The WhisperGate wiper attacks in Ukraine may inspire memories of NotPetya, but there are significant distinctions. Security practices that mitigate ransomware attacks offer protection against WhisperGate. Read More
Geopolitical tensions likely inspired a combination of website defacements, WhisperGate wiper malware attacks, and DDoS attacks targeting organizations in Ukraine. Read More
Numerous public proof-of-concept exploits reveal that the noPac vulnerabilities (CVE-2021-42278 and CVE-2021-42287) are trivial to exploit and lead to privilege escalation. Read More
Although Log4j vulnerability CVE-2021-44228 continues to be a serious threat, evidence suggests that the ability to remotely execute code is not as trivial as originally thought. Read More
Most organizations are likely impacted by the Log4j vulnerability. Although the situation continues to evolve, identifying and patching vulnerable systems offers the best protection against exploitation. Read More
It is a year-end tradition to make predictions about the upcoming year. Predictions based on insights from 2021 can help organizations prepare for 2022, and preparation is essential for success. Read More
While it’s important for organizations to implement a threat hunting program as soon as possible, taking time to focus efforts can enable long-term success. Read More
After two months of inactivity following law enforcement actions, GOLD SOUTHFIELD resumed operations and released a new REvil version. The publication of a universal decryptor may help victims compromised prior to the shutdown. Read More
Any organization can be compromised by ransomware and other security incidents, regardless of size. It is important to prioritize security, and outside resources can help when money and skills are limited. Read More
