Cyber Threat Report

Cyber Threat Report: Cyber Security News for 8/12/21

LockBit Ransomware Gang is Now Hiring Corporate Insiders
The group is hiring corporate insiders to infiltrate and encrypt corporate networks. In exchange, these insiders-cum-partners are promised millions of dollars. Read Article

Microsoft Patch Tuesday: Windows Flaw Under Active Attack
Microsoft said seven of the 44 vulnerabilities are rated “critical” and carry the risk of remote code execution attacks. Read Article

NIST Guidance Focuses on Creating 'Cyber Resiliency'
Updated security approach designed to mitigate ransomware, nation-state attack risks. Read Article

Ransomware Targets QNAP, Synology NAS Devices
Variant was refined to target not one, but two vendors’ devices that are common in SOHO setups. Read Article

Poly Network Hackers Potentially Stole $610 Million: Is Bitcoin Still Safe?
An Ethereum smart contract hack on the Ethereum bridge demonstrates how vulnerable smart contracts could be. Read Article

Windows 10: Microsoft Just Revealed Another Print Spooler Bug
Microsoft discloses a new PrintNightmare bug and advises admins to disable the Print Spooler service to mitigate the issue. Read Article

Companies Still Exposing Sensitive Data via Known Salesforce Misconfiguration
Organizations have been warned that a misconfiguration in Salesforce Communities can lead to the exposure of sensitive information, but thousands of companies could still be vulnerable. Read Article

Pay Cut: Google Employees Who Work From Home Could Lose Money
Facebook and Twitter also cut pay for remote employees who move to less expensive areas. Read Article

Remote Employees Find Workarounds to Company Security Policies, Say 52% of Tech Leaders in Study
The study found employees were most resistant to comply with multi-factor authentication, mobile device management, and password managers. Read Article

Consumer Antivirus Firms NortonLifeLock and Avast to Merge in $8.6 Billion Deal
The combined company will service more than 500 million users. Read Article

Senate Includes Over $1.9 Billion for Cyber Security in Infrastructure Bill
The funds will go toward securing critical infrastructure against attacks, and helping vulnerable organizations defend themselves, among other initiatives. Read Article

And now for something completely different... Well, maybe something we already knew that's now been confirmed. 

Insider threats from disgruntled employees have always been considered a real problem, nothing new there. However, there's now confirmation that a Ransomware gang is hiring corporate insiders to infiltrate and encrypt corporate networks; in exchange for doing their bidding employees are being lured with the promise of millions of dollars in payment for planting malware in your systems. 

Now is the time to review your access policies and closely examine unintended escalated privileges.
Microsoft is out with its latest updates and there are a lot of holes that need to be plugged, including seven that are rated 'critical', and carry the risk of remote code execution attacks. So it's once again time to patch, patch, PATCH. 
Stay vigilant, stay safe, and don’t forget that we are here to assist you.