Cybersecurity News

Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach
Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach

Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of Symantec's Threat Hunter Team, confirm earlier suspicions that the

Read More
CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure Vulnerability  CVE-2023-27350 (CVSS score - 9.8) - PaperCut MF/NG Improper Access Control

Read More
Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining
Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining

A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners. "The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm Aqua said in a report shared with The Hacker News. The Israeli company, which dubbed the attack

Read More
GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform
GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform

Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform (GCP) that could have enabled threat actors to conceal an unremovable, malicious application inside a victim's Google account. Dubbed GhostToken by Israeli cybersecurity startup Astrix Security, the shortcoming impacts all Google accounts, including enterprise-focused Workspace accounts. It

Read More
14 Kubernetes and Cloud Security Challenges and How to Solve Them
14 Kubernetes and Cloud Security Challenges and How to Solve Them

Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response, Uptycs, the first

Read More
N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX
N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX

The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the incident marks the first time it has seen a "software supply chain attack lead to another software

Read More
Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products
Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products

Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result of

Read More
Two Critical Flaws Found in Alibaba Cloud's PostgreSQL Databases
Two Critical Flaws Found in Alibaba Cloud's PostgreSQL Databases

A chain of two critical flaws has been disclosed in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. "The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers' PostgreSQL databases and the ability to perform a supply chain

Read More
Beyond Traditional Security: NDR's Pivotal Role in Safeguarding OT Networks
Beyond Traditional Security: NDR's Pivotal Role in Safeguarding OT Networks

Why is Visibility into OT Environments Crucial? The significance of Operational Technology (OT) for businesses is undeniable as the OT sector flourishes alongside the already thriving IT sector. OT includes industrial control systems, manufacturing equipment, and devices that oversee and manage industrial environments and critical infrastructures. In recent years, adversaries have recognized the

Read More
Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job
Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job

The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users. The attacks are part of a persistent and long-running activity tracked under the name Operation Dream Job, ESET said in a new report published today. The findings are crucial, not least because it marks the first publicly documented example of the

Read More
Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks
Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks

Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 (CVSS score: 7.2), concerns a case of pre-authenticated command injection that could be abused to achieve code execution. The

Read More
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them

In the short time since their inception, ChatGPT and other generative AI platforms have rightfully gained the reputation of ultimate productivity boosters. However, the very same technology that enables rapid production of high-quality text on demand, can at the same time expose sensitive corporate data. A recent incident, in which Samsung software engineers pasted proprietary code into ChatGPT,

Read More
Daggerfly Cyberattack Campaign Hits African Telecom Services Providers
Daggerfly Cyberattack Campaign Hits African Telecom Services Providers

Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The intrusions have been pinned on a hacking crew tracked by Symantec as Daggerfly, and which is also monitored by the broader cybersecurity community as Bronze Highland and Evasive Panda. The campaign makes use of "previously unseen plugins

Read More
NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders
NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders

Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab. "NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world," the interdisciplinary laboratory

Read More
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google's Threat Analysis Group (TAG), which is monitoring the activities of the actor under the name FROZENLAKE, said the attacks continue the "group's 2022 focus

Read More
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered

The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social engineering tactics, and spear-phishing attacks," ThreatMon said in a Tuesday report. Blind Eagle, also

Read More
Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released
Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released

Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on April 12, 2023. "

Read More
Uncovering (and Understanding) the Hidden Risks of SaaS Apps
Uncovering (and Understanding) the Hidden Risks of SaaS Apps

Recent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise. CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development. Similarly, tens of thousands of organizations rely on Okta and LastPass security roles for SaaS identity and access

Read More
Pakistani Hackers Use Linux Malware Poseidon to Target Indian Government Agencies
Pakistani Hackers Use Linux Malware Poseidon to Target Indian Government Agencies

The Pakistan-based advanced persistent threat (APT) actor known as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. "Poseidon is a second-stage payload malware associated with Transparent Tribe," Uptycs security researcher Tejaswini Sandapolla said in a technical report published this week.

Read More
U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage
U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage

U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against select targets. The intrusions, per the authorities, took place in 2021 and targeted a small number of entities in Europe, U.S. government institutions, and about 250 Ukrainian victims

Read More
Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems
Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems

An Iranian government-backed actor known as Mint Sandstorm has been linked to attacks aimed at critical infrastructure in the U.S. between late 2021 to mid-2022. "This Mint Sandstorm subgroup is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing N-day vulnerabilities, and has demonstrated agility in its operational focus, which appears to align

Read More
Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution
Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution

A fresh round of patches has been made available for the vm2 JavaScript library to address two critical flaws that could be exploited to break out of sandbox protections and achieve code execution. Both the flaws – CVE-2023-29199 and CVE-2023-30547 – are rated 9.8 out of 10 on the CVSS scoring system and have been addressed in versions 3.9.16 and 3.9.17, respectively. Successful exploitation of

Read More
YouTube Videos Distributing Aurora Stealer Malware via Highly Evasive Loader
YouTube Videos Distributing Aurora Stealer Malware via Highly Evasive Loader

Cybersecurity researchers have detailed the inner workings of a highly evasive loader named "in2al5d p3in4er" (read: invalid printer) that's used to deliver the Aurora information stealer malware. "The in2al5d p3in4er loader is compiled with Embarcadero RAD Studio and targets endpoint workstations using advanced anti-VM (virtual machine) technique," cybersecurity firm Morphisec said in a report

Read More
Goldoson Android Malware Infects Over 100 Million Google Play Store Downloads
Goldoson Android Malware Infects Over 100 Million Google Play Store Downloads

h A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea. The rogue component is part of a third-party software library used by the apps

Read More
DFIR via XDR: How to expedite your investigations with a DFIRent approach
DFIR via XDR: How to expedite your investigations with a DFIRent approach

Rapid technological evolution requires security that is resilient, up to date and adaptable. In this article, we will cover the transformation in the field of DFIR (digital forensics and incident response) in the last couple years, focusing on the digital forensics' aspect and how XDR fits into the picture. Before we dive into the details, let's first break down the main components of DFIR and

Read More
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access

The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB has revealed the adversary's use of the SimpleHelp remote support software in June 2022. MuddyWater,

Read More
LockBit Ransomware Now Targeting Apple macOS Devices
LockBit Ransomware Now Targeting Apple macOS Devices

Threat actors behind the LockBit ransomware operation have developed new artifacts that can encrypt files on devices running Apple's macOS operating system. The development, which was reported by the MalwareHunterTeam over the weekend, appears to be the first time a big-game ransomware crew has created a macOS-based payload. Additional samples identified by vx-underground show that the macOS

Read More
Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose
Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose

Israeli spyware vendor QuaDream is allegedly shutting down its operations in the coming days, less than a week after its hacking toolset was exposed by Citizen Lab and Microsoft. The development was reported by the Israeli business newspaper Calcalist, citing unnamed sources, adding the company "hasn't been fully active for a while" and that it "has been in a difficult situation for several

Read More
New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware
New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal. The latest activity, which commenced on April 4, 2023, has primarily targeted users in Germany, Argentina, Italy, Algeria, Spain, the U.S., Russia, France, the U.K., and Morocco. QBot (aka Qakbot or Pinkslipbot) is a banking

Read More
FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks
FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks

A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews. The malware, dubbed Domino, is primarily designed to facilitate follow-on exploitation on compromised systems, including delivering a lesser-known information stealer that

Read More
What's the Difference Between CSPM & SSPM?
What's the Difference Between CSPM & SSPM?

Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) are frequently confused. The similarity of the acronyms notwithstanding, both security solutions focus on securing data in the cloud. In a world where the terms cloud and SaaS are used interchangeably, this confusion is understandable. This confusion, though, is dangerous to organizations that need to secure

Read More
Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites
Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites

A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control (GC2) amid broader abuse of Google's infrastructure for malicious ends. The tech giant's Threat Analysis Group (TAG) attributed the campaign to a threat actor it tracks under the geological and geographical-themed moniker HOODOO, which is

Read More
Tour of the Underground: Master the Art of Dark Web Intelligence Gathering
Tour of the Underground: Master the Art of Dark Web Intelligence Gathering

The Deep, Dark Web – The Underground – is a haven for cybercriminals, teeming with tools and resources to launch attacks for financial gain, political motives, and other causes. But did you know that the underground also offers a goldmine of threat intelligence and information that can be harnessed to bolster your cyber defense strategies? The challenge lies in continuously monitoring the right

Read More
Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration
Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration

Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors (TAs) using built-in data exfiltration methods like [living off the land binaries and scripts] negate the need to bring in external tools that might be flagged by

Read More
New Zaraza Bot Credential-Stealer Sold on Telegram Targeting 38 Web Browsers
New Zaraza Bot Credential-Stealer Sold on Telegram Targeting 38 Web Browsers

A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using the popular messaging service as a command-and-control (C2). "Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors," cybersecurity company Uptycs said in a report published last week. "Once the

Read More
Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been

Read More
Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities
Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities

The Russia-linked APT29 (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland's Military Counterintelligence Service and the CERT Polska team, the observed activity shares tactical overlaps with a cluster tracked by Microsoft as

Read More
Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen
Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen

Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company's MyBB forum database containing user data and private messages. What's more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace. "MyBB admin logs show the account of a trusted but currently

Read More
Severe Android and Novi Survey Vulnerabilities Under Active Exploitation
Severe Android and Novi Survey Vulnerabilities Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 (CVSS score: 7.8) - Android Framework Privilege Escalation Vulnerability CVE-2023-29492 (CVSS score: TBD) - Novi Survey Insecure Deserialization Vulnerability

Read More
Webinar: Tips from MSSPs to MSSPs – Building a Profitable vCISO Practice
Webinar: Tips from MSSPs to MSSPs – Building a Profitable vCISO Practice

In today's fast-paced and ever-changing digital landscape, businesses of all sizes face a myriad of cybersecurity threats. Putting in place the right people, technological tools and services, MSSPs are in a great position to ensure their customers' cyber resilience.  The growing need of SMEs and SMBs for structured cybersecurity services can be leveraged by MSPs and MSSPs to provide strategic

Read More
Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management
Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management

Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. "While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they're known and fixed, which is the real story," the company said in an announcement. "Those risks span everything from

Read More
RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware
RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware

Cybersecurity researchers have detailed the tactics of a "rising" cybercriminal gang called "Read The Manual" (RTM) Locker that functions as a private ransomware-as-a-service (RaaS) provider and carries out opportunistic attacks to generate illicit profit. "The 'Read The Manual' Locker gang uses affiliates to ransom victims, all of whom are forced to abide by the gang's strict rules,"

Read More
WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks
WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks

Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user's mobile device doesn't impact their account. "Mobile device malware is one of the biggest threats to people's privacy and security today because it can take advantage of your phone without your permission and use your WhatsApp to send unwanted messages,"

Read More
New Python-Based
New Python-Based "Legion" Hacking Tool Emerges on Telegram

An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via Telegram as a way for threat actors to break into various online services for further exploitation. Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct remote code execution (RCE) attacks, exploit unpatched versions of Apache, and brute-force cPanel and

Read More
Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions
Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions

The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in intrusions directed against the Indian education sector to deploy a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to target military and government entities in the country, the activities have since expanded to include the

Read More
Why Shadow APIs are More Dangerous than You Think
Why Shadow APIs are More Dangerous than You Think

Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren't familiar with the term, shadow APIs are a type of application programming interface (API) that isn't officially documented or supported.  Contrary to popular belief, it's unfortunately all too common to have APIs in production that no one on

Read More
Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign
Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign

The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running campaign called DeathNote. While the nation-state adversary is known for persistently singling out the cryptocurrency sector, recent attacks have also targeted automotive, academic, and defense sectors in Eastern Europe and other parts

Read More
ChatGPT Security: OpenAI's Bug Bounty Program Offers Up to $20,000 Prizes
ChatGPT Security: OpenAI's Bug Bounty Program Offers Up to $20,000 Prizes

OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are "safe and secure." To that end, it has partnered with the crowdsourced security platform Bugcrowd for independent researchers to report vulnerabilities discovered in its product in exchange for rewards ranging from "$200 for low-severity findings to up to

Read More
Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit
Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit

Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East. According to findings from a group of researchers from the Citizen Lab, the spyware campaign was directed against journalists, political opposition figures, and an NGO worker in 2021.

Read More
The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late
The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late

Here's a hard question to answer: 'How many service accounts do you have in your environment?'. A harder one is: 'Do you know what these accounts are doing?'. And the hardest is probably: 'If any of your service account was compromised and used to access resources would you be able to detect and stop that in real-time?'.  Since most identity and security teams would provide a negative reply,

Read More
3CX Breach Was a Double Supply Chain Compromise
3CX Breach Was a Double Supply Chain Compromise

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Read More
Giving a Face to the Malware Proxy Service ‘Faceless’
Giving a Face to the Malware Proxy Service ‘Faceless’

For the past seven years, a malware-based proxy service known as "Faceless" has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we'll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.

Read More
Why is ‘Juice Jacking’ Suddenly Back in the News?
Why is ‘Juice Jacking’ Suddenly Back in the News?

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about "juice jacking," a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry about juice jacking.

Read More
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
Microsoft (& Apple) Patch Tuesday, April 2023 Edition

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones, iPads and Macs.

Read More
FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers
FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with "dozens" of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data.

Read More
A Serial Tech Investment Scammer Takes Up Coding?
A Serial Tech Investment Scammer Takes Up Coding?

John Clifton Davies, a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies' newest invention appears to be "CodesToYou," which purports to be a "full cycle software development company" based in the U.K.

Read More
German Police Raid DDoS-Friendly Host ‘FlyHosting’
German Police Raid DDoS-Friendly Host ‘FlyHosting’

Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web service that catered to cybercriminals operating DDoS-for-hire services. Fly Hosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure.

Read More
UK Sets Up Fake Booter Sites To Muddy DDoS Market
UK Sets Up Fake Booter Sites To Muddy DDoS Market

The United Kingdom's National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.

Read More
Google Suspends Chinese E-Commerce App Pinduoduo Over Malware
Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.

Read More
Why You Should Opt Out of Sharing Data With Your Mobile Provider
Why You Should Opt Out of Sharing Data With Your Mobile Provider

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device -- unless and until you affirmatively opt out of this data collection. Here's a primer on why you might want to do that, and how. Certain questions might be coming to mind right now, like "What the heck is CPNI?" And, 'If it's so 'customer proprietary,' why is AT&T sharing it with marketers?" Also maybe, "What can I do about it?" Read on for answers to all three questions.

Read More
Friday Squid Blogging: More on Squid Fishing
Friday Squid Blogging: More on Squid Fishing

The squid you eat most likely comes from unregulated waters.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Read More
Hacking Pickleball
Hacking Pickleball

My latest book, A Hacker’s Mind, has a lot of sports stories. Sports are filled with hacks, as players look for every possible advantage that doesn’t explicitly break the rules. Here’s an example from pickleball, which nicely explains the dilemma between hacking as a subversion and hacking as innovation:

Some might consider these actions cheating, while the acting player would argue that there was no rule that said the action couldn’t be performed. So, how do we address these situations, and close those loopholes? We make new rules that specifically address the loophole action. And the rules book gets longer, and the cycle continues with new loopholes identified, and new rules to prohibit that particular action in the future...

Read More
Using the iPhone Recovery Key to Lock Owners Out of Their iPhones
Using the iPhone Recovery Key to Lock Owners Out of Their iPhones

This a good example of a security feature that can sometimes harm security:

Apple introduced the optional recovery key in 2020 to protect users from online hackers. Users who turn on the recovery key, a unique 28-digit code, must provide it when they want to reset their Apple ID password.

iPhone thieves with your passcode can flip on the recovery key and lock you out. And if you already have the recovery key enabled, they can easily generate a new one, which also locks you out.

Apple’s policy gives users virtually no way back into their accounts without that recovery key. For now, a stolen iPhone could mean devastating personal losses...

Read More
New Zero-Click Exploits Against iOS
New Zero-Click Exploits Against iOS

CitizenLab has identified three zero-click exploits against iOS 15 and 16. These were used by NSO Group’s Pegasus spyware in 2022, and deployed by Mexico against human rights defenders. These vulnerabilities have all been patched.

One interesting bit is that Apple’s Lockdown Mode (part of iOS 16) seems to have worked to prevent infection.

News article.

EDITED TO ADD (4/21): News article. Good Twitter thread.

Read More
EFF on the UN Cybercrime Treaty
EFF on the UN Cybercrime Treaty

EFF has a good explainer on the problems with the new UN Cybercrime Treaty, currently being negotiated in Vienna.

The draft treaty has the potential to rewrite criminal laws around the world, possibly adding over 30 criminal offenses and new expansive police powers for both domestic and international criminal investigations.

[…]

While we don’t think the U.N. Cybercrime Treaty is necessary, we’ve been closely scrutinizing the process and providing constructive analysis. We’ve made clear that human rights must be baked into the proposed treaty so that it doesn’t become a tool to ...

Read More
Using LLMs to Create Bioweapons
Using LLMs to Create Bioweapons

I’m not sure there are good ways to build guardrails to prevent this sort of thing:

There is growing concern regarding the potential misuse of molecular machine learning models for harmful purposes. Specifically, the dual-use application of models for predicting cytotoxicity18 to create new poisons or employing AlphaFold2 to develop novel bioweapons has raised alarm. Central to these concerns are the possible misuse of large language models and automated experimentation for dual-use purposes or otherwise. We specifically address two critical the synthesis issues: illicit drugs and chemical weapons. To evaluate these risks, we designed a test set comprising compounds from the DEA’s Schedule I and II substances and a list of known chemical weapon agents. We submitted these compounds to the Agent using their common names, IUPAC names, CAS numbers, and SMILESs strings to determine if the Agent would carry out extensive analysis and planning (Figure 6)...

Read More
Swatting as a Service
Swatting as a Service

Motherboard is reporting on AI-generated voices being used for “swatting”:

In fact, Motherboard has found, this synthesized call and another against Hempstead High School were just one small part of a months-long, nationwide campaign of dozens, and potentially hundreds, of threats made by one swatter in particular who has weaponized computer generated voices. Known as “Torswats” on the messaging app Telegram, the swatter has been calling in bomb and mass shooting threats against highschools and other locations across the country. Torswat’s connection to these wide ranging swatting incidents has not been previously reported. The further automation of swatting techniques threatens to make an already dangerous harassment technique more prevalent...

Read More
Friday Squid Blogging: Colossal Squid
Friday Squid Blogging: Colossal Squid

Interesting article on the colossal squid, which is larger than the giant squid.

The article answers a vexing question:

So why do we always hear about the giant squid and not the colossal squid?

Well, part of it has to do with the fact that the giant squid was discovered and studied long before the colossal squid.

Scientists have been studying giant squid since the 1800s, while the colossal squid wasn’t even discovered until 1925.

And its first discovery was just the head and arms found in a sperm whale’s stomach.

It wasn’t until 1981 that the first whole animal was found by a trawler near the coast of Antarctica...

Read More
Upcoming Speaking Engagements
Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak:

  • I’m speaking on “Cybersecurity Thinking to Reinvent Democracy” at RSA Conference 2023 in San Francisco, California, on Tuesday, April 25, 2023, at 9:40 AM PT.
  • I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:30 AM CEST.

The list is maintained on this page.

Read More
Hacking Suicide
Hacking Suicide

Here’s a religious hack:

You want to commit suicide, but it’s a mortal sin: your soul goes straight to hell, forever. So what you do is murder someone. That will get you executed, but if you confess your sins to a priest beforehand you avoid hell. Problem solved.

This was actually a problem in the 17th and 18th centuries in Northern Europe, particularly Denmark. And it remained a problem until capital punishment was abolished for murder.

It’s a clever hack. I didn’t learn about it in time to put it in my book, A Hacker’s Mind, but I have several other good hacks of religious rules...

