' Cybersecurity News

About This Website

Welcome to our cybersecurity news aggregator! This website gathers news articles from over 60 sources, providing you with a comprehensive and up-to-date overview of the latest happenings in the world of cybersecurity.

We utilize RSS feeds to collect the news, ensuring a streamlined and efficient process. This enables you to stay informed and access a wide variety of perspectives and insights in one convenient location.

Dive into the latest cybersecurity stories and explore the wealth of knowledge available, all in one place.

Cybersecurity News

‘Snatch’ Ransom Group Exposes Visitor IP Addresses
‘Snatch’ Ransom Group Exposes Visitor IP Addresses

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord.

Read More
LastPass: ‘Horse Gone Barn Bolted’ is Strong Password
LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Read More
Who’s Behind the 8Base Ransomware Website?
Who’s Behind the 8Base Ransomware Website?

The victim shaming website operated by the cybercriminals behind 8Base -- currently one of the more active ransomware groups -- was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website's code was written by a 36-year-old programmer residing in the capital city of Moldova.

Read More
FBI Hacker Dropped Stolen Airbus Data on 9/11
FBI Hacker Dropped Stolen Airbus Data on 9/11

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle "USDoD" had infiltrated the FBI's vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors.

Read More
Adobe, Apple, Google & Microsoft Patch 0-Day Bugs
Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.

Read More
Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

Read More
Why is .US Being Used to Phish So Many of Us?
Why is .US Being Used to Phish So Many of Us?

Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.

Read More
U.S. Hacks QakBot, Quietly Removes Botnet Infections
U.S. Hacks QakBot, Quietly Removes Botnet Infections

The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet's online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computer systems.

Read More
Kroll Employee SIM-Swapped for Crypto Investor Data
Kroll Employee SIM-Swapped for Crypto Investor Data

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks. Cryptocurrency lender BlockFi and the now-collapsed crypto trading platform FTX each disclosed data breaches this week thanks to a recent SIM-swapping attack targeting an employee of Kroll -- the company handling both firms' bankruptcy restructuring.

Read More
Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.
Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

In large metropolitan areas, tourists are often easy to spot because they're far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.

Read More
Critical Vulnerability in libwebp Library
Critical Vulnerability in libwebp Library

Both Apple and Google have recently reported critical vulnerabilities in their systems—iOS and Chrome, respectively—that are ultimately the result of the same vulnerability in the libwebp library:

On Thursday, researchers from security firm Rezillion published evidence that they said made it “highly likely” both indeed stemmed from the same bug, specifically in libwebp, the code library that apps, operating systems, and other code libraries incorporate to process WebP images.

Rather than Apple, Google, and Citizen Lab coordinating and accurately reporting the common origin of the vulnerability, they chose to use a separate CVE designation, the researchers said. The researchers concluded that “millions of different applications” would remain vulnerable until they, too, incorporated the libwebp fix. That, in turn, they said, was preventing automated systems that developers use to track known vulnerabilities in their offerings from detecting a critical vulnerability that’s under active exploitation...

Read More
Signal Will Leave the UK Rather Than Add a Backdoor
Signal Will Leave the UK Rather Than Add a Backdoor

Totally expected, but still good to hear:

Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country’s recently passed Online Safety Bill forced Signal to build “backdoors” into its end-to-end encryption.

“We would leave the U.K. or any jurisdiction if it came down to the choice between backdooring our encryption and betraying the people who count on us for privacy, or leaving,” Whittaker said. “And that’s never not true.”...

Read More
Friday Squid Blogging: New Squid Species
Friday Squid Blogging: New Squid Species

An ancient squid:

New research on fossils has revealed that a vampire-like ancient squid haunted Earth’s oceans 165 million years ago. The study, published in June edition of the journal Papers in Palaeontology, says the creature had a bullet-shaped body with luminous organs, eight arms and sucker attachments. The discovery was made by scientists in France, who used modern imaging technique to analyse the previously discovered fossils. The ancient squid has been named Vampyrofugiens atramentum, which stands for the “fleeing vampire”. The researchers said that these features have never been recorded before...

Read More
New Revelations from the Snowden Documents
New Revelations from the Snowden Documents

Jake Appelbaum’s PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits.

Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything else.

And it’s unclear who has those archives anymore. According to Appelbaum, The Intercept destroyed their copy.

I recently published an essay about my experiences ten years ago.

Read More
On the Cybersecurity Jobs Shortage
On the Cybersecurity Jobs Shortage

In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage:

Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those positions in the U.S. Industry efforts to source new talent and tackle burnout continues, but we predict that the disparity between demand and supply will remain through at least 2025.

The numbers never made sense to me, and Ben Rothke has dug in and ...

Read More
Detecting AI-Generated Text
Detecting AI-Generated Text

There are no reliable ways to distinguish text written by a human from text written by an large language model. OpenAI writes:

Do AI detectors work?

  • In short, no. While some (including OpenAI) have released tools that purport to detect AI-generated content, none of these have proven to reliably distinguish between AI-generated and human-generated content.
  • Additionally, ChatGPT has no “knowledge” of what content could be AI-generated. It will sometimes make up responses to questions like “did you write this [essay]?” or “could this have been written by AI?” These responses are random and have no basis in fact. ...

Read More
Using Hacked LastPass Keys to Steal Cryptocurrency
Using Hacked LastPass Keys to Steal Cryptocurrency

Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users?

Well, they’re now using that data break into crypto wallets and drain them: $35 million and counting, all going into a single wallet.

That’s a really profitable hack. (It’s also bad opsec. The hackers need to move and launder all that money quickly.)

Look, I know that online password databases are more convenient. But they’re also risky. This is why my Password Safe...

Read More
Friday Squid Blogging: Cleaning Squid
Friday Squid Blogging: Cleaning Squid

Two links on how to properly clean squid.

I learned a few years ago, in Spain, and got pretty good at it.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Read More
LLM Summary of My Book Beyond Fear
LLM Summary of My Book Beyond Fear

Claude (Anthropic’s LLM) was given this prompt: Please summarize the themes and arguments of Bruce Schneier’s book Beyond Fear. I’m particularly interested in a taxonomy of his ethical arguments—please expand on that. Then lay out the most salient criticisms of the book.

Claude’s reply:

Here’s a brief summary of the key themes and arguments made in security expert Bruce Schneier’s book Beyond Fear: Thinking Sensibly About Security in an Uncertain World:

Central Themes:

  • Effective security requires realistic risk assessment, not fear-driven responses. We need to rationally determine actual threats versus perceived ones. ...

Read More
On Technologies for Automatic Facial Recognition
On Technologies for Automatic Facial Recognition

Interesting article on technologies that will automatically identify people:

With technology like that on Mr. Leyvand’s head, Facebook could prevent users from ever forgetting a colleague’s name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at a crowded conference. However, six years later, the company now known as Meta has not released a version of that product and Mr. Leyvand has departed for Apple to work on its Vision Pro augmented reality glasses.

The technology is here. Maybe the implementation is still dorky, but that will change. The social implications will be enormous...

Read More
People Still Matter in Cybersecurity Management
People Still Matter in Cybersecurity Management

Cybersecurity's constant stream of shiny new things shouldn't distract managers from their focus on the people they're protecting.

Read More
Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files
Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files

Images purporting to be of the Armenia and Azerbaijan conflict were malware downloaders in disguise.

Read More
QR Code 101: What the Threats Look Like
QR Code 101: What the Threats Look Like

Because QR codes can be used for phishing as easily as an email or text can, organizations must remain vigilant when dealing with them.

Read More
Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain
Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain

CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.

Read More
Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits
Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits

So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.

Read More
New Cisco IOS Zero-Day Delivers a Double Punch
New Cisco IOS Zero-Day Delivers a Double Punch

The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack.

Read More
Johnson Controls International Disrupted by Major Cyberattack
Johnson Controls International Disrupted by Major Cyberattack

The company filed with the SEC and is assessing its operations and financial damages.

Read More
Q&A: UK Ambassador on Creating New Cybersecurity Agencies Around the World
Q&A: UK Ambassador on Creating New Cybersecurity Agencies Around the World

How the UK is assisting other nations in forming their own versions of a National Centre for Cybersecurity (NCSC).

Read More
Novel ZenRAT Scurries Onto Systems via Fake Password Manager Tool
Novel ZenRAT Scurries Onto Systems via Fake Password Manager Tool

Attackers exclusively target Windows users with an impersonation website that distributes information-stealing malware.

Read More
Looking Beyond the Hype Cycle of AI/ML in Cybersecurity
Looking Beyond the Hype Cycle of AI/ML in Cybersecurity

Artificial intelligence and machine learning aren't yet delivering on their cybersecurity promises. How can we close the gaps?

Read More
7 Ways SMBs Can Secure Their WordPress Sites
7 Ways SMBs Can Secure Their WordPress Sites

This Tech Tip outlines seven easy fixes that small and midsize businesses can use to prevent the seven most common WordPress vulnerabilities.

Read More
4 Legal Surprises You May Encounter After a Cybersecurity Incident
4 Legal Surprises You May Encounter After a Cybersecurity Incident

Many organizations are not prepared to respond to all the constituencies that come knocking after a breach or ransomware incident.

Read More
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation

Armed with stolen developer passcodes, attackers have checked in changes to repositories under the automation feature's name in an attempt to escape notice.

Read More
CAPTCHAs Easy for Humans, Hard for Bots
CAPTCHAs Easy for Humans, Hard for Bots

Proton is aiming for the sweet spot between security, privacy, and accessibility with its CAPTCHA.

Read More
A Preview of Windows 11's Passkeys Support
A Preview of Windows 11's Passkeys Support

The latest update to Windows 11 introduces support for passkeys, which provide phishing-resistant passwordless authentication.

Read More
Radiant Logic Announces Expanded Identity Analytics and Data Management Platform Capabilities
Radiant Logic Announces Expanded Identity Analytics and Data Management Platform Capabilities

Read More
Fortinet Announces Formation of Veterans Program Advisory Council to Narrow the Cybersecurity Skills Gap With Military Veteran Talent
Fortinet Announces Formation of Veterans Program Advisory Council to Narrow the Cybersecurity Skills Gap With Military Veteran Talent

Read More
Netscout Identified Nearly 7.9M DDOS Attacks in the First Half of 2023
Netscout Identified Nearly 7.9M DDOS Attacks in the First Half of 2023

Read More
Researchers Release Details of New RCE Exploit Chain for SharePoint
Researchers Release Details of New RCE Exploit Chain for SharePoint

One of the already-patched flaws enables elevation of privilege, while the other enables remote code execution.

Read More
China APT Cracks Cisco Firmware in Attacks Against the US and Japan
China APT Cracks Cisco Firmware in Attacks Against the US and Japan

Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance.

Read More
Will Government Secure Open Source or Muck It Up?
Will Government Secure Open Source or Muck It Up?

The US government aims to support open source projects, while the European Union seeks to make open source projects liable for their software. Which approach will lead to more security?

Read More
Microsoft Adds Passkeys to Windows 11
Microsoft Adds Passkeys to Windows 11

It's the latest step in the gradual shift away from traditional passwords.

Read More
Threat Data Feeds and Threat Intelligence Are Not the Same Thing
Threat Data Feeds and Threat Intelligence Are Not the Same Thing

It's important to know the difference between the two terms. Here's why.

Read More
Hackers Trick Outlook Into Showing Fake AV Scans
Hackers Trick Outlook Into Showing Fake AV Scans

Researchers spot attackers using an existing phishing obfuscation tactic in order to better ensure recipients fall for their scam.

Read More
Kenyan Financial Firm Fined for Mishandling Data
Kenyan Financial Firm Fined for Mishandling Data

Kenyan data protection regulator issues monetary penalties to multiple firms for improper handling of personal data.

Read More
How the Okta Cross-Tenant Impersonation Attacks Succeeded
How the Okta Cross-Tenant Impersonation Attacks Succeeded

Sophisticated attacks on MGM and Caesars underscore the reality that even robust identity and access management may not be enough to protect you.

Read More
Research From IANS and Artico Search Reveals Cybersecurity Budgets Increased Just 6% for 2022-2023 Cycle
Research From IANS and Artico Search Reveals Cybersecurity Budgets Increased Just 6% for 2022-2023 Cycle

Read More
Cyemptive Technologies Expands Operations in the Middle East and the Americas
Cyemptive Technologies Expands Operations in the Middle East and the Americas

Read More
Catalyte Leverages Google Career Certificates to Expand Cybersecurity Apprenticeship Opportunities
Catalyte Leverages Google Career Certificates to Expand Cybersecurity Apprenticeship Opportunities

Read More
Suspicious New Ransomware Group Claims Sony Hack
Suspicious New Ransomware Group Claims Sony Hack

A deceitful threat actor claims its biggest haul yet. But what, if any, Sony data does it actually have?

Read More
Researchers Uncover RaaS Affiliate Distributing Multiple Ransomware Strains
Researchers Uncover RaaS Affiliate Distributing Multiple Ransomware Strains

Ransomware-as-a-service affiliate ShadowSyndicate is unusual for the size of its malicious infrastructure and the fact that it's distributing seven different ransomware strains.

Read More
Delinea Secret Server Introduces MFA Enforcement at Depth to Meet Cyber Insurance Requirements
Delinea Secret Server Introduces MFA Enforcement at Depth to Meet Cyber Insurance Requirements

Read More
Maine Department of Labor to Announce the Launch of University of Maine at Augusta Cybersecurity and IT Registered Apprenticeship Program
Maine Department of Labor to Announce the Launch of University of Maine at Augusta Cybersecurity and IT Registered Apprenticeship Program

Read More
HD Moore's Discovery Journey
HD Moore's Discovery Journey

Metasploit creator's shift into enterprise asset discovery and passive scanning with startup runZero is a natural evolution of his exploratory cyber career.

Read More
4 Pillars for Building a Responsible Cybersecurity Disclosure Program
4 Pillars for Building a Responsible Cybersecurity Disclosure Program

Responsible disclosure must strike a balance between the immediate need to protect users and the broader security implications for the entire community.

