Author
Paul Roberts
Publisher & Editor in Chief, Security Ledger Senior Editor & Head of Content at QOMPLX, Inc.
Written by Paul Roberts

Conti University: Four Lessons in Defense from a Ransomware Gang’s Playbook
The leak of a playbook used by the Conti ransomware gang is a gift to red- and blue teams everywhere.

Some Tips For Talking To Your Board About Ransomware
The plague of successful attacks means ransomware is no longer the threat that “shall not be named” in the Boardroom. Here’s what to tell your Board of Directors when they ask.

What We Know About The Kaseya Ransomware Attack
The REvil ransomware gang has reportedly compromised Kaseya, whose software is used by managed service providers. Here’s what we know...

As Ransoms Mount: How To Keep Your Organization Safe
Recent news accounts of multi-million dollar payments to ransomware gangs underscore the financial and reputation risk of ransomware to your organization. To keep your organization safe, QOMPLX says focusing on identities and privileges is key.

Clean-up On Aisle 2452: Weighing CISA’s SolarWinds Eviction Guidelines
The agency published updated guidelines on evicting UNC2452, the SolarWinds hackers. But QOMPLX says victims should weigh CISA’s recommendations carefully before they act.

A Lesson From The Pipeline Hack: Secure Active Directory Now
The Darkside ransomware attack on Colonial Pipeline looks like an escalation, but it is just business as usual for Human-Operated ransomware groups. Defenders should take note!

QOMPLX Analysis: Refracting Cyber Risks For Accellion Customers
What started off as attacks on Accellion FTA customers evolved into an epidemic of data breaches and then a plague of “doxing” and cyber extortion. And the worst is almost certainly not behind us.

CISA Offers Tool, Plans To Evict SolarWinds Hackers. You’d Better Sit Down
The Federal Government’s lead cybersecurity agency released a custom scanning tool and has spelled out remediation steps for federal agencies affected by the SolarWinds attacks. They’re not for the faint of heart

Mr. (Brad) Smith Goes to Washington
Microsoft’s President was among a group of technology executives who testified about the SolarWinds hack. Their warnings to the government and the private sector were stark.

Netfilim and Ransomware’s Long Fuse
A report on a Netfilim ransomware outbreak highlights the long fuse that these attacks have. Basic security hygiene - especially for Active Directory - can snuff them out.

Health Cyber Center Warns of Kerberos Risk After Microsoft Patch
The Health Sector Cybersecurity Coordination Center (HC3) has warned its members about the risk posed to Microsoft Windows Servers and Active Directory installations after the disclosure last month of the so-called “Bronze Bit” flaw in the Active Directory.

Latest CISA Warning Hints At Worst Case Scenario In Russia Hack
Federal agencies are advised to counter “Kerberoasting and forged TGT ” attacks—suggesting a worst-case scenario for federal IT networks.

DHS Calls Out Kerberoasting In Directive Following Russian Hack
Sophisticated state hackers who compromised federal agencies used Kerberoasting to steal credentials and move within compromised networks, according to guidance from DHS.

CISA Warns: Distance Learning Boosts K-12 Cyber Risk
Distance learning has profound cyber security implications for K-12 school districts, the U.S. Government’s Cyber Security and Infrastructure Security Agency (CISA) warned last week.

FBI Warns Hospitals on Ryuk Ransomware Credential Theft and Malicious DNS
Organizations face an uphill battle in detecting and responding to the sophisticated, human-directed ransomware campaigns. Getting a grip on credential theft and monitoring DNS traffic are key.

Ransomware's Effects Linger Long After Attack, Study Finds
As ransomware attacks spread to more, high profile firms, a new report by the security firm Sophos suggests that the impact of such incidents lingers within organizations long after the malware has been removed.

October: Cybersecurity Awareness Month and Its Discontents
Why haven't 17 annual Cyber Security Awareness months paid dividends? Probably because "awareness" itself isn't nearly enough to beat back a complex, global and societal ill like cybercrime.

CISA Report: Unpatched VPN, Credential Theft Fueled Agency Hack
A CISA analysis of a hack of an unnamed federal agency suggests it may have started with the exploitation of a known (and patched) flaw in the Pulse VPN server.

Zerologon is a Big Deal. Here’s Why.
The Microsoft vulnerability dubbed Zerologon is a 10-on-a-10-scale critical flaw in Windows Netlogon. We explain what you need to know about this serious, new vulnerability.

Privilege Escalation Features Pop Up In More Malware Variants
The new DarkSide ransomware variant and Lucifer’s Spawn, a DDoS and crypto-jacking tool, have one thing in common: privilege escalation features designed to fuel lateral movement.

Konica Minolta Latest Victim of Human Operated Ransomware
The new ransomware family RansomEXX is suspected in the hack of Konica Minolta, its second prominent victim in a month. Evidence suggests that human directed attacks are becoming more stealthy and effective.

Not Learning from NotPetya: The Truth Behind Recent Ransomware Attacks
Why do firms like Garmin find themselves in the grips of ransomware cybercriminal groups? A tell-all by a former Maersk employee offers some clues.

Webinar Today: Dun & Bradstreet joins QOMPLX to talk CMMC Certification
QOMPLX's Bill Solms and Paul Brooks of Dun & Bradstreet's Government Business Unit dig into the new DOD CMMC cyber security certification in a webinar June 3rd 2020 at 2:00 PM.

Zoom and Gloom: Your Security Risk is (much) Bigger than One App
Zoom is responding to a torrent of revelations about security and privacy issues in its platform. But enterprise concerns about application security holes and data privacy shouldn’t be limited to one platform.

QOMPLX Knowledge: Silver Ticket Attacks Explained
In our second QOMPLX Knowledge post, we profile Kerberos Silver Tickets: forged Ticket Granting Service (TGS) tickets.

Worried about Human Operated Ransomware? Stop using NTLM, start validating Kerberos
Microsoft's excellent report on human-operated ransomware attacks didn't mention a common thread in many successful attacks: continued use NTLM. Here is QOMPLX's advice on how to take away a ransomware attackers biggest advantage.

Report: How Active Directory Attacks Went Mainstream
Sophisticated attacks on Active Directory were considered 'artisan' level hacks. Today, they're business as usual. What happened? Our new report tells a story 30 years in the making.