Threat actors exploiting cloud services are keeping me very busy in these final days of this troubled 2022. The main character of this Cloud Threats Memo is MuddyWater (also known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros), one of the most prolific cyber espionage groups, active since at least 2017, and believed to be a subordinate element within Iran’s Ministry of Intelligence and Security (MOIS).

MySQL database is one of the most popular open-source relational database management systems, and it is a top choice for some of the world’s favorite websites and web applications including YouTube, Twitter, and WordPress. Handling so much data and protecting it is incredibly important to organizations.

Cybercriminals who use Business Email Compromise (BEC) attacks are switching up their tactics, with some groups now targeting actual merchandise instead of money in their phishing attacks. Trustwave’s email security solution MailMarshal is aware of and investigating this new methodology. MailMarshal is capable of defending an organization against BEC attacks. This Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S.

CrowdStrike analyzes malware to augment the behavior and machine learning-based detection and protection capabilities built into the CrowdStrike Falcon® platform to deliver automated, world-class protection to customers. GuLoader has been known to employ a significant number of anti-analysis techniques, making detection and protection challenging for other security solutions.

The healthcare industry has been plagued by inadequate security measures and common protocol mistakes that result in significant penalties imposed by HIPAA (Health Insurance Portability and Accountability Act). Poor security protocols, neglected risk assessment audits, internal human errors, and the lack of employee HIPAA training are just a few factors contributing to lost, compromised, or stolen patient data and sensitive medical records.

Recent advancements in the digital landscape have led to a new kind of paradigm, one where enterprise perimeters are no longer clearly defined or limited. The rapid uptake of remote working, cloud, and IoT led to these prominent shifts, resulting in users, applications, and data no longer residing exclusively within the perimeters of the enterprise. This has led to enterprise perimeters becoming “borderless”.

The National Cyber Security Centre (NCSC) is the UK’s technical authority for cybersecurity. Established in 2016, it has worked to improve online safety and security, and has brought clarity and insight to an increasingly complex online world. In its 6th annual review, it gives insights to its understanding of the cyber environment affecting the UK. One of the most important roles of the NCSC is to identify, monitor, and analyse key cybersecurity threats, risks, and vulnerabilities.

How hackers are using SVG files to smuggle QBot malware onto Windows systems, a new batch of ransomware families leading attacks on Windows systems, and this year’s spike in command-and-control servers.

The HIPAA Privacy Rule (Health Insurance Portability and Accountability Act of 1996) is a healthcare cybersecurity framework that mandates security standards for all HIPAA-covered entities. HIPAA aims to protect patient information in the public health sector and promote stronger cybersecurity policies. HIPAA standards have since been adopted worldwide and enforced as federal law in the United States.

Like many industries, the federal government and the Department of Defense (DoD) are more digital, more dispersed, and work with more third parties than ever before. This shift means that information the departments deal with, referred to as controlled unclassified information, needs to be protected due to its high value. Enter “Safeguarding covered defense information and cyber incident reporting,” which is part of the Defense Federal Acquisition Regulation Supplement (DFARS) requirements.