Resource Type: News

Inside the Four-Month Espionage Campaign by Suspected Chinese Threat Actors – Critical Start

Jan. 17, 2025 | A U.S. organization with major operations in China faced a four-month cyberespionage campaign linked to Chinese APTs. Attackers targeted Exchange Servers and exfiltrated data, using DLL sideloading and Living-off-the-Land techniques. Experts warn that state-sponsored cyber threats are growing, demanding stronger defenses.

[Read the full article]

CISA Adds Mitel, Oracle, flaws to the KEV list

January 10, 2025 | CISA has updated its Known Exploited Vulnerabilities (KEV) catalog with critical flaws in Mitel’s MiCollab platform and a five-year-old Oracle WebLogic Server vulnerability.

Experts warn these flaws enable data compromise, lateral movement, and full server takeover. Immediate remediation and proactive monitoring are key to mitigating risks.

[Read the full report]

Zero-Day Exploits Surge in 2023: Cisco and Fortinet Under Fire

Nov 15, 2024 | In 2023, attackers increasingly targeted zero-day vulnerabilities, leveraging flaws in Citrix, Cisco, and Fortinet products to breach enterprise networks. A report from the Five Eyes alliance revealed that over half of the top vulnerabilities exploited last year were zero-day flaws, up significantly from 2022.

High-profile vulnerabilities like Citrix’s CVE-2023-3519 and Fortinet’s CVE-2023-27997 enabled remote code execution, posing critical risks. Experts emphasize the importance of patch management and defense-in-depth strategies to counteract these escalating threats.

[Read the full article]

Iranian “Dream Job” Campaign Targets Aerospace Sector

Nov 15, 2024 | Iranian threat group TA455 is using fake job offers to infiltrate the aerospace industry, according to ClearSky Cyber Security. The campaign distributes SnailResin malware, leading to SlugResin backdoor infections.

Victims are lured via deceptive LinkedIn profiles and job-related ZIP files containing malicious executables. TA455 blends legitimate traffic from platforms like GitHub and Cloudflare to evade detection. This sophisticated operation raises concerns about potential collaboration between Iranian and North Korean APT groups, given overlapping tactics.

[Read the full article]

Iranian Group Targets Aerospace Workers with Fake Job Lures – SC Media

Nov 13, 2024 | The Iranian Dream Job Campaign, active since September 2023, sees TA455 (UNC1549) targeting aerospace professionals with fake job offers. Using SnailResin malware to deploy the SlugResin backdoor, the campaign exploits LinkedIn and personal email to bypass enterprise defenses. Experts emphasize advanced detection tools and employee education to mitigate such risks.

[Read the Full Report]

Strengthening OT Cybersecurity in the Industry 4.0 Era

Nov 6, 2024 | As OT and IT systems converge, organizations face new cybersecurity risks. The Colonial Pipeline attack underscored the high stakes: an OT breach can halt operations, resulting in severe financial losses. To counter such threats, IT leaders must embrace proactive cybersecurity strategies.

Effective OT security measures include isolating OT from IT networks, implementing 24/7 monitoring, conducting regular audits, and training staff on cybersecurity best practices. With the right approach, companies can turn cybersecurity challenges into opportunities for resilience and innovation.

[Read the full article]

MSSPs: Key Partners in the Evolving World of Third-Party Risk Management (TPRM)

Nov 4, 2024 | As TPRM grows, MSSPs offer essential support by closing visibility and expertise gaps. A recent BlueVoyant report shows progress: only 81% of organizations reported supply chain security incidents this year, down from 94%. MSSPs bring continuous oversight, bolstering TPRM programs by helping manage third-party relationships in increasingly complex supply chains.

BlueVoyant’s report highlights increased TPRM budgets and a shift to active risk reduction. MSSPs can support this evolution with their threat intelligence, continuous monitoring, and sector-specific expertise, enabling organizations to handle complex, evolving supply chain threats effectively.

[Read the full article]

AI Cyberattacks Rise but Businesses Still Lack Insurance

Oct 30, 2024 | A Nationwide survey finds that despite rising AI-driven cyber threats, many businesses lack comprehensive cyber insurance. While 82% of risk managers fear future attacks due to GenAI, only 68% have insurance, and 36% face challenges renewing coverage. Chad Graham from Critical Start highlights the value of insurance in mitigating financial losses and supporting business recovery after cyber incidents. The survey also notes that 76% of affected businesses took over a month to recover, emphasizing the need for better protection.

[Read the full article]

FakeCall Android Trojan Evolves with New Evasion Tactics – SecurityWeek

Oct 30, 2024 | The FakeCall Android trojan has adopted advanced evasion and surveillance techniques, heightening risks for users and organizations. With the ability to intercept calls, mimic legitimate interfaces, and control device UIs, FakeCall tricks users into divulging sensitive financial details. Enhanced code obfuscation and remote control functions make detection difficult, posing significant threats to banks, enterprises, and individuals without robust mobile security.

[Read the full article]

Intel and AMD Chips Still Vulnerable to Spectre Flaw

Oct 29, 2024 | Over six years since the Spectre flaw was first revealed, Intel and AMD processors remain susceptible to speculative execution attacks. ETH Zurich researchers found these attacks exploit the Indirect Branch Predictor Barrier (IBPB) on x86 chips. While speculative execution boosts CPU performance, attackers can manipulate it to access unauthorized data, like encryption keys.

Intel issued a microcode patch (CVE-2023-38575), while AMD continues tracking its issue as CVE-2022-23824. John Gallagher from Viakoo Labs notes that speculative execution, present in all modern CPUs, enhances speed but comes with risks that are tough to patch.

[Read the full article]

Basic Cyber Hygiene Still Offers the Best Defense Against Ransomware

Oct 17, 2024 | The FBI’s takedown of the Dispossessor ransomware gang highlights a critical truth: simple cybersecurity measures, like strong passwords and multi-factor authentication (MFA), remain the most effective defense. Experts stress combining these basics with advanced strategies like passwordless authentication and network segmentation to protect against evolving threats.

[Read the full article]

Threat Actors Exploit Zero Days Within 5 Days, Says Google’s Mandiant

Oct 17, 2024 | Google Mandiant’s analysis of 138 actively exploited vulnerabilities in 2023 reveals a concerning trend: 70% were zero-days, with threat actors reducing time-to-exploit (TTE) to just five days. Experts highlight the critical need for rapid patching, dedicated zero-day response teams, and proactive threat hunting to combat evolving cyber threats.

[Read the full article]

The Evolving Threat Landscape in Manufacturing

Oct 17, 2024 | As Industry 4.0 connects manufacturing to the digital world, the sector faces a rising threat landscape. Cybercriminals are adapting tactics, targeting manufacturing systems, and exploiting legacy security gaps. Key challenges include evolving ransomware, IP theft, and regulatory pressures driving cybersecurity awareness.

[Read the full article]

Fidelity Investments Data Breach Impacts More Than 77,000 Customers

Oct 14, 2024 | Fidelity Investments disclosed a data breach affecting over 77,000 customers. Security experts point to misconfigurations, such as Broken Access Control, as potential attack vectors. They emphasize the importance of robust security measures, proactive incident response, and stringent third-party access controls to mitigate risks and protect sensitive customer data.

[Read the full article]

Over 77K Affected in Fidelity Investments Data Breach

October 11, 2024 | Fidelity Investments reported a data breach that exposed the personal information of 77,009 customers between August 17 and 19. While no funds were compromised, attackers accessed customer data using two newly created accounts. Experts warn the breach could lead to future attacks, heightening risks of identity theft and fraud. Fidelity assured that no ransomware was involved and offers free credit monitoring to those affected.

[Read the full article]

Fidelity Breach Exposes Data of 77,000 Customers: What to Do If Affected

October 11, 2024 | Fidelity Investments reported a data breach impacting 77,000 customers. The breach, detected on August 19, involved unauthorized access to personal information but no financial accounts. Fidelity offers 24 months of free credit monitoring to affected customers. They recommend reviewing account statements, placing fraud alerts, and changing passwords for added security.

[Read the full article]

Fidelity Investments Data Breach Impacts Nearly 80,000 Customers

October 10, 2024 | Fidelity Investments disclosed a data breach that affected 77,099 customers. The breach occurred on August 17 and was discovered on August 19, with unauthorized access to customer information through two newly established accounts. While no financial accounts were impacted, personal information was compromised. Fidelity is offering 24 months of free credit monitoring via TransUnion.

Experts speculate that a security vulnerability may have allowed the attackers to access customer data. Fidelity has since launched an investigation to prevent future incidents.

[Read the full article]

Fidelity Notifies 77K Customers of Data Breach

October 10, 2024 | Fidelity Investments has notified over 77,000 customers that their personal information was compromised in a data breach between August 17 and 19. The breach, the second this year for Fidelity, occurred when an unauthorized third party accessed two customer accounts. While no funds were affected, experts warn of potential risks for identity theft and fraud. Fidelity is offering 24 months of free credit monitoring to impacted customers.

[Read the full article]

30 Notable IT Executive Moves: September 2024

October 9, 2024 | Major tech companies like TD Synnex, ConnectWise, Critical Start, ThoughtSpot, Microsoft, CrowdStrike, and Capgemini made significant executive changes this month. Notably, Scott White was appointed CEO of Critical Start after serving as COO and revenue officer at DoiT International for four years. With over 16 years at Rackspace, where he held the role of VP of Sales before departing in 2018, White brings extensive experience to his new position.

[Read the full article]

Apple Fixes Security Tool Issues with macOS Update

October 8, 2024 | Apple’s macOS 15.0.1 patch addresses compatibility problems affecting CrowdStrike, SentinelOne, and Microsoft security software. The previous release caused crashes and reduced functionality, posing security risks. Experts urge teams to update immediately to ensure robust protection and compatibility with security tools.

[Read the full article]

CRITICALSTART® Appoints Stuti Bhargava as Chief Customer Officer

October 4, 2024 | Critical Start has appointed Stuti Bhargava as its new Chief Customer Officer (CCO). With over 20 years of experience in customer success within the tech sector, Bhargava will focus on strengthening client relationships and delivering tailored solutions.

Previously, she served as Chief Customer Experience Officer at OneSpan, where she developed comprehensive customer journey strategies. Bhargava has also led customer success teams at BitSight, ImmersiveLabs, and Actifio, enhancing growth in early-stage cybersecurity startups.

[Read the full article]

Critical Start Welcomes Stuti Bhargava as Chief Customer Officer

October 7, 2024 | Critical Start has appointed Stuti Bhargava as Chief Customer Officer. With over 20 years of tech industry experience, she will enhance client relationships and drive customer success initiatives.

Bhargava previously served as Chief Customer Experience Officer at OneSpan and has led customer success teams at various cybersecurity firms. “I’m excited to help Critical Start advance its mission of fostering cyber resilience,” she stated.

[Read the full article]

TeleCloud Acquired by Davenforth, Expanding Managed IT Services

October 4, 2024 | Davenforth, a family office based in Austin, has acquired Frisco-based TeleCloud and Pennsylvania’s Third Generation. This move launches a new managed IT, voice, and networking platform, servicing 21,500 users across 900 businesses.

While terms of the acquisitions were not disclosed, both companies will maintain independent operations with their existing leadership teams. “This partnership allows us to enhance our offerings and empower our team members,” said TeleCloud founder Rusty Bridges.

Davenforth aims to build a robust platform delivering exceptional cloud communication and managed services, ensuring high customer retention and satisfaction.

[Read the full article]

How GM CEO Mary Barra is Tackling Her Second Major Transformation

September 4, 2024 | Mary Barra, CEO of General Motors, is steering the company through a second major transformation: the shift from internal combustion engines to electric vehicles (EVs). Despite slowing demand for EVs, Barra remains committed to GM’s goal of going gas-free by 2035. Having led the automaker through past crises, Barra’s leadership style reflects a long-term vision, balancing customer demand with bold innovation.

[Read the full article]

Gartner Magic Quadrant Names Microsoft, SentinelOne Among EPP Leaders

October 3, 2024 | Microsoft, SentinelOne, and CrowdStrike lead Gartner’s 2024 Magic Quadrant for endpoint protection platforms (EPP). These platforms play a crucial role in safeguarding some of the most vulnerable areas in corporate networks.

EPPs protect against malware, insider threats, and breaches across various devices like PCs, servers, and mobile phones. As attacks on endpoints rise, companies increasingly adopt unified protection platforms, with EPPs becoming key for MSSPs.

