Microsoft: New analysis of Exchange Server vulnerabilities and cyberattacks

Microsoft has published new detailed analysis of Exchange Server vulnerabilities, cybercriminal groups and post-compromise second stage attack malware. In addition, the tech giant offered sound mitigation guidance.

Continue ReadingMicrosoft: New analysis of Exchange Server vulnerabilities and cyberattacks

CHIRP tool scans for signs of APT compromise associated with SolarWinds and Azure/M365 cyberattacks

The DHS CISA cybersecurity team just released a new tool dubbed CHIRP, a forensics collection tool designed to help network defenders scan for indicators of compromise (IOCs) associated with the SolarWinds Orion and Active Directory/M365 compromise and cyberattacks.

Continue ReadingCHIRP tool scans for signs of APT compromise associated with SolarWinds and Azure/M365 cyberattacks

3 good examples of how to apply the Zero Trust Security Model

The National Security Agency (NSA) has released new guidelines on the Zero Trust Security Model, a coordinated system management strategy that removes implicit trust in any one system or service and assumes breaches will or have already occurred.

Continue Reading3 good examples of how to apply the Zero Trust Security Model

DHS warns businesses of risks using Chinese tech and data services

The United States Department of Homeland Security (DHS) has published a new advisory warning businesses of the risks using tech and data services linked to the People’s Republic of China (PRC).

Continue ReadingDHS warns businesses of risks using Chinese tech and data services

Cyberattacks against machine learning systems and the new Adversarial ML Threat Matrix

In the wake of an increase in cyber attacks against machine learning (ML) systems, Microsoft along with MITRE and contributions from 11 other organizations, have released the Adversarial ML Threat Matrix.

Continue ReadingCyberattacks against machine learning systems and the new Adversarial ML Threat Matrix

BeagleBoyz cybercriminals launch “FASTCash 2.0” to rob banks

North Korea's BeagleBoyz cybercriminals have launched an automated teller machine (ATM) cash-out scheme, known as FASTCash 2.0. Cyber experts from the U.S. government have detected the cyber activity over the past five years that led to nearly $2B loss to financial institutions around the world.

Continue ReadingBeagleBoyz cybercriminals launch “FASTCash 2.0” to rob banks

FTC releases new video to help keep your small business safe from fraud

The Federal Trade Commission (FTC) has released a new video to help keep your small business safe from fraud. This is another video in a series of videos from the FTC Protecting Small Businesses playlist.

Continue ReadingFTC releases new video to help keep your small business safe from fraud