Current Active Threats


Russian Cybercrime Gang Targets Finance Firms With Stealthy Macros
Date: 2021-10-15

The actors behind the campaign appear to be ‘TA505,’ an active Russian threat group that has a long history of creativity in the way they place Excel documents in malspam campaigns.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems
Date: 2021-10-15

The U.S. Cybersecurity Infrastructure and Security Agency (CISA) on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities (WWS), highlighting five incidents that occurred between March 2019 and August 2021.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

BlackByte: Free Decryptor Released for Ransomware Strain Summary
Date: 2021-10-15

Security researchers were able to crack the malwares encryption algorithm and produce a decryptor victim organizations can use for file and system recovery, “Trustwave, a Chicago-based cybersecurity and managed security services provider owned by Singaporean telecommunications company Singtel Group Enterprise, on Friday announced the release of the free decryptor, available for download from GitHub

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

HP Wolf Report Highlights Widespread Exploitation of MSHTML, Typosquatting and Malware Families Host
Date: 2021-10-15

HP released its latest Wolf Security Threat Insights Report, finding evidence that cybercriminals are moving even faster in taking advantage of zero-day vulnerabilities and exploiting specific problems like CVE-2021-40444 -- the remote code execution vulnerability targeting the MSHTML browser engine through Microsoft Office documents.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

This Malware Botnet Gang Has Stolen Millions with a Surprisingly Simple Trick
Date: 2021-10-15

A prominent botnet known as MyKings has made $24.7 million using it’s network of compromised computers to mine and steal cryptocurrency.

MyKings, also known as Smominru and Hexmen, is the world's largest botnet dedicated to mining cryptocurrencies by free-riding off its victims desktop and server CPUs. It's a lucrative business that gained attention in 2017 after infecting more than half a million Windows computers to mine about $2.3 million of Monero in a month.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Over 90% of Firms Suffered Supply Chain Breaches Last Year
Date: 2021-10-15

Some 93% of global organizations have suffered a direct breach due to weaknesses in their supply chains over the past year, according to BlueVoyant.

BlueVoyant surveyed 1200 IT and procurement managers responsible for supply chain and cyber risk management. Their research found that the number of breaches experienced in the past 12 months grew from “2.7 in 2020 to 3.7 in 2021, a 37% increase.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Three More Ransomware Attacks hit Water and Wastewater Systems in 2021
Date: 2021-10-15

A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched by Ransomware gangs against US water and wastewater treatment facilities (WWS) this year.

The advisory marks the first time these attacks have been publicly disclosed. The three facilities hit by ransomware were located in Nevada, Maine, and California in March, July, and August respectively. The attacks were the result of compromised SCADA industrial control systems.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Chinese Hackers Use Windows Zero-day to Attack Defense, IT Firms
Date: 2021-10-13

A Chinese speaking threat actor called IronHusky has been exploiting a zero-day vulnerability in the Windows Win32k driver to deploy a new remote access trojan (RAT). The RAT is called MysterySnail and was discovered by Kaspersky researchers in August and September of 2021 after being seen on multiple Microsoft servers. The researchers found an elevation of privilege exploit tracked as CVE-2021-40449 being used to install MysterySnail. The vulnerability was patched in this month’s Patch Tuesday.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Medium - Microsoft Mitigates Largest DDoS
Date: 2021-10-13

Microsoft announced that its Azure cloud service mitigated a 2.4 terabytes per second (Tbps) DDoS attack at the end of August, it represents the largest DDoS attack recorded to date. The attack was aimed at an Azure customer in Europe, but Microsoft did not disclose the name of the victim. This is the largest DDoS against an Azure customer since August 2020 when experts observed a 1 Tbps attack

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

High - CISA Names 3 ‘Exceptionally Dangerous’ Behaviors to Avoid
Date: 2021-10-13

CISA has released the most common three bad practices that can potentially expose organizations to cyber attacks. After reviewing them, they correlate directly to large-scale breaches that we typically see and share every week. Devices and infrastructure impacted by some of these misconfigurations or ‘bad-practices,’ per se, range from products and platforms that are both cloud-based or locally maintained on-prem.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Patch Apache HTTP Servers Now to Avoid Zero Day Exploit
Date: 2021-10-06

CVE-2021-41773 is described as a path traversal flaw in version 2.4.49, which was itself only released a few weeks ago. An attacker could use a path traversal attack to map URLs to files outside the expected document root,” a description of the bug noted. “If files outside of the document root are not protected by ‘require all denied’ these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

New Python Ransomware Targets Virtual Machines, ESXi Hypervisors to Encrypt Disks
Date: 2021-10-05

A new strain of Python-based malware has been used in a "sniper" campaign to achieve encryption on a corporate system in less than three hours. The attack, one of the fastest recorded by Sophos researchers, was achieved by operators who "precision-targeted the ESXi platform" in order to encrypt the virtual machines of the victim