Read More
Chad Taps Huawei for Digital Modernization Project
Chad Taps Huawei for Digital Modernization Project

Fiber optic networks and better connectivity for Chad's users are part of the ICT modernization project with the Chinese networking giant.

Read More
Amid MGM, Caesars Incidents, Attackers Focus on Luxury Hotels
Amid MGM, Caesars Incidents, Attackers Focus on Luxury Hotels

A fast-growing cyber campaign solely takes aim at luxury hotel and resort chains, using security-disruptive tactics to spread info-stealing malware.

Read More
Proactive Security: What It Means for Enterprise Security Strategy
Proactive Security: What It Means for Enterprise Security Strategy

Proactive Security holds the elusive promise of helping enterprises finally get ahead of threats, but CISOs must come to grips with the technological and philosophical change that it brings.

Read More
When It Comes to Email Security, the Cloud You Pick Matters
When It Comes to Email Security, the Cloud You Pick Matters

While cloud-based email offers more security than on-premises, insurance firms say it matters whether you use Microsoft 365 or Google Workspace.

Read More
Xenomorph Android Malware Targets Customers of 30 US Banks
Xenomorph Android Malware Targets Customers of 30 US Banks

The Trojan had mainly been infecting banks in Europe since it first surfaced more than one year ago.

Read More
MOVEit Flaw Leads to 900 University Data Breaches
MOVEit Flaw Leads to 900 University Data Breaches

National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.

Read More
UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack
UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack

The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.

Read More
The Hot Seat: CISO Accountability in a New Era of SEC Regulation
The Hot Seat: CISO Accountability in a New Era of SEC Regulation

Updated cybersecurity regulations herald a new era of transparency and accountability in the face of escalating industry vulnerabilities.

Read More
Cyber Hygiene: A First Line of Defense Against Evolving Cyberattacks
Cyber Hygiene: A First Line of Defense Against Evolving Cyberattacks

Back to basics is a good start, but too often security teams don't handle their deployment correctly. Here's how to avoid the common pitfalls.

Read More
Don't Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection
Don't Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection

Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.

Read More
ASPM Is Good, but It's Not a Cure-All for App Security
ASPM Is Good, but It's Not a Cure-All for App Security

What application security posture management does, it does well. But you'll still need to fill in some holes, especially concerning API security.

Read More
Recast Software Acquires Liquit, Consolidating the Endpoint and Application Management Markets
Recast Software Acquires Liquit, Consolidating the Endpoint and Application Management Markets

Read More
ClassLink Provides Cybersecurity Training Course to Help Schools Protect Public Directory Data
ClassLink Provides Cybersecurity Training Course to Help Schools Protect Public Directory Data

Read More
Wing Security Launches Compliance-Grade SaaS Security Solution for Just $1.5K
Wing Security Launches Compliance-Grade SaaS Security Solution for Just $1.5K

Read More
Latest Acquisition Powers AI-based Network Detection and Response and Open XDR Capabilities for WatchGuard
Latest Acquisition Powers AI-based Network Detection and Response and Open XDR Capabilities for WatchGuard

Read More
TikTok API Rules Stymie User Data Analysis
TikTok API Rules Stymie User Data Analysis

Terms of service for API access give TikTok publication review over findings and limit access to critical data on the platform's impact on US users, researchers say.

Read More
Hackers Let Loose on Voting Gear Ahead of US Election Season
Hackers Let Loose on Voting Gear Ahead of US Election Season

Ethical hackers were given voluntary access to digital scanners, ballot markers, and electronic pollbooks, all in the name of making the voting process more resilient to cyber threats.

Read More
Akira Ransomware Mutates to Target Linux Systems
Akira Ransomware Mutates to Target Linux Systems

The newly emerged ransomware actively targets both Windows and Linux systems with a double-extortion approach.

Read More
NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII
NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII

The league is working with more than 100 partners to workshop responses to a host of hypothetical cyberattacks on the upcoming Big Game in Las Vegas.

Read More
Apple Fixes 3 More Zero-Day Vulnerabilities
Apple Fixes 3 More Zero-Day Vulnerabilities

All of the security bugs are under active attacks, but the extent of their exploitation is unknown.

Read More
MGM, Caesars Cyberattack Responses Required Brutal Choices
MGM, Caesars Cyberattack Responses Required Brutal Choices

Tens of millions in losses later, the MGM and Caesars systems are back online following dual cyberattacks by the same threat actor — here's what experts say about their incident responses.

Read More
Bot Swarm: Attacks From Middle East & Africa Are Notably Up
Bot Swarm: Attacks From Middle East & Africa Are Notably Up

Most automated attacks from the regions were against e-commerce and telecommunications organizations.

Read More
Do CISOs Have to Report Security Flaws to the SEC?
Do CISOs Have to Report Security Flaws to the SEC?

The new SEC rules make it seem that there is no need to report the presence of security vulnerabilities, but that doesn't quite tell the full story.

Read More
Guardians of the Cyberverse: Building a Resilient Security Culture
Guardians of the Cyberverse: Building a Resilient Security Culture

Whether achieved through AI-enabled automation, proactive identification and resolution of issues, or the equitable distribution of risk management responsibilities, the goal must be resilience.

Read More
Cisco Moves Into SIEM With $28B Deal to Acquire Splunk
Cisco Moves Into SIEM With $28B Deal to Acquire Splunk

Cisco's surprise agreement could reshape secure information and event management (SIEM) and extended detection and response (XDR) markets.

Read More
Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor
Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor

The Sandman group's main malware is among the very few that use the Lua scripting language and its just-in-time compiler.

Read More
What Does Socrates Have to Do With CPM?
What Does Socrates Have to Do With CPM?

It's time to focus on the "P" in cybersecurity performance management.

Read More
Salvador Technologies Wins Funding for $2.2M Cybersecurity Project From BIRD Foundation
Salvador Technologies Wins Funding for $2.2M Cybersecurity Project From BIRD Foundation

Read More
'Gold Melody' Access Broker Plays on Unpatched Servers' Strings
'Gold Melody' Access Broker Plays on Unpatched Servers' Strings

A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.

Read More
OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats
OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats

Read More
T-Mobile Racks Up Third Consumer Data Exposure of 2023
T-Mobile Racks Up Third Consumer Data Exposure of 2023

The mobile company states that the issue was due to a glitch that occurred in an update.

Read More
Secure Browser Tech Is Having a Moment
Secure Browser Tech Is Having a Moment

Cloud adoption is driving secure browsers' moment in the sun as rumors fly that Palo Alto Networks is looking to snap up Talon.

Read More
MGM Restores Casino Operations 10 Days After Cyberattack
MGM Restores Casino Operations 10 Days After Cyberattack

The lost revenue due to downtime for gaming and hotel bookings is difficult to ballpark.

Read More
Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns
Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns

A working group is rolling out in developing parts of the world, in response to concerns about the amount of technology being rolled out and across Africa by Chinese companies.

Read More
Mastering Defense-in-Depth and Data Security in the Cloud Era
Mastering Defense-in-Depth and Data Security in the Cloud Era

Though widely used in many organizations, the concept still requires adaptation when aimed at protecting against new types of attacks.

Read More
BBTok Banking Trojan Impersonates 40+ Banks to Hijack Victim Accounts
BBTok Banking Trojan Impersonates 40+ Banks to Hijack Victim Accounts

Attackers use convincing fake website interfaces and sophisticated geo-fencing to target users exclusively in Mexico and Brazil with a new variant of the malware.

Read More
Hikvision Intercoms Allow Snooping on Neighbors
Hikvision Intercoms Allow Snooping on Neighbors

The intercoms are used in thousands of apartments and offices across the world, and they can be used to spy on targets through the other devices they connect to.

Read More
Understanding the Differences Between On-Premises and Cloud Cybersecurity
Understanding the Differences Between On-Premises and Cloud Cybersecurity

The nature of cloud environments means security and technical teams need a different mindset to understand and manage their new attack surface.

Read More
Will Generative AI Kill the Nigerian Prince Scam?
Will Generative AI Kill the Nigerian Prince Scam?

A linguist analyzes whether GPT will improve the notoriously agrammatical scam — or finally render it a thing of the past.

Read More
GitLab Users Advised to Update Against Critical Flaw Immediately
GitLab Users Advised to Update Against Critical Flaw Immediately

The bug has a CVSS score of 9.6 and allows unauthorized users to compromise private repositories.

Read More
Yubico Goes Public
Yubico Goes Public

The Swedish maker of Yubikeys has merged with special purpose acquisition company ACQ Bure.

Read More
Fake WinRAR PoC Exploit Conceals VenomRAT Malware
Fake WinRAR PoC Exploit Conceals VenomRAT Malware

A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals.

Read More
FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service
FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service

The group's use of malware that forces Windows computers to reboot into Safe Mode before encrypting files is noteworthy, advisory says.

Read More
Dig Security Enhances DSPM Platform to Secure Enterprise Data in On-Prem, File-Share Environments
Dig Security Enhances DSPM Platform to Secure Enterprise Data in On-Prem, File-Share Environments

Read More
OneLayer Expands Its Private Cellular Network Security Solutions to Operations and Asset Management
OneLayer Expands Its Private Cellular Network Security Solutions to Operations and Asset Management

Read More
83% of IT Security Professionals Say Burnout Causes Data Breaches
83% of IT Security Professionals Say Burnout Causes Data Breaches

Read More
Bishop Fox Expands Leadership With First CISO and CTO
Bishop Fox Expands Leadership With First CISO and CTO

Read More
International Criminal Court Suffers Cyberattack
International Criminal Court Suffers Cyberattack

The ICC did not reveal details on the cyber breach.

Read More
How Choosing Authentication Is a Business-Critical Decision
How Choosing Authentication Is a Business-Critical Decision

MFA may go a long way in improving password security, but it's not foolproof.

Read More
'Culturestreak' Malware Lurks Inside GitLab Python Package
'Culturestreak' Malware Lurks Inside GitLab Python Package

The GitLab code hijacks computer resources to mine Dero cryptocurrency as part of a larger cryptomining operation.

Read More
Changing Role of the CISO: A Holistic Approach Drives the Future
Changing Role of the CISO: A Holistic Approach Drives the Future

The CISO's role has grown far beyond supervising Patch Tuesday to focus on prevention and response and to cover people, processes, and technology.

Read More
Pro-Iranian Attackers Claim to Target Israeli Railroad Network
Pro-Iranian Attackers Claim to Target Israeli Railroad Network

The veracity of claims by the group known as "Cyber Avengers" has been called into question, as it continues to take credit for hits on various Israeli services.

Read More
How to Interpret the 2023 MITRE ATT&CK Evaluation Results
How to Interpret the 2023 MITRE ATT&CK Evaluation Results

Unpack MITRE's methodology, understand the results, and learn top takeaways from Cynet's evaluation of MITRE's annual security vendor tests.

Read More
Companies Rely on Multiple Methods to Secure Generative AI Tools
Companies Rely on Multiple Methods to Secure Generative AI Tools

To protect their own and their customers' data, organizations are exploring different approaches to guard against the unwanted effects of using AI.

Read More
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign

"SprySOCKS" melds features from multiple previously known badware and adds to the threat actor's growing malware arsenal, Trend Micro says.

Read More
Trend Micro Patches Zero-Day Endpoint Vulnerability
Trend Micro Patches Zero-Day Endpoint Vulnerability

The critical vulnerability involves uninstalling third-party security products and has been used in cyberattacks.

Read More
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents

MGM and Caesars are putting new SEC incident disclosure regulations to a real-world test in the aftermath of twin cyberattacks on the casinos, as class-action lawsuits loom.

Read More
Qatar Cyber Chiefs Warn on Mozilla RCE Bugs
Qatar Cyber Chiefs Warn on Mozilla RCE Bugs

The WebP vulnerability affects multiple browsers besides Firefox and Thunderbird, with active exploitation ongoing.

Read More
Name That Toon: Somewhere in Sleepy Hollow
Name That Toon: Somewhere in Sleepy Hollow

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Read More
Clorox Sees Product Shortages Amid Cyberattack Cleanup
Clorox Sees Product Shortages Amid Cyberattack Cleanup

Everyone's favorite pandemic-era brand is experiencing store shortages in the wake of a cyberattack that impacted its global production lines — and there's no timeline for normal operations to resume.

Read More
CapraRAT Impersonates YouTube to Hijack Android Devices
CapraRAT Impersonates YouTube to Hijack Android Devices

Pakistani threat group Transparent Tribe targets military and diplomatic personnel in India and Pakistan with romance-themed lures in the latest spyware campaign.

Read More
Engineering-Grade OT Protection
Engineering-Grade OT Protection

The worst-case consequences of cyberattacks are sharply, qualitatively different on IT versus OT networks.

Read More
Welcome to the Resilience Revolution, Where Defenders Act More Like Attackers
Welcome to the Resilience Revolution, Where Defenders Act More Like Attackers

Dark Reading News Desk interviewed Kelly Shortridge about the role of infrastructure-as-code in helping security teams become more nimble in responding to cyber threats.

Read More
'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks
'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks

The threat cluster hasn't been seen before, but its custom Windows server backdoors have researchers intrigued thanks to their extremely effective stealth mechanisms.

Read More
Niagara Networks and Scope Middle East Announce Strategic VAD Partnership
Niagara Networks and Scope Middle East Announce Strategic VAD Partnership

Read More
Update on Naked Security
Update on Naked Security

To consolidate all of our security intelligence and news in one location, we have migrated Naked Security to the Sophos News platform.

Read More
Mom’s Meals issues “Notice of Data Event”: What to know and what to do
Mom’s Meals issues “Notice of Data Event”: What to know and what to do

It took six months for notifications to start, and we still don't know exactly what went down... but here's our advice on what to do.

Read More
S3 Ep149: How many cryptographers does it take to change a light bulb?
S3 Ep149: How many cryptographers does it take to change a light bulb?

Latest episode - listen now! Full transcript inside...

Read More
Using WinRAR? Be sure to patch against these code execution bugs…
Using WinRAR? Be sure to patch against these code execution bugs…

Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead...

