Organizations are increasingly facing cyber attacks resulting in data breaches, and part of their post-incident responsibilities includes adhering to mandatory reporting requirements. Notably, the infamous BlackCat ransomware group has been exploiting these requirements for their benefit. They apply pressure on victims by threatening to inform the Securities and Exchange Commission (SEC) about the company's supposed failure to report significant data breaches.

Des Moines Orthopaedic Surgeons, P.C. (DMOS) has three clinics throughout Iowa’s capital; they offer comprehensive solutions for ortho-care, from joints to extremities and MRI imaging to outpatient surgery. DMOS utilizes a variety of third-party vendors to serve their patients and the surrounding regions; almost a year ago, DMOS experienced a cybersecurity event through one of these vendors. The unauthorized actors broke into their system and compromised the information of 307,864 individuals.

In the intricate web of digital security threats, one particularly disruptive technique stands out: the Distributed Denial of Service (DDoS) attack. This form of cyber assault involves numerous compromised systems, often referred to as bots or zombies, which are used to overwhelm a target website with an avalanche of requests. The result? Legitimate users find themselves unable to access the site, leading to significant operational disruptions.

As Microsoft Azure continues to gain market share in the cloud infrastructure space, it has garnered attention from adversaries ranging from hacktivist and eCrime threat actors to nation-state adversaries. Recent attacks on Microsoft by cloud-focused threat actors like COZY BEAR are becoming more frequent and garnering huge attention.

The Web3 ecosystem has experienced a sharp increase in spam NFTs. While spam NFTs may seem benign – commonly used as promotions for new NFT collections – they can also be used as a method for phishing unsuspecting users. Today, threat actors are using spam NFTs to drain wallets in a variety of ways. In this blog post, we take a closer look at some of these methods and the new security protections Fireblocks has developed to safeguard our customers.

Attackers are abusing Microsoft Teams to send phishing messages, according to researchers at AT&T Cybersecurity. “While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector,” the researchers write.

Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential stuffing is, discuss current approaches to mitigate this type of attack, and their weaknesses. Additionally, we'll share our insights on what needs to be.