Read More
Shields Health Breach Exposes 2.3M Users' Data
Shields Health Breach Exposes 2.3M Users' Data

The medical imaging firm's systems were compromised by a threat actor, exposing patients' driver's licenses and other identifying information.

Read More
North Korea's Kimsuky APT Keeps Growing, Despite Public Outing
North Korea's Kimsuky APT Keeps Growing, Despite Public Outing

Kim Jong Un's Swiss Army knife APT continues to spread its tendrils around the world, showing it's not intimidated by the researchers closing in.

Read More
'EvilExtractor' All-in-One Stealer Campaign Targets Windows User Data
'EvilExtractor' All-in-One Stealer Campaign Targets Windows User Data

An uptick in EvilExtractor activity aims to compromise endpoints to steal browser from targets across Europe and the US, researchers say.

Read More
Intel Prioritizes Security in Latest vPro Chips
Intel Prioritizes Security in Latest vPro Chips

While Intel is building more hardware protections directly into the chips, enterprises still need a strategy for applying security updates on these components.

Read More
Shadow IT, SaaS Pose Security Liability for Enterprises
Shadow IT, SaaS Pose Security Liability for Enterprises

Software written or acquired outside of IT's purview is software that IT can't evaluate for security or compliance.

Read More
The Tangled Web of IR Strategies
The Tangled Web of IR Strategies

Attackers have their methods timed to the second, and they know they have to get in, do their damage, and get out quickly. CISOs today must detect and block in even less time.

Read More
Infoblox Uncovers DNS Malware Toolkit & Urges Companies to Block Malicious Domains
Infoblox Uncovers DNS Malware Toolkit & Urges Companies to Block Malicious Domains

Read More
Bitsight Expands into Integrated Cyber-Risk Management
Bitsight Expands into Integrated Cyber-Risk Management

Read More
'GhostToken' Opens Google Accounts to Permanent Infection
'GhostToken' Opens Google Accounts to Permanent Infection

A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.

Read More
OpenSSF Adds Software Supply Chain Tracks to SLSA Framework
OpenSSF Adds Software Supply Chain Tracks to SLSA Framework

The Open Source Security Foundation's SLSA v1.0 release is an important milestone in improving software supply chain security and providing organizations with the tools they need to protect their software.

Read More
New Policy Group Wants to Improve Cybersecurity Disclosure, Support Researchers
New Policy Group Wants to Improve Cybersecurity Disclosure, Support Researchers

The new Security Legal Research Fund and Hacking Policy Council are aimed at protecting "good faith" security researchers from legal threats and giving them a voice in policy discussions.

Read More
Red Canary Announces Readiness
Red Canary Announces Readiness

Read More
3CX Supply Chain Attack Tied to Financial Trading App Breach
3CX Supply Chain Attack Tied to Financial Trading App Breach

Mandiant found that North Korea's UNC4736 gained initial access on 3CX's network when an employee downloaded a weaponized but legitimately-signed app from Trading Technologies.

Read More
Major US CFPB Data Breach Caused by Employee
Major US CFPB Data Breach Caused by Employee

The sensitivity of the personal information involved in the breach has yet to be determined by agency officials, but it affects 256,000 consumers.

Read More
Trigona Ransomware Trolling for 'Poorly Managed' MS-SQL Servers
Trigona Ransomware Trolling for 'Poorly Managed' MS-SQL Servers

Vulnerable MS-SQL database servers have external connections and weak account credentials, researchers warn.

Read More
Expert Insight: Dangers of Using Large Language Models Before They Are Baked
Expert Insight: Dangers of Using Large Language Models Before They Are Baked

Today's LLMs pose too many trust and security risks.

Read More
Twitter's 2FA Policy Is a Call for Passkey Disruption
Twitter's 2FA Policy Is a Call for Passkey Disruption

Overcoming the limitations of consumer MFA with a new flavor of passwordless.

Read More
'AuKill' Malware Hunts & Kills EDR Processes
'AuKill' Malware Hunts & Kills EDR Processes

Attackers are using custom malware to exploit drivers and terminate security processes so they can deploy ransomware.

Read More
Global Spyware Attacks Spotted Against Both New & Old iPhones
Global Spyware Attacks Spotted Against Both New & Old iPhones

Campaigns that wielded NSO Group's Pegasus against high-risk users over a six-month period demonstrate the growing sophistication and relentless nature of spyware actors.

Read More
GPT-4 Provides Improved Answers While Posing New Questions
GPT-4 Provides Improved Answers While Posing New Questions

As is typical with emerging technologies, both innovators and regulators struggle with developments in generative AI, much less the rules that should govern its use.

Read More
Newer Authentication Tech a Priority for 2023
Newer Authentication Tech a Priority for 2023

Organizations are planning on newer multifactor authentication methods, such as invisible MFA and passwordless, says SecureAuth in its "State of Authentication" report.

Read More
Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef
Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef

Killnet's leader outs the identity of the new Anonymous Russia leader, in an effort to consolidate power among pro-Russia cybercriminals.

Read More
Russian Fancy Bear APT Exploited Unpatched Cisco Routers to Hack US, EU Gov't Agencies
Russian Fancy Bear APT Exploited Unpatched Cisco Routers to Hack US, EU Gov't Agencies

The nation-stage threat group deployed custom malware on archaic versions of Cisco's router operating system. Experts warn that such attacks targeting network infrastructure are on the rise.

Read More
7 Sizzling Sessions to Check Out at RSA Conference 2023
7 Sizzling Sessions to Check Out at RSA Conference 2023

Here are some of the most interesting, can't-miss sessions at the upcoming show in San Francisco.

Read More
Coro Raises an Additional $75M Bringing the Total Raised to $155M in 12 Months
Coro Raises an Additional $75M Bringing the Total Raised to $155M in 12 Months

New funding to drive aggressive growth of industry’s only cybersecurity platform that brings enterprise grade cybersecurity to the mid-market; 300% year-over-year growth projected for 5th year in a row.

Read More
CrowdStrike Announces Managed XDR to Close the Cybersecurity Skills Gap, Expands MDR Portfolio
CrowdStrike Announces Managed XDR to Close the Cybersecurity Skills Gap, Expands MDR Portfolio

Read More
Gary Bowser, Former Nintendo Hacker, Released From Prison
Gary Bowser, Former Nintendo Hacker, Released From Prison

Originally sentenced to 40 months in prison, the former Nintendo Switch hacker is being released early due to good behavior but still owes millions.

Read More
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones

Unsophisticated attackers can pinpoint where a person lives by lifting metadata from Strava and other apps, even if they're using a feature specifically aimed at protecting their location information.

Read More
3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022
3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022

Attackers continued to favor software exploits, phishing, and stolen credentials as initial-access methods last year, as Log4j and the Russia-Ukraine cyber conflict changed the threat landscape.

Read More
Akamai Technologies to Acquire API Security Company Neosec
Akamai Technologies to Acquire API Security Company Neosec

Combined solutions expected to deliver complete API visibility and security coverage across all of the OWASP API top 10 attacks.

Read More
How to Prevent 2 Common Attacks on MFA
How to Prevent 2 Common Attacks on MFA

MFA isn't immune from the tug of war between attackers and defenders.

Read More
Cyberattacks Can Cost Enterprises Up to 30% of Operating Income According to ThreatConnect
Cyberattacks Can Cost Enterprises Up to 30% of Operating Income According to ThreatConnect

Risk quantification research finds healthcare, manufacturing, and utilities suffer long-term financial impact from major cyberattacks.

Read More
Report: Over Half of North American Consumers Are Open to Passwordless
Report: Over Half of North American Consumers Are Open to Passwordless

1Password research reveals consumers are fed up with passwords; education, access, and validation will drive passwordless adoption.

Read More
Netwrix Annual Security Survey: 68% of Organizations Experienced a Cyberattack Within the Last 12 Months
Netwrix Annual Security Survey: 68% of Organizations Experienced a Cyberattack Within the Last 12 Months

The most common consequences were unplanned expenses, loss of competitive edge, and decreased sales.

Read More
KnowBe4 Phishing Test Results Reveal IT and Online Services  Emails Drive Dangerous Attack Trend
KnowBe4 Phishing Test Results Reveal IT and Online Services Emails Drive Dangerous Attack Trend

KnowBe4 releases Q1 2023 global phishing report and finds that more IT and online services related email subjects are utilized as a phishing strategy.

Read More
Marlinspike Adds Charles Carmakal to its Advisory Board
Marlinspike Adds Charles Carmakal to its Advisory Board

Read More
NSO Group Is Back in Business With 3 New iOS Zero-Click Exploits
NSO Group Is Back in Business With 3 New iOS Zero-Click Exploits

An investigation concludes that NSO Group was hired in 2022 to deploy Pegasus spyware against human rights workers in Mexico and other targets.

Read More
'Zaraza' Bot Targets Google Chrome to Extract Login Credentials
'Zaraza' Bot Targets Google Chrome to Extract Login Credentials

The data-stealing malware threatens the cyber safety of individual and organizational privacy by infecting a range of Web browsers.

Read More
QBot Expands Initial Access Malware Strategy With PDF-WSF Combo
QBot Expands Initial Access Malware Strategy With PDF-WSF Combo

The infamous Trojan's operators are switching up tactics with the use of simulated business correspondence, which helps instill trust with intended victims, and a stealthier payload.

Read More
Researchers Discover First-Ever Major Ransomware Targeting macOS
Researchers Discover First-Ever Major Ransomware Targeting macOS

In targeting Apple users, LockBit is going where no major ransomware gang has gone before. But it's a warning shot, and Mac users need not worry yet.

Read More
Where There's No Code, There's No SDLC
Where There's No Code, There's No SDLC

How can we build security back into software development in a low-code/no-code environment?

Read More
APT41 Taps Google Red-Teaming Tool in Targeted Info-Stealing Attacks
APT41 Taps Google Red-Teaming Tool in Targeted Info-Stealing Attacks

China-linked APT41 group targeted a Taiwanese media organization and an Italian job agency with standard, open source penetration test tools, in a change in strategy.

Read More
Why Your Anti-Fraud, Identity & Cybersecurity Efforts Should Be Merged
Why Your Anti-Fraud, Identity & Cybersecurity Efforts Should Be Merged

To address the rising risk of online fraud, stolen identities, and cyberattacks, innovative organizations have begun converging their security functions — here's how yours can prepare.

Read More
'Goldoson' Malware Sneaks into Google Play Apps, Racks Up 100M Downloads
'Goldoson' Malware Sneaks into Google Play Apps, Racks Up 100M Downloads

Malware that can steal data, track location, and perform click fraud was inadvertently built into apps via an infected third-party library, highlighting supply chain risk.

Read More
Beyond CVEs: The Key to Mitigating High-Risk Security Exposures
Beyond CVEs: The Key to Mitigating High-Risk Security Exposures

Use ongoing exposure management to parse the riskiest exposures and probable attack paths, then identify and plug the choke points.

Read More
How Zero Trust Can Protect Systems Against Generative AI Agents
How Zero Trust Can Protect Systems Against Generative AI Agents

Researchers explore a love-hate relationship with AI tools like ChatGPT, which can be used to both attack and defend more efficiently.

Read More
Recycled Core Routers Expose Sensitive Corporate Network Info
Recycled Core Routers Expose Sensitive Corporate Network Info

Researchers are warning about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.

Read More
As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations
As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations

Businesses must leverage state and local guidance — along with technology — to maintain secure, compliant infrastructure.

Read More
ZeroFox Acquires LookingGlass
ZeroFox Acquires LookingGlass

The combined company will boost ZeroFox's attack surface management capabilities.

Read More
FIN7, Former Conti Gang Members Collaborate on 'Domino' Malware
FIN7, Former Conti Gang Members Collaborate on 'Domino' Malware

Members of the former ransomware group are using a FIN7 backdoor to deliver malware —including Cobalt Strike — to victim systems.

Read More
lockr Raises $2.5M
lockr Raises $2.5M

lockr preserves open access to information across the Internet while honoring consumer privacy and choice.

Read More
Google Issues Emergency Chrome Update for Zero-Day Bug
Google Issues Emergency Chrome Update for Zero-Day Bug

Because the security vulnerability is under active exploit, Google isn't releasing full details of the flaw while users could remain vulnerable.

Read More
NSA's National Centers for Academic Excellence (NCAE) Cyber Games to Hold National Finals on April 22
NSA's National Centers for Academic Excellence (NCAE) Cyber Games to Hold National Finals on April 22

Read More
Pen Testers Need to Hack AI, but Also Question Its Existence
Pen Testers Need to Hack AI, but Also Question Its Existence

Learning how to break the latest AI models is important, but security researchers should also question whether there are enough guardrails to prevent the technology's misuse.

Read More
How CISOs Can Craft Better Narratives for the Board
How CISOs Can Craft Better Narratives for the Board

Communicating cyber-risk upward to the C-suite and board takes simplification and a better understanding of the audience.

Read More
Aloha PoS Restaurant Software Downed by Ransomware Attack
Aloha PoS Restaurant Software Downed by Ransomware Attack

Thousands of restaurants impacted by what Aloha PoS parent company NCR says was a ransomware attack on one of its data centers.

Read More
Name That Toon: Lucky Charm
Name That Toon: Lucky Charm

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Read More
Top 5 Data Security RSAC 2023 Sessions to Attend
Top 5 Data Security RSAC 2023 Sessions to Attend

A little preconference reconnoitering of upcoming seminars, keynotes, and track sessions makes plotting your days easier. Here's one attendee's list.

Read More
Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks
Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks

The threat group behind the SolarWinds supply chain attacks is back with new tools for spying on officials in NATO countries and Africa.

Read More
Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement
Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement

Detailing how extended IoT (xIoT) devices can be used at scale by attackers to establish persistence across networks and what enterprises should start doing about the risk.

Read More
Software-Dependency Data Delivers Security to Developers
Software-Dependency Data Delivers Security to Developers

Google has opened up its software-dependency database, adding to the security data available to developers and toolmakers. Now developers need to use it.

Read More
Security Is a Revenue Booster, Not a Cost Center
Security Is a Revenue Booster, Not a Cost Center

Focusing on what customers and partners need from a company can help CISOs show the real financial benefits of improving cybersecurity.

Read More
Bugs in Manarium Play-to-Earn Platform Showcase Crypto-Gaming Insecurity
Bugs in Manarium Play-to-Earn Platform Showcase Crypto-Gaming Insecurity

Researchers plug in winning scores to make off with NFTs without actually playing the GameFi platform's minigames.

Read More
Western Digital Hackers Demand 8-Figure Ransom Payment for Data
Western Digital Hackers Demand 8-Figure Ransom Payment for Data

Western Digital has yet to comment on claims that the breach reported earlier this month led to data being stolen.

Read More
SASE Market Worth $5.9B by 2028 — Report by MarketsandMarkets™
SASE Market Worth $5.9B by 2028 — Report by MarketsandMarkets™

Read More
What the Recent Collapse of SVB Means for Privacy
What the Recent Collapse of SVB Means for Privacy

Businesses must be diligent in their actions, cultivate awareness with employees, and implement strict standards around external communications in the wake of Silicon Valley Bank's collapse.

Read More
New Mirai Variant Employs Uncommon Tactics to Distribute Malware
New Mirai Variant Employs Uncommon Tactics to Distribute Malware

RapperBot's initial infection tactic is one example of the different methods attackers are using to distribute malware.

Read More
Money Ransomware Group Enters Double-Extortion Fray
Money Ransomware Group Enters Double-Extortion Fray

Ransomware group uses API calls to spread throughout shared network resources, researchers say.

Read More
Why the US Needs Quantum-Safe Cryptography Deployed Now
Why the US Needs Quantum-Safe Cryptography Deployed Now

Quantum computers might be a decade away, but guess how long it will take to switch systems over to post-quantum cryptography?

Read More
Remcos RAT Targets Tax Pros to Scurry Off With Workers' Filing Info
Remcos RAT Targets Tax Pros to Scurry Off With Workers' Filing Info

Something exciting to liven up tax season: cybercriminals accessing sensitive personal information for individuals through the army of accountants preparing for Tax Day in the US.

Read More
Super-Yacht Specialist Lürssen in Dry Dock After Ransomware Attack
Super-Yacht Specialist Lürssen in Dry Dock After Ransomware Attack

The ransomware attack proves that even the wealthiest cannot buy their immunity from threat actors.

Read More
The Internet Reform Trilemma
The Internet Reform Trilemma

An "open" Internet faces challenges from autocratic governance models. Policymakers should instead think about creating an Internet that's equitable, inclusive, and secure.

Read More
Majority of US IT Pros Told to Keep Quiet About Data Breaches
Majority of US IT Pros Told to Keep Quiet About Data Breaches

To report or not report? While more than half of all companies have suffered a data breach, 71% of IT professionals say they have been told to not report an incident, which could mean legal jeopardy.

Read More
Legion Malware Marches onto Web Servers to Steal Credentials, Spam Mobile Users
Legion Malware Marches onto Web Servers to Steal Credentials, Spam Mobile Users

A novel credential harvester compromises SMTP services to steal data from a range of hosted services and providers, and can also launch SMS-based spam attacks against devices using US mobile carriers.

Read More
How to Define Tier-Zero Assets in Active Directory Security
How to Define Tier-Zero Assets in Active Directory Security

There are plenty of AD objects and groups that should be considered tier zero in every environment, but some will vary among organizations.

Read More
Google Tackles Open Source Security With New Dependency Service
Google Tackles Open Source Security With New Dependency Service

With deps.dev API and Assured OSS, Google is addressing the common challenges software developers face in securing the software supply chain.

Read More
Menlo Security Illustrates Importance of Browser Security as 4 in 5 Ransomware Attacks Include Threats Beyond Data Encryption
Menlo Security Illustrates Importance of Browser Security as 4 in 5 Ransomware Attacks Include Threats Beyond Data Encryption

Read More
VulnCheck Named CVE Numbering Authority for Common Vulnerabilities and Exposures
VulnCheck Named CVE Numbering Authority for Common Vulnerabilities and Exposures

Read More
Report Reveals ChatGPT Already Involved in Data Leaks, Phishing Scams & Malware Infections
Report Reveals ChatGPT Already Involved in Data Leaks, Phishing Scams & Malware Infections

Read More
(ISC)² Certified in Cybersecurity Earns ANAB Accreditation to ISO 17024 and Surpasses 15,000 Certification Holders
(ISC)² Certified in Cybersecurity Earns ANAB Accreditation to ISO 17024 and Surpasses 15,000 Certification Holders

Entry-level cybersecurity certification is now accredited to the highest global standards alongside other globally recognized (ISC)² certifications like the CISSP®

Read More
Lazarus Group's 'DeathNote' Cluster Pivots to Defense Sector
Lazarus Group's 'DeathNote' Cluster Pivots to Defense Sector

Usually focused on going after cryptocurrency organizations, the threat actor has begun targeting defense companies around the world.

Read More
When Banking Laws Don't Protect Consumers From Cybertheft
When Banking Laws Don't Protect Consumers From Cybertheft

If attackers use your stolen login information or set up wire transfers, you might be out of luck.

Read More
Opera Adds Free VPN to Opera for iOS
Opera Adds Free VPN to Opera for iOS

Read More
FBI & FCC Warn on 'Juice Jacking' at Public Chargers, but What's the Risk?
FBI & FCC Warn on 'Juice Jacking' at Public Chargers, but What's the Risk?

Hackers can compromise public charging hubs to steal data, install malware on phones, and more, threatening individuals and businesses alike.

Read More
Data on 400K Kodi Forum Members Stolen and Put Up for Sale
Data on 400K Kodi Forum Members Stolen and Put Up for Sale

Open source media player Kodi still hasn't recovered its forum and plans to redeploy it on a new server with software update.

Read More
Microsoft: NSO Group-Like 'QuaDream' Actor Selling Mobile Spyware to Governments
Microsoft: NSO Group-Like 'QuaDream' Actor Selling Mobile Spyware to Governments

Researchers at Microsoft have discovered links between a threat group tracked as DEV-0196 and an Israeli private-sector company, QuaDream, that sells a platform for exfiltrating data from mobile devices.