Read More
Smart light bulbs could give away your password secrets
Smart light bulbs could give away your password secrets

Cryptography isn't just about secrecy. You need to take care of authenticity (no imposters!) and integrity (no tampering!) as well.

Read More
“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?
“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

WYSIWYG is short for "what you see is what you get". Except when it isn't...

Read More
S3 Ep148: Remembering crypto heroes
S3 Ep148: Remembering crypto heroes

Celebrating the true crypto bros. Listen now (full transcript available).

Read More
FBI warns about scams that lure you in as a mobile beta-tester
FBI warns about scams that lure you in as a mobile beta-tester

Apps on your iPhone must come from the App Store. Except when they don't... we explain what to look out for.

Read More
“Grab hold and give it a wiggle” – ATM card skimming is still a thing
“Grab hold and give it a wiggle” – ATM card skimming is still a thing

The rise of tap-to-pay and chip-and-PIN hasn't rid the world of ATM card skimming criminals...

Read More
Crimeware server used by NetWalker ransomware seized and shut down
Crimeware server used by NetWalker ransomware seized and shut down

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

Read More
Student Loan Breach Exposes 2.5M Records
Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

Read More
Watering Hole Attacks Push ScanBox Keylogger
Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Read More
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Read More
Ransomware Attacks are on the Rise
Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Read More
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Read More
Twitter Whistleblower Complaint: The TL;DR Version
Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Read More
Firewall Bug Under Active Attack Triggers CISA Warning
Firewall Bug Under Active Attack Triggers CISA Warning

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Read More
Fake Reservation Links Prey on Weary Travelers
Fake Reservation Links Prey on Weary Travelers

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Read More
iPhone Users Urged to Update to Patch 2 Zero-Days
iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Read More
Google Patches Chrome’s Fifth Zero-Day of the Year
Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Read More
Were you caught up in the latest data breach? Here's how to find out
Were you caught up in the latest data breach? Here's how to find out

Wondering if your information is posted online from a data breach? Here's how to check if your accounts are at risk and what to do next.

Read More
How to delete yourself from internet search results and hide your identity online
How to delete yourself from internet search results and hide your identity online

Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.

Read More
How to find and remove spyware from your phone
How to find and remove spyware from your phone

Surveillance software is becoming more advanced. Here's what to do if you think you're being tracked.

Read More
Hacked! My Twitter user data is out on the dark web -- now what?
Hacked! My Twitter user data is out on the dark web -- now what?

Your Twitter user data may now be out there too, including your phone number. Here's how to check and what you can do about it.

Read More
Windows: Still insecure after all these years
Windows: Still insecure after all these years

OPINION: With every Windows release, Microsoft promises better security. And, sometimes, it makes improvements. But then, well then, we see truly ancient security holes show up yet again.

Read More
Stop using Twitter to log in to other websites
Stop using Twitter to log in to other websites

With Twitter's growing technical problems, you can't rely on it as your single sign-on for other sites.

Read More
How to keep your home secure when you travel
How to keep your home secure when you travel

With travel stressful enough, you don't need the anxiety of wondering if your home is protected.

Read More
OpenSSL dodges a security bullet
OpenSSL dodges a security bullet

The critical security vulnerability turned out to be two serious vulnerabilities. Still, they need patching ASAP.

Read More
Here are the top phone security threats in 2022 and how to avoid them
Here are the top phone security threats in 2022 and how to avoid them

Your handset is always at risk of being exploited. Here's what to look out for.

Read More
Google to wipe user location history for visits to healthcare clinics, domestic violence shelters
Google to wipe user location history for visits to healthcare clinics, domestic violence shelters

Even if location history is enabled, visits to locations considered sensitive will be removed from logs.

Read More
This WhatsApp scam promises big, but just sends you into a spiral
This WhatsApp scam promises big, but just sends you into a spiral

Worker shortages are the hook for the phoney government's 'offer.'

Read More
Ukrainian police takes down phishing gang behind payments scam
Ukrainian police takes down phishing gang behind payments scam

Gang may have defrauded 5,000 people with promises of EU support.

Read More
Virtual-world tech company owner arrested over alleged $45m investment fraud scheme
Virtual-world tech company owner arrested over alleged $45m investment fraud scheme

Investment fraud scheme defrauded more than 10,000 victims, says Department of Justice.

Read More
The British Army is investigating after its Twitter and YouTube accounts were hijacked
The British Army is investigating after its Twitter and YouTube accounts were hijacked

The hijackers used the accounts to promote cryptocurrency and NFTs.

Read More
Period tracking apps are no longer safe. Delete them
Period tracking apps are no longer safe. Delete them

Opinion: The convenience isn't worth the risk.

Read More
Dragonbridge influencers targets rare earth miners, encourages protests to disrupt production
Dragonbridge influencers targets rare earth miners, encourages protests to disrupt production

Researchers say that China has 'crossed the line' again with the new online campaign.

Read More
Google details commercial spyware that targets both Android and iOS devices
Google details commercial spyware that targets both Android and iOS devices

Hermit highlights a wider issue concerning our privacy and freedom.

Read More
Scalper bots are snapping up appointments for government services in Israel
Scalper bots are snapping up appointments for government services in Israel

Scalpers are snapping up public service appointments and selling them on.

Read More
These hackers are spreading ransomware as a distraction - to hide their cyber spying
These hackers are spreading ransomware as a distraction - to hide their cyber spying

Five ransomware strains have been linked to Bronze Starlight activities.

Read More
Ukrainian organizations warned of hacking attempts using CredoMap malware, Cobalt Strike beacons
Ukrainian organizations warned of hacking attempts using CredoMap malware, Cobalt Strike beacons

Russian hackers continue their attempts to break into the systems of Ukrainian organisations, this time with phishing and fake emails.

Read More
CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks

CISA has added CVE-2018-14667, an old critical JBoss RichFaces flaw to its known exploited vulnerabilities catalog.

The post CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks appeared first on SecurityWeek.

Read More
Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks

Hackers have set their sights on CVE-2023-34468, an RCE vulnerability in Apache NiFi that impacts thousands of organizations. 

The post Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks appeared first on SecurityWeek.

Read More
Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers

Gaps in Cloudflare’s security controls allow users to bypass protections and target others from the platform itself.

The post Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers appeared first on SecurityWeek.

Read More
A Key US Government Surveillance Tool Should Face New Limits, a Divided Privacy Oversight Board Says
A Key US Government Surveillance Tool Should Face New Limits, a Divided Privacy Oversight Board Says

A sharply divided privacy oversight board is recommending that the FBI and other agencies be required to get court approval before reviewing the communications of U.S. citizens collected through a secretive foreign surveillance program.

The post A Key US Government Surveillance Tool Should Face New Limits, a Divided Privacy Oversight Board Says appeared first on SecurityWeek.

Read More
NIST Publishes Final Version of 800-82r3 OT Security Guide
NIST Publishes Final Version of 800-82r3 OT Security Guide

NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security.

The post NIST Publishes Final Version of 800-82r3 OT Security Guide appeared first on SecurityWeek.

Read More
FBI Warns Organizations of Dual Ransomware, Wiper Attacks
FBI Warns Organizations of Dual Ransomware, Wiper Attacks

The FBI warns organizations of cyberattacks that employ multiple ransomware families or deploy dormant data wipers.

The post FBI Warns Organizations of Dual Ransomware, Wiper Attacks appeared first on SecurityWeek.

Read More
Johnson Controls Hit by Ransomware
Johnson Controls Hit by Ransomware

Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company.

The post Johnson Controls Hit by Ransomware appeared first on SecurityWeek.

Read More
US State Department Says 60,000 Emails Taken in Alleged Chinese Hack
US State Department Says 60,000 Emails Taken in Alleged Chinese Hack

The US State Department said that hackers took around 60,000 emails in an attack which Microsoft has blamed on China.

The post US State Department Says 60,000 Emails Taken in Alleged Chinese Hack appeared first on SecurityWeek.

Read More
Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product
Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product

Progress Software ships patches for critical-severity flaws in its WS_FTP file transfer software and warns that a pre-authenticated attacker could wreak havoc on the underlying operating system.

The post Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product  appeared first on SecurityWeek.

Read More
Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users

Verisoul, a company that has developed a SaaS platform for detecting and blocking fake users, has raised $3.25 million in seed funding. 

The post Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users appeared first on SecurityWeek.

Read More
Norway wants Facebook behavioral advertising banned across Europe
Norway wants Facebook behavioral advertising banned across Europe

But Meta was just about to start asking people for their permission!

Norway has told the European Data Protection Board (EDPB) it believes a countrywide ban on Meta harvesting user data to serve up advertising on Facebook and Instagram should be made permanent and extended across Europe.…

Read More
Chinese snoops stole 60K State Department emails in that Microsoft email heist
Chinese snoops stole 60K State Department emails in that Microsoft email heist

No classified systems involved apparently, but internal diplomatic notes, travel details, staff SSNs, etc

Chinese snoops stole about 60,000 State Department emails when they broke into Microsoft-hosted Outlook and Exchange Online accounts belonging to US government officials over the summer.…

Read More
Feds' privacy panel backs renewing Feds' S. 702 spying powers — but with limits
Feds' privacy panel backs renewing Feds' S. 702 spying powers — but with limits

FBI agents ought to get spy court approval before reviewing US persons' chats, board reckons

A privacy panel within the US government today narrowly recommended that Congress reauthorize the Feds' Section 702 spying powers — but with some stronger protections for US citizens only.…

Read More
DARPA takes its long-duration Manta undersea drone for a test-dip
DARPA takes its long-duration Manta undersea drone for a test-dip

Autonomous sub should recharge and resupply in perfect stealth, hopefully

DARPA's extended-duration unmanned undersea vehicle (UUV) is having its first aquatic excursion to test if this naval drone has wings, er, fins.…

Read More
After failing at privacy, again, Google is working to keep Bard chats out of Search
After failing at privacy, again, Google is working to keep Bard chats out of Search

The URLs needed to share chat histories have been indexed. Of course

Google's Bard chatbot is currently being re-educated to better understand privacy.…

Read More
China's national security minister rates fake news among most pressing cyber threats
China's national security minister rates fake news among most pressing cyber threats

He's also worried about alliances that freeze out Chinese tech

Chinese minister for national security Chen Yixin has penned an article rating the digital risks his country faces and rated network security incidents as the most realistic source of harm to the Chinternet – both in terms of attacks and the dissemination of fake news.…

Read More
NYC rights groups say no to grocery store spycams and snooping landlords
NYC rights groups say no to grocery store spycams and snooping landlords

Letter to City Council supports measures to ban biometric tech from public spaces

"New Yorkers should not be forced to accept biometric surveillance as part of simple activities like buying groceries or taking their kids to a baseball game," more than 30 civil and digital rights organizations said yesterday in a letter backing new privacy laws in the city.…

Read More
ROBOT crypto attack on RSA is back as Marvin arrives
ROBOT crypto attack on RSA is back as Marvin arrives

More precise timing tests find many implementations vulnerable

An engineer has identified longstanding undetected flaws in a 25-year-old method for encrypting data using RSA public-key cryptography.…

Read More
MOVEit breach delivers bundle of 3.4 million baby records
MOVEit breach delivers bundle of 3.4 million baby records

Progress Software vulnerability ID'd in enormous burglary at Ontario's BORN

Canada's Better Outcomes Registry & Network (BORN) fears a MOVEit breach allowed cybercriminals to copy 3.4 million people's childcare health records dating back more than a decade.…

Read More
Ukraine accuses Russian spies of hunting for war-crime info on its servers
Ukraine accuses Russian spies of hunting for war-crime info on its servers

Russian have shifted tactics in the first half of 2023, with mixed results

The Ukrainian State Service of Special Communications and Information Protection (SSSCIP) has claimed that Russian cyberspies are targeting its servers looking for data about alleged Kremlin-backed war crimes.…

Read More
Mixin suspends deposits and withdrawals after $200m cryptocurrency heist
Mixin suspends deposits and withdrawals after $200m cryptocurrency heist

Cloud provider blamed for loss of 20% of exchange's capital

Mixin Network confirmd on Monday that it has "temporarily suspended" all deposit and withdrawal services after hackers broke into a database and stole about $200 million in funds from the Hong-Kong based cryptocurrency firm. …

Read More
T-Mobile US exposes some customer data – but don't call it a breach
T-Mobile US exposes some customer data – but don't call it a breach

PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns

Infosec in brief  T-Mobile US has had another bad week on the infosec front – this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied.…

Read More
Apple squashes security bugs after iPhone flaws exploited by Predator spyware
Apple squashes security bugs after iPhone flaws exploited by Predator spyware

Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab

Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.…

Read More
ESA gets the job of building Europe's secure satcomms network
ESA gets the job of building Europe's secure satcomms network

IRIS2 oversight deal signed as constellation’s schedule slips, and Ariane 6 hits another snag

The European Space Agency has signed up to build and launch the European Union's Infrastructure for Resilience, Interconnectivity and Security by Satellite constellation.…

Read More
US govt IT help desk techie 'leaked top secrets' to foreign nation
US govt IT help desk techie 'leaked top secrets' to foreign nation

National defense files can earn you $55K … and espionage charges

A US government worker has been arrested and charged with spying for Ethiopia, according to court documents unsealed Thursday.…

Read More
TransUnion reckons big dump of stolen customer data came from someone else
TransUnion reckons big dump of stolen customer data came from someone else

Prolific info-thief strikes again

Updated  Days after a miscreant boasted leaking a 3GB-plus database from TransUnion containing financial information on 58,505 people, the credit-checking agency has claimed the info was actually swiped from a third party.…

Read More
Cisco spends $28B on data cruncher Splunk in cybersecurity push
Cisco spends $28B on data cruncher Splunk in cybersecurity push

$157/share cash deal is the largest acquisition in networking titan's history

Cisco is making its most expensive acquisition ever – by far - with an announcement it's buying data crunching software firm Splunk for $157 per share, or approximately $28 billion (£22.8b).…

Read More
Menacing marketeers fined by ICO for 1.9M cold calls
Menacing marketeers fined by ICO for 1.9M cold calls

