My TechDecisions

Search Results: malware

Tax day concept. Businessman using the laptop to fill in the income tax online return form for payment.

Best Practices on How to Avoid Phishing Scams Ahead of Tax Day

Learn how to protect yourself and your organization from tax scams ahead of the U.S. tax deadline with these best practices.

April 10, 2023 Steven Spadaccini Leave a Comment

With April’s U.S. tax deadline, cybercriminals have sprung into action. For one, a devious Emotet malware phishing campaign has been launched, masquerading as official W-9 tax form emails sent from the Internal Revenue Service (IRS). A malicious group known as Tactical#Octopus is also on the prowl and looking to spread malware through fake file downloads […]

Read More
Microsoft Fortra healthcare ransomware

Microsoft, Fortra Take Action to Disrupt Ransomware Groups Targeting Healthcare

Microsoft, Fortra and Health-ISAC obtained a court order to disrupt the malicious use of Cobalt Strike and Microsoft tools in cyberattacks.

April 7, 2023 Zachary Comeau Leave a Comment

In a move that represents a growing offensive against cybercriminals, Microsoft, cybersecurity firm Fortra and Health Information Sharing and Analysis Center have taken action to disrupt ransomware groups that have been observed attacking healthcare organizations in more than 19 countries. According to Microsoft, the company’s Digital Crimes Unit (DCU), Fortra and Health Information Sharing and […]

Read More
Genesis Market

Check to See If Your Organization’s Credentials Were on Genesis Market

Dark web initial access marketplace Genesis Market has been seized, and organizations can check to see if they were compromised.

April 6, 2023 Zachary Comeau Leave a Comment

Genesis Market, online criminal marketplace that advertised and sold packages of stolen credentials that threat actors use to compromise accounts in the financial sector, critical infrastructure and federal, state and local government agencies, has been dismantled by a coalition of international law enforcement agencies. According to a news release from the U.S. Department of Justice, […]

Read More
My TechDecisions Podcast, zero trust

My TechDecisions Podcast Episode 191: Learnings From the LastPass Breach

Scott Caveza, senior research manager at Tenable, joins the podcast to discuss security lessons we've learned from the LastPass breach.

March 23, 2023 Zachary Comeau Leave a Comment

On this episode of the My TechDecisions Podcast, we discuss the LastPass breach and what IT security teams can learn from it with Scott Caveza, senior research manager at Tenable. Late last month, LastPass revealed that the same threat actor that accessed portions of the LastPass development environment and source code that has forced the company […]

Read More
June 2023 Patch Tuesday. Patch Tuesday,

March 2023 Patch Tuesday: Two Actively Exploited Bugs in Outlook, SmartScreen

Microsoft's March 2023 Patch Tuesday includes fixes for 76 vulnerabilities, two of which are being exploited in the wild.

March 14, 2023 Zachary Comeau Leave a Comment

Microsoft’s March 2023 Patch Tuesday release includes fixes for 76 vulnerabilities in the company’s products, with two listed as being actively exploited, one of which also being listed as publicly known. The amount of bugs fixed by Microsoft this month is on par with the tech giant’s February security update when it patched 75 vulnerabilities, […]

Read More
ChatGPT, IT, Policies, AI Tools, Data

Beware of ChatGPT-Themed Phishing Attacks

ChatGPT-themed phishing lures are becoming a favorite among cybercriminals to distribute malware, Cyble researchers say.

March 10, 2023 Zachary Comeau Leave a Comment

ChatGPT and generative AI is dominating the news cycle, with companies like Microsoft, Slack, Snapchat, Grammarly and many others leveraging the emerging technology to help users be more efficient, accurate and creative. In fact, ChatGPT was estimated to have reached 100 million monthly active users in January, making it the fastest-growing consumer tool in history. […]

Read More
Royal Ransomware

FBI, CISA Warn of Royal Ransomware Targeting Critical Infrastructure

Royal ransomware actors have been targeting manufacturing, communications, healthcare and education entities since September 2022, agencies say.

March 3, 2023 Zachary Comeau Leave a Comment

U.S. agencies are warning critical infrastructure organizations to be on the lookout for Royal ransomware, a financially motivated threat actor that has been targeted manufacturing, communications, healthcare and education entities since September 2022. In a joint advisory, the FBI and U.S. Cybersecurity and Infrastructure Security Agency say the Royal ransomware actors have compromised U.S. and […]

Read More
Phishing, Email security

Phishing Remains a Favorite Hacking Tool as New Methods Emerge

New methods such as phone-oriented attack delivery and MFA bypass are making phishing attacks more sophisticated, according to Proofpoint.

March 3, 2023 Zachary Comeau Leave a Comment

Phishing, social engineering, and ransomware remain favorite attack methods of cybercriminals, but threat actors are beginning to shift to newer techniques, such as phone-oriented attack delivery and adversary-in-the-middle phishing proxies designed to bypass multifactor authentication, according to cybersecurity firm Proofpoint. The Sunnyvale, Calif.-based company’s’ State of the Phish report finds that email-based phishing attacks remain […]

Read More
Cybersecurity testing, penetration testing, cyber threats

No Organization Is an Island: How to Protect Against Supply Chain Attacks

To defend against supply chain attacks, organizations need to focus on all three layers of the attack surface: data, identities and infrastructure.

March 2, 2023 Dirk Schrader Leave a Comment

Every organization interacts with other organizations: suppliers, partners, customers, government agencies and more. As a result, you can suffer a breach even though your organization was not directly targeted. For example, adversaries were able to release the infamous NotPetya malware to thousands of companies worldwide by compromising the supplier of a popular accounting software solution. […]

Read More