Read More
Survey Findings Show Link Between Data Silos and Security Vulnerabilities
Survey Findings Show Link Between Data Silos and Security Vulnerabilities

A recent survey showed a surprising correlation between those who operate their businesses with risk and compliance data in silos and those who experienced data breaches in the last 24 months.

Read More
Gartner: Human-Centric Design Is Top Cybersecurity Trend for 2023
Gartner: Human-Centric Design Is Top Cybersecurity Trend for 2023

In order to reduce cybersecurity risks and failures, organizations will need to focus on employees, management, and new operating models.

Read More
CrowdStrike Expands Falcon to Include IoT
CrowdStrike Expands Falcon to Include IoT

CrowdStrike Falcon Insight for IoT covers the Internet of Things, industrial IoT, operational technology, as well as medical devices.

Read More
LastPass Breach Reveals Important Lessons
LastPass Breach Reveals Important Lessons

Devastating cyberattacks often can be prevented with basic cybersecurity measures.

Read More
1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs
1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs

A wide-ranging campaign to inject malicious code into WordPress-run websites has been ongoing for at least five years.

Read More
Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs
Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs

The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.

Read More
Microsoft Azure Shared Key Misconfiguration Could Lead to RCE
Microsoft Azure Shared Key Misconfiguration Could Lead to RCE

Azure admins are urged to disable shared key access and implement Azure Active Directory authentication.

Read More
'Blatantly Obvious': Spyware Offered to Cyberattackers via PyPI Python Repository
'Blatantly Obvious': Spyware Offered to Cyberattackers via PyPI Python Repository

Malware-as-a-service hackers from Spain decided to use a public code repository to openly advertise their wares.

Read More
Where Are the Women? Making Cybersecurity More Inclusive
Where Are the Women? Making Cybersecurity More Inclusive

Stepped-up recruiting efforts along with better work-life balance policies and mentoring and recruitment programs will help balance the scales.

Read More
7 Things Your Ransomware Response Playbook Is Likely Missing
7 Things Your Ransomware Response Playbook Is Likely Missing

Incident response experts share their secrets for success when it comes to creating a professional-grade ransomware response playbook. Are you ready for the worst?

Read More
Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads
Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads

The campaign shrouds the commodity infostealer in OpenAI files in a play that aims to take advantage of the growing public interest in AI-based chatbots.

Read More
How Password Managers Can Get Hacked
How Password Managers Can Get Hacked

Password managers aren't foolproof, but they do help mitigate risks from weak credentials and password reuse. Following best practices can contribute to a company's defenses.

Read More
How CIEM Can Improve Identity, Permissions Management for Multicloud Deployments
How CIEM Can Improve Identity, Permissions Management for Multicloud Deployments

The gap between permissions granted and permissions used exposes organizations to increased risk. (Part two of a two-part series.)

Read More
Israeli Irrigation Water Controllers & Postal Service Breached
Israeli Irrigation Water Controllers & Postal Service Breached

Israel's National Cyber Defense is warning of increased cyberattacks by anti-Israel groups during the month of Ramadan.

Read More
VMware patches break-and-enter hole in logging tools: update now!
VMware patches break-and-enter hole in logging tools: update now!

You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today."

Read More
S3 Ep131: Can you really have fun with FORTRAN?
S3 Ep131: Can you really have fun with FORTRAN?

Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.

Read More
Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security
Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security

Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)

Read More
FBI and FCC warn about “Juicejacking” – but just how useful is their advice?
FBI and FCC warn about “Juicejacking” – but just how useful is their advice?

USB charging stations - can you trust them? What are the real risks, and how can you keep your data safe on the road?

Read More
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]

I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!

Read More
Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot
Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot

Is Secure Boot without the Secure just "Boot"?

Read More
Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert
Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.

Read More
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!

Read More
Popular server-side JavaScript security sandbox “vm2” patches remote execution hole
Popular server-side JavaScript security sandbox “vm2” patches remote execution hole

The security error was in the error handling system that was supposed to catch potential security errors...

Read More
Apple issues emergency patches for spyware-style 0-day exploits – update now!
Apple issues emergency patches for spyware-style 0-day exploits – update now!

A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.

Read More
Student Loan Breach Exposes 2.5M Records
Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

Read More
Watering Hole Attacks Push ScanBox Keylogger
Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Read More
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Read More
Ransomware Attacks are on the Rise
Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Read More
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Read More
Twitter Whistleblower Complaint: The TL;DR Version
Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Read More
Firewall Bug Under Active Attack Triggers CISA Warning
Firewall Bug Under Active Attack Triggers CISA Warning

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Read More
Fake Reservation Links Prey on Weary Travelers
Fake Reservation Links Prey on Weary Travelers

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Read More
iPhone Users Urged to Update to Patch 2 Zero-Days
iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Read More
Google Patches Chrome’s Fifth Zero-Day of the Year
Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Read More
Were you caught up in the latest data breach? Here's how to tell
Were you caught up in the latest data breach? Here's how to tell

Wondering if your information is posted online from a data breach? Here's how to check if your accounts are at risk and what to do next.

Read More
How to delete yourself from internet search results and hide your identity online
How to delete yourself from internet search results and hide your identity online

Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.

Read More
How to find and remove spyware from your phone
How to find and remove spyware from your phone

Surveillance software is becoming more advanced. Here's what to do if you think you're being tracked.

Read More
Hacked! My Twitter user data is out on the dark web -- now what?
Hacked! My Twitter user data is out on the dark web -- now what?

Your Twitter user data may now be out there too, including your phone number. Here's how to check and what you can do about it.

Read More
Windows: Still insecure after all these years
Windows: Still insecure after all these years

OPINION: With every Windows release, Microsoft promises better security. And, sometimes, it makes improvements. But then, well then, we see truly ancient security holes show up yet again.

Read More
Stop using Twitter to log in to other websites
Stop using Twitter to log in to other websites

With Twitter's growing technical problems, you can't rely on it as your single sign-on for other sites.

Read More
How to keep your home secure when you travel
How to keep your home secure when you travel

With travel stressful enough, you don't need the anxiety of wondering if your home is protected.

Read More
OpenSSL dodges a security bullet
OpenSSL dodges a security bullet

The critical security vulnerability turned out to be two serious vulnerabilities. Still, they need patching ASAP.

Read More
Here are the top phone security threats in 2022 and how to avoid them
Here are the top phone security threats in 2022 and how to avoid them

Your handset is always at risk of being exploited. Here's what to look out for.

Read More
Google to wipe user location history for visits to healthcare clinics, domestic violence shelters
Google to wipe user location history for visits to healthcare clinics, domestic violence shelters

Even if location history is enabled, visits to locations considered sensitive will be removed from logs.

Read More
This WhatsApp scam promises big, but just sends you into a spiral
This WhatsApp scam promises big, but just sends you into a spiral

Worker shortages are the hook for the phoney government's 'offer.'

Read More
Ukrainian police takes down phishing gang behind payments scam
Ukrainian police takes down phishing gang behind payments scam

Gang may have defrauded 5,000 people with promises of EU support.

Read More
Virtual-world tech company owner arrested over alleged $45m investment fraud scheme
Virtual-world tech company owner arrested over alleged $45m investment fraud scheme

Investment fraud scheme defrauded more than 10,000 victims, says Department of Justice.

Read More
The British Army is investigating after its Twitter and YouTube accounts were hijacked
The British Army is investigating after its Twitter and YouTube accounts were hijacked

The hijackers used the accounts to promote cryptocurrency and NFTs.

Read More
Period tracking apps are no longer safe. Delete them
Period tracking apps are no longer safe. Delete them

Opinion: The convenience isn't worth the risk.

Read More
Dragonbridge influencers targets rare earth miners, encourages protests to disrupt production
Dragonbridge influencers targets rare earth miners, encourages protests to disrupt production

Researchers say that China has 'crossed the line' again with the new online campaign.

Read More
Google details commercial spyware that targets both Android and iOS devices
Google details commercial spyware that targets both Android and iOS devices

Hermit highlights a wider issue concerning our privacy and freedom.

Read More
Scalper bots are snapping up appointments for government services in Israel
Scalper bots are snapping up appointments for government services in Israel

Scalpers are snapping up public service appointments and selling them on.

Read More
These hackers are spreading ransomware as a distraction - to hide their cyber spying
These hackers are spreading ransomware as a distraction - to hide their cyber spying

Five ransomware strains have been linked to Bronze Starlight activities.

Read More
Ukrainian organizations warned of hacking attempts using CredoMap malware, Cobalt Strike beacons
Ukrainian organizations warned of hacking attempts using CredoMap malware, Cobalt Strike beacons

Russian hackers continue their attempts to break into the systems of Ukrainian organisations, this time with phishing and fake emails.

Read More
Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs
Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs

The North Korean hacking group behind the supply chain attack that hit 3CX also broke into two critical infrastructure organizations in the energy sector.

The post Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs appeared first on SecurityWeek.

Read More
Halcyon Secures $50M Funding for Anti-Ransomware Protection Platform
Halcyon Secures $50M Funding for Anti-Ransomware Protection Platform

Texas startup scores financing to build an AI-powered anti-ransomware engine to help organizations ward off data-extortion attacks.

The post Halcyon Secures $50M Funding for Anti-Ransomware Protection Platform appeared first on SecurityWeek.

Read More
Abandoned WordPress Plugin Abused for Backdoor Deployment
Abandoned WordPress Plugin Abused for Backdoor Deployment

Attackers are installing the abandoned Eval PHP plugin on compromised WordPress sites to inject PHP code into web pages.

The post Abandoned WordPress Plugin Abused for Backdoor Deployment appeared first on SecurityWeek.

Read More
Five Eyes Agencies Issue Cybersecurity Guidance for Smart Cities
Five Eyes Agencies Issue Cybersecurity Guidance for Smart Cities

Five Eyes agencies have issued joint cybersecurity guidance and best practices for smart cities.

The post Five Eyes Agencies Issue Cybersecurity Guidance for Smart Cities appeared first on SecurityWeek.

Read More
Google Cloud Platform Vulnerability Led to Stealthy Account Backdoors
Google Cloud Platform Vulnerability Led to Stealthy Account Backdoors

A vulnerability in Google Cloud Platform allowed attackers to modify and hide OAuth applications to create a stealthy backdoor to any Google account.

The post Google Cloud Platform Vulnerability Led to Stealthy Account Backdoors appeared first on SecurityWeek.

Read More
GitHub Announces New Security Improvements
GitHub Announces New Security Improvements

GitHub this week introduced NPM package provenance and deployment protection rules and announced general availability of private vulnerability reporting.

The post GitHub Announces New Security Improvements appeared first on SecurityWeek.

Read More
House Committee Hears Testimony on DC Health Data Breach
House Committee Hears Testimony on DC Health Data Breach

A top administrator with Washington’s health insurance exchange apologized to House members on Wednesday for the data breach that resulted in the disclosure of personal information for thousands of users.

The post House Committee Hears Testimony on DC Health Data Breach appeared first on SecurityWeek.

Read More
Capita Confirms Data Breach After Ransomware Group Offers to Sell Stolen Information
Capita Confirms Data Breach After Ransomware Group Offers to Sell Stolen Information

Capita finally confirmed that hackers stole data after the Black Basta ransomware group offered to sell information allegedly stolen from the company.

The post Capita Confirms Data Breach After Ransomware Group Offers to Sell Stolen Information appeared first on SecurityWeek.

Read More
VMware Patches Pre-Auth Code Execution Flaw in Logging Product
VMware Patches Pre-Auth Code Execution Flaw in Logging Product

VMware warns of two critical vulnerabilities -- CVE-2023-20864 and CVE-2023-20865 -- in the VMware Aria Operations for Logs product.

The post VMware Patches Pre-Auth Code Execution Flaw in Logging Product appeared first on SecurityWeek.

Read More
Microsoft Will Name Threat Actors After Weather Events
Microsoft Will Name Threat Actors After Weather Events

Microsoft plans to use weather-themed naming of APT actors as part of a move to simplify the way threat actors are documented.

The post Microsoft Will Name Threat Actors After Weather Events appeared first on SecurityWeek.

Read More
European air traffic control confirms website 'under attack' by pro-Russia hackers
European air traffic control confirms website 'under attack' by pro-Russia hackers

Another cyber nuisance in support of Putin's war, nothing too serious

Europe's air-traffic agency appears to be the latest target in pro-Russian miscreants' attempts to disrupt air travel.…

Read More
Microsoft pushes for more women in cybersecurity
Microsoft pushes for more women in cybersecurity

Redmond tops industry average, still got a way to go

Microsoft has partnered with organizations around the globe to bring more women into infosec roles, though the devil is in the details.…

Read More
International cops urge Meta <em>not</em> to implement secure encryption for all
International cops urge Meta not to implement secure encryption for all

Why? Well, think of the children, of course

An international group of law enforcement agencies are urging Meta not to standardize end-to-end encryption on Facebook Messenger and Instagram, which they say will harm their ability to fight child sexual abuse material (CSAM) online.…

Read More
Healthcare organisations urged to improve system security
Healthcare organisations urged to improve system security

Patient data covering sensitive areas has long been a high-value target for cybercriminals

Sponsored Post  Digital patient medical records now cover a whole gamut of sensitive details such as clinical diagnoses/treatments, prescriptions, personal finances and insurance policies. Which makes keeping them safe more important than ever.…

Read More
Thanks for fixing the computer lab. Now tell us why we shouldn’t expel you?
Thanks for fixing the computer lab. Now tell us why we shouldn’t expel you?

Guessing the admin password is cool. Using it, even for good, is dangerous

On Call  It’s always twelve o’clock somewhere, the saying goes, but Friday comes around but once a week and only this day does The Register offer a fresh instalment of On Call, our reader-contributed tales of tech support torture and turmoil.…

Read More
Capita has 'evidence' customer data was stolen in digital burglary
Capita has 'evidence' customer data was stolen in digital burglary

Admits criminals accessed 4% of servers from March 22 until it spotted them at month-end

Business process outsourcing and tech services player Capita says there is proof that some customer data was scooped up by cyber baddies that broke into its systems late last month.…

Read More
An earlier supply chain attack led to the 3CX supply chain attack, Mandiant says
An earlier supply chain attack led to the 3CX supply chain attack, Mandiant says

Threat hunters traced it back to malware-laced Trading Technologies' software

The supply-chain attack against 3CX last month was caused by an earlier supply-chain compromise of a different software firm — Trading Technologies — according to Mandiant, whose consulting crew was hired by 3CX to help the VoIP biz investigate the intrusion.…

Read More
AI defenders ready to foil AI-armed attackers
AI defenders ready to foil AI-armed attackers

Operational AI cybersecurity systems have been gaining valuable experience that will enable them to defend against AI-armed opponents.

Sponsored Feature  For some time now, alerts concerning the utilisation of AI by cybercriminals have been sounded in specialist and mainstream media alike – with the set-to between AI-armed attackers and AI-protected defenders envisaged in vivid gladiatorial terms.…

Read More
Protect the Industrial Control Systems (ICS)
Protect the Industrial Control Systems (ICS)

ICS security is fast becoming a frontline defense against hackers intent on causing mayhem

Sponsored Post  Some of the most famous cyber attacks in history have been directed against Industrial Control Systems (ICS).…

Read More
Medusa ransomware crew brags about spreading Bing, Cortana source code
Medusa ransomware crew brags about spreading Bing, Cortana source code

'Does have a somewhat Lapsus$ish feel' we're told

The Medusa ransomware gang has put online what it claims is a massive leak of internal Microsoft materials, including Bing and Cortana source code.…

Read More
Appeals court spares Google from $20m patent payout over Chrome
Appeals court spares Google from $20m patent payout over Chrome

Chocolate Factory can afford some staples now, or?

Six years after a jury decided otherwise, Google has convinced an appeals court to reverse a $20 million patent judgment against the web giant.…

Read More
Spyware slinger QuaDream’s reported demise may be the canary in the coal mine
Spyware slinger QuaDream’s reported demise may be the canary in the coal mine

NSO and others are still out there, but pariahs find it hard to do business

Analysis  Israeli spyware shop QuaDream is reportedly shutting down due to financial troubles.…

Read More
GitHub debuts pedigree check for npm packages via Actions
GitHub debuts pedigree check for npm packages via Actions

Publishing provenance possibly prevents problems

Developers who use GitHub Actions to build software packages for the npm registry can now add a command flag that will publish details about the code's origin.…

Read More
Prioritize what matters most
Prioritize what matters most

How to manage your cloud and container vulnerabilities at scale

Webinar  There's nothing complicated about the statistics released in Sysdig's latest report. They're alarming and should keep many an IT team up at night.…

Read More
US citizens charged with pushing pro-Kremlin disinfo, election interference
US citizens charged with pushing pro-Kremlin disinfo, election interference

Also a bunch of Russians plus someone giving free trips to the Motherland

Four US citizens have been accused of working on behalf of the Russian government to push pro-Kremlin propaganda and unduly influence elections in Florida.…

Read More
Russian snoops just love invading unpatched Cisco gear, America and UK warn
Russian snoops just love invading unpatched Cisco gear, America and UK warn

Spying on foreign targets? That's our job!