Five businesses facing half a million in collective penalties for illegally phoning folk registered with TPS

The UK data watchdog has penalized five businesses it says collectively made 1.9 million cold calls to members of the public, illegally, as those people had opted out of being menaced at home by marketeers.…

Read More
India's biggest tech centers named as cyber crime hotspots
India's biggest tech centers named as cyber crime hotspots

Global tech companies' Bharat offices attract the wrong sort of interest

India is grappling with a three-and-a-half year surge in cyber crime, with analysis suggesting cities like Bengaluru and Gurugram – centers of India's tech development – are hubs of this activity.…

Read More
Data breach reveals distressing info: People who order pineapple on pizza
Data breach reveals distressing info: People who order pineapple on pizza

Pizza Hut Australia says 190,000 customers' info – including order history – has been accessed

Pizza Hut's Australian outpost has suffered a data breach.…

Read More
Feds raise alarm over Snatch ransomware as extortion crew brags of Veterans Affairs hit
Feds raise alarm over Snatch ransomware as extortion crew brags of Veterans Affairs hit

Invasion of the data snatchers

The Snatch ransomware crew has listed on its dark-web site the Florida Department of Veterans Affairs as one of its latest victims – as the Feds warn organizations to be on the lookout for indicators of compromise linked to the extortionist gang.…

Read More
Signal adopts new alphabet jumble to protect chats from quantum computers
Signal adopts new alphabet jumble to protect chats from quantum computers

X3DH readied for retirement as PQXDH is rolled out

Signal has adopted a new key agreement protocol in an effort to keep encrypted Signal chat messages protected from any future quantum computers.…

Read More
International Criminal Court hit in cyber-attack amid Russia war crimes probe
International Criminal Court hit in cyber-attack amid Russia war crimes probe

Right as judges issued warrants against Putin

The International Criminal Court said crooks breached its IT systems last week, and that attack isn't over yet, with the ICC saying the "cybersecurity incident" is still ongoing.…

Read More
Pot calls the kettle hack as China claims Uncle Sam did digital sneak peek first
Pot calls the kettle hack as China claims Uncle Sam did digital sneak peek first

Beijing accuses US of breaking into Huawei servers in 2009

The ongoing face-off between Washington and Beijing over technology and security issues has taken a new twist, with China accusing the US of hacking into the servers of Huawei in 2009 and conducting other cyber-attacks to steal critical data.…

Read More
Robocall scammers sentenced in US after netting $1.2M via India-based call centers
Robocall scammers sentenced in US after netting $1.2M via India-based call centers

Part of network of crims who used 'trickery and threats' to target elderly, says US Attorney

Two Indian nationals each received 41-month prison sentences for their involvement in $1.2 million worth of robocall scams targeting the elderly, according to the district of New Jersey’s attorney's office on Tuesday.…

Read More
Sysadmin and spouse admit to part in 'massive' pirated Avaya licenses scam
Sysadmin and spouse admit to part in 'massive' pirated Avaya licenses scam

Could spend 20 years in prison after selling $88M in ADI software keys

A sysadmin and his partner pleaded guilty this week to being part of a "massive" international ring that sold software licenses worth $88 million for "significantly below the wholesale price."…

Read More
Broaden your cyber security knowhow at CyberThreat 2023
Broaden your cyber security knowhow at CyberThreat 2023

November’s two day conference sees experts from the cyber security community share their insight and knowledge

Sponsored Post  Cyber security remains a top three priority for most, if not all, organisations. The risks associated with failure to implement adequate defences were once again highlighted by the ransomware incident which impacted several hospital computer systems across the US last month.…

Read More
Singapore may split liability for phishing losses between banks and victims
Singapore may split liability for phishing losses between banks and victims

Won't someone please think of the banks?

Singapore officials announced on Monday that next month they will deliver a consultation paper detailing a split liability scheme that will mean both consumers and banks are on the hook for financial losses flowing from scams.…

Read More
Marvell disputes claim Cavium backdoored chips for Uncle Sam
Marvell disputes claim Cavium backdoored chips for Uncle Sam

Allegations date back a decade to leaked Snowden docs

Cavium, a maker of semiconductors acquired in 2018 by Marvell, was allegedly identified in documents leaked in 2013 by Edward Snowden as a vendor of semiconductors backdoored for US intelligence. Marvell denies it or Cavium placed backdoors in products at the behest of the US government.…

Read More
Russian allegedly smuggled US weapons electronics to Moscow
Russian allegedly smuggled US weapons electronics to Moscow

Feds claim sniper scope displays sold in sanctions-busting move

A Russian national helped smuggle, via shell companies in Hong Kong, more than $1.6 million in microelectronics to Moscow potentially to support its war against Ukraine, it is claimed.…

Read More
The Clorox Company admits cyberattack causing 'widescale disruption'
The Clorox Company admits cyberattack causing 'widescale disruption'

Back to 'manual' order processing for $7B household cleaning biz, financial impact will be 'material'

The Clorox Company, makers of bleach and other household cleaning products, doesn't expect operations to return to normal until near month end as it combs over "widescale disruption to operations" caused by cyber baddies.…

Read More
Australia to build six 'cyber shields' to defend its shores
Australia to build six 'cyber shields' to defend its shores

Local corporate regulator warns boards that cyber is totally a directorial duty

Australia will build "six cyber shields around our nation" declared home affairs minister Clare O'Neill yesterday, as part of a national cyber security strategy.…

Read More
Thousands of Juniper Junos firewalls still open to hijacks, exploit code available to all
Thousands of Juniper Junos firewalls still open to hijacks, exploit code available to all

Unauthenticated and remote code execution possible without dropping a file on disk

About 79 percent of public-facing Juniper SRX firewalls remain vulnerable to a single security flaw can allow an unauthenticated attacker to remotely execute code on the devices, according to threat intelligence platform provider VulnCheck.…

Read More
Former CIO accuses Penn State of faking cybersecurity compliance
Former CIO accuses Penn State of faking cybersecurity compliance

Now-NASA boffin not impressed

Last October, Pennsylvania State University (Penn State) was sued by a former chief information officer for allegedly falsifying government security compliance reports.…

Read More
Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder
Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder

Included secrets, private keys, passwords, 30,000+ internal Teams messages

A Microsoft employee accidentally exposed 38 terabytes of private data while publishing a bucket of open-source AI training data on GitHub, according to Wiz security researchers who spotted the leaky account and reported it to the Windows giant.…

Read More
California passes bill to set up one-stop data deletion shop
California passes bill to set up one-stop data deletion shop

Also, LockBit gets a new second stringer, AirTag owners find yet another illicit use, and this week's critical vulns

Infosec in brief  Californians may be on their way to the nation's first "do not broker" list with the passage of a bill that would create a one-stop service for residents of the Golden State who want to opt out of being tracked by data brokers. …

Read More
Cryptojackers spread their nets to capture more than just EC2
Cryptojackers spread their nets to capture more than just EC2

AMBERSQUID operation takes AWS's paths less travelled in search of compute

As cloud native computing continues to gain popularity, so does the risk posed by criminals seeking to exploit the unwary. One newly spotted method targets services on the AWS platform, but not necessarily the ones you might think.…

Read More
Probe reveals previously secret Israeli spyware that infects targets via ads
Probe reveals previously secret Israeli spyware that infects targets via ads

Oh s#!t, Sherlock

Israeli software maker Insanet has reportedly developed a commercial product called Sherlock that can infect devices via online adverts to snoop on targets and collect data about them for the biz's clients.…

Read More
Scattered Spider traps 100+ victims in its web as it moves into ransomware
Scattered Spider traps 100+ victims in its web as it moves into ransomware

Mandiant warns casino raiders are doubling down on 'monetization strategies'

Scattered Spider, the crew behind at least one of the recent Las Vegas casino IT security breaches, has already hit some 100 organizations during its so-far brief tenure in the cybercrime scene, according to Mandiant.…

Read More
Google throws California $93M to make location tracking lawsuit disappear
Google throws California $93M to make location tracking lawsuit disappear

Half a percent of last quarter's net income? That'll teach 'em

Google has been hit with another lawsuit alleging it deceived users about its collection, storage, and use of their location data, this time from the state of California. Yet it's over before it really began.…

Read More
Greater Manchester Police ransomware attack another classic demo of supply chain challenges
Greater Manchester Police ransomware attack another classic demo of supply chain challenges

Are you the weakest link?

The UK's Greater Manchester Police (GMP) has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked.…

Read More
US-Canada water org confirms 'cybersecurity incident' after ransomware crew threatens leak
US-Canada water org confirms 'cybersecurity incident' after ransomware crew threatens leak

NoEscape promises 'colossal wave of problems' if IJC doesn't pay up

The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization.…

Read More
Caesars says cyber-crooks stole customer data as MGM casino outage drags on
Caesars says cyber-crooks stole customer data as MGM casino outage drags on

Zero-days are so 2022. Why not just social engineer the help desk?

Updated  Casino giant Caesars Entertainment has confirmed miscreants stole a database containing customer info, including driver license and social security numbers for a "significant number" of its loyalty program members, in a social engineering attack earlier this month.…

Read More
Rollbar might be good at tracking bugs, uninvited guests not so much
Rollbar might be good at tracking bugs, uninvited guests not so much

Company noticed data warehouse break-in via compromised account a month later

Cloud-based bug tracking and monitoring platform Rollbar has warned users that attackers have rifled through their data.…

Read More
Watchdog urges change of HART: Late, expensive US biometric ID under fire
Watchdog urges change of HART: Late, expensive US biometric ID under fire

Homeland Security told to mind costs, fix up privacy controls

Twice delayed and over budget, the US Department of Homeland Security (DHS) has been told by the Government Accountability Office (GAO) that it needs to correct shortcomings in its biometric identification program.…

Read More
Uncle Sam warns deepfakes are coming for your brand and bank account
Uncle Sam warns deepfakes are coming for your brand and bank account

No, your CEO is not on Teams asking you to transfer money

Deepfakes are coming for your brand, bank accounts, and corporate IP, according to a warning from US law enforcement and cyber agencies.…

Read More
Airbus suffers data leak turbulence to cybercrooks' delight
Airbus suffers data leak turbulence to cybercrooks' delight

Ransomware group nicked info from employee of airline, say researchers

Aerospace giant Airbus has fallen victim to a data breach, thanks in part to the inattention of a third party.…

Read More
Used cars? Try used car accounts: 15,000 up for grabs online at just $2 a pop
Used cars? Try used car accounts: 15,000 up for grabs online at just $2 a pop

Cut and shut is so last century, now it's copy and clone

Researchers have found almost 15,000 automotive accounts for sale online and pointed at a credential-stuffing attack that targeted car makers.…

Read More
How to snoop on passwords with this one weird trick (involving public Wi-Fi signals)
How to snoop on passwords with this one weird trick (involving public Wi-Fi signals)

Fun technique – but how practical is it?

Some smart cookies at institutions in China and Singapore have devised a technique for reading keystrokes and pilfering passwords or passcodes from Wi-Fi-connected mobile devices on public networks, without any hardware hacking.…

Read More
Capita class action: 2,000 folks affected by data theft sign up
Capita class action: 2,000 folks affected by data theft sign up

Pensioners, employees and medical pros among those aiming to be compensated for data exposure

The number of claimants signing up to a collective action against Capita over the infamous March cyber security break-in and subsequent data exposure keeps going up, according to the lawyer overseeing the case.…

Read More
Privacy Regulator Orders End to Spreadsheet FOI Responses
Privacy Regulator Orders End to Spreadsheet FOI Responses

UK ICO issues call after damaging police leak

Read More
Microsoft Breach Exposed 60,000 State Department Emails
Microsoft Breach Exposed 60,000 State Department Emails

Chinese actor Storm-0558 compromised Outlook accounts

Read More
MOVEit Developer Patches Critical File Transfer Bugs
MOVEit Developer Patches Critical File Transfer Bugs

CVSS 10.0 flaw was found in the WS_FTP Server software

Read More
Budworm APT Evolves Toolset, Targets Telecoms and Government
Budworm APT Evolves Toolset, Targets Telecoms and Government

Symantec explained that the attack leveraged a new variant of Budworm’s SysUpdate backdoor

Read More
Booking.com Customers Targeted in Major Phishing Campaign
Booking.com Customers Targeted in Major Phishing Campaign

Perception Point research highlights the extensive reach of this issue, affecting hotels and resorts on a global scale

Read More
Android Banking Trojan Zanubis Evolves to Target Peruvian Users
Android Banking Trojan Zanubis Evolves to Target Peruvian Users

The Trojan utilizes the Obfuscapk obfuscator for Android APK files, Kaspersky explained

Read More
US Lawmaker: Government Shutdown Will Leave Americans Exposed to Cyber-Attacks
US Lawmaker: Government Shutdown Will Leave Americans Exposed to Cyber-Attacks

If the US government shutdown occurs, it is expected that 80% of CISA employees will be furloughed

Read More
US and Japan Warn of Chinese Router Attacks
US and Japan Warn of Chinese Router Attacks

BlackTech group blamed for cyber-espionage operation

Read More
Google Patches Chrome Zero-Day Used in Spyware Attacks
Google Patches Chrome Zero-Day Used in Spyware Attacks

It’s the fifth zero-day to be fixed this year

Read More
UK Logistics Firm Forced to Close After Ransomware Breach
UK Logistics Firm Forced to Close After Ransomware Breach

Kettering-based KNP Logistics Group was hit in June

Read More
Simple Membership Plugin Flaws Expose WordPress Sites
Simple Membership Plugin Flaws Expose WordPress Sites

Patchstack uncovered an unauthenticated role privilege escalation flaw and an account takeover vulnerability

Read More
Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims
Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims

According to Resecurity, Ransomed.vc is demanding a ransom of over $1m from NTT Docomo

Read More
Malicious ads creep into Bing Chat responses
Malicious ads creep into Bing Chat responses

Users of Bing Chat, the GPT-4-powered search engine Microsoft introduced earlier this year, are being targeted with ads leading to malware. According to Malwarebytes researchers, searching for Advanced IP Scanner (network-scanning software) or MyCase (legal case management software) may result in an infection. Pushing malware via Bing Chat ads Malwarebytes researchers tested Bing Chat with a simple query: “download advanced IP scanner”. Bing Chat responded by saying that “You can download Advanced IP Scanner from … More

The post Malicious ads creep into Bing Chat responses appeared first on Help Net Security.