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Karakurt: potential new ransomware group emerges
Date: 2021-09-30

According to its site, Karakurt is a “hacking team” that compromises an organisation's data and then extorts them for its return. It is unclear if Karakurt utilises ransomware or if it only steals data. Based on Karakrut's claims, organisations will be notified of the compromise, and will then have to choose whether to pay an unspecified fee or have their data leaked via the Karakurt site.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

CISA releases Insider Risk Mitigation Self-Assessment Tool
Date: 2021-09-30

The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Insider Risk Mitigation Self-Assessment Tool, a new tool that allows organizations to assess their level of exposure to insider threats

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Bandwidth[.]com Is Latest Victim of DDoS Attacks
Date: 2021-09-28

Bandwidth is a voice over Internet Protocol (VoIP) services company that provides voice telephony over the Internet to businesses and resellers. Recent reporting suggests that they have become the latest victim of distributed denial of service attacks targeting VoIP providers this month, as a result there have been nationwide voice outages across the globe.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft Warns: Active Directory Foggyweb Malware Being Actively Used by Nobelium Gang
Date: 2021-09-28

Nobelium is believed to be linked to the Russian government and has been attributed to the 2020 attack on Solarwinds, Orion IT Monitoring platforms. They pivoted from Solarwinds to infiltrate US government networks – including United States Court Systems.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

A complete PoC exploit for CVE-2021-22005 in VMware vCenter is available online
Date: 2021-09-28

We reported last week that VMware had released updates to address critical vulnerabilities in their vSphere and Cloud Foundation software where a remote attacker could take control of an affected device over port 443. These types of platforms often store mission-critical data in the form of virtual machines, which could include domain controllers, proprietary applications, as well as data centers.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

SonicWall Critical Vulnerability Should Be Patched ASAP
Date: 2021-09-27

A security notice related to a SonicWall critical vulnerability in SMA 100 series devices has been issued by the company. The flaws are classified as CVE-2021-20034. If successfully exploited, it could allow a cybercriminal to delete random files from (SMA 200, 210, 400, 410, 500v) products and achieve administrative rights. The company is urging users to patch it as soon as possible.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Russian Turla APT Group Deploying New Backdoor on Targeted Systems
Date: 2021-09-27

State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Conti Makes a New Victim: GSS Ransomware Attack Affecting Major European Call Center Provider
Date: 2021-09-27

FBI, CISA, and the NSA released an advisory last week that we shared with everyone advising companies that they noticed a spike in Conti ransomware attacks. “The attack took place on Saturday, September 18th. It is a ransomware CONTI, whose main objective is the encryption of information.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Jupyter Infostealer Continues to Evolve and Is Distributed via MSI Installers
Date: 2021-09-27

Cybersecurity researchers from Morphisec have spotted a new version of the Jupyter infostealer that continues to be highly evasive. In November 2020, researchers at Morphisec spotted Russian-speaking threat actors that have been using a piece of .NET infostealer, tracked as Jupyter, to steal information from their victims.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

FBI, CISA, CGCYBER Warn of APTs Targeting CVE-2021-40539
Date: 2021-09-24

Advanced persistent threat attackers are leveraging a vulnerability in Zoho ManageEngine ADSelfService Plus, according to a joint advisory from the FBI, the United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA).

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

100M IoT Devices Exposed By Zero-Day Bug
Date: 2021-09-24

Researchers at Guard discovered a vulnerability in approximately 100 million devices across 10,000 enterprises vulnerable to attacks. NanoMQ, an open-source platform from EMQ that monitors IoT devices in real-time, acts as a “message broker” to deliver alerts that detect unusual activity. EMQ’s products are used to monitor the health of patients leaving a hospital, to detect fires, monitor car systems, smartwatches, smart-city applications, and more.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Cisco Addresses 3 Critical Vulnerabilities in IoS XE Software
Date: 2021-09-24

It has been a pretty busy week for vendors of networking equipment. Netgear this week disclosed several vulnerabilities in their product line of home and office routers. Now, Cisco is advising everyone that they have addressed three critical vulnerabilities impacting their IOS XE operating system used to power multiple products, including routers and wireless controllers.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Financially Motivated Actor Breaks Certificate Parsing to Avoid Detection
Date: 2021-09-24

Attackers often rely on varying behaviors between different systems to gain access. Attackers may bypass filtering by convincing a mail gateway that a malicious document is legitimate, so the computer thinks it is an executable program.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Conti Ransomware Targeting Organization Worldwide
Date: 2021-09-23

CISA, FBI, and the NSA released a joint advisory today warning companies of Conti Ransomware targeting organizations worldwide. The alert suggests that operators are attempting to steal sensitive information from the United States and International Organizations.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware
Date: 2021-09-23

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) announced the release of an advisory today on the Conti ransomware threat, including technical details about cyber actors’ behavior mapped to MITRE ATT&CK and recommended mitigations.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

