Jan 14, 2025 | Many organizations prioritize cost-cutting over client privacy, leaving sensitive data at risk. Our latest report explores the impact of these decisions and what businesses can do to balance security with savings.
Jan. 15, 2025 | Cyber threat intelligence (CTI) can be a powerful tool, but many organizations waste money by making common mistakes. From poor-quality intel to a lack of risk management, these missteps reduce effectiveness and ROI. Learn the five key mistakes CISOs should avoid to maximize their cybersecurity investments.
Jan. 16, 2025 | A newly uncovered link between North Korea’s Nickel Tapestry IT worker scam and a 2016 crowdfunding scheme suggests DPRK threat actors have been refining cyber-financial operations for nearly a decade. Experts warn that these evolving tactics continue to fund the regime while bypassing sanctions.
Jan. 17, 2025 | A U.S. organization with major operations in China faced a four-month cyberespionage campaign linked to Chinese APTs. Attackers targeted Exchange Servers and exfiltrated data, using DLL sideloading and Living-off-the-Land techniques. Experts warn that state-sponsored cyber threats are growing, demanding stronger defenses.
January 10, 2025 | CISA has updated its Known Exploited Vulnerabilities (KEV) catalog with critical flaws in Mitel’s MiCollab platform and a five-year-old Oracle WebLogic Server vulnerability.
Experts warn these flaws enable data compromise, lateral movement, and full server takeover. Immediate remediation and proactive monitoring are key to mitigating risks.
Jan. 9, 2025 | CISA has added three vulnerabilities to its KEV catalog, including a critical Mitel MiCollab bug (CVE-2024-41713) and a persistent Oracle WebLogic flaw (CVE-2020-2883). Experts warn these vulnerabilities could lead to system compromise, data theft, and unauthorized network access.
Jan. 7, 2025 | Telegram, once known for strict user privacy, shared data from 14 to 900 U.S. requests after its CEO’s arrest. Experts warn this policy shift could fragment cybercrime operations, driving illicit activity to more private platforms.
Nov 15, 2024 | In 2023, attackers increasingly targeted zero-day vulnerabilities, leveraging flaws in Citrix, Cisco, and Fortinet products to breach enterprise networks. A report from the Five Eyes alliance revealed that over half of the top vulnerabilities exploited last year were zero-day flaws, up significantly from 2022.
High-profile vulnerabilities like Citrix’s CVE-2023-3519 and Fortinet’s CVE-2023-27997 enabled remote code execution, posing critical risks. Experts emphasize the importance of patch management and defense-in-depth strategies to counteract these escalating threats.
Nov 15, 2024 | Iranian threat group TA455 is using fake job offers to infiltrate the aerospace industry, according to ClearSky Cyber Security. The campaign distributes SnailResin malware, leading to SlugResin backdoor infections.
Victims are lured via deceptive LinkedIn profiles and job-related ZIP files containing malicious executables. TA455 blends legitimate traffic from platforms like GitHub and Cloudflare to evade detection. This sophisticated operation raises concerns about potential collaboration between Iranian and North Korean APT groups, given overlapping tactics.
Nov 14, 2024 | Meet the extraordinary women driving innovation in cybersecurity. From industry veterans to rising stars, these leaders are shaping the future of IT security through resilience, advocacy, and cutting-edge expertise.
Nov 13, 2024 | From her Navy beginnings to leading Critical Start’s Cyber Research Unit, Callie Guenther’s innovative work in malware analysis, threat intelligence, and diversity advocacy redefines cybersecurity leadership.
Nov 13, 2024 | The Iranian Dream Job Campaign, active since September 2023, sees TA455 (UNC1549) targeting aerospace professionals with fake job offers. Using SnailResin malware to deploy the SlugResin backdoor, the campaign exploits LinkedIn and personal email to bypass enterprise defenses. Experts emphasize advanced detection tools and employee education to mitigate such risks.
Nov 12, 2024 | Lumma Stealer malware leverages fake CAPTCHA pages to execute advanced attacks, deceiving users and bypassing security. These sophisticated, fileless tactics highlight the evolving risks of social engineering and the need for proactive defenses.
Nov 11, 2024 | Cyberattacks on manufacturing are rising, targeting legacy systems and interconnected networks. Industry 4.0 has revolutionized processes but widened attack surfaces. Learn how 24/7 monitoring and proactive security strategies can defend against evolving threats.
Nov 11, 2024 | Cybersecurity researchers have uncovered a malicious PyPI package, “fabrice,” exfiltrating AWS credentials for over three years. With over 37,000 downloads, this typosquat on the popular “fabric” library highlights critical vulnerabilities in the software supply chain.
Nov 11, 2024 | Emerging in 2023, Latrodectus malware targets critical sectors like finance, healthcare, and automotive using phishing emails with advanced evasion tactics. Learn how this stealthy threat bypasses detection and the best practices to defend against it.
Nov 7, 2024 | A malicious Python package called “Fabrice” was typosquatting the popular Fabric SSH automation library, exfiltrating AWS credentials from unsuspecting developers. With over 37,000 downloads on PyPI since 2021, the package used encoded payloads and a VPN-based proxy server to covertly steal data.
Nov 6, 2024 | As OT and IT systems converge, organizations face new cybersecurity risks. The Colonial Pipeline attack underscored the high stakes: an OT breach can halt operations, resulting in severe financial losses. To counter such threats, IT leaders must embrace proactive cybersecurity strategies.
Effective OT security measures include isolating OT from IT networks, implementing 24/7 monitoring, conducting regular audits, and training staff on cybersecurity best practices. With the right approach, companies can turn cybersecurity challenges into opportunities for resilience and innovation.
Nov 4, 2024 | SentinelOne is advancing its goal of an autonomous SOC with AI-driven updates to the Singularity platform. New features boost threat detection, streamline workflows, and enhance data integration to improve security operations.
Nov 4, 2024 | As TPRM grows, MSSPs offer essential support by closing visibility and expertise gaps. A recent BlueVoyant report shows progress: only 81% of organizations reported supply chain security incidents this year, down from 94%. MSSPs bring continuous oversight, bolstering TPRM programs by helping manage third-party relationships in increasingly complex supply chains.
BlueVoyant’s report highlights increased TPRM budgets and a shift to active risk reduction. MSSPs can support this evolution with their threat intelligence, continuous monitoring, and sector-specific expertise, enabling organizations to handle complex, evolving supply chain threats effectively.
October 31, 2024 | This Halloween, beware the latest cyber threats: deepfake scams, AI-driven phishing, and a surge in zero-day exploits. These frightening trends pose serious risks to users and businesses alike.
Oct 31, 2024 | The NICE cybersecurity hiring framework is a solid foundation for building a security team but needs updates for modern challenges. Experts suggest enhancing knowledge areas, expanding skill sets, and introducing new roles to improve software supply chain security (SSCS).
Oct 31, 2024 | This Halloween, cybersecurity reports reveal chilling insights: 17.8M phishing emails bypassed protections, 46% of breaches involved non-human identities, and deepfake fraud surged 3,000%. AI risks and API vulnerabilities doubled.
Oct 31, 2024 | The 2024 cybersecurity landscape revealed alarming trends. AI-driven threats surged, ransomware incidents repeated, and DDoS attacks spiked by 265%. Credential misuse led to 91% of breaches, while 95% of organizations reported API security issues.
Oct 30, 2024 | A Nationwide survey finds that despite rising AI-driven cyber threats, many businesses lack comprehensive cyber insurance. While 82% of risk managers fear future attacks due to GenAI, only 68% have insurance, and 36% face challenges renewing coverage. Chad Graham from Critical Start highlights the value of insurance in mitigating financial losses and supporting business recovery after cyber incidents. The survey also notes that 76% of affected businesses took over a month to recover, emphasizing the need for better protection.
Oct 30, 2024 | The FakeCall Android trojan has adopted advanced evasion and surveillance techniques, heightening risks for users and organizations. With the ability to intercept calls, mimic legitimate interfaces, and control device UIs, FakeCall tricks users into divulging sensitive financial details. Enhanced code obfuscation and remote control functions make detection difficult, posing significant threats to banks, enterprises, and individuals without robust mobile security.
Oct 29, 2024 | Over six years since the Spectre flaw was first revealed, Intel and AMD processors remain susceptible to speculative execution attacks. ETH Zurich researchers found these attacks exploit the Indirect Branch Predictor Barrier (IBPB) on x86 chips. While speculative execution boosts CPU performance, attackers can manipulate it to access unauthorized data, like encryption keys.
Intel issued a microcode patch (CVE-2023-38575), while AMD continues tracking its issue as CVE-2022-23824. John Gallagher from Viakoo Labs notes that speculative execution, present in all modern CPUs, enhances speed but comes with risks that are tough to patch.
Oct 24, 2024 | SentinelOne is advancing its goal of an autonomous SOC with AI-driven updates to the Singularity platform. New features boost threat detection, streamline workflows, and enhance data integration to improve security operations.
Oct 23, 2024 | Trellix’s survey reveals that 91% of CISOs foresee increased turnover due to expanding responsibilities, with nearly half (49%) considering leaving the role unless significant changes occur. Experts suggest dividing the role into technical (CISO) and business (BISO) positions to reduce strain.
Oct 23, 2024 | Just months after Europol’s takedown of botnets in Operation Endgame, the Bumblebee malware downloader has resurfaced, posing renewed threats to corporate networks with stealthier, harder-to-detect tactics.
Oct 23, 2024 | In 2023, 70% of exploited vulnerabilities were zero-days, with the average Time-to-Exploit dropping to just five days. Experts urge companies to boost defenses, as Mandiant’s findings reveal a need for rapid response teams and enhanced threat detection.
Oct 22, 2024 | The Bumblebee malware, used to deploy Cobalt Strike and ransomware, has reappeared in an infection chain since Europol’s May 2024 Operation Endgame takedown. Netskope researchers identified a new infection method via phishing emails, signaling Bumblebee’s potential resurgence
Oct 15, 2024 | Threat actors are exploiting open-source environments like PyPI, npm, and Ruby Gems through command-jacking attacks. Malicious plugins inject code to steal sensitive data such as API keys and credentials. Experts urge robust audits, dependency management, and enforcing least privilege to combat these evolving threats.
Oct 17, 2024 | The FBI’s takedown of the Dispossessor ransomware gang highlights a critical truth: simple cybersecurity measures, like strong passwords and multi-factor authentication (MFA), remain the most effective defense. Experts stress combining these basics with advanced strategies like passwordless authentication and network segmentation to protect against evolving threats.
Oct 17, 2024 | Google Mandiant’s analysis of 138 actively exploited vulnerabilities in 2023 reveals a concerning trend: 70% were zero-days, with threat actors reducing time-to-exploit (TTE) to just five days. Experts highlight the critical need for rapid patching, dedicated zero-day response teams, and proactive threat hunting to combat evolving cyber threats.
Oct 17, 2024 | As Industry 4.0 connects manufacturing to the digital world, the sector faces a rising threat landscape. Cybercriminals are adapting tactics, targeting manufacturing systems, and exploiting legacy security gaps. Key challenges include evolving ransomware, IP theft, and regulatory pressures driving cybersecurity awareness.
Oct 15, 2024 | As 2024 closes, malware like Black Lotus, Emotet, Beep, and Dark Pink continue to evolve, exploiting systems and evading detection. These threats highlight the urgency for proactive, intelligence-driven defense strategies across industries.
Oct 14, 2024 | Fidelity Investments disclosed a data breach affecting over 77,000 customers. Security experts point to misconfigurations, such as Broken Access Control, as potential attack vectors. They emphasize the importance of robust security measures, proactive incident response, and stringent third-party access controls to mitigate risks and protect sensitive customer data.
Oct 14, 2024 | Attackers are exploiting entry points in open-source environments like PyPI and npm through command-jacking, a technique that impersonates system commands to inject malicious code. Experts emphasize the need for audits, strict dependency management, and package signing to secure developer workflows and prevent supply chain attacks.
October 11, 2024 | Fidelity Investments reported a data breach that exposed the personal information of 77,009 customers between August 17 and 19. While no funds were compromised, attackers accessed customer data using two newly created accounts. Experts warn the breach could lead to future attacks, heightening risks of identity theft and fraud. Fidelity assured that no ransomware was involved and offers free credit monitoring to those affected.
October 11, 2024 | Fidelity Investments reported a data breach impacting 77,000 customers. The breach, detected on August 19, involved unauthorized access to personal information but no financial accounts. Fidelity offers 24 months of free credit monitoring to affected customers. They recommend reviewing account statements, placing fraud alerts, and changing passwords for added security.
Nov 18, 2024 | With cybersecurity threats growing in complexity, 84% of CISOs advocate splitting their role into technical and business-focused positions. Experts stress balancing technical expertise with business alignment to address regulatory changes and evolving risks effectively.
October. 10, 2024 | Fidelity Investments confirmed a data breach affecting 77,099 customers in August. Attackers accessed personal information from two accounts, but no financial data was compromised. The company is offering 24 months of free credit monitoring to those impacted.
October 10, 2024 | Fidelity Investments disclosed a data breach that affected 77,099 customers. The breach occurred on August 17 and was discovered on August 19, with unauthorized access to customer information through two newly established accounts. While no financial accounts were impacted, personal information was compromised. Fidelity is offering 24 months of free credit monitoring via TransUnion.