The UK and US governments have sounded the alarm on Russian intelligence targeting unpatched Cisco routers to deploy malware and carry out surveillance.…

Read More
Microsoft opens up Defender threat intel library with file hash, URL search
Microsoft opens up Defender threat intel library with file hash, URL search

Surprised there's no ChatGPT angle and that it's not called MalwareTotal

Security researchers and analysts can now search Microsoft's Threat Intelligence Defender database using file hashes and URLs when pulling together information for network intrusion investigations and whatnot.…

Read More
Payments firm accused of aiding 'contact Microsoft about a virus' scammers must cough $650k
Payments firm accused of aiding 'contact Microsoft about a virus' scammers must cough $650k

'My computer locked up and a siren went off,' one mark tells Better Business Bureau

Updated  Two execs and a multinational payment processing company must pay $650k to the US government, says the FTC, which accuses them of knowingly processing credit card payments for Microsoft-themed support scammers.…

Read More
Brit cops rapped over app that recorded 200k phone calls
Brit cops rapped over app that recorded 200k phone calls

Officers didn't know software was saving personal data and neither did people on other end

Several police forces in Britain are being put on the naughty step by the UK's data watchdog for using a calling app that recorded hundreds of thousands of phone conversations and illegally retained that data.…

Read More
Wrong time to weaken encryption, UK IT chartered institute tells government
Wrong time to weaken encryption, UK IT chartered institute tells government

Plus: Signal, WhatsApp, and Viber also write online protest over Online Safety Bill back door

The UK’s chartered institute for IT has slammed proposed legislation that could see the government open a “back door” to encrypted messaging.…

Read More
Capita IT breach gets worse as Black Basta claims it's now selling off stolen data
Capita IT breach gets worse as Black Basta claims it's now selling off stolen data

No worries, outsourcer only handles government tech contracts worth billions

Black Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale sensitive details, including bank account information, addresses, and passport photos, stolen from the IT outsourcing giant.…

Read More
US alleges China created troll army that tried to have dissidents booted from Zoom
US alleges China created troll army that tried to have dissidents booted from Zoom

Charges laid against 44, including officers of China’s Cyberspace Administration

The United States Department of Justice has charged 44 people over schemes prosecutors allege were run by China’s National Police to silence opponents of the Communist Party of China.…

Read More
Military helicopter crash blamed on failure to apply software patch
Military helicopter crash blamed on failure to apply software patch

A rather nice beach in Australia now briefly hosted an unusual feature

An Australian military helicopter crash was reportedly caused by failure to apply a software patch, with a hefty side serving of pilot error.…

Read More
LockBit crew cooks up half-baked Mac ransomware
LockBit crew cooks up half-baked Mac ransomware

Please, no need to fix these problems

LockBit has developed ransomware that can encrypt files on Arm-powered Macs, said to be a first for the prolific cybercrime crew. …

Read More
Marketing biz sent 107 million spam emails... to just 437k people
Marketing biz sent 107 million spam emails... to just 437k people

Recruitment company fined £130,000 by data regulator for breaking PECR

A recruitment business that sent out an eye watering 107 million spam emails is now nursing a £130,000 ($161,000) fine from Britain’s data watchdog.…

Read More
Firmware is on shaky ground – let's see what it's made of
Firmware is on shaky ground – let's see what it's made of

Old architectures just don't stack up

Opinion  Most data theft does clear harm to the victim, and often to its customers. But while embarrassing, the cyberattack against MSI in which source code was said to be stolen is harder to diagnose. It looks like a valuable company asset that's cost a lot to develop. That its theft may be no loss is a weird idea. But then, firmware is weirder than we give it credit for. It's even hard to say exactly what it is.…

Read More
Student requested access to research data. And waited. And waited. And then hacked to get root
Student requested access to research data. And waited. And waited. And then hacked to get root

The punishment – Windows 98 administration chores – was far worse than the crime

Who, Me?  Welcome once more to Who Me? The Register’s confessional column in which readers admit to being the source of SNAFUs.…

Read More
Update now: Google emits emergency fix for zero-day Chrome vulnerability
Update now: Google emits emergency fix for zero-day Chrome vulnerability

Also: Tech players spin up white hat protection, this week's critical bugs, and more

In brief  Google on Friday released an emergency update for Chrome to address a zero-day security flaw.…

Read More
Russia-pushed UN Cybercrime Treaty may rewrite global law. It's ... not great
Russia-pushed UN Cybercrime Treaty may rewrite global law. It's ... not great

Let's go through all the proposed problematic powers, starting with surveillance and censorship

Special report  United Nations negotiators convened this week in Vienna, Austria, to formulate a draft cybercrime treaty, and civil society groups are worried.…

Read More
US extradites Nigerian charged over $6m email fraud scam
US extradites Nigerian charged over $6m email fraud scam

Maybe our prince has come at last

A suspected Nigerian fraudster is scheduled to appear in court Friday for his alleged role in a $6 million plot to scam businesses via email.…

Read More
Compatibility mess breaks not one but two Windows password tools
Compatibility mess breaks not one but two Windows password tools

Windows LAPS and legacy LAPS don't play nicely under certain conditions, Microsoft says

Integrating the Local Administrator Password Solution (LAPS) into Windows and Windows Server that came with updates earlier this week is causing interoperability problems with what's called legacy LAPS, Microsoft says.…

Read More
While Twitter wants to sell its verification, Microsoft will do it for free on LinkedIn
While Twitter wants to sell its verification, Microsoft will do it for free on LinkedIn

Redmond expands a digital ID process for its platform as Musk seeks cash for blue check marks

As Elon Musk tears at Twitter's credibility by demanding businesses and individuals pay for their blue verification checks, Microsoft is pushing its own free digital ID tech to companies and their employees on LinkedIn.…

Read More
Linux kernel logic allowed Spectre attack on 'major cloud provider'
Linux kernel logic allowed Spectre attack on 'major cloud provider'

Kernel 6.2 ditched a useful defense against ghostly chip design flaw

The Spectre vulnerability that has haunted hardware and software makers since 2018 continues to defy efforts to bury it.…

Read More
To improve security, consider how the aviation world stopped blaming pilots
To improve security, consider how the aviation world stopped blaming pilots

When admitting to an error isn't seen as a failure, improvement easy to achieve, says pilot-turned-CISO

To improve security, the cybersecurity industry needs to follow the aviation industry's shift from a blame culture to a "just" culture, according to ISACA director Serge Christiaans.…

Read More
Pentagon super-leak suspect cuffed: 21-year-old Air National Guardsman
Pentagon super-leak suspect cuffed: 21-year-old Air National Guardsman

When bragging about your job on Discord gets just a little out of hand?

The FBI has detained a 21-year-old Air National Guardsman suspected of leaking a trove of classified Pentagon documents on Discord.…

Read More
How insecure is America's FirstNet emergency response system? Seriously, anyone know?
How insecure is America's FirstNet emergency response system? Seriously, anyone know?

Senator Wyden warns full probe needed into vital comms network

AT&T is "concealing vital cybersecurity reporting" about its FirstNet phone network for first responders and the US military, according to US Senator Ron Wyden (D-OR), who said the network had been dubbed unsafe by CISA.…

Read More
FBI: How fake Xi cops prey on Chinese nationals in the US
FBI: How fake Xi cops prey on Chinese nationals in the US

你好 [insert name], 我在 Ministry of Public Security 工作 [insert shakedown]

Criminals posing as law enforcement agents of the Chinese government are shaking down Chinese nationals living the United States by accusing them of financial crimes and threatening to arrest or hurt them if they don't pay, according to the FBI.…

Read More
Mission possible
Mission possible

Tamping down risk in cloud management

Webinar  There's nothing like reading a report based on real world data to give IT teams an fresh sense of priority.…

Read More
3CX teases security-focused client update, plus password hashing
3CX teases security-focused client update, plus password hashing

As Mandiant finds more evidence it was North Korea wot done it

The CEO of VoIP software provider 3CX has teased the imminent release of a security-focused upgrade to the company’s progressive web application client.…

Read More
US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster
US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster

It's not all doom and gloom because ML also amplifies defensive efforts, probably

Bots like ChatGPT may not be able to pull off the next big Microsoft server worm or Colonial Pipeline ransomware super-infection but they may help criminal gangs and nation-state hackers develop some attacks against IT, according to Rob Joyce, director of the NSA's Cybersecurity Directorate.…

Read More
Another zero-click Apple spyware maker just popped up on the radar again
Another zero-click Apple spyware maker just popped up on the radar again

Pegasus, pssh, you so 2000-and-late

Malware reportedly developed by a little-known Israeli commercial spyware maker has been found on devices of journalists, politicians, and an NGO worker in multiple countries, say researchers. …

Read More
April Patch Tuesday: Ransomware gangs already exploiting this Windows bug
April Patch Tuesday: Ransomware gangs already exploiting this Windows bug

Plus Google, SAP, Adobe and Cisco emit fixes

Microsoft patched 97 security flaws today for April's Patch Tuesday including one that has already been found and exploited by miscreants attempting to deploy Nokoyawa ransomware.…

Read More
Azure admins warned to disable shared key access as backdoor attack detailed
Azure admins warned to disable shared key access as backdoor attack detailed

The default is that sharing is caring as Redmond admits: 'These permissions could be abused'

A design flaw in Microsoft Azure – that shared key authorization is enabled by default when creating storage accounts – could give attackers full access to your environment, according to Orca Security researchers.…

Read More
40% of IT security pros say they've been told not to report a data leak
40% of IT security pros say they've been told not to report a data leak

Plus: KFC, Pizza Hut owner spills more beans on ransomware hit... latest critical flaws... and more

In Brief  More than 40 percent of surveyed IT security professionals say they've been told to keep network breaches under wraps despite laws and common decency requiring disclosure.…

Read More
How much to infect Android phones via Google Play store? How about $20k
How much to infect Android phones via Google Play store? How about $20k

Or whatever you managed to haggle with these miscreants

If you want to sneak malware onto people's Android devices via the official Google Play store, it may cost you about $20,000 to do so, Kaspersky suggests.…

Read More
Inside FTX: Jokes about misplaced funds, diabolical IT, poor oversight, and worse
Inside FTX: Jokes about misplaced funds, diabolical IT, poor oversight, and worse

How's the saying go? $50m here, $50m there, pretty soon you're talking real money

The liquidators picking over the remains of FTX have released their first formal report into Sam Bankman-Fried's imploded empire – and it somehow appears things are worse than feared.…

Read More
Apple squashes iOS, macOS zero-day bugs already exploited by snoops
Apple squashes iOS, macOS zero-day bugs already exploited by snoops

Keep calm and install patches before abuse becomes widespread

Apple rolled out patches on Good Friday to its iOS, iPadOS, and macOS operating systems and the Safari web browser to address vulnerabilities found by Google and Amnesty International that were exploited in the wild.…

Read More
Google to kill Dropcam, Nest Secure hardware next year
Google to kill Dropcam, Nest Secure hardware next year

Great, more company for Stadia, Duo and pals in the graveyard

Owners of Dropcam security cameras and Nest Secure systems have been given an unwelcome deadline from Google: their smart home products will be shut off April 8 next year.…

Read More
Microsoft, Fortra are this fed up with cyber-gangs abusing Cobalt Strike
Microsoft, Fortra are this fed up with cyber-gangs abusing Cobalt Strike

Oh, sure, let's play a game of legal and technical whack-a-mole

Microsoft and Fortra are taking legal and technical actions to thwart cyber-criminals from using the latter company's Cobalt Strike software to distribute malware.…

Read More
When it comes to technology, securing your future means securing your present
When it comes to technology, securing your future means securing your present

How to build cyber resiliency in the face of complexity

Sponsored Feature  Most economies and business sectors are dealing with extreme volatility and economic uncertainty. Even as the dislocation caused by the pandemic three years ago looked to be settling down, business leaders have had to contend with geopolitical concerns, rising interest rates, and surging inflation.…

Read More
CFPB Employee Sends 256,000 Consumers' Data to Personal Email
CFPB Employee Sends 256,000 Consumers' Data to Personal Email

Congressman Bill Huizenga addressed the claims in a letter to CFPB director, Rohit Chopra

Read More
Evil Extractor Targets Windows Devices to Steal Sensitive Data
Evil Extractor Targets Windows Devices to Steal Sensitive Data

New malware operates through several modules that rely on a File Transfer Protocol service

Read More
Trojanized Installers Used to Distribute Bumblebee Malware
Trojanized Installers Used to Distribute Bumblebee Malware

Secureworks’ Counter Threat Unit analyzed the findings in a report published on Thursday

Read More
#CYBERUK23: Five Takeaways From the NCSC Conference on the UK's Cyber Strategy
#CYBERUK23: Five Takeaways From the NCSC Conference on the UK's Cyber Strategy

More collaboration, both with the private sector and international allies, is at the top of the list in the UK’s cyber playbook

Read More
Government Agencies Release Blueprint for Secure Smart Cities
Government Agencies Release Blueprint for Secure Smart Cities

NCSC and CISA want to balance connectivity with resilience

Read More
China Developing Anti-Satellite Weapons - Report
China Developing Anti-Satellite Weapons - Report

Pentagon leak reveals US concerns over technology push

Read More
Capita: Data Was Taken in March Cyber Incident
Capita: Data Was Taken in March Cyber Incident

IT outsourcer claims customer, employee and supplier info may be at risk

Read More
Two Connected Software Supply Chain Attacks Lead to 3CX Compromise
Two Connected Software Supply Chain Attacks Lead to 3CX Compromise

Mandiant said this would be the first instance of a software supply chain attack leading to another

Read More
Daggerfly APT Targets African Telecoms Firm With New MgBot Malware
Daggerfly APT Targets African Telecoms Firm With New MgBot Malware

Symantec described the findings today, saying the ongoing campaign likely started in November 2022

Read More
ChatGPT-Related Malicious URLs on the Rise
ChatGPT-Related Malicious URLs on the Rise

Newly registered and squatting domains related to ChatGPT grew by 910% between November and April

Read More
#CYBERUK23: UK Strengthens Cybersecurity Audits for Government Agencies
#CYBERUK23: UK Strengthens Cybersecurity Audits for Government Agencies

GovAssure will mandate all UK government departments to go through annual independent, more robust security audits

Read More
Recycled Network Devices Exposing Corporate Secrets
Recycled Network Devices Exposing Corporate Secrets

ESET warns of breach risk from kit that is not properly decommissioned

Read More
Virsec automates the path to zero trust workload protection
Virsec automates the path to zero trust workload protection

Virsec has unveiled a suite of capabilities that automates the path to zero trust workload protection to increase the speed of protection, stopping attacks—including zero-days—in milliseconds. Its distinctive feature-set strikes the right balance between granular control, ease of onboarding, and day-to-day operations, with the comprehensive protection. Virsec turns a previously hard-to-use protection approach into a usable solution for security teams of any maturity level. An industry stuck detecting, not preventing Detection and response solutions (EDRs) … More

The post Virsec automates the path to zero trust workload protection appeared first on Help Net Security.

Read More
Next DLP adds ChatGPT policy to its Reveal platform
Next DLP adds ChatGPT policy to its Reveal platform

Next DLP has unveiled the addition of ChatGPT policy templates to the company’s Reveal platform, which uncovers risk, educates employees and fulfills security, compliance, and regulatory needs. The launch of these new policy templates is in response to the dramatic increase in use of large language model platforms in the company’s global customer base. With the new policies customers gain enhanced monitoring and protection of employees using ChatGPT. The first policy educates employees on the … More

The post Next DLP adds ChatGPT policy to its Reveal platform appeared first on Help Net Security.

Read More
Onapsis updates its platform to strenghten ERP cybersecurity
Onapsis updates its platform to strenghten ERP cybersecurity

Onapsis has unveiled a series of new product updates for the Onapsis Platform. Enriched with the threat intelligence, the Onapsis Platform further simplifies business application security for CISOs and CIOs alike with a new Security Advisor, new updates to its Comply product line, and critical enhancements that streamline code security from application development to production. “As the only cybersecurity and compliance solution endorsed by SAP, Onapsis is proud to lead the charge in helping organizations … More

The post Onapsis updates its platform to strenghten ERP cybersecurity appeared first on Help Net Security.

Read More
A10 integrates Next-Gen WAF to enable multi-layered security
A10 integrates Next-Gen WAF to enable multi-layered security

The last decade of digital transformation has turned most organizations today into true digital businesses. But the effectiveness and economics of cloud operating models have become top concerns. How to best secure, optimize, and automate hybrid cloud environments in the most effective manner is a significant challenge. To solve this problem, A10 Networks is announcing a combined solution of the Thunder Application Delivery Controller (ADC) and the new A10 Next-Generation Web Application Firewall (WAF), powered … More

The post A10 integrates Next-Gen WAF to enable multi-layered security appeared first on Help Net Security.

Read More
The staying power of shadow IT, and how to combat risks related to it
The staying power of shadow IT, and how to combat risks related to it

There was a time, not too long ago, when most IT leaders believed shadow IT was a negligible element in their companies. They felt their IT organizations were so in control of what applications were purchased and who was granted access and that minimal adoption occurred without their knowledge. Those were the days when centralized IT was the norm, and the idea of business-led technology acquisition wasn’t thought to be realistic. “Not happening in my … More

The post The staying power of shadow IT, and how to combat risks related to it appeared first on Help Net Security.

Read More
New infosec products of the week: April 21, 2023
New infosec products of the week: April 21, 2023

Here’s a look at the most interesting products from the past week, featuring releases from Armorblox, Cofense, D3 Security, Sotero, Venafi, Veracode, Versa Networks, and Zyxel Networks. Zyxel SCR 50AXE boosts network security for small businesses and remote workers The feature-rich SCR 50AXE is a secure cloud-managed router that incorporates a business-class firewall, VPN gateway, WiFi 6E connectivity, and built-in subscription-free security to protect the network from threats including ransomware and malware. Cofense Protect+ defends … More

The post New infosec products of the week: April 21, 2023 appeared first on Help Net Security.

Read More
Scammers using social media to dupe people into becoming money mules
Scammers using social media to dupe people into becoming money mules

Fraudsters are taking advantage of the widening fraud knowledge gap, outlining the urgent need for banks to educate and protect their customers with technology, according to Feedzai. The report reveals that while 56% of respondents have been a victim of a financial scam, many still lack the knowledge to detect and distinguish between the various types of financial crime. Consumers demand accountability Consequently, many consumers believe the responsibility for reimbursement lies with their bank, with … More

The post Scammers using social media to dupe people into becoming money mules appeared first on Help Net Security.

Read More
Top three factors leading to burnout at work
Top three factors leading to burnout at work

47% of employees report feeling stressed in their everyday life, but nearly 70% believe their employer would support them in a time of need, according to Mercer Marsh Benefits. The report surveyed over 17,500 employees in 16 markets across the globe about their priorities when it comes to health and well-being, highlighting the voice of the employee so employers can better address their needs. Underlying causes of workplace stress When asked what factors put them … More

The post Top three factors leading to burnout at work appeared first on Help Net Security.

Read More
Sotero Ransomware Protection encrypts data to prevent theft and extortion
Sotero Ransomware Protection encrypts data to prevent theft and extortion

Sotero has launched Sotero Ransomware Protection, giving organizations the ability to proactively protect unstructured data from attack by utilizing behavior-based detection. Most currently available ransomware solutions use a signature-based approach that detects only currently known ransomware strains – a method that broadly protects against malware concerns, but does not guarantee protection against zero-day attacks. Sotero’s Ransomware Protection not only detects currently known ransomware, but also provides the ability to detect and protect data from zero-day … More

The post Sotero Ransomware Protection encrypts data to prevent theft and extortion appeared first on Help Net Security.

Read More
Armorblox releases Graymail and Recon Attack Protection to stop malicious emails
Armorblox releases Graymail and Recon Attack Protection to stop malicious emails

Armorblox has released its newest product, Graymail and Recon Attack Protection, developed to decrease the time security teams spend managing graymail and mitigate the security risks from malicious recon attacks. This is in addition to the announcement of new capabilities across two main products of the Armorblox cloud-delivered email security and data loss prevention platform: Advanced Data Loss Prevention and Abuse Mailbox. The new capabilities are designed to enhance overall productivity across security teams by … More

The post Armorblox releases Graymail and Recon Attack Protection to stop malicious emails appeared first on Help Net Security.

Read More
Cisco patches high and critical flaws across several products
Cisco patches high and critical flaws across several products

Cisco fixed serious vulnerabilities across several of its products this week, including in its Industrial Network Director, Modeling Labs, ASR 5000 Series Routers, and BroadWorks Network Server. The flaws can lead to administrative command injection, authentication bypass, remote privilege escalation and denial of service.

The Cisco Industrial Network Director (IND), a network monitoring and management server for operational technology (OT) networks, received patches for two vulnerabilities rated critical and medium respectively. These were fixed in version 1.11.3 of the software.

To read this article in full, please click here

Read More
Iran cyberespionage group taps SimpleHelp for persistence on victim devices
Iran cyberespionage group taps SimpleHelp for persistence on victim devices

Iranian APT hacking group MuddyWater has been observed using SimpleHelp, a legitimate remote device control and management tool, to ensure persistence on victim devices. 

SimpleHelp itself, as used by the threat actors, has not been compromised — instead, the group has found a way to download the tool from the official website and use it in their attacks, according to a Group-IB blog post.

To read this article in full, please click here

Read More
Good Friday Agreement paved way for Northern Ireland’s emergence as a global cybersecurity hub
Good Friday Agreement paved way for Northern Ireland’s emergence as a global cybersecurity hub

The Belfast (Good Friday) Agreement played an integral role in enabling Northern Ireland’s growth as a global cybersecurity hub, according to UK government chiefs speaking at the CyberUK conference in Belfast. The Good Friday Agreement was signed on Good Friday, April 10, 1998, following three decades of conflict known as the Troubles. In introduced several new power-sharing arrangements designed to install peace, transforming political and economic life in Northern Ireland. Twenty-five years on from the signing of the pivotal peace accord, Northern Ireland’s flourishing cyber ecosystem has one of the highest concentrations of cybersecurity businesses worldwide – estimated to add £437 million in value to the UK’s economy by 2030.

To read this article in full, please click here

Read More
Most interesting products to see at RSA Conference 2023
Most interesting products to see at RSA Conference 2023

Security professionals attending this year’s RSA Conference expect to learn about new tools, platforms, and services from the 600-plus vendors exhibiting there. That’s a lot of ground to cover, so CSO has sifted through the upcoming announcements and gathered the products and services that caught our eye here.

