Double-Extortion Ransomware: Double The Threat, Double The Challenges For Businesses

Unsecured Voice Calls

Ransomware actors have been a continuous threat to organisations for years, and the scale of the attacks keeps advancing. In the last twelve months alone, thirty-seven percent of UK companies have reported a data breach incident to the Information Commissioner’s Office (ICO), with seventeen percent recording more than one incident.  Improving cyber security protection has […]

Microsoft Warns Cloud Customers Of Exposed Databases

BACKGROUND: It has been reported that Microsoft (MSFT.O) on Thursday warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. The vulnerability is in Microsoft Azure’s flagship […]

Biden Says Cybersecurity Is The ‘Core National Security Challenge’ At CEO Summit, Experts Reacted

BACKGROUND: Yesterday, President Biden hosted executives from major technology, financial, and energy companies for a summit on national cybersecurity, calling the issue “the core national security challenge we are facing.” Speaking to reporters briefly at the start of the meeting, Mr. Biden highlighted estimates that roughly half a million cybersecurity jobs in the U.S. are currently unfilled and […]

Town of Peterborough Loses $2.3 Million in BEC Scam – Cyber Expert Comments

The town of Peterborough, New Hampshire lost $2.3 million after BEC scammers redirected multiple bank transfers using forged documents sent to the town’s Finance Department staff via various email exchanges. The town doesn’t believe that the funds can be recovered by reversing the transactions, or that these losses will be covered by insurance.

Hybrid IT: Three Pillars That Underpin Success

There have been a range of responses to the impact of the pandemic, showcasing a greater need for businesses to consider resilience and agility. A key driver of this has been hybrid IT. Pre-pandemic research from IDC predicted that over 90 percent of enterprises globally will be using a combination of in-house environments, with multiple […]

MS Power Apps Data Leaks – Expert Comments

bug

Researchers today disclosed multiple data leaks resulting from Microsoft Power Apps portals configured to allow public access – a new vector of data exposure. The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses. UpGuard notified 47 […]

Win 10 Admin Escalation With Razor Bug – Expert Insight

Windows 10 Security

BACKGROUND: Jonhat on Twitter details the Zero-day admin escalation he found using Razer peripherals on Windows 10. He even includes a video example of the escalation. Excerpt:  Need local admin and have physical access? – Plug a Razer mouse (or the dongle) – Windows Update will download and execute RazerInstaller as SYSTEM – Abuse elevated […]

IT Leaders Fear Being Targets of Rising Nation-State Attacks

HP Wolf Security has just released the findings of a global survey of 1,100 IT decision-makers (ITDMs), examining their concerns around rising nation-state attacks. 72% of respondents said they worry that nation-state tools, techniques, and procedures (TTPs) could filter through to the darknet and be used to attack their business. Such concerns are well-founded. In recent […]

U.S. State Department Reportedly Hit By Cyber Attack

BACKGROUND: The U.S. State Department was recently hit by a cyber-attack and notifications of a “possible serious breach” were issued, according to a series of tweets by Fox News reporter Jacqui Heinrich. It’s unclear when the breach was discovered, but it’s believed to have happened a couple of weeks ago. The Department of Defense’s Cyber […]