High-Severity RCE Vulnerability Found in Several Netgear Routers
Date: 2021-09-22

Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft Exchange Autodiscover Bugs Leak 100k Windows Credentials
Date: 2021-09-22

Bugs were discovered in Microsoft Exchanges’s Autodiscover feature, researchers believe that 100,000 user credentials including usernames and passwords have been leaked as a result.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

VMware Releases Security Updates
Date: 2021-09-21

VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

After Biden Warning, Hackers Define ‘Critical’ as They See Fit
Date: 2021-09-21

After a run of ransomware attacks in the first half of the year, President Joe Biden in July warned his Russian counterpart, Vladimir Putin, that Russia-based hacking groups should steer clear of 16 critical sectors of the U.S. economy.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Apache Openoffice Is Currently Impacted by a Remote Code Execution Flaw
Date: 2021-09-21

OpenOffice.org, commonly known as OpenOffice, is a discontinued open-source office suite. It was an open-sourced version of the earlier StarOffice, which Sun Microsystems acquired in 1999 for internal use.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Hacked Sites Push Teamviewer Using Fake Expired Certificate Alert
Date: 2021-09-21

Threat actors are compromising Windows IIS servers to add expired certificate notification pages that prompt visitors to download a malicious fake installer. While the method used by the attackers to compromise IIS servers is not yet known, attackers can use various ways to breach a Windows IIS server.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

CMA CGM Hit by Another Cyber Attack
Date: 2021-09-20

We reported a while ago that company CMA CGM had suffered from an attack that impacted several servers and websites. The company immediately disconnected systems from networks and powered off equipment to prevent the Ragnar Locker, Windows-Based ransomware from spreading throughout their network, "The Marseille headquartered firm is understood to have been hit by ransomware which paralysed much of its IT infrastructure.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Ransomware Report: Commonly Exploited CVE’s Express the Importance of Patch Management
Date: 2021-09-20

A report published today clearly highlights the importance of patch management and securing devices exposed directly to the internet -- ones used for digital communications or applications that store mission-critical data, including VPN appliances, Networking Devices, Exchange Servers, Microsoft Office products, as well as Hypervisors. Over the past year, several vulnerabilities have been disclosed where proof of concept code was made available to the public. This essentially means that anyone with a moderate skill set and even nation-state actors can use the code to carry out attacks and study them for further enhancement.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft Asks Azure Linux Admins to Manually Patch OMIGOD Bugs
Date: 2021-09-17

Microsoft has issued additional guidance on securing Azure Linux machines impacted by recently addressed critical OMIGOD vulnerabilities. The four security flaws (allowing remote code execution and privilege escalation) were found in the Open Management Infrastructure (OMI) software agent silently installed on more than half of Azure instances

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

FBI and CISA Warn of State Hackers Exploiting Critical Zoho Bugs
Date: 2021-09-17

The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are actively exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

OMIGOD Vulnerabilities Expose Thousands of Azure Users to Hack
Date: 2021-09-16

Recently released September 2021 Patch Tuesday security updates have addressed four severe vulnerabilities, collectively tracked as OMIGOD, in the Open Management Infrastruc

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft: Windows MSHTML Bug Now Exploited by Ransomware Gangs
Date: 2021-09-16

Microsoft warned today that multiple threat actors, including ransomware groups and affiliates are taking advantage of the recently patched MSHTML remote code execution vulnerabilities.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

EMEA and APAC governments targeted in widespread credential harvesting campaign
Date: 2021-09-16

Cyjax analysts have uncovered a large credential harvesting campaign targeting multiple government departments in APAC and EMEA countries. Over 50 hostnames were analysed, many of which were posing as the Ministry of Foreign Affairs, Ministry of Finance, or Ministry of Energy, in various countries such as Uzbekistan, Belarus, and Turkey; as well as the Main Intelligence Directorate of Ukraine and the Pakistan Navy.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Attackers Impersonate DoT in Two-Day Phishing Scam
Date: 2021-09-15

Threat actors impersonated the U.S. Department of Transportation (USDOT) in a two-day phishing campaign that used a combination of tactics – including creating new domains that mimic federal sites so as to appear to be legitimate – to evade security detections.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Zloader Attacks Able to Disable Windows Defender
Date: 2021-09-15

As you might know, Microsoft Defender Antivirus is the anti-malware solution that usually comes pre-installed on systems that are running Windows 10. The attackers have modified the malware distribution mechanism from spam or phishing emails to TeamViewer Google adverts, which link users to fraudulent download sites through Google AdWords.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Patches Released for Google Chrome Zero-Day Vulnerabilities
Date: 2021-09-14

As mentioned in previous reporting, Google has had its fair share of Zero-Day discoveries this year. A few of which have been actively exploited in the wild and leveraged in attacks. Yesterday, the company announced fixes for 11 different bugs, including two zero-days, "Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild,

