Cybersecurity Threat Blog – Sponsored by 171Comply.com

Cybersecurity Threat Blog - Sponsored by 171Comply.com

Lazarus hacking group now hides payloads in BMP image files

Notice: The information in this report is a synopsis of the source articles.  For in depth information please refer to the source cited at the end of each article.  ...Read More
April 20, 2021

New Cybersecurity Certificate Programs

Highlight Your Resume with a Certificate! FPS Technical Data and Intellectual Property Certificate The FPS Technical Data and Intellectual Property Certificate program effectively blends detailed instruction with practical, hands-on exercises that are...Read More
April 6, 2021

New Cybersecurity Webinars

Webinars & Webinar Series Introduction to Cybersecurity 4-part On-Demand Webinar Series | $395 Catching the Next Wave of DFARs Cybersecurity Compliance On-Demand Webinar | $100 CFIUS Revamped: Major Changes Under the New...Read More
April 6, 2021

New Cybersecurity Courses

Beginner/Intermediate Courses The Framework of Cybersecurity Law May 3 | FPS Virtual Course July 26 | Hilton Head, SC The Basics of IT Acquisition and Contracting May 4 | FPS Virtual Course July...Read More
April 6, 2021

Hacked companies had backup plans. But they didn’t print them out before the attack.

Notice: The information in this report is a synopsis of the source articles.  For in depth information please refer to the source cited at the end of each article.  ...Read More
April 1, 2021

Microsoft: Firmware attacks are on the rise and you aren’t worrying about them enough

Notice: The information in this report is a synopsis of the source articles.  For in depth information please refer to the source cited at the end of each article.  ...Read More
March 31, 2021

Gaming mods, cheat engines are spreading Trojan malware and planting backdoors

Notice: The information in this report is a synopsis of the source articles.  For in depth information please refer to the source cited at the end of each article.  ...Read More
March 31, 2021

Pandemic threats: The common threads in COVID-19 scams and criminal schemes

Notice: The information in this report is a synopsis of the source articles.  For in depth information please refer to the source cited at the end of each article.  ...Read More
March 31, 2021

This phishing scam left thousands of stolen passwords exposed through Google search

Check Point Research and Otorio published a blog post describing the campaign, in which stolen information was dumped on compromised WordPress domains.   The recent phishing attack began with one of...Read More
January 21, 2021

Chinese hacking group is stealing airline passenger details

Chinese hackers are gathering passenger details from airlines across the world to track high-value targets’ movements.  The intrusions have been linked to a threat actor that the cyber-security has been...Read More
January 20, 2021

FireEye Releases New Open Source Tool in Response to SolarWinds Hack

FireEye Mandiant announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the threat group that attacked IT...Read More
January 19, 2021

FBI Warns of Employee Credential Phishing via Phone, Chat

The Federal Bureau of Investigation has issued a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or...Read More
January 18, 2021

US Government warns of cyberattacks targeting cloud services

In an advisory issued on Wednesday, CISA (Cybersecurity and Infrastructure Security Agency) revealed that hackers have been employing successful phishing campaigns, brute force login attempts, and potentially pass-the-cookie attacks to exploit weaknesses...Read More
January 14, 2021

Vulnerabilities Can Allow Hackers to Create Backdoors in Comtrol Industrial Gateways

Austria-based cybersecurity consultancy SEC Consult discovered five types of vulnerabilities in Pepperl+Fuchs Control industrial products, including cross-site request forgery (CSRF), reflected cross-site scripting (XSS), blind command injection, and denial-of-service (DoS)...Read More
January 14, 2021

TikTok Harvested MAC Addresses by Exploiting Android Loophole

The Chinese company has been accused of spying on millions of Android TikTok users using a technique banned by Google.  According to a Wall Street Journal report, TikTok used a banned tactic...Read More
January 14, 2021

Microsoft urges users to stop using call & SMS-based multi-factor authentication

Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based...Read More
January 11, 2021

United Nations Environment Program Exposed 100,000 Employee Records

Sakura Samurai security researchers identified exposed GitHub credentials on a United Nations Environment Program (UNEP) subdomain, which allowed them to access a trove of data, including more than 100,000 employee...Read More
January 11, 2021

This ‘costly and destructive’ malware is the biggest threat to your network

Emotet has secured its spot as the most prolific malware threat.  Over the Christmas and New Year period a spam campaign using Emotet targeted over 100,000 users a day.  Emotet...Read More
January 11, 2021

FBI Warns Businesses of Egregor Ransomware Attacks

The FBI warns the Egregor ransomware, offered under a Ransomware-as-a-Service (RaaS) business model, poses a great threat to businesses due to the use of double extortion.  Egregor has claimed more...Read More
January 8, 2021

Threat Alerts

Threat Alerts Jan7 2021   This new phishing attack uses an odd lure to deliver Windows trojan malware Be warned: COVID-19 vaccine scams are now appearing online, over text, and...Read More
January 7, 2021

How to lock down your Microsoft account and keep it safe from outside attackers

Setting up a Microsoft account doesn’t begin to describe its value, especially if you use that account for crucial email and cloud storage. Follow these seven steps to establish a...Read More
January 5, 2021