Our news
-
Royal Tiger – The First Officially Designated Robocall Threat Actor
On Monday, May 13th, the Federal Communications Commission (FCC) officially named its first robocall threat actor group,’ Royal Tiger’. This move goes along with the FCC’s new robocall bad actor classification system, Consumer Communications Information Services Threat (C-CIST). This system aims to assist law enforcement and industry partners with tracking threat actors behind robocall campaigns. Royal Tiger is comprised of members operating…
-
Guarding Against Android Cyber Threats
When thinking about security measures to fight against malicious activity, rarely do people consider cellular security on the same level as network security. Social engineering techniques used by threat actors including phishing, vishing, and smishing should not be the end of where protection for mobile devices stops at. Identity theft and other types of exploits…
-
The Community That Spawned Notorious Threat Actors
Some might wonder where threat actors get their origin, where do they learn their expertise? The ‘Community’ also referred to as ‘The Com’ or ‘The Comm’ is an online presence filled with individuals from diverse backgrounds including gamers, hackers, and recreational users. More than hundreds of individuals take part in various activities from innocent meme-sharing…
-
How Important Is a Secure Password?
Financial fraud and identity theft often occur due to unauthorized access to accounts given to hackers by weak passwords. ‘Password1234’ might have worked 10 years ago, but today, that will never pass if you want to protect your banking information, personal data, and identity. Brute-force attacks, one of the most popular forms of cyberattacks, are…
-
Ransomware Attacks in the U.S.
Since the start of the new year, companies across the country have witnessed ransomware attacks from notorious threat actors Medusa, LockBit, and ALPHV/BlackCat standing out above the others. There have been at least 50 known attacks accounted for during the past three and a half months, approximately 25% under what the United States saw this…
-
The Danger of Deepfake Scams
The rise of artificial intelligence (AI) has enhanced our lives in many ways. In the realm of cybersecurity, AI has bolstered defenses against threats. There are machine learning algorithms, enhanced anomaly detection, and automated response mechanisms for rapid response to and neutralizing threats. However, AI is also being used maliciously by threat actors. A popular…
-
The Play Ransomware Gang: Profile of a Persistent Threat
In recent years, the world has witnessed an alarming rise in cyberattacks, with ransomware being one of the most pervasive and damaging forms of malicious activity. The Play ransomware gang has emerged as a highly disruptive and notorious group among the many ransomware gangs. This article aims to provide an informative and professional profile of…
-
Medusa Ransomware: The Rise of a Double-Extortion Threat
In recent years, the cybercrime landscape has witnessed the emergence of Medusa ransomware, a variant that stands out due to its double-extortion tactics. This article aims to provide an in-depth profile of the Medusa ransomware operation, shedding light on its origins, operational methods, and the threats it poses to organizations. Additionally, we will explore measures…
-
Fortinet Partner
Security Products & Solutions Our teams deploy Fortinet’s cutting-edge technologies around the globe When you need reliable technical support, we are your choice for scalable and secure services. “Having so many standalone firewalls out in the field we have to know they are built securely and reliably. As the health care industry remains a high…
-
CISA and Partners Release Guidance for Civil Society Organizations on Mitigating Cyber Threats with Limited Resources
CISA, in partnership with the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and international partners, released Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society. The joint guidance provides civil society organizations and individuals with recommended actions and mitigations to reduce the risk of cyber intrusions. Additionally, the guide encourages…
-
Vulnerability Summary for the Week of May 6, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info academy_lms — academy_lms Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. 2024-05-06 7.1 CVE-2024-33912audit@patchstack.com brevo_for_woocommerce — sendinblue_for_woocommerce Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Brevo for WooCommerce Sendinblue for WooCommerce.This…
-
CISA and Partners Release Advisory on Black Basta Ransomware
Today, CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint Cybersecurity Advisory (CSA) #StopRansomware: Black Basta to provide cybersecurity defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) used by known Black Basta…
-
#StopRansomware: Black Basta
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to…
-
ASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies
Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), together with CISA, the Canadian Centre for Cyber Security (CCCS), the United Kingdom’s National Cyber Security Centre (NCSC-UK), and the New Zealand National Cyber Security Centre (NCSC-NZ) are releasing the following guidance: Secure by Design Choosing Secure and Verifiable Technologies. This guidance was crafted…
-
CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities
Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare…