Media Coverage

In the last quarter of 2022 alone, aggressive ransomware groups exploited 21 of 180 vulnerabilities already known to be associated with digital hijacking, a joint report issued by cybersecurity providers Cyber Security Works (CSW), Ivanti, Cyware and Securin found.

The importance of a strong patch management strategy has been highlighted by a new report which shows that the majority of vulnerabilities used by ransomware actors have been known about for years.

Ransomware hackers are delving into the archives, looking for old vulnerabilities that could be exploited in new attacks, experts have claimed.

Ransomware attackers are finding new ways to exploit organizations’ security weaknesses by weaponizing old vulnerabilities.

A new report from Cyber Security Works (CSW), Ivanti, Cyware, and Securin reveals the devastating toll that ransomware had on organizations globally in 2022. The study, 2023 Spotlight Report: Ransomware Through the Lens of Threat and Vulnerability Management, identified 56 new vulnerabilities associated with ransomware threats among a total of 344 threats identified in 2022-marking a 19% increase year-over-year.

A new report from Cyber Security Works shows that 76% of all ransomware-associated vulnerabilities tracked in 2022 were old flaws initially discovered between 2010 and 2019.

Cyber threats have already plagued January of 2023, causing organizations to invest more than ever in protective measures. The average cost of a data breach in 2022 was $4.35 million, and ransomware attacks cost organizations an average of $4.84 million, which does not account for the personal losses some cyber attacks have caused.

Online safety has never been more important, with so much of our personal and professional data available on the internet today. Each year, millions of people come together to spread awareness and celebrate Safer Internet Day on Feb 7th.

Safer Internet Day is an annual event that is being celebrated today, February 7, 2023. With the rapid growth of the internet and its increasing usage in every aspect of our lives, it has become crucial to promote a safe and secure online environment for all.

News is breaking that cybercriminals are actively exploiting a two-year-old VMware vulnerability as part of a large scale ransomware campaign targeting thousands of organizations worldwide.

News is breaking that cybercriminals are actively exploiting a two-year-old VMware vulnerability as part of a large scale ransomware campaign targeting thousands of organizations worldwide.

France’s Computer Emergency Response Team (CERT-FR) and Italy’s National Cybersecurity Agency (ACN) have both warned of a widespread ransomware campaign that’s exploiting a vulnerability in VMware ESXi servers.

Welcome to Momentum Cyber’s special report on the evolution of cybersecurity services. There has never been a more exciting time for this sector of the market. Google Cloud’s $5.4 billion acquisition of Mandiant, one of two public cybersecurity companies with significant services revenue, was a signature move that will impact the entire industry for years to come. This special report focuses on the impact of this deal on the industry and what to expect next.

Is the United States heading toward a recession? If we are, then profits will dip, and belts will be tightened while we wait for the government to turn things round. Most, but not all, businesses will survive; but all will be affected.

It’s no surprise that security is a major topic of conversation, with cyberattacks of all kinds increasing in frequency year after year. In today’s threat environment, it’s important that businesses are on top of the trends and know what they need to look out for, both now and down the road. So we’ve collected commentary from experts in the cybersecurity field sharing their predictions for 2023.

The last few years have been rough on cybersecurity professionals. With each passing month, the threat environment has intensified. Aaron Sandeen, the co-founder of CSW, analyzes quick statistics to illustrate the expected cybersecurity trends in 2023.

Part of of the 2023 cybersecurity prediction series, Aaron Sandeen shares his thoughts and concerns on the security industry.

CSW CEO, Aaron Sandeen, and other industry experts share their predictions for 2023. Read them in this 15th annual VMblog.com predictions series.

CISA’s Known Exploited Vulnerabilities Catalog has become a valuable repository of vulnerabilities to be patched. A pair of reports analyze the vulnerabilities under attack to understand the kind of threats organizations should be prioritizing.

Organizations are increasingly cautious in regard to navigating the economic downturn. Increased inflation and reduced expenses are causing many to take a close look at the budgets for cybersecurity in the face of growing complexities of the cyber attack landscape.

The number of attacks aimed at the health-care industry has increased significantly during the past few years. Health-care institutions are ‌vulnerable to cyberattacks because they have access to highly valuable information, in terms of money and intelligence, sought after by nation-state actors and cybercriminals.

Since our last ransomware report earlier this year, both the severity and complexity of attacker tactics continue to grow as we head into the final quarter of 2022. The total number of ransomware vulnerabilities out there has climbed to 323. It is about a 450% increase since ransomware became a prevalent threat in 2019.

The Hive ransomware group has brought in more than $100 million from attacks on more than 1,300 companies worldwide from June 2021 to November 2022, according to a new joint report from several U.S. agencies.

While the ransomware-for-hire group works to create ever more efficient exploits, companies can protect themselves with structured vulnerability management processes. Prioritize threats based on severity and risk.

These past few years have tested organizations across all industries resilience against cyberattacks. As news of data breaches continue to permeate the headlines, many businesses and consumers are asking themselves, “What can I do?” With this in mind, the 2022 theme for National Cybersecurity Awareness month is ‘See Yourself in Cyber,” because everyone has a role to play in the fight against cyber adversaries.

Cybersecurity Awareness Month is coming to an end, and with this year’s focus on the human element of cybersecurity, we collected another round of expert commentaries from the industry.

