of Log4j momentarily and consider a vastly different vulnerability. Garret Metal detectors, a…
Demystifying The Internet Meltdown: Log4j

Demystifying The Internet Meltdown: Log4j

The Log4Shell bug has taken the world by storm putting some of the biggest companies at risk…
Patching Backward to Move Forward: Top 6 Tips for Patch Management

Patching Backward to Move Forward: Top 6 Tips for Patch Management

These patches were released months ago, so how can threat actors continue to exploit the same vulnerabilities…
Phishing From Within

Phishing From Within

IKEA has been in the limelight this week as the target of a creative phishing campaign. Internal…
Critical Infrastructure targets take extra precautions this Thanksgiving

Critical Infrastructure targets take extra precautions this Thanksgiving

Another holiday weekend, another reason to be cyber vigilant! CISA and the FBI released a warning ahead…
300+ WordPress Sites Held Ransom By Fake Ransomware

300+ WordPress Sites Held Ransom By Fake Ransomware

Over 300 WordPress sites were attacked with fake encryption notices, informing them they must pay 0.1 bitcoin…
At Least Nine Global Entities Across Critical Sectors Have Been Exploited Via a Known CVE

At Least Nine Global Entities Across Critical Sectors Have Been Exploited Via a Known CVE

Back in September, the Zoho MachineEngine ADSelfService Plus reported a critical vulnerability that would allow remote attackers…
Your Company is Under Intense Pressure. And That’s Exactly When They’ll Strike.

Your Company is Under Intense Pressure. And That’s Exactly When They’ll Strike.

Ransomware actors are choosing their targets based on time-sensitive financial events, like mergers or acquisitions and ends…
The Battle of the Greats: Security vs. Compliance

The Battle of the Greats: Security vs. Compliance

Security vs. compliance—that’s the million dollar question every organization is trying to answer. And thanks to the…
You Haven’t Heard Of Groove Ransomware? Let’s Hope It Stays That Way

You Haven’t Heard Of Groove Ransomware? Let’s Hope It Stays That Way

Not everyone was happy with the law enforcement’s take down of the REvil ransomware group last week.…
Claiming Unemployment? Watch Out!

Claiming Unemployment? Watch Out!

The FBI put out a warning this week of spoofed websites offering unemployment benefits that harvest sensitive…
Lightning Never Strikes Twice? Ransomware Does

Lightning Never Strikes Twice? Ransomware Does

Back in September, leading medical technology company Olympus was hit with a ransomware attack on its EMEA’s…
“Do Your Part… Be Cyber Smart!” CISA

“Do Your Part… Be Cyber Smart!” CISA

Cybersecurity Awareness is at an all-time high and has never been more meaningful! As the NCSA kicks…
OWASP Celebrated Their 20th Anniversary Last Week By Releasing a Brand New List Of Critical Security Risks For Web Apps

OWASP Celebrated Their 20th Anniversary Last Week By Releasing a Brand New List Of Critical Security Risks For Web Apps

The OWASP Top 10 is the ultimate guide to the threats and remediations that companies should address,…
Security Is Not a Feature - And It's Not Optional Either

Security Is Not a Feature - And It's Not Optional Either

Let’s face it, there’s a major flaw in the way businesses approach cybersecurity. It’s not uncommon for…
Hackers Continue To Target Critical US Infrastructure and Seek To Disrupt Supply Chains, But Are We Handing Them Access On                         A Silver Platter?

Hackers Continue To Target Critical US Infrastructure and Seek To Disrupt Supply Chains, But Are We Handing Them Access On A Silver Platter?

NEW Cooperative, an Iowa-based farm service provider, was hit with a ransomware attack in recent days. BlackMatter…
REvil Ransomware Returns And Continues To Attack And Leak Data

REvil Ransomware Returns And Continues To Attack And Leak Data

Guess who’s back in town? After wildly exploiting the zero-day Kaseya vulnerability back in July, and demanding…
CISA and The FBI Reveal An Interesting Warning Regarding Ransomware

CISA and The FBI Reveal An Interesting Warning Regarding Ransomware

Based on data from recent actor tactics, techniques, and procedures (TTPs), they report that ransomware attacks are…
When CISA Releases An Announcement Tagged As Urgent, You Know It's Urgent

When CISA Releases An Announcement Tagged As Urgent, You Know It's Urgent

Microsoft released a security update in May 2021 revealing three actively exploited ProxyShell vulnerabilities on Microsoft Exchange…
Skip to content