Bleeping Computer reported on April 9 that cyber attackers are using legitimate corporate contact forms to send phishing emails that threaten businesses with lawsuits and attempt to infect them with the IcedID info-stealing malware. IcedID is a modular banking trojan first spotted in 2017 and updated to deploy second-stage malware payloads, including Trickbot, Qakbot, and Ryuk ransomware. The attackers can use it to download additional modules after infecting a device, steal credentials and financial information,…

Bleeping Computer reported on April 8 that Microsoft has released an open-source cyberattack simulator which permits security researchers and data scientists to create simulated network environments and see how they operate against AI-controlled cyber agents. The project is named ‘CyberBattleSim’ built using a Python-based Open AI Gym interface. The Microsoft 365 Defender Research team created CyberBattleSim to model how a threat actor spreads laterally through a network after its initial compromise. Nice graphics included in…

The State News (Michigan) reported on April 6 that Michigan State sent out an email to just under 350 people on April 5 notifying them that Title IX case files from Michigan State were a part of a data breach of Bricker and Eckler Law Firm, which assisted in Michigan State’s Title IX investigations, Michigan State’s Title IX Communications Manager Christian Chapman said. Bricker and Eckler is an Ohio law firm that is the parent…

InsideNoVA reported on March 18 that Prince William County police were searching for a man who used a drone mounted with a camera to look into a woman’s bedroom in northern Virginia. The 18-year-old victim told police she was in her bedroom changing clothes when she saw the drone outside her window. “The victim immediately looked out of the window and observed a man holding the controller for a drone standing near a residence on…

On April 5, SANS Institute posted some stats and the beginning of a countdown to the 20 coolest careers in cybersecurity. Yesterday’s countdown began with job #20, Media Exploitation Analyst. Logically enough, the cool jobs are tied to related SANS certifications, which is self-promotional of course, but also very helpful. Young folks are always asking me which cybersecurity certifications they should get – and of course that depends on the nature of the job you…

Sometimes, paper is a good thing. As ZDNet reported on April 1, there really are firms which have been hit by ransomware and no one could get to the Incident Response Plan (IRP) because it was – of course – encrypted. Naturally, you could also have the plan on a device that is not connected to the network but having the plan in paper in several readily accessible locations makes a lot of sense. The…

Bleeping Computer reported on March 25 that insurance giant CNA was hit by a ransomware attack using a new variant called Phoenix CryptoLocker that is likely linked to the Evil Corp hacking group. CNA issued a statement confirming that they had suffered a cyber attack: “On March 21, 2021, CNA determined that it sustained a sophisticated cybersecurity attack. The attack caused a network disruption and impacted certain CNA systems, including corporate email.” Sources familiar with…