T-Mobile Customers Targeted By New SMiShing Campaign

It has been reported that a new SMiShing campaign is targeting T-Mobile customers. This type of message is like SMiShing campaigns recently targeting Verizon Wireless customers, which thank recipients for paying their bills and include a link to accept a free gift. However, the message is delivered via group text to multiple recipients at random, and has been sent to the targets numerous times over the course of three days. Since the messages were sent via group text, customers could not block them. It is likely that customers were targeted, in part, due to breaches in the past that affected [...]

T-Mobile Customers Targeted By New SMiShing Campaign2022-04-18T01:08:52-06:00

Cyber Threats Preying on Russia-Ukraine War: Update

Most frequently, cyber threat actors aim to capitalize on high-conflict environments by deploying tailored scams and social engineering schemes.Several malware and phishing campaigns have been recently observed, having the intent to acquire funds, obtain personal or financial information, and spread malicious software. One instance found a malicious campaign from a .SHOP top-level domain which requested support for the people of Ukraine via cryptocurrency donations—it appears similar to the reported authentic requests for cryptocurrency donations from Ukrainian officials on their respective social media pages. The email, however, contains grammatical errors and does not include other indicators of legitimacy. Further, cyber threat actors [...]

Cyber Threats Preying on Russia-Ukraine War: Update2022-03-09T12:40:53-07:00

Russia & Ukraine Cyber Threat Assessment

As the crisis in Ukraine continues to escalate, it is likely that Russia’s aggressive cyber activity will increase and spread beyond their initial Ukrainian government, military, energy, and financial targets. Russia, and those aligned with its efforts, will continue to conduct disruptive and destructive cyberattacks, cyber espionage, and information operations against Ukraine and any governments or groups supporting Ukraine or opposed to Russia’s invasion of Ukraine. Information OperationsIn the buildup to the invasion of Ukraine, Russia launched misinformation, disinformation, and malinformation (MDM) campaigns in an attempt to establish numerous pretexts for its invasion. Recently, the Russian Security Council voted to recognize [...]

Russia & Ukraine Cyber Threat Assessment2022-02-26T03:17:37-07:00

BlackByte Ransomware: February 2022 Technical Briefing

Ransomware is a type of malicious software, or malware, that prevents a user from accessing computer files, systems, or networks until a ransom is paid for their return. Ransomware incidents can cause costly disruptions to operations and lead to the loss of critical information and data. BlackByte ransomware operates as a service wherein the extortion profit is shared between the Ransomware as a Service (RaaS) owners and their affiliates. The affiliates are the entities that actually execute the computer intrusion and deploy the ransomware. Each affiliate uses its own intrusion method and negotiates the terms of the ransom demands with [...]

BlackByte Ransomware: February 2022 Technical Briefing2022-02-15T13:11:23-07:00

January 2022 Update: Vulnerability in Apache Log4j

RiskLarge and medium business entities  HighSmall business entities  HighHome users  HighIn review, a serious vulnerability in the Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe risk to millions of consumer products to enterprise software and web applications. This vulnerability is being widely exploited by a growing set of attackers.When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss, and other irreversible harms. It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm. To update your Log4j software package?to?the most current [...]

January 2022 Update: Vulnerability in Apache Log4j2022-02-15T17:21:12-07:00

Vulnerability in Apache Log4j: Executive Briefing

RiskLarge and medium business entities  HighSmall business entities  HighHome users  HighA vulnerability has been discovered in Apache Log4j, a very ubiquitous logging package for Java. Successful exploitation of this vulnerability could allow for arbitrary code execution within the context of the systems and services that use the Java logging library, including many services and applications written in Java. Depending on the privileges associated with these systems and services, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If these systems and services have been configured to have fewer user rights, [...]

Vulnerability in Apache Log4j: Executive Briefing2021-12-11T17:45:33-07:00

Dodge The Ever-Looming Gift Card Scams

"Any time someone asks you to solve a problem using gift cards, it’s a scam."The warning could not be blunter. Such is the advice given by consumer fraud experts as we stride through the holiday season — an especially popular time for scammers who love trapping people into buying gift cards as step one of their own nefarious schemes. And once they’ve wormed the PIN number on the back of those cards from their victims, as the Federal Trade Commission notes, "they can get quick cash while staying anonymous."How much cash?More than $429 million since 2018, according to the latest [...]

Dodge The Ever-Looming Gift Card Scams2022-02-07T03:20:18-07:00

Secure Boot: Executive Briefing

Secure Boot is a boot integrity feature that is part of the Unified Extensible Firmware Interface (UEFI) industry standard; most modern computer systems are delivered with a standard Secure Boot policy installed.UEFI is a replacement for the legacy Basic Input Output System (BIOS) boot mechanism. UEFI provides an environment common to different computing architectures and platforms. UEFI also provides more configuration options, improved performance, enhanced interfaces, security measures to fight persistent firmware threats, and support for a wider variety of devices and form factors.Cybercriminals target firmware to persist on an endpoint. Firmware is stored and executes from memory that is [...]

Secure Boot: Executive Briefing2021-10-07T10:41:14-06:00

Understanding the Security Impact of Juice Jacking

Executive BriefJuice jacking is a common term that refers to compromising your mobile device through public charging stations, like those found in airports, hotels and coffee shops. Hackers can install special USB devices that contain malware in public charging stations.How does it work?When a phone is plugged in to charge, a piece of malware is automatically downloaded and installed onto the phone. The malware then provides hackers the ability to access your mobile device remotely and capture your activities, including email, online company files, banking credentials and much more.Guarding Against Juice JackingThe following are recommended safeguards to protect you from [...]

Understanding the Security Impact of Juice Jacking2021-08-18T10:54:38-06:00

July 2021 PrintNightmare Briefing

Executive BriefPrintNightmare is the name given to a critical remote code execution vulnerability in the Windows Print spooler service. Attackers can take advantage of this vulnerability to gain control of affected systems, causing widespread harm to internal and external parties.Technical DetailsThe RpcAddPrinterDriverEx() function is used to install a printer driver on a system. One of the parameters to this function is the DRIVER_CONTAINER object, which contains information about which driver is to be used by the added printer. The other argument, dwFileCopyFlags, specifies how replacement printer driver files are to be copied. An attacker can take advantage of the fact [...]

July 2021 PrintNightmare Briefing2021-07-08T15:01:28-06:00
Go to Top