Working from home had previously been seen as a nice-to-have in the corporate world, with most companies not giving it much importance. However, with the breakout of the covid-19 pandemic and its subsequent effects on the global economy, most companies were unprepared for the change in workplace dynamics and the challenges involved with working from home; one of which is the threats of cybersecurity attacks.

According to the HTA report released by the DHS; “Advanced persistent threat or other malicious cyber actors likely will target election-related infrastructure as the 2020 Presidential election approaches, focusing on voter PII, municipal or state networks, or state election officials directly.”

Sam’s club, an American chain of membership-only retail warehouse clubs founded in 1983 and named after Walmart founder Sam Walton recently had their customer accounts hacked in a series of stuffing attacks. The attacks which were only detected in September were said to not have come for a data breach, but rather from a series of attacks in which the attackers already knew the user’s credentials.

According to CISA, they have observed over 16,000 Emotet-related alerts since July; as-well-as Emotet-related traffic over ports 80, 8080, and 443. With one instance where an Emotet-related IP attempted to connect over port 445, suggesting the possible use of Server Message Block (SMB).

Equinix is currently investigating a security incident we detected that involves ransomware on some of our internal systems. Our teams took immediate and decisive action to address the incident, notified law enforcement and are continuing to investigate.

“Patients connect with telehealth providers using web-based applications that include structured and unstructured data. With the exponential increase in use of these applications, cybercriminals targeted them more purposefully,” researchers wrote.

Researchers with WordPress security firm Defiant spotted more than 1.7 million sites being probed by threat actors between September 1st and September 3rd.

FCPS issued a statement Sept. 11 acknowledging that ransomware was placed on some of its technology systems. “We are taking this matter very seriously and are working diligently to address the issue,” FCPS states.

The alert from CISA contains indicators of compromise that should help recipients detect the phishing attack and take active measures against it. The malicious email has the subject line “SBA Application – Review and Proceed” and comes from the spoofed email address “disastercustomerservice@sba[.]gov.”

According to SANS, the initial attack started with a phishing email pretending to be a file shared by a SANS SharePoint service. The file pretending to be shared was called “Copy of July Bonus 24JUL2020.xls,” and the email prompted the user to click on the ‘Open’ button to access the file.