Cyber Threat Report: Cyber Security News for 8/12/21
LockBit Ransomware Gang is Now Hiring Corporate Insiders
The group is hiring corporate insiders to infiltrate and encrypt corporate networks. In exchange, these insiders-cum-partners are promised millions of dollars. Read Article
Microsoft Patch Tuesday: Windows Flaw Under Active Attack
Microsoft said seven of the 44 vulnerabilities are rated “critical” and carry the risk of remote code execution attacks. Read Article
NIST Guidance Focuses on Creating 'Cyber Resiliency'
Updated security approach designed to mitigate ransomware, nation-state attack risks. Read Article
Ransomware Targets QNAP, Synology NAS Devices
Variant was refined to target not one, but two vendors’ devices that are common in SOHO setups. Read Article
Poly Network Hackers Potentially Stole $610 Million: Is Bitcoin Still Safe?
An Ethereum smart contract hack on the Ethereum bridge demonstrates how vulnerable smart contracts could be. Read Article
Windows 10: Microsoft Just Revealed Another Print Spooler Bug
Microsoft discloses a new PrintNightmare bug and advises admins to disable the Print Spooler service to mitigate the issue. Read Article
Companies Still Exposing Sensitive Data via Known Salesforce Misconfiguration
Organizations have been warned that a misconfiguration in Salesforce Communities can lead to the exposure of sensitive information, but thousands of companies could still be vulnerable. Read Article
Pay Cut: Google Employees Who Work From Home Could Lose Money
Facebook and Twitter also cut pay for remote employees who move to less expensive areas. Read Article
Remote Employees Find Workarounds to Company Security Policies, Say 52% of Tech Leaders in Study
The study found employees were most resistant to comply with multi-factor authentication, mobile device management, and password managers. Read Article
Consumer Antivirus Firms NortonLifeLock and Avast to Merge in $8.6 Billion Deal
The combined company will service more than 500 million users. Read Article
Senate Includes Over $1.9 Billion for Cyber Security in Infrastructure Bill
The funds will go toward securing critical infrastructure against attacks, and helping vulnerable organizations defend themselves, among other initiatives. Read Article
Insider threats from disgruntled employees have always been considered a real problem, nothing new there. However, there's now confirmation that a Ransomware gang is hiring corporate insiders to infiltrate and encrypt corporate networks; in exchange for doing their bidding employees are being lured with the promise of millions of dollars in payment for planting malware in your systems.
Now is the time to review your access policies and closely examine unintended escalated privileges.
Microsoft is out with its latest updates and there are a lot of holes that need to be plugged, including seven that are rated 'critical', and carry the risk of remote code execution attacks. So it's once again time to patch, patch, PATCH.
Stay vigilant, stay safe, and don’t forget that we are here to assist you.
Topics
- Cyber Threat Report (70)
- Business Resilience (17)
- Employee Security Awareness Training (11)
- Data Breach Protection (10)
- Incident Response (10)
- Managing Cyber Risks (5)
- Penetration Testing (5)
- Cyber Insurance (4)
- Ransomware (4)
- Business Continuity & Disaster Recovery (BCDR) (3)
- CIO & CISO Services (3)
- Case Study (3)
- AI and Cybersecurity (2)
- Attack Surface Discovery (ASD) (2)
- Cybersecurity Maturity Model Certification (CMMC) (2)
- Enterprise Risk & Compliance (2)
- Information Security (InfoSec) (2)
- Vulnerability Assessments (2)
- Cybersecurity Education (1)