Experts speculate that a security vulnerability may have allowed the attackers to access customer data. Fidelity has since launched an investigation to prevent future incidents.
October 10, 2024 | Fidelity Investments has notified over 77,000 customers that their personal information was compromised in a data breach between August 17 and 19. The breach, the second this year for Fidelity, occurred when an unauthorized third party accessed two customer accounts. While no funds were affected, experts warn of potential risks for identity theft and fraud. Fidelity is offering 24 months of free credit monitoring to impacted customers.
October 9, 2024 | Major tech companies like TD Synnex, ConnectWise, Critical Start, ThoughtSpot, Microsoft, CrowdStrike, and Capgemini made significant executive changes this month. Notably, Scott White was appointed CEO of Critical Start after serving as COO and revenue officer at DoiT International for four years. With over 16 years at Rackspace, where he held the role of VP of Sales before departing in 2018, White brings extensive experience to his new position.
October 9, 2024 | Apple has released macOS Sequoia 15.0.1, addressing compatibility problems with Microsoft, SentinelOne, and CrowdStrike tools. These issues posed security risks by impairing software functionality. Experts urge users to implement the update immediately.
October 8, 2024 | Apple’s macOS 15.0.1 patch addresses compatibility problems affecting CrowdStrike, SentinelOne, and Microsoft security software. The previous release caused crashes and reduced functionality, posing security risks. Experts urge teams to update immediately to ensure robust protection and compatibility with security tools.
October 4, 2024 | Critical Start has appointed Stuti Bhargava as its new Chief Customer Officer (CCO). With over 20 years of experience in customer success within the tech sector, Bhargava will focus on strengthening client relationships and delivering tailored solutions.
Previously, she served as Chief Customer Experience Officer at OneSpan, where she developed comprehensive customer journey strategies. Bhargava has also led customer success teams at BitSight, ImmersiveLabs, and Actifio, enhancing growth in early-stage cybersecurity startups.
October 7, 2024 | Critical Start has appointed Stuti Bhargava as Chief Customer Officer. With over 20 years of tech industry experience, she will enhance client relationships and drive customer success initiatives.
Bhargava previously served as Chief Customer Experience Officer at OneSpan and has led customer success teams at various cybersecurity firms. “I’m excited to help Critical Start advance its mission of fostering cyber resilience,” she stated.
October 4, 2024 | Davenforth, a family office based in Austin, has acquired Frisco-based TeleCloud and Pennsylvania’s Third Generation. This move launches a new managed IT, voice, and networking platform, servicing 21,500 users across 900 businesses.
While terms of the acquisitions were not disclosed, both companies will maintain independent operations with their existing leadership teams. “This partnership allows us to enhance our offerings and empower our team members,” said TeleCloud founder Rusty Bridges.
Davenforth aims to build a robust platform delivering exceptional cloud communication and managed services, ensuring high customer retention and satisfaction.
September 4, 2024 | Mary Barra, CEO of General Motors, is steering the company through a second major transformation: the shift from internal combustion engines to electric vehicles (EVs). Despite slowing demand for EVs, Barra remains committed to GM’s goal of going gas-free by 2035. Having led the automaker through past crises, Barra’s leadership style reflects a long-term vision, balancing customer demand with bold innovation.
October 3, 2024 | Microsoft, SentinelOne, and CrowdStrike lead Gartner’s 2024 Magic Quadrant for endpoint protection platforms (EPP). These platforms play a crucial role in safeguarding some of the most vulnerable areas in corporate networks.
EPPs protect against malware, insider threats, and breaches across various devices like PCs, servers, and mobile phones. As attacks on endpoints rise, companies increasingly adopt unified protection platforms, with EPPs becoming key for MSSPs.
October 3, 2024 | Data shows little impact on stock prices following cyber incident disclosures required by the SEC’s new rules. In some cases, share prices even rose.
October 3, 2024 | Manufacturing Day kicks off today, launching a month-long series of events across the U.S. where over 1,600 manufacturers and schools host expos, tours, and presentations aimed at inspiring the next generation of workers. Workforce challenges remain a top concern as the sector faces a need for 3.8 million new employees by 2033, with nearly half of these roles potentially going unfilled.
This year’s focus highlights Industry 4.0 and rising cyber threats. “Manufacturing still has a long way to go in securing its cyber defenses,” says Craig Jones, VP of Security Operations at Ontinue, noting the sharp increase in cyberattacks on the sector in 2024.
Through partnerships with schools, STEM career promotion, and robust training programs, Manufacturing Day provides an opportunity for the industry to not only close the labor gap but develop expertise crucial for securing its future.
October 3, 2024 | Critical Start, a provider of MDR cybersecurity solutions, has appointed Stuti Bhargava as Chief Customer Officer (CCO). Bhargava, with over 20 years of experience in customer success within the tech industry, will lead efforts to enhance client relationships and service standards.
CEO Scott White highlighted Bhargava’s expertise, stating her experience will elevate customer relationships and align Critical Start’s offerings with evolving strategies.
Bhargava, previously with OneSpan, expressed her excitement about joining Critical Start, citing the importance of cybersecurity and customer success during a pivotal time for the industry.
October 2, 2024 | Happy Manufacturing Day 2024! This annual celebration aims to inspire interest in manufacturing careers and unite organizations in tackling industry challenges. Leaders emphasize the importance of technology and innovation to overcome workforce shortages and enhance efficiency. As cyber threats rise, the need for robust cybersecurity measures in manufacturing becomes critical.
October 2, 2024 | U.S.-based chief information security officers (CISOs) now earn an average of $565K annually, with top earners surpassing $1 million. The top 1% command starting salaries of $3 million, according to a report by IANS Research and Artico Search.
Despite slower hiring, the CISO role is expanding, with responsibilities and security budgets growing. While turnover has decreased, job changes still lead to the highest pay increases.
October 2, 2024 | North Korean hacking group Stonefly has shifted from espionage to financially motivated attacks, with security experts predicting future ransomware extortion incidents. Symantec’s Threat Hunter Team revealed that Stonefly targeted three U.S. organizations in August. Though ransomware wasn’t deployed, researchers believe these attacks were financially driven.
Stonefly, linked to North Korean military intelligence, has been active since 2009, and this move follows a broader trend of state-sponsored groups engaging in ransomware for revenue generation.
September 27, 2024 | The China-linked group Salt Typhoon has targeted several U.S. internet service providers (ISPs) for espionage, according to Microsoft. This advanced persistent threat (APT) aims to infiltrate critical infrastructure and gather intelligence for future attacks. Experts warn that compromised ISPs could disrupt vital services and expose sensitive data.
September 25, 2024 | Arkansas City, Kansas, experienced a cybersecurity incident affecting its water treatment facility on September 22. The incident led to a temporary switch to manual operations, but no disruption in water services for the city’s 12,000 residents occurred.
City Manager Randy Frazer assured residents that “the water supply remains completely safe” as cybersecurity experts work to restore automated systems. The city’s swift response involved collaboration with cybersecurity professionals to maintain water safety and investigate the breach.
Cyber threats to water treatment facilities are increasing, highlighting the need for robust cybersecurity measures. Experts note that these facilities are prime targets for cybercriminals, underscoring the importance of vigilance and preparedness against potential ransomware attacks.
September 24, 2024 | The FBI and Department of Homeland Security are investigating a cyberattack on Arkansas City’s water treatment facility. City Manager Randy Frazer confirmed that the attack, which took place on September 22, involved a ransom request but did not compromise sensitive information. The facility has switched to manual operations to ensure safe drinking water during the investigation.
September 23, 2024 | Cyber ranges are vital for cybersecurity professionals to stay updated on threats and sharpen their skills. These simulated environments, used by governments and organizations, provide hands-on training for real-world scenarios. Recent initiatives like Ukraine’s Cyber Range UA and the U.S. Navy’s National Cyber Range exemplify the growing focus on effective cyber defense training.
September 20, 2024 | N-able’s new report reveals a 56% rise in cyberattacks on Microsoft 365 in 2024. Surveyed MSPs reported a significant increase in disaster recovery events and a 46% uptick in offering backup services. Chris Groot from N-able emphasizes the need for ransomware-resilient architectures to combat these threats.
September 20, 2024 | Critical Start has appointed Scott White as its new CEO, succeeding founder Rob Davis, who will now serve as executive chairman. White, an experienced technology executive, aims to enhance innovation and service delivery at the leading managed detection and response (MDR) cybersecurity provider.
“I’m honored to join Critical Start and build upon the strong legacy established by Rob Davis,” White stated. His previous role as COO and CRO at DoiT International contributed to a significant growth in bookings, showcasing his capability to lead successful teams. Davis expressed confidence in White’s vision for the company, which has seen record growth this year.
September 20, 2024 | The hacking group TeamTNT has launched a new attack campaign targeting VPS servers running CentOS. Known for cryptojacking and active since 2019, TeamTNT is exploiting SSH vulnerabilities to infiltrate systems.
Researchers from Group-IB report that the attackers use brute-force SSH attacks to install a malicious script that disables security features, modifies system files, and removes cryptocurrency mining processes. The script also deploys the Diamorphine rootkit to enable covert control and persistence on compromised hosts.
Security experts warn that TeamTNT’s focus on CentOS, especially outdated versions like CentOS 7, highlights the importance of securing cloud infrastructures and applying the latest patches.
A series of macOS vulnerabilities in the Calendar app exposed iCloud data by bypassing security features like Gatekeeper and TCC. Researcher Mikko Kenttälä discovered the flaws, which allowed remote code execution (RCE) without user interaction. The exploit chain, rated as high as 9.8 on the CVSS scale, enabled attackers to access sensitive data, including iCloud Photos. Apple has since patched the vulnerabilities.
September 18, 2024 | A zero-click vulnerability chain in macOS allowed attackers to bypass security features like Gatekeeper and TCC, exposing sensitive iCloud data, including photos. Researcher Mikko Kenttälä discovered the flaw by exploiting a file sanitization issue in Calendar invites, which enabled remote code execution (RCE) without user interaction.
Apple has since patched the vulnerabilities, but this incident highlights ongoing risks to macOS security.
September 18, 2024 | A recent Cyber Risk Peer Benchmarking Report from Critical Start reveals a disconnect between strategy and execution in cyber risk management. While 91% of organizations recognize the importance of a strong cyber risk strategy, many struggle with execution, especially as they grow larger. Key challenges include poor asset visibility, delayed vulnerability remediation, and ineffective risk measurement.
Cybersecurity workforce shortages further magnify the issue, but with data-driven decisions and benchmarking insights, organizations can bridge the gap and enhance cyber resilience.
September 18, 2024 | Ransomware groups like LockBit, Play, and BlackBasta are behind 40.54% of attacks in 2024. Defenders need to adapt to evolving tactics. Key strategies include securing Windows and Linux systems, enhancing endpoint detection, patching vulnerabilities, and strengthening supply chains. As these groups grow more organized, security teams must focus on rapid response and proactive defense to stay ahead.
September 17, 2024 | Critical Start, a leader in Managed Detection and Response (MDR) cybersecurity solutions, has appointed Scott White as the new Chief Executive Officer. White, an experienced technology executive, joins from DoiT International, where he led substantial growth. Rob Davis, Critical Start’s Founder, will serve as Executive Chairman and continue supporting the company’s mission to prevent breaches and business disruption.
White expressed excitement about building on the company’s strong foundation, while Davis expressed confidence in White’s leadership to drive continued success.
September 17, 2024 | National Insider Threat Awareness Month highlights the need to address insider risks—whether accidental or malicious. Cybersecurity experts share strategies for mitigating threats from within, focusing on Zero Trust, data protection, and continuous monitoring.
September 17, 2024 | GitLab has released security updates for 17 vulnerabilities, including a critical flaw (CVE-2024-6678) with a CVSS score of 9.9/10. This bug allows attackers to run pipeline jobs as any user, risking unauthorized code deployment and data tampering. Security experts warn of potential privilege escalation and software supply chain compromise if left unpatched. Immediate patching, along with stricter access controls and continuous monitoring, is crucial to mitigate these risks.
September 16, 2024 | Asset visibility is key to improving Managed Detection and Response (MDR) outcomes. Incomplete asset inventories leave organizations vulnerable to cyber threats. Experts highlight the need for continuous asset monitoring, unified inventory systems, and prioritizing remediation efforts based on asset criticality for effective endpoint security.
September 13, 2024 | GitLab has patched a critical vulnerability (CVE-2024-6678) with a CVSS score of 9.9, which could allow attackers to trigger a CI/CD pipeline as an arbitrary user, leading to privilege escalation and software supply chain risks. Experts stress the need for immediate patching and supply chain security measures.
Sept 12, 2024 | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning, urging U.S. federal agencies to patch four high-risk Microsoft vulnerabilities by the end of the month. These include CVE-2024-38226, CVE-2024-43491, CVE-2024-38014, and CVE-2024-38217, which are actively being exploited. Experts emphasize the urgency of addressing these vulnerabilities, especially in critical sectors like healthcare, finance, and government.