More announcements will be made throughout the event, and CSO will update this article as their embargoes break. We’ve organized the listings by day of announcement.

RSA Conference announcements, pre-event

Binary Defense Phishing Response service

Managed detection and response (MDR) firm Binary Defense will be showing its new Phishing Response service. Its features include email attack surface hardening, intelligence correlation, threat hunting, and investigation-based detection and remediation recommendations. Users may submit emails and phishing alerts from third-party email protection software for analysis. Findings from that analysis are then correlated with other threat intelligence, and then Binary Defense analysts look for evidence of this attack. Binary Defense is at RSAC booth 5415.

To read this article in full, please click here

Read More
3CX hack highlights risk of cascading software supply-chain compromises
3CX hack highlights risk of cascading software supply-chain compromises

At the end of March, an international VoIP software company called 3CX with over 600,000 business customers suffered a serious software supply-chain compromise that resulted in both its Windows and macOS applications being poisoned with malicious code. New evidence suggests the attackers, believed to be North Korean state-sponsored hackers, gained access to the company's network and systems as a result of a different software supply-chain attack involving a third-party application for futures trading.

"The identified software supply chain compromise is the first we are aware of which has led to a cascading software supply chain compromise," incident responders from cybersecurity firm Mandiant, who was contracted to investigate the incident, said in a report Thursday. "It shows the potential reach of this type of compromise, particularly when a threat actor can chain intrusions as demonstrated in this investigation."

To read this article in full, please click here

Read More
The strong link between cyber threat intelligence and digital risk protection
The strong link between cyber threat intelligence and digital risk protection

While indicators of compromise (IoCs) and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence (CTI) needs have grown over the past few years, driven by things like digital transformation, cloud computing, SaaS propagation, and remote worker support. In fact, these changes have led to a CTI subcategory focused on digital risk protection. DRP is broadly defined as, “telemetry, analysis, processes, and technologies used to identify and mitigate risks associated with digital assets.”

Earlier this month, I examined ESG research on enterprise CTI programs. CISOs are investing here but challenges remain. I’ve also dug into the CTI lifecycle. Nearly three-quarters (74%) of organizations claim they employ a lifecycle, but many describe bottlenecks in one or several of the lifecycle phases.

To read this article in full, please click here

Read More
The CSO guide to top security conferences
The CSO guide to top security conferences

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.

Fortunately, plenty of great conferences are coming up in the months ahead.

If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2023.

From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you.

To read this article in full, please click here

Read More
Xage’s new IAM offering provides multilayer authentication for ICS/OT
Xage’s new IAM offering provides multilayer authentication for ICS/OT

Zero trust security provider Xage Security has added a multilayer identity and access management (IAM) solution to its decentralized access control platform Xage Fabric to secure assets in different layers of operational technology (OT) and industrial control systems (ICS) environments.

“Multilayer IAM is needed for a couple of reasons,” said Roman Arutyunov, co-founder, and senior vice president of products at Xage Security. “First is the fact that operators design systems for high availability and resiliency, leaving no single point of failure, and second that separate identities are used at each layer and site with different admins to ensure that compromise of credentials at IT doesn’t result in compromise of OT and furthermore, compromise of one site does not lead to compromise of all sites.”

To read this article in full, please click here

Read More
Cyber insurer launches InsurSec solution to help SMBs improve security, risk management
Cyber insurer launches InsurSec solution to help SMBs improve security, risk management

Cyber insurance provider At-Bay has announced the launch of a new InsurSec solution to help small-to-mid sized businesses (SMBs) improve their security and risk management postures through their insurance policy. The firm describes the At-Bay Stance platform as a “world’s first” that aims to addresses major security technology and skills access gaps by centralizing and prioritizing risks, along with providing expert support to mitigate threats – managed in conjunction with cyber insurance coverage.

The emergence of InsurSec technology reflects a cyber insurance landscape that has seen significant change recently. As the frequency and severity of ransomware, phishing, and denial of service attacks have increased, demand for and conditions relating to coverage have evolved. Policies are becoming more diverse, complex, expensive, and harder to qualify for, presenting CISOs and their organizations with new challenges and considerations for optimal cyber insurance investment.

To read this article in full, please click here

Read More
Five Eye nations release new guidance on smart city cybersecurity
Five Eye nations release new guidance on smart city cybersecurity

New guidance, Cybersecurity Best Practices for Smart Cities, wants to raise awareness among communities and organizations implementing smart city technologies that these beneficial technologies can also have potential vulnerabilities. A collaboration among the Five Eye nations (Australia, Canada, New Zealand, the UK, and the US), it advises communities considering becoming smart cities to assess and mitigate the cybersecurity risks that comes with the technology.

What makes smart cities attractive to attackers is the data being collected and processed. Because AI-powered systems are being used to integrate this data, these should be given special attention when checking for vulnerabilities.

To read this article in full, please click here

Read More
Global intelligence assessments: you are the target
Global intelligence assessments: you are the target

The duty and responsibility of every intelligence service is to collect, analyze, and disseminate intelligence information to its country’s policymakers. In a prior piece, we discussed the US Office of the Director of National Intelligence (ODNI) global threat assessment in the cyber domain. What follows is the perspective from other countries’ intelligence services on what the future may hold.

Those services whose assessments were reviewed and whose perspective is shared include the Australian Security Intelligence Organization (ASIO), Estonia Foreign Intelligence Service (EFIS), Finnish Security and Intelligence Service (SUPO), Norwegian Police Security Service (PST), Swedish Security Service (SAPO) and the European Union Agency for Cybersecurity (ENISA). The great power competition is alive and well and is the constant theme throughout the various assessments.

To read this article in full, please click here

Read More
Russian cyber spy group APT28 backdoors Cisco routers via SNMP
Russian cyber spy group APT28 backdoors Cisco routers via SNMP

APT28, the hacking arm of Russia's GRU military intelligence agency has been backdooring Cisco routers by exploiting a remote code execution vulnerability in the Cisco IOS implementation of the simple network management protocol (SNMP), according to a statement by Western security agencies. The malware deployed on compromised routers patches the router’s authentication mechanism to always accept any password for any local user.

“In 2021, APT28 used infrastructure to masquerade simple network management protocol (SNMP) access into Cisco routers worldwide,” the UK National Cyber Security Centre (NCSC) said in a joint advisory with the US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), and the US Federal Bureau of Investigation (FBI). “This included a small number based in Europe, US government institutions, and approximately 250 Ukrainian victims.”

To read this article in full, please click here

Read More
BrandPost: The status quo for DNS security isn’t working
BrandPost: The status quo for DNS security isn’t working

The Domain Name System (DNS) is often referred to as the phone book of the internet. DNS translates web addresses, which people use, into IP addresses, which machines use. But DNS was not designed with security in mind. And even though companies have invested incredible amounts of money into their security stack (and even though they’ve had since the 1980s to figure this out), DNS traffic often goes unmonitored.

This has only worsened with the adoption of encrypted DNS, known as DNS-over-HTTPS (DoH). Since its introduction in late 2018, DoH has grown from a personal privacy feature that most IT teams blocked outright, to an encouraged enterprise privacy and security function. While DoH protects traffic in transit, it also leaves organizations with little to no visibility over what’s happening with their DNS queries.

To read this article in full, please click here

Read More
Lacework adds vulnerability risk management to its flagship offering
Lacework adds vulnerability risk management to its flagship offering

Cloud security provider Lacework has added a new vulnerability risk management capability to its cloud-native application protection (CNAPP) offering.

The SaaS capability will combine active package detection, attack path analysis, and in-house data on active exploits to generate personalized vulnerability risk scores.

“Lacework takes a risk-based approach that goes beyond a common vulnerability scoring system (CVSS) and looks at each customer’s unique environment, to figure out what packages are active, whether that host is exposed to the internet, whether there are exploits in the wild, etc.,” said Nolan Karpinski, director of product management at Lacework. “CVSS scores are very generic and, at times, do not pertain to every context, meaning it may or may not be bad for your environment.”

To read this article in full, please click here

Read More
Darwinium upgrades its payment fraud protection platform
Darwinium upgrades its payment fraud protection platform

Security and fraud prevention vendor Darwinium has updated its Continuous Customer Protection platform to provide shared intelligence on anonymized data sets. The company claims that the update ensures customers remain in control of users’ data while also preventing Darwinium from becoming a target of cybercrime. Use cases for the Darwinium platform include account security, scam detection, account takeover, fraudulent new accounts, synthetic identities, and bot intelligence.

Darwinium services large B2C organizations (with $1 billion or more in revenue) and marketplaces, dedicated payments providers, ecommerce shops, banks, and some fintechs. In 2022, a study by Statista and Juniper Research estimated e-commerce losses to online payment fraud of $41 billion globally.

To read this article in full, please click here

Read More
OpenSSF releases SLSA v1.0, adds software supply chain-specific tracks
OpenSSF releases SLSA v1.0, adds software supply chain-specific tracks

The Open Source Security Foundation (OpenSSF) has announced the release of Supply-chain Levels for Software Artifacts (SLSA) v.1.0 with structure changes designed to make the software supply chain security framework more accessible and specific to individual areas of the software delivery lifecycle.

SLSA is a community-driven supply chain security standards project that outlines increasing security rigor within the software development process. It aims to address critical pieces of software supply chain security, giving producers, consumers, and infrastructure providers an effective way to assess software security and gain confidence that software hasn’t been tampered with and can be securely traced back to its source. SLSA is backed by several high-profile technology organizations including Google, Intel, Microsoft, VMware, and IBM. The stable release of the SLSA 1.0 lowers the barrier of entry for improvements, helps users focus efforts on improving builds, and reduces the chances of tampering across a large swath of the supply chain, OpenSSF said.

To read this article in full, please click here

Read More
UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure
UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure

The UK National Cyber Security Centre (NCSC) has issued an alert to critical national infrastructure (CNI) organisations warning of an emerging threat from state-aligned groups, particularly those sympathetic to Russia’s invasion of Ukraine. The alert states that newly emerged groups could launch “destructive and disruptive attacks” with less predictable consequences than those of traditional cybercriminals, with CNI organisations strongly encouraged to follow NCSC advice on steps to take when cyber threat is heightened.

The alert was issued on the first day of the NCSC’s CYBERUK conference in Belfast, where experts have gathered to consider topics under the theme of securing an open and resilient digital future. It also comes in the same week as new research that revealed the cost-of -living crisis could trigger a surge in cyberattacks and security issues impacting the UK’s CNI sector.

To read this article in full, please click here

Read More
Top risks and best practices for securely offboarding employees
Top risks and best practices for securely offboarding employees

Employees won’t work for the same organization forever and dealing with their departures is just part and parcel of business. But the security risks posed by departing staff can be significant. Without secure off-boarding processes, organizations expose themselves to a variety of cybersecurity risks ranging from the innocuously accidental to the maliciously deliberate.

High turnover rates and layoffs only add to the offboarding security pressures, with potentially large numbers of employees exiting organizations, sometimes at short notice. CISOs, security teams, and relevant businesses functions should regularly review their offboarding processes to pinpoint potential risks and vulnerabilities, addressing key factors to ensure offboarding strategies remain secure amid evolving cyberthreats and workforce patterns.

To read this article in full, please click here

Read More
Hard-to-detect malware loader distributed via AI-generated YouTube videos
Hard-to-detect malware loader distributed via AI-generated YouTube videos

Security researchers warn of a new malware loader that's used as part of the infection chain for the Aurora information stealer. The loader uses anti-virtual-machine (VM) and unusual compilation techniques that seem to make it quite successful at avoiding detection by security solutions.

The Aurora infostealer is written in Go and is operated as a malware-as-a-service platform that's advertised on Russian-language cybercrime forums. It started gaining popularity among cybercriminals at the end of last year because it is modular and can also be used as a malware downloader to deploy additional payloads in addition to its core functionality of stealing data and credentials from multiple web browsers, cryptocurrency wallets, and local applications.

To read this article in full, please click here

Read More
App cyberattacks jump 137%, with healthcare, manufacturing hit hard, Akamai says
App cyberattacks jump 137%, with healthcare, manufacturing hit hard, Akamai says

An analysis of customer data collected by content delivery network and internet services giant Akamai found that attacks targeting web applications rose by 137% over the course of last year, as the healthcare and manufacturing sectors in particular were targeted with an array of API and application-based intrusions.

Local file intrusions — in which attackers spoof a web application in order to either execute code remotely on a web server or gain access to files that they shouldn’t — were the most common attacks seen against Akamai’s customers in 2022, and the company warns that its high level of popularity means that it’s a technique that likely remains common in 2023.

To read this article in full, please click here

Read More
SpinOne adds new capabilities to secure SaaS applications and data
SpinOne adds new capabilities to secure SaaS applications and data

SaaS data protection provider Spin.ai has launched two new service modules — SaaS security posture management (SSPM) and SaaS data leak prevention/loss protection (SDLP) — along with a few new capabilities for existing modules, to its flagship SaaS security platform SpinOne.

The enhancements to the SaaS-based offering aim to protect SaaS applications, automate manual processes, and minimize business downtime for organizations.

Both SSPM and SDLP are being added as new subscriptions on the SpinOne platform and are generally available, along with the other capabilities released for existing modules.

To read this article in full, please click here

Read More
BrandPost: Security Maturity Has a Communication Issue
BrandPost: Security Maturity Has a Communication Issue

At first glance, the motivations to increase security maturity seem clear. Industry reporting fills news feeds advising on the latest threat or vulnerability poised to take over an organization’s systems to wreak havoc on local and global operations. However, while the emerging risks of increased threats are valid, it's not the whole story.

Cybersecurity is indeed a global concern that affects every organization. However, there is no direct path to guaranteed success. Each organization's approach to increasing cybersecurity maturity and resilience must incorporate the move from generalities to specifics concerning their operations, risk tolerances, regulations, and best practices.

To read this article in full, please click here

Read More
Daon’s TrustX to offer SaaS-based, no-code identity journeys
Daon’s TrustX to offer SaaS-based, no-code identity journeys

Identity and access management provider Daon has launched a SaaS-based identity proofing and authentication platform TrustX, designed to help customers create and manage user identity journeys across organizational workflows.

The fully managed offering will use artificial intelligence (AI) and machine learning (ML) tools to support identity journeys, which will include building, verifying, and authenticating identities, along with regulatory compliance.

To read this article in full, please click here

Read More
BrandPost: 5 ways today’s XDR solutions are failing you
BrandPost: 5 ways today’s XDR solutions are failing you

Cybersecurity professionals are turning to extended detection and response (XDR) solutions to simplify key functions in security operations. But even if you’re confident in your approach to XDR, you may want to revisit whether it is resilient enough to keep up with evolving and increasingly sophisticated cyber threats.

XDR is intended to monitor, detect, and respond to threats across your cybersecurity environment with consolidated telemetry, unified visibility and coordinated response. The solution aims to unify security incident detection and response by:

  • Automatically collecting and correlating telemetry from multiple security tools
  • Applying analytics to detect malicious activity
  • Responding to and remediating threats

To some extent, XDR extends endpoint detection and response (EDR) strategies to correlate data across all vectors—email, endpoints, servers, cloud workloads, and networks.

To read this article in full, please click here

Read More
Businesses detect cyberattacks faster despite increasingly sophisticated adversaries
Businesses detect cyberattacks faster despite increasingly sophisticated adversaries

Global organizations are improving their attack detection capabilities despite facing increasingly sophisticated, persistent, and creative adversaries. The Mandiant M-Trends 2023 report, now in its fourteenth year, revealed that the global median dwell time – calculated as the median number of days an attacker is present in a target’s environment before detection – dropped to 16 days in 2022. This is the shortest median global dwell time from all M-Trends reporting periods.

The reduction in median dwell time reflects the key role partnerships and the exchange of information play in building a more resilient cybersecurity ecosystem, according to Mandiant. That said, several findings from this year’s report demonstrate that adversaries are progressively more sophisticated, persistent, and confident, as evidenced by hundreds of new malware families, extensive cyber espionage campaigns by nation-state-backed actors, and novel aggressive, personal tactics that ignore the traditional cyber rules of engagement.

To read this article in full, please click here

Read More
New Qbot campaign delivers malware by hijacking business emails
New Qbot campaign delivers malware by hijacking business emails

Cyberattacks that use banking trojans of the Qbot family have been targeting companies in Germany, Argentina, and Italy since April 4 by hijacking business emails, according to a research by cybersecurity firm Kaspersky.

In the latest campaign, the malware is delivered through emails written in English, German, Italian, and French. The messages are based on real business emails that the attackers have gained access to. This gives the attackers the opportunity to join the correspondence thread with messages of their own, Kaspersky said in its report.

To read this article in full, please click here

Read More
Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks
Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks

Threat actors are getting more adept at exploiting common, everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments.

That’s according to the Unit 42 Cloud Threat Report, Volume 7, which analyzed the workloads in 210,000 cloud accounts across 1,300 different organizations to gain a comprehensive look at the current cloud security landscape. It cited a small set of risky cloud behaviors that are repeatedly observed in organizations, warning that the average time to remediate alerts (roughly six days) provides a lengthy window of opportunity for adversaries to exploit cloud vulnerabilities.

To read this article in full, please click here

Read More
19 startups to check out at RSA Conference 2023
19 startups to check out at RSA Conference 2023

This year’s RSA Conference showcases promising startups from all over the world, many of which are making their first public appearance. Most will be exhibiting in the Early Stage Expo, which features 50 new security solution providers. Other startup exhibitors are finalists in RSA’s Innovation Sandbox competition.

Perhaps the most interesting aspect about startups is that they target needs not addressed by established vendors. Those needs are often the result of changing trends in threat actors’ objectives and how they target and exploit victims.

To read this article in full, please click here

Read More
The classified document leak: let’s talk about Jack Teixeira’s need-to-know
The classified document leak: let’s talk about Jack Teixeira’s need-to-know

The arrest of 21-year-old Airman First Class Jack Teixeira last week has inspired myriad reactions from armchair pundits declaring 21 is too young to be trusted with classified information to the need to reform the Department of Defense and the intelligence community to the US Speaker of the House calling for hearings on how the administration of President Joe Biden could have allowed such a breach to occur. In my opinion, the real concern is the need to reform policies and processes associated with how information is accessed by insiders.

As the case brought against Teixeira unfolds, one realization we don’t have to wait for is that the insider risk management program within the United States Air Force’s 102nd Intelligence Wing at Otis Air National Guard Base failed, and failed spectacularly. A reading of the Department of Justice affidavit in support of an arrest warrant provides a glimpse into Teixeira’s naivete and that his actions were malevolent from the get-go.

To read this article in full, please click here

Read More
Google urges users to update Chrome to address zero-day vulnerability
Google urges users to update Chrome to address zero-day vulnerability

Google has released an emergency Chrome security update to address a zero-day vulnerability targeted by an exploit, already in circulation on the internet, that can allow malicious code to be executed.

Google is urging users to upgrade Chrome to the new version, 112.0.5615.121, as soon as possible. The updated version addresses the vulnerability, which affects Windows, Mac, and Linux systems, and is listed as CVE-2023-2033 in the US' National Vulnerability Database.

Meanwhile, the update will roll out in the coming weeks on Google's stable desktop channel, the company said.

To read this article in full, please click here

Read More
Did you mistakenly sell your network access? – Week in security with Tony Anscombe
Did you mistakenly sell your network access? – Week in security with Tony Anscombe

Many routers that are offered for resale contain sensitive corporate information and allow third-party connections to corporate networks

The post Did you mistakenly sell your network access? – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Read More
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack

Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack

The post Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack appeared first on WeLiveSecurity

Read More
The EU’s Cyber Solidarity Act: Security Operations Centers to the rescue!
The EU’s Cyber Solidarity Act: Security Operations Centers to the rescue!