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft Releases OS Specific Patch for MSHTML CVE-40444 Zero-Day Vulnerability
Date: 2021-09-14

Patches were just realized Microsoft MSHTML vulnerability that we have produced reporting on throughout the last few weeks. Please see the message below with updated mitigation measures:

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

North Korean Hacker Recently Employed Social Media to Launch a Cyberattack
Date: 2021-09-14

The new advanced persistent threat (APT) activity has been discovered by EST Security in a press release from Kumsong 121 that was disclosed on Tuesday by the security firm. Instead of sending an email, the offenders utilized an innovative method in which they became friends with the victim on social media and then sent them an infected file to infect them. Having successfully hacked into a social media account, the attackers went on to find their next targets by contacting the victims' social media acquaintances. After taking advantage of the target's lack of knowledge, the hackers made friends with them by sending them text messages that were full of warmth and topics of similar interest, such as gossip, to make them feel welcome

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Apple Releases Emergency Update: Patch, but Don’t Panic
Date: 2021-09-14

This is a great report for malwarebytes, “The NSO Group says that its spyware is used against criminals and terrorists, but journalists and human rights activists are known to have been targeted by Pegasus attacks, along with political dissidents and business executives at the highest levels. The software can be used to collect all manner of personal data from devices, intercept calls and messages, and much more. If your work is particularly sensitive, it isn’t something you want anywhere near your phone

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Apple Fixes iOS Zero-day Used to Deploy NSO iPhone Spyware
Date: 2021-09-14

Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs. One is known to be used to install the Pegasus spyware on iPhones

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

GitHub Tackles Severe Vulnerabilities in Node.js Packages
Date: 2021-09-13

On Wednesday, GitHub said the company received reports from Robert Chen and Philip Papurt, between July 21 and August 13, of security flaws impacting the packages via one of GitHub's bug bounty programs, which give researchers credit and financial rewards for responsibly disclosing vulnerabilities to the vendor.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Cisco Released Security Patches for High-Severity Flaws in IOS XR Software
Date: 2021-09-13

IOS XR is a train of Cisco Systems' widely deployed Internetworking Operating System, used on their high-end Network Convergence System, carrier-grade routers such as the CRS series, 12000 series, and ASR9000 series. It provides a unique self-healing and self-defending operating system designed for always-on operation while scaling capacity and adding new services or features.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Windows MSHTML Zero-Day Exploits Shared on Hacking Forums
Date: 2021-09-13

Last Tuesday, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a victim's computer remotely.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Millions of Microsoft Web Servers Powered by Vulnerable Legacy Software
Date: 2021-09-10

CyberNews researchers identified more than 2 million web servers worldwide still running on outdated and vulnerable versions of Microsoft Internet Information Services software. These legacy versions are no longer supported by Microsoft, which makes millions of web servers easy targets for threat actors and cybercriminals.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Windows MSHTML Zero-day Defenses Bypassed as New Info Emerges
Date: 2021-09-10

Windows Zero-day CVE-2021-40444 is being actively exploited in attacks. The vulnerability was disclosed on Tuesday with little details and is still awaiting an official patch. The vulnerability uses malicious ActiveX controls to exploit various Windows programs including Microsoft Office 365 and Office 2019, and can be used to install malware on an impacted computer.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Hackers Steal Data from United Nations
Date: 2021-09-10

Hackers have broken into the computer network of the United Nations and made off with data, according to researchers at cybersecurity firm Resecurity. Bloomberg reports that the unidentified cyber-criminals behind the theft appear to have gained access simply by using login credentials stolen from a UN employee. Entry was gained by logging in to the employee’s Umoja account. Umoja, which means “unity” in Kiswahili, is the enterprise resource planning system implemented by the UN in 2015

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Malicious Actor Discloses FortiGate SSL-VPN Credentials
Date: 2021-09-09

Fortinet has become aware that a malicious actor has recently disclosed SSL-VPN access information to 87,000 FortiGate SSL-VPN devices. These credentials were obtained from systems that remained unpatched against FG-IR-18-384 and CVE-2018-13379. "While they may have since been patched, if the passwords were not reset, their devices vulnerable"

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment
Date: 2021-09-09

We can not emphasize enough that ransomware attacks are not going to go away anytime soon and are typically the most devastating of all cyber-attacks against corporate infrastructure -- especially if the ransomware strain used in attacks can spread laterally, worming its way through networks.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Ukrainian Hacker Extradited After Allegedly Sold Thousands of Passwords on the Dark Web
Date: 2021-09-09

The US Department of Justice has indicted a Ukrainian man for using a malware botnet to brute force computer logon credentials and then selling them on a criminal remote access marketplace. The indictment alleges that Glib Oleksandr Ivanov-Tolpintsev operated a malware botnet that collected login credentials for multiple computers simultaneously using brute force techniques.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

91% Of It Teams Have Felt 'Forced' to Trade Security for Business Operations
Date: 2021-09-09

