Toward the end of August, the gang behind the SunCrypt ransomware strain announced they had joined the Maze cartel of ransomware operators, which currently boasts Maze, LockBit and Ragnar Locker. After that announcement, reports began emerging of the first high-profile victim of the gang. However, not all is as it seems with the gang and questions have been raised as to whether they are indeed the newest members of the Maze cartel.
The U.K. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware incidents targeting educational institutions, urging them to follow the recently updated recommendations for mitigating malware attacks.
This warning comes after the NCSC investigated in August an increased number of ransomware attacks on schools, colleges, and universities in the country.
Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat the increase in attacks against medical and testing facilities. We decided quickly that doing some form of hack-a-thon on OpenMRS (an open medical records system) would help us learn but at the same time help OpenMRS find any application vulnerabilities they could fix to increase their security posture.
It’s imperative that employers implement a patch cadence, regardless of whether employees agree with it
This may sound controversial, but unfortunately, my experience shows it to be true: When humans are prompted to do something without risk or reward, they tend not to do it. In their remote environments, just as when they were in the office, the reminders still pop up on employees’ screens: “Updates Available for Your Device.” But, when given the choice, employees more often than not select “Remind Me Tomorrow”—whether because they’re busy, impatient or don’t understand the importance of regular updates.
A few days ago, Didier wrote an interesting diary about embedded objects into an Office document. I had a discussion about an interesting OLE file that I found. Because it used the same technique, I let Didier publish his diary first. Now, let’s have a look at the document.