[Read the full article]

Manufacturing Day 2024

October 3, 2024 | Manufacturing Day kicks off today, launching a month-long series of events across the U.S. where over 1,600 manufacturers and schools host expos, tours, and presentations aimed at inspiring the next generation of workers. Workforce challenges remain a top concern as the sector faces a need for 3.8 million new employees by 2033, with nearly half of these roles potentially going unfilled.

This year’s focus highlights Industry 4.0 and rising cyber threats. “Manufacturing still has a long way to go in securing its cyber defenses,” says Craig Jones, VP of Security Operations at Ontinue, noting the sharp increase in cyberattacks on the sector in 2024.

Through partnerships with schools, STEM career promotion, and robust training programs, Manufacturing Day provides an opportunity for the industry to not only close the labor gap but develop expertise crucial for securing its future.

[Read the full article]

Critical Start Appoints Chief Customer Officer

October 3, 2024 | Critical Start, a provider of MDR cybersecurity solutions, has appointed Stuti Bhargava as Chief Customer Officer (CCO). Bhargava, with over 20 years of experience in customer success within the tech industry, will lead efforts to enhance client relationships and service standards.

CEO Scott White highlighted Bhargava’s expertise, stating her experience will elevate customer relationships and align Critical Start’s offerings with evolving strategies.

Bhargava, previously with OneSpan, expressed her excitement about joining Critical Start, citing the importance of cybersecurity and customer success during a pivotal time for the industry.

[Read the full article]

National Manufacturing Day 2024

October 2, 2024 | Happy Manufacturing Day 2024! This annual celebration aims to inspire interest in manufacturing careers and unite organizations in tackling industry challenges. Leaders emphasize the importance of technology and innovation to overcome workforce shortages and enhance efficiency. As cyber threats rise, the need for robust cybersecurity measures in manufacturing becomes critical.

[Read the full article]

Average CISO Compensation Tops $500K

October 2, 2024 | U.S.-based chief information security officers (CISOs) now earn an average of $565K annually, with top earners surpassing $1 million. The top 1% command starting salaries of $3 million, according to a report by IANS Research and Artico Search.

Despite slower hiring, the CISO role is expanding, with responsibilities and security budgets growing. While turnover has decreased, job changes still lead to the highest pay increases.

[Read the full article]

North Korean’s Stonefly Shifts from Espionage to Ransomware, Extortion

October 2, 2024 | North Korean hacking group Stonefly has shifted from espionage to financially motivated attacks, with security experts predicting future ransomware extortion incidents. Symantec’s Threat Hunter Team revealed that Stonefly targeted three U.S. organizations in August. Though ransomware wasn’t deployed, researchers believe these attacks were financially driven.

Stonefly, linked to North Korean military intelligence, has been active since 2009, and this move follows a broader trend of state-sponsored groups engaging in ransomware for revenue generation.

[Read the full article]

Salt Typhoon Targets U.S. ISPs: A New Cyber Threat

September 27, 2024 | The China-linked group Salt Typhoon has targeted several U.S. internet service providers (ISPs) for espionage, according to Microsoft. This advanced persistent threat (APT) aims to infiltrate critical infrastructure and gather intelligence for future attacks. Experts warn that compromised ISPs could disrupt vital services and expose sensitive data.

[Read the full article]

Arkansas City Water Treatment Facility Cybersecurity Incident

September 25, 2024 | Arkansas City, Kansas, experienced a cybersecurity incident affecting its water treatment facility on September 22. The incident led to a temporary switch to manual operations, but no disruption in water services for the city’s 12,000 residents occurred.

City Manager Randy Frazer assured residents that “the water supply remains completely safe” as cybersecurity experts work to restore automated systems. The city’s swift response involved collaboration with cybersecurity professionals to maintain water safety and investigate the breach.

Cyber threats to water treatment facilities are increasing, highlighting the need for robust cybersecurity measures. Experts note that these facilities are prime targets for cybercriminals, underscoring the importance of vigilance and preparedness against potential ransomware attacks.

[Read the full article]

Feds Investigate Cyberattack on Kansas Water Treatment Facility

September 24, 2024 | The FBI and Department of Homeland Security are investigating a cyberattack on Arkansas City’s water treatment facility. City Manager Randy Frazer confirmed that the attack, which took place on September 22, involved a ransom request but did not compromise sensitive information. The facility has switched to manual operations to ensure safe drinking water during the investigation.

[Read the full article]

Target Practice: Honing Skills on Cyber Ranges

September 23, 2024 | Cyber ranges are vital for cybersecurity professionals to stay updated on threats and sharpen their skills. These simulated environments, used by governments and organizations, provide hands-on training for real-world scenarios. Recent initiatives like Ukraine’s Cyber Range UA and the U.S. Navy’s National Cyber Range exemplify the growing focus on effective cyber defense training.

[Read the full article]

N-able: Cyberattacks on Microsoft 365 Security Surge 56%

September 20, 2024 | N-able’s new report reveals a 56% rise in cyberattacks on Microsoft 365 in 2024. Surveyed MSPs reported a significant increase in disaster recovery events and a 46% uptick in offering backup services. Chris Groot from N-able emphasizes the need for ransomware-resilient architectures to combat these threats.

[Read the full article]

Critical Start Appoints New CEO as Part of Executive Transition

September 20, 2024 | Critical Start has appointed Scott White as its new CEO, succeeding founder Rob Davis, who will now serve as executive chairman. White, an experienced technology executive, aims to enhance innovation and service delivery at the leading managed detection and response (MDR) cybersecurity provider.

“I’m honored to join Critical Start and build upon the strong legacy established by Rob Davis,” White stated. His previous role as COO and CRO at DoiT International contributed to a significant growth in bookings, showcasing his capability to lead successful teams. Davis expressed confidence in White’s vision for the company, which has seen record growth this year.

[Read the full article]

TeamTNT Hackers Attacking VPS Servers Running CentOS

September 20, 2024 | The hacking group TeamTNT has launched a new attack campaign targeting VPS servers running CentOS. Known for cryptojacking and active since 2019, TeamTNT is exploiting SSH vulnerabilities to infiltrate systems.

Researchers from Group-IB report that the attackers use brute-force SSH attacks to install a malicious script that disables security features, modifies system files, and removes cryptocurrency mining processes. The script also deploys the Diamorphine rootkit to enable covert control and persistence on compromised hosts.

Security experts warn that TeamTNT’s focus on CentOS, especially outdated versions like CentOS 7, highlights the importance of securing cloud infrastructures and applying the latest patches.

[Read more]

Zero-Click Vulnerabilities in macOS Calendar Risk iCloud Data Exposure

A series of macOS vulnerabilities in the Calendar app exposed iCloud data by bypassing security features like Gatekeeper and TCC. Researcher Mikko Kenttälä discovered the flaws, which allowed remote code execution (RCE) without user interaction. The exploit chain, rated as high as 9.8 on the CVSS scale, enabled attackers to access sensitive data, including iCloud Photos. Apple has since patched the vulnerabilities.

[Read the full article]

Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data

September 18, 2024 | A zero-click vulnerability chain in macOS allowed attackers to bypass security features like Gatekeeper and TCC, exposing sensitive iCloud data, including photos. Researcher Mikko Kenttälä discovered the flaw by exploiting a file sanitization issue in Calendar invites, which enabled remote code execution (RCE) without user interaction.

Apple has since patched the vulnerabilities, but this incident highlights ongoing risks to macOS security.

[Read the full article]

Closing the Gap Between Cyber Risk Strategy and Execution

September 18, 2024 | A recent Cyber Risk Peer Benchmarking Report from Critical Start reveals a disconnect between strategy and execution in cyber risk management. While 91% of organizations recognize the importance of a strong cyber risk strategy, many struggle with execution, especially as they grow larger. Key challenges include poor asset visibility, delayed vulnerability remediation, and ineffective risk measurement.

Cybersecurity workforce shortages further magnify the issue, but with data-driven decisions and benchmarking insights, organizations can bridge the gap and enhance cyber resilience.

[Read the full article]

Four Ways to Stay Ahead of the Ransomware Threat

September 18, 2024 | Ransomware groups like LockBit, Play, and BlackBasta are behind 40.54% of attacks in 2024. Defenders need to adapt to evolving tactics. Key strategies include securing Windows and Linux systems, enhancing endpoint detection, patching vulnerabilities, and strengthening supply chains. As these groups grow more organized, security teams must focus on rapid response and proactive defense to stay ahead.

[Read the full article]

Critical Start Appoints Scott White as Chief Executive Officer

September 17, 2024 | Critical Start, a leader in Managed Detection and Response (MDR) cybersecurity solutions, has appointed Scott White as the new Chief Executive Officer. White, an experienced technology executive, joins from DoiT International, where he led substantial growth. Rob Davis, Critical Start’s Founder, will serve as Executive Chairman and continue supporting the company’s mission to prevent breaches and business disruption.

White expressed excitement about building on the company’s strong foundation, while Davis expressed confidence in White’s leadership to drive continued success.

[Read the full article]

GitLab Fixes Critical Pipeline Vulnerability

September 17, 2024 | GitLab has released security updates for 17 vulnerabilities, including a critical flaw (CVE-2024-6678) with a CVSS score of 9.9/10. This bug allows attackers to run pipeline jobs as any user, risking unauthorized code deployment and data tampering. Security experts warn of potential privilege escalation and software supply chain compromise if left unpatched. Immediate patching, along with stricter access controls and continuous monitoring, is crucial to mitigate these risks.

[Read the full article]

Tapping Into Asset Visibility for Enhanced MDR Outcomes

September 16, 2024 | Asset visibility is key to improving Managed Detection and Response (MDR) outcomes. Incomplete asset inventories leave organizations vulnerable to cyber threats. Experts highlight the need for continuous asset monitoring, unified inventory systems, and prioritizing remediation efforts based on asset criticality for effective endpoint security.

[Read the full article]

CISA Alerts Federal Agencies to Urgent Microsoft Vulnerabilities

Sept 12, 2024 | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning, urging U.S. federal agencies to patch four high-risk Microsoft vulnerabilities by the end of the month. These include CVE-2024-38226, CVE-2024-43491, CVE-2024-38014, and CVE-2024-38217, which are actively being exploited. Experts emphasize the urgency of addressing these vulnerabilities, especially in critical sectors like healthcare, finance, and government.

[Read the full article]

Hackers Have Sights Set on Four Microsoft Vulnerabilities, CISA Warns

Sept 11, 2024 | U.S. federal civilian agencies have until the end of September to patch four critical Microsoft vulnerabilities, now being actively exploited. The bugs — CVE-2024-38226, CVE-2024-43491, CVE-2024-38014, and CVE-2024-38217 — impact popular Microsoft tools like Windows Installer and Publisher.

Randy Watkins, CTO at Critical Start, stressed that failing to address these issues could result in severe data breaches and downtime. Experts warn that these flaws are part of multi-stage attack chains, posing a major risk to industries like healthcare, finance, and government.

[Read the full article]

Lazarus Targets Developers with Sophisticated Coding Test Scam

Sept 11, 2024 | The North Korean hacking group Lazarus has launched a new campaign targeting developers through fake coding tests. Posing as recruiters from prominent firms like Capital One, they lure victims via LinkedIn, tricking them into executing malicious code hidden in altered Python modules.

This campaign represents an evolution in Lazarus’ tactics, moving beyond financial institutions to target developer environments. Experts urge developers to implement Zero Trust principles, rigorous code reviews, and use sandbox environments to defend against this growing threat.

[Read the full article]

Despite cyberattacks, water security standards remain a pipe dream

September 9, 2024 | U.S. water systems are facing rising cyber threats from China, Russia, and Iran. While no major impacts have occurred yet, experts warn that outdated operational technology (OT) leaves water infrastructure highly vulnerable. Despite these risks, attempts to implement cybersecurity standards have faced legal challenges, leaving this critical sector exposed.

[Read the full article]

New Vulnerability Exposes YubiKey 5 Devices to Cloning Attacks

Sept 05, 2024 | A vulnerability known as “Eucleak” puts YubiKey 5 devices with firmware below 5.7 at risk of cloning attacks. The flaw, discovered by NinjaLabs, allows attackers to steal ECDSA private keys, account data, and PINs through side-channel exploitation of the Infineon cryptographic library. Experts urge immediate firmware updates and stronger security practices to mitigate the risk.

[Read the full article]

Planned Parenthood Confirms Cyberattack by RansomHub

Sept 05, 2024 | Planned Parenthood has confirmed a cyberattack on its Montana organization, forcing parts of its IT infrastructure offline. The RansomHub ransomware gang, which claimed responsibility, threatened to leak 93 GB of stolen data if demands are unmet within six days.