In a survey conducted by HP Wolf Security, statistics have shown that "that the majority of IT staff have felt pressured to ignore security concerns in favor of business operations

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Zoho Releases Security Update for ADSelfService Plus - Actors Exploiting Newly Identified CVE
Date: 2021-09-08

This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA) to highlight the cyber threat associated with active exploitation of a newly identified vulnerability (CVE-2021-40539) in ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. CVE-2021-40539, rated critical, is an authentication bypass vulnerability affecting REST API URLs that could enable remote code execution. The FBI and CISA assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Attacks on IoT Devices Double Over Past Year
Date: 2021-09-08

According to Kaspersky, “attacks targeting IoT devices have almost doubled from the second half of 2020 to the first six months of this year” (Info Security Magazine, 2021). The company uses a network of honeypots to mimic vulnerable devices and collects data from potential attacks.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft Warns of a Zero-day in Internet Explorer That is Actively Exploited
Date: 2021-09-08

“Microsoft warns of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems. Microsoft did not share info about the attacks nor the nature of the threat actors. The vulnerability was exploited by threat actors in malspam attacks spreading weaponized Office docs”

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Hacker Puts Stolen Data Online Because College Refuses to Pay
Date: 2021-09-07

The criminals behind the Ragnar Locker ransomware have issued a warning to victims via their own website not to go to the police or hire companies to negotiate the ransom, as all stolen data will be published immediately. According to the criminals, they increasingly have to deal with professional negotiators, which does not make the negotiation process easier or safer, the group said. It states that such negotiators work for or are associated with the police and are not interested in the commercial interests of their customers or the security of their data,

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Conti Ransomware Now Hacking Exchange Servers With Proxyshell Exploits
Date: 2021-09-07

Threat actors are actively scanning and exploiting vulnerable Microsoft Exchange servers that have not applied security patches released earlier this year. ProxyShell, the name given to a collection of vulnerabilities for Microsoft Exchange servers, enables an actor to bypass authentication and execute code as a privileged user.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

CISA - Ransomware Related Threat Report
Date: 2021-09-03

The Cybersecurity & Infrastructure Security Agency (CISA) is sharing the attached ransomware-related threat alerts from a trusted industry partner for network defense purposes. The first alert details a threat actor mounting attacks using the Nefilim and Hive payloads and the second alert details possible pre-ransomware activity.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Risk Considerations for Managed Service Provider Customers
Date: 2021-09-03

Going into the Holiday we are unfortunately expecting the inevitable, a large-scale cyber attacks against infrastructure and mission-critical assets. Given the current trend and attacks observed during previous Holidays, we are suspecting attacks this weekend but have fingers crossed that it is a quiet one for everyone.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Attacks Against SolarWinds Serv-U SW Were Possible Due to the Lack of ASLR Mitigation
Date: 2021-09-03

“Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since the launch of Windows Vista in 2006, allowing the attackers to launch targeted attacks in July. Microsoft, which investigated the incidents, said the attacks against SolarWinds file transfer servers were carried out by a Chinese hacking group tracked as DEV-0322”

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

FBI Warns of Ransomware Gangs Targeting Food, Agriculture Orgs
Date: 2021-09-03

“The FBI says ransomware gangs are actively targeting and disrupting the operations of organizations in the food and agriculture sector, causing financial loss and directly affecting the food supply chain. These ransomware attacks can potentially impact a wide range of businesses across the sector, from small farms, markets, and restaurants to large-scale producers, processors, and manufacturers”

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

This New Malware Family Using CLFS Log Files to Avoid Detection
Date: 2021-09-03

CLFS is a general-purpose logging subsystem in Windows that's accessible to both kernel-mode as well as user-mode applications such as database systems, OLTP systems, messaging clients, and network event management systems for building and sharing high-performance transaction logs. "Because the file format is not widely used or documented, there are no available tools that can parse CLFS log files," Mandiant researchers explained in a write-up published this week. "This provides attackers with an opportunity to hide their data as log records in a convenient way, because these are accessible through API functions."

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Conti Ransomware Now Hacking Exchange Servers With Proxyshell Exploits
Date: 2021-09-03

The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. ProxyShell is the name of an exploit utilizing three chained Microsoft Exchange vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) that allow unauthenticated, remote code execution on unpatched vulnerable servers.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Attackers Are Attempting to Exploit Recently Patched Atlassian Confluence CVE-2021-26084 RCE
Date: 2021-09-02

“Threat actors were spotted exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product a few days after it was patched by the vendor” Atlassian released security patches to address CVE-2021-26084 last week; the vulnerability impacts Confluence, the company's enterprise collaboration product. The flaw is an OGNL (Object-Graph Navigation Language) injection issue, which allows an authenticated attacker to execute arbitrary code on Confluence Servers and Data Centers

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Cisco Fixes a Critical Flaw in Enterprise NFVIS for Which POC Exploit Exist
Date: 2021-09-02

