Hackers used billing software zero-day to deploy ransomware

An unknown ransomware group is exploiting a critical SQL injection bug found in the BillQuick Web Suite time and billing solution to deploy ransomware on their targets’ networks in ongoing attacks. BQE Software, the company behind BillQuick, claims to have a 400,000 strong user base worldwide. The vulnerability, tracked as CVE-2021-42258, can be triggered extremely easily […]

Report: SolarWinds Hackers Targeting IT Supply Chain

A file image of Microsoft, which has outlined recent activity by Nobelium, the group behind the SolarWinds campaign The nation-state actor behind the 2020 cyberattack targeting SolarWinds customers – Nobelium – is continuing its campaign to target the global IT supply chain, according to a new advisory from Microsoft, which says 140 resellers and technology […]

NYT journalist describes his iPhone being hacked, and the precautions he now takes

  A New York Times journalist covering the Middle East has described the experience of his iPhone being hacked, and the security precautions he now takes as a result. Ben Hubbard says there were four attempts to hack his iPhone, and that two of them succeeded, with all the signs pointing to the use of […]

HowTo: Protect Your Organization’s Root Accounts

For many cloud apps, administrators are given a super admin account credential, also known as the root account, which allows wide-reaching administrative access to the account. These super admin credentials are necessary for some administrative actions and should be the organization’s most secure account credentials. However, if root accounts are left unprotected, attackers can abuse […]

MITRE ATT&CK v10 comes with new techniques, groups, software for enterprises, ICS frameworks

Not-for-profit organization MITRE announced ATT&CK v10 with updates in techniques, groups, and software for the enterprises, mobile devices, and ICS (industrial control system) frameworks. The biggest change is the addition of a new set of data source and data component objects in enterprise ATT&CK, which compliments the ATT&CK data source name changes released in ATT&CK […]

How to Protect Yourself from Phishing Attacks

This year’s cyber security awareness month provides a timely reminder of the increasingly dangerous threat landscape facing organizations and individuals. The accelerated shift to digital during COVID-19 has dramatically expanded the attack surface for cyber-criminals; therefore, the general public needs to learn, and learn fast, about the digital threats they face and how to mitigate them. […]