The technically complex landing marks the fifth successful U.S. bid to reach the Martian surface
News of the SolarWinds data breach, where its software management updates were hacked, rocked the cyber world. And now comes news from France’s National Information Systems Security Agency (ANSSI) that a French software monitoring company has been under a supply chain attack, undetected for several years. ANSSI says the attack targeted Centreon and it’s been going on for years… Read more
Indicators of Compromise in multiple formats (English)
Detailed Centreon Sandworm attack counter measures (French)
Sudhakar Ramakrishna, our new president and CEO, details additional steps SolarWinds® is taking to enhance our security posture and policies.
SolarWinds uses a digital code-signing certificate to sign each software build digitally and help end users authenticate the code comes from us. As part of our response to the SUNBURST cyberattack, the code-signing certificate used by SolarWinds to sign the affected software versions will be revoked on March 8, 2021. To ensure your SolarWinds product(s) performance, you must upgrade to these new builds before March 8. LEARN MORE
We’ve partnered with multiple industry-leading cybersecurity experts to strengthen our systems, further enhance our product development processes, and adapt the ways we deliver powerful, affordable, and secure solutions to our customers.
We’re providing an update on the investigation thus far and an important development we believe brings us closer to understanding how this serious attack was carried out. READ NOW
This article discusses the attacks being made on the First Amendment of the US Constitution by a small cabal of tech companies. Section 230 exempted these companies from prosecution for the views of their customers, as long as they could demonstrate that they were a common carrier providing equal access to all, and they weren’t engaging in moderating or editorializing this user created content. This is not the case any longer, as the viewpoints of the conservative right are being suppressed by these companies. An important article for our times.
2020 was a year of polar opposites in the business world. Some businesses went bust while others boomed and set new records. One profitable line of work during the pandemic? Selling illicit goods and services on the Dark Web. These darknet markets hauled in a record amount of revenue last year, with customers around the globe spending $1.7 billion in cryptocurrency. Chainalysis tracks this kind of… Read more
Google recently launched its Open Source Vulnerabilities (OSV) database, as a “first step towards improving vulnerability triage for developers and consumers of open source software.” The purpose of OSV is to provide precise data on where a vulnerability was introduced and where it was fixed. This will help consumers of open source software determine if they were impacted and make the appropriate… Read more
The NIST Cybersecurity Framework (CSF) helps thousands of organizations around the world to better understand and improve their security posture. The NIST Privacy Framework (PF) is now more than a year old. And the NIST Risk Management Framework (RMF) provides details for creating cyber policies through a risk-based approach. Now, we are learning that more help from NIST is on the way… Read more
The ability to leverage current events is a dream scenario for modern-day cybercriminals. These criminals use events, such as the COVID-19 pandemic, to fuel their malicious intent.
With the global pandemic comes the desire to stay updated with the most current information. However, it can be difficult for internet users to navigate this information and separate fact from fiction. It is also difficult to ensure that links and resources are reliable. The reality is that malicious activity comes through just about every communication channel: email, social media, text and phone messages, and of course, misleading and malicious websites. continue reading →
Practical tips on how to avoid getting scammed in the first place, as well as what to do if it does happen. Click on title link for full article.
Types of Online Fraud
- Get rich quick scams
- Job scams
- Fake e-commerce sites and “free” offers
- Fake cybersecurity warnings
- Romance and dating fraud
Getting Your Money Back
- Debit card
- Credit card
- Bank Transfer
- Wire transfer, cash, or crypto-currency
Maintaining Your Security
- Change your password
- Apply patches and updates
- Use a password manager
- Use two-factor authentication
- Report scams on IC3.gov
Below are scam reporting links for various English-speaking countries:
- AU: Scamwatch (Australian Competition and Consumer Commission)
- CA: Canadian Anti-Fraud Centre
- NZ: Consumer Protection (Ministry of Business, Innovation and Employment)
- UK: ActionFraud (National Fraud and Cyber Crime Reporting Centre)
- US: ReportFraud.ftc.gov (Federal Trade Commission)
- ZA: Financial Intelligence Centre
MAR-10322463-3.v1 – AppleJeus: Union Crypto
This Malware Analysis Report (MAR) is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic People’s Republic of Korea (DPRK), and provide mitigation recommendations. Working with U.S. government partners, FBI, CISA, and Treasury assess that Lazarus Group—which these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actors—is targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates theft of cryptocurrency.