NFVIS is the software platform that implements full life cycle management from the central orchestrator and controller (APIC-EM and ESA) for virtualized services. NFVIS enables connectivity between virtual services and external interfaces as well as supporting the underlying hardware. NFVIS is often thought of as a virtual software platform and has the following key capabilities; Platform management, A virtualization layer, a Programmable API interface, and a Health monitoring system.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Sacked Employee Deletes 21GB of Credit Union Files
Date: 2021-09-02

A former credit union employee is facing a decade behind bars after pleading guilty to destroying large amounts of corporate data in revenge for being fired. Two days after being fired on May 19 2021, they accessed the file server of the New York-based credit union, opened confidential files and deleted 21.3GB of data, including 20,000 files and almost 3500 directories. The deleted files apparently related to mortgage loan applications and the company’s anti-ransomware software.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Scam Artists Are Recruiting English Speakers for Business Email Campaigns
Date: 2021-09-01

Native English speakers are being recruited in their droves by criminals trying to make Business Email Compromise (BEC) more effective. BEC schemes can be simple to execute and among the most potentially devastating for a business, alongside threats such as ransomware. If a scam is to succeed, the target employee must believe communication comes from a legitimate source -- and secondary language use, spelling mistakes, and grammatical issues could all be indicators that something isn't right.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

FBI, CISA Warn of Potential Cyberattacks Over Labor Day Weekend
Date: 2021-09-01

“CISA and the FBI have released an advisory warning of potential cyberattacks that may occur over the coming Labor Day weekend, noting that in recent years hackers have launched dozens of devastating attacks on long weekends” CISA is also urging organizations to take additional steps to secure their systems and reduce their exposure to attacks. Specifically, they recommend proactive threat hunting on their networks to locate potential threat actors.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Cyberattackers Are Now Quietly Selling Off Their Victim's Internet Bandwidth
Date: 2021-08-31

Cybercriminals have been increasingly turning to “proxyware”, an attack where the victim's internet connection is secretly used to generate additional revenue following a malware infection. “Proxyware, also known as internet-sharing applications, are legitimate services that allow users to portion out part of their internet connection for other devices, and may also include firewalls and antivirus programs. Other apps will allow users to 'host' a hotspot internet connection, providing them with cash every time a user connects to it”

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Cyberattacks Use Office 365 to Target Supply Chain
Date: 2021-08-31

By crafting believable looking fake Office 365 alerts, “phishers used fake alerts to trick admins into thinking that their Office 365 licenses had expired, (SecurityIntelligence, 2021).” The messages instructed the admins to click on a link so that they could sign into the Office 365 Admin Center and review the payment details. Instead, that sign-in page stole their account credentials.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Bangkok Air Confirms Passenger PII Leak After Ransomware Attack
Date: 2021-08-31

Bangkok Airways, the second oldest and the third biggest airline company in Thailand, has admitted last week that hackers stole passenger information during a security breach following a ransomware attack.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Proxytoken: An Authentication Bypass in Microsoft Exchange Server
Date: 2021-08-31

In a technical analysis researchers discovered that an unauthenticated attacker can perform configuration actions on mailboxes belonging to arbitrary users. This can be used to copy all emails addressed to a target and account and forward them to an account controlled by the attacker.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

New Mirai Variant Targets WebSVN Command Injection Vulnerability
Date: 2021-08-30

In a technical analysis from Palo Networks, they disclosed a command injection vulnerability affecting WebSVN. . A proof of concept was released, and within a week, attackers exploited the vulnerability to deploy variants of the Mirai DDoS malware.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Ransomware Attack on Swiss City Exposed Citizens' Data
Date: 2021-08-30

The data released was claimed by the "Vice Society'' ransomware gang, according to researchers. While relatively new to the ransomware scene, Vice Society has adopted a common double-extortion technique to target victims. Once the ransomware gang has encrypted files and systems, it then exfiltrates sensitive data and threatens to publish the information unless the victim pays the ransom, according to researchers. The Vice Society ransomware gang appears to have used similar techniques earlier this month against Indianapolis, Indiana-based Eskenazi Health, which operates a public healthcare system in the U.S.

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Cloudflare Says It Stopped the Largest DDoS Attack Ever Reported
Date: 2021-08-30

Cloudflare said it's system managed to stop the largest reported DDoS attack in July, explaining in a blog post that the attack was 17.2 million requests-per-second, three times larger than any previous one they recorded. Cloudflare notes that the attack was carried out by a botnet targeting the financial industry. The attack hit the Cloudflare edge with over 330 million attack requests within a second. "The attack traffic originated from more than 20,000 bots in 125 countries around the world. Based on the bots' source IP addresses, almost 15% of the attack originated from Indonesia and another 17% from India and Brazil combined. Indicating that there may be many malware infected devices in those countries”

