• Back

Blog

Author

Paul Roberts

Publisher & Editor in Chief, Security Ledger Senior Editor & Head of Content at QOMPLX, Inc.

Profile image for author

Paul is a reporter and editor who covers the information technology security space. His writing has appeared in publications including Forbes, The Christian Science Monitor, MIT Tech Review and more.

Profile image for author

Written by Paul Roberts

Written by Paul Roberts | August 16, 2021

The leak of a playbook used by the Conti ransomware gang is a gift to red- and blue teams everywhere.

Written by Paul Roberts | July 12, 2021

The plague of successful attacks means ransomware is no longer the threat that “shall not be named” in the Boardroom. Here’s what to tell your Board of Directors when they ask.

Written by Paul Roberts | July 04, 2021

The REvil ransomware gang has reportedly compromised Kaseya, whose software is used by managed service providers. Here’s what we know...

Written by Paul Roberts | June 14, 2021

Recent news accounts of multi-million dollar payments to ransomware gangs underscore the financial and reputation risk of ransomware to your organization. To keep your organization safe, QOMPLX says focusing on identities and privileges is key.

Written by Paul Roberts | May 25, 2021

The agency published updated guidelines on evicting UNC2452, the SolarWinds hackers. But QOMPLX says victims should weigh CISA’s recommendations carefully before they act.

Written by Paul Roberts | May 12, 2021

The Darkside ransomware attack on Colonial Pipeline looks like an escalation, but it is just business as usual for Human-Operated ransomware groups. Defenders should take note!

Written by Paul Roberts | April 08, 2021

What started off as attacks on Accellion FTA customers evolved into an epidemic of data breaches and then a plague of “doxing” and cyber extortion. And the worst is almost certainly not behind us.

Written by Paul Roberts | March 19, 2021

The Federal Government’s lead cybersecurity agency released a custom scanning tool and has spelled out remediation steps for federal agencies affected by the SolarWinds attacks. They’re not for the faint of heart

Written by Paul Roberts | March 05, 2021

Microsoft’s President was among a group of technology executives who testified about the SolarWinds hack. Their warnings to the government and the private sector were stark.

Written by Paul Roberts | January 29, 2021

A report on a Netfilim ransomware outbreak highlights the long fuse that these attacks have. Basic security hygiene - especially for Active Directory - can snuff them out.

Written by Paul Roberts | January 15, 2021

The Health Sector Cybersecurity Coordination Center (HC3) has warned its members about the risk posed to Microsoft Windows Servers and Active Directory installations after the disclosure last month of the so-called “Bronze Bit” flaw in the Active Directory.

Written by Andrew Jaquith, Paul Roberts | December 18, 2020

Federal agencies are advised to counter “Kerberoasting and forged TGT ” attacks—suggesting a worst-case scenario for federal IT networks.

Written by Paul Roberts | December 16, 2020

Sophisticated state hackers who compromised federal agencies used Kerberoasting to steal credentials and move within compromised networks, according to guidance from DHS.

Written by Paul Roberts | December 15, 2020

Distance learning has profound cyber security implications for K-12 school districts, the U.S. Government’s Cyber Security and Infrastructure Security Agency (CISA) warned last week.

Written by Paul Roberts | October 29, 2020

Organizations face an uphill battle in detecting and responding to the sophisticated, human-directed ransomware campaigns. Getting a grip on credential theft and monitoring DNS traffic are key.

Written by Paul Roberts | October 15, 2020

As ransomware attacks spread to more, high profile firms, a new report by the security firm Sophos suggests that the impact of such incidents lingers within organizations long after the malware has been removed.

Written by Paul Roberts | October 02, 2020

Why haven't 17 annual Cyber Security Awareness months paid dividends? Probably because "awareness" itself isn't nearly enough to beat back a complex, global and societal ill like cybercrime.

Written by Paul Roberts | September 28, 2020

A CISA analysis of a hack of an unnamed federal agency suggests it may have started with the exploitation of a known (and patched) flaw in the Pulse VPN server.

Written by Paul Roberts | September 21, 2020

The Microsoft vulnerability dubbed Zerologon is a 10-on-a-10-scale critical flaw in Windows Netlogon. We explain what you need to know about this serious, new vulnerability.

Written by Paul Roberts | August 30, 2020

The new DarkSide ransomware variant and Lucifer’s Spawn, a DDoS and crypto-jacking tool, have one thing in common: privilege escalation features designed to fuel lateral movement.

Written by Paul Roberts | August 21, 2020

The new ransomware family RansomEXX is suspected in the hack of Konica Minolta, its second prominent victim in a month. Evidence suggests that human directed attacks are becoming more stealthy and effective.

Written by Paul Roberts | July 30, 2020

Why do firms like Garmin find themselves in the grips of ransomware cybercriminal groups? A tell-all by a former Maersk employee offers some clues.

Written by Paul Roberts | June 03, 2020

QOMPLX's Bill Solms and Paul Brooks of Dun & Bradstreet's Government Business Unit dig into the new DOD CMMC cyber security certification in a webinar June 3rd 2020 at 2:00 PM.

Written by Paul Roberts | April 03, 2020

Zoom is responding to a torrent of revelations about security and privacy issues in its platform. But enterprise concerns about application security holes and data privacy shouldn’t be limited to one platform.

Written by Paul Roberts | April 01, 2020

In our second QOMPLX Knowledge post, we profile Kerberos Silver Tickets: forged Ticket Granting Service (TGS) tickets.

Written by Paul Roberts | March 12, 2020

Microsoft's excellent report on human-operated ransomware attacks didn't mention a common thread in many successful attacks: continued use NTLM. Here is QOMPLX's advice on how to take away a ransomware attackers biggest advantage.

Written by Paul Roberts | March 04, 2020

Sophisticated attacks on Active Directory were considered 'artisan' level hacks. Today, they're business as usual. What happened? Our new report tells a story 30 years in the making.