#StopRansomware: MedusaLocker

Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: this joint Cybersecurity Advisory CSA is part of an...

How one Microsoft product manager acts as champion for identity security

A technology career embodies the ancient Roman saying that “luck happens when preparation meets opportunity.” Few industries are as dynamic, fast-paced, or intense as technology. With so many challenges to solve, opportunities are everywhere, but as I’ve learned myself through the years, the best...

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

A large-scale phishing campaign that used adversary-in-the-middle AiTM phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication MFA. The attackers then used the stolen credentials and session...

North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector

CISA, the Federal Bureau of Investigation FBI, and the Department of the Treasury Treasury have released a joint Cybersecurity Advisory CSA, North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector, to provide information on Maui ransomware,...

#StopRansomware: MedusaLocker

CISA, the Federal Bureau of Investigation FBI, the Department of the Treasury Treasury, and the Financial Crimes Enforcement Network FinCEN have released a joint Cybersecurity Advisory CSA, StopRansomware: MedusaLocker, to provide information on MedusaLocker ransomware. MedusaLocker actors target...

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data

The Cybersecurity and Infrastructure Security Agency CISA and Coast Guard Cyber Command CGCYBER released a joint advisory warning the Log4Shell flaw is being abused by threat actors that are compromising public-facing VMware Horizon and Unified Access Gateway UAG servers. The VMware Horizon is a...

APT Cyber Tools Targeting ICS/SCADA Devices

Summary Actions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-uniqu...

10 ways attackers gain access to networks

A joint multi-national cybersecurity advisory has revealed the top ten attack vectors most exploited by cybercriminals in order to gain access to organisation networks, as well as the techniques they use to gain access. The advisory cites five techniques used to gain leverage: 1. Public facing...

CVE-2022-30689

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3...

Easy authentication and authorization in Azure Active Directory with No-Code Datawiza

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. The acceleration of cloud journeys fueled by the pandemic and ever-increasing concerns about data security and information privacy have made access management one of the hottest topi...

Easy authentication and authorization in Azure Active Directory with No-Code Datawiza

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. The acceleration of cloud journeys fueled by the pandemic and ever-increasing concerns about data security and information privacy have made access management one of the hottest topi...

Strengthening Cybersecurity of SATCOM Network Providers and Customers

Summary Updated May 10, 2022: The U.S. government attributes this threat activity to Russian state-sponsored malicious cyber actors. Additional information may be found in a statement from the State Department . For more information on Russian malicious cyber activity, refer to...

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

Summary Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote...

Five Eyes Alliance Advisory & Using Threat Intelligence

Trellix Global Defenders: Five Eyes Alliance Advisory and Using Threat Intelligence to Protect Against Future Attacks By Taylor Mullins · May 6, 2022 Evolving intelligence continues to indicate that the Russian government is exploring options to launch cyberattacks in retaliation against...

This World Password Day consider ditching passwords altogether

Did you know that May 5, 2022, is World Password Day?1 Created by cybersecurity professionals in 2013 and designated as the first Thursday every May, World Password Day is meant to foster good password habits that help keep our online lives secure. It might seem strange to have a day set aside to...

This World Password Day consider ditching passwords altogether

Did you know that May 5, 2022, is World Password Day?1 Created by cybersecurity professionals in 2013 and designated as the first Thursday every May, World Password Day is meant to foster good password habits that help keep our online lives secure. It might seem strange to have a day set aside to...

Update: Destructive Malware Targeting Organizations in Ukraine

Summary Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Updated April 28, 2022 This advisor...

PT-2022-7282 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authenticatio...

How to Strategically Scale Vendor Management and Supply Chain Security

This post is co-authored by Collin Huber Recent security events — particularly the threat actor activity from the Lapsu$ group, Spring4Shell, and various new supply-chain attacks — have the security community on high alert. Security professionals and network defenders around the world are wonderi...

Zero-Trust For All: A Practical Guide

While “zero-trust architecture” has become a buzz phrase, there’s plenty of confusion as to what it actually is. Is it a concept? A standard? A framework? An actual set of technology platforms? According to security experts, it’s best described as a fresh mindset for approaching cybersecurity...