September 12, 2024 | Cyberattacks are increasingly threatening industries vital to global economies. In H1 2024, sectors like Manufacturing, Healthcare, and Professional Services saw significant spikes in attacks, with Manufacturing reporting 377 incidents. These cyber threats disrupt operations and pose risks to economic stability.
Sept 11, 2024 | U.S. federal civilian agencies have until the end of September to patch four critical Microsoft vulnerabilities, now being actively exploited. The bugs — CVE-2024-38226, CVE-2024-43491, CVE-2024-38014, and CVE-2024-38217 — impact popular Microsoft tools like Windows Installer and Publisher.
Randy Watkins, CTO at Critical Start, stressed that failing to address these issues could result in severe data breaches and downtime. Experts warn that these flaws are part of multi-stage attack chains, posing a major risk to industries like healthcare, finance, and government.
Sept 11, 2024 | The North Korean hacking group Lazarus has launched a new campaign targeting developers through fake coding tests. Posing as recruiters from prominent firms like Capital One, they lure victims via LinkedIn, tricking them into executing malicious code hidden in altered Python modules.
This campaign represents an evolution in Lazarus’ tactics, moving beyond financial institutions to target developer environments. Experts urge developers to implement Zero Trust principles, rigorous code reviews, and use sandbox environments to defend against this growing threat.
September 9, 2024 | U.S. water systems are facing rising cyber threats from China, Russia, and Iran. While no major impacts have occurred yet, experts warn that outdated operational technology (OT) leaves water infrastructure highly vulnerable. Despite these risks, attempts to implement cybersecurity standards have faced legal challenges, leaving this critical sector exposed.
Sept 05, 2024 | A vulnerability known as “Eucleak” puts YubiKey 5 devices with firmware below 5.7 at risk of cloning attacks. The flaw, discovered by NinjaLabs, allows attackers to steal ECDSA private keys, account data, and PINs through side-channel exploitation of the Infineon cryptographic library. Experts urge immediate firmware updates and stronger security practices to mitigate the risk.
Sept 05, 2024 | Planned Parenthood has confirmed a cyberattack on its Montana organization, forcing parts of its IT infrastructure offline. The RansomHub ransomware gang, which claimed responsibility, threatened to leak 93 GB of stolen data if demands are unmet within six days.
Attempts to reach Planned Parenthood’s headquarters were unsuccessful. The size of the ransom is unknown, and it remains unclear if Planned Parenthood plans to negotiate.
This attack comes amid heightened attention on abortion rights, particularly in light of Montana’s upcoming statewide vote on adding abortion rights to its constitution.
Sept 05, 2024 | The BlackByte ransomware group has been exploiting a new VMware ESXi vulnerability (CVE-2024-37085) for authentication bypass attacks. This shift highlights their ability to adapt quickly to emerging threats, targeting enterprise infrastructures with high-impact ransomware campaigns. Experts stress the need for timely patches, multi-factor authentication, and stronger access controls to mitigate risks.
Sept 04, 2024 | The Exploit Prediction Scoring System (EPSS) helps organizations prioritize vulnerabilities by predicting their likelihood of exploitation. A study shows that EPSS, used with other inputs like CVSS scores, improves vulnerability remediation. With EPSS, companies can better address vulnerabilities based on actual threat activity, reducing wasted efforts and focusing on the most critical risks.
Sept 02, 2024 | In the first half of 2024, cybercrime surged across industries, with ransomware and database leaks hitting Manufacturing and Industrial Products the hardest. Healthcare saw a 180% spike in attacks, while Professional Services reported a 15% increase. In contrast, technology firms saw a slight decrease in incidents. Business Email Compromise (BEC), deepfakes, and attacks exploiting open-source repositories also grew, signaling the need for stronger cybersecurity defenses.
August 29, 2024 | Cisco researchers discovered that the BlackByte ransomware group is hiding most of its attacks. Despite being highly active in 2024, BlackByte has only disclosed a fraction of its successful breaches. The group is quickly adapting, exploiting new vulnerabilities like VMware ESXi (CVE-2024-37085).
August 29, 2024 | The BlackByte ransomware group, believed to have branched off from Conti, is exploiting a newly discovered VMware ESXi authentication bypass flaw (CVE-2024-37085), as reported by Cisco Talos Incident Response. This marks a significant shift in their tactics, moving from traditional methods to leveraging this fresh vulnerability.
According to experts from BlueVoyant and Critical Start, this adaptation could make BlackByte’s attacks more effective and difficult to anticipate. The flaw, recently added to CISA’s Known Exploited Vulnerabilities catalog, is now a key focus for cybersecurity defenders as it resembles tactics used in advanced persistent threat operations.
August 29, 2024 | The BlackByte ransomware group, believed to have splintered from Conti, is exploiting a newly disclosed VMware ESXi authentication bypass flaw (CVE-2024-37085). According to Cisco Talos Incident Response, this marks a significant shift in BlackByte’s tactics, moving away from their usual methods like credential theft and web shells.
Experts, including BlueVoyant’s Austin Berglas and Critical Start’s Callie Guenther, note that this pivot to exploiting fresh vulnerabilities could make BlackByte’s attacks more unpredictable and challenging to defend against. The flaw was recently added to CISA’s Known Exploited Vulnerabilities catalog, signaling its serious potential for widespread abuse.
August 29, 2024 | BlackByte, likely a Conti spin-off, is now exploiting a newly disclosed VMware ESXi vulnerability (CVE-2024-37085). This allows attackers to gain full control over virtual machines, marking a shift from BlackByte’s traditional methods. Cisco Talos Incident Response reports that BlackByte’s rapid integration of this vulnerability shows their evolving tactics.
Experts like Callie Guenther at Critical Start stress the critical nature of this threat, particularly as ESXi hypervisors are integral to many enterprises. BlackByte’s new techniques include using outdated drivers to bypass security tools, making detection difficult.
Defenders must quickly patch systems, monitor access, and implement multi-factor authentication to counteract these sophisticated attacks.
August 28, 2024 | The first half of 2024 recorded over 3,438 high-risk cyber alerts, with a 46.15% rise in U.S. attacks. Critical sectors like manufacturing and healthcare remain primary targets, with ransomware incidents increasing significantly. Experts warn that trends like double extortion tactics and deepfake fraud are on the rise, emphasizing the need for robust security measures.
August 28, 2024 | The BlackByte ransomware group is exploiting a new authentication bypass vulnerability in VMware ESXi, signaling a shift from their traditional tactics. Researchers at Cisco Talos reported that BlackByte, believed to be an offshoot of the Conti gang, typically uses vulnerable drivers and legitimate tools to bypass security.
The newly exploited bug, CVE-2024-37085, was recently added to CISA’s Known Exploited Vulnerabilities catalog. This marks a departure from BlackByte’s usual methods, which included phishing and credential stuffing.
Austin Berglas of BlueVoyant noted that the exploitation of this vulnerability requires more persistence, indicating a deeper attack strategy that seeks to gain administrative access rather than just initial entry.
Callie Guenther of Critical Start emphasized the importance of targeting VMware ESXi, as it underpins many enterprise applications. “This shift shows their willingness to adopt cutting-edge methods, increasing the pressure on victims to pay the ransom,” she said.
August 28, 2024 | The BlackByte ransomware gang is revealing only a small portion of its successful attacks, according to Cisco Talos researchers. They estimate that the group posts extortion notices for just 20% to 30% of its breaches.
In 2023, BlackByte listed 41 victims but has disclosed only three so far in 2024, raising questions about its lack of transparency despite increased activity.
BlackByte has been linked to high-profile attacks on local governments and organizations like the San Francisco 49ers. Cisco Talos noted that the group is rapidly evolving, often exploiting newly disclosed vulnerabilities, such as CVE-2024-37085 in VMware ESXi software.
Researchers highlight the Ransomware-as-a-Service (RaaS) model’s flexibility, allowing BlackByte to quickly adapt and counter cybersecurity defenses.
August 26, 2024 | Critical Start has released its Cyber Threat Intelligence Report for the first half of 2024, revealing that manufacturing and industrial sectors are the most targeted by cybercriminals. The report highlights alarming trends, including a 3,000% increase in deepfake attacks and a projected 15% annual growth in global cybercrime, expected to reach $10.5 trillion by 2025.
Key findings include:
Manufacturing: 377 confirmed ransomware and database leak incidents.
Professional Services: 15% increase in attacks, with 351 reported cases.
Healthcare: 180% surge in incidents, particularly following the Change Healthcare attack.
Engineering and Construction: 46.15% rise in attacks in the U.S.
Technology: 12.75% decrease in attacks compared to H1 2023.
Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, emphasizes the importance of strong security strategies, including Managed Detection and Response (MDR) solutions, to mitigate these evolving threats.
August 26, 2024 | Critical Start’s latest Cyber Threat Intelligence Report reveals that manufacturing remains the top target for cybercrime in the first half of 2024, with 377 confirmed ransomware and database leak incidents. The report indicates a 15% annual increase in global cybercrime, projected to reach $10.5 trillion by 2025.
Key findings include a 15% rise in cyberattacks on professional services and a staggering 180% increase in healthcare incidents. Despite a 12.75% decrease in tech-related attacks, the overall threat landscape remains concerning. Experts emphasize the need for robust Managed Detection and Response (MDR) solutions to mitigate risks effectively.
August 26, 2024 | Critical Start’s latest report highlights a 15% annual increase in global cybercrime, expected to reach $10.5 trillion by 2025. In the first half of 2024, over 3,400 high-risk alerts and 4,600 ransomware incidents were reported, with manufacturing and healthcare being the most affected sectors.
Experts urge organizations to enhance their cybersecurity strategies in response to these evolving threats.
August 26, 2024 | Universal Robots (UR) is embracing AI with its new machine tending solution, enhancing batch changeovers by eliminating fixtures. A recent survey of 1,200 manufacturers revealed that over 50% are now integrating AI and machine learning into production processes.
“AI isn’t just hype,” says Ujjwal Kumar, Group President of Teradyne Robotics. UR’s advancements include AI-based perception capabilities running on NVIDIA Jetson, enabling dynamic path planning for efficient, collision-free operation. Additionally, UR has launched enhanced Care Service Plans for preventive maintenance and performance monitoring, showcasing its commitment to service excellence.
August 23, 2024 | A new report from Critical Start reveals alarming trends in ransomware and database leaks, particularly affecting manufacturing, healthcare, and professional services. The Cyber Threat Intelligence Report highlights that manufacturing remains the top target, with 377 confirmed attacks in H1 2024.
Healthcare and life sciences saw a staggering 180% increase in breaches, and professional services experienced a 15% rise in ransomware incidents. Emerging threats such as Business Email Compromise are shifting focus to smaller businesses, while deepfake fraud attempts surged by 3,000%.
Experts stress the need for organizations to bolster their cybersecurity strategies in this rapidly evolving threat landscape.
August 23, 2024 | The Critical Start Cyber Threat Intelligence Report reveals that Manufacturing and Industrial Products faced the highest number of cyberattacks in H1 2024, with 377 ransomware and database leak incidents. The report highlights a 180% surge in healthcare breaches and emerging threats like Business Email Compromise targeting smaller firms and a staggering 3,000% increase in deepfake fraud attempts. Experts emphasize the need for robust cybersecurity strategies to mitigate these risks.
August 23, 2024 | The Critical Start Cyber Intelligence Report reveals that the manufacturing and healthcare sectors are the most targeted industries for cyberattacks in early 2024. The report analyzed over 4,600 ransomware and data leak incidents across 24 industries worldwide.
Manufacturing led the way in threats, while healthcare experienced a staggering 180% increase in data breaches compared to last year. Additionally, business email compromise is shifting focus from large corporations to smaller businesses, and deepfake fraud has surged by 3,000%. “With increasingly sophisticated threats, organizations must prioritize a robust security culture and strategy,” advises Callie Guenther, senior manager of cyberthreat research at Critical Start.
August 23, 2024 | Manufacturing and industrial sectors lead cyberattack targets in H1 2024, with deepfake fraud attempts surging by 3,000%. The report provides actionable insights for businesses to enhance security and mitigate risks.
August 22, 2024 | Critical Start’s Cyber Research Unit reported over 3,438 high and critical cyber alerts in the first half of 2024, with the U.S. seeing a 46.15% rise in attacks compared to 2023. Manufacturing remains the most targeted sector, with 377 confirmed ransomware and data leak incidents.
Key Findings:
Professional Services: 15% increase in attacks, totaling 351 incidents.
Healthcare: Ransomware and database leaks surged by 180% in February, linked to major provider breaches.
Technology: 12.75% decrease in attacks.
Experts warn that breaches will likely rise, particularly in healthcare and critical infrastructure. Emerging threats include a shift toward smaller businesses in business email compromise (BEC) attacks, a 3,000% increase in deepfake fraud attempts, and abuse of open-source repositories.
To combat these threats, organizations are advised to implement zero-trust security models and enhance real-time threat intelligence.
August 22, 2024 | Critical Start’s latest Cyber Threat Intelligence Report reveals manufacturing as the most targeted industry, with 377 ransomware and data leak incidents in H1 2024.
Key findings include:
Healthcare: Ransomware incidents surged by 180% in February.