Attempts to reach Planned Parenthood’s headquarters were unsuccessful. The size of the ransom is unknown, and it remains unclear if Planned Parenthood plans to negotiate.

This attack comes amid heightened attention on abortion rights, particularly in light of Montana’s upcoming statewide vote on adding abortion rights to its constitution.

[Read the full article]

VMware ESXi Flaw Leveraged by BlackByte Ransomware

Sept 05, 2024 | The BlackByte ransomware group has been exploiting a new VMware ESXi vulnerability (CVE-2024-37085) for authentication bypass attacks. This shift highlights their ability to adapt quickly to emerging threats, targeting enterprise infrastructures with high-impact ransomware campaigns. Experts stress the need for timely patches, multi-factor authentication, and stronger access controls to mitigate risks.

[Read the full article]

EPSS and Vulnerability Management: New Scoring System Shows Promise

Sept 04, 2024 | The Exploit Prediction Scoring System (EPSS) helps organizations prioritize vulnerabilities by predicting their likelihood of exploitation. A study shows that EPSS, used with other inputs like CVSS scores, improves vulnerability remediation. With EPSS, companies can better address vulnerabilities based on actual threat activity, reducing wasted efforts and focusing on the most critical risks.

[Read the full article]

Cyber Threats That Shaped H1 2024

Sept 02, 2024 | In the first half of 2024, cybercrime surged across industries, with ransomware and database leaks hitting Manufacturing and Industrial Products the hardest. Healthcare saw a 180% spike in attacks, while Professional Services reported a 15% increase. In contrast, technology firms saw a slight decrease in incidents. Business Email Compromise (BEC), deepfakes, and attacks exploiting open-source repositories also grew, signaling the need for stronger cybersecurity defenses.

[Read the full article]

Cyber Threats in H1 2024

August 30, 2024 | Critical Start’s Cyber Research Unit analyzed over 3,400 high-risk alerts and 4,600 reports across 24 industries. Key findings:

  • Manufacturing: Top target with 377 ransomware and data leaks.
  • Professional Services: Attacks up by 15%, especially in legal sectors.
  • Healthcare: 180% surge in February 2024.
  • Technology: 12.75% decrease in attacks.

Emerging threats include a 3,000% rise in deepfake fraud and increasing abuse of open-source repositories.

[Read the full report]

BlackByte Targets Vulnerable VMware ESXi Instances

August 29, 2024 | The BlackByte ransomware group, believed to have branched off from Conti, is exploiting a newly discovered VMware ESXi authentication bypass flaw (CVE-2024-37085), as reported by Cisco Talos Incident Response. This marks a significant shift in their tactics, moving from traditional methods to leveraging this fresh vulnerability.

According to experts from BlueVoyant and Critical Start, this adaptation could make BlackByte’s attacks more effective and difficult to anticipate. The flaw, recently added to CISA’s Known Exploited Vulnerabilities catalog, is now a key focus for cybersecurity defenders as it resembles tactics used in advanced persistent threat operations.

[Read more on BlackByte’s evolving tactics]

BlackByte Exploits VMware ESXi Authentication Flaw

August 29, 2024 | The BlackByte ransomware group, believed to have splintered from Conti, is exploiting a newly disclosed VMware ESXi authentication bypass flaw (CVE-2024-37085). According to Cisco Talos Incident Response, this marks a significant shift in BlackByte’s tactics, moving away from their usual methods like credential theft and web shells.

Experts, including BlueVoyant’s Austin Berglas and Critical Start’s Callie Guenther, note that this pivot to exploiting fresh vulnerabilities could make BlackByte’s attacks more unpredictable and challenging to defend against. The flaw was recently added to CISA’s Known Exploited Vulnerabilities catalog, signaling its serious potential for widespread abuse.

[Read more on evolving cyber threats]

Key Cyber Threats in H1 2024: Ransomware, Data Leaks, and Evolving Attack Methods

August 29, 2024 | BlackByte, likely a Conti spin-off, is now exploiting a newly disclosed VMware ESXi vulnerability (CVE-2024-37085). This allows attackers to gain full control over virtual machines, marking a shift from BlackByte’s traditional methods. Cisco Talos Incident Response reports that BlackByte’s rapid integration of this vulnerability shows their evolving tactics.

Experts like Callie Guenther at Critical Start stress the critical nature of this threat, particularly as ESXi hypervisors are integral to many enterprises. BlackByte’s new techniques include using outdated drivers to bypass security tools, making detection difficult.

Defenders must quickly patch systems, monitor access, and implement multi-factor authentication to counteract these sophisticated attacks.

[Read the full report]

Over 3,400 High-Risk Cyber Alerts in Early 2024

August 28, 2024 | The first half of 2024 recorded over 3,438 high-risk cyber alerts, with a 46.15% rise in U.S. attacks. Critical sectors like manufacturing and healthcare remain primary targets, with ransomware incidents increasing significantly. Experts warn that trends like double extortion tactics and deepfake fraud are on the rise, emphasizing the need for robust security measures.

[Read the full article]

BlackByte Ransomware Group Targets VMware ESXi Bug

August 28, 2024 | The BlackByte ransomware group is exploiting a new authentication bypass vulnerability in VMware ESXi, signaling a shift from their traditional tactics. Researchers at Cisco Talos reported that BlackByte, believed to be an offshoot of the Conti gang, typically uses vulnerable drivers and legitimate tools to bypass security.

The newly exploited bug, CVE-2024-37085, was recently added to CISA’s Known Exploited Vulnerabilities catalog. This marks a departure from BlackByte’s usual methods, which included phishing and credential stuffing.

Austin Berglas of BlueVoyant noted that the exploitation of this vulnerability requires more persistence, indicating a deeper attack strategy that seeks to gain administrative access rather than just initial entry.

Callie Guenther of Critical Start emphasized the importance of targeting VMware ESXi, as it underpins many enterprise applications. “This shift shows their willingness to adopt cutting-edge methods, increasing the pressure on victims to pay the ransom,” she said.

[Read the full article]

Cisco: BlackByte Ransomware Only Posts 20% to 30% of Successful Attacks

August 28, 2024 | The BlackByte ransomware gang is revealing only a small portion of its successful attacks, according to Cisco Talos researchers. They estimate that the group posts extortion notices for just 20% to 30% of its breaches.

In 2023, BlackByte listed 41 victims but has disclosed only three so far in 2024, raising questions about its lack of transparency despite increased activity.

BlackByte has been linked to high-profile attacks on local governments and organizations like the San Francisco 49ers. Cisco Talos noted that the group is rapidly evolving, often exploiting newly disclosed vulnerabilities, such as CVE-2024-37085 in VMware ESXi software.

Researchers highlight the Ransomware-as-a-Service (RaaS) model’s flexibility, allowing BlackByte to quickly adapt and counter cybersecurity defenses.

[Read the full article]

CriticalStart® Unveils Mid-Year Cyber Threat Intelligence Report

August 26, 2024 | Critical Start has released its Cyber Threat Intelligence Report for the first half of 2024, revealing that manufacturing and industrial sectors are the most targeted by cybercriminals. The report highlights alarming trends, including a 3,000% increase in deepfake attacks and a projected 15% annual growth in global cybercrime, expected to reach $10.5 trillion by 2025.

Key findings include:

  • Manufacturing: 377 confirmed ransomware and database leak incidents.
  • Professional Services: 15% increase in attacks, with 351 reported cases.
  • Healthcare: 180% surge in incidents, particularly following the Change Healthcare attack.
  • Engineering and Construction: 46.15% rise in attacks in the U.S.
  • Technology: 12.75% decrease in attacks compared to H1 2023.

Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, emphasizes the importance of strong security strategies, including Managed Detection and Response (MDR) solutions, to mitigate these evolving threats.

[Read the full article]

Manufacturing: The Most Targeted Industry for Cybercrime in 2024

August 26, 2024 | Critical Start’s latest Cyber Threat Intelligence Report reveals that manufacturing remains the top target for cybercrime in the first half of 2024, with 377 confirmed ransomware and database leak incidents. The report indicates a 15% annual increase in global cybercrime, projected to reach $10.5 trillion by 2025.

Key findings include a 15% rise in cyberattacks on professional services and a staggering 180% increase in healthcare incidents. Despite a 12.75% decrease in tech-related attacks, the overall threat landscape remains concerning. Experts emphasize the need for robust Managed Detection and Response (MDR) solutions to mitigate risks effectively.

[Read the full article]

Rising Cyber Threats in 2024: Critical Start’s Report Insights

August 26, 2024 | Critical Start’s latest report highlights a 15% annual increase in global cybercrime, expected to reach $10.5 trillion by 2025. In the first half of 2024, over 3,400 high-risk alerts and 4,600 ransomware incidents were reported, with manufacturing and healthcare being the most affected sectors.

Experts urge organizations to enhance their cybersecurity strategies in response to these evolving threats.

[Read the full article]

AI-Driven Part Detection for Machine Tending Cobots

August 26, 2024 | Universal Robots (UR) is embracing AI with its new machine tending solution, enhancing batch changeovers by eliminating fixtures. A recent survey of 1,200 manufacturers revealed that over 50% are now integrating AI and machine learning into production processes.

“AI isn’t just hype,” says Ujjwal Kumar, Group President of Teradyne Robotics. UR’s advancements include AI-based perception capabilities running on NVIDIA Jetson, enabling dynamic path planning for efficient, collision-free operation. Additionally, UR has launched enhanced Care Service Plans for preventive maintenance and performance monitoring, showcasing its commitment to service excellence.

[Read the full article]

Which Industries Face the Most Cyber-attacks?

August 23, 2024 | A new report from Critical Start reveals alarming trends in ransomware and database leaks, particularly affecting manufacturing, healthcare, and professional services. The Cyber Threat Intelligence Report highlights that manufacturing remains the top target, with 377 confirmed attacks in H1 2024.

Healthcare and life sciences saw a staggering 180% increase in breaches, and professional services experienced a 15% rise in ransomware incidents. Emerging threats such as Business Email Compromise are shifting focus to smaller businesses, while deepfake fraud attempts surged by 3,000%.

Experts stress the need for organizations to bolster their cybersecurity strategies in this rapidly evolving threat landscape.

[Read the full article]

Manufacturing and Industrial Products Most Targeted by Cybercriminals

August 23, 2024 | The Critical Start Cyber Threat Intelligence Report reveals that Manufacturing and Industrial Products faced the highest number of cyberattacks in H1 2024, with 377 ransomware and database leak incidents. The report highlights a 180% surge in healthcare breaches and emerging threats like Business Email Compromise targeting smaller firms and a staggering 3,000% increase in deepfake fraud attempts. Experts emphasize the need for robust cybersecurity strategies to mitigate these risks.

[Read the full article]

Rise in Cyberattacks Across Multiple Industries

August 23, 2024 | The Critical Start Cyber Intelligence Report reveals that the manufacturing and healthcare sectors are the most targeted industries for cyberattacks in early 2024. The report analyzed over 4,600 ransomware and data leak incidents across 24 industries worldwide.

Manufacturing led the way in threats, while healthcare experienced a staggering 180% increase in data breaches compared to last year. Additionally, business email compromise is shifting focus from large corporations to smaller businesses, and deepfake fraud has surged by 3,000%. “With increasingly sophisticated threats, organizations must prioritize a robust security culture and strategy,” advises Callie Guenther, senior manager of cyberthreat research at Critical Start.

[Read the full article]

Over 3,400 High and Critical Cyber Alerts Recorded in H1 2024

August 22, 2024 | Critical Start’s Cyber Research Unit reported over 3,438 high and critical cyber alerts in the first half of 2024, with the U.S. seeing a 46.15% rise in attacks compared to 2023. Manufacturing remains the most targeted sector, with 377 confirmed ransomware and data leak incidents.

Key Findings:

  • Professional Services: 15% increase in attacks, totaling 351 incidents.
  • Healthcare: Ransomware and database leaks surged by 180% in February, linked to major provider breaches.
  • Technology: 12.75% decrease in attacks.

Experts warn that breaches will likely rise, particularly in healthcare and critical infrastructure. Emerging threats include a shift toward smaller businesses in business email compromise (BEC) attacks, a 3,000% increase in deepfake fraud attempts, and abuse of open-source repositories.

To combat these threats, organizations are advised to implement zero-trust security models and enhance real-time threat intelligence.

