Fighting ransomware with network segmentation as a path to resiliency

Recent cybersecurity events involving the use of ransomware (WannaCry and similar variants) represent the latest examples highlighting the need for organizations to not only take an initial hit, but survive, adapt, and endure. In other words, be resilient. All too often, our community is a witness to any number of similar events where an initial breach […]

Spectre chip security vulnerability strikes again; patches incoming

After the first-wave of Spectre and Meltdown attacks were conquered, people relaxed. That was a mistake. Since the CPU vulnerabilities Spectre and Meltdown showed an entirely new way to attack systems, security experts knew it was only a matter of time until new assault methods would be found. They’ve been found. Jann Horn, a Google Project Zero security researcher, discovered […]

Get Ready for ‘WannaCry 2.0’

They’re still out there, pinging away for vulnerable Sever Message Block (SMB) services in order to find a way in. One year after the historic and massive WannaCry ransomware attack unleashed by nation-state hackers from North Korea, an unknown number of WannaCry-infected Windows machines in their zombie state around the globe continue to attack other […]

IT Pros Worried About IoT But Not Prepared to Secure It

Some 85% of IT professionals believe their country will suffer a major critical infrastructure cyberattack in the next five years and 64% say they’re more concerned this year than last about connected device threats in their organizations – and slightly fewer are actually doing anything about Internet of Things security. The 2018 Internet of Evil Things […]

Phishers increasingly targeting cloud storage and SaaS

The Anti-Phishing Working Group (APWG) has been tracking notable increases in phishing campaigns that target SAAS/webmail providers, as well as increased attacks on financial / banking targets and cloud storage and file-sharing sites. But banks remain the most popular targets, with phishers stealing customers’ online banking credentials. APWG member MarkMonitor detected phishing attacks targeting 454 organizations in […]

Frequency & Costs of DNS-Based Attacks Soar

The frequency of Domain Name System (DNS) attacks and the costs associated with addressing them are both increasing sharply, a new survey by EfficientIP shows. The DNS management vendor recently had research firm Coleman Parkes poll about 1,000 IT managers in North America, Asia, and Europe on the causes and responses to DNS-based threats. The […]

This new type of DDoS attack takes advantage of an old vulnerability

A newly-uncovered form of DDoS attack takes advantage of a well-known, yet still exploitable, security vulnerability in the Universal Plug and Play (UPnP) networking protocol to allow attackers to bypass common methods for detecting their actions. Attacks are launched from irregular source ports, making it difficult to determine their origin and blacklist the ports in […]

Is The C-Suite Exempt From Cyber-Crime Anxiety?

If recent cyber-attacks are anything to go by, cyber-criminals are capable of causing colossal damage to organisations of all sizes. With vital public services such as the NHS succumbing to attacks, it seems that nothing is off the table when it comes down to cyber-criminals deciding who to target. However, according to some reports, the […]

Gandcrab Ransomware Exploits Website Vulnerabilities

Researchers at Cisco Talos have detected a new batch of Gandcrab ransomware being distributed through legitimate but poorly secured sites. Gandcrab, among the newest threats in the ransomware space, started as a simple attack and quickly evolved as its authors adapted to security defenses. In the first two months of 2018, attackers infected more than 50,000 victims […]

Phishing Attack Bypasses Two-Factor Authentication

Businesses and consumers around the world are encouraged to adopt two-factor authentication as a means of strengthening login security. But 2FA isn’t ironclad: attackers are finding ways to circumvent the common best practice. In this case, they use social engineering. A new exploit, demonstrated by KnowBe4 chief hacking officer Kevin Mitnick, lets threat actors access […]