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

CISA Urges Enterprises to Fix Microsoft Azure Cosmos DB Flaw
Date: 2021-08-30

CISA this week is urging organizations using Microsoft Azure CosmosDB (ChaosDB) to patch a recently released vulnerability as soon as possible. The news comes after “researchers from Cloud security company Wiz disclosed technical details of a now-fixed Azure Cosmos database vulnerability, dubbed ChaosDB, that could have been potentially exploited by attackers to gain full admin access to other customers’ database instances without any authorization. The flaw was trivial to exploit and impacts thousands of organizations worldwide”

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers
Date: 2021-08-27

“U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021”

Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

OpenSSL Vulnerabilities Impact Various Synology Products
Date: 2021-08-27

The identified OpenSSL vulnerabilities could lead to remote code execution (RCE) and DoS attacks (denial-of-service). These were dubbed CVE-2021-3711 and CVE-2021-3712. The impacted devices by these OpenSSL vulnerabilities include:

Synology DiskStation Manager (DSM, version 7.0, 6.2 and UC),
  • SkyNAS, VS960HD,
  • Synology Router Manager (SRM, version 1.2),
  • the VPN Plus Server,
  • and the VPN Server.

  • Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    Critical F5 BIG-IP Bug Impacts Customers in Sensitive Sectors
    Date: 2021-08-26

    “BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions. The issues are part of this month’s delivery of security updates, which addresses almost 30 vulnerabilities for multiple F5 devices. Of the thirteen high-severity flaws that F5 fixed, one becomes critical in a configuration “designed to meet the needs of customers in especially sensitive sectors” and could lead to complete system compromise”

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    VMware Addressed 4 High-Severity Flaws in vRealize Operations
    Date: 2021-08-26

    VMware fixed four high severity flaws in vRealize today. “The most severe flaw, tracked as CVE-2021-22025 (CVSS score of 8.6), is a broken access control vulnerability in the vRealize Operations Manager API. An attacker could exploit the vulnerability to gain unauthenticated API access. The vRealize Operations Manager API contains a broken access control vulnerability leading to unauthenticated API access. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.“ reads the advisory published by the virtualization giant. “An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to an existing vROps cluster” (Security Affairs, 2021).

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    Nearly 73,500 Patients' Data Affected in Ransomware Attack on EYE Clinic in S'pore
    Date: 2021-08-26

    Another ransomware attack has been confirmed, this time by a clinic in Singapore that exposed “personal data and clinical information of nearly 73,500 patients of a private eye clinic, (Straitstimes, 2021).” The third such reported incident in a month. The information included names, addresses, identity card numbers, contact details and clinical information such as patients’ clinical notes and eye scans, said Eye & Retina Surgeons (ERS) on Wednesday (Aug 25).

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    Raccoon Stealer distributed via Twitch and Discord
    Date: 2021-08-26

    Cyjax analysts have detected a new Raccoon Stealer campaign that is leveraging live streaming platform, Twitch, and online community application, Discord. The Raccoon Stealer operators are pushing malicious links, shortened with Bitly, in the chat during live streams. If clicked, the user downloads a ZIP file called “Installer.zip” from the Discord content delivery network (CDN). Inside the ZIP file are over a dozen decoy rich text files (RTFs) and an executable called “Setup.exe”.

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    FBI PIN: Indicators of Compromise Associated with OnePercent Group Ransomware
    Date: 2021-08-24

    The FBI has learned of a cyber-criminal group who self identifies as the “OnePercent Group” and who have used Cobalt Strike to perpetuate ransomware attacks against US companies since November 2020. OnePercent Group actors compromise victims through a phishing email in which an attachment is opened by the user. The attachment’s macros infect the system with the IcedID1 banking trojan. IcedID downloads additional software to include Cobalt Strike. Cobalt Strike moves laterally in the network, primarily with PowerShell remoting.

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc
    Date: 2021-08-24

    Ransomware is a serious and increasing threat to all government and private sector organizations, including critical infrastructure organizations. All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems.

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    A Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health
    Date: 2021-08-24

    A healthcare employee was the subject of a phishing email attack that exposed some medical records for approximately 12,000 patients, including patients of cardiology practice in St. George, according to a press release sent out by healthcare company Revere Health on Friday The employee’s

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    FBI Flash Alert Warns on OnePercent Group Ransomware Attacks
    Date: 2021-08-24

    “The FBI has learned of a cyber-criminal group who self-identifies as the “OnePercent Group” and who have used Cobalt Strike to perpetuate ransomware attacks against US companies since November 2020. OnePercent Group actors compromise victims through a phishing email in which an attachment is opened by the user. The attachment’s macros infect the system with the IcedID1 banking trojan. IcedID downloads additional software to include Cobalt Strike. Cobalt Strike moves laterally in the network, primarily with PowerShell remoting. OnePercent Group actors encrypt the data and exfiltrate it from the victims’ systems. The actors contact the victims via telephone and email, threatening to release the stolen data through The Onion Router (TOR) network and clearnet, unless a ransom is paid in virtual currency. OnePercent Group actors’ extortion tactics always begin with a warning and progress from a partial leak of data to a full leak of all the victim’s exfiltrated data”

