In September of 2021, a new malware family named SquirrelWaffle joined the threat landscape. It spread through infected Microsoft Office documents attached in spam emails. The infection flow starts with a ZIP file that contains the infected Office document. When the file is opened by the victim, the malicious VBA macros download SquirrelWaffle DLL, which eventually leads to deploying another threat, such as CobaltStrike or QakBot.

In case you missed the Office of Management and Budget (OMB) (memo M-21-31), Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents, let me provide you the information that you need to know if you are in the federal government.

Organisations who find their networks hit by a ransomware attack may soon have to disclose within 48 hours any payments to their extortionists. That’s the intention of the Ransom Disclosure Act, a new bill proposed by US Senator Elizabeth Warren and Representative Deborah Ross.

Dassault Systemes, SolidWorks is the most widely used solid modeling Computer-Aided Design (CAD) software that runs on Microsoft windows. Any industry that uses drawings, illustrations, designs, specifications, blueprints, prototypes, creatives, and models held in CAD is highly valued. In these industries, the exchange of information is both a necessity as well as a business risk.

For 18 years, Cybersecurity Awareness Month has raised technology users’ awareness about the critical importance of cybersecurity and provided them with helpful resources to interact safely online. This year’s observance of Cybersecurity Awareness Month could not be more critical. It is estimated that more than 2,800 ransomware attacks take place each week—that adds up to more than 145,000 ransomware attacks per year.

A rising tide lifts all boats. This common phrase offers a perfect explanation of why strong supplier and partner relationships are essential to the success of your business. Partner programs come in all shapes and sizes, but not all provide the same value to you and your business. However, when you invest in developing key business collaborations, both your company and its suppliers can reap the rewards of your efforts.

Looking to build trust in your software? Start with BSIMM12’s top five software security activities. For any organization looking to improve the security of its software, Building Security In Maturity Model (BSIMM) has dozens of options. Many dozens. The 12th iteration of the BSIMM report, released September 28, details 122 software security activities (also known as controls) that were observed in the 128 participating organizations.

Enterprise organizations and government agencies worldwide are focused on strengthening their computer networks against the risk of a cyberattack. However, a cybersecurity program is only as strong as its weakest link – and that link is often an employee. Yes, employees remain the biggest cybersecurity threat today. So, in addition to putting the right security controls and tools in place, your Information Security team needs to create a more risk-aware culture.

Around the world, and particularly over the past few years, regulators have been looking for ways to strengthen the resilience of the financial sector. In the European Union, regulators within the European Commission (EC) have taken a concrete step to meet this objective through the Digital Operational Resilience Act (DORA). The EC published a draft version of DORA in September 2020.

The Nightfall blog is a knowledgebase for cybersecurity professionals with news and insights from the world of cloud security. Each week, we’re publishing new content to help you stay up-to-date on cybersecurity topics and to prepare you for the issues and threats that occur every day on the job.