Cyberattacks on Ukrainian websites come into clearer focus as Russia tensions escalate

Written by Tim Starks Jan 18, 2022 | CYBERSCOOP Cybersecurity researchers shed additional light over the weekend on the cyberattacks that disabled Ukrainian government websites, as Kyiv pointed to Russia…

All Change at the Top as New Ransomware Groups Emerge

All Change at the Top as New Ransomware Groups Emerge The Ransomware as a Service (RaaS) landscape underwent another major shift in the third quarter as new variants emerged to…

Patch Tuesday December 2021 – Microsoft Fixes 67 Flaws, Including 6 Zero-Day Vulnerabilities

December’s Patch Tuesday comes with numerous security fixes and improvements, including two actively exploited zero-day vulnerabilities. The list features spoofing, denial of service, remote code execution, elevation of privilege, and…

Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery

December’s Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities. Microsoft has addressed a zero-day vulnerability that was exploited in the wild to deliver Emotet, Trickbot…

Khonsari ransomware, Iranian group Nemesis Kitten seen exploiting Log4j vulnerability

Security researchers have found evidence that the group behind the Khonsari ransomware is exploiting the Log4j vulnerability to deliver it. Other state-sponsored groups are also looking into the vulnerability, according…

Second Log4j vulnerability discovered, patch already released

more coverage A second vulnerability involving Apache Log4j was found on Tuesday after cybersecurity experts spent days attempting to patch or mitigate CVE-2021-44228.  The description of the new vulnerability, CVE 2021-45046, says…

What the Log4Shell Bug Means for SMBs: Experts Weigh In

An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what’s vulnerable, what an attack looks like and to how to remediate. News of…

Log4j zero-day flaw: What you need to know and how to protect yourself

A flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score…

REvil/Sodinokibi Ransomware: Origin, Victims, Prevention Strategies

This post is also available in: Danish Cyberattacks have become a part of our reality, but have you ever wondered what might happen if your company gets targeted? You probably…

Cognitive Biases and Penetration Testing

by Jeremy Miller This post first appeared on November 30, 2021 and is republished with permission from the author. Disclaimer: The ideas below are my own and may not reflect…