In the last year, the cyber threat landscape continued to become more dangerous and complex. The malign actors of the world are becoming better resourced and better prepared, with increasingly sophisticated tactics, techniques, and tools that challenge even the world’s best cybersecurity defenders.
Even Microsoft has been the victim of well-orchestrated attacks by determined and well-resourced adversaries, and their customers face more than 600 million cybercriminal and nation-state attacks every day, ranging from ransomware to phishing to identity attacks.
Read more…
Source: Microsoft
Related:
- Keeping PowerShell: Security Measures to Use and Embrace
June 22, 2022
Cybersecurity authorities from the United States, New Zealand, and the United Kingdom recommend proper configuration and monitoring of PowerShell, as opposed to removing or disabling PowerShell entirely. This will provide benefits from the security capabilities PowerShell can enable while reducing the likelihood of malicious actors using it undetected after gaining access into victim networks. The ...
- Critical PHP flaw exposes QNAP NAS devices to RCE attacks
June 22, 2022
QNAP has warned customers today that most of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution. “A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11. If exploited, the vulnerability allows attackers to ...
- Yodel blames cyber incident for disruption and parcel-tracking problems
June 22, 2022
Delivery company Yodel is experiencing service delays because of what it describes as a “cyber incident” affecting customer services and parcel tracking. “Yodel has experienced a cyber incident that has caused some disruption. We are servicing customers but tracking is currently impacted,” a Yodel spokesperson told ZDNet. “As soon as we detected the incident, we launched an ...
- An unknown APT actor attacking high-profile entities in Europe and Asia
June 21, 2022
ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly ...
- Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware
June 21, 2022
The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. The APT28 hacking group is believed to be sending emails containing a malicious document name “Nuclear Terrorism A Very Real Threat.rtf.”. The threat ...
- Magecart attacks are still around. And they are becoming more stealthy
June 21, 2022
Magecart attacks are decreasing in number but are becoming more stealthy, with researchers highlighting potential server-side blindspots in tracking them. It’s not too often you hear about Magecart attacks. In the past few years, cybersecurity incidents that hit the headlines tended to involve attacks on core utilities and critical services, state-sponsored campaigns, ransomware, massive data breaches, ...