June 12, 2024 at 11:50AM TellYouThePass, a ransomware group, is targeting businesses and individuals using open source Web development languages, exploiting a critical PHP vulnerability (CVE-2024-4577) for remote code execution. This allows them to execute arbitrary code on vulnerable servers, posing significant risks. They also use various attack techniques and exploit known vulnerabilities such as … Read more
April 30, 2024 at 01:37PM Industrial cyber attackers are increasingly utilizing USB devices to breach operational technology (OT) networks, employing old malware and vulnerabilities. USBs enable attackers to cross air gaps that separate OT and IT networks, making them an effective threat vector. Defenses against these threats include strict USB policies, scanning stations, and file … Read more
February 23, 2024 at 02:25PM Attackers are increasingly using legitimate tools, making it challenging for enterprise defenders to detect and defend against attacks. Rethinking network architecture is essential, with a focus on strong access controls, privileged behavior monitoring, and cloud security technologies. Organizations should prioritize telemetry sources and take a proactive approach to detect living … Read more
November 16, 2023 at 08:12AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and MS-ISAC have issued an advisory about the Rhysida ransomware. The threat actors behind Rhysida use a ransomware-as-a-service model and target organizations in various sectors. They exploit VPNs, the Zerologon vulnerability, and phishing campaigns to gain access to networks. Rhysida … Read more