Microsoft takes down large‑scale BEC operation

The fraudsters ran their campaigns from the cloud and used phishing and email forwarding rules to steal their targets’ financial information. Microsoft has shut down a sprawling Business Email Compromise (BEC) operation that had its infrastructure hosted in several web services. Using these cloud-based assets, the threat actors infiltrated hundreds

0 Comments

Keeping Your Organization Secure When Dealing With the Unexpected

There’s no way to anticipate every possible scenario, but the right approach to business continuity can help you respond effectively in any situation. Unforeseen circumstances can cause your security risk profile to shift in unexpected ways — and the consequences can be serious. In a world where change can happen

0 Comments

Is an Attacker Living Off Your Land?

Living-off-the-land attacks pose significant risks to organizations and, on top of that, are difficult to detect. Learn the basics about how these attacks operate and ways to limit their damage. (Image: Riverwalker via Adobe Stock) Malware – and all of its various forms, including ransomware – has grown increasingly stealthy

0 Comments

Ukraine Police Arrest Cyber Criminals Behind Clop Ransomware Attacks

Ukrainian law enforcement officials on Wednesday announced the arrest of the Clop ransomware gang, adding it disrupted the infrastructure employed in attacks targeting victims worldwide since at least 2019. As part of a joint operation between the National Police of Ukraine and authorities from the Republic of Korea and the

0 Comments

Malicious PDFs Flood the Web, Lead to Password-Snarfing

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

0 Comments

Microsoft product vulnerabilities reached a new high of 1,268 in 2020

56% of all Microsoft critical vulnerabilities could have been mitigated by removing admin rights, according to the 2021 BeyondTrust Microsoft Vulnerabilities Report. Image: Anawat Sudchanham/EyeEm/Getty Images The total number of vulnerabilities in Microsoft products reached an all-time high of 1,268 in 2020, a 48% increase year over year, according to

0 Comments

Vishing: What is it and how do I avoid getting scammed?

How do vishing scams work, how do they impact businesses and individuals, and how can you protect yourself, your family and your business? We’ve all heard of phishing, the tried-and-tested email scam that spoofs authoritative sources to trick recipients into handing over sensitive information or downloading malware. Well, vishing is

0 Comments

How President Biden Can Better Defend the US From Russian Hacks

Wilson Center cybersecurity expert Meg King pinpoints five ambitious steps the administration should take, including a comprehensive national data breach notification protocol. (Image: Stefano Garau via Adobe Stock) If it seems like Russian cyberattacks on the United States are becoming more frequent, it’s because they are. Though there is no

0 Comments

What Industrial Control System Vulnerabilities Can Teach Us About Protecting the Supply Chain

Older technologies used in industrial and critical infrastructure leave the sector highly vulnerable to attack, but organizations can take steps to better protect themselves. Over the past year, we saw many unpredictable challenges. To stay connected and keep things moving while adhering to social distancing restrictions, many organizations had to

0 Comments

Experts Shed Light On Distinctive Tactics Used by Hades Ransomware

Cybersecurity researchers on Tuesday disclosed “distinctive” tactics, techniques, and procedures (TTPs) adopted by operators of Hades ransomware that set it apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER. “In many ways, the GOLD WINTER threat group is a typical post-intrusion

0 Comments