[Read the full article]

Manufacturing Is the Most Targeted Sector by Cybercriminals

August 22, 2024 | Critical Start’s latest Cyber Threat Intelligence Report reveals manufacturing as the most targeted industry, with 377 ransomware and data leak incidents in H1 2024.

Key findings include:

  • Healthcare: Ransomware incidents surged by 180% in February.
  • Engineering and Construction: Attacks increased by 46%.
  • Professional Services: A 15% rise in attacks reported.
  • Technology: Experienced a 12.75% decrease in incidents.

Experts urge organizations to adopt robust cybersecurity measures, emphasizing network segmentation and zero-trust architectures to mitigate risks.

[Read the full article]

Cyberthreat Report from Critical Start Shows Significant Uptick in Ransomware and Data Leaks

August 22, 2024 | A new report from Critical Start reveals a worrying rise in cyberattacks, particularly targeting healthcare and manufacturing in the first half of 2024. The Cyber Intelligence Report highlights that manufacturing topped the list with 377 confirmed ransomware and database leak incidents.

Healthcare and life sciences experienced a staggering 180% increase in breaches, while professional services reported a 15% rise in attacks. Interestingly, the engineering and construction sectors saw a 46% uptick in incidents, though technology companies noted a surprising 13% decrease in attacks.

Emerging threats include a shift in Business Email Compromise (BEC) tactics towards smaller businesses and a dramatic 3,000% rise in deepfake fraud attempts. Experts emphasize the importance of robust security strategies to counteract these evolving threats.

[Read the full article]

CRITICALSTART Unveils Mid-Year Cyber Threat Intelligence Report Highlighting Key Threats Disrupting Businesses

August 22, 2024 | Critical Start’s latest Cyber Threat Intelligence Report reveals significant threats in the first half of 2024, emphasizing manufacturing as the most targeted sector. The report highlights 377 confirmed ransomware and database leak incidents, alongside a 15% increase in attacks on professional services and a 180% surge in healthcare-related breaches.

Callie Guenther, Senior Manager of Cyber Threat Research, stresses the importance of a robust security strategy, noting the rising sophistication of cyber threats. The report also points to alarming trends, such as the 3,000% increase in deepfake fraud attempts and the targeting of smaller businesses by Business Email Compromise (BEC) scammers.

For ongoing updates on cyber threats, follow the Critical Start Intelligence Hub.

[Read the full article]

CRITICALSTART Releases Mid-Year Report on Major Cyber Threats Disrupting Businesses

August 22, 2024 | Critical Start’s latest Cyber Threat Intelligence Report reveals manufacturing as the top target for cybercriminals in the first half of 2024. The report shows a rise in ransomware and database leaks, with manufacturing experiencing 377 confirmed incidents. Healthcare saw a 180% surge in attacks, while professional services faced a 15% increase. The report underscores the urgent need for organizations to enhance their cybersecurity measures amid escalating threats.

[Read the full article]

Manufacturing the Number One Target for Cyber Criminals

August 22, 2024 | New cyber threat intelligence reports reveal that manufacturing is the most targeted industry for cyber threats. Critical Start’s Cyber Threat Intelligence Report indicates nearly 400 confirmed ransomware and database leak incidents in the first half of 2024, with attacks exploiting supply chain vulnerabilities.

A recent attack on Crown Equipment disrupted operations, highlighting the industry’s risk. Phishing remains the most common attack method, as seen in the $60 million loss suffered by European chemical maker Orion SA due to a phishing scheme.

IBM X-Force’s 2024 report corroborates these findings, stating manufacturing has been the most targeted sector in Asia Pacific for two consecutive years, accounting for over a quarter of all security incidents. Experts stress the importance of robust cybersecurity measures as a competitive advantage in the manufacturing sector.

[Read the full article]

Critical Start Pinpoints Most Targeted Industries for Cyberattacks

August 22, 2024 | Critical Start’s latest report highlights manufacturing as the most targeted sector for cyberattacks in H1 2024. The Cyber Research Unit analyzed thousands of alerts and reports, revealing a 15% annual growth in global cybercrime, projected to reach $10.5 trillion by 2025. Key findings include significant increases in attacks on healthcare and professional services, with experts urging organizations to adopt proactive cybersecurity measures.

[Read the full article]

Critical Start Equips MSSPs and MSPs with Advanced Cyber Threat Intelligence

August 22, 2024 | Cybercrime is projected to grow 15% annually, reaching $10.5 trillion by 2025. Critical Start’s latest Cyber Threat Intelligence Report reveals key trends from H1 2024, focusing on advanced persistent threats and new attack techniques. MSSPs and MSPs can leverage these insights to strengthen client defenses, especially in targeted sectors like manufacturing, healthcare, and professional services.

[Read the full report]

Manufacturing and Industrial Sectors Most Targeted by Cyberattacks in 2024

August 22, 2024 | A report from Critical Start reveals that manufacturing and industrial products were the top targets for cyberattacks in the first half of 2024, with 377 confirmed ransomware and database leak incidents. The report, based on 3,438 high-risk alerts, also highlights a 180% surge in healthcare attacks and a 3,000% increase in deepfake fraud attempts.

[Read the full report]

Manufacturing Leads in Cyberattacks for 2024

August 22, 2024 | A new report by Critical Start reveals manufacturing is the top target for cyberattacks in 2024, with 377 confirmed incidents. Healthcare saw a 180% spike in ransomware and data leaks, while deepfake fraud attempts surged by 3,000%. The report highlights a shift in business email compromise attacks towards smaller businesses and growing threats from open-source software repositories.

[Read the full report]

Authentication Bypass Discovered in Microsoft Entra ID

August 21, 2024 | A vulnerability in Microsoft Entra ID (formerly Azure AD) allows attackers to bypass security measures via the pass-through authentication (PTA) agent. This could enable unauthorized access to any synchronized Active Directory user, potentially escalating privileges to that of a Global Administrator.

Experts, including Sarah Jones from Critical Start, highlight the need for organizations to tighten security around PTA agent servers and enforce strong password policies and multi-factor authentication to mitigate these risks. As Tal Mandel Bar from DoControl notes, this vulnerability illustrates how cloud identity services can become prime targets, emphasizing the importance of robust SaaS security measures.

[Read the full article]

TLS Bootstrap Attack Exposes Azure Kubernetes Services Cluster

August 20, 2024 | A newly discovered bug in Microsoft Azure Kubernetes Services (AKS) could allow attackers with pod access to escalate privileges and access sensitive credentials. Mandiant’s research indicates that exploiting this vulnerability may lead to data theft and financial loss.

An attacker with command execution rights in a Kubernetes pod could download cluster provisioning configurations, extract TLS bootstrap tokens, and execute a TLS Bootstrap Attack, potentially reading all secrets within the cluster.

Experts highlight the risk of malicious insiders attempting to access unauthorized application secrets. While Microsoft has issued a patch, security teams must audit AKS configurations, rotate Kubernetes secrets, and enforce strict security policies.

[Read the full article]

Azure Kubernetes Bug Exposes Cluster Secrets

August 20, 2024 | A critical vulnerability in Microsoft’s Azure Kubernetes Service (AKS) allows attackers with pod access to obtain sensitive credentials. Mandiant reported that this flaw can enable data theft and malicious actions within affected clusters.

Security experts urge organizations to audit their AKS configurations, enforce strict security policies, and rotate Kubernetes secrets immediately to mitigate risks.

[Read the full article]

Critical Start Launches Vulnerability Management Service

August 16, 2024 | Critical Start has introduced its Vulnerability Management Service (VMS) and Vulnerability Prioritization, designed to help organizations manage and reduce cyber risk exposure. Leveraging a collaboration with Qualys, the managed service offers comprehensive vulnerability assessment, prioritization, and reduction, focusing on high-risk vulnerabilities through expert analysis and contextualized reporting.

[Read the full article]

Microsoft and CrowdStrike Outage: Lessons for Tech Professionals

August 15, 2024 | A recent outage affecting 8.5 million Microsoft Windows machines stemmed from a flawed CrowdStrike software update, raising concerns about vendor reliance in IT services. The incident, which began on July 19, left users and businesses paralyzed as systems crashed, necessitating a major recovery effort from both companies.

The outage highlights the importance of cyber resilience, as experts stress the need for organizations to diversify their vendor ecosystems to avoid single points of failure. Raju Chekuri, CEO of Netenrich, emphasized that building cyber resilience isn’t just about security—it’s about ensuring systems can recover effectively after a failure.

This incident serves as a wake-up call for tech professionals to prioritize thorough testing and cautious rollout of software updates, balancing automation with human oversight.

[Read the full article]

Critical Start Delivers Vulnerability Management Service and Vulnerability Prioritization Powered by Qualys VMDR

August 15, 2024 | Critical Start has launched its Vulnerability Management Service (VMS) and Vulnerability Prioritization, essential components of its Managed Cyber Risk Reduction strategy. These offerings empower organizations to effectively manage, prioritize, and reduce cyber risk from vulnerabilities.

By leveraging Qualys VMDR, Critical Start’s fully managed service offloads the operational burden of vulnerability management, providing comprehensive scanning, monitoring, and reporting. Customers receive expert analysis and actionable insights, enabling them to focus on the vulnerabilities that pose the highest risk to their environment.

[Read the full article]

MSSP Market News: Critical Start Launches Vulnerability Management Service

August 15, 2024 | MSSP Alert brings you the latest updates from the MSSP, MSP, and cybersecurity sectors. Today, the spotlight is on Critical Start, Qualys, Skyhigh Security, Everfox, and more.

  1. Critical Start Offers Vulnerability Management, Prioritization: Critical Start, known for its managed detection and response (MDR) services, has launched the Critical Start Vulnerability Management Service (VMS) and Vulnerability Prioritization. This new service, in partnership with Qualys, enables organizations to assess, manage, and reduce cyber risk by prioritizing vulnerabilities.

[Read the full article]

Ransomware Group Behind Major Indonesian Attack: Many Masks, Little Sophistication

August 14, 2024 | The ransomware group Brain Cipher gained attention after a major attack on Indonesian government services. On June 20, their operation disrupted national systems, leading to significant delays for ferry bookings and passport checks. Under pressure, they abandoned their $8 million ransom demand and released a free decryptor.

Researchers from Group-IB linked Brain Cipher to at least three other groups, indicating a lack of sophistication. Their malware is based on the leaked Lockbit 3.0 builder, and their ransom notes are clear but ineffective, as they failed to leak data from most victims. The use of multiple identities allows them to evade detection and complicate investigations.

[Read the full article]

Critical Start Cyber Range Revolutionizes Cybersecurity Training

August 13, 2024 | Critical Start has launched the Cyber Range, a free feature of its Critical Start Cyber Operations Risk & Response™ (CORR) Platform. This virtual environment simulates real-world cyber threats, allowing organizations to train their cybersecurity teams and evaluate new security products without risking their infrastructure.

Chris Carlson, Chief Product Officer at Critical Start, stated, “Our Cyber Range provides a safe space for companies to engage in realistic scenarios that prepare them for real-world cyber challenges.”

Key features include customizable simulations, product emulation, MITRE ATT&CK® Matrix integration, and flexible training options. The Cyber Range offers significant benefits like enhanced training, risk-free testing, and accelerated onboarding.

“The Cyber Range is a game-changer for cybersecurity training and evaluation,” added Carlson. For more information, visit the Critical Start website.

[Read the full article]

CyberTech Experts Address Cybersecurity Gaps in New MDR Report

August 13, 2024 | Cybersecurity leaders are grappling with a surge in attacks in 2024, highlighting the pressing need for proactive measures. A recent report by Critical Start reveals that 86% of professionals cite unknown cyber risks as their top concern, up 22% from last year. Misalignment between cybersecurity investments and risk priorities remains a significant challenge, with 66% of companies lacking visibility into their cyber risk profiles.

Experts, including Chris Morales (Netenrich) and Randy Watkins (Critical Start), stress the importance of Managed Detection and Response (MDR) solutions in enhancing threat detection and response capabilities. As cyber threats evolve, organizations must shift from traditional prevention methods to a resilient approach that includes continuous monitoring and rapid incident response.

[Read the full article]

Channel News You Can’t Afford to Miss: This Week’s Biggest Headlines for MSPs

August 9, 2024 | Stay competitive with ChannelPro’s roundup of essential updates. This week’s highlights include Microsoft’s new partner benefits, Sophos’ ransomware findings, and Arctic Wolf’s expanded Cyber JumpStart Portal. Discover the latest tech advancements, strategic partnerships, and security innovations shaping the MSP landscape.

