Written by Krebs On Security - December 20th, 2020 A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself. Austin, Texas-based SolarWinds disclosed this ...
It is hard to believe that we are about to roll into 2021. It genuinely has been a year that nobody ever dreamt of, including from the Cybersecurity standpoint. So, given all that has happened, what is predicted for next year? Here are some of what we believe will happen: Botnets will continue to grow ...
Written by Karen Walsh, CEO, Allegro Solutions – December 11th, 2020 One of the most notable ballot propositions impacting the privacy and cybersecurity world during the US 2020 election was the passage of the California Privacy Rights Act (CPRA). Predominantly considered an updated version of 2018’s California Consumer Privacy Act (CCPA), the CPRA incorporates several changes other ...
In the early fog of the COVID-19 pandemic, cybersecurity took a back seat to keeping patients alive. Lost in the chaos was IT security. When the COVID-19 pandemic first hit the U.S. hard in March, the Elmhurst Hospital was forced into a logistical nightmare. It was a grim sign of the times, as the Queens, N.Y. hospital ...
Written by Catalin Cimpanu for Zero Day – December 1st, 2020 FBI: "The web-based client's forwarding rules often do not sync with the desktop client, limiting the rules' visibility to cyber security administrators." The US Federal Bureau of Investigation says that cyber-criminals are increasingly relying on email forwarding rules in order to disguise their presence inside hacked ...
Written by lonut Ilascu on November 27th, 2020 A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure. The campaign has been active for more than half a year and uses a network of legitimate websites that ...
Written for Krebs on Security – November 20th, 2020 An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling ...
Written by Jim Hansen – November 20th, 2020 The sudden and massive shift to a remote work policy across the Department of Defense and the contracting community has created a perfect storm of cyber challenges needing to be addressed. Keenly aware of this, threat actors are taking advantage. A few months into the COVID-19 crisis, the Pentagon ...
At the present time, the Cybersecurity Maturity Model Certification (CMMC) is fast gaining steam in the defense industry. A previous whitepaper has explored the CMMC in much more detail, but essentially, this is where any defense contractors and any subcontractors must be certified at a certain level before the Department of Defense (DoD) will allow ...
Ransomware is a threat variant that has existed for quite some time. It is actually a sophisticated form of malware, and in these types of attacks, the victim’s device gets hijacked. The screen becomes locked, and all of the files become encrypted with some unknown algorithm. The only way that the victim can recover them ...