Engineering and Construction: Attacks increased by 46%.
Professional Services: A 15% rise in attacks reported.
Technology: Experienced a 12.75% decrease in incidents.
Experts urge organizations to adopt robust cybersecurity measures, emphasizing network segmentation and zero-trust architectures to mitigate risks.
August 22, 2024 | A new report from Critical Start reveals a worrying rise in cyberattacks, particularly targeting healthcare and manufacturing in the first half of 2024. The Cyber Intelligence Report highlights that manufacturing topped the list with 377 confirmed ransomware and database leak incidents.
Healthcare and life sciences experienced a staggering 180% increase in breaches, while professional services reported a 15% rise in attacks. Interestingly, the engineering and construction sectors saw a 46% uptick in incidents, though technology companies noted a surprising 13% decrease in attacks.
Emerging threats include a shift in Business Email Compromise (BEC) tactics towards smaller businesses and a dramatic 3,000% rise in deepfake fraud attempts. Experts emphasize the importance of robust security strategies to counteract these evolving threats.
August 22, 2024 | Critical Start’s latest Cyber Threat Intelligence Report reveals significant threats in the first half of 2024, emphasizing manufacturing as the most targeted sector. The report highlights 377 confirmed ransomware and database leak incidents, alongside a 15% increase in attacks on professional services and a 180% surge in healthcare-related breaches.
Callie Guenther, Senior Manager of Cyber Threat Research, stresses the importance of a robust security strategy, noting the rising sophistication of cyber threats. The report also points to alarming trends, such as the 3,000% increase in deepfake fraud attempts and the targeting of smaller businesses by Business Email Compromise (BEC) scammers.
For ongoing updates on cyber threats, follow the Critical Start Intelligence Hub.
August 22, 2024 | Critical Start’s latest Cyber Threat Intelligence Report reveals manufacturing as the top target for cybercriminals in the first half of 2024. The report shows a rise in ransomware and database leaks, with manufacturing experiencing 377 confirmed incidents. Healthcare saw a 180% surge in attacks, while professional services faced a 15% increase. The report underscores the urgent need for organizations to enhance their cybersecurity measures amid escalating threats.
August 22, 2024 | New cyber threat intelligence reports reveal that manufacturing is the most targeted industry for cyber threats. Critical Start’s Cyber Threat Intelligence Report indicates nearly 400 confirmed ransomware and database leak incidents in the first half of 2024, with attacks exploiting supply chain vulnerabilities.
A recent attack on Crown Equipment disrupted operations, highlighting the industry’s risk. Phishing remains the most common attack method, as seen in the $60 million loss suffered by European chemical maker Orion SA due to a phishing scheme.
IBM X-Force’s 2024 report corroborates these findings, stating manufacturing has been the most targeted sector in Asia Pacific for two consecutive years, accounting for over a quarter of all security incidents. Experts stress the importance of robust cybersecurity measures as a competitive advantage in the manufacturing sector.
August 22, 2024 | Critical Start’s latest report highlights manufacturing as the most targeted sector for cyberattacks in H1 2024. The Cyber Research Unit analyzed thousands of alerts and reports, revealing a 15% annual growth in global cybercrime, projected to reach $10.5 trillion by 2025. Key findings include significant increases in attacks on healthcare and professional services, with experts urging organizations to adopt proactive cybersecurity measures.
August 22, 2024 | Cybercrime is projected to grow 15% annually, reaching $10.5 trillion by 2025. Critical Start’s latest Cyber Threat Intelligence Report reveals key trends from H1 2024, focusing on advanced persistent threats and new attack techniques. MSSPs and MSPs can leverage these insights to strengthen client defenses, especially in targeted sectors like manufacturing, healthcare, and professional services.
August 22, 2024 | A report from Critical Start reveals that manufacturing and industrial products were the top targets for cyberattacks in the first half of 2024, with 377 confirmed ransomware and database leak incidents. The report, based on 3,438 high-risk alerts, also highlights a 180% surge in healthcare attacks and a 3,000% increase in deepfake fraud attempts.
August 22, 2024 | A new report by Critical Start reveals manufacturing is the top target for cyberattacks in 2024, with 377 confirmed incidents. Healthcare saw a 180% spike in ransomware and data leaks, while deepfake fraud attempts surged by 3,000%. The report highlights a shift in business email compromise attacks towards smaller businesses and growing threats from open-source software repositories.
August 21, 2024 | A vulnerability in Microsoft Entra ID (formerly Azure AD) allows attackers to bypass security measures via the pass-through authentication (PTA) agent. This could enable unauthorized access to any synchronized Active Directory user, potentially escalating privileges to that of a Global Administrator.
Experts, including Sarah Jones from Critical Start, highlight the need for organizations to tighten security around PTA agent servers and enforce strong password policies and multi-factor authentication to mitigate these risks. As Tal Mandel Bar from DoControl notes, this vulnerability illustrates how cloud identity services can become prime targets, emphasizing the importance of robust SaaS security measures.
August 20, 2024 | A newly discovered bug in Microsoft Azure Kubernetes Services (AKS) could allow attackers with pod access to escalate privileges and access sensitive credentials. Mandiant’s research indicates that exploiting this vulnerability may lead to data theft and financial loss.
An attacker with command execution rights in a Kubernetes pod could download cluster provisioning configurations, extract TLS bootstrap tokens, and execute a TLS Bootstrap Attack, potentially reading all secrets within the cluster.
Experts highlight the risk of malicious insiders attempting to access unauthorized application secrets. While Microsoft has issued a patch, security teams must audit AKS configurations, rotate Kubernetes secrets, and enforce strict security policies.
August 20, 2024 | A critical vulnerability in Microsoft’s Azure Kubernetes Service (AKS) allows attackers with pod access to obtain sensitive credentials. Mandiant reported that this flaw can enable data theft and malicious actions within affected clusters.
Security experts urge organizations to audit their AKS configurations, enforce strict security policies, and rotate Kubernetes secrets immediately to mitigate risks.
August 16, 2024 | A ransomware attack on India’s payment system has been traced to CVE-2024-23897, a Jenkins vulnerability. The flaw in Jenkins’ Command Line Interface allowed attackers to exploit sensitive data, impacting the National Payments Corporation of India and its tech provider, C-Edge Technologies.
August 16, 2024 | Critical Start has introduced its Vulnerability Management Service (VMS) and Vulnerability Prioritization, designed to help organizations manage and reduce cyber risk exposure. Leveraging a collaboration with Qualys, the managed service offers comprehensive vulnerability assessment, prioritization, and reduction, focusing on high-risk vulnerabilities through expert analysis and contextualized reporting.
August 15, 2024 | A recent outage affecting 8.5 million Microsoft Windows machines stemmed from a flawed CrowdStrike software update, raising concerns about vendor reliance in IT services. The incident, which began on July 19, left users and businesses paralyzed as systems crashed, necessitating a major recovery effort from both companies.
The outage highlights the importance of cyber resilience, as experts stress the need for organizations to diversify their vendor ecosystems to avoid single points of failure. Raju Chekuri, CEO of Netenrich, emphasized that building cyber resilience isn’t just about security—it’s about ensuring systems can recover effectively after a failure.
This incident serves as a wake-up call for tech professionals to prioritize thorough testing and cautious rollout of software updates, balancing automation with human oversight.
August 15, 2024 | Critical Start has launched its Vulnerability Management Service (VMS) and Vulnerability Prioritization, essential components of its Managed Cyber Risk Reduction strategy. These offerings empower organizations to effectively manage, prioritize, and reduce cyber risk from vulnerabilities.
By leveraging Qualys VMDR, Critical Start’s fully managed service offloads the operational burden of vulnerability management, providing comprehensive scanning, monitoring, and reporting. Customers receive expert analysis and actionable insights, enabling them to focus on the vulnerabilities that pose the highest risk to their environment.
August 15, 2024 | MSSP Alert brings you the latest updates from the MSSP, MSP, and cybersecurity sectors. Today, the spotlight is on Critical Start, Qualys, Skyhigh Security, Everfox, and more.
Critical Start Offers Vulnerability Management, Prioritization: Critical Start, known for its managed detection and response (MDR) services, has launched the Critical Start Vulnerability Management Service (VMS) and Vulnerability Prioritization. This new service, in partnership with Qualys, enables organizations to assess, manage, and reduce cyber risk by prioritizing vulnerabilities.
August 14, 2024 | The ransomware group Brain Cipher gained attention after a major attack on Indonesian government services. On June 20, their operation disrupted national systems, leading to significant delays for ferry bookings and passport checks. Under pressure, they abandoned their $8 million ransom demand and released a free decryptor.
Researchers from Group-IB linked Brain Cipher to at least three other groups, indicating a lack of sophistication. Their malware is based on the leaked Lockbit 3.0 builder, and their ransom notes are clear but ineffective, as they failed to leak data from most victims. The use of multiple identities allows them to evade detection and complicate investigations.
August 13, 2024 | Critical Start has launched the Cyber Range, a free feature of its Critical Start Cyber Operations Risk & Response™ (CORR) Platform. This virtual environment simulates real-world cyber threats, allowing organizations to train their cybersecurity teams and evaluate new security products without risking their infrastructure.
Chris Carlson, Chief Product Officer at Critical Start, stated, “Our Cyber Range provides a safe space for companies to engage in realistic scenarios that prepare them for real-world cyber challenges.”
Key features include customizable simulations, product emulation, MITRE ATT&CK® Matrix integration, and flexible training options. The Cyber Range offers significant benefits like enhanced training, risk-free testing, and accelerated onboarding.
“The Cyber Range is a game-changer for cybersecurity training and evaluation,” added Carlson. For more information, visit the Critical Start website.
August 13, 2024 | Cybersecurity leaders are grappling with a surge in attacks in 2024, highlighting the pressing need for proactive measures. A recent report by Critical Start reveals that 86% of professionals cite unknown cyber risks as their top concern, up 22% from last year. Misalignment between cybersecurity investments and risk priorities remains a significant challenge, with 66% of companies lacking visibility into their cyber risk profiles.
Experts, including Chris Morales (Netenrich) and Randy Watkins (Critical Start), stress the importance of Managed Detection and Response (MDR) solutions in enhancing threat detection and response capabilities. As cyber threats evolve, organizations must shift from traditional prevention methods to a resilient approach that includes continuous monitoring and rapid incident response.
August 9, 2024 | Stay updated with the latest in identity management and information security. This week’s highlights include a massive data breach affecting 3 billion people, IBM’s AI-powered threat detection assistant, and new cybersecurity tools from Balbix, Beyond Identity, and more.
August 9, 2024 | Stay competitive with ChannelPro’s roundup of essential updates. This week’s highlights include Microsoft’s new partner benefits, Sophos’ ransomware findings, and Arctic Wolf’s expanded Cyber JumpStart Portal. Discover the latest tech advancements, strategic partnerships, and security innovations shaping the MSP landscape.
August 9, 2024 | The SEC has decided not to recommend enforcement action against Progress Software for the MOVEit Transfer vulnerability that affected 95 million people. The decision follows Progress’s cooperation and timely disclosure of the breach, which was exploited by the Clop ransomware gang in May 2023. The SEC’s decision signals a focus on companies’ proactive measures rather than punitive actions in cases of zero-day exploits.
August 8, 2024 | Big news in the tech and MSP world: EQT has acquired a majority stake in Acronis, while Fortinet has acquired Next DLP to boost its data protection capabilities. Rewst also raised $45M to expand its MSP automation platform.
August 7, 2024 | Critical Start has unveiled its Cyber Range, a virtual environment simulating real-world cyber threats. This free platform, part of the Critical Start Cyber Operations Risk & Response™ (CORR) Platform, allows organizations to safely train their cybersecurity teams, test new security products, and evaluate their cyber readiness without risking their actual infrastructure.
August 7, 2024 | Unknown threat actors and exploits are the top worry for 86% of cybersecurity professionals, according to a Critical Start survey, marking a 17% increase from last year. The rise in concern is driving 99% of organizations to consider outsourcing cyber risk reduction projects.
August 9, 2024 | Fortinet acquires Next DLP to enhance data protection. OPSWAT acquires InQuest, EQT stakes Acronis, and Beyond Identity releases RealityCheck for Zoom. Other highlights include NetRise, Legit Security, and Rapid7’s latest updates.
August 7, 2024 | A recent surge in attacks targeting VMware ESXi servers, exploiting the critical CVE-2024-37085 vulnerability, has highlighted the need for stronger defenses. Ransomware groups like Storm-0506 and Octo Tempest have used this flaw to gain administrative access, encrypting virtual machines and disrupting operations. To protect against these threats, organizations should:
Apply patches and updates rapidly.
Strengthen access controls with multifactor authentication.
Conduct regular security audits.
Implement network segmentation.
Develop robust incident response plans.
Staying proactive is key to defending against these evolving threats.
August 6, 2024 | Traditional security tools are falling short in today’s complex threat landscape. The 2024 Critical Start Cyber Risk Landscape Peer Report reveals that 83% of cybersecurity pros experienced a data breach in the past two years, despite having standard protections. Here’s how your organization can take action:
Align Costs with Risk: 84% of security pros report that cost is prioritized over risk reduction. Shift focus to align cybersecurity investments with quantifiable risk-reduction priorities.
