Iron Range Cyber

05/31/2022

The number of and extortion groups grew by 63.2% in the first quarter of 2022 over the same period the previous year, an increase that inevitably led to more organizations falling prey to activity

This report delves into the ransomware threat landscape of the first quarter of 2022, with a focus on the three most successful ransomware families and the types of industries and organizations that were affected by their attacks.

05/30/2022

More than half of energy professionals believe cyberattacks on the industry in the near future will result in a loss of life and many companies are not doing enough to protect themselves, according to a recent report.

05/27/2022

The advisory, which is titled “Weak Security Controls and Practices Routinely Exploited for Initial Access”, explains that regularly exploit the poor configuration of systems – whether it be because they’re misconfigured or simply left unsecured in the first place.

According to a recent report, just a small number of techniques are commonly used by malicious hackers to compromise systems.

05/27/2022

The number one disadvantage of is that they are fairly easy to steal. In the early days of the internet, when almost all communications between computers were unencrypted, passwords were transmitted in plain text.

Apple, Google and Microsoft have announced support for a FIDO standard that seeks to replace passwords with passkeys.

05/26/2022

Locks that use Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on , but the exploit is generalizable.

Bluetooth Flaw Allows Remote Unlocking of Digital Locks Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable. In a video shared with Reuters, NCC Group researcher Sultan Qasim Khan was able to op...

05/26/2022

Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act. The policy for the first time directs that good-faith research should not be charged.

The Department of Justice today announced the revision of its policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA).

05/25/2022

The latest case in point is a malicious package for distributing Cobalt Strike on , , and systems, which was uploaded to the widely used Python Package Index (PyPI) registry for application developers.

The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.

05/25/2022

Compromised credentials and identities, third-party breaches, attacks, and application exploits are all foundational entry points for today’s .

Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.

05/24/2022

While most malicious email campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old bug to propagate the .

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

05/24/2022

Chinese hackers have been caught spying on Russian defense institutes.

A minimum of two research institutes in Russia and third likely in Belarus have suffered an espionage attack carried out by a Chinese nation-state advanced pers

05/19/2022

When critical infrastructure is essential for continued operations, decision-makers rely on for solutions. IT directors and small businesses need to understand the importance of cybersecurity for their organizations.

Information and network security provide needed defenses against cyberattacks and other malicious activities for businesses operating in the digital space. Reliance on digital assets requires constant surveillance and maintenance of systems and hardware. IT directors and small business owners who de...

05/19/2022

These features—which have access to the iPhone’s Secure Element (SE), which stores sensitive info–stay on even when modern iPhones are powered down, a team of researchers from Germany’s Technical University of Darmstadt discovered.

Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.