The Colonial Pipeline ransomware attack that took place exactly one year ago sent shockwaves across the nation that are still being felt today. A cyberattack with such massive real-world implications had never been seen before, let alone an attack on one of the largest critical infrastructure assets in the US that was initially started via an exposed virtual private network (VPN) password. READ MORE...
Between June 2016 and December 2021, the total losses reported by global financial institutions as a result of business email compromise (BEC) attacks clocked in at more than $43 billion. The Federal Bureau of Investigation and Department of Justice have issued a joint announcement underlining the damage BEC attacks have done to both small businesses and large corporations alike around the world. READ MORE...
April Patch Tuesday provided an extensive set of operating system and application updates after a few quiet months. Microsoft addressed 97 vulnerabilities in Windows 10, and 67 in Windows 11. Adobe updated Reader and Acrobat to fix 62 vulnerabilities. Many of the vulnerabilities from both vendors were rated critical which resulted in a busy deployment schedule last month. This increase in identified and remediated vulnerabilities is expected to continue as we move into summer. READ MORE...
Red Canary intelligence analysts have discovered a new Windows malware with worm capabilities that spreads using external USB drives. This malware is linked to a cluster of malicious activity dubbed Raspberry Robin and was first observed in September 2021. Red Canary's Detection Engineering team detected the worm in multiple customers' networks, some in the technology and manufacturing sectors. READ MORE...
Wormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found. Researchers at Red Canary Intelligence first began tracking the malicious activity in the fall when it began as a handful of detections with similar characteristics first observed in multiple customers' environments. READ MORE...
The first Thursday of May is apparently "World Password Day," and to celebrate Apple, Google, and Microsoft are launching a "joint effort" to kill the password. The major OS vendors want to "expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium." Instead of a long string of characters, this new scheme would have the app or website you're logging in to push a request to your phone for authentication. READ MORE...
The U.S. government is barreling ahead with plans to mitigate future threats from quantum computing with a new White House memo directing federal agencies to jumpstart an all-hands-on-deck approach to migrating to quantum-resistant technologies. The security memo, released alongside a plan to promote U.S. leadership in quantum computing, directs specific actions for agencies to take. READ MORE...