New Threats
September 26, 2023
1295 views 10 secs 0

Is that blood drive message really from the American Red Cross? Be careful.

NSFOCUS Security Labs recently discovered a new attack process based on phishing documents in their daily threat-hunting operations. Delving deeper into this finding through extensive research, they confirmed two new Trojan horse programs and many rare attack techniques and tactics. … AtlasCross designed a decoy document titled “Blood Drive September 2023.docm” with the United States […]

New Threats, Vulnerabilities
September 20, 2023
1517 views 37 secs 0

Lazarus Group Exploits ManageEngine Vulnerability

HC3: Sector AlertTLP:CLEARReport: 202309181700 Executive Summary Cisco Talos has published an open-source report regarding the North Korean state-sponsored actor, the Lazarus Group, reported to be targeting internet backbone infrastructure and healthcare entities in Europe and the United States. The attackers have been exploiting a vulnerability in ManageEngine products, which is tracked as CVE-2022-47966. This vulnerability […]

New Threats
September 01, 2023
1355 views 49 secs 0

Hackers use brute force and credential stuffing attacks on Cisco VPNs to breach networks

Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication (MFA). Last week, BleepingComputer reported that the Akira ransomware gang was breaching Cisco VPNs for initial network access. Rapid7 security researchers have provided additional insights regarding these […]

News, New Threats
August 27, 2023
8172 views 7 mins 0

Etiology of a Breach

Most data breaches involve some level of victim human error, which theoretically employee training can address.  Human error can take the form of clicking on a link, where the email address of the sender is unknown to the person clicking on the link.  Malware then enters the scene.  Another common human error scenario involves phishing […]