Justice Department to Launch Ransomware Taskforce
CISOMAG
“Recently, the FBI stated that it received nearly 800,000 cybercrime complaints in 2020, with reported losses of $4.2 billion. The agency stated that it several of these complaints were about various cybercrimes, including COVID-19-themed cyberattacks.” Read More
Codecov Supply Chain Attack May Hit Thousands: Report
Infosecurity Magazine, Phil Muncaster
“Always understand and weigh the risk involved when using any third-party service such as Codecov. While the service offered is a valuable one, it is also good to review or limit what is being sent over to these services, especially if it contains credentials or sensitive information.” Read More
The wide web of nation-state hackers attacking the US
TechTarget, Alexander Culafi
“Their intentions are intelligence collection, sabotage, disruptive and destructive attacks, and then this concept of what we call OPE, or operational preparation of the environment. Which is to say, in a future conflict, if a foreign adversary wanted to be able to turn off the lights or disrupt the water or do something like aid in an armed conflict, that they would effectively set those hooks now so that later they can leverage that activity and capability.” Read More
Lazarus Group Uses New Tactic to Evade Detection
DarkReading
“One of its newest methods involves embedding a malicious HTML Application (HTA) file within a compressed zlib file, within a PNG file. Because the malicious object is compressed within the PNG image, it bypasses static detection.” Read More
Pandemic Drives Greater Need for Endpoint Security
DarkReading
“Not only are the controls that you put in place [in the office] no longer protecting their systems — because the folks are remote — but now you may not be getting any type of intelligence or visibility into potential misuse. If you are not running an EDR and are not able to respond to incidents remotely, then, well, good luck.” Read More