[Read the full article]

SEC Takes No Action on Progress Software for MOVEit Transfer Case

August 9, 2024 | The SEC has decided not to recommend enforcement action against Progress Software for the MOVEit Transfer vulnerability that affected 95 million people. The decision follows Progress’s cooperation and timely disclosure of the breach, which was exploited by the Clop ransomware gang in May 2023. The SEC’s decision signals a focus on companies’ proactive measures rather than punitive actions in cases of zero-day exploits.

[Read the full article]

Critical Start Launches Cyber Range for Real-World Cybersecurity Training

August 7, 2024 | Critical Start has unveiled its Cyber Range, a virtual environment simulating real-world cyber threats. This free platform, part of the Critical Start Cyber Operations Risk & Response™ (CORR) Platform, allows organizations to safely train their cybersecurity teams, test new security products, and evaluate their cyber readiness without risking their actual infrastructure.

[Read the full article]

Five Ways to Defend Against VMware ESXi Server Attacks

August 7, 2024 | A recent surge in attacks targeting VMware ESXi servers, exploiting the critical CVE-2024-37085 vulnerability, has highlighted the need for stronger defenses. Ransomware groups like Storm-0506 and Octo Tempest have used this flaw to gain administrative access, encrypting virtual machines and disrupting operations. To protect against these threats, organizations should:

  1. Apply patches and updates rapidly.
  2. Strengthen access controls with multifactor authentication.
  3. Conduct regular security audits.
  4. Implement network segmentation.
  5. Develop robust incident response plans.

Staying proactive is key to defending against these evolving threats.

[Read the full article]

Cyber Risk Landscape Peer Report: 4 Action Items for Your Organization

August 6, 2024 | Traditional security tools are falling short in today’s complex threat landscape. The 2024 Critical Start Cyber Risk Landscape Peer Report reveals that 83% of cybersecurity pros experienced a data breach in the past two years, despite having standard protections. Here’s how your organization can take action:

  1. Align Costs with Risk: 84% of security pros report that cost is prioritized over risk reduction. Shift focus to align cybersecurity investments with quantifiable risk-reduction priorities.
  2. Manage Outsourced Risks: While outsourcing cyber-risk workstreams is common, it can create control gaps. Use a blended approach, keeping some expertise in-house to mitigate these risks.
  3. Modernize Security Tools: Traditional threat-based systems struggle with emerging threats. Invest in tools that offer deeper context and adapt to evolving tactics.
  4. Improve Visibility: Only 29% of organizations have full visibility into their assets. Enhance asset management to better protect against unknown threats.

[Explore the full report]

Critical Start: 86% of Cyber Pros Worried About Unknown Risks

August 6, 2024 | Critical Start’s latest Cyber Risk Landscape Peer Report reveals that 86% of cybersecurity professionals now view unknown cyber risks as a top concern—up 17% from last year. The report emphasizes the need for businesses to adopt proactive risk management strategies and highlights ongoing challenges such as limited visibility into risk profiles and misalignment between cybersecurity investments and risk priorities.

[Read the full report]

Malware-as-a-Service: A Lucrative Opportunity for Hackers

August 06, 2024 | A new report by Darktrace reveals the rising threat of Malware-as-a-Service (MaaS), which has seen significant growth due to its low entry barriers and subscription-based model. MaaS tools enable even novice attackers to launch effective cyberattacks with pre-packaged malware. The report highlights the continued success of older malware strains and the increasing use of “double extortion” tactics, where attackers encrypt and steal data to force higher ransoms. Organizations must adopt multi-layered security strategies and stay current with patches to combat these evolving threats.

[Read the full article]

Linux Exploit SLUBStick Grants Full Memory Access

August 06, 2024 | Researchers have unveiled a new Linux kernel exploit technique called SLUBStick. This method elevates a limited heap vulnerability into an arbitrary memory read/write capability, achieving a 99% success rate in cross-cache attacks. SLUBStick manipulates page tables, granting attackers full memory access. Tested on Linux kernel versions 5.19 and 6.2, the exploit poses a serious threat to systems still using these outdated versions. Experts advise immediate patching and robust security measures to mitigate risks.

[Read the full article]

86% of Cyber Pros Name Unknown Risks as Top Concern

August 6, 2024 | A new Critical Start report reveals that 86% of cybersecurity professionals now view unknown risks as a top concern—a 17% increase from last year. Despite traditional security measures, 83% experienced a breach. The study also found that 81% of organizations plan to prioritize proactive risk reduction strategies.

[Read the full report]

Peer Report from Critical Start Explores Cyber Risk Landscape

August 5, 2024 | Critical Start’s second annual Cyber Risk Landscape Peer Report reveals that 86% of cybersecurity professionals now see unknown cyber risks as their top concern—up 17% from last year. The report highlights the need for proactive risk management, as traditional security measures are proving inadequate. Key findings include:

  • Cyber Breaches on the Rise: 83% of professionals reported breaches despite existing security measures.
  • Growing Expertise Gap: 50% cite a lack of cyber expertise as a challenge, up from 37% last year.
  • Proactive Measures: 99% plan to adopt managed cyber risk reduction solutions to stay ahead of threats.

Randy Watkins, CTO at Critical Start, emphasizes the importance of data-driven insights and proactive strategies, noting that traditional security measures alone are no longer sufficient.

[Read the full report]

86% of Firms Identify Unknown Cyber-Risks as Top Concern

August 5, 2024 | A recent report reveals that 86% of firms are most concerned about unknown cyber-risks. Despite using traditional security measures, 83% experienced breaches, while 66% lack visibility into their cyber-risk profiles. To combat this, 99% plan to adopt managed cyber risk reduction solutions, focusing on proactive strategies like continuous monitoring and threat intelligence integration.

[Read the full report]

Mentorship advances security careers

August 2, 2024 | Security leaders agree: finding a mentor is crucial for career growth. Key traits include curiosity, continuous learning, and clear communication.

“Stay curious and ask questions,” says Jordan Avnaim, CISO at Entrust. John Anthony Smith of Conversant Group emphasizes skepticism: “Question all stated truths.”

George Jones, CISO at Critical Start, highlights the need for translating technical issues for executives.

Mentorship builds skills, networks, and opportunities. It benefits both mentors and mentees, fostering mutual growth.

“Good mentorship is bidirectional,” says Avnaim. Networking within your organization or at industry events can help you find a mentor.

“Relationships develop over time,” assures Avnaim. Mentorship enriches careers and strengthens the security industry.

[Read the full article]

North Korean Hacker Attempts to Infiltrate KnowBe4

August 1, 2024 | KnowBe4 revealed a North Korean hacker tried to infiltrate its systems using a stolen identity and AI-enhanced image. The hacker secured a job, passed background checks, and attempted to load malware onto a company device. The SOC quickly contained the device, preventing a breach.

Security Leaders React:

Stephen Kowski, SlashNext: “State-sponsored attackers are creating convincing fake identities. We need better vetting, constant monitoring, and collaboration across HR, IT, and security teams.”

Piyush Pandey, Pathlock: “Continuous monitoring and strict access controls are crucial to detect and respond to suspicious activities.”

Callie Guenther, Critical Start: “Companies must scrutinize resumes, verify identities, and monitor for unusual behavior to counter sophisticated threats.”

John Bambenek, Bambenek Consulting: “Ensuring employee and contractor security has always been challenging. Vigilant monitoring and identifying bad actors upfront are essential.”

[Read the full article]

RoguePuppet software supply chain exposure: Lessons learned

July 30, 2024 | Security researcher Adnan Khan discovered a flaw in Puppet Forge, dubbed RoguePuppet, allowing anyone with a GitHub account to push official modules. This exposure could have caused significant damage if exploited.

Key Lessons:

  1. Scope of Exposure: Malicious actors could modify any module.
  2. CI/CD Misconfiguration: Due to a GitHub Actions misconfiguration.
  3. Continuous Monitoring: Regular CI/CD checks and strict access controls are essential.
  4. Due Diligence: Rigorous testing and vetting of third-party code is crucial.
  5. Proactive Security: Proper identification and authorization practices are necessary.

Expert Insights:

  • Joshua Knox, ReversingLabs: “We must do our own due diligence.”
  • Kevin Kirkwood, Exabeam: “Early testing in CI/CD pipelines is critical.”
  • Naomi Buckwalter, Contrast Security: “A proactive approach to software supply chain security is overdue.”
  • Callie Guenther, Critical Start: “Puppet’s prompt response is a commendable example of effective incident management.”

[Read the full article]

Hackers Leak Internal Documents Stolen from Leidos Holdings

July 23, 2024 | Hackers have leaked internal documents from Leidos Holdings Inc., an IT services provider to U.S. government agencies, including the Defense Department. The breach occurred through Diligent Corp., a GRC software provider used by Leidos.

Leidos confirmed the connection to the Diligent breach and is investigating with cybersecurity experts and law enforcement. The exposure of sensitive information could compromise national security and government operations, highlighting the need for robust third-party security measures.

Micro-segmentation, stronger authentication, and continuous monitoring are critical strategies to mitigate such risks and prevent future breaches.

[Read the full article]

Cybersecurity Skills and Breaches: What Tech Pros Need to Know

29 July 2024 | A new Fortinet report reveals that 90% of organizations experienced breaches due to a lack of cybersecurity skills. Recruiting and retaining skilled professionals remains a major challenge. With 87% of organizations facing breaches in 2023, the need for skilled tech pros is critical.

To bridge the gap, focus on recruiting talent with both technical and soft skills. Upskilling and flexible hiring practices are key to securing data and networks. AI can assist, but skilled professionals are still essential for effective cybersecurity.

[Read the full article]

The Gately Report: Zimperium Partners Get Formal Channel Program

Plus, cybercriminals are ready to pounce on the Paris Olympics.

July 29, 2024 | Zimperium will launch its first formal partner program later this year, offering incentives for new business, said Chris White, Chief Revenue Officer. This move follows the hiring of David Natker as VP of Global Partners and Alliances. The program will focus on technical enablement, certifications, and incentivizing partners to build mobile security practices.

Zimperium’s partners currently drive 100% of its new business. The new program will continue this strategy, emphasizing net-new customers and account-based marketing efforts.

[Read the full article]

Critical Vulnerability Bypassing Windows SmartScreen Shows Need for Layered Defenses

July 25, 2024 | A vulnerability in Microsoft’s Windows SmartScreen, CVE-2024-21412, bypassed warning dialogues to deliver malware. Exploited in the wild and patched in February, this flaw allowed attackers to distribute ACR Stealer and Lumia Stealer, targeting apps like Chrome and Telegram.

Experts emphasize the need for layered security defenses and proactive threat intelligence to protect against evolving cyber threats.

[Read the full article]

3,000 GitHub Accounts Found Distributing Malware

July 25, 2024 | Over 3,000 malicious GitHub accounts were found distributing malware like Atlantida Stealer and RedLine, posing severe risks to organizations.

Check Point Research identified the threat group, Stargazer Goblin, using “Ghost” accounts to create the illusion of legitimate repositories. This tactic exploits GitHub’s reputation, leading to data breaches and financial losses.

Organizations must conduct thorough code reviews, use security tools, implement strong access controls, and maintain a security-aware culture among developers to mitigate these threats.

[Read the full article]

Cybersecurity Firm KnowBe4 Tricked into Hiring North Korean Hacker as IT Pro

July 24, 2024 | KnowBe4, a cybersecurity firm, was deceived by a North Korean hacker posing as an IT worker. The hacker passed rigorous interviews and background checks, but triggered security alerts upon receiving a company-issued Macbook.

An investigation revealed the hacker used a stolen US identity and AI-enhanced images. The hacker’s tactics included manipulating files and using a Raspberry Pi to load malware. Fortunately, KnowBe4’s security team contained the threat before any data was compromised.

Experts emphasize the need for robust vetting and monitoring to prevent such sophisticated attacks. This incident underscores the importance of enhanced security measures in the hiring process.

[Read the full article]

Insider Threat: KnowBe4 Thwarts North Korean Infiltration Attempt

July 24, 2024 | KnowBe4 recently stopped a North Korean operative posing as a software engineer. The company detected the threat when the new hire’s Mac workstation began loading malware.

CEO Stu Sjouwerman shared, “We hired the person, sent them a Mac, and it immediately started loading malware.”

Security experts stress the need for rigorous vetting, continuous monitoring, and collaboration across HR, IT, and security teams. This incident highlights the evolving tactics of state-sponsored actors and the importance of strong security measures.

