Are you sure you want to leave? You’re just one step away from your free network consultation (valued at $495).
Blog
GitGot: GitHub Leveraged by Cybercriminals to Store Stolen Data
It appears that the package author was in the process of building out the malware and adding layers of deception. Fortunately, the package was detected and removed from npm before that could happen.
Organizations Invest More in Data Protection But Recover Less
While most organizations consider cyber resiliency a foundational aspect of their broader business continuity or disaster recovery (BC/DR) strategy, BC/DR preparedness is not yet “passing” most service-level agreement (SLA) expectations.
Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and...
What is Nudge Security and How Does it Work?
In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it...
Jason’s Deli Says Customer Data Exposed in Credential Stuffing Attack
"We do not know the number of accounts that the unauthorized party was able to access, but out of an abundance of caution, we are sending this notice to all potentially affected account holders," reads the data breach notification from Jason's Deli.
Kasseika Ransomware Operators Launch BYOVD Attacks
The ransomware uses targeted phishing techniques for initial access, as well as to gather credentials from one of the employees of its target company. It then uses RATs to gain privileged access and move laterally within its target network.
The Mass Exploitation of Ivanti Connect Secure
At the time of writing, no official patch has been made available. However, Ivanti has published recovery steps for customers to mitigate their systems in the interim. It’s strongly recommended that you apply this mitigation ASAP.
U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach
Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or...
The Unknown Risks of The Software Supply Chain: A Deep-Dive
In a world where more & more organizations are adopting open-source components as foundational blocks in their application's infrastructure, it's difficult to consider traditional SCAs as complete protection mechanisms against open-source threats. Using...
Patch Your GoAnywhere MFT Immediately – Critical Flaw Lets Anyone Be Admin
A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in...
FREE GUIDE
The Ultimate Guide To IT Support Services And Fees
What You Should Expect To Pay For IT Support For Your Small Business (And How To Get Exactly What You Need Without Unnecessary Extras, Hidden Fees And Excessive Contracts)
