Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On Saturday, March 18, 2023, Horizon3 researchers released a proof-of-concept (PoC) exploit for CVE-2023-27532, a high-severity missing authentication vulnerability impacting Veeam Backup and Replication (VBR) software. Based on Horizon3’s technical analysis published on March 23rd, the PoC exploit allows a remote unauthenticated threat actor with access to the VBR service to obtain plaintext usernames and passwords.

Hacking and hackers are terms that have become increasingly prevalent in our modern world. They are also often associated with negative connotations. By definition, hacking is using computer programming and technical skills to gain unauthorized access to computer systems, networks, or digital devices. Meanwhile, a hacker is someone who engages in these activities.

Independent Living Systems LLC is a healthcare facility provider for the elderly, physically challenged, and impaired. The company establishes short-term healthcare facilities for those that need extra care. If you or a loved one has utilized short-term living care at a facility, you may have relied on services from Independent Living Systems. Unfortunately, this healthcare provider recently suffered a massive cyber-attack.

Cyber-attacks are a major problem that exposes millions of people to fraud on an annual basis. This week there were attacks on some truly massive organizations like the NBA and PayPal, as well as a cyber security company and a few medical companies. The attacks put millions of people at risk, and they could lead to huge financial losses. Find out all the details about these attacks below and learn if you were put at risk by any of them.

As technology becomes more prevalent in our lives, the risk of cybersecurity incidents is also increasing. Cybersecurity incidents can cause significant damage to organizations, including financial loss, reputational damage, and theft of sensitive data. Therefore, it is essential to have a robust cybersecurity system in place to protect against cyber-attacks. Artificial intelligence (AI) is one technology that can be used to predict cybersecurity incidents and mitigate their associated risks.

In business, we measure everything. Like the saying goes, “What gets measured gets done,” and most companies pay close attention to KPIs like qualified leads, new pipeline, net customer retention and fraction of roadmap completed on time. But if you were asked, “Are you meeting all your trust obligations with your employees, customers, board members, and the government?”, how would you answer?

In recent years, cybercrime has evolved to become more sophisticated than ever before. One of the up and coming methods used by criminals is vishing (voice phishing). This is where an attacker phones up a victim to simulate a trusted source such as a bank to phish for sensitive information. No one is immune from a vishing attack, even the Social Security Administration.

A report from Palo Alto Networks’ Unit 42 found that data theft extortion occurred in 70% of ransomware attacks in 2022, compared to 40% in 2021. The researchers examined the four most common methods of cyber extortion (encryption, data theft, harassment, and DDoS attacks) noting that threat actors often combine these tactics within a single attack campaign.

The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam. It’s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes.

Recently, we discussed the most effective cybersecurity frameworks to reduce the risk of cyber threats. One of the most important systems is the Federal Information Security Management Act (FISMA). This act applies to certain organizations, and is imperative to help protect them against data breaches. Let’s take a look at four things to know about FISMA, from what it is to how to monitor FISMA compliance.