[Read the full article]

Windows Users Targeted with Zero-Day Attacks via Internet Explorer

July 23, 2024 | An APT group named Void Banshee is exploiting Internet Explorer vulnerabilities to deploy the Atlantida info-stealer. Using CVE-2024-38112, Void Banshee targets Microsoft Internet Explorer 11, Windows (before 11 23H2 10.0.22631.3880), and Windows Server (before 2022 10.0.20348.2582).

The attacks involve malicious .URL files disguised as book PDFs, distributed via cloud-sharing websites, online libraries, and Discord servers. Predominantly affecting North America, Europe, and Southeast Asia, these attacks highlight the ongoing risk of legacy systems and delayed patch updates.

Security experts emphasize the need for timely security updates and robust patch management to counter such threats.

[Read the full article]

Women in IT Security Lack Opportunities, Not Talent

July 23, 2024 | Women in IT security are as skilled as men but face significant career barriers, according to a study by WiCyS and N2K Networks. Despite their aptitude, women encounter exclusion and limited advancement opportunities.

Experts stress the need for female mentors, inclusive policies, and advanced training to help women succeed in cybersecurity. Addressing unconscious bias and providing role models are crucial for fostering an equitable environment.

[Read the full article]

Fallout From Faulty Friday CrowdStrike Update Persists

July 22, 2024 | The CrowdStrike glitch on July 19 has sparked industry-wide concerns. A faulty Falcon Platform update caused widespread Microsoft outages, affecting 29,000 customers. IT teams are now laboring through a complex recovery process.

David Brumley, a professor at Carnegie Mellon University, criticized CrowdStrike’s insufficient stress-testing and non-incremental rollout. Callie Guenther from Critical Start noted the risks of Friday updates due to weekend understaffing.

Regulatory scrutiny and discussions about the consolidation of software vendors are expected. Adversaries are also exploiting the chaos, warned CrowdStrike CEO George Kurtz and CISA.

[Read the full article]

Researchers Discover New Phishing Kit on the Dark Web

July 22, 2024 | SlashNext researchers uncovered the FishXProxy Phishing Kit on the dark web. This kit uses unique link generation, advanced antibot systems, and redirection abilities to evade detection. It’s advertised as “The Ultimate Powerful Phishing Toolkit” and poses significant security challenges.

Callie Guenther from Critical Start highlights the risks: “FishXProxy lowers the barrier for advanced cybercrime, making it harder for traditional security measures to keep up.”

Mika Aalto from Hoxhunt stresses the need for human intelligence: “Equipping people with the right skills and tools is crucial to counter advanced phishing attacks.”

[Read the full article]

CrowdStrike vs. Microsoft: Who’s at Fault for the IT Outage?

July 19, 2024 | A global IT outage caused by a CrowdStrike update has led to debate over responsibility. The update triggered widespread crashes, impacting sectors from airports to banks.

CrowdStrike insists the issue wasn’t a cyberattack and has deployed a fix, while Microsoft has restored its cloud services. Analysts draw parallels to past incidents, emphasizing the need for thorough testing and robust incident response.

Controversy remains: Was the flaw in CrowdStrike’s update or Microsoft’s system?

[Read the full article]

Tips for Handling Cybersecurity Outages

July 19, 2024 | The CrowdStrike outage highlights key strategies for managing disruptions. Act swiftly with your incident response plan, communicate clearly, and apply necessary reboots and patches.

Long-term, enhance testing procedures, diversify vendors, and conduct regular training.

Stay alert for follow-on threats like phishing scams and fake updates.

[Read the full article]

Buggy CrowdStrike EDR Update Crashes Windows Systems Worldwide

July 19, 2024 | A defective update to CrowdStrike Falcon Sensor caused mass IT outages globally, disrupting businesses, airlines, healthcare providers, and more. The update led to the “blue screen of death” on Microsoft servers. Though CrowdStrike has reverted the update, many systems remain down.

The bug in the Memory Scanning policy was not caught in testing, causing the Falcon sensor to consume 100% of a CPU core. Workaround steps have been provided. Microsoft is working with CrowdStrike to restore systems.

[Read the full article]

Void Banshee Group Using Patched Zero-Day to Execute Infostealer

July 16, 2024 | APT group Void Banshee is exploiting a recently patched zero-day (CVE-2024-38112) to deploy the Atlantida infostealer. The attack uses a disabled Internet Explorer (IE) browser via MHTML to steal passwords and cookies.

Trend Micro reported Void Banshee spreads malicious files disguised as book PDFs on cloud-sharing sites, Discord, and online libraries. Callie Guenther of Critical Start highlights the vulnerability’s risk due to slow patch adoption and legacy systems.

[Read the full article]

As CISOs Grapple with the C-suite, Job Satisfaction Takes a Hit

July 15, 2024 | Research shows CISO job satisfaction is tied to their access to company management. Despite high salaries, many CISOs are unhappy, with three in four considering job changes in 2023. They often face blame for cyber incidents and compliance issues, leading to dissatisfaction.

Pathlock CEO Piyush Pandey notes the pressures of regulatory requirements and daily operations without corresponding compensation. George Jones of Critical Start highlights the impacts: decreased effectiveness, retention challenges, cultural issues, and increased vulnerabilities. Breaking these barriers involves giving CISOs a seat at the table and investing proactively in cybersecurity.

[Read the full article]

Federal Cybersecurity Hiring: What More Needs to Be Done?

July 10, 2024 | The Biden administration launched the National Cyber Workforce and Education Strategy (NCWES) to fill 470,000 open cybersecurity positions. This initiative aims to diversify the workforce, shift to skills-based hiring, and increase scholarships for non-traditional students.

Experts emphasize raising awareness about cybersecurity careers and providing quality education. Despite these efforts, the skills gap remains a significant challenge.

[Read the full article]

BlastRADIUS Vulnerability Exposes RADIUS Security Flaws

July 10, 2024 | Cybersecurity researchers discovered a critical vulnerability in RADIUS, a network authentication protocol from the 1990s still widely used today. The vulnerability, CVE-2024-3596, allows attackers to conduct man-in-the-middle attacks, posing significant risks to enterprise and telecom networks. Immediate patching and transitioning to modern cryptographic standards are essential to mitigate the threat.

[Read the full article]

CISO Job Satisfaction Drops Due to Lack of C-Suite Access

July 17, 2024 | Research reveals CISO job satisfaction is tied to their access to company management. High salaries don’t prevent job dissatisfaction; many CISOs considered job changes in 2023 due to being scapegoats for cyber incidents and compliance issues.

Key Issues:

  • Decreased effectiveness
  • High turnover rates
  • Cultural impact
  • Increased vulnerabilities

Solutions:

  • More board engagement
  • Proactive cybersecurity discussions
  • Adequate funding for cybersecurity

[Read the full article]

Eldorado Ransomware Targets Windows and Linux Networks

July 9, 2024 | Eldorado, a Ransomware-as-a-Service (RaaS), is hitting both Windows and Linux systems. Using Golang for cross-platform attacks, it employs advanced encryption like Chacha20 and RSA-OAEP to encrypt files over SMB. Eldorado spreads via USB drives and recruits affiliates through underground forums. Group-IB reports 16 confirmed cases, affecting various industries in the US and beyond.

[Read the full article]

Eldorado Ransomware Targets VMware ESXi

July 9, 2024 | A new ransomware-as-a-service platform, Eldorado, targets Windows and VMware ESXi environments. Active since March, Eldorado uses Golang for cross-platform capabilities and employs advanced encryption methods. Researchers note its significant impact on virtualized environments and the evolving threat landscape.

[Read the full article]

Report: Organizations Prioritize Savings Over Client Privacy

July 5, 2024 | Bugcrowd’s latest report reveals that 1 in 3 security leaders believe many organizations sacrifice customer privacy to reduce costs. Surveying over 200 global security leaders, the report highlights:

  • 91% foresee AI outpacing security teams.
  • 56% report severe team understaffing; 87% are hiring.
  • 70% plan to reduce security team sizes due to AI within 5 years.

[Read more about the report’s insights.]

Security Leaders Discuss Life360 Data Breach

July 2, 2024 | Life360 reported a data breach affecting its subsidiary, Tile, exposing client information such as names, phone numbers, addresses, email addresses, and device IDs.

Piyush Pandey, CEO at Pathlock: Pandey stressed the importance of proactive identity security, highlighting the need for visibility into user access throughout their lifecycle. He noted the absence of multi-factor authentication as a critical oversight, emphasizing the need to secure service accounts alongside business applications.

Anne Cutler, Cybersecurity Evangelist at Keeper Security: Cutler underscored the necessity for prioritizing admin account security, advocating for stringent password policies and least privilege access. She recommended continuous monitoring of admin activities and implementing multi-factor authentication across all accounts to enhance security.

Callie Guenther, Senior Manager, Cyber Threat Research at Critical Start: Guenther highlighted the broader implications of the breach, including potential threats like targeted extortion and supply chain vulnerabilities. She emphasized the importance of comprehensive security frameworks, vigilant monitoring, and incident response strategies to mitigate risks.

[Read the full article]

14 Million OpenSSH Servers Exposed via Regression Flaw

July 1, 2024 | A critical remote code execution flaw (CVE-2024-6387) in OpenSSH on glibc-based Linux systems has been discovered. This vulnerability could allow attackers to gain full system control without user interaction, posing severe risks.

Qualys identified over 14 million potentially vulnerable OpenSSH server instances exposed to the internet. This flaw, a regression of CVE-2006-5051, underscores the need for thorough regression testing.

To mitigate risks, apply patches immediately, restrict SSH access, and deploy intrusion detection systems.

[Read the full article]

Phantom Secrets: The Hidden Threat in Code Repositories

July 1, 2024 | Aqua Security reveals that API tokens, credentials, and passkeys remain exposed in code repositories, even after deletion. This “phantom secrets” issue affects major platforms like GitHub, Bitbucket, and GitLab, posing significant risks.

Aqua found that almost 18% of secrets might be overlooked by standard scanning methods, leaving sensitive information accessible. This problem persists due to how SCM systems save deleted or updated commits.

To mitigate these risks, organizations must implement comprehensive secret management practices and regular audits of their repositories.

[Read the full article]

Microsoft Reveals AI Security Flaw That Threatens eCommerce and Financial Services

July 1, 2024 | Microsoft has discovered “Skeleton Key,” a security flaw in AI models that can bypass ethical safeguards. This vulnerability impacts eCommerce platforms, financial services, and customer support systems.

The flaw affects AI from major providers like Meta, Google, and OpenAI, potentially allowing malicious actors to manipulate AI systems. Microsoft advises businesses to implement stringent security measures to protect against these threats.

[Read the full article]

Cybersecurity Burnout: Costing Enterprises More Than Money

June 28, 2024 | Cybersecurity stress is rampant, with burnout costing U.S. businesses $626 million annually in lost productivity. A survey by Hack the Box reveals 74% of cybersecurity pros take time off due to work-related stress, impacting recruitment and retention. Addressing these issues through mental health support and clear career paths is crucial.

[Read the full article]

Polyfill Becomes a Supply-Chain Risk to 100,000 Websites

June 28, 2024 | A recent acquisition of the Polyfill domain by a Chinese company has turned it into a major supply-chain risk for over 100,000 websites. Originally a trusted JavaScript library used widely across industries, Polyfill.io is now accused of delivering malicious code, including redirects to illicit sites like sports betting and pornography.

[Read the full article]

Cyberattack Rate Surges as Novel Malware Growth Accelerates

June 28, 2024 | BlackBerry Limited’s latest Global Threat Intelligence Report reveals a sharp increase in cyberattacks, detecting 3.1 million in Q1 2024 — approximately 37,000 per day. The report highlights a 40% rise in unique malware samples and identifies a significant targeting of sectors like healthcare and financial services. Social engineering tactics are on the rise, exploiting vulnerabilities across various industries.

[Read the full article]

CISOs Reveal Firms Prioritize Savings Over Long-Term Security

June 27, 2024 | Bugcrowd’s 2024 Inside the Mind of a CISO report highlights that 33% of security leaders believe companies sacrifice long-term security for cost savings. Additionally, 40% think few firms understand their breach risks. Despite concerns, 87% are hiring, with 56% reporting understaffing. Over 80% hold cybersecurity degrees, challenging perceptions on formal education.

