Security News > 2023 > May

Phishers are using encrypted restricted-permission messages attached in phishing emails to steal Microsoft 365 account credentials. "The initial emails are sent from compromised Microsoft 365 accounts and appear to be targeted towards recipient addresses where the sender might be familiar."

A newly identified ransomware operation has refashioned leaked LockBit and Babuk payloads into Buhti ransomware, to launch attacks on both Windows and Linux systems. One notable aspect of the attackers leveraging the Buhti ransomware is their ability to quickly exploit newly disclosed vulnerabilities.

Perception Point's team has identified a 356% increase in the number of advanced phishing attacks attempted by threat actors in 2022. Overall, the total number of attacks increased by 87%, highlighting the growing threat that cyber attacks now pose to organizations.

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway appliances. "The vulnerability stems from incomplete input validation of a user-supplied.tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product."

In this Help Net Security video, Tracy Reinhold, Chief Security Officer at Everbridge, talks about ISO 31030, the officially recognized International Standard for travel risk management, guiding how to manage risks to organizations and travelers. The global pandemic has been the primary concern for travel professionals over the past three years.

Cybercriminals are increasingly posing as multi-factor authentication vendors and small businesses are becoming more popular targets, according to VIPRE. Attachment-based malspam is on the rise. The report also concluded that attachment-based malspam is on the rise, by a significant 22% when compared to malspam with links.

The report offers a look back - and forward - at some of the most significant vulnerability patterns of the past year to help security and business leaders focus discovery, management, and remediation efforts on the riskiest vulnerabilities most likely to exist on their attack surface. The report analyzed over 300,000 anonymized findings from thousands of pentest engagements, spanning more than 240,000 hours of testing, to identify the most prevalent vulnerabilities across various industries - which include healthcare, retail, finance, and manufacturing.

BlackByte ransomware crew has claimed Augusta, Georgia, as its latest victim, following what the US city's mayor has, so far, only called a cyber "Incident." In a Wednesday statement about the "Network outage" posted on the city's website, Augusta Mayor Garnett Johnson said the "Technical difficulties" - which disrupted some of the city's computer systems - started on Sunday, May 21.

Sri Lanka's Ministry of Technology has confirmed it will have a cyber security authority - at some point. According to local media, state minister Kanaka Herath told the Cyber Security Conference in Colombo that efforts to create a cyber security authority in 2023 are under way.

Every business these days should be concerned with cybersecurity, yet few companies have the resources required to invest in a full cybersecurity team. You can learn the skills you need to become your company's cybersecurity expert with the 2023 Complete Cyber Security Ethical Hacking Certification Bundle while it's on sale for just $39.99.