Below you'll find a list of all posts from February, 2022
Wiper malware threats have become a concern as geopolitical tensions rise. Security researchers have identified new strain of malware targeting Ukraine, dubbed HermeticWiper. Wiper malware is designed to render systems inoperable and irrecoverable without solid backups. Currently the wiper malware is targeting Ukraine and some surrounding countries including Latvia and Lithuania. But this attack could easily turn toward the US …
Microsoft is finally stepping up the game and blocking Mimikatz-style exploits that steal passwords from system memory. Attackers use this exploit to escalate privileges and laterally move throughout a network. In penetration testing, we use these exploits often. Take a peek at our internal company Fireside Chat we do every Friday. Today’s discussion centered around Microsoft Defender Attack Surface Reduction, …
CISA, the FBI, NSA, the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre released a CISA Joint Cybersecurity Advisory highlighting a rise in ransomware incidents against critical infrastructure organizations in 2021. These ransomware incidents are sophisticated and high-impact. The advisory lists 18 mitigation steps 😬 (included below for reference). I can think of additional items …
The FBI is reporting a massive 10x increase in reported SIM swapping attacks. Attackers hijack your cell number to intercept SMS-based 2 factor authentication messages. That’s why we recommend moving to app-based/soft token or physical token for multifactor authentication. The attackers seem to be currently targeting cryptocurrency wallets, but any online account can be targeted. Our key tips for preventing …