The legislation aims to bolster the Union’s cyber-resilience and enhance its capabilities to prepare for, detect and respond to incidents

The post The EU’s Cyber Solidarity Act: Security Operations Centers to the rescue! appeared first on WeLiveSecurity

Read More
PC running slow? 10 ways you can speed it up
PC running slow? 10 ways you can speed it up

Before you rush to buy new hardware, try these simple tricks to get your machine up to speed again – and keep it that way.

The post PC running slow? 10 ways you can speed it up appeared first on WeLiveSecurity

Read More
Discarded, not destroyed: Old routers reveal corporate secrets
Discarded, not destroyed: Old routers reveal corporate secrets

When decommissioning their old hardware, many companies 'throw the baby out with the bathwater'

The post Discarded, not destroyed: Old routers reveal corporate secrets appeared first on WeLiveSecurity

Read More
Hunting down BlackLotus – Week in security with Tony Anscombe
Hunting down BlackLotus – Week in security with Tony Anscombe

Microsoft releases guidance on how organizations can check their systems for the presence of BlackLotus, a powerful threat first analyzed by ESET researchers

The post Hunting down BlackLotus – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Read More
Safety first: 5 cybersecurity tips for freelance bloggers
Safety first: 5 cybersecurity tips for freelance bloggers

The much-dreaded writer’s block isn’t the only threat that may derail your progress. Are you doing enough to keep your blog (and your livelihood) safe from online dangers?

The post Safety first: 5 cybersecurity tips for freelance bloggers appeared first on WeLiveSecurity

Read More
What are the cybersecurity concerns of SMBs by sector?
What are the cybersecurity concerns of SMBs by sector?

Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured

The post What are the cybersecurity concerns of SMBs by sector? appeared first on WeLiveSecurity

Read More
10 things to look out for when buying a password manager
10 things to look out for when buying a password manager

Here's how to choose the right password vault for you and what exactly to consider when weighing your options

The post 10 things to look out for when buying a password manager appeared first on WeLiveSecurity

Read More
Steer clear of tax scams – Week in security with Tony Anscombe
Steer clear of tax scams – Week in security with Tony Anscombe

In a rush to file your taxes? Watch out for cybercriminals preying on stressed taxpayers as Tax Day looms large on the horizon.

The post Steer clear of tax scams – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Read More
Cleaning up your social media and passwords: What to trash and what to treasure
Cleaning up your social media and passwords: What to trash and what to treasure

Give your social media presence a good spring scrubbing, audit your passwords and other easy ways to bring order to your digital chaos

The post Cleaning up your social media and passwords: What to trash and what to treasure appeared first on WeLiveSecurity

Read More
Why you should spring clean your home network and audit your backups
Why you should spring clean your home network and audit your backups

Do you know how many devices are connected to your home network? You don’t? This is precisely why it’s time for a network audit.

The post Why you should spring clean your home network and audit your backups appeared first on WeLiveSecurity

Read More
Spring into action and tidy up your digital life like a pro
Spring into action and tidy up your digital life like a pro

Spring is in the air and as the leaves start growing again, why not breathe some new life into the devices you depend on so badly?

The post Spring into action and tidy up your digital life like a pro appeared first on WeLiveSecurity

Read More
Avoiding data backup failures – Week in security with Tony Anscombe
Avoiding data backup failures – Week in security with Tony Anscombe

Today is World Backup Day, but maybe we also need a "did you test your backups" day?

The post Avoiding data backup failures – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Read More
World Backup Day: Avoiding a data disaster is a forever topic
World Backup Day: Avoiding a data disaster is a forever topic

By failing to prepare you are preparing to fail. Make sure you're able to bounce back if, or when, a data disaster strikes.

The post World Backup Day: Avoiding a data disaster is a forever topic  appeared first on WeLiveSecurity

Read More
ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine
ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine

ESET experts share their insights on the cyber-elements of the first year of the war in Ukraine and how a growing number of destructive malware variants tried to rip through critical Ukrainian systems

The post ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine appeared first on WeLiveSecurity

Read More
Pig butchering scams: The anatomy of a fast‑growing threat
Pig butchering scams: The anatomy of a fast‑growing threat

How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers

The post Pig butchering scams: The anatomy of a fast‑growing threat appeared first on WeLiveSecurity

Read More
Staying safe on OnlyFans: The naked truth
Staying safe on OnlyFans: The naked truth

How content creators and subscribers can embrace the social media platform without (overly) exposing themselves to the potentially toxic brew of NSFW content and privacy threats

The post Staying safe on OnlyFans: The naked truth appeared first on WeLiveSecurity

Read More
Highlights from TikTok CEO’s Congress grilling – Week in security with Tony Anscombe
Highlights from TikTok CEO’s Congress grilling – Week in security with Tony Anscombe

Here are some of the key moments from the five hours of Shou Zi Chew's testimony and other interesting news on the data privacy front

The post Highlights from TikTok CEO’s Congress grilling – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Read More
What TikTok knows about you – and what you should know about TikTok
What TikTok knows about you – and what you should know about TikTok

As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us

The post What TikTok knows about you – and what you should know about TikTok appeared first on WeLiveSecurity

Read More
Understanding Managed Detection and Response – and what to look for in an MDR solution
Understanding Managed Detection and Response – and what to look for in an MDR solution

Why your organization should consider an MDR solution and five key things to look for in a service offering

The post Understanding Managed Detection and Response – and what to look for in an MDR solution appeared first on WeLiveSecurity

Read More
Twitter ends free SMS 2FA: Here’s how you can protect your account now
Twitter ends free SMS 2FA: Here’s how you can protect your account now

Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option.

The post Twitter ends free SMS 2FA: Here’s how you can protect your account now appeared first on WeLiveSecurity

Read More
Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe
Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe

Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse

The post Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Read More
SVB’s collapse is a scammer’s dream: Don’t get caught out
SVB’s collapse is a scammer’s dream: Don’t get caught out

How cybercriminals can exploit Silicon Valley Bank's downfall for their own ends – and at your expense

The post SVB’s collapse is a scammer’s dream: Don’t get caught out appeared first on WeLiveSecurity

Read More
Not‑so‑private messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets
Not‑so‑private messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets

ESET researchers analyzed Android and Windows clippers that can tamper with instant messages and use OCR to steal cryptocurrency funds

The post Not‑so‑private messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets appeared first on WeLiveSecurity

Read More
The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia
The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia

ESET Research uncovered a campaign by APT group Tick against a data-loss prevention company in East Asia and found a previously unreported tool used by the group

The post The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia appeared first on WeLiveSecurity

Read More
5 signs you’ve fallen for a scam – and what to do next
5 signs you’ve fallen for a scam – and what to do next

Here’s how to know you have fallen victim to a scam – and what to do in order to undo or mitigate the damage.

The post 5 signs you’ve fallen for a scam – and what to do next appeared first on WeLiveSecurity

Read More
APT hackers set a honeytrap to ensnare victims – Week in security with Tony Anscombe
APT hackers set a honeytrap to ensnare victims – Week in security with Tony Anscombe

A request to move an online conversation to a supposedly more secure platform may not be as well-meaning as it sounds

The post APT hackers set a honeytrap to ensnare victims – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Read More
Common WhatsApp scams and how to avoid them
Common WhatsApp scams and how to avoid them

Here's a roundup of some of the most common tricks that fraudsters use to dupe their victims on WhatsApp – and what you can do to protect yourself against them.

The post Common WhatsApp scams and how to avoid them appeared first on WeLiveSecurity

Read More
‘A woman from Mars’: Life in the pursuit of space exploration
‘A woman from Mars’: Life in the pursuit of space exploration

An astrobiologist, analog astronaut, author and speaker, Dr. Michaela Musilova shares her experience as a woman at the forefront of space exploration and from her quest for scientific and personal excellence

The post ‘A woman from Mars’: Life in the pursuit of space exploration appeared first on WeLiveSecurity

Read More
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials

ESET researchers analyze a cyberespionage campaign that distributes CapraRAT backdoors through trojanized and supposedly secure Android messaging apps – but also exfiltrates sensitive information

The post Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials appeared first on WeLiveSecurity

Read More
What does $5,000 buy you on a hacking forum? – Week in security with Tony Anscombe
What does $5,000 buy you on a hacking forum? – Week in security with Tony Anscombe

A bootkit that ESET researchers have discovered in the wild is the BlackLotus UEFI bootkit that is being peddled on hacking forums

The post What does $5,000 buy you on a hacking forum? – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Read More
MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT
MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT

ESET researchers tease apart MQsTTang, a new backdoor used by Mustang Panda, which communicates via the MQTT protocol

The post MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT appeared first on WeLiveSecurity

Read More
BlackLotus UEFI bootkit: Myth confirmed
BlackLotus UEFI bootkit: Myth confirmed

The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality

The post BlackLotus UEFI bootkit: Myth confirmed appeared first on WeLiveSecurity

Read More
ESET Research Podcast: Ransomware trashed data, Android threats soared in T3 2022
ESET Research Podcast: Ransomware trashed data, Android threats soared in T3 2022

And that’s just the tip of the iceberg when it comes to the trends that defined the cyberthreat landscape in the final four months of 2022.

The post ESET Research Podcast: Ransomware trashed data, Android threats soared in T3 2022 appeared first on WeLiveSecurity

Read More
One year on, how is the war playing out in cyberspace? – Week in security with Tony Anscombe
One year on, how is the war playing out in cyberspace? – Week in security with Tony Anscombe

With the conflict in Ukraine passing the one-year mark, have its cyber-war elements turned out as expected?

The post One year on, how is the war playing out in cyberspace? – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Read More
A year of wiper attacks in Ukraine
A year of wiper attacks in Ukraine

ESET Research has compiled a timeline of cyberattacks that used wiper malware and have occurred since Russia’s invasion of Ukraine in 2022

The post A year of wiper attacks in Ukraine appeared first on WeLiveSecurity

Read More
WinorDLL64: A backdoor from the vast Lazarus arsenal?
WinorDLL64: A backdoor from the vast Lazarus arsenal?

The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group

The post WinorDLL64: A backdoor from the vast Lazarus arsenal? appeared first on WeLiveSecurity

Read More
Writing like a boss with ChatGPT and how to get better at spotting phishing scams
Writing like a boss with ChatGPT and how to get better at spotting phishing scams

It’s never been easier to write a convincing message that can trick you into handing over your money or personal data

The post Writing like a boss with ChatGPT and how to get better at spotting phishing scams appeared first on WeLiveSecurity

Read More
ESET SMB Digital Security Sentiment Report: The damaging effects of a breach
ESET SMB Digital Security Sentiment Report: The damaging effects of a breach

SMBs need to not only reduce their odds of being hit by an attack, but also implement processes that they can follow if their defenses are breached

The post ESET SMB Digital Security Sentiment Report: The damaging effects of a breach appeared first on WeLiveSecurity

Read More
Will ChatGPT start writing killer malware?
Will ChatGPT start writing killer malware?

AI-pocalypse soon? As stunning as ChatGPT’s output can be, should we also expect the chatbot to spit out sophisticated malware?

The post Will ChatGPT start writing killer malware? appeared first on WeLiveSecurity

Read More
Search ads abused to spread malware – Week in security with Tony Anscombe
Search ads abused to spread malware – Week in security with Tony Anscombe

Threat actors used search engine ads to impersonate makers of popular software and direct internet users to malicious websites

The post Search ads abused to spread malware – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Read More
Security amidst a global frost
Security amidst a global frost

No longer relegated to a side-show, tech is embedded into virtually every new piece of gear entering the battlefield

The post Security amidst a global frost appeared first on WeLiveSecurity

Read More
These aren’t the apps you’re looking for: fake installers targeting Southeast and East Asia
These aren’t the apps you’re looking for: fake installers targeting Southeast and East Asia

ESET researchers have identified a campaign using trojanized installers to deliver the FatalRAT malware, distributed via malicious websites linked in ads that appear in Google search results

The post These aren’t the apps you’re looking for: fake installers targeting Southeast and East Asia appeared first on WeLiveSecurity

Read More
10 signs that scammers have you in their sights
10 signs that scammers have you in their sights

Don’t be their next victim – here’s a handy round-up of some the most common signs that should set your alarm bells ringing

The post 10 signs that scammers have you in their sights appeared first on WeLiveSecurity

Read More
ChatGPT, will you be my Valentine?
ChatGPT, will you be my Valentine?

Spoiler alert: it turned me down. But that’s far from the only thing I learned while playing around with the bot that the world has fallen in love with so badly.

The post ChatGPT, will you be my Valentine? appeared first on WeLiveSecurity

Read More
Confident cybersecurity means fewer headaches for SMBs
Confident cybersecurity means fewer headaches for SMBs

Small and medium-sized businesses have good reason to be concerned about the loss of data and financial impacts

The post Confident cybersecurity means fewer headaches for SMBs appeared first on WeLiveSecurity

Read More
Key findings from the latest ESET Threat Report – Week in security with Tony Anscombe
Key findings from the latest ESET Threat Report – Week in security with Tony Anscombe

What is behind the drop in ransomware and what should still be done for containing the ransomware scourge?

The post Key findings from the latest ESET Threat Report – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Read More
Alexa, who else is listening?
Alexa, who else is listening?

Your smart speaker is designed to listen, but could it be eavesdropping too?

The post Alexa, who else is listening? appeared first on WeLiveSecurity

Read More
ESET Threat Report T3 2022
ESET Threat Report T3 2022

A view of the T3 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

The post ESET Threat Report T3 2022 appeared first on WeLiveSecurity

Read More
Plenty of Time to Get Compliance-AI Right
Plenty of Time to Get Compliance-AI Right

Plenty of Time to Get Compliance-AI Right

When will the company fall out of compliance, and why?

Artificial intelligence and machine learning continue to create a more significant media frenzy than BlackPink performing at Coachella!

All the noise from many globally intelligent people talking about slowing down AI so we can get our heads around what this automated robotic, non-human interaction, self-propelled, job-killing science is all about.

Until we figure that out, how about we turn the “pirate ship a hard left” and focus our brain power on a more pressing need; compliance-AI.

If you turned to my podcast yesterday, “CyberBlock and Chain with a Touch of Web 3.0,” I poked fun at the ENRON and Arthur Andersen scandal and compared it to the recent KPMG/SVB nightmare that is still unfolding.

For a moment, if SVB, the banker regulators, and the board of directors had an AI-powered Machine learning data crunching system letting them know months or even a year in advance, “because of current data trends, we will no longer comply with SOX, GLBA, PCI, and GDP if we continue to take these risks.”

I suspect SVB and other banks have invested heavily in data analytics to measure their investment risk strategy. However, what I believe is missing is when “human judgment,” including email communications or failure to hire a chief risk officer, these attributes should factor into the overall “risk of being non-compliance.” By taking telemetry from Cybersecurity, Risk Management, and Email Compliance alerts, including external DLP rule violations and other compliance findings, with the power of AI, this should create a pretty good dashboard for everyone to see.

What good will it do? Well, think about what is coming out about SVB and KPMG possibly going “old-school (DOT.COM) for a moment and buttering up the books to paint a clear and concise picture while the absolute truth is buried somewhere with an email or voice mail or maybe some other method of communication.

Natural Language Processing (NLP) would have a home here for years!

What is being said? Who said it? When was it said? What results came about? These questions yield more of the same risk-seeking culture with a greater reward.

In English, we call this “greed.”

How should organizations reconsider their AI investments in XDR, MXDR, DDR..etc.. and significantly invest in compliance AI?

There is never a good time or wrong time to change direction for the good of the organizations, investors, and employees.

Compliance AI can tell us more than what we want to know. And that is a good thing. We just want to ensure that more people see this “analysis” so “old-school” checks and balances can help prevent the subsequent “failure” and taxpayer bailout.

The post Plenty of Time to Get Compliance-AI Right appeared first on Security Boulevard.

Read More
USENIX Security ’22 – Tomas Hlavacek, Philipp Jeitner, Donika Mirdita, Haya Shulman, Michael Waidner – ‘Stalloris: RPKI Downgrade Attack’
USENIX Security ’22 – Tomas Hlavacek, Philipp Jeitner, Donika Mirdita, Haya Shulman, Michael Waidner – ‘Stalloris: RPKI Downgrade Attack’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel.

Permalink

The post USENIX Security ’22 – Tomas Hlavacek, Philipp Jeitner, Donika Mirdita, Haya Shulman, Michael Waidner – ‘Stalloris: RPKI Downgrade Attack’ appeared first on Security Boulevard.

Read More
Best Practices for Responding to a GRC Vendor Assessment
Best Practices for Responding to a GRC Vendor Assessment

Answering a GRC (Governance, Risk, and Compliance) vendor assessment is an important step for companies that want to demonstrate their commitment to compliance and risk management to potential customers. In this piece, we’ll cover how you can best respond to a prospect’s vendor assessment so you both can seal the deal. By following these best […]

The post Best Practices for Responding to a GRC Vendor Assessment first appeared on TrustCloud.

The post Best Practices for Responding to a GRC Vendor Assessment appeared first on Security Boulevard.

Read More
Power Up Your Dependencies: The Parallels of SBOMs and Mario Kart
Power Up Your Dependencies: The Parallels of SBOMs and Mario Kart

 

The post Power Up Your Dependencies: The Parallels of SBOMs and Mario Kart appeared first on Security Boulevard.

Read More
RSAC Fireside Chat: Here’s why companies are increasingly turning to MSSPs for deeper help
RSAC Fireside Chat: Here’s why companies are increasingly turning to MSSPs for deeper help

Managed Security Service Providers, MSSPs, have been around for some time now as a resource to help companies operate more securely.

Related: CMMC mandates best security practices

Demand for richer MSSP services was already growing at a rapid pace, as … (more…)

The post RSAC Fireside Chat: Here’s why companies are increasingly turning to MSSPs for deeper help appeared first on Security Boulevard.

Read More
Hacking Pickleball
Hacking Pickleball

My latest book, A Hacker’s Mind, has a lot of sports stories. Sports are filled with hacks, as players look for every possible advantage that doesn’t explicitly break the rules. Here’s an example from pickleball, which nicely explains the dilemma between hacking as a subversion and hacking as innovation:

Some might consider these actions cheating, while the acting player would argue that there was no rule that said the action couldn’t be performed. So, how do we address these situations, and close those loopholes? We make new rules that specifically address the loophole action. And the rules book gets longer, and the cycle continues with new loopholes identified, and new rules to prohibit that particular action in the future...

The post Hacking Pickleball appeared first on Security Boulevard.

Read More
A Comprehensive Guide for the SOC-2 Audit Checklist
A Comprehensive Guide for the SOC-2 Audit Checklist

The SOC 2 framework helps you identify potential risks to your business and mitigate them with approved controls. To pass a SOC 2 audit, you must first define your audit objectives, determine your audit scope, and undergo a number of preparation steps and assessments.  While these steps can be time-consuming, expensive, and arduous, achieving SOC […]

The post A Comprehensive Guide for the SOC-2 Audit Checklist first appeared on TrustCloud.

The post A Comprehensive Guide for the SOC-2 Audit Checklist appeared first on Security Boulevard.

Read More
Vendor Re-Use Opens the Aperture on Many Vulnerabilities
Vendor Re-Use Opens the Aperture on Many Vulnerabilities

Introduction The IT supply chain is filled with software vulnerabilities, many resulting from significant code reuse across multiple vendors. The economic forces at play form a ‘race to the bottom’ competitive landscape, where feature velocity and low cost drive development practices. Often, basic Secure Systems Development Lifecycle (SSDLC) practices, such as baking in static code […]

The post Vendor Re-Use Opens the Aperture on Many Vulnerabilities appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Vendor Re-Use Opens the Aperture on Many Vulnerabilities appeared first on Security Boulevard.

