As the full scope of the Change Healthcare cyber attack and ransomware story unfolds, a new leading gang has emerged known as ‘RansomHub’. This ‘new’ group has been claiming more victims since the massive February ransomware and data breach attack. On April 8, Forescout Research – Vedere Labs obtained samples used by RansomHub affiliates in a separate incident.

It’s time to recognize official security vulnerability catalog systems aren’t enough. There are too many gaps in the named security vulnerability process. And plenty of vulnerabilities do not receive the attention they deserve. Some vendors silently patch issues while others leave vulnerabilities in a reserved state. There is not one source of information that contains every vulnerability being exploited. The result?

The growth of Internet of Things (IoT) devices is reshaping our digital landscape. From smart thermostats to industrial sensors to IP cameras to smart toilets, these devices drive efficiency through innovation. But they aren’t secure by nature. A new UK law aims to make IoT products much more secure. On April 29, the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act became official and is now enforcing compliance across IoT assets.

The art of risk assessment has long been a crucial element of military strategy and decision-making – and it remains critical to today’s best practices in cybersecurity defense. Abraham Wald, a mathematical genius, played a pivotal role in revolutionizing the understanding of hidden risk and exposure with his innovative work on aircraft survivability. During World War II, the US air force wanted effective methods to protect aircraft against enemy fire.

In our recent research “Better Safe Than Sorry”, we reported how the number of exposed OT/ICS devices in Japan grew by 372% over the past six years. During this time, several notable cyber-attacks targeted businesses and government entities in Japan. The substantial increase in exposed OT/ICS combined with the recent cyber-attacks in Japan has prompted us to give a deeper look at the current threat landscape in the country.

Operational technology (OT) and Industrial Control Systems (ICS) are core parts of an engine fueling critical infrastructure in industrialized nations worldwide. Water treatment facilities. Wastewater plants. Electrical transmission and distribution hubs. Nuclear power and manufacturing plants. Energy pipelines.

In a new threat briefing, Forescout Research – Vedere Labs details an exploitation campaign targeting organizations running Fortinet’s FortiClient EMS which is vulnerable to CVE-2023-48788. We are designating this campaign Connect:fun because of the use of ScreenConnect and Powerfun as post-exploitation tools – our first-ever named campaign.

The amount of money to run an AI-based disinformation campaign is miniscule compared to the influence the campaign can have on society. As I noted in my recent SecurityWeek piece “Preparing Society for AI-Based Disinformation Campaigns in the 2024 US Elections”, there are four common steps in these efforts: Reconnaissance, content creation, amplification and actualization.

What is the biggest cybersecurity challenge facing companies worldwide? The answer may vary depending on who you ask, but one indisputable fact remains clear: “What you can’t see, can and will hurt you.” Cyber threats lurk in the depths of the digital world, constantly evolving, poised to strike unsuspecting victims. They often strike by compromising unseen connected devices which, experience has proven, represent up to 50% of all devices on a network.*

On February 15, the US Department of Justice announced “Operation Dying Ember”: the takedown of a botnet controlled by APT28, the Russian military cyber threat actor also known as Fancy Bear. APT28 was previously known for developing the VPNFilter botnet, which targeted routers and network attached storage devices and was also disrupted by the DoJ in 2018.