National Cyber Warfare Foundation (NCWF) Blue Team (CND) cybersecurity industry news, cyber warfare, collaboration, chat, forums, threat intellignce, known hacking entities, CVEs, ncwf en-us New Ryuk ransomware implements self-spreading capabilities Ransomware hackers turn to virtual machine software to boost extortion schemes Microsoft makes CodeQL queries public so security pros can better understand SolarWinds attack At House SolarWinds hearing, bipartisan lawmakers announce breach disclosure bill Cracking Password Protected Payloads NSA Releases Guidance on Zero-Trust Architecture Metro school district working on cybersecurity after reports of hacking - WSB Atlanta Threat Roundup for February 19 to February 26 From Google Cloud Blog: New Cloud Security Podcast by Google is here Infrastructure Hygiene: Fixing Vulnerabilities USA Third Most Affected by Stalkerware Yeezy Fans Face Sneaker-Bot Armies for Boost ‘Sun’ Release Silver Sparrow A New Dawn of MacOS Malware Microsoft releases open-source CodeQL queries to assess Solorigate compromise Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid Dangerous RCE in VMware: Patch, or the Puppy Gets It Faster, Better, Safer With Little Help of Web Application Security Testing Tools Winners of Inaugural SBRC Cyber Community Awards Announced Majority of malware now delivered via cloud apps Don t let IVR fraudsters exploit COVID Pandemic Cyber Crime, By the Numbers Managed Security Service Provider (MSSP) News: 26 February 2021 Survey Says: CISSP and CCSP Among the Most In Demand IT Certifications of 2021 The Ransomware Group Tactics which Maximise their Profitability The Dilemma: Best-of-Breed Stand-Alone or a Bundled Suite of tools? Australia Considers Online Safety Bill 2021 | Avast Chinese Hackers Target Tibetans with Malicious Firefox Extension IT Salary Survey 2021: The results are in New US CISO appointments, February 2021 Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack Understand Your Staff: How Insiders Shape Defenses ENISA Releases Guidelines for Cloud Security for Healthcare Services Malwarebytes unveils a new APT group: LazyScripter 18 thoughts on Hacking A Non-Dimmable LED Fixture - Hackaday China-linked TA413 group target Tibetan organizations SQL Triggers in Website Backdoors Old foe or new enemy? Here s how researchers handle APT attribution How $100M in Jobless Claims Went to Inmates Inside Strata's Plans to Solve the Cloud Identity Puzzle Building Trust: 4 Tips for MSSPs BSides Calgary 2020 – Amiran Alavidze’s ‘Securing Kubernetes Clusters In The Cloud’ BSides Calgary 2020 – Bhupinder Kaur’s ‘Ransomware Analysis By Using Machine Learning Classifiers And Flare Vm’ Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS Palo Alto Networks Partner Program Touts SASE, Cloud, XDR, SOAR Research: Cloud Ransomware Hit Nearly 40% of Healthcare Organizations in 2020 SentinelOne Launches Singularity XDR Marketplace Ransomware, Phishing Will Remain Primary Risks in 2021 David Walliams, Martin Clunes and Caroline Quentin among stars to settle phone-hacking claims - Sky News AWS: SolarWinds Hackers Used Our Elastic Compute Cloud - CRN New Lacework CEO Takes the Helm Attackers collaborate to exploit CVE-2021-21972 and CVE-2021-21973 Google discloses technical details of Windows CVE-2021-24093 RCE flaw 16 thoughts on Hacking A Non-Dimmable LED Fixture - Hackaday TietoEVRY hit by ransomware group Managed Security Services Provider (MSSP) News: 25 February 2021 How Digital Transformation Impacts IT And Cyber Risk Programs Detecting and Responding to SolarWinds Infrastructure Attack with Cisco Secure Analytics Jaguar Racing partners with Micro focus to enhance digital security, business resiliency and cyber posture Assured Data Protection Partners with Confluera to Launch Managed XDR Service Vietnamese hackers spent years harassing human rights activists with spyware The Business of Fraud: An Overview of How Cybercrime Gets Monetized How to Avoid Falling Victim to a SolarWinds-Style Attack SolarWinds Revenue, Earnings