[Read the full article]

Three Nation-State Campaigns Targeting Healthcare, Banking Discovered

June 27, 2024 | Researchers have uncovered three nation-state campaigns using advanced highly evasive and adaptive threat (HEAT) tactics to target sectors like banking, finance, insurance, legal, government, and healthcare. Named LegalQloud, Eqooqp, and Boomer, these campaigns have compromised over 40,000 users in 90 days, according to Menlo Security. The attackers use sophisticated techniques to bypass multi-factor authentication (MFA) and seize control of sessions, posing significant challenges for cybersecurity defenses.

[Read the full article]

Security Budgets Grow, but Inefficiencies Persist

June 27, 2024 | Organizations are increasing their cybersecurity budgets but remain uncertain about the effectiveness of their investments, according to Optiv’s 2024 Threat and Risk Management Report. While budgets have increased by 59% year-over-year, only 36% have a formal budgeting approach, leading to inefficiencies and missed opportunities. The report reveals that 61% of organizations experienced a data breach in the past two years, and 73% are adopting SOAR technology to improve incident response efficiency.

[Read the full article]

New RAT Digs into Android Phones to Steal Data and Encrypt Files – DICE Insights

June 24, 2024 | Outdated Android devices are under attack from “Rafel RAT,” a novel malware capable of stealing data and executing ransomware attacks, according to CheckPoint research. Over 120 global campaigns have been observed, targeting high-profile sectors like the military. Rafel RAT can access SMS, call logs, and contacts by exploiting user permissions through phishing campaigns. Modified versions include a ransomware module for encrypting files.

[Read the full article]

The Gately Report: SolarWinds Says Generative AI Not a ‘Scary Monster’ – Channel Futures

June 3, 2024 | SolarWinds’ SVP Krishna Sai emphasizes that generative AI is beneficial, not intimidating, helping organizations improve operations and customer satisfaction. SolarWinds AI, integrated into their IT service management products, demonstrates these benefits. Sai encourages embracing AI while being aware of regulatory and security considerations.

Read the full article

Popular WordPress Plugins Leave Millions Open to Backdoor Attacks – Hack Read

June 3, 2024 | Fastly researchers discovered vulnerabilities in popular WordPress plugins, including WP Meta SEO, WP Statistics, and LiteSpeed Cache, leaving millions of websites exposed to backdoor attacks. These vulnerabilities allow attackers to inject malicious scripts, create admin accounts, and insert PHP backdoors. Website administrators are advised to update plugins and implement security measures to protect their sites.

Read the full article

39% of MSPs Adapting to New Technologies Is Their Biggest Challenge – Security Magazine

June 3, 2024 | A recent report reveals that 39% of Managed Service Providers (MSPs) find adapting to emerging cybersecurity solutions and technologies to be their greatest challenge. The report, based on a survey of 350 MSPs across the US, UK, Australia, and Germany, highlights the critical need for continuous staff training, strong vendor relationships, and flexible security solutions.

Read the full article

EPA Issues Urgent Alert for Water Utilities to Enhance Cyber Defenses – Secure World Magazine

May 22, 2024 | The EPA has issued an urgent alert for U.S. water utilities to strengthen cybersecurity defenses against escalating threats, citing critical vulnerabilities and the necessity for immediate action. The alert outlines essential measures for risk assessments, network safeguards, incident response, and employee training to ensure compliance with the Safe Drinking Water Act.

Read the full article

CISA’s ‘Vulnrichment’ Aims to Fix the NVD – Reversing Labs

May 15, 2024 | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched the “vulnrichment” program to address delays in the National Vulnerability Database (NVD) caused by NIST’s reduced involvement. This initiative enriches CVEs with critical data such as CVSS scores, CWE, and CPE information, aiding better vulnerability management. CISA’s stakeholder-specific categorization helps prioritize vulnerabilities. Since its launch, over 1,300 CVEs have been enriched. This program is part of CISA’s broader efforts to enhance cybersecurity resilience across the U.S.

Read the full article.

Strategic Cyber Defense: Balancing Threat-Centric and Risk-Centric Approaches – CPO Magazine

May 15, 2024 | In cybersecurity, distinguishing between vulnerabilities, threats, and risks is crucial. The article discusses the differences between risk-centric and threat-centric approaches in cybersecurity. It explains how each approach addresses specific threats like ransomware, phishing, and data breaches, and emphasizes the need for a balanced strategy tailored to an organization’s unique challenges.

Read the full article

Google Rushes to Patch Second Actively Exploited Chrome Zero-Day in a Week – Secure World Magazine

May 15, 2024 | Google released an emergency update for Chrome (CVE-2024-4761), an out-of-bounds write flaw in the V8 JavaScript engine. This marks the sixth Chrome zero-day patched in 2024. Users should update to version 124.0.6367.207/.208 on Windows/Mac and 124.0.6367.207 on Linux. Experts emphasize the critical nature of frequent zero-day discoveries and the need for prompt patching and additional security measures.

Read the full article

Google Patches 6th Chrome Zero-Day of 2024, Three Days After Last One – SC Magazine

May 14, 2024 | Google released a patch for the sixth Chrome zero-day vulnerability of 2024 (CVE-2024-4761), an out-of-bounds write in the V8 engine. Discovered by an anonymous researcher, this flaw allows remote attackers to perform memory writes via crafted HTML. Despite no active exploitation reported, an exploit exists. Experts emphasize the importance of swift patching and robust cybersecurity measures.

Read the full article

Dangerous Google Chrome Zero-Day Allows Sandbox Escape – Dark Reading

May 14, 2024 | Google released an emergency update for Chrome, addressing a zero-day vulnerability (CVE-2024-4761) in the V8 JavaScript engine. This flaw allows attackers to escape the browser sandbox via crafted HTML pages. It is the sixth Chrome zero-day patched this year, with exploit code already circulating. Users should update Chrome immediately to prevent potential data breaches.

Read the full article

AHA, H-ISAC Warn Hospitals About Black Basta Following Ascension Cyberattack – Healthcare IT News

May 13, 2024 | Following a major cyberattack on Ascension health system, the AHA and H-ISAC issued alerts about the Black Basta ransomware group, which has increasingly targeted healthcare. Ascension is collaborating with law enforcement and sharing threat intelligence. The attack has severely disrupted clinical operations, leading to patient rescheduling and downtime procedures. Experts emphasize the importance of information sharing and advanced cybersecurity measures to mitigate such threats.

Read the full article

CISA Unveils Critical Infrastructure Reporting Rule – Security Boulevard

April 5, 2024 | CISA announced a new rule under the Cyber Incident Reporting for Critical Infrastructure Act, requiring significant cyber incidents to be reported within 72 hours and ransom payments within 24 hours. CISA Director Jen Easterly emphasized the rule’s role in enhancing cybersecurity coordination and response. The rule is expected to affect over 316,000 entities and cost an estimated $2.6 billion. The public comment period ends on June 3, 2024.

Read the full article

Securing Secrets: The State Department’s Cyber Hunt – The CyberWire Daily

April 4, 2024 | The State Department is investigating an alleged cyber breach while the FCC considers regulating connected vehicles. In the Industry Voices segment, George Jones, CISO at Critical Start, shares strategies on maximizing cybersecurity investments to achieve optimal risk reduction. Jones discusses how security leaders can spend smarter and reduce risks effectively.

Read the full article

‘Latrodectus’ Uses Sandbox Evasion Techniques to Launch Malicious Payloads – SC Magazine

April 4, 2024 | Researchers from Proofpoint have identified a new malware called “Latrodectus,” likely developed by the creators of the banking trojan IcedID. This malware uses sandbox evasion techniques to deliver malicious payloads. Proofpoint expects increased use of Latrodectus by threat actors. The malware checks for sandbox environments and is distributed via impersonation campaigns.

Read the full article

Sophos Reveals Ransomware Attacks Are Now Targeting Backups – Hackread

April 3, 2024 | A Sophos report reveals ransomware attackers are increasingly targeting backups, making it harder for organizations to recover without paying a ransom. 94% of surveyed companies faced backup compromise attempts, leading to higher ransom demands. The report emphasizes secure, isolated backups as critical to minimizing ransomware damage and ensuring business continuity.

Read the full article

Why the FCC’s Cybersecurity Labeling Program Benefits IoT Systems – SC Magazine

April 3, 2024 | The FCC’s new voluntary cybersecurity labeling program for IoT devices aims to enhance consumer awareness and protection. By providing clear cybersecurity information through a U.S. Cyber Trust Mark and QR code, the program promotes transparency and security. This initiative can help mitigate risks in critical sectors like energy, healthcare, and manufacturing, ensuring safer IoT deployments.

Read the full article

US House Forbids Staff Members from Using AI Chatbot Microsoft Copilot – SC Magazine

April 1, 2024 | The US House of Representatives has banned staff members from using Microsoft’s AI chatbot Copilot due to concerns over data security and potential leaks to non-House approved cloud services. This decision aligns with a previous ban on ChatGPT and reflects the government’s cautious approach to AI regulation. Microsoft plans to release a secure government version of Copilot this summer to address these concerns.

[Read the full article]

Revolutionize cybersecurity with proactive vulnerability intelligence – SC Media

March 18, 2024 | In her article for SC Media, Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, advocates for a paradigm shift in cybersecurity from a reactive to a proactive approach.

She emphasizes the importance of integrating proactive vulnerability intelligence (VI) within vulnerability management systems (VMS) to anticipate and mitigate potential threats before they materialize into breaches.

Guenther cites the recent ransomware attack on Change Healthcare as an example of the devastating consequences of relying on a reactive model and highlights how proactive VI could have offered multiple layers of defense.

The article underscores the strategic advantages of embracing proactive VI within VMS, including enhanced threat prediction, prioritized remediation efforts, and optimized resource allocation.

Guenther envisions a future where the integration of proactive VI and VMS, coupled with advancements in AI and machine learning, becomes the foundation of adaptive and resilient cybersecurity strategies.

Read full article

Benefits And Cautions Of Aligning With Cybersecurity Frameworks – Forbes Council Post

February 13, 2024 | In his Forbes Council Post, Randy Watkins, CTO of Critical Start, emphasizes the significance of adopting cybersecurity frameworks like NIST CSF and ISO/IEC 27001 for enterprise security teams.

He outlines how these frameworks provide a structured approach to enhancing an organization’s security posture by covering critical aspects such as identification, protection, detection, response, and recovery.

The article also highlights the benefits of aligning security measures with these frameworks to develop comprehensive roadmaps, justify budget allocations, and cautions against overreliance on any single framework, given the unique needs of each organization and the ever-changing cyber landscape.

Ultimately, Randy advocates for fully integrating cybersecurity frameworks into holistic risk reduction strategies, enabling organizations to measure and optimize their security posture over time accurately.

Read full article

Exploitation Accounts For 29% of Education Sector Attacks

October 11, 2023 | The education sector is increasingly targeted by cyber threats, with 29% of attacks on K-12 schools originating from vulnerability exploitation, and 30% from phishing campaigns in 2023, according to a report by cybersecurity solutions provider Critical Start. The report highlights the growing use of Quick Response (QR) codes in phishing attacks, where cybercriminals disguise themselves as Microsoft security notifications and embed QR codes within PNG images or PDF attachments. Ransomware groups are collaborating more extensively, sharing tactics and procedures, while Microsoft Teams’ vulnerability allows external accounts to send harmful files directly to an organization’s staff, increasing the risk of successful attacks.

Read full article

Hacker Advocates Turning Tracking Tables on Law Enforcement

October 10, 2023 | A robotics hacker, Alan Meekins (Nullagent), created RFParty, a service enabling people to monitor police activity using Bluetooth, exploiting vulnerabilities in law enforcement equipment provider Axon’s devices. Meekins discovered that Axon uses Bluetooth to tie together hardware like body cameras, Tasers, firearms, and dash cameras. Accessing Bluetooth data, such as the MAC address of a bodycam, could be valuable to citizens seeking to monitor police activity. While Meekins’ RFParty service isn’t designed to track police, it maps common IoT devices, including police objects like bodycams. Cybersecurity experts note that Bluetooth connections offer a broader attack surface than wired connections, and vulnerabilities in Bluetooth are discovered semi-regularly. While Bluetooth security can vary, the threat to consumers is considered marginal, with good security hygiene recommended.

