December 3, 2024 at 05:39PM KnowBe4’s Q3 2024 Phishing Report highlights the dominance of HR and IT-related phishing emails, comprising 48.6% of the most clicked phishing types. It emphasizes the increasing sophistication of phishing strategies, including QR code attacks, and stresses the need for a trained workforce to combat these prevalent cyber threats. **Meeting Takeaways: … Read more
December 3, 2024 at 05:05PM Stoli Group’s U.S. subsidiaries have filed for bankruptcy following a ransomware attack that disrupted their IT systems and forced manual operations. Additionally, Russian authorities seized their last distilleries due to the founders’ designation as “extremists.” Stoli faces ongoing legal battles over vodka trademarks, complicating its situation. ### Meeting Notes Takeaways … Read more
December 3, 2024 at 04:06PM Cybercriminals are increasingly abusing Cloudflare’s ‘pages.dev’ and ‘workers.dev’ for phishing and malicious activities, with Fortra reporting a 198% rise in phishing incidents on Cloudflare Pages and a 104% increase on Cloudflare Workers. This exploitation leverages Cloudflare’s trusted reputation, complicating detection and allowing efficient phishing campaigns. **Meeting Takeaways:** 1. **Increase in … Read more
December 3, 2024 at 03:41PM Cisco warns customers of a decade-old security flaw in its Adaptive Security Appliance (ASA) WebVPN, tracked as CVE-2014-2120, which is being actively exploited. This vulnerability allows unauthenticated remote attackers to conduct cross-site scripting (XSS) attacks. Customers are urged to upgrade software, as no workarounds exist. ### Meeting Takeaways 1. **Security … Read more
December 3, 2024 at 03:07PM ENGlobal, an American energy contractor, is facing limited IT system access following a ransomware incident detected on November 25. The company is investigating and mitigating the breach, which involved unauthorized access and encryption of data. ENGlobal serves high-profile clients, including government departments, making it a prime target for cybercriminals. **Meeting … Read more
December 3, 2024 at 02:52PM CISA issued guidance to strengthen defenses against the Salt Typhoon Chinese threat group, which compromised major telecoms like AT&T and T-Mobile, accessing sensitive data. The advisory includes hardening practices such as timely device updates, disabling insecure protocols, and enhancing visibility into network activities. Vigilance is emphasized for effective defense. ### … Read more
December 3, 2024 at 02:24PM Cybercriminals are enhancing their attacks using generative AI, increasing risks for businesses. A survey of over 750 cybersecurity professionals reveals rising concerns among IT operations teams regarding operational blind spots and prioritization of vulnerabilities. Effective communication with security operations is vital for addressing these challenges and ensuring security protocols are … Read more
December 3, 2024 at 02:00PM A proof-of-concept exploit for a critical remote code execution vulnerability in Progress WhatsUp Gold has been released. It is essential to install the latest security updates immediately to mitigate potential risks. **Meeting Takeaways:** 1. **Critical Security Flaw:** A proof-of-concept exploit has been released for a critical-severity remote code execution vulnerability … Read more
December 3, 2024 at 01:48PM Trend Micro Research reports a shift in Gafgyt malware targeting misconfigured Docker Remote API servers, previously focusing on IoT devices. Attackers deploy malware via Docker containers, enabling DDoS attacks. Recommendations for securing servers include strong access controls, regular monitoring, and educating personnel on best practices. ### Meeting Takeaways **Key Report … Read more
December 3, 2024 at 01:45PM A survey of over 14,000 employees reveals risky behaviors regarding sensitive data access. Eighty percent use unsecure personal devices, while 40% download customer data without controls. Many also reuse passwords and bypass security policies. Increased use of AI tools raises concerns, as compliance with data handling guidelines is low. **Meeting … Read more