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    637 Flaws in Industrial Control System (ICS) Products Were Published in H1 2021
    Date: 2021-08-23

    “Industrial cybersecurity firm Claroty published its third Biannual ICS Risk & Vulnerability Report that analyzes the vulnerability landscape relevant to leading automation products used across the ICS domain. The company reported that during the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76 vendors,

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    CISA Shares Guidance on How to Prevent Ransomware Data Breaches
    Date: 2021-08-23

    CISA's fact sheet includes best practices for preventing ransomware attacks and protecting sensitive information from exfiltration attempts. The federal agency issued these recommendations in response to most ransomware gangs using data stolen from their victims' networks as leverage in ransom negotiations under the threat of publishing the stolen info on dedicated leak sites.

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    Razer Bug Lets You Become a Windows 10 Admin by Plugging in a Mouse
    Date: 2021-08-23

    A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard. Razer is a very popular computer peripherals manufacturer known for its gaming mouses and keyboards. When plugging in a Razer device into Windows 10 or Windows 11, the operating system will automatically download and begin installing the Razer Synapse software on the computer. Razer Synapse is software that allows users to configure their hardware devices, set up macros, or map buttons,

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities
    Date: 2021-08-23

    Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft's Security Update from May 2021—which remediates all three ProxyShell vulnerabilities—to protect against these attacks.

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    Cisco Warns of Server Name Identification Data Exfiltration Flaw in Multiple Products
    Date: 2021-08-20

    Cisco is warning their customers of a vulnerability in Server Name Identification (SNI) request filtering for multiple products (Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine). Cisco is investigating the issue to determine affected products; Cisco stated that the following products are under active investigation to decide whether or not they are impacted:

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    Rival Newcomer Hive's Ransomware-as-a-Service Operation Continues to Swarm Victims
    Date: 2021-08-20

    The operators behind LockBit have released a newer version of their crypto-locking malware that contains new capabilities, some of which they have borrowed from other cyber-criminal groups. The newly unsophisticated being referenced as "Hive" by security researchers has launched a data-leak (Titled: HiveLeaks) site where they have claimed to have successfully breached various organizations.

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    Cars and Hospital Equipment Running Blackberry QNX May Be Affected by Badalloc Vulnerability
    Date: 2021-08-20

    "The FDA, in its warning that specific medical devices may be affected by BlackBerry QNX cybersecurity vulnerabilities, points to the CISA alert. CISA mentions CVE-2021-22156, which describes an integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    Researchers Find New Evidence Linking Diavol Ransomware to Trickbot Gang
    Date: 2021-08-20

    Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate,

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    Cisco Won't Fix Zero-Day RCE Vulnerability in End-Of-Life VPN Routers
    Date: 2021-08-19

    In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers would not be patched because the devices have reached end-of-life. The zero-day bug (tracked as CVE-2021-34730 and rated with a 9.8/10 severity score) is caused by improper validation of incoming UPnP traffic and was reported by Quentin Kaiser of IoT Inspector Research Lab. Unauthenticated attackers can exploit it to restart vulnerable devices or execute arbitrary code remotely as the root user on the underlying operating system,

    Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

    98% of orgs with Office 365 harbor malicious emails inside their mailboxes. Threats like ransomware, spear phishing, and account takeover put your organization and employees at significant risk. Find out what’s hiding in your inbox.


    Via security assessment, we can quickly identify security gaps, patches and software updates that are out of date, then advise steps to fix.


    Via short questionnaire, we'll help you determine whether weakness exist in the way you protect your confidential data. In a few minutes, we'll produce a comprehensive profile of strengths and vulnerabilities of your IT security. Let us show you where protections should be placed before those vulnerabilities are exploited.


    LA-Cyber can directly submit suspicious URLs and files through the ISAO’s Cyber Forum for rapid analysis to determine if they are known or zero-day cybersecurity threats.



    Suggested Pages

    Readiness Pro: Privacy/Security Assessment & Policy Development Tool

    Network Perimeter Security - Firewalls

    Email Security

    Security Awareness Training

    Network Security, Monitoring & Patching

    Cloud Based Backup & Recovery

    Backup Tape Vaulting & Rotation Services

    Air Gapping as a Service

    Data Archiving

    Data Destruction Services

    Security Operations Center (SOC)

    Data Storage and Media Updating

    Server & Data Center Relocation Services

    Breach Investigation & Notification Services

    Forensic & Legal Investigations

    Contact LACyber

    LACyber's main office is located at 155 Great Arrow, Buffalo New York. Our main office phone number is (716) 871-7040.

    Location:

    155 Great Arrow, Buffalo, NY 14207

    Call:

    +1 716 871-7040

    Loading
    Your message has been sent. Thank you!