A recent analysis from the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) found that ransomware attacks doubled between 2020 and 2021, including a disproportionately large spike coming from Russia. Ransomware is malicious software that encrypts a victim’s files and holds the data hostage until a ransom is paid, typically through cryptocurrency.
On Thursday, September 29th, Microsoft publicly disclosed two unpatched vulnerabilities impacting on-premises Microsoft Exchange servers that were capable of granting remote access to threat actors. These zero-day vulnerabilities have been identified as CVE-2022-41040, which is a Server-Side Request Forgery (SSRF) vulnerability, and CVE-2022-41082, which allows remote code execution (RCE) when PowerShell is accessible to the attacker.
Contrary to the promises of the various security appliance providers, there is no single solution in information security to defend against the various attack vectors available to threat actors (TAs). However, we recommend that businesses adopt Defense in Depth, a strategy of applying multiple layers of defensive mechanisms to better protect an organizations’ valuable
As a digital forensics and incident response (DFIR) firm, BinaryLab has conducted numerous investigations to provide stakeholders with timeline and root cause analysis for issues ranging from business email compromise up to ransomware attacks. An oft-forgotten area of concern, however, is social media. Social media channels can be a stand-alone area of investigation
Researchers have discovered an unauthenticated Remote Code Execution (RCE) flaw, which is being tracked as CVE-2022-26134 and can compromise even the most up-to-date, patched version of Atlassian’s Confluence Server solution. On June 2nd, Atlassian released an advisory stating that versions of Confluence Server and Data Center 7.4.0 and higher are potentially vulnerable. Security
In the wake of the Russian military invasion of Ukraine, fear of cyberwarfare has risen among the American public, many of whom still have the Colonial Pipeline ransomware attack fresh on their minds. In response, the U.S. government is seeking not only to address these events, but also to raise awareness and security compliance
Okta, a massively popular company which provides identity and access management (IAM) services to clients worldwide, was recently targeted by threat actor Lapsus$. The compromise of Okta and other providers of IAM services is highly sensitive and potentially far-reaching as Okta’s IAM services alone allow approximately 15,000 companies to securely log into multiple
At BinaryShield, it is our philosophy that custom-tailored, proactive solutions that align with best security practices and regulatory frameworks are the best methods to address people, technologies, and facilities to provide actionable cybersecurity strategies. One such framework, which has garnered significant attention due to its complexity and transformative nature, is the Cybersecurity Capability Maturity
The ubiquity of concerted campaigns through phishing and various other methods of malware deployment have led to individuals, small and midsized businesses (SMBs), and the largest companies worldwide to deal with the brutal impact of a data breach on daily operations. This pervasiveness is understood to occur due to the low-risk, high-reward ecosystem in
Cyber incidents often rely on human engagement to enable malware. Despite deploying security controls on the user’s account, target environment, and device, additional emerging threats may occur which require both users and enterprise administrators to put safeguards in place to mitigate the impact. The purpose of this blog is to analyze and mitigate