CISA and the FBI confirmed today that the Royal ransomware rebranded to BlackSuit and has demanded over $500 million from victims since it emerged more than two years ago. This new information was shared as an update to a joint advisory published in March 2023, which says the BlackSuit gang has been active since September…

Read More

A new self-spreading worm named ‘CMoon,’ capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website. According to Kaspersky researchers who discovered the campaign, CMoon can perform a broad range of functions, including loading additional payloads, snapping screenshots, and launching distributed…

Read More

Solution provider silver and gold benefits “remain in effect for one year after your last purchase or renewal, but they will not undergo the January 2025 update,” Microsoft said. Microsoft revealed that it plans to no longer sell its Action Pack, Learning Action Pack or legacy silver and gold benefits starting Jan. 22 – and…

Read More

Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails. Specifically, the anti-phishing measure that can be hidden is the ‘First Contact Safety Tip,’ which warns email recipients on Outlook when they receive a message from an unfamiliar address. Certitude analysts who…

Read More

A new eBook by Cynomi, “What does it take to be a full-fledged Virtual CISO?” lays out exactly how service providers can easily, rapidly, and economically expand their vCISO service offerings to cover the entire range of duties. The Chief Information Security Officer (CISO) position has risen to prominence in recent years due to the risk posed by rampant…

Read More

Apple’s macOS Sequoia, now in beta testing, will make it harder to bypass Gatekeeper warnings and add system alerts for potential stalkerware threats. Gatekeeper is a security feature that checks all apps downloaded from the Internet to see if they’re developer-signed (approved by Apple) and notarized by checking an extended attribute named com.apple.quarantine that is…

Read More

Acronis CEO Ezequiel Steiner says his company’s acquisition by European private equity behemoth EQT is going to accelerate MSP growth. Acronis CEO Ezequiel Steiner said a deal for private equity behemoth EQT to take a majority stake in the MSP cybersecurity and backup provider powerhouse is going to result in across-the-board increased investments that will…

Read More

Even small farmers are not immune to cyberattacks. Vital Bircher, a farmer in Hagendorn, Switzerland, between Zurich and Lucerne, recently experienced an attack on his computer systems, which were also connected the dairy farmer’s milking robots, the Luzerner Zeitung first reported. Ultimately, one of Bircher’s cows died as a result of the attack. Bircher initially suspected…

Read More

SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to “unpatch” fully updated Windows 10, Windows 11, and Windows Server systems and reintroduce old vulnerabilities. Microsoft issued advisories on the two unpatched zero-days (tracked as CVE-2024-38202 and CVE-2024-21302) in coordination with the Black Hat talk,…

Read More

The UK’s Information Commissioner’s Office (ICO) has announced a provisional decision to impose a fine of £6.09M ($7.74 million) on Advanced Computer Software Group Ltd (Advanced) for its failure to protect the personal information of tens of thousands when it was hit by ransomware in 2022. Advanced, an IT service and hosting provider contracted by…

Read More