v032 gets back to one of my favorite topics – Cybercrime! One of the allures to many cyber-professionals is the whole “cops ‘n robbers” aspect to security. In this version, read some of the latest with ransomware, how the huge MGM and Ceasars attack happened, and how Cloudflair deals with DDoS. Don’t forget the Vulnerability Vortext at the bottom!
Experts Expose Farnetwork’s Ransomware-as-a-Service Business Model
| Cybersecurity researchers have unmasked a prolific threat actor known as farnetwork, who has been linked to five different ransomware-as-a-service (RaaS) programs over the past four years in various capacities. |  |
Ransomware Mastermind Uncovered After Oversharing on Dark Web
 |
Meet “farnetwork,” one of the most prolific RaaS operators around, who spilled too many details during an affiliate “job interview.” |
MGM and Caesars Attacks Highlight Social Engineering Risks
| The cyberattacks on MGM Resorts International and Caesars Entertainment exposed the widespread effects data breaches can have on an organization — operationally, reputationally, and financially. Although many questions around the specific attack remain, reports say that hackers found enough of an MGM’s employee’s data on LinkedIn to arm themselves with the right knowledge to call the help desk and impersonate the employee, convincing MGM’s IT help desk to obtain that employee’s sign-in credentials. |  |
*** ChatGPT Quip of the Week *** |
Prompt: What a the three most important questions nonprofit or association executives should ask their IT department regarding the organization’s cyber risk and cyber protections? Response: Nonprofit or association executives should ask their IT department: 1. What are our current cybersecurity vulnerabilities and strengths? 2. How is our organization actively preventing and responding to cyber threats? 3. What measures are in place to ensure the resilience of our critical data and systems in the face of potential cyber incidents? |
What We Can Learn From Major Cloud Cyberattacks
| Analysis of six major cloud incidents shows how some common mistakes can lead to serious consequences. |  |
Cloudflare website downed by DDoS attack claimed by Anonymous Sudan
 |
A threat group known as Anonymous Sudan claimed that they were the ones who took down Cloudflare’s website in a distributed denial-of-service (DDoS) attack. |
Ransomware Group Files SEC Complaint Over Victim’s Failure to Disclose Data Breach
| Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers. |  |
Play Ransomware Goes Commercial – Now Offered as a Service to Cybercriminals
 |
The ransomware strain known as Play is now being offered to other threat actors “as a service,” new evidence unearthed by Adlumin has revealed. |
Hackers use new Agent Raccoon malware to backdoor US targets
| A novel malware named ‘Agent Raccoon’ (or Agent Racoon) is being used in cyberattacks against organizations in the United States, the Middle East, and Africa. |  |
British, Toronto Libraries Struggle After Cyber Incidents
 |
It’s unknown who the threat actors are and whether the outages are connected. |
3 Ways to Close the Cybersecurity Skills Gap — Now
| The future of the cybersecurity workforce will rely less on long-led legacy education models and more on skills-now training. |  |
Vulnerability Vortex
Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now
| Veeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. |  |
CISA Sets a Deadline – Patch Juniper Junos OS Flaws
 |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. |
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
| Today is Microsoft’s November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities. |  |
Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion
 |
Adobe patches 72 security bugs and calls special attention to code-execution defects in the widely deployed Acrobat and Reader software. |
Read also
Welcome to v062 : Roses are red, violets are blue, cyber-hackers are waiting for you
Welcome to v061 : New Year’s Resolution: Strengthen Cybersecurity, Protect Missions.
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.