Manage Outsourced Risks: While outsourcing cyber-risk workstreams is common, it can create control gaps. Use a blended approach, keeping some expertise in-house to mitigate these risks.
Modernize Security Tools: Traditional threat-based systems struggle with emerging threats. Invest in tools that offer deeper context and adapt to evolving tactics.
Improve Visibility: Only 29% of organizations have full visibility into their assets. Enhance asset management to better protect against unknown threats.
August 6, 2024 | Critical Start’s latest Cyber Risk Landscape Peer Report reveals that 86% of cybersecurity professionals now view unknown cyber risks as a top concern—up 17% from last year. The report emphasizes the need for businesses to adopt proactive risk management strategies and highlights ongoing challenges such as limited visibility into risk profiles and misalignment between cybersecurity investments and risk priorities.
August 6, 2024 | A Critical Start survey found that 86% of companies are more concerned about unknown cybersecurity threats than known flaws. The report highlights the growing trend of outsourcing cyber risk management to tackle these unseen risks, with 99% of organizations planning to do so within two years.
August 6, 2024 | A recent report from Critical Start reveals that 86% of cyber professionals now see unknown risks as their top concern, a 17% increase from last year. The report also highlights limited cyber risk insight, misaligned priorities, and a rise in breach incidents.
August 6, 2024 | The latest Cyber Risk Report shows a 16% rise in data breaches. Key actions: align security costs with risks, use a blended outsourcing approach, upgrade outdated tools, and improve asset visibility.
August 06, 2024 | A new report by Darktrace reveals the rising threat of Malware-as-a-Service (MaaS), which has seen significant growth due to its low entry barriers and subscription-based model. MaaS tools enable even novice attackers to launch effective cyberattacks with pre-packaged malware. The report highlights the continued success of older malware strains and the increasing use of “double extortion” tactics, where attackers encrypt and steal data to force higher ransoms. Organizations must adopt multi-layered security strategies and stay current with patches to combat these evolving threats.
August 06, 2024 | Researchers have unveiled a new Linux kernel exploit technique called SLUBStick. This method elevates a limited heap vulnerability into an arbitrary memory read/write capability, achieving a 99% success rate in cross-cache attacks. SLUBStick manipulates page tables, granting attackers full memory access. Tested on Linux kernel versions 5.19 and 6.2, the exploit poses a serious threat to systems still using these outdated versions. Experts advise immediate patching and robust security measures to mitigate risks.
August 5, 2024 | A new report from Critical Start reveals that 86% of cybersecurity professionals view unknown risks as a top concern, up 17% from last year. With 66% of businesses lacking visibility into their cyber risk profiles, experts stress the need for proactive risk management alongside traditional detection methods.
August 5, 2024 | Joe Levy, the new CEO of Sophos, aims to support midmarket and smaller businesses in cybersecurity. With a belief that the enterprise sector has received too much focus, Levy emphasizes the need for hybrid solutions combining products and services tailored to these underserved markets.
August 6, 2024 | A new Critical Start report reveals that 86% of cybersecurity professionals now view unknown risks as a top concern—a 17% increase from last year. Despite traditional security measures, 83% experienced a breach. The study also found that 81% of organizations plan to prioritize proactive risk reduction strategies.
August 5, 2024 | Critical Start’s second annual Cyber Risk Landscape Peer Report reveals that 86% of cybersecurity professionals now see unknown cyber risks as their top concern—up 17% from last year. The report highlights the need for proactive risk management, as traditional security measures are proving inadequate. Key findings include:
Cyber Breaches on the Rise: 83% of professionals reported breaches despite existing security measures.
Growing Expertise Gap: 50% cite a lack of cyber expertise as a challenge, up from 37% last year.
Proactive Measures: 99% plan to adopt managed cyber risk reduction solutions to stay ahead of threats.
Randy Watkins, CTO at Critical Start, emphasizes the importance of data-driven insights and proactive strategies, noting that traditional security measures alone are no longer sufficient.
August 5, 2024 | A recent report reveals that 86% of firms are most concerned about unknown cyber-risks. Despite using traditional security measures, 83% experienced breaches, while 66% lack visibility into their cyber-risk profiles. To combat this, 99% plan to adopt managed cyber risk reduction solutions, focusing on proactive strategies like continuous monitoring and threat intelligence integration.
August 2, 2024 | Security leaders agree: finding a mentor is crucial for career growth. Key traits include curiosity, continuous learning, and clear communication.
“Stay curious and ask questions,” says Jordan Avnaim, CISO at Entrust. John Anthony Smith of Conversant Group emphasizes skepticism: “Question all stated truths.”
George Jones, CISO at Critical Start, highlights the need for translating technical issues for executives.
Mentorship builds skills, networks, and opportunities. It benefits both mentors and mentees, fostering mutual growth.
“Good mentorship is bidirectional,” says Avnaim. Networking within your organization or at industry events can help you find a mentor.
“Relationships develop over time,” assures Avnaim. Mentorship enriches careers and strengthens the security industry.
August 1, 2024 | KnowBe4 revealed a North Korean hacker tried to infiltrate its systems using a stolen identity and AI-enhanced image. The hacker secured a job, passed background checks, and attempted to load malware onto a company device. The SOC quickly contained the device, preventing a breach.
Security Leaders React:
Stephen Kowski, SlashNext: “State-sponsored attackers are creating convincing fake identities. We need better vetting, constant monitoring, and collaboration across HR, IT, and security teams.”
Piyush Pandey, Pathlock: “Continuous monitoring and strict access controls are crucial to detect and respond to suspicious activities.”
Callie Guenther, Critical Start: “Companies must scrutinize resumes, verify identities, and monitor for unusual behavior to counter sophisticated threats.”
John Bambenek, Bambenek Consulting: “Ensuring employee and contractor security has always been challenging. Vigilant monitoring and identifying bad actors upfront are essential.”
July 30, 2024 | Security researcher Adnan Khan discovered a flaw in Puppet Forge, dubbed RoguePuppet, allowing anyone with a GitHub account to push official modules. This exposure could have caused significant damage if exploited.
Key Lessons:
Scope of Exposure: Malicious actors could modify any module.
CI/CD Misconfiguration: Due to a GitHub Actions misconfiguration.
Continuous Monitoring: Regular CI/CD checks and strict access controls are essential.
Due Diligence: Rigorous testing and vetting of third-party code is crucial.
Proactive Security: Proper identification and authorization practices are necessary.
Expert Insights:
Joshua Knox, ReversingLabs: “We must do our own due diligence.”
Kevin Kirkwood, Exabeam: “Early testing in CI/CD pipelines is critical.”
Naomi Buckwalter, Contrast Security: “A proactive approach to software supply chain security is overdue.”
Callie Guenther, Critical Start: “Puppet’s prompt response is a commendable example of effective incident management.”
July 23, 2024 | Hackers have leaked internal documents from Leidos Holdings Inc., an IT services provider to U.S. government agencies, including the Defense Department. The breach occurred through Diligent Corp., a GRC software provider used by Leidos.
Leidos confirmed the connection to the Diligent breach and is investigating with cybersecurity experts and law enforcement. The exposure of sensitive information could compromise national security and government operations, highlighting the need for robust third-party security measures.
Micro-segmentation, stronger authentication, and continuous monitoring are critical strategies to mitigate such risks and prevent future breaches.
29 July 2024 | A new Fortinet report reveals that 90% of organizations experienced breaches due to a lack of cybersecurity skills. Recruiting and retaining skilled professionals remains a major challenge. With 87% of organizations facing breaches in 2023, the need for skilled tech pros is critical.
To bridge the gap, focus on recruiting talent with both technical and soft skills. Upskilling and flexible hiring practices are key to securing data and networks. AI can assist, but skilled professionals are still essential for effective cybersecurity.
Plus, cybercriminals are ready to pounce on the Paris Olympics.
July 29, 2024 | Zimperium will launch its first formal partner program later this year, offering incentives for new business, said Chris White, Chief Revenue Officer. This move follows the hiring of David Natker as VP of Global Partners and Alliances. The program will focus on technical enablement, certifications, and incentivizing partners to build mobile security practices.
Zimperium’s partners currently drive 100% of its new business. The new program will continue this strategy, emphasizing net-new customers and account-based marketing efforts.
July 29, 2024 | Salt Labs discovered a critical XSS vulnerability in HotJar, impacting over 1 million websites. Attackers can exploit this flaw to take over user accounts via legitimate-looking links. Major companies like Adobe, Microsoft, and T-Mobile are affected.
July 25, 2024 | A vulnerability in Microsoft’s Windows SmartScreen, CVE-2024-21412, bypassed warning dialogues to deliver malware. Exploited in the wild and patched in February, this flaw allowed attackers to distribute ACR Stealer and Lumia Stealer, targeting apps like Chrome and Telegram.
Experts emphasize the need for layered security defenses and proactive threat intelligence to protect against evolving cyber threats.
July 25, 2024 | Over 3,000 malicious GitHub accounts were found distributing malware like Atlantida Stealer and RedLine, posing severe risks to organizations.
Check Point Research identified the threat group, Stargazer Goblin, using “Ghost” accounts to create the illusion of legitimate repositories. This tactic exploits GitHub’s reputation, leading to data breaches and financial losses.
Organizations must conduct thorough code reviews, use security tools, implement strong access controls, and maintain a security-aware culture among developers to mitigate these threats.
July 24, 2024 | KnowBe4, a cybersecurity firm, was deceived by a North Korean hacker posing as an IT worker. The hacker passed rigorous interviews and background checks, but triggered security alerts upon receiving a company-issued Macbook.
An investigation revealed the hacker used a stolen US identity and AI-enhanced images. The hacker’s tactics included manipulating files and using a Raspberry Pi to load malware. Fortunately, KnowBe4’s security team contained the threat before any data was compromised.
Experts emphasize the need for robust vetting and monitoring to prevent such sophisticated attacks. This incident underscores the importance of enhanced security measures in the hiring process.
July 24, 2024 | KnowBe4 recently stopped a North Korean operative posing as a software engineer. The company detected the threat when the new hire’s Mac workstation began loading malware.
CEO Stu Sjouwerman shared, “We hired the person, sent them a Mac, and it immediately started loading malware.”
Security experts stress the need for rigorous vetting, continuous monitoring, and collaboration across HR, IT, and security teams. This incident highlights the evolving tactics of state-sponsored actors and the importance of strong security measures.
July 23, 2024 | An APT group named Void Banshee is exploiting Internet Explorer vulnerabilities to deploy the Atlantida info-stealer. Using CVE-2024-38112, Void Banshee targets Microsoft Internet Explorer 11, Windows (before 11 23H2 10.0.22631.3880), and Windows Server (before 2022 10.0.20348.2582).
The attacks involve malicious .URL files disguised as book PDFs, distributed via cloud-sharing websites, online libraries, and Discord servers. Predominantly affecting North America, Europe, and Southeast Asia, these attacks highlight the ongoing risk of legacy systems and delayed patch updates.
Security experts emphasize the need for timely security updates and robust patch management to counter such threats.
July 23, 2024 | Women in IT security are as skilled as men but face significant career barriers, according to a study by WiCyS and N2K Networks. Despite their aptitude, women encounter exclusion and limited advancement opportunities.
Experts stress the need for female mentors, inclusive policies, and advanced training to help women succeed in cybersecurity. Addressing unconscious bias and providing role models are crucial for fostering an equitable environment.
July 22, 2024 | The CrowdStrike glitch on July 19 has sparked industry-wide concerns. A faulty Falcon Platform update caused widespread Microsoft outages, affecting 29,000 customers. IT teams are now laboring through a complex recovery process.
David Brumley, a professor at Carnegie Mellon University, criticized CrowdStrike’s insufficient stress-testing and non-incremental rollout. Callie Guenther from Critical Start noted the risks of Friday updates due to weekend understaffing.
Regulatory scrutiny and discussions about the consolidation of software vendors are expected. Adversaries are also exploiting the chaos, warned CrowdStrike CEO George Kurtz and CISA.
July 22, 2024 | SlashNext researchers uncovered the FishXProxy Phishing Kit on the dark web. This kit uses unique link generation, advanced antibot systems, and redirection abilities to evade detection. It’s advertised as “The Ultimate Powerful Phishing Toolkit” and poses significant security challenges.
Callie Guenther from Critical Start highlights the risks: “FishXProxy lowers the barrier for advanced cybercrime, making it harder for traditional security measures to keep up.”
Mika Aalto from Hoxhunt stresses the need for human intelligence: “Equipping people with the right skills and tools is crucial to counter advanced phishing attacks.”
July 19, 2024 | A global IT outage caused by a CrowdStrike update has led to debate over responsibility. The update triggered widespread crashes, impacting sectors from airports to banks.
CrowdStrike insists the issue wasn’t a cyberattack and has deployed a fix, while Microsoft has restored its cloud services. Analysts draw parallels to past incidents, emphasizing the need for thorough testing and robust incident response.
Controversy remains: Was the flaw in CrowdStrike’s update or Microsoft’s system?
July 19, 2024 | The CrowdStrike outage highlights key strategies for managing disruptions. Act swiftly with your incident response plan, communicate clearly, and apply necessary reboots and patches.