Read More
Dialpad PII Redaction enhances privacy protection
Dialpad PII Redaction enhances privacy protection

Dialpad released PII Redaction, an Ai-powered feature designed to fortify privacy safeguards of personal identifiable information (PII) and empower users with greater control over their data. As part of Dialpad Ai, a proprietary automatic speech recognition (ASR) and natural language processing (NLP) engine embedded across Dialpad’s sales, voice, meetings, messaging and contact center solution, PII Redaction acts as a powerful safeguard for customer privacy, security, and compliance. Sharing personal data with organizations online is a … More

The post Dialpad PII Redaction enhances privacy protection appeared first on Help Net Security.

Read More
Bitdefender Threat Intelligence enables organizations to improve their security posture
Bitdefender Threat Intelligence enables organizations to improve their security posture

Bitdefender unveiled Bitdefender Threat Intelligence (TI), a solution for businesses with a security operation center (SOC), managed security service providers (MSSPs) and technology partners to integrate cyber threat intelligence and dynamic malware analysis into their operations. The offering gives organizations heightened visibility of the evolving global threat landscape to improve threat detection and validation, triage alerts, enhance threat hunting, and speed incident response. “Having access to relevant, timely, and actionable threat intelligence is mandatory in … More

The post Bitdefender Threat Intelligence enables organizations to improve their security posture appeared first on Help Net Security.

Read More
Blackpoint Cyber unveils Cloud Response for Google Workspace
Blackpoint Cyber unveils Cloud Response for Google Workspace

Blackpoint Cyber has announced the expansion of its cloud security product, Cloud Response, to Google Workspace. Blackpoint first introduced Cloud Response for Microsoft 365, the first true Managed Detection and Response (MDR) service in the cloud, to partners in June 2022. Coming early October 2023, Cloud Response will protect both Microsoft 365 and Google Workspace environments. This expansion enhances the security of Google Workspace and safeguards users through the 24/7 detection and prevention of unauthorized … More

The post Blackpoint Cyber unveils Cloud Response for Google Workspace appeared first on Help Net Security.

Read More
Conceal partners with CyberForce Security to elevate MSSP services with advanced browser security
Conceal partners with CyberForce Security to elevate MSSP services with advanced browser security

Conceal announced strategic alliance with CyberForce Security. This collaboration is set to enhance CyberForce’s already comprehensive technology suite by including ConcealBrowse’s elite browser security. “We are thrilled to integrate with CyberForce Security, a powerhouse known for its value-driven approach and deep commitment to offering the finest cybersecurity solutions in the industry. By incorporating ConcealBrowse into their portfolio, we’re collectively raising the bar in web protection for MSPs of all sizes,” commented Gordon Lawson, CEO of … More

The post Conceal partners with CyberForce Security to elevate MSSP services with advanced browser security appeared first on Help Net Security.

Read More
Nexusflow raises $10.6 million to improve generative AI in cybersecurity
Nexusflow raises $10.6 million to improve generative AI in cybersecurity

Nexusflow announced that it has raised a $10.6 million seed round led by Point72 Ventures, with participation from Fusion Fund and several AI luminaries in Silicon Valley. Nexusflow was founded by AI experts Professor Jiantao Jiao and Professor Kurt Keutzer from the Berkeley AI Research (BAIR) Lab, along with industry AI leader Jian Zhang. Jian Zhang received his Ph.D. from the Stanford AI Lab and served as the former Machine Learning Director at SambaNova Systems, … More

The post Nexusflow raises $10.6 million to improve generative AI in cybersecurity appeared first on Help Net Security.

Read More
Ann Minooka joins Synopsys as CMO
Ann Minooka joins Synopsys as CMO

Synopsys announced the appointment of Ann Minooka as the company’s Chief Marketing Officer, reporting to Sassine Ghazi, president and COO of Synopsys. Minooka joins the company with more than two decades of marketing leadership experience in the semiconductor industry and is responsible for leading Synopsys’ global brand strategy, communications, and marketing initiatives. “Ann brings deep semiconductor industry experience and a strong track record of strengthening technology brands, revolutionizing digital marketing through data-driven insights and cultivating … More

The post Ann Minooka joins Synopsys as CMO appeared first on Help Net Security.

Read More
How should organizations navigate the risks and opportunities of AI?
How should organizations navigate the risks and opportunities of AI?

As we realize exciting new advancements in the application of generative pre-trained transformer (GPT) technology, our adversaries are finding ingenious ways to leverage these capabilities to inflict harm. There’s evidence to suggest that offensive actors are using AI and machine learning techniques to carry out increasingly sophisticated, automated attacks. Rather than running from the potential of this evolving technology, individual organizations should be embracing AI tools in their cyber defense strategies. The opportunities and rewards … More

The post How should organizations navigate the risks and opportunities of AI? appeared first on Help Net Security.

Read More
New infosec products of the week: September 29, 2023
New infosec products of the week: September 29, 2023

Here’s a look at the most interesting products from the past week, featuring releases from AlphaSOC, Baffle, Immersive Labs, OneTrust, Panzura, runZero, and SeeMetrics. Immersive Labs Workforce Exercising allows cyber leaders to identify and fill skills gaps Immersive Labs unveiled the expansion of its AI-ready platform, now with coverage across the entire organization through its new Workforce Exercising solution. The new solution allows cyber leaders to assess different departments – such as high-value targets like … More

The post New infosec products of the week: September 29, 2023 appeared first on Help Net Security.

Read More
VMware users anxious about costs and ransomware threats
VMware users anxious about costs and ransomware threats

VMware customers have growing concerns about the state of the virtualization software and the company behind it – ranging from rising licensing costs, ransomware vulnerabilities and a diminishing quality of support, according to VergeIO. 84% of respondents indicated that they were concerned about VMware’s current and future costs, with many highlighting “per-core” renewal quotes and licensing agreements that require a commitment to year-over-year spending increases as additional points of distress. With a rise in ransomware … More

The post VMware users anxious about costs and ransomware threats appeared first on Help Net Security.

Read More
ESET's cutting-edge threat research at LABScon – Week in security with Tony Anscombe
ESET's cutting-edge threat research at LABScon – Week in security with Tony Anscombe

Two ESET malware researchers took to the LABScon stage this year to deconstruct sophisticated attacks conducted by two well-known APT groups

Read More
Can open-source software be secure?
Can open-source software be secure?

Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security?

Read More
Ballistic Bobcat's Sponsor backdoor  – Week in security with Tony Anscombe
Ballistic Bobcat's Sponsor backdoor – Week in security with Tony Anscombe

Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States

Read More
10 tips to ace your cybersecurity job interview
10 tips to ace your cybersecurity job interview

Once you’ve made it past the initial screening process and secured that all-important interview, it’s time to seal the deal. These 10 tips will put you on the right track.

Read More
Stealth Falcon preying over Middle Eastern skies with Deadglyph
Stealth Falcon preying over Middle Eastern skies with Deadglyph

ESET researchers have discovered Deadglyph, a sophisticated backdoor used by the infamous Stealth Falcon group for espionage in the Middle East

Read More
OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes
OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes

ESET researchers document OilRig’s Outer Space and Juicy Mix campaigns, targeting Israeli organizations in 2021 and 2022

Read More
Read it right! How to spot scams on Reddit
Read it right! How to spot scams on Reddit

Do you know what types of scams and other fakery you should look out for when using a platform that once billed itself as “the front page of the Internet”?

Read More
Will you give X your biometric data? – Week in security with Tony Anscombe
Will you give X your biometric data? – Week in security with Tony Anscombe

The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and secured

Read More
ESET Research Podcast: Sextortion, digital usury and SQL brute-force
ESET Research Podcast: Sextortion, digital usury and SQL brute-force

Closing intrusion vectors force cybercriminals to revisit old attack avenues, but also to look for new ways to attack their victims

Read More
5 of the top programming languages for cybersecurity
5 of the top programming languages for cybersecurity

While far from all roles in security explicitly demand coding skills, it’s challenging to envision a career in this field that wouldn’t derive substantial advantages from at least a basic understanding of fundamental coding principles

Read More
Staying ahead of threats: 5 cybercrime trends to watch
Staying ahead of threats: 5 cybercrime trends to watch

New reports from Europol and the UK’s National Crime Agency (NCA) shed a light on how the battle against cybercrime is being fought

Read More
Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor
Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor

Read More
Fake Signal and Telegram apps – Week in security with Tony Anscombe
Fake Signal and Telegram apps – Week in security with Tony Anscombe

ESET research uncovers active campaigns targeting Android users and spreading espionage code through the Google Play store, Samsung Galaxy Store and dedicated websites

Read More
Getting off the hook: 10 steps to take after clicking on a phishing link
Getting off the hook: 10 steps to take after clicking on a phishing link

Phishing emails are a weapon of choice for criminals intent on stealing people’s personal data and planting malware on their devices. The healing process does not end with antivirus scanning.

Read More
ESET Research Podcast: Unmasking MoustachedBouncer
ESET Research Podcast: Unmasking MoustachedBouncer

Listen as ESET's Director of Threat Research Jean-Ian Boutin unravels the tactics, techniques and procedures of MoustachedBouncer, an APT group taking aim at foreign embassies in Belarus

Read More
How a Telegram bot helps scammers target victims – Week in security with Tony Anscombe
How a Telegram bot helps scammers target victims – Week in security with Tony Anscombe

ESET researchers uncover a Telegram bot that enables even less tech-savvy scammers to defraud people out of their money

Read More
BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps
BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs

Read More
What you need to know about iCloud Private Relay
What you need to know about iCloud Private Relay

If you want to try to enter the world of VPNs with a small dip, then iCloud Private Relay is your friend — but is it a true VPN service? The devil is in the details.

Read More
Recovering from a supply-chain attack: What are the lessons to learn from the 3CX hack?
Recovering from a supply-chain attack: What are the lessons to learn from the 3CX hack?

The campaign started with a trojanized version of unsupported financial software

Read More
Scarabs colon-izing vulnerable servers
Scarabs colon-izing vulnerable servers

Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle

Read More
Evacuation of 30,000 hackers – Week in security with Tony Anscombe
Evacuation of 30,000 hackers – Week in security with Tony Anscombe

DEF CON, the annual hacker convention in Las Vegas, was interrupted on Saturday evening when authorities evacuated the event's venue due to a bomb threat

Read More
DEF CON 31:  US DoD urges hackers to go and hack ‘AI’
DEF CON 31: US DoD urges hackers to go and hack ‘AI’

The limits of current AI need to be tested before we can rely on their output

Read More
DEF CON 31: Robot vacuums may be doing more than they claim
DEF CON 31: Robot vacuums may be doing more than they claim

When it comes to privacy, it remains complicated and near impossible for a consumer to make an informed decision.

Read More
20k security folks in the desert – Week in security with Tony Anscombe
20k security folks in the desert – Week in security with Tony Anscombe

Unsurprisingly, artificial intelligence took the center stage at this year's edition of Black Hat, one of the world's largest gatherings of cybersecurity professionals

Read More
Black Hat 2023: How AI changes the monetization of search
Black Hat 2023: How AI changes the monetization of search

Search engines, AI, and monetization in the new era

Read More
Black Hat 2023: Hacking the police (at least their radios)
Black Hat 2023: Hacking the police (at least their radios)

Hiding behind a black box and hoping no one will hack it has been routinely proven to be unwise and less secure.

Read More
A Bard’s Tale – how fake AI bots try to install malware
A Bard’s Tale – how fake AI bots try to install malware

The AI race is on! It’s easy to lose track of the latest developments and possibilities, and yet everyone wants to see firsthand what the hype is about. Heydays for cybercriminals!

Read More
Black Hat 2023: ‘Teenage’ AI not enough for cyberthreat intelligence
Black Hat 2023: ‘Teenage’ AI not enough for cyberthreat intelligence

Current LLMs are just not mature enough for high-level tasks

Read More
Black Hat 2023: AI gets big defender prize money
Black Hat 2023: AI gets big defender prize money

Black Hat is big on AI this year, and for a good reason

Read More
Black Hat 2023: Cyberwar fire-and-forget-me-not
Black Hat 2023: Cyberwar fire-and-forget-me-not

What happens to cyberweapons after a cyberwar?

Read More
Mass-spreading campaign targeting Zimbra users
Mass-spreading campaign targeting Zimbra users

ESET researchers have observed a new phishing campaign targeting users of the Zimbra Collaboration email server.

Read More
Telekopye: Hunting Mammoths using Telegram bot
Telekopye: Hunting Mammoths using Telegram bot

Analysis of Telegram bot that helps cybercriminals scam people on online marketplaces

Read More
Check cybersecurity pre-invest – Week in security with Tony Anscombe
Check cybersecurity pre-invest – Week in security with Tony Anscombe

When you invest in a company, do you check its cybersecurity? The U.S. Securities and Exchange Commission has adopted new cybersecurity rules.

Read More
MoustachedBouncer: Espionage against foreign diplomats in Belarus
MoustachedBouncer: Espionage against foreign diplomats in Belarus

Long-term espionage against diplomats, leveraging email-based C&C protocols, C++ modular backdoors, and adversary-in-the-middle (AitM) attacks… Sounds like the infamous Turla? Think again!

Read More
Time is money, and online game scammers have lots of it
Time is money, and online game scammers have lots of it

Gamers and cybersecurity professionals have something in common – the ever-terrible presence of hacking, scams, and data theft – but how and why would anyone want to target gamers?

Read More
Is backdoor access oppressive? – Week in security with Tony Anscombe
Is backdoor access oppressive? – Week in security with Tony Anscombe

Bills granting access to end-to-end encrypted systems, opportunity for cybercriminals, abuse by authority, human rights, and tech companies leaving the UK?