Read full article

‘Predator Files’ Report Prompts Call for Worldwide Ban on Spyware

October 9, 2023 | Amnesty International reported a series of Predator spyware attacks targeting civil society, journalists, politicians, and academics in the European Union, the United States, and Asia. The human rights group called for a worldwide ban on spyware, stating that the attacks are so serious that the developers of Predator, the Intellexa alliance, have done nothing to limit the use of this spyware. The Amnesty International investigation is part of the ‘Predator Files’ project, and those targeted include members of the U.S. Congress, the President of the European Parliament, the Taiwan President, and others. The spyware provides unfettered access to a device’s microphone and camera and all its data. Social media platforms, including X and Facebook, were used to publicly target at least 50 accounts, according to Amnesty International. The Citizen Lab independently confirmed Amnesty’s findings concerning Predator and assessed with “high confidence” that the threat actor included Cytrox Predator infection links in replies to numerous U.S. and international officials and others. The targeting of high-ranking officials and journalists demonstrates the strategic deployment of this spyware, with a clear motive to gain insights into policy-making or to quell dissent.

Read full article

AWS Warns of ‘ShellTorch’ Issue Affecting Code Related to AI Models

October 3, 2023 | Amazon Web Services (AWS) has issued a warning regarding a vulnerability affecting TorchServe, a tool used by major companies to incorporate artificial intelligence (AI) models into their operations. The bug, named CVE-2023-43654 and part of a set of vulnerabilities named “ShellTorch” by researchers from Oligo, exposes important administrative tools to the open internet. Oligo discovered that hackers could potentially view, modify, steal, or delete AI models and sensitive data between a company and the TorchServe server. The vulnerabilities highlight the risks associated with AI models relying heavily on open-source software. AWS urges users to update TorchServe to resolve the issue.

Read full article

EU Urged to Reconsider Cyber Resilience Act’s Bug Reporting within 24 Hours

October 3, 2023 | A group of 56 cybersecurity leaders, including professionals from ESET, Rapid7, the Electronic Frontier Foundation, and Google’s Vint Cerf, have criticized the European Union’s (EU) proposed one-day vulnerability disclosure requirement under the Cyber Resilience Act (CRA). In an open letter, they argue that the CRA’s requirement for software publishers to disclose unpatched vulnerabilities to government agencies within 24 hours of exploitation could create a tempting target for malicious actors and have a chilling effect on good-faith security researchers. They suggest that disclosing vulnerabilities prematurely may interfere with the coordination and collaboration between software publishers and security researchers.

Read full article

Cisco Warns of Attempted Exploitation of Zero-Day in VPN Software

October 2, 2023 | Cisco has identified and released patches for a vulnerability (CVE-2023-20109) affecting the Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software. The flaw has a CVSS severity score of 6.6 out of 10, and a successful exploit could allow an attacker to execute arbitrary code and gain full control of the affected system or cause it to reload, resulting in a denial of service (DoS) condition. While the vulnerability is serious, experts note that a successful exploit would require a hacker to be deeply embedded in an organization’s systems, making it likely that the bug would be used for privilege escalation in an already-compromised system.

Read full article

MOVEit Developer Patches Critical File Transfer Bugs

September 29, 2023 | Progress Software has issued patches for critical vulnerabilities in its WS_FTP Server, impacting versions prior to 8.7.4 and 8.8.2. One of the vulnerabilities, CVE-2023-40044, with a CVSS score of 10.0, is a .NET deserialization flaw in the Ad Hoc Transfer module that allows pre-authenticated attackers to execute remote commands on the underlying operating system. Another critical flaw, CVE-2023-42657, with a CVSS score of 9.9, is a directory traversal vulnerability that enables attackers to perform unauthorized file operations on the underlying operating system. Organizations are advised to apply patches promptly or upgrade to the latest version (8.8.2) and plan for system outages during the upgrade process.

Read full article

US and Japan Warns That Chinese-Linked Hacking Group is Targeting Routers

September 27, 2023 | The U.S. and Japanese governments have issued a joint advisory warning about BlackTech, a Chinese-linked hacking group actively targeting and exploiting routers, especially those from Cisco Systems Inc. BlackTech, also known as Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda, has shown capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships to pivot between international subsidiaries and headquarters in Japan and the U.S. The threat group targets various sectors, including government, industrial, technology, media, electronics, and telecommunications, affecting entities supporting the U.S. and Japan militaries. The advisory urges organizations to review subsidiary connections, verify access, implement zero trust models, and adopt mitigations against known attack paths to detect and protect against BlackTech’s activities.

Read full article

Vulnerability in Popular ‘libwebp’ Code More Widespread Than Expected

September 27, 2023 | A previously disclosed vulnerability, first tracked as CVE-2023-4863 and later marked as CVE-2023-5129 with the highest CVSS severity rating of 10 out of 10, is found to affect a wider range of applications than initially assumed. Originally announced as a Chrome browser issue, researchers later traced it back to the open-source libwebp library. This library, used by multiple browsers and image editors, was discovered in several popular container images’ latest versions, including Nginx, Python, Joomla, WordPress, Node.js, and more. The vulnerability poses significant risks due to its high severity and the potential for remote code execution, making it crucial for organizations to thoroughly inventory their software assets to ensure comprehensive mitigation.

Read full article

Apple Issues Emergency Patches on Three New Exploited Zero-Days

September 22, 2023 | Apple has patched three zero-day vulnerabilities actively exploited in the wild, bringing the total fixed zero-days this year to 16. Security researchers believe commercial spyware vendors are behind the attacks. The vulnerabilities were reported by Bill Marczak of The Citizen Lab and Maddie Stone of Google’s Threat Analysis Group. The fact that many of these vulnerabilities were discovered by groups that focus on state-sponsored and high-level cyber-espionage campaigns suggests that Apple devices are being targeted in sophisticated attacks against high-profile individuals. The zero-days patched include vulnerabilities in WebKit browser, Security Framework, and Kernel Framework. The use of zero-day vulnerabilities by commercial spyware vendors is on the rise, and the exposure of these vulnerabilities raises the cost of doing business for them. Apple’s new Rapid Security Response (RSR) model separates critical security patches from functional updates, allowing the company to address vulnerabilities more quickly and efficiently.

Read full article

Okta Agent Involved in MGM Resorts Breach, Attackers Claim

September 15, 2023 | The threat group ALPHV, responsible for the recent cyberattacks on MGM Resorts and Caesars Entertainment, claims to have breached MGM’s systems by exploiting vulnerabilities in the Okta platform, specifically the Okta Agent. The group states that MGM Resorts hastily shut down its Okta Sync servers after learning of the intrusion, resulting in Okta being completely out. ALPHV indicates that they lurked in the Okta Agent servers, sniffing passwords of individuals. The group subsequently launched ransomware attacks against over 1,000 ESXi hypervisors on September 11. ALPHV threatens further action if a financial arrangement is not reached, claiming ongoing access to some of MGM’s infrastructure. Okta’s chief security officer acknowledges a social engineering component to the attack but highlights that the attackers were sophisticated enough to deploy their identity provider and user database into the Okta system. Okta had previously warned of social engineering attacks attempting to gain highly privileged access. The incident raises concerns about potential future cyberattacks targeting high-privilege users and emphasizes the importance of robust security hygiene, continuous monitoring, and threat intelligence sharing.

Read full article

Tactics of MGM-Caesars Attackers Were Known for Several Months

September 14, 2023 | The recent ransomware attacks on MGM International and Caesars Entertainment by the Scattered Spider group highlight the threat of known tactics and techniques that have been well-documented for months. The group utilizes the Bring Your Own Vulnerable Driver (BYOVD) technique, exploiting vulnerabilities in drivers like the Intel Ethernet diagnostics drivers to gain elevated privileges within Windows systems. While initial compromises may involve social engineering, the subsequent actions inside the network, especially if using advanced tactics like BYOVD, could significantly impact the severity of the breach. Scattered Spider, also known as UNC3944, operates as a financially driven threat actor, and their attacks raise concerns about the security of large organizations. The recent incidents indicate a potential shift in focus from traditional ransomware-as-a-service (RaaS) activities to advanced threat actor tactics. The security industry emphasizes the need for organizations to enhance security measures against such sophisticated threats and urges a comprehensive defense strategy beyond conventional security products.

Read full article

MGM Resorts Cyberattack Hobbles Las Vegas Strip Operations

September 12, 2023 | MGM Resorts is dealing with a cyberattack that has left its hotel operations, especially in Las Vegas, in disarray. The incident, suspected to be a ransomware attack, impacted key card systems, locking guests out of their rooms and causing disruptions to slot machines. While the company is actively investigating with external cybersecurity experts and law enforcement, its websites remain offline. Security experts see signs of a ransomware attack, given the widespread outages, but other possibilities, such as a distributed denial-of-service (DDoS) attack or an advanced persistent threat (APT) group, are not ruled out. The recovery process is now in the hands of MGM Resorts’ security teams.

Read full article

Cyber-criminals “Jailbreak” AI Chatbots For Malicious Ends

September 12, 2023 | A new trend called “jailbreaking” has emerged in the world of AI chatbots, where users exploit vulnerabilities to bypass safety measures, potentially violating ethical guidelines and cybersecurity protocols. This practice allows users to unleash uncensored and unregulated content, raising ethical concerns. Online communities share tactics to achieve these jailbreaks, fostering a culture of experimentation. Cyber-criminals have also developed tools for malicious purposes, leveraging custom large language models. While defensive security teams work on securing language models, the field is still in its early stages, and organizations are taking proactive steps to enhance chatbot security.

Read full article

‘Evil Telegram’ Spyware Campaign Infects 60K+ Mobile Users

September 8, 2023 | Cybercriminals are exploiting the acceptance of Telegram “mods” in the Google Play store to distribute “Evil Telegram,” a spyware campaign. Using modified versions of Telegram, these attackers, trading on users’ trust in Telegram’s security, create a new avenue for cyberespionage. Kaspersky identified infected apps like “Paper Airplane,” which appear as legitimate Telegram clones but contain a hidden spyware module. These apps, downloaded over 60,000 times, target users in China, particularly the Uyghur ethnic minority, raising concerns about potential government surveillance. Businesses are urged to remain vigilant, as mobile spyware poses risks such as unauthorized access to sensitive data and compromised employee information. Kaspersky researchers reported the apps to Google for removal, emphasizing the need for caution even with official app stores.

Read full article

Cyber-criminals Exploit GPUs in Graphic Design Software

September 8, 2023 | Cisco Talos researchers uncovered a cryptocurrency-mining scheme targeting graphic designers and 3D modelers. Active since November 2021, the attackers use the legitimate Windows tool “Advanced Installer” to bundle mining malware with software like Adobe Illustrator. The focus on graphic design and 3D modeling tools is due to their high GPU power, ideal for mining. Malicious scripts, hidden in the installation process, deploy threats like the M3_Mini_Rat backdoor and mining malware (PhoenixMiner, lolMiner). The campaign, mainly affecting French-speaking users, emphasizes the need for caution during software installation. Persistent and difficult to detect, such campaigns highlight the importance of collaboration between operations and security teams.

Read full article

North Korean Hackers Target Security Researchers — Again

September 7, 2023 | For the second time in the last few years, North Korean state-sponsored attackers targeted security researchers. With an all new zero-day vulnerability, fake software tool, and extensive phishing, these operations are aiming to not only steal information but also gather insight into defense mechanisms. Critical Start’s Senior Manager of Cyber Threat Research, Callie Guenther, sat down with Dark Reading to talk about the recent return of these threat actors, and their strategic targeting of those involved in cybersecurity research.

Read the full article

Attackers Leverage Windows Advanced Installer to Drop Cryptocurrency Malware

September 7, 2023 | Advanced Installer, a legitimate windows tool, is being hijacked by threat actors, in order to create software packages to drop cryptocurrency mining malware on computers. The main targets are heavy users of 3D modeling and graphic design in France and Germany. In this SC Magazine article, Critical Start’s Senior Manager of Cyber Threat Research, Callie Guenther, discusses the various methods and motivations these attackers may use to choose their targets.

Read full article

Why Instagram Threads is a Hotbed of Risks for Businesses

September 4, 2023

Instagram’s new Threads is already proving to be a target for fraud and abuse, with several potential security and compliance risks associated with its use for organizations. Learn about some of these vulnerabilities from Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research and how organizations can protect against these risks.

Read full article

The Vulnerability Crisis: Safeguarding PII in Web Apps

August 29, 2023

Web apps that contain Personally Identifiable Information (PII) are prime targets for threat actors due to the valuable data being stored. No platform is safe from cyber attacks or vulnerabilities, and these internet-exposed applications are no different. What are the true consequences of a breach for these web apps, and how they safeguard against vulnerabilities? Learn more from Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, in this SC Magazine article.

Read full article