Long-term, enhance testing procedures, diversify vendors, and conduct regular training.
Stay alert for follow-on threats like phishing scams and fake updates.
July 19, 2024 | The Microsoft outage, triggered by a CrowdStrike update, disrupted critical systems globally. Airlines, hospitals, banks, and more were impacted. CrowdStrike has issued a fix, but manual recovery is required. Experts warn of ongoing phishing threats and emphasize the need for robust contingency plans and diverse vendor strategies.
July 19, 2024 | A flawed update from CrowdStrike caused widespread outages, highlighting the dangers of relying on a few tech giants. Experts warn that such dependence increases risks when these systems fail.
July 19, 2024 | IT teams worldwide are rushing to fix systems after a faulty CrowdStrike update caused massive outages. The incident highlights the risks of tech consolidation, with officials urging better digital resilience and redundancy.
July 19, 2024 | A defective update to CrowdStrike Falcon Sensor caused mass IT outages globally, disrupting businesses, airlines, healthcare providers, and more. The update led to the “blue screen of death” on Microsoft servers. Though CrowdStrike has reverted the update, many systems remain down.
The bug in the Memory Scanning policy was not caught in testing, causing the Falcon sensor to consume 100% of a CPU core. Workaround steps have been provided. Microsoft is working with CrowdStrike to restore systems.
July 16, 2024 | APT group Void Banshee is exploiting a recently patched zero-day (CVE-2024-38112) to deploy the Atlantida infostealer. The attack uses a disabled Internet Explorer (IE) browser via MHTML to steal passwords and cookies.
Trend Micro reported Void Banshee spreads malicious files disguised as book PDFs on cloud-sharing sites, Discord, and online libraries. Callie Guenther of Critical Start highlights the vulnerability’s risk due to slow patch adoption and legacy systems.
July 15, 2024 | Research shows CISO job satisfaction is tied to their access to company management. Despite high salaries, many CISOs are unhappy, with three in four considering job changes in 2023. They often face blame for cyber incidents and compliance issues, leading to dissatisfaction.
Pathlock CEO Piyush Pandey notes the pressures of regulatory requirements and daily operations without corresponding compensation. George Jones of Critical Start highlights the impacts: decreased effectiveness, retention challenges, cultural issues, and increased vulnerabilities. Breaking these barriers involves giving CISOs a seat at the table and investing proactively in cybersecurity.
July 11, 2024 | A new phishing toolkit, FishXProxy, is lowering the barrier for creating sophisticated email attacks. This kit, integrated with Cloudflare CDN, evades traditional security measures. Experts warn of increased phishing threats and stress the need for advanced, multi-layered defenses.
July 10, 2024 | The Biden administration launched the National Cyber Workforce and Education Strategy (NCWES) to fill 470,000 open cybersecurity positions. This initiative aims to diversify the workforce, shift to skills-based hiring, and increase scholarships for non-traditional students.
Experts emphasize raising awareness about cybersecurity careers and providing quality education. Despite these efforts, the skills gap remains a significant challenge.
July 10, 2024 | Cybersecurity researchers discovered a critical vulnerability in RADIUS, a network authentication protocol from the 1990s still widely used today. The vulnerability, CVE-2024-3596, allows attackers to conduct man-in-the-middle attacks, posing significant risks to enterprise and telecom networks. Immediate patching and transitioning to modern cryptographic standards are essential to mitigate the threat.
July 17, 2024 | Research reveals CISO job satisfaction is tied to their access to company management. High salaries don’t prevent job dissatisfaction; many CISOs considered job changes in 2023 due to being scapegoats for cyber incidents and compliance issues.
July 9, 2024 | Eldorado, a Ransomware-as-a-Service (RaaS), is hitting both Windows and Linux systems. Using Golang for cross-platform attacks, it employs advanced encryption like Chacha20 and RSA-OAEP to encrypt files over SMB. Eldorado spreads via USB drives and recruits affiliates through underground forums. Group-IB reports 16 confirmed cases, affecting various industries in the US and beyond.
July 9, 2024 | Malware analysis is crucial for cybersecurity, helping security teams understand malicious software’s behavior, origin, and impact. Here’s a primer for boards on the value and process of malware analysis.
July 9, 2024 | A new ransomware-as-a-service platform, Eldorado, targets Windows and VMware ESXi environments. Active since March, Eldorado uses Golang for cross-platform capabilities and employs advanced encryption methods. Researchers note its significant impact on virtualized environments and the evolving threat landscape.
July 8, 2024 | Explore Eldorado, a new ransomware-as-a-service (RaaS) group targeting VMware ESX servers. This group has already launched 16 attacks, predominantly in the United States, impacting sectors such as real estate, education, healthcare, and more.
July 5, 2024 | Bugcrowd’s latest report reveals that 1 in 3 security leaders believe many organizations sacrifice customer privacy to reduce costs. Surveying over 200 global security leaders, the report highlights:
91% foresee AI outpacing security teams.
56% report severe team understaffing; 87% are hiring.
70% plan to reduce security team sizes due to AI within 5 years.
July 2, 2024 | Life360 reported a data breach affecting its subsidiary, Tile, exposing client information such as names, phone numbers, addresses, email addresses, and device IDs.
Piyush Pandey, CEO at Pathlock: Pandey stressed the importance of proactive identity security, highlighting the need for visibility into user access throughout their lifecycle. He noted the absence of multi-factor authentication as a critical oversight, emphasizing the need to secure service accounts alongside business applications.
Anne Cutler, Cybersecurity Evangelist at Keeper Security: Cutler underscored the necessity for prioritizing admin account security, advocating for stringent password policies and least privilege access. She recommended continuous monitoring of admin activities and implementing multi-factor authentication across all accounts to enhance security.
Callie Guenther, Senior Manager, Cyber Threat Research at Critical Start: Guenther highlighted the broader implications of the breach, including potential threats like targeted extortion and supply chain vulnerabilities. She emphasized the importance of comprehensive security frameworks, vigilant monitoring, and incident response strategies to mitigate risks.
July 2, 2024 | Menlo Security’s latest report uncovers three new state-backed cyber gangs using Highly Evasive and Adaptive Threat (HEAT) techniques. LegalQloud, Eqooqp, and Boomer target banking, government, and healthcare sectors with advanced phishing and bypass tactics, posing significant cybersecurity threats.
July 1, 2024 | A critical remote code execution flaw (CVE-2024-6387) in OpenSSH on glibc-based Linux systems has been discovered. This vulnerability could allow attackers to gain full system control without user interaction, posing severe risks.
Qualys identified over 14 million potentially vulnerable OpenSSH server instances exposed to the internet. This flaw, a regression of CVE-2006-5051, underscores the need for thorough regression testing.
To mitigate risks, apply patches immediately, restrict SSH access, and deploy intrusion detection systems.
July 1, 2024 | Aqua Security reveals that API tokens, credentials, and passkeys remain exposed in code repositories, even after deletion. This “phantom secrets” issue affects major platforms like GitHub, Bitbucket, and GitLab, posing significant risks.
Aqua found that almost 18% of secrets might be overlooked by standard scanning methods, leaving sensitive information accessible. This problem persists due to how SCM systems save deleted or updated commits.
To mitigate these risks, organizations must implement comprehensive secret management practices and regular audits of their repositories.
July 1, 2024 | Microsoft has discovered “Skeleton Key,” a security flaw in AI models that can bypass ethical safeguards. This vulnerability impacts eCommerce platforms, financial services, and customer support systems.
The flaw affects AI from major providers like Meta, Google, and OpenAI, potentially allowing malicious actors to manipulate AI systems. Microsoft advises businesses to implement stringent security measures to protect against these threats.
June 28, 2024 | Cybersecurity stress is rampant, with burnout costing U.S. businesses $626 million annually in lost productivity. A survey by Hack the Box reveals 74% of cybersecurity pros take time off due to work-related stress, impacting recruitment and retention. Addressing these issues through mental health support and clear career paths is crucial.
June 28, 2024 | Randy Watkins, CTO at Critical Start, discusses the critical importance of cyber risk profiling in preventing cyberattacks. Learn why organizations must proactively manage vulnerabilities to enhance resilience against sophisticated threats.
June 28, 2024 | A recent acquisition of the Polyfill domain by a Chinese company has turned it into a major supply-chain risk for over 100,000 websites. Originally a trusted JavaScript library used widely across industries, Polyfill.io is now accused of delivering malicious code, including redirects to illicit sites like sports betting and pornography.
June 28, 2024 | BlackBerry Limited’s latest Global Threat Intelligence Report reveals a sharp increase in cyberattacks, detecting 3.1 million in Q1 2024 — approximately 37,000 per day. The report highlights a 40% rise in unique malware samples and identifies a significant targeting of sectors like healthcare and financial services. Social engineering tactics are on the rise, exploiting vulnerabilities across various industries.
June 27, 2024 | Bugcrowd’s 2024 Inside the Mind of a CISO report highlights that 33% of security leaders believe companies sacrifice long-term security for cost savings. Additionally, 40% think few firms understand their breach risks. Despite concerns, 87% are hiring, with 56% reporting understaffing. Over 80% hold cybersecurity degrees, challenging perceptions on formal education.
June 27, 2024 | Researchers have uncovered three nation-state campaigns using advanced highly evasive and adaptive threat (HEAT) tactics to target sectors like banking, finance, insurance, legal, government, and healthcare. Named LegalQloud, Eqooqp, and Boomer, these campaigns have compromised over 40,000 users in 90 days, according to Menlo Security. The attackers use sophisticated techniques to bypass multi-factor authentication (MFA) and seize control of sessions, posing significant challenges for cybersecurity defenses.
June 27, 2024 | Organizations are increasing their cybersecurity budgets but remain uncertain about the effectiveness of their investments, according to Optiv’s 2024 Threat and Risk Management Report. While budgets have increased by 59% year-over-year, only 36% have a formal budgeting approach, leading to inefficiencies and missed opportunities. The report reveals that 61% of organizations experienced a data breach in the past two years, and 73% are adopting SOAR technology to improve incident response efficiency.
June 26, 2024 | Over 100,000 websites using Polyfill JS are now vulnerable to malicious redirects to sports betting and pornography sites. Sansec researchers found that the popular open-source code, recently acquired by Funnull, generates malicious activities based on HTTP headers. This highlights the risks of relying on third-party open-source projects.
June 24, 2024 | Outdated Android devices are under attack from “Rafel RAT,” a novel malware capable of stealing data and executing ransomware attacks, according to CheckPoint research. Over 120 global campaigns have been observed, targeting high-profile sectors like the military. Rafel RAT can access SMS, call logs, and contacts by exploiting user permissions through phishing campaigns. Modified versions include a ransomware module for encrypting files.
June 24, 2024 | Security researchers warn of Rafel RAT, a malware targeting Android devices. Check Point Research identified multiple threat actors using Rafel for espionage and data theft, affecting mainly Samsung, Xiaomi, Vivo, and Huawei phones. Most infected devices run outdated Android versions, increasing vulnerability.
June 24, 2024 | Barracuda Networks’ new CRO, Geoffrey Waters, aims to drive new business and strengthen partnerships. Waters, previously with Check Point Software, VMware, and Intel, focuses on customer outcomes, sales excellence, and team unity to accelerate growth globally.
June 21, 2024 | Recent tech graduates face unique challenges and opportunities as they enter the cybersecurity workforce. Experts emphasize the importance of technical and soft skills, continuous learning, and exploring opportunities in various sectors beyond traditional tech.
June 20, 2024 | Security teams are adopting generative AI (GenAI) to enhance threat detection and response, phishing prevention, and anomaly detection. This technology helps summarize vast data, automate tasks, and improve cybersecurity resilience against evolving threats.
June 20, 2024 | A high-severity vulnerability in Phoenix Technologies’ SecureCore UEFI firmware, affecting hundreds of Intel CPUs, poses significant risks. Known as CVE-2024-0762, this vulnerability allows local attackers to escalate privileges and gain code execution within UEFI firmware.
June 19, 2024 | Medium to large enterprises face significant financial losses due to cybersecurity worker burnout, with annual losses averaging over $626 million in the U.S. Causes include stress, fatigue, and lack of support, highlighting the need for better mental health resources and team efficiency tools.
June 18, 2024 | As AI-driven cyber threats evolve, security teams must adopt advanced strategies to counteract them. Callie Guenther from Critical Start outlines six key areas for enhancing cybersecurity and staying ahead of attackers using AI technologies.
June 18, 2024 | As AI-driven cyber threats evolve, security teams must adopt advanced strategies to counteract them. Callie Guenther from Critical Start outlines six key areas for enhancing cybersecurity and staying ahead of attackers using AI technologies.
June 18, 2024 | In honor of Internet Safety Month, VM Blog gathers insights from top industry experts to help you stay safe online. Discover emerging threats, expert advice, and practical strategies to protect yourself and your family.
June 14, 2024 | Millions of Tile users’ personal information may have been exposed in a data breach where hackers accessed internal tools. While no financial info or location data was compromised, users should be cautious of phishing attempts.
March 25, 2024 | The US Department of Justice charged seven Chinese nationals linked to the APT31 threat group with cyber espionage, and the Department of the Treasury announced sanctions against their affiliated shell company, aiming to curb state-sponsored hacking.