Read More
The grand theft of Jake Moore’s voice: The concept of a virtual kidnap
The grand theft of Jake Moore’s voice: The concept of a virtual kidnap

With powerful AI, it doesn’t take much to fake a person virtually, and while there are some limitations, voice-cloning can have some dangerous consequences.

Read More
Fingerprints all over: Can browser fingerprinting increase website security?
Fingerprints all over: Can browser fingerprinting increase website security?

Browser fingerprinting is supposedly a more privacy-conscious tracking method, replacing personal information with more general data. But is it a valid promise?

Read More
Quantum computing: Will it break crypto security within a few years?
Quantum computing: Will it break crypto security within a few years?

Current cryptographic security methods watch out - quantum computing is coming for your lunch.

Read More
Gathering dust and data: How robotic vacuums can spy on you
Gathering dust and data: How robotic vacuums can spy on you

Mitigate the risk of data leaks with a careful review of the product and the proper settings.

Read More
Dear all, What are some common subject lines in phishing emails?
Dear all, What are some common subject lines in phishing emails?

Scammers exploit current ongoing events, account notifications, corporate communication, and a sense of urgency.

Read More
What happens if AI is wrong? – Week in security with Tony Anscombe
What happens if AI is wrong? – Week in security with Tony Anscombe

Responses generated by ChatGPT about individual people could be misleading or harmful or spill their personal information. What are the takeaways for you as a ChatGPT user?

Read More
8 common work-from-home scams to avoid
8 common work-from-home scams to avoid

That ‘employer’ you’re speaking to may in reality be after your personal information, your money or your help with their illegal activities

Read More
Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour
Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour

There is a significant secondary marketplace where tickets can sell for several times their original value, opening the opportunity for scammers and fraud

Read More
Child identity theft: how do I keep my kids’ personal data safe?
Child identity theft: how do I keep my kids’ personal data safe?

Why is kids’ personal information in high demand, how do criminals steal it, and what can parents do to help prevent child identity theft?

Read More
Key findings from ESET Threat Report H1 2023 – Week in security with Tony Anscombe
Key findings from ESET Threat Report H1 2023 – Week in security with Tony Anscombe

Here's how cybercriminals have adjusted their tactics in response to Microsoft's stricter security policies, plus other interesting findings from ESET's new Threat Report

Read More
The danger within: 5 steps you can take to combat insider threats
The danger within: 5 steps you can take to combat insider threats

Some threats may be closer than you think. Are security risks that originate from your own trusted employees on your radar?

Read More
ESET Research Podcast: Finding the mythical BlackLotus bootkit
ESET Research Podcast: Finding the mythical BlackLotus bootkit

Here's a story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

Read More
ESET Threat Report H1 2023
ESET Threat Report H1 2023

A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Read More
Emotet: sold or on vacation? – Week in security with Tony Anscombe
Emotet: sold or on vacation? – Week in security with Tony Anscombe

Originally a banking trojan, Emotet later evolved into a full-blown botnet and went on to become one of the most dangerous cyberthreats worldwide

Read More
What’s up with Emotet?
What’s up with Emotet?

A brief summary of what happened with Emotet since its comeback in November 2021

Read More
Deepfaking it: What to know about deepfake-driven sextortion schemes
Deepfaking it: What to know about deepfake-driven sextortion schemes

Criminals increasingly create deepfake nudes from people’s benign public photos in order to extort money from them, the FBI warns

Read More
Verizon 2023 DBIR: What’s new this year and top takeaways for SMBs
Verizon 2023 DBIR: What’s new this year and top takeaways for SMBs

Here are some of the key insights on the evolving data breach landscape as revealed by Verizon’s analysis of more than 16,000 incidents

Read More
The good, the bad and the ugly of AI – Week in security with Tony Anscombe
The good, the bad and the ugly of AI – Week in security with Tony Anscombe

The growing use of synthetic media and the difficulties in distinguishing between real and fake content raise a slew of legal and ethical questions

Read More
Employee monitoring: Is ‘bossware’ right for your company?
Employee monitoring: Is ‘bossware’ right for your company?

While employee monitoring software may boost productivity, it may also be a potential privacy minefield and it can affect your relationship with your employees

Read More
School’s out for summer, but it’s not time to let your cyber guard down
School’s out for summer, but it’s not time to let your cyber guard down

The beginning of the summer break is the perfect time for parents to remind their children about the importance of safe online habits

Read More
What to know about the MOVEit hack – Week in security with Tony Anscombe
What to know about the MOVEit hack – Week in security with Tony Anscombe

The US government has now announced a bounty of $10 million for intel linking the Cl0p ransomware gang to a foreign government

Read More
Maltego: Check how exposed you are online
Maltego: Check how exposed you are online

A primer on how to use this powerful tool for uncovering and connecting information from publicly available sources

Read More
Going on vacation soon? Stay one step ahead of travel scams
Going on vacation soon? Stay one step ahead of travel scams

From bogus free trips to fake rental homes, here are some of the most common online threats you should look out for both before and during your travels

Read More
Passwords out, passkeys in: are you ready to make the switch?
Passwords out, passkeys in: are you ready to make the switch?

With passkeys poised for prime time, passwords seem passé. What are the main benefits of ditching one in favor of the other?

Read More
Is a RAT stealing your files? – Week in security with Tony Anscombe
Is a RAT stealing your files? – Week in security with Tony Anscombe

Could your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups or performs other shenanigans?

Read More
Stop Cyberbullying Day: Prevention is everyone's responsibility
Stop Cyberbullying Day: Prevention is everyone's responsibility

Strategies for stopping and responding to cyberbullying require a concerted, community-wide effort involving parents, educators and children themselves

Read More
Android GravityRAT goes after WhatsApp backups
Android GravityRAT goes after WhatsApp backups

ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files

Read More
Cyber insurance: What is it and does my company need it?
Cyber insurance: What is it and does my company need it?

While not a 'get out of jail free card' for your business, cyber insurance can help insulate it from the financial impact of a cyber-incident

Read More
Mixing cybercrime and cyberespionage – Week in security with Tony Anscombe
Mixing cybercrime and cyberespionage – Week in security with Tony Anscombe

A crimeware group that usually targets individuals and SMBs in North America and Europe adds cyberespionage to its activities

Read More
Asylum Ambuscade: crimeware or cyberespionage?
Asylum Ambuscade: crimeware or cyberespionage?

A curious case of a threat actor at the border between crimeware and cyberespionage

Read More
Hear no evil: Ultrasound attacks on voice assistants
Hear no evil: Ultrasound attacks on voice assistants

How your voice assistant could do the bidding of a hacker – without you ever hearing a thing

Read More
7 tips for spotting a fake mobile app
7 tips for spotting a fake mobile app

Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future

Read More
API security in the spotlight – Week in security with Tony Anscombe
API security in the spotlight – Week in security with Tony Anscombe

Given the reliance of today's digital world on APIs and the fact that attacks targeting them continue to rise sharply, API security cannot be an afterthought.

Read More
All eyes on APIs: Top 3 API security risks and how to mitigate them
All eyes on APIs: Top 3 API security risks and how to mitigate them

As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency

Read More
5 free OSINT tools for social media
5 free OSINT tools for social media

A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms

Read More
Tricks of the trade: How a cybercrime ring operated a multi-level fraud scheme
Tricks of the trade: How a cybercrime ring operated a multi-level fraud scheme

A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target for similar ploys

Read More
How an innocuous app morphed into a trojan – Week in security with Tony Anscombe
How an innocuous app morphed into a trojan – Week in security with Tony Anscombe

ESET research uncovers an Android app that initially had no harmful features but months later turned into a spying tool

Read More
Shedding light on AceCryptor and its operation
Shedding light on AceCryptor and its operation

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families

Read More
Digital security for the self-employed: Staying safe without an IT team to help
Digital security for the self-employed: Staying safe without an IT team to help

Nobody wants to spend their time dealing with the fallout of a security incident instead of building up their business

Read More
Android app breaking bad: From legitimate screen recording to file exfiltration within a year
Android app breaking bad: From legitimate screen recording to file exfiltration within a year

ESET researchers discover AhRat – a new Android RAT based on AhMyth – that exfiltrates files and records audio

Read More
The real cost of a free lunch – Week in security with Tony Anscombe
The real cost of a free lunch – Week in security with Tony Anscombe

Don't download software from non-reputable websites and sketchy links – you might be in for more than you bargained for

Read More
Top 5 search engines for internet-connected devices and services
Top 5 search engines for internet-connected devices and services

A roundup of some of the handiest tools that security professionals can use to search for and monitor devices that are accessible from the internet

Read More
Meet “AI”, your new colleague: could it expose your company's secrets?
Meet “AI”, your new colleague: could it expose your company's secrets?

Before rushing to embrace the LLM-powered hire, make sure your organization has safeguards in place to avoid putting its business and customer data at risk

Read More
You may not care where you download software from, but malware does
You may not care where you download software from, but malware does

Why do people still download files from sketchy places and get compromised as a result?

Read More
Key findings from ESET's new APT Activity Report – Week in security with Tony Anscombe
Key findings from ESET's new APT Activity Report – Week in security with Tony Anscombe

What have some of the world's most infamous advanced threat actors been up to and what might be the implications of their activities for your business?

Read More
Why you need parental control software – and 5 features to look for
Why you need parental control software – and 5 features to look for

Strike a balance between making the internet a safer place for your children and giving them the freedom to explore, learn and socialize

Read More
Turning on stealth mode: 5 simple strategies for staying under the radar online
Turning on stealth mode: 5 simple strategies for staying under the radar online

Have your cake and eat it too – enjoy some of what the online world has to offer without always giving out your contact details

Read More
ESET APT Activity Report Q4 2022­–Q1 2023
ESET APT Activity Report Q4 2022­–Q1 2023

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023

Read More
How the war in Ukraine has been a catalyst in private-public collaborations
How the war in Ukraine has been a catalyst in private-public collaborations

As the war shows no signs of ending and cyber-activity by states and criminal groups remains high, conversations around the cyber-resilience of critical infrastructure have never been more vital

Read More
APTs target MSP access to customer networks – Week in security with Tony Anscombe
APTs target MSP access to customer networks – Week in security with Tony Anscombe

The recent compromise of the networks of several companies via the abuse of a remote access tool used by MSPs exemplifies why state-aligned threat actors should be on the radars of IT service providers

Read More
Creating strong, yet user-friendly passwords: Tips for your business password policy
Creating strong, yet user-friendly passwords: Tips for your business password policy

Don’t torture people with exceedingly complex password composition rules but do blacklist commonly used passwords, plus other ways to help people help themselves – and your entire organization

Read More
Using Discord? Don’t play down its privacy and security risks
Using Discord? Don’t play down its privacy and security risks

It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, threats lurking on the social media juggernaut

Read More
APT groups muddying the waters for MSPs
APT groups muddying the waters for MSPs

A quick dive into the murky world of cyberespionage and other growing threats facing managed service providers – and their customers

Read More
What was hot at RSA Conference 2023? – Week in security with Tony Anscombe
What was hot at RSA Conference 2023? – Week in security with Tony Anscombe

The importance of understanding – and prioritizing – the privacy and security implications of large language models like ChatGPT cannot be overstated

Read More
RSA Conference 2023 – How AI will infiltrate the world
RSA Conference 2023 – How AI will infiltrate the world

As all things (wrongly called) AI take the world’s biggest security event by storm, we round up of some of their most-touted use cases and applications

Read More
Evasive Panda APT group delivers malware via updates for popular Chinese software
Evasive Panda APT group delivers malware via updates for popular Chinese software

ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software

Read More
Did you mistakenly sell your network access? – Week in security with Tony Anscombe
Did you mistakenly sell your network access? – Week in security with Tony Anscombe

Many routers that are offered for resale contain sensitive corporate information and allow third-party connections to corporate networks

Read More
Linux malware strengthens links between Lazarus and the 3CX supply-chain attack
Linux malware strengthens links between Lazarus and the 3CX supply-chain attack

Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack

Read More
The EU's Cyber Solidarity Act: Security Operations Centers to the rescue!
The EU's Cyber Solidarity Act: Security Operations Centers to the rescue!

The legislation aims to bolster the Union’s cyber-resilience and enhance its capabilities to prepare for, detect and respond to incidents

Read More
PC running slow? 10 ways you can speed it up
PC running slow? 10 ways you can speed it up

Before you rush to buy new hardware, try these simple tricks to get your machine up to speed again – and keep it that way.

Read More
Discarded, not destroyed: Old routers reveal corporate secrets
Discarded, not destroyed: Old routers reveal corporate secrets

When decommissioning their old hardware, many companies 'throw the baby out with the bathwater'

Read More
Hunting down BlackLotus – Week in security with Tony Anscombe
Hunting down BlackLotus – Week in security with Tony Anscombe

Microsoft releases guidance on how organizations can check their systems for the presence of BlackLotus, a powerful threat first analyzed by ESET researchers

Read More
Safety first: 5 cybersecurity tips for freelance bloggers
Safety first: 5 cybersecurity tips for freelance bloggers

The much-dreaded writer’s block isn’t the only threat that may derail your progress. Are you doing enough to keep your blog (and your livelihood) safe from online dangers?

Read More
What are the cybersecurity concerns of SMBs by sector?
What are the cybersecurity concerns of SMBs by sector?

Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured

Read More
Federal Shutdown Raises Cybersecurity Risks, Experts Warn
Federal Shutdown Raises Cybersecurity Risks, Experts Warn

shutdown SMBs cybercriminals business ransomware malware Kaseya 6 Ways Poor Cybersecurity Hurts Businesses

The looming risk of a shutdown of the federal government is raising alarms within the cybersecurity community.

The post Federal Shutdown Raises Cybersecurity Risks, Experts Warn appeared first on Security Boulevard.

Read More
Cryptomining Attacks: The Stealth Threat to Your Cloud Security
Cryptomining Attacks: The Stealth Threat to Your Cloud Security

cryptojacking cryptocurrency, fraudulent, banking, AI is Securing Crypto Exchanges

For threat actors targeting cloud environments, cryptomining is a favored way to make money to fuel cybercriminal activity.

