Read also: Chinese hackers are exploiting a Windows MSDT zero-day, Costa Rica’s health service hit by a ransomware attack, and more.

Kroll’s incident responders have seen threat actor groups becoming increasingly sophisticated and elusive in the tactics, techniques and procedures they employ to steal payment card data. One common method is to “scrape” the Track 1 or Track 2 data stored on the card’s magnetic stripe, which provides the cardholder account and personal information criminals need to make fraudulent “card-not-present” (CNP) transactions.

As more and more businesses adopt cloud computing services for their operations, the threat against cloud infrastructure is also increasing. AWS, the huge cloud service provider in the market, provides many security features to secure the cloud structure and customer data. It is essential to understand the service provider’s security policy before adopting it for the business.

Your project teams take hundreds, if not thousands of photos every year. And while it’s easy to take the actual photos, it can be a huge pain to download and organize all those images. Think about how most companies operate today. A team member takes a bunch of pictures, goes back to the office or the trailer, downloads the pictures from the camera or mobile device, uploads them to the system, and then organizes and posts them.

CVE-2022-30190, aka Follina, was published by @nao_sec on Twitter on May 27, 2022 — the start of Memorial Day weekend in the U.S. — highlighting once again the need for round-the-clock cybersecurity coverage. Threat hunting in particular is critical in these instances, as it provides organizations with the surge support needed to combat adversaries and thwart their objectives.

2022 has been busy in the cyber world. While there were signals in 2021 with the increased in activity in threat actors targeting OT environments with ransomware, the conflict in Ukraine prompted many businesses to press harder in asking more questions about their own resilience with operational technologies (OT) and supply chain infrastructure.

The CrowdStrike Content Research team recently analyzed a MacOS targeted browser hijacking campaign that modifies the user’s browsing experience to deliver ads. Research began with a variant that uses a combination of known techniques to deliver, persist and sideload a Chrome extension. Analysis of the fake Chrome installer uncovered the use of more than 40 unique dropper files to install the extension.

Since my previous blog CMMC Readiness was published in September 2021, the Department of Defense (DoD) has made modifications to the program structure and requirements of the Cybersecurity Maturity Model Certification (CMMC) interim rule first published in September 2020. CMMC 2.0 was officially introduced in November 2021 with the goal of streamlining and improving CMMC implementation.