While every sector of the economy experiences cyber attacks, the oil and gas industry is a particularly enticing target because there are inherent weaknesses in its rapidly expanding digital landscape. It's also an industry that can't afford to go offline at any time, which means cybercriminals can force quick action from those they attack.

Cryptocurrency, the next generation of money. Adored by luminaries from Elon Musk to Snoop Dogg. Now the official currency of El Salvador, and a funding source for Ukrainian resistance to the Russian invasion. But is crypto really all that it seems? Cryptocurrency has tremendous potential to address a host of the world’s financial issues: from limited access to financial resources, to ineffective and costly payment and transfer services.

On March 9, the US Securities and Exchange Commission (SEC) issued proposed rules regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. SEC Chair Gary Gensler highlighted in the press release that “Over the years, our disclosure regime has evolved to reflect evolving risks and investor needs. Today, cybersecurity is an emerging risk with which public issuers increasingly must contend.

It should come as no surprise that as cryptocurrencies become more popular and edge towards the mainstream, the mining of these digital currencies—which uses computing power to solve complex math problem— has given rise to a new form of cyber attack: cryptojacking. Cryptojacking may sound like a way to steal someone's cryptocurrency assets, but it's a less obvious form of theft.

Tetra Defense, an Arctic Wolf® company, partnered with Chainalysis to analyze the link between the Karakurt cyber extortion group to both Conti and Diavol ransomware through Tetra’s digital forensics and Chainalysis’ blockchain analytics. As recent leaks have revealed, Conti and Trickbot are complicated operations with sophisticated structures. But, our findings indicate that web is even wider than originally thought, to include additional exfiltration-only operations.

April Patch Tuesday brings 145 vulnerability fixes from Microsoft — the highest number in 19 months—including CVE-2022-26809, a critical remote code execution (RCE) vulnerability in Windows Remote Procedure Call (RPC) Runtime library that impacts all supported Windows products. Notably, Microsoft also released security updates for Windows 7, an end-of-life product since January 2020, which highlights the severity of CVE-2022-26809.

On Monday, April 11, 2022, NGINX published a security blog post detailing three vulnerabilities in the NGINX LDAP reference implementation. NGINX is web server software that also performs reverse proxy, load balancing, email proxy, and HTTP cache services. No CVE has been assigned to these vulnerabilities at this time. The reference implementation uses Lightweight Directory Access Protocol (LDAP) to authenticate users of NGINX proxied applications.

On Wednesday, April 6, 2022, VMware disclosed several critical-severity vulnerabilities impacting multiple VMware products. If successfully exploited, the vulnerabilities could lead to Remote Code Execution (RCE) or Authentication Bypass. In addition to the critical severity vulnerabilities, VMware disclosed several high and medium severity vulnerabilities, which could lead to Cross Site Request Forgery (CSRF), Local Privilege Escalation (LPE), or Information Disclosure.

In an unsettling new phase of the cybersecurity era, Russia’s ground war in Ukraine and behind-the-scenes war on the internet have dovetailed into an upswing of cybercrime that may or may not be politically motivated. Time will tell how this online maneuvering ultimately plays out, but for the moment tension abounds as the cybersecurity community anticipates the next big attack.

According to the American Gaming Association, there are 981 casinos in the United States, raking in more than $57 billion annually in gross gaming revenue. With that much money at play, it’s no wonder hackers view casinos as potential jackpots. And while the public tends to consider casinos as exceptionally secure, the reality is this: When it comes to cybersecurity, the house doesn’t always win.