Risk Management March 21, 2023

OneNote, Many Problems? The New Phishing Framework

4 min read - There are plenty of phish in the digital sea, and attackers are constantly looking for new bait that helps them bypass security perimeters and land in user inboxes. Their newest hook? OneNote documents. First noticed in December 2022, this phishing…

Endpoint March 20, 2023

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

7 min read - In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will…

News March 15, 2023

Good Guys Decrypt Ransomware Targeting Charitable Groups

4 min read - Imagine you’re an IT manager amid a ransomware attack. While your team scrambles for solutions, the intruders demand a ransom. Of course, you don’t want to pay; you just want your files back. But as time ticks by and the…

News March 1, 2023

50 Million Password Heist Shows Info-stealing is on the Rise

4 min read - On September 15, 2022, Uber employees logged on to see an unexpected message on the company’s Slack channel. It said, “Hi @here, I announce I am a hacker and Uber has suffered a data breach.” At first, many thought it…

News February 20, 2023

Ukraine Cyber War Drags On With Stealers, Trojans and More

4 min read - Technical and non-physical attacks have always been a part of modern warfare. During World War II, the Allies used advanced cryptanalysis to decrypt encoded messages sent by the Axis powers using the Enigma ciphering system. Led by Alan Turing, this…

Risk Management February 17, 2023

How Falling Crypto Prices Impacted Cyber Crime

4 min read - Some rare good news in the world of cyber crime trends: Certain crimes declined in 2022 after years of constant rises. Should we credit crypto? Some estimates say that cryptocurrencies have lost $2 trillion in value since November 2021. During…

Application Security February 16, 2023

Detecting the Undetected: The Risk to Your Info

5 min read - IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data…

Security Services February 16, 2023

What are the Duties of a Malware Analyst?

3 min read - Malware breaches begin in many ways. Recently, multiple fake antivirus apps in the Google Play Store were infected with malware. Earlier this year, malware deployed through satellites shut down modems in Ukraine. Destructive malware attacks have an average lifecycle of…

News February 13, 2023

Unique Iran-Based Threats Target Defense and Healthcare

4 min read - The Department of Health and Human Services’ (DHHS) Health Sector Cybersecurity Coordinating Center released a security brief in early November outlining how Tehran-backed actors have targeted the defense, healthcare and other sectors. One incident involved a campaign by a threat…

Risk Management February 10, 2023

Six Common Ways That Malware Strains Get Their Names

3 min read - You’re likely familiar with the names of common malware strains such as MOUSEISLAND, Agent Tesla and TrickBot. But do you know how new malware threats get their names? As a cybersecurity writer, I quickly add new strains to my vocabulary.…