After Security Breach Setting Up an Effective Vulnerability Management Policy SolarWinds Revenue, Earnings After the Security Breach: Status Updates Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw BlackBerry Research: MSSPs Targeted by Hacker-for-Hire Groups - Channel Futures BlackBerry 2021 Threat Report: Are Hackers Increasingly Targeting MSSPs? - MSSP Alert Hackers Seized on the Pandemic. Some States Are Fighting Back. - The Pew Charitable Trusts These four new hacking groups are targeting critical infrastructure, warns security company - ZDNet Why you should consider adopting one week sprints IT Salary Survey 2021: Security and cloud computing certifications on the up Google s Password Checkup tool rolling out to Android devices Why Your Local Workstation Can t Mimic the Cloud One Ransomware Victim Every 10 Seconds in 2020 XDR is coming: 5 steps CISOs should take today XDR: Next-Level Prevention and Detection Hacking for Dollars: North Korean Cybercrime 6 thoughts on Hacking A Non-Dimmable LED Fixture - Hackaday Biden signs executive order demanding supply chain security review 78% of top security leaders say their organizations are unprepared for a cyberattack 78 percent of top security leaders say their organizations are unprepared for a cyberattack IBM Security Report: Ransomware Top Cyber Threat in 2020 DHS to Lead Biden s Cybersecurity Agenda Across Gov t Agencies Cybersecurity Threats on the Rise Ukraine: nation-state hackers hit government document management system Hacking A Non-Dimmable LED Fixture - Hackaday Reality or just entertaining TV? Cyber experts dig into the Good Doctor’s ransomware episode Managed Security Services Provider (MSSP) News: 24 February 2021 GitHub Hires Former Cisco Executive Mike Hanley as Chief Security Officer February 21 Newsletter Vulnerability Spotlight: Out-of-bounds read vulnerability in Slic3r could lead to information disclosure CrowdStrike Slams Microsoft Over SolarWinds Hack Distribute Application Workloads Across Multiple Clouds & Data Centers Hackers Abuse Powerhouse VPN Products for DDoS Attacks The Week in Breach News: 02 17 21 02 23 21 VMWare Patches Critical RCE Flaw in vCenter Server Infosecurity Europe 2021 Postponed with New Event Dates TBA Universities Face Double Threat of Ransomware, Data Breaches Google funds two Linux Foundation security roles CISA and AVANGRID conduct virtual exercise to improve emergency response and recovery plans How to combat the latest security threats in 2021 Stalkerware And Children | Avast Cybereason Executives Reinforce MSSP, MSP Security Partner Focus Cyber resilience: Protecting the vaccine supply chain What s Different About Data Security in the Cloud? Almost Everything. 5 minutes with Mike Hamilton The biggest threats to the critical infrastructure Botnet Uses Blockchain to Obfuscate Backup Command & Control Information Balancing Safety and Security During a Year of Remote Working Veeam Releases New V11 with 200+ Enhancements, Eliminating Ransomware and Data Loss while Providing a Single Platform for Modern Data Protection APT32 state hackers target human rights defenders with spyware <a href=" ncas analysis-reports ar21-055a" hreflang="en">MAR-10325064-1.v1 - Accellion FTA< a> Sysdig Donates eBPF to CNCF to Improve Linux Security 119,000 Threats Per Minute Detected in 2020 Legal Firm Leaks 15,000 Cases Via the Cloud Companies are using AI to hit business goals, even though they can't explain how it works IT Salary Survey 2021: Over half of IT pros are satisfied at work but nearly half are job hunting New hacker group targets airlines, refugees with well worn tools Ransomware Attacks Double Against Global Universities Microsoft 365 Advanced Audit: What you need to know Russian Hacking Group Deploys IronPython Malware Loader - Aircraft-Maker Bombardier Breached by Accellion FTA Hackers The Hidden Costs and Challenges of Log Data Storage Using a SIEM Critical RCE Flaws Affect VMware ESXi and vSphere Client Patch Now In partnership with MITRE Engenuity s Center for