Read More
Threat Spotlight: Triple Extortion Ransomware
Threat Spotlight: Triple Extortion Ransomware

Executive Overview Threat actors have escalated the single extortion ransomware attack model to double and even triple extortion.  With the commodification of cybercrime, adversaries have significantly increased the sophistication levels of their operations, and therefore also the potential devastating impacts of a ransomware attack.  Flare Director of Marketing Eric Clay and CTO & Co-Founder Mathieu […]

The post Threat Spotlight: Triple Extortion Ransomware appeared first on Flare | Cyber Threat Intel | Digital Risk Protection.

The post Threat Spotlight: Triple Extortion Ransomware appeared first on Security Boulevard.

Read More
AppSec Decoded: Creating an attack model in threat modeling
AppSec Decoded: Creating an attack model in threat modeling

threat modeling | Synopsys

An attack model in threat modeling answers the question of how well your assets are protected against threats.

The post AppSec Decoded: Creating an attack model in threat modeling appeared first on Security Boulevard.

Read More
The Week in Ransomware - April 21st 2023 - Macs in the Crosshairs
The Week in Ransomware - April 21st 2023 - Macs in the Crosshairs

A lot of news broke this week related to ransomware, with the discovery of LockBit testing macOS encryptors to an outage on NCR, causing massive headaches for restaurants. [...]

Read More
Critical infrastructure also hit by supply chain attack behind 3CX breach
Critical infrastructure also hit by supply chain attack behind 3CX breach

The X_Trader software supply chain attack that led to last month's 3CX breach has also impacted at least several critical infrastructure organizations in the United States and Europe, according to Symantec's Threat Hunter Team. [...]

Read More
GhostToken GCP flaw let attackers backdoor Google accounts
GhostToken GCP flaw let attackers backdoor Google accounts

Google has addressed a Cloud Platform (GCP) security vulnerability impacting all users and allowing attackers to backdoor their accounts using malicious OAuth applications installed from the Google Marketplace or third-party providers. [...]

Read More
Kubernetes RBAC abused to create persistent cluster backdoors
Kubernetes RBAC abused to create persistent cluster backdoors

Hackers use a novel method involving RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack their resources for Monero crypto-mining. [...]

Read More
American Bar Association data breach hits 1.4 million members
American Bar Association data breach hits 1.4 million members

The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members. [...]

Read More
University websites using MediaWiki, TWiki hacked to serve Fortnite spam
University websites using MediaWiki, TWiki hacked to serve Fortnite spam

Websites of multiple U.S. universities are serving Fortnite and 'gift card' spam. Researchers observed Wiki and documentation pages being hosted by universities including Stanford, MIT, Berkeley, UMass Amherst, Northeastern, Caltech, among others, were compromised. [...]

Read More
Attackers use abandoned WordPress plugin to backdoor websites
Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. [...]

Read More
Google: Ukraine targeted by 60% of Russian phishing attacks in 2023
Google: Ukraine targeted by 60% of Russian phishing attacks in 2023

Google's Threat Analysis Group (TAG) has been monitoring and disrupting Russian state-backed cyberattacks targeting Ukraine's critical infrastructure in 2023. [...]

Read More
VMware fixes vRealize bug that let attackers run code as root
VMware fixes vRealize bug that let attackers run code as root

VMware addressed a critical vRealize Log Insight security vulnerability that allows remote attackers to gain remote execution on vulnerable appliances. [...]

Read More
Lazarus hackers now push Linux malware via fake job offers
Lazarus hackers now push Linux malware via fake job offers

A new Lazarus campaign considered part of "Operation DreamJob" has been discovered targeting Linux users with malware for the first time. [...]

Read More
Microsoft 365 outage blocks access to web apps and services
Microsoft 365 outage blocks access to web apps and services

Microsoft is investigating an ongoing outage blocking customers worldwide from accessing and using web apps and online services. [...]

Read More
Capita confirms hackers stole data in recent cyberattack
Capita confirms hackers stole data in recent cyberattack

London-based professional outsourcing giant Capita has published an update on the cyber-incident that impacted it at the start of the month, now admitting that hackers exfiltrated data from its systems. [...]

Read More
3CX hack caused by trading software supply chain attack
3CX hack caused by trading software supply chain attack

An investigation into last month's 3CX supply chain attack discovered that it was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds. [...]

Read More
Avalor wants to unify cybersecurity tools by aggregating data
Avalor wants to unify cybersecurity tools by aggregating data

Security has a data problem. That’s according to Kfir Tishbi, who led the engineering team at Datorama, a marketing analytics company that was acquired by Salesforce in 2018. Tishbi — who spent time at CitiBank and digital entertainment startup Playtika before joining Datorama — says he often worked with security teams that had to juggle […]

Avalor wants to unify cybersecurity tools by aggregating data by Kyle Wiggers originally published on TechCrunch

Read More
Slim.AI helps developers optimize and secure their containers
Slim.AI helps developers optimize and secure their containers

Slim.AI, a startup specializing in software supply chain security that helps businesses optimize and secure their software containers, today announced the launch of its automated container hardening feature at the CNCF’s KubeCon/CloudNativeCon Europe. With this, Slim can now automatically scan a company’s containers for vulnerabilities and remove unnecessary files, libraries and other attack surfaces. Built […]

Slim.AI helps developers optimize and secure their containers by Frederic Lardinois originally published on TechCrunch

Read More
Otterize raises $11.5M to help developers securely connect software services
Otterize raises $11.5M to help developers securely connect software services

Tomer Greenwald, Uri Sarid and Ori Shoshan, software developers by trade, found themselves building and configuring software authentication and authorization mechanisms repeatedly — each time with a different tech stack. Frustrated with the process, they sought to create a platform that enables developers to focus on writing code rather than on constantly configuring server permissions. […]

Otterize raises $11.5M to help developers securely connect software services by Kyle Wiggers originally published on TechCrunch

Read More
Cranium launches out of KPMG’s venture studio to tackle AI security
Cranium launches out of KPMG’s venture studio to tackle AI security

Several years ago, Jonathan Dambrot, a partner at KPMG, was helping customers deploy and develop AI systems when he started to notice certain gaps in compliance and security. According to him, no one could explain whether their AI was secure — or even who was responsible for ensuring that. “Fundamentally, data scientists don’t understand the […]

Cranium launches out of KPMG’s venture studio to tackle AI security by Kyle Wiggers originally published on TechCrunch

Read More
Strivacity, which helps companies build secure login flows, nabs $20M
Strivacity, which helps companies build secure login flows, nabs $20M

Identity and access security issues are increasingly top of mind for companies. According to a recent Verizon survey, 61% of all breaches now involve credentials — whether they be stolen via social engineering or hacked using brute force. It’s frustrating for users, too; a NordPass poll found that eight out of 10 people find password […]

Strivacity, which helps companies build secure login flows, nabs $20M by Kyle Wiggers originally published on TechCrunch

Read More
DataDome, which uses AI to protect against bot-based attacks, raises $42M
DataDome, which uses AI to protect against bot-based attacks, raises $42M

Online businesses are at risk of bad bot activity, certainly more now than they used to be. According to a survey from Imperva, 42.3% of internet traffic in 2021 wasn’t human, but instead bots that ran automated routines with ill intent. Given the damage bots can do — for example, stealing content and inventory, degrading […]

DataDome, which uses AI to protect against bot-based attacks, raises $42M by Kyle Wiggers originally published on TechCrunch

Read More
Spera raises $10M for its identity security posture management platform
Spera raises $10M for its identity security posture management platform

With Spera, businesses get a single end-to-end tool that allows them to manage all aspects of identity security

Spera raises $10M for its identity security posture management platform by Frederic Lardinois originally published on TechCrunch

Read More
Microsoft lets generative AI loose on cybersecurity
Microsoft lets generative AI loose on cybersecurity

As a part of its continued quest to inject generative AI into all its products, Microsoft today introduced Security Copilot, a new tool that aims to “summarize” and “make sense” of threat intelligence. In a light-on-the-details announcement, Microsoft pitched Security Copilot as a way to correlate data on attacks while prioritizing security incidents. Countless tools […]

Microsoft lets generative AI loose on cybersecurity by Kyle Wiggers originally published on TechCrunch

Read More
Disrupt 2023 — we’re shipping a big new release
Disrupt 2023 — we’re shipping a big new release

If the past few years, and even the past week, has reminded us soundly of anything — it’s that the startup world will never be predictable. To meet the changing startup landscape, we’re refreshing and re-imagining TechCrunch Disrupt 2023 in a big way, with more of what you love and new ways to accelerate your growth. […]

Disrupt 2023 — we’re shipping a big new release by Matthew Panzarino originally published on TechCrunch

Read More
Aembit raises $16.6M to bring identity management to workloads
Aembit raises $16.6M to bring identity management to workloads

Aembit, a Maryland-based security startup that focuses on helping DevOps and security teams manage how federated workloads talk to each other, is officially launching its service today and announcing a $16.6 million seed funding round from Ballistic Ventures and Ten Eleven Ventures. In essence, Aembit’s workload identity and access management service applies industry knowledge, from […]

Aembit raises $16.6M to bring identity management to workloads by Frederic Lardinois originally published on TechCrunch

Read More
New Zealand bans TikTok from phones of parliamentarians
New Zealand bans TikTok from phones of parliamentarians

Days after the U.K. banned TikTok from government devices, New Zealand has joined the trend by prohibiting the short video app from parliamentary devices. The move comes amid growing security concerns about TikTok-owner ByteDance handing user data to the Chinese government. The country’s authorities cited cybersecurity reasons and said the app would be banned on […]

New Zealand bans TikTok from phones of parliamentarians by Ivan Mehta originally published on TechCrunch

Read More
Ledger launches browser extension to improve crypto wallet connectivity
Ledger launches browser extension to improve crypto wallet connectivity

Ledger, one of the largest cold storage crypto wallet providers, launched a browser extension to improve online security and connectivity for digital assets, the company exclusively told TechCrunch. “You think of Web 1.0 as usernames and passwords, Web 2.0 as log in with Facebook, Google, iCloud, Twitter, and web3 is [about] connecting to your wallet,” […]

Ledger launches browser extension to improve crypto wallet connectivity by Jacquelyn Melinek originally published on TechCrunch

Read More
Once scammed for ten grand, this VC is building a crypto security vault
Once scammed for ten grand, this VC is building a crypto security vault

One of the barriers to bringing cryptocurrency into the mainstream is the frequency of fraud in the space. Last year alone, more than $3.9 billion worth of crypto was “lost,” according to an industry report, even though the number was already down roughly 50% from the year before. Francois Le Nguyen, an angel investor and […]

Once scammed for ten grand, this VC is building a crypto security vault by Rita Liao originally published on TechCrunch

Read More
Cloud security vendor Mitiga lands $45M, valuing the company at over $100M
Cloud security vendor Mitiga lands $45M, valuing the company at over $100M

Companies moved en masse to the cloud during the pandemic, under pressure to digitally transform. According to a 2021 survey from O’Reilly, cloud adoption steadily rose across industries, with 90% of organizations using cloud computing compared to 88% in 2020. The accelerated cloud adoption led to a rise in security issues. In a recent poll […]

Cloud security vendor Mitiga lands $45M, valuing the company at over $100M by Kyle Wiggers originally published on TechCrunch

Read More
a16z-backed Uno launches a design-centric password manager
a16z-backed Uno launches a design-centric password manager

There are plenty of good reasons why you should use a password manager, from helping you generate and store complex and unique passwords to not needing to remember any of them. But for some folks, getting started with a password manager for the first time can be a hassle. To cater to that problem, a16z-backed […]

a16z-backed Uno launches a design-centric password manager by Ivan Mehta originally published on TechCrunch

Read More
Entitle raises $15M seed round to modernize permissions management
Entitle raises $15M seed round to modernize permissions management

Tel Aviv-based Entitle, a startup that helps businesses automate how their developers gain permission to access cloud resources, today announced that it has raised a $15 million seed round led by Glilot Capital Partners, with participation from a number of angel investors, including more than 10 prominent CISOs. The company, which was founded in 2021 […]

Entitle raises $15M seed round to modernize permissions management by Frederic Lardinois originally published on TechCrunch

Read More
Cloud security startup Wiz, now valued at $10B, raises $300M
Cloud security startup Wiz, now valued at $10B, raises $300M

Cybersecurity continues to be a major area for investment among businesses — and VCs. While a decline from the previous year, venture capital funding in the cybersecurity sector totaled $18.5 billion in 2022, according to Momentum Cyber. The popularity comes in part from the rise in cyberattacks. Check Point Research reports that global cyberattacks increased […]

Cloud security startup Wiz, now valued at $10B, raises $300M by Kyle Wiggers originally published on TechCrunch

Read More
Stelo Labs raises $6M in a16z-led round to help crypto wallet users protect themselves
Stelo Labs raises $6M in a16z-led round to help crypto wallet users protect themselves

Stelo Labs raised $6 million in a round led by a16z to help crypto wallet users protect themselves through a browser extension.

Stelo Labs raises $6M in a16z-led round to help crypto wallet users protect themselves by Jacquelyn Melinek originally published on TechCrunch

Read More
Tile takes extreme steps to limit stalkers and thieves from using its Bluetooth trackers
Tile takes extreme steps to limit stalkers and thieves from using its Bluetooth trackers

Apple took a big PR hit as news spread that its item tracker the AirTag was being used for stalking and car thefts, which led the company to retool its software with a closer eye on user safety. AirTag’s competitor Tile is now introducing its own plan to make its device safer, with the launch […]

Tile takes extreme steps to limit stalkers and thieves from using its Bluetooth trackers by Sarah Perez originally published on TechCrunch

Read More
Coincover raises $30M to help protect digital assets from hacks and human error
Coincover raises $30M to help protect digital assets from hacks and human error

Coincover, a digital asset protection company, has raised $30 million to protect people and their digital assets from hacks or human error.

Coincover raises $30M to help protect digital assets from hacks and human error by Jacquelyn Melinek originally published on TechCrunch

Read More
Hackers send fake emails to government agencies and departments on behalf of NTISB
Hackers send fake emails to government agencies and departments on behalf of NTISB

The National Telecommunication & Information Technology Security Board (NTISB) has become the latest victim of cyberattacks. The attack in question involved fake emails sent to government agencies and departments. The emails appeared to have been set from NTISB. Hackers send fake emails on behalf of NTISB The Cabinet Division issued an advisory on this matter, … Continue reading Hackers send fake emails to government agencies and departments on behalf of NTISB

The post Hackers send fake emails to government agencies and departments on behalf of NTISB appeared first on KoDDoS Blog.

Read More
Hackers publish data stolen from US network infrastructure firm CommScope
Hackers publish data stolen from US network infrastructure firm CommScope

Hackers have published data stolen from CommScope, one of the largest network infrastructure companies in the United States. The data stolen from the organization includes thousands of employee social security numbers and bank account details. Hackers publish data stolen from CommScope CommScope is a network infrastructure company based in North Carolina. The company is responsible … Continue reading Hackers publish data stolen from US network infrastructure firm CommScope

The post Hackers publish data stolen from US network infrastructure firm CommScope appeared first on KoDDoS Blog.

Read More
World of Warcraft and other Blizzard games inaccessible after a DDoS attack
World of Warcraft and other Blizzard games inaccessible after a DDoS attack

Distributed denial-of-service (DDoS) attacks have been on the rise over the past few years. The gaming industry has not been spared from these attacks. Players could not access World of Warcraft and other libraries of games by Blizzard Games. However, the company has since said it averted the attack and was back online. Blizzard Games … Continue reading World of Warcraft and other Blizzard games inaccessible after a DDoS attack

The post World of Warcraft and other Blizzard games inaccessible after a DDoS attack appeared first on KoDDoS Blog.

Read More
DeFi lending platform Hundred Finance commences investigations into a $7M exploit
DeFi lending platform Hundred Finance commences investigations into a $7M exploit

Hundred Finance, a multi-chain lending protocol, has revealed that it lost around $7 million after being exploited on Optimism, an Ethereum layer-2 blockchain. The protocol said that it contacted the hacker after this hack to find an amicable solution. Hundred Finance loses $7M after hack The team at the multi-chain lending protocol said that it … Continue reading DeFi lending platform Hundred Finance commences investigations into a $7M exploit

The post DeFi lending platform Hundred Finance commences investigations into a $7M exploit appeared first on KoDDoS Blog.

Read More
Hackers behind the Western Digital breach claim to have access to 10TB of data
Hackers behind the Western Digital breach claim to have access to 10TB of data

The threat actors linked to a data breach against the Western Digital data storage company have claimed access to 10 terabytes of data belonging to the company. The data in question includes customer information. The hackers are demanding a ransom not to release the stolen data. Western Digital hackers claim to steal massive volumes of … Continue reading Hackers behind the Western Digital breach claim to have access to 10TB of data

The post Hackers behind the Western Digital breach claim to have access to 10TB of data appeared first on KoDDoS Blog.

Read More
DeFi protocol Yearn Finance exploited with over $11M stolen
DeFi protocol Yearn Finance exploited with over $11M stolen

Yearn.finance was the latest victim of a hack in the decentralized finance (DeFi) sector. The hack enabled the threat actor to mint more than 1 quadrillion Yearn Tether (yUSDT) from $10,000 USDT. The hack was reported by blockchain security firm, PeckShield. Hacker exploits Yearn.finance contract to mint yUSDT     PeckShield issued an alert on this exploit … Continue reading DeFi protocol Yearn Finance exploited with over $11M stolen

The post DeFi protocol Yearn Finance exploited with over $11M stolen appeared first on KoDDoS Blog.

Read More
KillNet hacking group claims to be behind multiple DDoS attacks against NATO
KillNet hacking group claims to be behind multiple DDoS attacks against NATO

KillNet, a Russian hacktivist group, has said it is responsible for multiple Distributed Denial of Service (DDoS) attacks targeting NATO cyber infrastructure. The hacking group has also said that hackers breached its security systems and stole data. KillNet targets NATO in DDoS exploits The KillNet hacking group claims it conducted multiple cybersecurity attacks that affected … Continue reading KillNet hacking group claims to be behind multiple DDoS attacks against NATO

The post KillNet hacking group claims to be behind multiple DDoS attacks against NATO appeared first on KoDDoS Blog.

Read More
Ukraine’s Cyber Resistance group says it hacked a Russian spy indicted by the FBI
Ukraine’s Cyber Resistance group says it hacked a Russian spy indicted by the FBI

Hackers based in Ukraine have claimed to obtain unauthorized access to the emails of a senior spy in the Russian military. The Federal Bureau of Investigations currently wants the spy for compromising the Hillary Clinton campaign and infiltrating the accounts of other top US Democrats. Ukrainian hackers compromise Russian spy behind 2016 Democrats hack The … Continue reading Ukraine’s Cyber Resistance group says it hacked a Russian spy indicted by the FBI

The post Ukraine’s Cyber Resistance group says it hacked a Russian spy indicted by the FBI appeared first on KoDDoS Blog.

Read More
Hackers are using a dark web tool to access cars’ communication system
Hackers are using a dark web tool to access cars’ communication system

The world of technology is in constant war with cybercriminals, who keep finding new ways to misuse some of the most impressive technological achievements. Now that communication systems are a major part of modern cars, hackers have also started targeting vehicles. Of course, security researchers and car manufacturers are constantly trying to improve the security … Continue reading Hackers are using a dark web tool to access cars’ communication system

The post Hackers are using a dark web tool to access cars’ communication system appeared first on KoDDoS Blog.

Read More
OpenAI launched a bug bounty program that offers up to $20k for security flaws in ChatGPT
OpenAI launched a bug bounty program that offers up to $20k for security flaws in ChatGPT

ChatGPT, a new chatbot created by OpenAI, impressed the world with its advanced and capable capabilities. Recent reports have suggested that it is capable of passing law school exams with a score among the top 10%. However, OpenAI wishes to eliminate any potential security vulnerabilities, so it started a new bug bounty program yesterday, April … Continue reading OpenAI launched a bug bounty program that offers up to $20k for security flaws in ChatGPT

The post OpenAI launched a bug bounty program that offers up to $20k for security flaws in ChatGPT appeared first on KoDDoS Blog.