June 13, 2024 | The Department of Homeland Security (DHS) and the Office of Management and Budget (OMB) have released AI roadmaps prioritizing ethical standards, privacy, and innovation. These policies align with the White House’s AI executive order, providing clear guidelines for responsible AI use in government operations.
June 13, 2024 | As technology evolves, IT and cybersecurity roles are merging, requiring tech professionals to acquire skills in both areas. This convergence is driven by advancements in AI, cloud computing, and IoT, highlighting the need for integrated security measures.
June 12, 2024 | Nvidia has issued patches for high-severity vulnerabilities in its GPU drivers and virtualization software, critical for preventing data theft and code execution attacks. These updates are vital for protecting AI workloads and data centers using Nvidia’s technology.
June 12, 2024 | Black Basta ransomware is believed to have exploited a Windows zero-day vulnerability (CVE-2024-26169) before a patch was available, highlighting the critical need for timely security updates and vigilant threat monitoring.
June 7, 2024 | A vulnerability in Ariane Systems’ kiosk platform (CVE-2024-37364) allows attackers to access guest data and create room keys. Exploiting this flaw can expose personal information and hotel operations. The issue has been patched in newer versions, but physical security and regular updates are crucial.
June 7, 2024 | A vulnerability in Ariane Systems’ hotel check-in kiosks, impacting over 3,000 hotels, allows attackers to access guest data and create unauthorized room keys. The flaw highlights the urgent need for proactive cybersecurity measures in the hospitality industry.
June 3, 2024 | SolarWinds’ SVP Krishna Sai emphasizes that generative AI is beneficial, not intimidating, helping organizations improve operations and customer satisfaction. SolarWinds AI, integrated into their IT service management products, demonstrates these benefits. Sai encourages embracing AI while being aware of regulatory and security considerations.
June 3, 2024 | Fastly researchers discovered vulnerabilities in popular WordPress plugins, including WP Meta SEO, WP Statistics, and LiteSpeed Cache, leaving millions of websites exposed to backdoor attacks. These vulnerabilities allow attackers to inject malicious scripts, create admin accounts, and insert PHP backdoors. Website administrators are advised to update plugins and implement security measures to protect their sites.
June 3, 2024 | A recent report reveals that 39% of Managed Service Providers (MSPs) find adapting to emerging cybersecurity solutions and technologies to be their greatest challenge. The report, based on a survey of 350 MSPs across the US, UK, Australia, and Germany, highlights the critical need for continuous staff training, strong vendor relationships, and flexible security solutions.
May 22, 2024 | The EPA has issued an urgent alert for U.S. water utilities to strengthen cybersecurity defenses against escalating threats, citing critical vulnerabilities and the necessity for immediate action. The alert outlines essential measures for risk assessments, network safeguards, incident response, and employee training to ensure compliance with the Safe Drinking Water Act.
May 21, 2024 | New AI guidelines from NIST highlight risks and best practices for developing and deploying generative AI technologies, emphasizing security and trustworthiness. Tech professionals must learn these lessons to stay current and enhance their career development.
May 20, 2024 | George Jones of Critical Start delves into the importance of distinguishing between cyber risks and threats. He highlights the need for organizations to adopt both risk-centric and threat-centric approaches to enhance their cybersecurity posture effectively.
May 18, 2024 | CISA has added two end-of-life D-Link routers to its Known Exploited Vulnerabilities catalog, urging immediate patching or retirement of the devices. The vulnerabilities (CVE-2014-100005 and CVE-2021-40655) allow attackers to hijack administrator sessions and steal login credentials.
May 15, 2024 | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched the “vulnrichment” program to address delays in the National Vulnerability Database (NVD) caused by NIST’s reduced involvement. This initiative enriches CVEs with critical data such as CVSS scores, CWE, and CPE information, aiding better vulnerability management. CISA’s stakeholder-specific categorization helps prioritize vulnerabilities. Since its launch, over 1,300 CVEs have been enriched. This program is part of CISA’s broader efforts to enhance cybersecurity resilience across the U.S.
May 15, 2024 | In cybersecurity, distinguishing between vulnerabilities, threats, and risks is crucial. The article discusses the differences between risk-centric and threat-centric approaches in cybersecurity. It explains how each approach addresses specific threats like ransomware, phishing, and data breaches, and emphasizes the need for a balanced strategy tailored to an organization’s unique challenges.
May 15, 2024 | Dell Technologies reported a data breach affecting 49 million customers, exposing personal information through a poorly secured API. The breach has raised significant concerns about targeted phishing attacks and other potential cyber threats.
May 15, 2024 | NIST and CISA are addressing critical backlogs at the National Vulnerability Database (NVD) through new initiatives, including CISA’s ‘Vulnrichment’ project, to enrich CVEs with essential metadata and improve vulnerability management.
May 15, 2024 | CISA launches the ‘vulnrichment’ program to enrich CVEs with critical metadata, filling the gap left by NIST’s reduced involvement with the National Vulnerability Database. This initiative aims to improve vulnerability management and prioritize remediation efforts.
May 15, 2024 | Google released an emergency update for Chrome (CVE-2024-4761), an out-of-bounds write flaw in the V8 JavaScript engine. This marks the sixth Chrome zero-day patched in 2024. Users should update to version 124.0.6367.207/.208 on Windows/Mac and 124.0.6367.207 on Linux. Experts emphasize the critical nature of frequent zero-day discoveries and the need for prompt patching and additional security measures.
May 14, 2024 | Google released a patch for the sixth Chrome zero-day vulnerability of 2024 (CVE-2024-4761), an out-of-bounds write in the V8 engine. Discovered by an anonymous researcher, this flaw allows remote attackers to perform memory writes via crafted HTML. Despite no active exploitation reported, an exploit exists. Experts emphasize the importance of swift patching and robust cybersecurity measures.
May 14, 2024 | Google released an emergency update for Chrome, addressing a zero-day vulnerability (CVE-2024-4761) in the V8 JavaScript engine. This flaw allows attackers to escape the browser sandbox via crafted HTML pages. It is the sixth Chrome zero-day patched this year, with exploit code already circulating. Users should update Chrome immediately to prevent potential data breaches.
May 13, 2024 | Following a major cyberattack on Ascension health system, the AHA and H-ISAC issued alerts about the Black Basta ransomware group, which has increasingly targeted healthcare. Ascension is collaborating with law enforcement and sharing threat intelligence. The attack has severely disrupted clinical operations, leading to patient rescheduling and downtime procedures. Experts emphasize the importance of information sharing and advanced cybersecurity measures to mitigate such threats.
April 5, 2024 | CISA announced a new rule under the Cyber Incident Reporting for Critical Infrastructure Act, requiring significant cyber incidents to be reported within 72 hours and ransom payments within 24 hours. CISA Director Jen Easterly emphasized the rule’s role in enhancing cybersecurity coordination and response. The rule is expected to affect over 316,000 entities and cost an estimated $2.6 billion. The public comment period ends on June 3, 2024.
April 4, 2024 | The State Department is investigating an alleged cyber breach while the FCC considers regulating connected vehicles. In the Industry Voices segment, George Jones, CISO at Critical Start, shares strategies on maximizing cybersecurity investments to achieve optimal risk reduction. Jones discusses how security leaders can spend smarter and reduce risks effectively.
April 4, 2024 | Researchers have discovered a new malware downloader named “Latrodectus,” used by initial access brokers in email threat campaigns. Emerging after QBot’s disruption in 2023, Latrodectus uses sandbox evasion techniques to avoid detection, making it a potent tool for threat actors.
April 4, 2024 | Researchers from Proofpoint have identified a new malware called “Latrodectus,” likely developed by the creators of the banking trojan IcedID. This malware uses sandbox evasion techniques to deliver malicious payloads. Proofpoint expects increased use of Latrodectus by threat actors. The malware checks for sandbox environments and is distributed via impersonation campaigns.
April 3, 2024 | A Sophos report reveals ransomware attackers are increasingly targeting backups, making it harder for organizations to recover without paying a ransom. 94% of surveyed companies faced backup compromise attempts, leading to higher ransom demands. The report emphasizes secure, isolated backups as critical to minimizing ransomware damage and ensuring business continuity.
April 3, 2024 | The CVE List and National Vulnerability Database (NVD) are criticized for not being comprehensive or reliable sources of vulnerability information. Issues include incomplete listings and false positives, leading to potential security risks. Efforts are underway to improve the system with a consortium to address these challenges.
April 3, 2024 | The FCC’s new voluntary cybersecurity labeling program for IoT devices aims to enhance consumer awareness and protection. By providing clear cybersecurity information through a U.S. Cyber Trust Mark and QR code, the program promotes transparency and security. This initiative can help mitigate risks in critical sectors like energy, healthcare, and manufacturing, ensuring safer IoT deployments.
April 2, 2024 | Vietnam’s rapid economic growth has led to a surge in cybercrime, including ransomware attacks and the use of junk bank accounts for financial fraud. The government is working to strengthen cybersecurity, but challenges persist due to widespread use of pirated software and limited cybersecurity awareness among users.
April 2, 2024 | Microsoft’s release of Copilot for Security integrates AI into its security offerings, providing MSSPs with opportunities to enhance productivity and efficiency in security operations. Despite initial concerns about pricing models and integration, the tool shows promise in augmenting SOC capabilities and creating new revenue streams for MSSPs.
April 1, 2024 | Due to data security concerns, the US House of Representatives has banned staff from using Microsoft’s AI Copilot, citing potential risks of data leakage to unauthorized cloud services. Microsoft plans to address these concerns with a secure government version later this year.
April 1, 2024 | The US House of Representatives has banned staff members from using Microsoft’s AI chatbot Copilot due to concerns over data security and potential leaks to non-House approved cloud services. This decision aligns with a previous ban on ChatGPT and reflects the government’s cautious approach to AI regulation. Microsoft plans to release a secure government version of Copilot this summer to address these concerns.
April 1, 2024 | As World Backup Day 2024 approaches, industry experts share insights on the importance of robust backup strategies to protect against data loss, ransomware, and cyberattacks. Learn how to safeguard your digital assets and ensure business continuity.
March 27, 2024 | A recent White House letter warns that critical infrastructure, especially water and wastewater systems, is a major target for foreign state-sponsored cyberattacks, urging immediate cybersecurity improvements.
March 25, 2024 | A new wave of StrelaStealer malware campaigns has impacted over 100 organizations in the EU and US, with attackers updating their methods to evade detection through spearphishing and advanced obfuscation techniques.
March 25, 2024 | The US Department of Justice charged seven Chinese nationals linked to the APT31 threat group with cyber espionage, and the Department of the Treasury announced sanctions against their affiliated shell company, aiming to curb state-sponsored hacking.
March 18, 2024 | In her article for SC Media, Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, advocates for a paradigm shift in cybersecurity from a reactive to a proactive approach.
She emphasizes the importance of integrating proactive vulnerability intelligence (VI) within vulnerability management systems (VMS) to anticipate and mitigate potential threats before they materialize into breaches.
Guenther cites the recent ransomware attack on Change Healthcare as an example of the devastating consequences of relying on a reactive model and highlights how proactive VI could have offered multiple layers of defense.
The article underscores the strategic advantages of embracing proactive VI within VMS, including enhanced threat prediction, prioritized remediation efforts, and optimized resource allocation.
Guenther envisions a future where the integration of proactive VI and VMS, coupled with advancements in AI and machine learning, becomes the foundation of adaptive and resilient cybersecurity strategies.
February 13, 2024 | In his Forbes Council Post, Randy Watkins, CTO of Critical Start, emphasizes the significance of adopting cybersecurity frameworks like NIST CSF and ISO/IEC 27001 for enterprise security teams.
He outlines how these frameworks provide a structured approach to enhancing an organization’s security posture by covering critical aspects such as identification, protection, detection, response, and recovery.
The article also highlights the benefits of aligning security measures with these frameworks to develop comprehensive roadmaps, justify budget allocations, and cautions against overreliance on any single framework, given the unique needs of each organization and the ever-changing cyber landscape.
Ultimately, Randy advocates for fully integrating cybersecurity frameworks into holistic risk reduction strategies, enabling organizations to measure and optimize their security posture over time accurately.
October 11, 2023 | The education sector is increasingly targeted by cyber threats, with 29% of attacks on K-12 schools originating from vulnerability exploitation, and 30% from phishing campaigns in 2023, according to a report by cybersecurity solutions provider Critical Start. The report highlights the growing use of Quick Response (QR) codes in phishing attacks, where cybercriminals disguise themselves as Microsoft security notifications and embed QR codes within PNG images or PDF attachments. Ransomware groups are collaborating more extensively, sharing tactics and procedures, while Microsoft Teams’ vulnerability allows external accounts to send harmful files directly to an organization’s staff, increasing the risk of successful attacks.
