Big tech breaches, the rise of callback phishing and joint advisories issued by CISA…here are the latest cybersecurity threats and advisories for the week of August 19, 2022. Threat Advisories and Alerts Cybercriminals Exploit Zimbra Vulnerabilities CISA and MS-ISAC have issued a joint advisory in response to active exploitation of multiple vulnerabilities against Zimbra Collaboration Suite (ZCS). Cybercriminals may target unpatched ZCS security holes in government and private sector networks. Organizations who didn’t make  the appropriate updates upon patch release should assume they’ve been compromised and follow the recovery steps in the CISA advisory. Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-228a CISA and the FBI Issue Warning for Zeppelin Ransomware The FBI and CISA have issued a joint advisory concerning Zeppelin ransomware, which has been

High profile ransomware attacks, vulnerabilities in popular technology products and a widespread investment scam in Europe. Here are the latest cybersecurity threats and advisories for the week of August 5, 2022. Threat Advisories and Alerts Critical Vulnerability Found in VMware Products VMware has released a security update to patch a critical vulnerability in several of their products, including VMware Workspace ONE Access, vRealize Automation and Identity Manager. If the vulnerability isn’t patched, bad actors with network access could obtain admin privileges. VMware customers using the affected products are recommended to upgrade to the latest version immediately. ​​Source: https://www.csa.gov.sg/en/singcert/Alerts/al-2022-033 CISA Warns of Confluence Security Flaw CISA has added the recent Atlassian security flaw (CVE-2022-26138) to its catalog of Known Exploited Vulnerabilities.

In 2021, North Carolina became the first state to prohibit state agencies and local government entities from paying a ransom following a ransomware attack. This, first-of-its-kind, state law also prohibits public entities from communicating with a malicious actor following a ransomware attack. Instead, they will have to consult with the North Carolina Department of Information Technology when they experience such an attack. On June 28, 2022, Florida Governor Ron DeSantis signed HB 7055. Effective, July 1, 2022, it requires all state agencies report cybersecurity and ransomware incidents, and that every state employee receives substantive training in cybersecurity. New York, Pennsylvania, Arizona and Texas all have considered legislation that would prevent the paying of ransom in ransomware cases. Pennsylvania’s bill has

Malicious cyberattacks increased exponentially in 2021. A record number of almost 850,000 complaints related to cybersecurity were recorded by Americans last year resulting in close to U.S. $7 billion lost, according to the FBI’s Internet Crime Compliant Center (IC3). Among the types of cybercrimes reported to the FBI, ransomware is on the rise and becoming more sophisticated in recent years while remote work and schooling are more prevalent. For those unaware, ransomware is a malicious software (malware) that makes a computer unusable while a cyber criminal holds data hostage until they are paid. The Cybersecurity & Infrastructure Security Agency (CISA) reports that ransomware tactics and techniques have continued to evolve and become a larger threat. In response to several high-profile

A U.S. Cyber Command (USCYBERCOM) task force has conducted “its first offensive cyber effect operation against real-life cyber threats.” Details of the operation have not been published, but the military says offensive cyberspace operations are “intended to project power by the application of force in or through cyberspace.” News of the operation, conducted by USCYBERCOM’s Cyber National Mission Force (CNMF) from February to August 2021, came in a news release from the Maryland Air National Guard’s 175th Cyber Operations Group, which took part in the mission. “USCYBERCOM’s CNMF plans, directs and synchronizes full-spectrum cyberspace operations to deter, disrupt and, if necessary, defeat adversary cyber actors to defend the U.S.,” said U.S. Air Force Maj. Corley Bradford, director of operations for