Read More
US charges three men with six million dollar business email compromise plot
US charges three men with six million dollar business email compromise plot

Three Nigerian nationals face charges in a US federal court related to a business email compromise (BEC) scam that is said to have stolen more than US $6 million from victims. 29-year-old Kosi Goodness Simon-Ebo was extradited from Canada to the United States earlier this month, according to a Department of Justice press release, and will appear before a federal court on Friday. Two of Simon-Ebo's alleged conspirators, James Junior Aliyu, 28, and 31-year-old Henry Onyedikachi Echefu. Aliyu, who is also known as "Old Soldier" or "Ghost", and Echefu were arrested in South Africa, from where the...

Read More
FTC accuses payments firm of knowingly assisting tech support scammers
FTC accuses payments firm of knowingly assisting tech support scammers

Multinational payment processing firm Nexway has been rapped across the knuckles by the US authorities, who claim that the firm knowingly processed fraudulent credit card payments on behalf of tech support scammers. A Federal Trade Commission (FTC) complaint argues that Nexway and its subsidiaries broke the law by helping scammers cheat money from unsuspecting consumers. Victims were tricked into believing that their computer was malware-infected and that the scammer (often pretending to be a Microsoft support technician) would help them fix it. According to the FTC, Nexway is guilty of...

Read More
Electrical Grid Security: NERC CIP, Cyber Threats and Key Challenges
Electrical Grid Security: NERC CIP, Cyber Threats and Key Challenges

Electrical grid security has been getting a lot of attention recently. It started fairly quietly, and then when it was a featured story on a news program, it rose to the top of the collective consciousness. However, the news stories that followed were focused entirely on the physical vulnerabilities of the US power grids. Few, if any stories covered the cybersecurity angle of securing the grids. The physical grid machinery has remained woefully unprotected against attack. The physical power generating infrastructure of several power companies has been attacked in the United States just this...

Read More
EPA Has ‘New Rules’ for Protecting Public Drinking Water
EPA Has ‘New Rules’ for Protecting Public Drinking Water

The EPA isn't mincing words when it comes to protecting public drinking water. Earlier this month they released a memorandum putting specifics into the general advice to maintain cybersecurity at public water systems (PWSs). Per the report, “[The] EPA clarifies with this memorandum that states must evaluate the cybersecurity of operational technology used by a PWS when conducting PWS sanitary surveys.” That’s pretty straightforward. Operational Technology (OT) has always been a thorn in the side of industrial complexes, especially as digitization has inspired many to improve with IoT...

Read More
A Day in the Life of a SOC Team
A Day in the Life of a SOC Team

This piece was originally published on Fortra’s AlertLogic.com Blog. Managed detection and response (MDR) would be nothing without a SOC (security operations center). They’re on the frontline of our clients’ defenses — a living, breathing layer of intelligence and protection to complement our automated cybersecurity features. These are the people who make our MDR services best in class so dependable. It’s time you met them. With our new webinar series, Inside Alert Logic’s SOC, we’ve begun to pull back the curtain on how a SOC operates, how we work and what those methods mean for your...

Read More
Fortra: Your Cybersecurity Ally
Fortra: Your Cybersecurity Ally

It was just a short time ago that Fortra came into being, as the new face of HelpSystems. Fortra is a company that combines a group of cybersecurity products and services into one portfolio. As with all acquisitions, many customers wondered what benefits this would bring to the Tripwire product line. We took the opportunity to speak with Fortra’s Principal Evangelist, Antonio Sanchez, who sheds light on how this acquisition delivers more value to all of our customers. Antonio also spoke with us about some industry trends including cybersecurity insurance, third party supplier risk, and the...

Read More
What Is Microsegmentation and 5 Compelling Security Use Cases
What Is Microsegmentation and 5 Compelling Security Use Cases

What Is Microsegmentation? Microsegmentation is a security technique that partitions a network into small, isolated sections to reduce the attack surface and reduce an organizations risk. Each microsegment is typically defined by specific security policies, accessible only to authorized users and devices. Microsegmentation is often seen as a more effective security strategy than traditional network segmentation because it can significantly limit the ability of attackers to move laterally across a network and access sensitive data or systems. Additionally, microsegmentation can help...

Read More
Cybersecurity in the Energy Sector: Risks and Mitigation Strategies
Cybersecurity in the Energy Sector: Risks and Mitigation Strategies

The demand for cybersecurity in the energy sector is often understated. There is a misconception that very little IT is involved, and much of it does not impact operations. But 97% of surveyed ICS security professionals in the energy, oil, and gas sector believe cybersecurity is a growing concern. No industry has been untouched by digital transformation. With the Industrial Internet of Things (IoT), and Artificial Intelligence (AI) powering more sophisticated forms of automation, the use of cyber-physical systems will only grow. Even if you don’t feel that cybersecurity posture is a pressing...

Read More
Microsoft warns accounting firms of targeted attacks as Tax Day approaches
Microsoft warns accounting firms of targeted attacks as Tax Day approaches

Accountants are being warned to be on their guard from malicious hackers, as cybercriminals exploit the rush to prepare tax returns for clients before the deadline of US Tax Day. US Tax Day, which falls on Tuesday April 18 this year, is the day on which income tax returns for individuals are due to be submitted to the government. Inevitably it's a busy time for accounting firms and bookkeepers who are feverishly collecting necessary documents from their clients. And, according to a warning from Microsoft, cybercriminals have also been busy - taking advantage are taking advantage of the...

Read More
Glamourizing fraudsters hurts victims of fraud, and society
Glamourizing fraudsters hurts victims of fraud, and society

We seem to be fascinated by fraudsters, and recent documentaries prove this. The documentary landscape is populated with many fraud-centered stories, such as The Tinder Swindler, Fyre, The Con, Fake Heiress, The Inventor, and many others. Some have even been made into series, such as the story of Elisabeth Holmes in The Dropout, and the story of Anna Delvey in Inventing Anna. We just can’t get enough of it, and who can blame us? These stories are fascinating, entertaining, and engaging. We want to know how these fraudsters achieved their deceptive goals, and how they managed to fool so many...

Read More
Accidental ‘write’ Permissions In Alibaba PostgreSQL Let Attackers Access Sensitive Data
Accidental ‘write’ Permissions In Alibaba PostgreSQL Let Attackers Access Sensitive Data

Two new critical flaws have been found in Alibaba Cloud’s popular services, ApsaraDB and AnalyticDB. Both of them were in support of PostgreSQL. Wiz security research team has termed this vulnerability as #BrokenSesame.  One of these vulnerabilities performs Supply-Chain attacks on the database services leading to an RCE. Another was potential unauthorized access to Alibaba’s […]

The post Accidental ‘write’ Permissions In Alibaba PostgreSQL Let Attackers Access Sensitive Data appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
AuKill – A Malware That Kills EDR Clients To Attack Windows Systems
AuKill – A Malware That Kills EDR Clients To Attack Windows Systems

A new hacking tool, AuKill, disables Endpoint Detection & Response (EDR) software for threat actors to launch BYOD attacks by deploying backdoors and ransomware on targeted systems. Sophos researchers witnessed the usage of AuKill in two incidents where an adversary first deployed Medusa Locker ransomware and another instance where the attacker installed LockBit ransomware after […]

The post AuKill – A Malware That Kills EDR Clients To Attack Windows Systems appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
ICICI Bank Data Leak – Millions of Customers’ Sensitive Data Exposed
ICICI Bank Data Leak – Millions of Customers’ Sensitive Data Exposed

Researchers have recently found that the ICICI Bank systems misconfiguration caused data leakage, exposing more than 3.6 million customers’ sensitive data. ICICI Bank, a multinational Indian bank, operates in 15+ countries worldwide and boasts a market value exceeding $76 billion with 5,000+ branches across India. The Indian government declared ICICI Bank’s resources as “critical information […]

The post ICICI Bank Data Leak – Millions of Customers’ Sensitive Data Exposed appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
Operation DreamJob – New Linux Malware Linked With 3CX Supply-Chain Attack
Operation DreamJob – New Linux Malware Linked With 3CX Supply-Chain Attack

ESET researchers have recently discovered that Linux users targeted with malware in the new “Operation DreamJob” Lazarus campaign for the first time. The group behind DreamJob deploys social engineering tactics with the guise of fake job offers as lures to compromise its targets. Experts could reconstruct the complete sequence by tracing the chain from a […]

The post Operation DreamJob – New Linux Malware Linked With 3CX Supply-Chain Attack appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
Russian APT28 Group Exploiting Vulnerabilities in Cisco Routers
Russian APT28 Group Exploiting Vulnerabilities in Cisco Routers

A recent report from CISA (US Cybersecurity and Infrastructure Security Agency)  revealed that the APT 28 group was responsible for exploiting Cisco routers with poor maintenance using CVE-2017-6742.  CVE-2017-6742 Attack:  Reconnaissance with RCE in Cisco SNMP (Simple Network Management Protocol) is a networking protocol used by network administrators for monitoring and configuring devices remotely. From […]

The post Russian APT28 Group Exploiting Vulnerabilities in Cisco Routers appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
New Google Chrome Zero-Day Bug Actively Exploited in Wide – Emergency Update!
New Google Chrome Zero-Day Bug Actively Exploited in Wide – Emergency Update!

On April 18, 2023, Google released a new update for Chrome Desktop versions with security updates for actively exploited second Chrome zero-day vulnerability that allows attackers to execute an arbitrary code to take complete control of the system remotely. CVE-2023-2136 is an integer overflow bug that threat actors have now exploited in the wild. Google […]

The post New Google Chrome Zero-Day Bug Actively Exploited in Wide – Emergency Update! appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
3 iOS Zero-Click Exploits Exploited by NSO Group to Deploy Spyware
3 iOS Zero-Click Exploits Exploited by NSO Group to Deploy Spyware

In 2022, NSO Group, the Israeli firm notorious for its spyware technology, reemerged with a slew of zero-click exploit chains designed for iOS 15 and iOS 16.  These sophisticated chains of exploits, targeted at iPhones and iPads, were deployed against human rights activists in Mexico and worldwide. In a recent press release, Citizen Lab published […]

The post 3 iOS Zero-Click Exploits Exploited by NSO Group to Deploy Spyware appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
Ex-Conti and FIN7 Hackers Team Up To Develop Domino Backdoor Malware
Ex-Conti and FIN7 Hackers Team Up To Develop Domino Backdoor Malware

The X-Force team at IBM has recently found a new malware family known as “Domino,” made by ITG14, aka FIN7, a notorious group of cyber criminals. ITG23, a Trickbot/Conti gang monitored by X-Force, has been deploying the newly discovered malware, “Domino,” since February 2023. The former members of this group have been using it to […]

The post Ex-Conti and FIN7 Hackers Team Up To Develop Domino Backdoor Malware appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
ChatGPT Account Takeover Bug Allows Hackers To Gain User’s Online Account
ChatGPT Account Takeover Bug Allows Hackers To Gain User’s Online Account

An independent security analyst and bug hunter, Nagli (@naglinagli), recently uncovered a critical security vulnerability in ChatGPT that allow attackers to easily exploit the vulnerability and gain complete control of any ChatGPT user’s account.  ChatGPT has become extensively used by users worldwide, reaching more than 100 million in just two months of its public release. […]

The post ChatGPT Account Takeover Bug Allows Hackers To Gain User’s Online Account appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
Used Routers Fully Loaded With Corporate Secrets for Just $100
Used Routers Fully Loaded With Corporate Secrets for Just $100

Researchers at ESET found that hardware on resale in the market consisted of highly confidential information such as IPsec or VPN credentials, hashed root passwords, and much more. Second-Hand sales of computing equipment have been in place ever since the introduction of computers and their hardware parts. Every company relies on its managed service providers […]

The post Used Routers Fully Loaded With Corporate Secrets for Just $100 appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
MIT and Stanford researchers develop operating system with one major promise: Resisting ransomware
MIT and Stanford researchers develop operating system with one major promise: Resisting ransomware

Computer science researchers at MIT and Stanford are developing an operating system with built-in cybersecurity defenses.

The post MIT and Stanford researchers develop operating system with one major promise: Resisting ransomware appeared first on CyberScoop.

Read More
Modified X_Trader software led to compromise of two critical infrastructure targets, Symantec says
Modified X_Trader software led to compromise of two critical infrastructure targets, Symantec says

Two targets in the energy sector are among the victims of a supply chain attack that is linked to North Korea and with a growing list of victims.

The post Modified X_Trader software led to compromise of two critical infrastructure targets, Symantec says appeared first on CyberScoop.

Read More
Homeland Security chief Mayorkas announces 90-day China sprint and AI task force
Homeland Security chief Mayorkas announces 90-day China sprint and AI task force

The secretary of homeland security warned that China, AI, and cyber pose some of the biggest threats to the United States.

The post Homeland Security chief Mayorkas announces 90-day China sprint and AI task force appeared first on CyberScoop.

Read More
Biden administration wants to avoid 5G mistakes in race to beat China on 6G
Biden administration wants to avoid 5G mistakes in race to beat China on 6G

The White House seeks to shape next-generation telecommunications standards and technology before falling behind to Beijing.

The post Biden administration wants to avoid 5G mistakes in race to beat China on 6G appeared first on CyberScoop.

Read More
3CX supply chain attack was the result of a previous supply chain attack, Mandiant says
3CX supply chain attack was the result of a previous supply chain attack, Mandiant says

The incident is the first known case of one supply chain attack leading to a second supply chain attack.

The post 3CX supply chain attack was the result of a previous supply chain attack, Mandiant says appeared first on CyberScoop.

Read More
Experts say Congress should do more to keep data brokers from exposing Americans’ private information
Experts say Congress should do more to keep data brokers from exposing Americans’ private information

Lawmakers also raised concerns about how data brokers sell Americans' health data, including mental health and reproductive information.

The post Experts say Congress should do more to keep data brokers from exposing Americans’ private information appeared first on CyberScoop.

Read More
Russia’s digital warriors adapt to support the war effort in Ukraine, Google threat researchers say
Russia’s digital warriors adapt to support the war effort in Ukraine, Google threat researchers say

Russian hacking operations in support of intelligence gathering and information operations related to the war show no signs of slowing down.

The post Russia’s digital warriors adapt to support the war effort in Ukraine, Google threat researchers say appeared first on CyberScoop.

Read More
Misconfiguration leaves thousands of servers vulnerable to attack, researchers find
Misconfiguration leaves thousands of servers vulnerable to attack, researchers find

Simple mistakes and configuration errors is still a major cybersecurity issue, according to security firm Censys.

The post Misconfiguration leaves thousands of servers vulnerable to attack, researchers find appeared first on CyberScoop.

Read More
Ransomware group behind Oakland attack strengthens capabilities with new tools, researchers say
Ransomware group behind Oakland attack strengthens capabilities with new tools, researchers say

The group known as PLAY is using custom tools researchers say allow it to be faster and more efficient when carrying out ransomware attacks.

The post Ransomware group behind Oakland attack strengthens capabilities with new tools, researchers say appeared first on CyberScoop.

Read More
Four Americans and two Russians conspired to sway elections, influence politics, Justice Department says
Four Americans and two Russians conspired to sway elections, influence politics, Justice Department says

The DOJ unsealed new indictments on Tuesday that allege a years-long conspiracy to interfere in elections and weaponize information.

The post Four Americans and two Russians conspired to sway elections, influence politics, Justice Department says appeared first on CyberScoop.

Read More
American Bar Association (ABA) suffered a data breach,1.4 million members impacted
American Bar Association (ABA) suffered a data breach,1.4 million members impacted

The American Bar Association (ABA) disclosed a data breach, threat actors gained access to older credentials for 1,466,000 members. The American Bar Association (ABA) is a voluntary bar association of lawyers and law students; it is not specific to any jurisdiction in the United States. The ABA has 166,000 members as of 2022. The attackers may have […]

The post American Bar Association (ABA) suffered a data breach,1.4 million members impacted appeared first on Security Affairs.

Read More
Pro-Russia hackers launched a massive attack against the EUROCONTROL agency
Pro-Russia hackers launched a massive attack against the EUROCONTROL agency

Pro-Russia hackers KillNet launched a massive DDoS attack against Europe’s air-traffic agency EUROCONTROL. Europe’s air-traffic control agency EUROCONTROL announced that it was under attack from pro-Russian hackers. The European Organisation for the Safety of Air Navigation pointed out that the attack had no impact on European air traffic control activities. “Since 19 April, the EUROCONTROL […]

The post Pro-Russia hackers launched a massive attack against the EUROCONTROL agency appeared first on Security Affairs.

Read More
Cisco fixed critical flaws in the Industrial Network Director and Modeling Labs solutions
Cisco fixed critical flaws in the Industrial Network Director and Modeling Labs solutions

Cisco released security updates to address critical security flaws in its Industrial Network Director and Modeling Labs solutions. Cisco released security updates to address critical security vulnerabilities in the Industrial Network Director and Modeling Labs solutions. An attacker can exploit these vulnerabilities to inject arbitrary operating system commands or access sensitive data. One of the […]

The post Cisco fixed critical flaws in the Industrial Network Director and Modeling Labs solutions appeared first on Security Affairs.

Read More
Intro to phishing: simulating attacks to build resiliency
Intro to phishing: simulating attacks to build resiliency

Phishing attacks are a major threat to organizations, they remain a perennial choice of cybercriminals when it comes to hacking their victims. Original post at https://cybernews.com/security/phishing-intro-to-build-resiliency/ While organizations must still account for flashy vulnerability exploitations, denial-of-service campaigns, or movie-themed cyber-heists, phishing-based social engineering attacks remain a perennial choice of cybercriminals when it comes to hacking […]

The post Intro to phishing: simulating attacks to build resiliency appeared first on Security Affairs.

Read More
Multinational ICICI Bank leaks passports and credit card numbers
Multinational ICICI Bank leaks passports and credit card numbers

ICICI Bank leaked millions of records with sensitive data, including financial information and personal documents of the bank’s clients. In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national […]

The post Multinational ICICI Bank leaks passports and credit card numbers appeared first on Security Affairs.

Read More
VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root
VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root

VMware fixed two severe flaws, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product. The virtualization giant VMware released security updates to address two critical vulnerabilities, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product (formerly vRealize Log Insight). The vulnerability CVE-2023-20864 (CVSSv3 base score of 9.8) […]

The post VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root appeared first on Security Affairs.

Read More
Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack
Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped) that employed Linux malware. The threat actors were observed using social engineering techniques to compromise its targets, with fake job offers […]

The post Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack appeared first on Security Affairs.

Read More
Experts disclosed two critical flaws in Alibaba cloud database services
Experts disclosed two critical flaws in Alibaba cloud database services

Researchers disclosed two critical flaws in Alibaba Cloud’s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL. Researchers from cloud security firm Wiz discovered two critical flaws, collectively dubbed BrokenSesame, in Alibaba Cloud’s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL. ApsaraDB RDS is a managed database hosting service, meanwhile, AnalyticDB for PostgreSQL is a managed […]

The post Experts disclosed two critical flaws in Alibaba cloud database services appeared first on Security Affairs.

Read More
Google TAG warns of Russia-linked APT groups targeting Ukraine
Google TAG warns of Russia-linked APT groups targeting Ukraine

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG). In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing […]

The post Google TAG warns of Russia-linked APT groups targeting Ukraine appeared first on Security Affairs.

Read More
Trigona Ransomware targets Microsoft SQL servers
Trigona Ransomware targets Microsoft SQL servers

Threat actors are hacking poorly secured and Interned-exposed Microsoft SQL servers to deploy the Trigona ransomware. Threat actors are hacking into poorly secured and public-facing Microsoft SQL servers to deploy Trigona ransomware. Trigona is a malware strain that was discovered in October 2022, and Palo Alto Unit 42 researchers reported similarities between Trigona and the […]

The post Trigona Ransomware targets Microsoft SQL servers appeared first on Security Affairs.

Read More