DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
In the continuously evolving landscape of cyber threats, organizations must be proactive in identifying and mitigating potential risks to their digital assets and operations. A critical step in building cyber resilience is...more
The consequences of a cyberattack can be catastrophic, as we saw in the previous blog of this series. Cybersecurity is a business-wide responsibility that demands a proactive strategy extending far beyond technical solutions...more
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
Bluetooth Compromise Coined "BLUFFS" Allows Attackers to Conduct Adversary-in-the-Middle Attacks - Researchers at EURECOM have developed six (6) new attack packages called “BLUFFS” that break the encryption of Bluetooth...more
On December 7, 2023, OCR released a statement that it was settling a phishing cyber-attack investigation into Lafourche Medical Group (the Medical Group) which specializes in emergency medicine, occupational medicine, and...more
Cybersecurity is a top concern for all industries, particularly for the pharmaceutical and medical device industries. These industries hold some of the most sensitive data and highly valuable technology, making them prime...more
Hackers are always looking for the next opportunity to launch attacks against unsuspecting victims. According to Cybersecurity Dive, researchers at Proofpoint recently observed “a phishing campaign designed to exploit the...more
Recent Uptick in Malicious Microsoft OneNote Attachments Identified in Phishing Campaigns - Security researchers have noted a recent uptick in phishing campaigns utilizing Microsoft OneNote attachments to spread malware....more
Louisiana's Largest Medical Complex Discloses Data Breach Associated to October Attack - On December 23rd, 2022, the Lake Charles Memorial Health System (LCMHS) began sending out notifications regarding a newly discovered...more
Palo Alto’s Unit 42 recently issued a threat assessment alert outlining a new phishing scam that is unique and successful. The scam is believed to be carried out by the Luna Moth/Silent Ransom Group and is targeting...more
The concept of “security by obscurity” is officially outdated. In recent years, cyber-attacks have become increasingly sophisticated, destructive, and indiscriminate. In today’s landscape, cyber threats can come from internal...more
"EvilProxy" Provides Low-Skill Threat Actors Access to Advanced Phishing Techniques - A new Phishing-as-a-Service (PaaS) platform dubbed "EvilProxy" has been discovered by Resecurity researchers. PaaS platforms allow...more
In its Mid-Year Cyberthreat Report published on August 24, 2022, cybersecurity firm Acronis reports that ransomware continues to plague businesses and governmental agencies, primarily through phishing campaigns. According...more
The Twilio and Cloudfare smishing attacks [view related post] provide a timely reminder of how sophisticated smishing attacks are and how they can affect businesses and their customers. But threat actors don’t just attack...more
Trustwave has reported a new scheme in which threat actors are using the popular Facebook Messenger platform to steal Facebook login credentials. According to the report, the threat actors are using a phishing email to...more
On June 2, 2022, CISA (the Cybersecurity and Infrastructure Security Agency), the FBI, the Department of the Treasury and the Financial Crimes Enforcement Network issued a joint Cybersecurity Alert warning companies of the...more
In one type of “man-in-the-middle” (MITM or MTM) attack, a bad actor inserts himself between a user (individual or business) and a web application (such as a bank’s website) to capture sensitive or personal confidential...more
I love Verizon’s annual Data Breach Investigations Report (DBIR). I have pored over its content every year since its inception in 2008. Just goes to show how long I have been working on data breaches. It is always written in...more
I am not a huge fan of using chatbots, as I never end up getting my questions fully answered. I get the efficiency of using a chatbot for simple questions, but my questions are usually not so easily resolved, so I end up...more
Cybercriminals exploited remote work during the COVID-19 pandemic. In 2020, the FBI’s Internet Crime Complaint Center (IC3) saw a record 70% increase in the number of reported internet scams and losses exceeding $4.2...more
In a blog post entitled “New activity from Russian actor Nobelium,” Microsoft’s V.P. of Customer Security & Trust Tom Burt discussed a recent alert issued by the Microsoft Threat Intelligence Center (MSTIC) regarding the...more
On September 22, 2021, the Federal Bureau of Investigations (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) issued a cybersecurity advisory alerting companies to the...more
On August 25, 2021, the FBI issued a Flash Alert to warn companies, especially in the health care industry, about the proliferation of attacks by threat actors using Hive ransomware....more
If you are an organization that uses Microsoft Office 365 as your email platform, be on the lookout for a new tricky phishing attack recently used by cyber criminals. ...more
The threat-related statistics of malware and ransomware are mind-boggling. We have regularly reported on the dramatic increase of ransomware, but the statistics on successful exploitation and botnet activities are just as...more