The post Cryptomining Attacks: The Stealth Threat to Your Cloud Security appeared first on Security Boulevard.

Read More
National Cybersecurity Infrastructure Efforts Bearing Fruit
National Cybersecurity Infrastructure Efforts Bearing Fruit

australia exchange server Executive Order on America's Cybersecurity Workforce

The U.S. is making progress bolstering its cybersecurity infrastructure, according to a Cyberspace Solarium Commission (CSC) report.

The post National Cybersecurity Infrastructure Efforts Bearing Fruit appeared first on Security Boulevard.

Read More
What Is mTLS? The Essential Guide You Can’t Afford to Miss
What Is mTLS? The Essential Guide You Can’t Afford to Miss

Intro: mTLS — The Unsung Hero of Cybersecurity Picture this: You're a secret agent on a high-stakes mission. You have a briefcase full of confidential information that you need to hand over securely. Sure, you could pass it to another agent, but how do you know you can trust them? Here's where mTLS or Mutual [...]

The post What Is mTLS? The Essential Guide You Can’t Afford to Miss appeared first on Wallarm.

The post What Is mTLS? The Essential Guide You Can’t Afford to Miss appeared first on Security Boulevard.

Read More
Methods To Protect Yourself From Identity Theft
Methods To Protect Yourself From Identity Theft

Identity theft involves stealing personal information without consent, usually for financial gain.

The post Methods To Protect Yourself From Identity Theft appeared first on Security Boulevard.

Read More
The Role of DNS in Email Security
The Role of DNS in Email Security

DNS-based email security and authentication configurations play a pivotal role in securing your digital defences against cyber attacks.

The post The Role of DNS in Email Security appeared first on Security Boulevard.

Read More
New Age Phishing Threats and How to Plan Ahead
New Age Phishing Threats and How to Plan Ahead

These new age phishing threats utilize sophisticated tactics like social engineering, which make them challenging to detect and mitigate.

The post New Age Phishing Threats and How to Plan Ahead appeared first on Security Boulevard.

Read More
Challenges and Solutions Implementing Segregation of Duties
Challenges and Solutions Implementing Segregation of Duties

Top 8 Challenges and Solutions for Implementing Segregation of Duties and the Role of Access GovernanceIn intricate digital business operations, safeguarding integrity and security is paramount. One indispensable tool in achieving this goal is the practice of Segregation of Duties (SoD). SoD is a formidable barrier against fraud, errors, and unauthorized […]

The post Challenges and Solutions Implementing Segregation of Duties appeared first on SafePaaS.

The post Challenges and Solutions Implementing Segregation of Duties appeared first on Security Boulevard.

Read More
Segregation of Duties in Financial Institutions
Segregation of Duties in Financial Institutions

Segregation of Duties in Financial Institutions:Ensuring Accountability and SecurityFinancial institutions play a key role in our global economy, managing vast sums of capital, sensitive financial data, and critical economic transactions. These institutions must adhere to stringent control measures to maintain trust and integrity in the financial system. One such essential […]

The post Segregation of Duties in Financial Institutions appeared first on SafePaaS.

The post Segregation of Duties in Financial Institutions appeared first on Security Boulevard.

Read More
The Importance of Segregation of Duties in Auditing
The Importance of Segregation of Duties in Auditing

The Importance of Segregation of Duties in Auditing ExcellenceAuditing is an important practice for any organization, regardless of size or industry. It safeguards your business's financial integrity, ensuring that your financial reporting remains accurate and trustworthy. Within auditing, Segregation of Duties (SoD) is a cornerstone of strong risk management and […]

The post The Importance of Segregation of Duties in Auditing appeared first on SafePaaS.

The post The Importance of Segregation of Duties in Auditing appeared first on Security Boulevard.

Read More
Discord is investigating cause of ‘You have been blocked’ errors
Discord is investigating cause of ‘You have been blocked’ errors

Many Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a scary "Sorry, you have been blocked" message. [...]

Read More
Lazarus hackers breach aerospace firm with new LightlessCan malware
Lazarus hackers breach aerospace firm with new LightlessCan malware

The North Korean 'Lazarus' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown 'LightlessCan' backdoor. [...]

Read More
Progress warns of maximum severity WS_FTP Server vulnerability
Progress warns of maximum severity WS_FTP Server vulnerability

Progress, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software. [...]

Read More
Microsoft breach led to theft of 60,000 US State Dept emails
Microsoft breach led to theft of 60,000 US State Dept emails

Chinese hackers stole tens of thousands of emails from U.S. State Department accounts after breaching Microsoft's cloud-based Exchange email platform in May. [...]

Read More
Bing Chat responses infiltrated by ads pushing malware
Bing Chat responses infiltrated by ads pushing malware

Malicious advertisements are now being injected into Microsoft's AI-powered Bing Chat responses, promoting fake download sites that distribute malware. [...]

Read More
FBI: Dual ransomware attack victims now get hit within 48 hours
FBI: Dual ransomware attack victims now get hit within 48 hours

The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims' networks to encrypt systems in under two days. [...]

Read More
Cisco urges admins to fix IOS software zero-day exploited in attacks
Cisco urges admins to fix IOS software zero-day exploited in attacks

Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild. [...]

Read More
Cisco Catalyst SD-WAN Manager flaw allows remote server access
Cisco Catalyst SD-WAN Manager flaw allows remote server access

Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to the server. [...]

Read More
Security researcher stopped at US border for investigating crypto scam
Security researcher stopped at US border for investigating crypto scam

Security researcher Sam Curry describes a stressful situation he encountered upon his return to the U.S. when border officials and federal agents seized and searched his electronic devices. Curry was further served with a 'Grand Jury' subpoena that demanded him to appear in court for testimony. [...]

Read More
Budworm hackers target telcos and govt orgs with custom malware
Budworm hackers target telcos and govt orgs with custom malware

A Chinese cyber-espionage hacking group tracked as Budworm has been observed targeting a telecommunication firm in the Middle East and a government entity in Asia using a new variant of its custom 'SysUpdate' backdoor. [...]

Read More
Google fixes fifth actively exploited Chrome zero-day of 2023
Google fixes fifth actively exploited Chrome zero-day of 2023

Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today. [...]

Read More
SSH keys stolen by stream of malicious PyPI and npm packages
SSH keys stolen by stream of malicious PyPI and npm packages

A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms. [...]

Read More
Nexusflow raises $10.6M to build a conversational interface for security tools
Nexusflow raises $10.6M to build a conversational interface for security tools

Nexusflow, a startup using generative AI to help companies make sense of cybersecurity data, today announced that it raised $10.6 million in a seed round led by Point72 Ventures with participation from Fusion Fund and several AI luminaries in Silicon Valley. The tranche, which values Nexusflow at $53 million post-money, will be put toward hiring, […]

Read More
Cybersecurity firm Lumu raises $30M to detect network intrusions
Cybersecurity firm Lumu raises $30M to detect network intrusions

Lumu, a startup that helps enterprises identify and isolate security compromises, today announced that it raised $30 million in a Series B round led by Forgepoint Capital, $6 million of which is debt. Ricardo Villadiego, Lumu’s founder and CEO, says that the new cash will be put toward growing Lumu’s sales team in the U.S., […]

Read More
Legit Security lands $40M to lock down apps and dev environments
Legit Security lands $40M to lock down apps and dev environments

Legit Security, a cybersecurity company developing a platform to identify app vulnerabilities from code, has raised $40 million in a Series B funding round led by CRV with participation from Cyberstarts, Bessemer Venture Partners and TCV. Co-founder and CEO Roni Fuchs says that the funds, which bring Legit’s total raised to $77 million, will be […]

Read More
Dragos raises $74M to secure industrial control systems from threats
Dragos raises $74M to secure industrial control systems from threats

Dragos, a company building software to secure the control systems for manufacturing and industrial equipment, has raised $74 million in a Series D round extension led by WestCap. The round, which brings Dragos’ total raised to $440 million, leaves the startup’s post-money valuation unchanged for the second year at $1.7 billion. Dragos CEO Robert Lee […]

Read More
Digital forensics firm Binalyze raises $19M to investigate cyber threats
Digital forensics firm Binalyze raises $19M to investigate cyber threats

Binalyze, a London-based startup building a toolset for digital forensics and incident response, this week announced that it raised $19 million in a Series A round led by Molten Ventures with participation from Cisco Investments, Citibank Ventures and Deutsche Bank Ventures. Founder and CEO Emre Tinaztepe says that the tranche, which brings Binalyze’s total raised […]

Read More
AuthMind raises seed funding for its identity SecOps platform
AuthMind raises seed funding for its identity SecOps platform

AuthMind, a Maryland-based startup that aims to help businesses protect themselves from identity-related cyberattacks, today announced that it has raised an $8.5 million seed round led by Ballistic Ventures, with strategic participation from IBM Ventures. The company was co-founded by CEO Shlomi Yanai and CTO Ankur Panchbudhe. Both previously founded (and sold) a number of […]

Read More
0xPass raises $1.8M from Balaji Srinivasan and others to build secure login systems for web3
0xPass raises $1.8M from Balaji Srinivasan and others to build secure login systems for web3

0xPass is among the many startups trying to make crypto wallets secure and convenient for mass adoption. Specifically, it’s solving the login piece of user experience, which, at the moment, is cumbersome and requires users to have a decent level of technical know-how. Incubated at the Stanford Blockchain Club, 0xPass allows developers to build multiple […]

Read More
Lidl recalls Paw Patrol snacks after website on packaging displayed porn
Lidl recalls Paw Patrol snacks after website on packaging displayed porn

Supermarket giant Lidl has issued a recall of Paw Patrol snacks after the website listed on the products’ packaging began displaying explicit content unsuitable for children. Lidl, which operates more than 12,000 stores globally, is urging shoppers in the United Kingdom to return the snacks for a full refund. Affected products include Paw Patrol Yummy […]

Read More
Cypago, which aims to automate compliance and governance for companies, raises $13M
Cypago, which aims to automate compliance and governance for companies, raises $13M

There are a growing number of cybersecurity regulations designed to keep business and customer data protected. In 2022 alone, more than 40 U.S. states introduced 250 bills focused on cybersecurity, according to the National Conference of State Legislatures. And more are on the way. The trend’s a clear win for consumers. But some firms are […]

Read More
Cerby lands $17M to manage access to ‘nonstandard’ enterprise apps
Cerby lands $17M to manage access to ‘nonstandard’ enterprise apps

Bel Lepe, a former Google software engineer, tells me that it always seemed risky to him that there were apps that business users needed and used but that IT and security teams were unwilling to approve them because of their lack of support for identity standards. It’s a legitimate issue. According to a Ponemon Institute […]

Read More
ProjectDiscovery raises $25M to launch a cloud version of its threat-scanning platform
ProjectDiscovery raises $25M to launch a cloud version of its threat-scanning platform

ProjectDiscovery, a platform that detects new, exploitable vulnerabilities in codebases, today announced that it raised $25 million in a Series A funding round led by CRV with participation from Point72, SignalFire, Rain Capital, Mango Capital, Accel and Lightspeed. ProjectDiscovery began as a collaboration between four security engineers — Rishiraj Sharma, Sandeep Singh, Nizamul Rana and […]

Read More
Identity management platform Veza secures $15M from Capital One and ServiceNow
Identity management platform Veza secures $15M from Capital One and ServiceNow

Veza, a platform that helps to secure identity access across apps, data systems and cloud infrastructure, today announced that it raised $15 million in a funding round led by Capital One Ventures and ServiceNow — valuing the company at $415 million. Bringing Veza’s total raised to $125 million, co-founder and CEO Tarun Thakur says that […]

Read More
Spearbit raises $7M to improve security audits in crypto through its open marketplace
Spearbit raises $7M to improve security audits in crypto through its open marketplace

Security is paramount in crypto, but as regular coverage of hacks and other exploits make plain, it is not taken seriously enough. Spearbit wants to change that, and it just raised a new round to accelerate its efforts. The startup raised $7 million in a funding round led by Framework Ventures with Nascent, 1kx, Volt […]

Read More
Horizon3 secures $40M to expand its pen testing platform
Horizon3 secures $40M to expand its pen testing platform

Cybersecurity funding is falling after enjoying impressive heights in the last few years. According to Crunchbase, VC financing for security declined to just over $1.6 billion in Q2 2023, marking a 63% drop compared to the same quarter last year — when startups landed nearly $4.3 billion. But that’s not to suggest deals have dried […]

Read More
Endor Labs, which helps companies secure their open source packages, raises $70M
Endor Labs, which helps companies secure their open source packages, raises $70M

Endor Labs, which offers a platform developers can use to manage and secure their open source dependencies, today closed a $70 million Series A round led by Lightspeed Venture Partners with participation from Coatue, Dell Technologies Capital, Section 32 and a number of angel investors. The new financing — quite large for a Series A, […]

Read More
There’s no reason to panic over WormGPT
There’s no reason to panic over WormGPT

As tools for building AI systems, particularly large language models (LLMs), get easier and cheaper, some are using them for unsavory purposes, like generating malicious code or phishing campaigns. But the threat of AI-accelerated hackers isn’t quite as dire as some headlines would suggest. The dark web creators of LLMs like “WormGPT” and “FraudGPT” advertise […]

Read More
Socket lands $20M investment to help companies secure open source software
Socket lands $20M investment to help companies secure open source software

Socket, a startup that provides a scanning tool to detect security vulnerabilities in open source code, today announced that it raised $20 million in a Series A round led by Andreessen Horowitz (a16z). The tranche had participation from Abstract Ventures, Wndrco, Unusual Ventures and an impressively high-profile list of angel investors, including the co-founders of […]

Read More
Wormhole digs out of its hole with new security measures to move on from $320M hack
Wormhole digs out of its hole with new security measures to move on from $320M hack

Many projects and companies would simply give up if they’d been hacked and had hundreds of millions stolen from their ecosystem partners, but it appears Wormhole isn’t one of them.