Threat-Informed Defense, AttackIQ launches new automated adversary emulation plan for menuPass FireEye and Microsoft execs, senators dissect mandatory breach disclosure in wake of SolarWinds <a href=" ncas analysis-reports ar21-027a" hreflang="en">MAR-10319053-1.v1 - Supernova< a> <a href=" ncas analysis-reports ar21-048a" hreflang="en">MAR-10322463-1.v1 - AppleJeus: Celas Trade Pro< a> <a href=" ncas analysis-reports ar21-048e" hreflang="en">MAR-10322463-5.v1 - AppleJeus: CoinGoTrade < a> <a href=" ncas analysis-reports ar21-048g" hreflang="en">MAR-10322463-7.v1 - AppleJeus: Ants2Whale< a> <a href=" ncas analysis-reports ar21-039b" hreflang="en">MAR-10320115-1.v1 - TEARDROP< a> <a href=" ncas analysis-reports ar21-048f" hreflang="en">MAR-10322463-6.v1 - AppleJeus: Dorusio< a> <a href=" ncas analysis-reports ar21-048b" hreflang="en">MAR-10322463-2.v1 - AppleJeus: JMT Trading < a> <a href=" ncas analysis-reports ar21-048c" hreflang="en">MAR-10322463-3.v1 - AppleJeus: Union Crypto < a> <a href=" ncas analysis-reports ar21-048d" hreflang="en">MAR-10322463-4.v1 - AppleJeus: Kupay Wallet < a> <a href=" ncas analysis-reports ar21-039a" hreflang="en">MAR-10318845-1.v1 - SUNBURST< a> MSSP Must Pay NY Sales Tax on Security Services Provided, Judge Rules Hackers hit 10,000 mailboxes in phishing attacks on FedEx and DHL Express Kaseya Supercharges IT Complete Security Suite with the Acquisition of RocketCyber Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel Ransomware attack or not, Kia’s resilience is under the microscope VMware addresses a critical RCE issue in vCenter Server Protecting CUI and the DoD Supply Chain Twitter scrubs accounts tied to Russian, Iranian influence operations Simplify Onboarding and Secure Group Management in AWS SSO SonicWall Releases Second Set of February Firmware Patches Daycare Webcam Service Exposes 12,000 User Accounts IBM Squashes Critical Remote Code-Execution Flaw 119k Threats Per Minute Detected in 2020 Running Headfirst Into a Breach Message Authentication Code (MAC) Using Java Google's Password Checkup feature coming to Android Deleted Keybase chat images retrievable on Windows, macOS, Linux Deleted Keybase chat images were retrievable on Windows, macOS, Linux Google's Password Checkup feature coming to Android 12 IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS Announcing Security Intelligence for Splunk For Free Clubhouse suffers data breach Checkout Skimmers Powered by Chip Cards Online Ethical Hacking Training: How to Go from Beginner to Advanced - EC-Council Blog Managed Security Services Provider (MSSP) News: 23 February 2021 How to Audit and Test for Sudo s CVE-2021-3156 with LogRhythm 84% of CNI Orgs Experienced Cyber-Attacks in the Last Year CVSS as a Framework, Not a Score Cisco points to new tier of APT actors that behave more like cybercriminals Proofpoint Acquires MSSP InteliSecure, Enhances DLP Solution MSSP Mergers And Acquisitions List: 56 Managed Security Buyouts to Note CyberheistNews Vol 11 #08 [Eye Opener] Major Video Game Maker Refuses to Negotiate With Ransomware Cyber Criminals How Does Triton Attack Triconex Industrial Safety Systems? Global Achievement Awards - What's new in 2021? Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures BrandPost: A New Model for Defeating Cyberattacks and Reducing Costs More NHS-Themed COVID-19 Vaccine Phishing How to build a robotics startup: the product idea Think Tank Warns of Silent Stealing Fraud Clubhouse chatroom app closes down site rebroadcasting content The Market is Calling for Simple 360 Cybersecurity for Consumers Report: The Trouble With Cloud Security FireEye: Accellion FTA Attacks Could be FIN11 IT Salary Survey 2021: Hiring rate expected to increase but priorities will shift NurseryCam suffers data breach after security concerns raised Most Firms Now Fear Nation State Attack FIN11 cybercrime group is behind recent wave of attacks on FTA servers New Partnership Launched to Improve Cyber-Resilience in Scotland - 645,786 breached accounts NurseryCam - 10,585 