October 10, 2023 | A robotics hacker, Alan Meekins (Nullagent), created RFParty, a service enabling people to monitor police activity using Bluetooth, exploiting vulnerabilities in law enforcement equipment provider Axon’s devices. Meekins discovered that Axon uses Bluetooth to tie together hardware like body cameras, Tasers, firearms, and dash cameras. Accessing Bluetooth data, such as the MAC address of a bodycam, could be valuable to citizens seeking to monitor police activity. While Meekins’ RFParty service isn’t designed to track police, it maps common IoT devices, including police objects like bodycams. Cybersecurity experts note that Bluetooth connections offer a broader attack surface than wired connections, and vulnerabilities in Bluetooth are discovered semi-regularly. While Bluetooth security can vary, the threat to consumers is considered marginal, with good security hygiene recommended.
October 9, 2023 | Amnesty International reported a series of Predator spyware attacks targeting civil society, journalists, politicians, and academics in the European Union, the United States, and Asia. The human rights group called for a worldwide ban on spyware, stating that the attacks are so serious that the developers of Predator, the Intellexa alliance, have done nothing to limit the use of this spyware. The Amnesty International investigation is part of the ‘Predator Files’ project, and those targeted include members of the U.S. Congress, the President of the European Parliament, the Taiwan President, and others. The spyware provides unfettered access to a device’s microphone and camera and all its data. Social media platforms, including X and Facebook, were used to publicly target at least 50 accounts, according to Amnesty International. The Citizen Lab independently confirmed Amnesty’s findings concerning Predator and assessed with “high confidence” that the threat actor included Cytrox Predator infection links in replies to numerous U.S. and international officials and others. The targeting of high-ranking officials and journalists demonstrates the strategic deployment of this spyware, with a clear motive to gain insights into policy-making or to quell dissent.
October 3, 2023 | Amazon Web Services (AWS) has issued a warning regarding a vulnerability affecting TorchServe, a tool used by major companies to incorporate artificial intelligence (AI) models into their operations. The bug, named CVE-2023-43654 and part of a set of vulnerabilities named “ShellTorch” by researchers from Oligo, exposes important administrative tools to the open internet. Oligo discovered that hackers could potentially view, modify, steal, or delete AI models and sensitive data between a company and the TorchServe server. The vulnerabilities highlight the risks associated with AI models relying heavily on open-source software. AWS urges users to update TorchServe to resolve the issue.
October 3, 2023 | A group of 56 cybersecurity leaders, including professionals from ESET, Rapid7, the Electronic Frontier Foundation, and Google’s Vint Cerf, have criticized the European Union’s (EU) proposed one-day vulnerability disclosure requirement under the Cyber Resilience Act (CRA). In an open letter, they argue that the CRA’s requirement for software publishers to disclose unpatched vulnerabilities to government agencies within 24 hours of exploitation could create a tempting target for malicious actors and have a chilling effect on good-faith security researchers. They suggest that disclosing vulnerabilities prematurely may interfere with the coordination and collaboration between software publishers and security researchers.
October 2, 2023 | Cisco has identified and released patches for a vulnerability (CVE-2023-20109) affecting the Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software. The flaw has a CVSS severity score of 6.6 out of 10, and a successful exploit could allow an attacker to execute arbitrary code and gain full control of the affected system or cause it to reload, resulting in a denial of service (DoS) condition. While the vulnerability is serious, experts note that a successful exploit would require a hacker to be deeply embedded in an organization’s systems, making it likely that the bug would be used for privilege escalation in an already-compromised system.
September 29, 2023 | Progress Software has issued patches for critical vulnerabilities in its WS_FTP Server, impacting versions prior to 8.7.4 and 8.8.2. One of the vulnerabilities, CVE-2023-40044, with a CVSS score of 10.0, is a .NET deserialization flaw in the Ad Hoc Transfer module that allows pre-authenticated attackers to execute remote commands on the underlying operating system. Another critical flaw, CVE-2023-42657, with a CVSS score of 9.9, is a directory traversal vulnerability that enables attackers to perform unauthorized file operations on the underlying operating system. Organizations are advised to apply patches promptly or upgrade to the latest version (8.8.2) and plan for system outages during the upgrade process.
September 27, 2023 | The U.S. and Japanese governments have issued a joint advisory warning about BlackTech, a Chinese-linked hacking group actively targeting and exploiting routers, especially those from Cisco Systems Inc. BlackTech, also known as Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda, has shown capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships to pivot between international subsidiaries and headquarters in Japan and the U.S. The threat group targets various sectors, including government, industrial, technology, media, electronics, and telecommunications, affecting entities supporting the U.S. and Japan militaries. The advisory urges organizations to review subsidiary connections, verify access, implement zero trust models, and adopt mitigations against known attack paths to detect and protect against BlackTech’s activities.
September 27, 2023 | A previously disclosed vulnerability, first tracked as CVE-2023-4863 and later marked as CVE-2023-5129 with the highest CVSS severity rating of 10 out of 10, is found to affect a wider range of applications than initially assumed. Originally announced as a Chrome browser issue, researchers later traced it back to the open-source libwebp library. This library, used by multiple browsers and image editors, was discovered in several popular container images’ latest versions, including Nginx, Python, Joomla, WordPress, Node.js, and more. The vulnerability poses significant risks due to its high severity and the potential for remote code execution, making it crucial for organizations to thoroughly inventory their software assets to ensure comprehensive mitigation.
September 22, 2023 | Apple has patched three zero-day vulnerabilities actively exploited in the wild, bringing the total fixed zero-days this year to 16. Security researchers believe commercial spyware vendors are behind the attacks. The vulnerabilities were reported by Bill Marczak of The Citizen Lab and Maddie Stone of Google’s Threat Analysis Group. The fact that many of these vulnerabilities were discovered by groups that focus on state-sponsored and high-level cyber-espionage campaigns suggests that Apple devices are being targeted in sophisticated attacks against high-profile individuals. The zero-days patched include vulnerabilities in WebKit browser, Security Framework, and Kernel Framework. The use of zero-day vulnerabilities by commercial spyware vendors is on the rise, and the exposure of these vulnerabilities raises the cost of doing business for them. Apple’s new Rapid Security Response (RSR) model separates critical security patches from functional updates, allowing the company to address vulnerabilities more quickly and efficiently.
September 15, 2023 | The threat group ALPHV, responsible for the recent cyberattacks on MGM Resorts and Caesars Entertainment, claims to have breached MGM’s systems by exploiting vulnerabilities in the Okta platform, specifically the Okta Agent. The group states that MGM Resorts hastily shut down its Okta Sync servers after learning of the intrusion, resulting in Okta being completely out. ALPHV indicates that they lurked in the Okta Agent servers, sniffing passwords of individuals. The group subsequently launched ransomware attacks against over 1,000 ESXi hypervisors on September 11. ALPHV threatens further action if a financial arrangement is not reached, claiming ongoing access to some of MGM’s infrastructure. Okta’s chief security officer acknowledges a social engineering component to the attack but highlights that the attackers were sophisticated enough to deploy their identity provider and user database into the Okta system. Okta had previously warned of social engineering attacks attempting to gain highly privileged access. The incident raises concerns about potential future cyberattacks targeting high-privilege users and emphasizes the importance of robust security hygiene, continuous monitoring, and threat intelligence sharing.
September 14, 2023 | The recent ransomware attacks on MGM International and Caesars Entertainment by the Scattered Spider group highlight the threat of known tactics and techniques that have been well-documented for months. The group utilizes the Bring Your Own Vulnerable Driver (BYOVD) technique, exploiting vulnerabilities in drivers like the Intel Ethernet diagnostics drivers to gain elevated privileges within Windows systems. While initial compromises may involve social engineering, the subsequent actions inside the network, especially if using advanced tactics like BYOVD, could significantly impact the severity of the breach. Scattered Spider, also known as UNC3944, operates as a financially driven threat actor, and their attacks raise concerns about the security of large organizations. The recent incidents indicate a potential shift in focus from traditional ransomware-as-a-service (RaaS) activities to advanced threat actor tactics. The security industry emphasizes the need for organizations to enhance security measures against such sophisticated threats and urges a comprehensive defense strategy beyond conventional security products.
September 12, 2023 | MGM Resorts is dealing with a cyberattack that has left its hotel operations, especially in Las Vegas, in disarray. The incident, suspected to be a ransomware attack, impacted key card systems, locking guests out of their rooms and causing disruptions to slot machines. While the company is actively investigating with external cybersecurity experts and law enforcement, its websites remain offline. Security experts see signs of a ransomware attack, given the widespread outages, but other possibilities, such as a distributed denial-of-service (DDoS) attack or an advanced persistent threat (APT) group, are not ruled out. The recovery process is now in the hands of MGM Resorts’ security teams.
September 12, 2023 | A new trend called “jailbreaking” has emerged in the world of AI chatbots, where users exploit vulnerabilities to bypass safety measures, potentially violating ethical guidelines and cybersecurity protocols. This practice allows users to unleash uncensored and unregulated content, raising ethical concerns. Online communities share tactics to achieve these jailbreaks, fostering a culture of experimentation. Cyber-criminals have also developed tools for malicious purposes, leveraging custom large language models. While defensive security teams work on securing language models, the field is still in its early stages, and organizations are taking proactive steps to enhance chatbot security.
September 8, 2023 | Cybercriminals are exploiting the acceptance of Telegram “mods” in the Google Play store to distribute “Evil Telegram,” a spyware campaign. Using modified versions of Telegram, these attackers, trading on users’ trust in Telegram’s security, create a new avenue for cyberespionage. Kaspersky identified infected apps like “Paper Airplane,” which appear as legitimate Telegram clones but contain a hidden spyware module. These apps, downloaded over 60,000 times, target users in China, particularly the Uyghur ethnic minority, raising concerns about potential government surveillance. Businesses are urged to remain vigilant, as mobile spyware poses risks such as unauthorized access to sensitive data and compromised employee information. Kaspersky researchers reported the apps to Google for removal, emphasizing the need for caution even with official app stores.
September 8, 2023 | Cisco Talos researchers uncovered a cryptocurrency-mining scheme targeting graphic designers and 3D modelers. Active since November 2021, the attackers use the legitimate Windows tool “Advanced Installer” to bundle mining malware with software like Adobe Illustrator. The focus on graphic design and 3D modeling tools is due to their high GPU power, ideal for mining. Malicious scripts, hidden in the installation process, deploy threats like the M3_Mini_Rat backdoor and mining malware (PhoenixMiner, lolMiner). The campaign, mainly affecting French-speaking users, emphasizes the need for caution during software installation. Persistent and difficult to detect, such campaigns highlight the importance of collaboration between operations and security teams.
September 7, 2023 | For the second time in the last few years, North Korean state-sponsored attackers targeted security researchers. With an all new zero-day vulnerability, fake software tool, and extensive phishing, these operations are aiming to not only steal information but also gather insight into defense mechanisms. Critical Start’s Senior Manager of Cyber Threat Research, Callie Guenther, sat down with Dark Reading to talk about the recent return of these threat actors, and their strategic targeting of those involved in cybersecurity research.
September 7, 2023 | Advanced Installer, a legitimate windows tool, is being hijacked by threat actors, in order to create software packages to drop cryptocurrency mining malware on computers. The main targets are heavy users of 3D modeling and graphic design in France and Germany. In this SC Magazine article, Critical Start’s Senior Manager of Cyber Threat Research, Callie Guenther, discusses the various methods and motivations these attackers may use to choose their targets.
Instagram’s new Threads is already proving to be a target for fraud and abuse, with several potential security and compliance risks associated with its use for organizations. Learn about some of these vulnerabilities from Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research and how organizations can protect against these risks.
Web apps that contain Personally Identifiable Information (PII) are prime targets for threat actors due to the valuable data being stored. No platform is safe from cyber attacks or vulnerabilities, and these internet-exposed applications are no different. What are the true consequences of a breach for these web apps, and how they safeguard against vulnerabilities? Learn more from Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, in this SC Magazine article.
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, discussed with The Record about the use of open-source tools with the new strain of malware from North Korea’s Lazarus group.
Critical Start’s Callie Guenther, Sr. Manager Cyber Threat Research, discussed the return of the XLoader macOS malware with Infosecurity Magazine and warnings for macOS users.
Critical Start’s CTO, Randy Watkins, was featured in SC Magazine discussing the recent Prospect Medical Holdings ransomware attack and how hospitals can mitigate this risk in the future.
Critical Start’s CISO, George Jones, spoke with SC Magazine on the spike in zero-day vulnerabilities throughout Summer 2023, and what this means for the future.
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, provided insight into the recent Cisco vulnerability with Information Week and the potential impact.
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, wrote a guest column with SC Magazine on the steps organizations should take following the recent state-sponsored cyberattack.
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, discussed with Dark Reading the recent Mastodon vulnerabilities and how it impacts its overall security.
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, was featured in Security Week discussing NATO’s view on cyberattacks ahead of the July 2023 NATO Summit.
Is your cybersecurity team ready for a crisis? Critical Start’s CISO, George Jones, shared practical tips with CSO Magazine, about preparing your cybersecurity team for a crisis.
In response to the Nagoya Port ransomware attack, Critical Start’s Sr. Manager, Cyber Threat Research, Callie Guenther, shared practical steps to proactively protect your organization against ransomware attacks.
Should tech pros prioritize cybersecurity certifications? Critical Start’s CISO, George Jones, shared his thoughts on cybersecurity certifications and tech career advancement with DICE Insights.