In our new threat briefing report, Forescout’s Vedere Labs provides details on the recent ransomware campaign targeting VMware ESXi virtualization servers, or hypervisors, and analyzes two payloads used in these attacks: variants of the Royal and Clop ransomware. We also present the tactics, techniques and procedures (TTPs) used by attackers in this campaign, discuss mitigation recommendations and list indicators of compromise (IOCs) that can be used for detection or threat hunting.

A lot has changed since Sumo Logic last gave our two cents on how to secure Office 365. In the meantime, Office 365 has become Microsoft 365 (M365), and Sumo has continued evolving and expanding its security offering. Today’s threat actor is adept at compromising M365 accounts through various methods. Stealing credentials through phishing email campaigns and brute-force attacks has become commonplace.

The US Transportation and Security Administration (TSA) has issued new requirements for airport and aircraft operators who, they say, are facing a "persistent cybersecurity threat." The agency's new directive compels the aviation industry to improve their defences against malicious hackers and cybercriminals, just days after Preisdent Biden announced its National Cybersecurity Strategy that seeks tighter regulations to protect the United States's critical infrastructure.

Netskope Threat Labs is tracking a 17x increase in traffic to malicious web pages hosted on DigitalOcean in the last six months. This increase is attributed to new campaigns of a known tech support scam that mimics Windows Defender and tries to deceive users into believing that their computer is infected.

Acer is a well-known tech company that's based in Taiwan and with facilities and offices around the world. The company's main headquarters are in San Jose, California, in the United States. The company is known for engineering, technical manufacturing, and creating many products in the electronics industry today. The organization recently suffered a significant data attack that may have exposed company secrets, product keys, and many software images that could hurt the organization.

APIs will continue to drive business and accelerate digital transformation this year to the extent that nearly no other technology can; according to the 19th Developer Economics survey by Slashdata, almost 90% of all developers use APIs. This makes them a target for attackers who aren’t afraid to engage in any tactic, especially tried-and-true methods like parameter tampering attacks - malicious API attack traffic surged 117% from 2021 to 2022.

Crystal Bay Casino is a gambling establishment located in Lake Tahoe. The facility includes slots, table games, and sports betting and features a small hotel known as the Border House for gamblers to stay in luxury. This luxury casino was recently hit by an attack on its IT servers, and its customers may have had their confidential information exposed in the attack. Learn about the full scope of the attack and how the casino is responding to this incident to protect its customers.

Dole PLC is a massive agricultural company headquartered in Dublin, Ireland. Dole has several offices and production facilities in the United States and supplies food products in 75 separate countries. The company maintains a staff of over 38,000 employees and offers more than 300 different products throughout the world.