Forensic investigations of machines attacked by LockBit affiliates show that threat groups will often first try to identify “mission-critical” systems including NAS devices, backup servers, and domain controllers.

An APT group based out of Iran is actively targeting Iranian users to deliver MarkiRAT that records keystrokes and clipboard content. Two suspicious documents related to it were uploaded to VirusTotal. It appears attackers are trying to enhance their arsenal with new tools to make their attacks more successful.

Users and security experts have uncovered a scam involving the delivery of fake replacement Ledger devices to customers to steal cryptocurrency. Customers using Ledger devices are recommended to beware of any unwanted email, package, or text.

An investigation revealed that LockBit affiliates most often will buy RDP access to servers as an initial attack vector, although they may also use typical phishing and credential stuffing techniques.

“This issue was first brought to our attention by a third-party security researcher and we then confirmed the configuration problem, beginning on or about April 19, 2021,” the company said.

Inglis’ new White House office was one of several policy reforms recommended by the congressional chartered Cyberspace Solarium Commission and incorporated into the fiscal 2021 defense policy bill.

New York City’s Law Department holds some of the city’s most closely guarded secrets. But all it took for a hacker to infiltrate the 1,000-lawyer agency’s network early this month was one worker’s pilfered email password

Researchers identified a threat actor targeting multiple organizations including large universities and high schools in the U.S., along with high-tech organizations in Belgium.

Some 80% of businesses that choose to pay to regain access to their encrypted systems experience a subsequent ransomware attack, amongst which 46% believe it to be caused by the same attackers.