The threat group tracked as DEV-0832 by Microsoft’s security threat intelligence analysts, also known as Vice Society, are a group of cyber criminals that are thought to have been active since at least June 2021. They have been credited for ransomware and extortion campaigns across the world but have mainly focused on US-based targets. The […]
Vice Society: Opportunistic Ransomware Group Read More »
The NCSC has issued updated guidance on the evolving threat from Russian state actors and cyber criminals due to the ongoing war in Ukraine. The joint Cybersecurity Advisory (CSA) from the cybersecurity authorities in the UK, USA, Australia, Canada and New Zealand warns that: “Evolving intelligence indicates that the Russian government is exploring options for
NCSC Updates Guidance on Russian cyber threat Read More »
In 2016, Europol, the Netherlands Police and leading anti-virus companies joined forces to create the No More Ransom project, which to date has helped over 6 million ransomware victims recover their files and avoid paying €1billion in ransom. The nomoreransom.org website provides advice for individuals and businesses on how to protect themselves against ransomware and
How the No More Ransom project helps victims of ransomware Read More »
A hacker tried to poison the water supply in Oldsmar, Florida by dumping caustic soda into the water by adjusting the SCADA system in control of the water treatment plant. On Friday 5th February, an operator at the water plant noticed the mouse on his screen moving and accessing the control system software for the
Hackers attempt to Poison Water Supply Read More »
An innovative American insurance company, Corvus, has reported a drop of 65% in ransomware claims after they started insisting on vulnerability scans of the client’s network before providing cyber-insurance. Lauren Winchester of Corvus states in a recent blog post: Our automated scan locates threats like unprotected RDP upon quoting for new business and we notify
Ransomware claims drop dramatically after mandatory scans Read More »
Server hardening is a set of disciplines and techniques which improve the security of an ‘off the shelf’ server. Server Hardening is requirement of security frameworks such as PCI-DSS and is typically included when organisations adopt ISO27001. What is the attack surface The aim of server hardening is to reduce the attack surface of
What is server hardening ? Read More »
After analysing dozens of ransomware incidents over the last 4 years, researchers have identified their defining common characteristics – which can help security managers design targeted defences. Mandiant Intelligence have published a report that reveals the common attributes of ransomware incidents from around the world and across the industrial spectrum. The key findings are:
Ransomware trends 2020 Read More »
Researchers have identified new attack vectors which leverage the RDP drive sharing feature to perform fileless attacks and plant malware. A standard feature of the Microsoft RDP implementation is the ability to share a drive from the client machine. This appears as a network share to the server device at \tsclient. An attacker who was
RDP used in fileless attacks Read More »
Bluekeep is serious vulnerability in the RDP protocol affecting Windows systems. After months of waiting, active exploits have now been spotted in the wild for the first time, attempting to install cryptomining malware on the vulnerable systems. Security researcher Kevin Beaumont has been running a network of honeypots in an attempt to capture Bluekeep malware in
Bluekeep exploits seen in the wild Read More »
Recent research from Sophos highlights your public RDP server as the primary attack vector against your data centre. During April and May 2019, Sophos deployed 10 standard out-of-the-box configured Windows 2019 servers into AWS data centres around the world. By default, Windows 2019 has RDP enabled. They configured each server with uncrackably long passwords and
600 failed login attempts per hour for public RDP servers Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.