Cyberattacks

Japan's Largest Port is the Latest Victim of a Ransomware Attack

Jul 5, 2023 By Stu Sjouwerman In KnowBe4

The largest port in Japan, Nagoya, is now the most recent victim of a ransomware attack. The attack impacts the operation of container terminals, as the port handles over two million containers each year. This port is also used by the Toyota Motor Corporation, one of the world’s largest automakers, to export most of its cars.

Read Post

KnowBe4

Read more about Japan's Largest Port is the Latest Victim of a Ransomware Attack

Stories from the SOC: Fighting back against credential harvesting with ProofPoint

Jun 29, 2023 By Emine Akbulut In AT&T Cybersecurity

Credential harvesting is a technique that hackers use to gain unauthorized access to legitimate credentials using a variety of strategies, tactics, and techniques such as phishing and DNS poisoning. Phishing is the most frequent type of cyber threat and can lead to more harmful attacks such as ransomware and credential harvesting. According to recent research, phishing assaults targeted credential harvesting in 71.5% of cases in 2020.

Read Post

AT&T Cybersecurity

Read more about Stories from the SOC: Fighting back against credential harvesting with ProofPoint

MOVEit mayhem: Attackers found, patch released, but no end in sight

Jun 28, 2023 By Log360 In ManageEngine

The entire cybersecurity realm is buzzing over zero-day vulnerabilities and SQL injection attacks owing to the MOVEit Transfer MFT breach. In case you missed it, here’s the back story, timeline of events, and latest updates. On May 31, 2023, Progress Software rolled out security patches for the recently discovered SQL injection vulnerability in their file sharing application, MOVEit Transfer.

Read Post

ManageEngine

Read more about MOVEit mayhem: Attackers found, patch released, but no end in sight

GOOTLOADER Malware Case Study - Kroll Cyber Risk

Jun 28, 2023 By Kroll In Kroll

In Q1 2023, Kroll Cyber Threat Intelligence analysts noticed an uptick in GOOTLOADER malware infections leading to large-scale exfiltration of sensitive data, and even extortion. In this video, Threat Intelligence expert, Ryan Hicks, walks through a GOOTLOADER malware case study and provides recommendations for how to prevent such an attack.

View Video

Kroll

Read more about GOOTLOADER Malware Case Study - Kroll Cyber Risk

National Cyber Security Centre Notes UK Law Firms are Main Target for Cybercriminals

Jun 28, 2023 By Stu Sjouwerman In KnowBe4

In the most recent Cyber Threat report from the National Cyber Security Centre (NCSC), it is clear that UK law firms are a gold mine for cybercriminals. Given the large sums of money and highly sensitive information that is handled, it's no question as to why UK law firms would be an attractive target for threat actors.

Read Post

KnowBe4

Read more about National Cyber Security Centre Notes UK Law Firms are Main Target for Cybercriminals

The 443 Podcast - Episode 248 - RepoJacking

Jun 27, 2023 By WatchGuard In WatchGuard

On this week's podcast we discuss a recent analysis on the risks of GitHub RepoJacking. After that, we dive in to the Barracuda 0-day that China-based threat actors are actively exploiting as well as a novel command and control distribution method for a separate China-based APT. You can view more information on the CISA guidance as well as Blaze Lab's full blog post at the links below: The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.

View Video

WatchGuard

Read more about The 443 Podcast - Episode 248 - RepoJacking

Blacktail: Unveiling the tactics of a notorious cybercrime group

Jun 26, 2023 By Arjun Patel In AT&T Cybersecurity

In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. The group was first spotted by the Unit 42 Team at Palo Alto Networks earlier this year. Since February, the group has launched multiple attacks based on their latest ransomware campaign labeled Buhti.

Read Post

AT&T Cybersecurity

Read more about Blacktail: Unveiling the tactics of a notorious cybercrime group

CrowdStrike Takes On Spyboy's "Terminator"

Jun 26, 2023 By CrowdStrike In CrowdStrike

On May 21, 2023, a new threat actor named Spyboy emerged, advertising a tool known as “Terminator” in a Russian-language forum, claiming the software could bypass over 20 common AV and EDR controls. CrowdStrike automatically blocked this executable, categorizing this as a high-severity detection, enabled by our AI-powered indicators of attack.

View Video

CrowdStrike

Read more about CrowdStrike Takes On Spyboy's "Terminator"

SolarWinds' Head Refuses to Back Down Amid Potential US Regulatory Action over Russian hack

Jun 24, 2023 By Stu Sjouwerman In KnowBe4

According to an internal email obtained by CNN, the CEO of SolarWinds informed employees on Friday that the company plans to vigorously defend itself against potential legal action from US regulators over its handling of the 2020 breach by alleged Russian hackers.

Read Post

KnowBe4

Read more about SolarWinds' Head Refuses to Back Down Amid Potential US Regulatory Action over Russian hack

BlackLotus bootkit patch may bring "false sense of security", warns NSA

Jun 23, 2023 By Graham Cluley In Tripwire

The NSA has published a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protected against the threat. The BlackLotus UEFI bootkit made a name for itself in October 2022, when it was seen being sold on cybercrime underground forums for $5,000.

Read Post