Microsoft Office 365 customers are targeted by a phishing campaign using bait messages camouflaged as notifications sent by their organization to update the VPN configuration they use to access company assets while working from home. (By Sergiu Gatlan, Bleeping Computer) Ingalls: In our Critical Control: Deploy Advanced Email Account Security blog we discuss email systems and how they are being used by attackers to gain a foothold, perform reconnaissance, execute crippling financial attacks, and what can be done to prevent and respond to them.
June 1 marks the official start of the 2020 Atlantic hurricane season. The Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events. To avoid becoming victims of malicious activity, users and administrators should review the resources linked on the CISA website and take preventative measures. (By CISA) Ingalls: These CISA tips are just the beginning when it comes to protecting yourself against scams, phishing attacks, and ransomware. You need help. That's where we come in! Contact us today with your cybersecurity concerns!
The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. The move marks an escalation in tactics aimed at coercing victims to pay up — and publicly shaming those who don’t. But it may also signal that ransomware purveyors are searching for new ways to profit from their crimes as victim businesses struggle just to keep the lights on during the unprecedented economic slowdown caused by the COVID-19 pandemic. (By Krebs on Security) Ingalls: One of the most telling statistics from this year’s Verizon Data Breach Investigations Report (DBIR) is that Ransomware remains a serious threat to all industries and accounts for nearly a quarter of all malware based attacks. Ransomware has become so widespread and commonplace that a normal attack garners neither the shock of security professionals nor the attention of the media. Are You Prepared To Defend Against Ransomware?
On Tuesday, Judge John Anderson from the US District Court for the Eastern District of Virginia ruled that Capital One is required to provide a copy of the report to attorneys suing the firm on behalf of customers impacted by the breach. (By Charlie Osborne, ZDNet) Ingalls: Responsibility for information security is one of a company’s greatest assets; many companies now understand information security is no longer an IT responsibility but rather is a risk-informed, executive level consideration. An effectively managed and implemented information security program is critical. Our Virtual Chief Information Security Officer Program provides cybersecurity risk management as a service.
Michigan State University (MSU) recently suffered a Mailto ransomware attack, though the overall impact of the attack has not been disclosed — and an extortion payment deadline appears to be approaching. (By Joe Panettieri, MSSP Alert) Ingalls: Although navigating a cybersecurity ransom payment process is an exercise best handled by those with experience, our recent blog offers some critical aspects you should consider.