Results for: ransomware
Samsam and Petya: The New Wave of Ransomware
Malware development, like any other area in IT, is a hotbed of innovation and change. At the forefront of this trend are the groups responsible for developing ransomware applications such as TeslaCrypt and Cryptowall. Today’s news brings two new challengers:...
TeslaCrypt 4.0 ransomware ups the ante with unbreakable encryption
When TeslaCrypt first arrived on the ransomware scene about a year ago, it seemed like a CryptoLocker copycat with a few new tricks, such as renaming existing files, deleting browser history to hide the source of the infection, and a...
KeRanger brings ransomware to the Mac
Not too long ago one of the benefits of using a Macintosh for work was that there wasn’t enough of these systems in place to make it worthwhile for hackers to target them. Fast forward to today, and the growing...
Patch management: The basics still matter
Patching is such a core part of MSP DNA that it’s easy to overlook. I’ve talked with many MSP owners who get pulled into the latest, most urgent cyberthreats—only to lose sight of the basics: patching. Patching is the cybersecurity...
Cybersecurity Threat Advisory: RedSun exploits Microsoft Defender real-time protection
A new proof of concept (PoC), RedSun, exploits Windows devices running Microsoft Defender real‑time protection on Windows 10, Windows 11, and Windows Server 2019+. It abuses Defender’s handling of cloud‑tagged files to achieve local privilege escalation to SYSTEM. Read this...
Cybersecurity Threat Advisory: GhostLock – A new denial-of-availability attack technique
GhostLock is a newly disclosed attack technique that abuses the Windows CreateFileW API to lock enterprise files by requesting exclusive, deny‑share handles. Read this Cybersecurity Threat Advisory to learn how to limit your organization’s exposure to this attack. What is...
Cybersecurity Threat Advisory: RMM-based phishing attacks
An ongoing phishing campaign has been observed targeting multiple vectors and leveraging legitimate Remote Monitoring and Management (RMM) tools to establish persistent remote access on compromised hosts. Read this Cybersecurity Threat Advisory to mitigate risk for you and your clients....
Cybersecurity Threat Advisory: Blue Hammer zero-day
A researcher leaked a zero‑day vulnerability dubbed “BlueHammer” to protest Microsoft’s handling of the private disclosure process. Although the published code contains implementation bugs, attackers with local access can still use it to compromise affected systems. Read this Cybersecurity Threat...
How MSPs can convey threats without the panic
Managed service providers encounter a steady stream of cyber threats, and communicating those risks to clients is both an art and a diplomatic exercise. “The fact is, if I told my clients about every single threat I saw every day,...
What does a “right-size” incident response plan look like?
Often, when a cyber incident occurs, the response is ad hoc—a reactive, seat‑of‑the‑pants scramble. After all, every incident is different, so how can you plan for what you don’t know? But just as every building fire is different, there are...
