Increasingly, cyber actors are employing LOTL attack, which blend (and obscure) their nefarious activities with legitimate tools and infrastructure already found (and regularly used) in your environment to mask their presence while greatly minimizing their chances of detection and attribution. Typically, the introduction of a third-part application generates an alert to the host from an endpoint detection and response (EXR) product. Unfortunately, LOTL enables the actor to skirt detection more easily and effectively.
On June 1, Progress Software (Progress) announced it had identified a vulnerability in its MOVEit File Transfer Tool. The vulnerability allowed cybercriminals to exploit a critical SQL injection that could lead to escalated privileges and potential unauthorized access to the environment.
Summer of 2020 was coined the "Summer of Ransomware", but are we about to have a second summer of ransomware in 2023?
Silicon Valley Bank (SVB) was shuttered early this month and had its deposits seized in the largest U.S. bank failure since the 2008 financial crisis. Although it may seem like SVB’s collapse will only impact its direct customers and depositors, it is far more complicated. Like vultures to roadkill, cyber scammers often wait to exploit and target victims after tragedy strikes, or bad news arises. A perfect storm of stress, uncertainty, and urgency for customers and vendors alike during this time can impair someone’s judgement when they click links and open emails they otherwise would ignore or delete. Fortalice has outlined a few different ways cybercriminals social engineer their victims during times of extreme distress and insecurity.
With this Fortalice Solutions' Client Advisory, we hope to provide important takeaways for organizations regarding the usage of conversational ChatGPT, and other, lesser-known AI platforms. While there are some very tangible benefits to ChatGPT, Fortalice believes strongly that there is a need for risk assessments, updated policies, and processes to protect intellectual property and company-sensitive information.
In a matter of months, public companies will have several new rules to follow with respect to cybersecurity incident reporting. The Securities and Exchange Commission (SEC) proposed rules changes focus on ensuring the availability and comparability of public company disclosures across industries.
Fortalice Solutions continues to monitor a pro-Russia hacking group, known as “KillNet,” that is targeting U.S. hospital systems and executing distributed denial of service (DDoS) attacks. Fortalice wants to offer a follow-up advisory for our clients given that KillNet has significantly modified and escalated its approach and tactics. There are proactive measures to counter possible attacks that hospital systems across the United States can adopt immediately.
“KillNet” – a pro-Russia group known for distributed denial of service (DDoS) attacks in nations opposed to Russia’s invasion of Ukraine – attacked at least 14 websites of prominent hospital systems in the United States, knocking their public-facing websites offline temporarily. Impacted organizations have noted only short-term disruptions to their websites and no impacts to the targets’ operations. DDoS attacks can be caused when an organization’s websites are flooded with incoming network traffic, thereby overwhelming the system.
LastPass, a popular password management tool, enables its customers to store all their usernames and passwords for online accounts. LastPass disclosed that, as part of its investigation into an August breach, it had uncovered evidence that threat actors had successfully accessed unencrypted portions of LastPass customers’ vaults
Two vulnerabilities for hosted Microsoft Exchange servers (CVE-2022-41040, CVE-2022-41082) have been identified as currently being exploited in organization environments. The vulnerabilities only exist within hosted (on premise) exchange servers and Microsoft reports the Microsoft Exchange Online has protections in place. Many clients have migrated their user base to Exchange Online or Microsoft Office365 but there may still be Exchange servers operating in the environment, being used for mail relays and other IT functions.