When ransomware hits the news cycle, and even the non-cyber security folk have questions, you know it’s gone big. This time it’s REvil again, and we can’t seem to escape it. The entire security community has been on fire over the last few days looking at what’s going on with REvil, along with any journalist […]
In the first quarter of 2021, several high-severity vulnerabilities were used as a conduit to solicit several malicious campaigns. This included malware and ransomware operators, nation-state actors targeting software suppliers for supply chain attacks, and continued targeting of virtual private network (VPN) devices. The first quarter of 2021, as observed in our vulnerability roundup, has […]
Consistency is the first word that springs to mind when assessing ransomware activity throughout the Q1 of 2021. There have been consistent double extortion ransomware activity levels, with key players in the threat landscape continuing where they left off in 2020, regularly adding data stolen from victims to their data leak websites. Consistent pressure from […]
For those looking to monitor risks from third parties, it’s been a stressful few months. Back in December, FireEye released research on the role of UNC2452 in the SolarWinds compromise. The most recent assessment estimated the SolarWinds breach impacted more than 100 organizations. More recently, on March 2nd, Microsoft released an advisory to discuss the […]
The Cybersecurity and Infrastructure Security Agency (CISA) recently released an Emergency Directive reporting on a long-running supply-chain attack actively exploiting product updates by the IT management company SolarWinds. Attackers were able to monitor SolarWinds’ network traffic and maintain persistence on affected systems and environments by leveraging trojanized versions of product updates. The campaign likely began […]
It’s been a tough few months for the healthcare industry (and for all of us in general). While we’ve reported on recent Q3 ransomware campaigns targeting the healthcare industry, a new campaign targeting COVID-19 vaccine supply chain partners has emerged. Last week, IBM X-Force reported on a campaign targeting the healthcare industry seeking to capitalize […]