breached accounts Making the Right Cloud Security Investments Q4 2020 Doxxing Victim Trends: Industrial Sector Emerges as Primary Ransom Non-Payor Reddit appoints Allison Miller as CISO and VP of Trust Is your company losing data amid remote work? People's Energy - 358,822 breached accounts Zero Trust Framework: A Guide to Implementation Despite COVID-19 pandemic, Imperva reports number of vulnerabilities decreased in 2020 Security Catalyst Office Hours Recap for February 19, 2021 Rashomon Effect and Product Management Interactive hacks went up 400% in the past two years SolarWinds Cyberattack Cleanup Costs: SWI Earnings, Senate & House Hearings May Provide Clues Why non-human workers can increase security issues in your business Ukraine sites suffered massive attacks launched from Russian networks Joy Of Tech ’s ‘Siri’ Host of challenges await next Pentagon CIO Pentagon acting CIO pushes on with cybersecurity, software development ‘Think about problems in a different way’: Inside the Bank of America CISO’s neurodiversity push Silver Sparrow malware on 30,000 Macs leaves security pros confused Discussing Cybersecurity Outcomes (Not Features) with CIOs BrandPost: Proactive Security Requires Leveraging AI and Automation Nuspire Threat Report: Exploit Attacks Up 116% in 2020 GPS Vulnerabilities DHS Announces Steps to Advance President s Commitment to Elevate Cybersecurity Evolving Risks, Insecure Defaults, Watering Hole Threats: New Research from Accurics Uncovers Developing Sources of Cloud Risk The .NET patch failure that wasn t Cybersecurity pros: Automation and app security are top priorities in 2021 Deepfakes as a Service Vulnerability Summary for the Week of February 15, 2021 Apple's iOS 14.5 adds new security against nasty hackers - iMore Chinese hackers stole another NSA-linked hacking tool, research finds Infrastructure Hygiene: Why It s Critical for Protection Security researchers discover VMware bug that could allow remote command execution 5 minutes with Jeremy Prout - How to protect the workforce against security risks in 2021 Detectify security updates for February 22 VMware Carbon Black Named to the 2021 CRN Security 100 List Managed Security Services Provider (MSSP) News: 22 February 2021 NSA Equation Group tool was used by Chinese hackers years before it was leaked online Q&A with Petra Kotuliakova | Avast New report reveals evolving risks and insecure defaults in the cloud New cloud security analysis finds default configurations and identity management are the biggest concerns Exclusive: Flaws in Zoom s Keybase App Kept Chat Images From Being Deleted Kaspersky Appoints Christopher Hurst GM of UK and Ireland Google Apps, G Suite, Workspace? Simplified Security for a Successful Digital Transformation BBC Reports Theft of 105 Electrical Devices US Retailer Kroger Admits Accellion Breach A New Book to Learn About Application Security CIS Offers Free DNS Security Tool for US Hospitals Framing ZTNA and Security Parameters: Risks, Tenets and Best Practices CipherCloud Chronicles 9: Docs Journey-Reassuring Data Classification with CipherCloud How to Secure Your Cloud Investment Georgetown rebuilds network after hacking - Sumter Item Robert Herjavec Interview: CEO Explains Herjavec Group-Apax Partners Deal Experts warn of threat actors abusing Google Alerts to deliver unwanted programs 7 Things Most Filmmakers Always Get Wrong About Hacking & Computers That Drive Tech Geeks Crazy - Hacker Boat, custom mahogany boat maker, is moving production and headquarters to Queensbury - Albany Business Review - Albany Business Review A Trippy Visualization Charts the Internet's Growth Security Affairs newsletter Round 302 How cybercriminals use sales best practices in ransomware attacks Threat Source newsletter (Feb. 11, 2021) Microsoft Patch Tuesday for Feb. 2021 Snort rules and prominent vulnerabilities Vulnerability Spotlight: Two vulnerabilities in Advantech WebAccess SCADA Talos Takes Ep. #41: The tl;dr of Snort 3 Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows