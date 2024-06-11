As the World Turns

Getting Justice Done. On May 1, 2024, a Ukrainian national behind Sodinokibi ransomware was sentenced to nearly 13 years and seven months in prison.

Coming in Third. On May 1, 2024, Verizon published its 2024 Data Breach Investigations Report. According to the Report, vulnerability exploitation was the third most commons means of unauthorized access in 2023; only credential theft and phishing were more prevalent means of access.

Water, Water, Everywhere. On May 1, 2024, the FBI and CISA again warned of shoddy security practices at US water plants, which have been exploited by pro-Russian hackers.

I'm Not Really In Tech Support. On May 2, 2024, Malwarebytes noted a campaign whereby scammers are using sponsored Google search results to mislead users into thinking they have contacted legitimate tech support websites. In reality, the victims are charged thousands for fake malware removal.

Travel Ban? On May 2, 2024, the FBI and CISA reminded companies to view their products for path traversal security vulnerabilities and to remove them before shipping. Failing to do so can allow threat actors to access sensitive data and credentials.

We Won't Be Seized Again. On May 5, 2024, law enforcement seized Lockbit's Tor website, again.

The Cost of Being Social. A May 21, 2024 Avast Threat Report reveals that phishing and malvertising accounted for 90% of all threats on mobile devices and 87% of threats on desktop.

Consider This

HHS Writes Prescription for Improved Cybersecurity. On May 20, 2024, the HHS launched a $50 million program to fund the development of cybersecurity tools for hospitals and the healthcare industry.

Wee-Oww, Wee-Oww, Wee-Oww. On May 20, 2024, the Open Source Security Foundation announced a new email mailing list named Siren. The list is intended to spread threat intelligence related to open source projects.

You Felt the Material? On May 28, 2024, the SEC reminded that its notification requirements are for 'material' security incidents.