This October is Cybersecurity Awareness Month, a month dedicated to keeping individuals and companies safe online as threats become increasingly widespread. This year’s theme, “See Yourself in Cyber,” emphasizes the human aspect of cybersecurity. 

Around 18 Ransomware vulnerabilities are not being detected by popular scanners, according to the latest Ransomware Spotlight Report published by Cyber Security Works.

13 new vulnerabilities have become associated with Ransomware in the past two quarters, and 10 out of 13 vulnerabilities have critical severity ratings. Over 49% of these vulnerabilities are trending as attackers are actively interested in them.

In the latest Ransomware Index Report Q2-Q3 2022, published today, identifies which vulnerabilities lead to ransomware attacks and how quickly undetected ransomware attackers work to take control of an entire organization.

A new report from Ivanti, Cyber Security Works and Cyware found that ransomware has exploded since 2019, increased by nearly 470%. Ransomware groups are growing in volume and sophistication, with groups leveraging 35 vulnerabilities in the first three quarters of 2022.

Ransomware and other cyberattacks have been used in a variety of ways throughout the year, underscoring the attackers’ growing technological sophistication and the threat to businesses throughout the globe.

Ransomware descended from the tool used in the Colonial Pipeline attack in 2021 has been leveraging new tools, tactics, and procedures. What does this evolving threat mean for its potential targets?

Cyber Security Works, an IT risk management company and partner agency of the U.S. Department of Homeland Security, recently conducted an assessment of an entire state’s public education system, analyzing the security posture across 180 school districts and charter schools.

While he’d never call it official business advice, Jim A. Garcia can offer an important tip to protect against cybersecurity threats. “Whatever you think you are doing, and wherever you think you are [in terms of security], they are much smarter than you,” the executive director of the Associated Contractors of New Mexico said of hackers, malicious actors and others seeking to wreak havoc online.

The Los Angeles Unified School District (LAUSD) suffered a cyber attack over the Labor Day holiday weekend, causing “significant disruption” to its digital infrastructure.

Criminal cyber groups have made it abundantly clear that there is no type of organization they will not target–the more vulnerable they are, the easier it will be to victimize. Unfortunately for us, the organizations most at risk are often public institutions.

How software patching can protect you, your customers and your organization.

Going back to school in a pandemic after a long summer is frenetic enough without a ransomware attack disrupting educators’ best-laid plans. The Los Angeles Unified School District avoided just such a disruption after it discovered a ransomware incident Saturday night, September 3, 2022, just days before schools were set to open after the U.S. Labor Day holiday.

A relative newcomer to the ransomware scene, the BlackCat group quickly gained notoriety and may be associated with other APT groups like Conti and DarkSide.

Describing the Labor Day weekend ransomware attack and response at Los Angeles Unified School District, Superintendent Alberto M. Carvalho, during a Tuesday press conference, referred to the events as “unprecedented.”

Middle East region’s first enterprise B2B marketplace, AmiViz today announced that the company has signed a partnership with Cyber Security Works (CSW), a leading platform and services provider of predictive, AI-powered Attack Surface and Vulnerability Management solutions.

The percentage of organizations hit with ransomware attacks jumped to 66% in 2021, representing a 29% year-over-year increase. As attacks become more complex and adversaries become more capable of deploying ransomware at scale, organizations have gotten better at dealing with the aftermath—but they’re still struggling to prevent attacks in the first place.

The news was officially made public by Creos’ parent company Encevo Group late last month after the BlackCat ransomware group claimed to have successfully targeted the Luxembourg-based energy company. While the energy supply to customers remains uninterrupted, the ransomware gang still has 150 GB of Creos data and is threatening to publish it online.

An analysis by Cyber SecurityWorks uncovered 624 vulnerabilities that cybercriminals could exploit to target healthcare facilities.

“The federal government’s investments should help government agencies establish their security posture through proactive penetration testing and ongoing vulnerability management. Enterprises must repair the vulnerabilities that threat groups and attackers exploit in order to prevent catastrophe. To truly safeguard their organization from potential cyberattacks, leaders must enhance their cybersecurity visibility of known and unknowable assets, validate more frequently, and look for early warning capabilities as the world’s cybersecurity issues grow.”

Understand your attack surface — Your attack surface is how a hacker sees your organization from the outside and includes details from the deep and dark webs. You need to continuously scan your known and unknown assets to identify any exposures, APIs, expired certificates, vulnerabilities in your technology stack, data leakage, open ports / protocols / services, non-production systems exposed to the public, assets potentially exposed to ransomware and much more.

Cyber Security Works (CSW) reported 22 new vulnerabilities associated with ransomware in the first quarter, a 7.6% spike since January, and the time window to patch before vulnerabilities are exploited is getting shorter.

The Conti ransomware gang was associated with exploiting the most vulnerabilities — 19 of the 22 new ones. BlackCat, LockBit, and AvosLocker exploited the rest.

It is no secret that 2021 saw an increase in cyberattacks all around the globe; specifically in critical infrastructure organizations. In October of that year, The U.S. Cybersecurity and Infrastructure Security Agency issued Alert AA21-287 in response to cyberattacks targeting the financial, gas, food and transportation sectors. The advisory was released to draw attention to infrastructure vulnerability and the facilities being targeted by hostile cyber activity.