Read More
Cloud camera security startup Solink raises $60M
Cloud camera security startup Solink raises $60M

Solink, a company that provides physical security systems for businesses, including closed-circuit camera analytics, today announced that it raised $60 million in a Series C round led by Goldman Sachs with participation from Omers Ventures and BDC IT Ventures. Co-founder and CEO Michael Matta said the cash will be put toward growing Solink’s client base […]

Read More
As Egnyte continues to grow steadily, an IPO seems like the inevitable conclusion
As Egnyte continues to grow steadily, an IPO seems like the inevitable conclusion

Egnyte is like the little engine that could. It just keeps chugging along with slow but steady growth as it marches towards an IPO.

Read More
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings

Recently, Prospect Medical Holdings suffered a massive cyberattack that allegedly stole around 500,000 social security numbers. In addition, the hackers also managed to get away with patient records and even some corporate documents. Since then, a ransomware gang called Rhysida has stepped up to claim responsibility for the breach. Details about the attack Researchers believe … Continue reading Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings

The post Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings appeared first on KoDDoS Blog.

Read More
Compromised routers allowed online criminals to target Pentagon contract site
Compromised routers allowed online criminals to target Pentagon contract site

A hacking campaign that went dark earlier this year has resumed operations. According to a new warning issued by Black Lotus Labs researchers, the hackers’ goal is to target US Department of Defense procurement sites and organizations based in Taiwan. Similarities with the March attacks The hacking campaign initially emerged in the spring of 2023. … Continue reading Compromised routers allowed online criminals to target Pentagon contract site

The post Compromised routers allowed online criminals to target Pentagon contract site appeared first on KoDDoS Blog.

Read More
1.2 million customers of Mom’s Meals were affected after the recent data breach
1.2 million customers of Mom’s Meals were affected after the recent data breach

A recent hacking attack hit PurFoods, which operates in the US under the name of Mom’s Meals. The attack affected over 1.2 million customers and employees alike, stealing their personal data. PurFoods, or Mom’s Meals, is a medical meal delivery service that provides its services to self-paying customers and people eligible for government assistance, according … Continue reading 1.2 million customers of Mom’s Meals were affected after the recent data breach

The post 1.2 million customers of Mom’s Meals were affected after the recent data breach appeared first on KoDDoS Blog.

Read More
How VPNs Can Defend Against the Threat of Hacking
How VPNs Can Defend Against the Threat of Hacking

As our reliance on the internet grows, so does our exposure to a myriad of online threats. Malware, DDoS attacks, DNS spoofing, and Man-In-The-Middle (MITM) attacks are just some of the hacking techniques cybercriminals use to exploit the internet’s vulnerabilities and gain access to our most sensitive data. Hacking has emerged as a prominent threat, … Continue reading How VPNs Can Defend Against the Threat of Hacking

The post How VPNs Can Defend Against the Threat of Hacking appeared first on KoDDoS Blog.

Read More
Terra Developers Shut Down Website Amid A Phishing Campaign
Terra Developers Shut Down Website Amid A Phishing Campaign

The website of layer one blockchain network Terra has been targeted by a hacking campaign over the weekend. During this hacking campaign, hackers used unauthorized access to run a phishing campaign on visitors to the site. These visitors are usually forced to link their online and hardware wallets to the website, which is compromised. Terra’s … Continue reading Terra Developers Shut Down Website Amid A Phishing Campaign

The post Terra Developers Shut Down Website Amid A Phishing Campaign appeared first on KoDDoS Blog.

Read More
Foreign Spies And Hackers Target The US Space Industry
Foreign Spies And Hackers Target The US Space Industry

Intelligence agencies in the United States have warned about foreign spies targeting the US space sector. According to these agencies, hackers have also been launching hacking campaigns against the US space industry, which could significantly affect the US satellite infrastructure. Foreign spies and hackers target the US space industry The National Counterintelligence and Security Center … Continue reading Foreign Spies And Hackers Target The US Space Industry

The post Foreign Spies And Hackers Target The US Space Industry appeared first on KoDDoS Blog.

Read More
High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs
High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs

A recent study has detected a high-severity vulnerability with the WinRAR file archiver utility for Windows. Millions of people use WinRAR, which can be deployed to execute commands on a computer whenever a user opens an archive. WinRAR flaw allows hackers to assume control over PCs The flaw in question is tracked as CVE-2023-40477, allowing … Continue reading High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs

The post High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs appeared first on KoDDoS Blog.

Read More
Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate
Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate

A Chinese hacker group, Bronze Starlight, has launched a hacking campaign against the Southeast Asian gambling industry. The hacker group has used a valid certificate to launch this malicious campaign while also using the Ivacy Virtual Private Network (VPN). Bronze Starlight hacker group linked to a recent campaign The activities of this hacker group were … Continue reading Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate

The post Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate appeared first on KoDDoS Blog.

Read More
North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills
North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills

Hackers based in North Korea conducted an unsuccessful campaign to access information on a joint military drill operation by the US and South Korean military forces. The military drills will commence on Monday, explaining why South Korean hackers are trying to obtain access to the activity. North Korean hackers Target US-South Korean Military drills The … Continue reading North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills

The post North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills appeared first on KoDDoS Blog.

Read More
Suspected Chinese Hackers Behind Microsoft Cloud Breach Hacked US Rep Emails
Suspected Chinese Hackers Behind Microsoft Cloud Breach Hacked US Rep Emails

Suspected Chinese threat actor groups behind an exploit on the State Department also hacked US Representative Don Bacon. The Republican representative from Nebraska also serves on the House Armed Services Committee. Chinese hackers hack GOP Congressman Chinese hackers are believed to be behind a campaign that forged Microsoft customer identities. The hacking campaign infiltrated the … Continue reading Suspected Chinese Hackers Behind Microsoft Cloud Breach Hacked US Rep Emails

The post Suspected Chinese Hackers Behind Microsoft Cloud Breach Hacked US Rep Emails appeared first on KoDDoS Blog.

Read More
ZeroFont trick dupes users into thinking message has been scanned for threats
ZeroFont trick dupes users into thinking message has been scanned for threats

It's nothing new for cybercriminals to use sneaky HTML tricks in their attempt to infect computers or dupe unsuspecting recipients into clicking on phishing links. Spammers have been using a wide variety of tricks for years in an attempt to get their marketing messages past anti-spam filters and in front of human eyeballs. It's enough to make you wish that email clients didn't support HTML at all, and that every message had to be in plaintext email. Imagine a world where email could never contain any images (unless it was ASCII art!), and where you couldn't click on links that didn't show you...

Read More
What Does Secure by Design Actually Mean?
What Does Secure by Design Actually Mean?

In this era shaped by digital innovation, the concept of Secure by Design is a critical safeguard against cyber threats. Read on to delve into the essence of Secure by Design and its profound relevance in today's technology landscape. As cyberattacks grow more sophisticated, comprehending the proactive principles behind secure design is paramount to ensuring a resilient and protected digital future. Defining Secure by Design Secure by Design embodies a strategic approach to building digital systems and products with security as their foundational cornerstone. At its core, it emphasizes...

Read More
The Cost of Cybercrime in the US: Facts and Figures
The Cost of Cybercrime in the US: Facts and Figures

The importance of cybersecurity is no secret in our increasingly digital world. Even individuals who have no experience or expertise in tech or related fields are aware of the threat of hacking, phishing, and the like. It can be difficult, however, to actually quantify the risks of being targeted by these attacks. Keeping track of the trends in cyberthreats, the different attackers and types of attacks and how they change over time can be a daunting task, but it is important to understand what to look out for and, perhaps more importantly, exactly how much is at stake in these attacks. Recent...

Read More
Closing Integrity Gaps with NIST CSF
Closing Integrity Gaps with NIST CSF

The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean the best out of it for your strategy. A Brief History of NIST CSF “The full maximum NIST Cybersecurity Framework is about as big an umbrella as you are going to find,” says Edward G. Amoroso, CEO of TAG Cyber, in the Fortra report. He advises, “… if you’re going to pick something, you might as well pick the thing that has everything.” Created...

Read More
Visibility: An Essential Component of Industrial Cyber Security
Visibility: An Essential Component of Industrial Cyber Security

In July 2021, the White House established a voluntary initiative for industrial control systems (ICS) to promote cooperation between the critical infrastructure community and the federal government. The fundamental purpose of the initiative was “to defend the nation’s critical infrastructure community by encouraging and facilitating the deployment of technologies and systems that provide threat visibility, indications, detection, and warnings” to enable effective responses in industrial businesses against evolving cybersecurity threats. The memo further elaborated that “we cannot address...

Read More
Best 10 Cybersecurity Podcasts
Best 10 Cybersecurity Podcasts

The cybersecurity industry is one in which staying in the loop on recent developments is incredibly important. Because technologies, industry conditions, and the threat landscape all change so frequently, it can be difficult to remain up to date on news, standard practices, and significant threats. Written articles can be of great help in this endeavor, but another great tool is the vast realm of cybersecurity podcasts. Many industry experts and organizations produce podcasts to inform audiences and facilitate a greater understanding of important cybersecurity topics. Blueprint Blueprint is a...

Read More
Defending against DDoS Attacks: What you need to know
Defending against DDoS Attacks: What you need to know

Patience is one of those time-dependent, and often situational circumstances we experience. Few things define relativity better than patience. Think of the impatience of people who have to wait ten minutes in a line at a gas station, yet the thought of waiting ten minutes for a perfectly brewed cup of coffee seems entirely reasonable. It can’t be about the cost, since even the smallest cup of coffee is equal to, if not more expensive than a gallon of gasoline. It’s all about the time you are willing to wait. Impatience with technology is legendary. We have all grown frustrated if a piece of...

Read More
8 of the Best Cybersecurity Conferences
8 of the Best Cybersecurity Conferences

In the rapidly evolving realm of digital security, staying ahead of cyber threats requires continuous learning and collaboration. Cybersecurity conferences stand as beacons of knowledge, drawing experts and enthusiasts from across the globe. We’ve curated a list of the top eight cybersecurity conferences, each a melting pot of insights, innovations, and networking opportunities . From the renowned DEFCON to the insightful Gartner Security & Risk Management Summit, read on to learn more about these pivotal gatherings that shape the future of online defense. 1. InfoSec World: Where Knowledge...

Read More
Snatch ransomware - what you need to know
Snatch ransomware - what you need to know

What's happened? The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service operation called "Snatch." Snatch? As in the movie from twenty odd years ago? I'm not sure I've heard of Snatch before... Maybe you haven't. They don't have as high a profile as some of the other more notorious ransomware organisations out there, but if the FBI and CISA think it's worth issuing a warning about the group then maybe it makes sense to sit up and listen. And yes, judging by their logo - they appear to fans of Guy...

Read More
Understanding Malicious Package Attacks and Defense Strategies for Robust Cybersecurity
Understanding Malicious Package Attacks and Defense Strategies for Robust Cybersecurity

Malicious packages consist of software embedded with code that is capable of causing harm to an entire system or network . This is a rapidly growing threat affecting open-source software and the software supply chain. This attack method has seen a nearly 12,000% increase from 2022 to 2023, as reported by Synk . Some reasons include its technical feasibility, the potential for high returns, and the widespread distribution of open-source offerings, Common types of malicious packages encompass: Windows .exe application installation files that install malware instead of the intended application....

Read More
Case Study: Blocking Botnet-Driven Low-Rate HTTP DDoS Attacks
Case Study: Blocking Botnet-Driven Low-Rate HTTP DDoS Attacks

Indusface research on 1400+ websites recorded a significant surge in DDoS attacks and bot attacks during Q2, 2023, compared to Q1, 2023. We observed a 75% surge in DDoS attacks and a 48% increase in bot attacks. Moreover, recent trends in DDoS attacks indicate a significant evolution beyond the Mirai bot, leading to the emergence […]

The post Case Study: Blocking Botnet-Driven Low-Rate HTTP DDoS Attacks appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
ZYXEL Buffer Overflow vulnerability Let Attacker Launch DoS Attack
ZYXEL Buffer Overflow vulnerability Let Attacker Launch DoS Attack

ZYXEL has been discovered with a Buffer Overflow vulnerability on their ZYXEL-PMG2005-T20B device, which can result in a denial-of-service condition. This condition exists due to improper sanitization of user-supplied input on their HTTP request. Zyxel is a Taiwanese multinational company that manufactures several networking products like Routers, DSL CPE, WiFi Systems, 5G NR/4G LTE CPE, […]

The post ZYXEL Buffer Overflow vulnerability Let Attacker Launch DoS Attack appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
Critical Cisco WAN Manager Vulnerabilities Let Attacker Conduct DoS Attack
Critical Cisco WAN Manager Vulnerabilities Let Attacker Conduct DoS Attack

Cisco, a prominent player in the world of networking and cybersecurity, has issued a critical security advisory concerning multiple vulnerabilities in their Catalyst SD-WAN Manager, formerly known as Cisco SD-WAN vManage.  These vulnerabilities could potentially open doors for cyber attackers to access affected systems or cause a significant denial of service (DoS) situation. First and […]

The post Critical Cisco WAN Manager Vulnerabilities Let Attacker Conduct DoS Attack appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
Snatch Ransomware Group Leaked User’s Location and Internal Data
Snatch Ransomware Group Leaked User’s Location and Internal Data

The Snatch Ransomware group is considered dangerous due to its advanced techniques and ability to evade detection.  Security systems find it difficult to identify and stop such assaults since they use techniques like file encryption and memory injection to avoid detection. Recently, the cybersecurity analysts at KrebsOnSecurity discovered that the Snatch ransomware group’s victim-shaming site […]

The post Snatch Ransomware Group Leaked User’s Location and Internal Data appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
Actively Exploited Chrome Zero-day Patched: Update Now!
Actively Exploited Chrome Zero-day Patched: Update Now!

Google has recently deployed updates to mitigate a newly discovered zero-day vulnerability in their Chrome browser, which is currently being actively exploited. Google has acknowledged its awareness of an exploit currently available for CVE-2023-5217, which has been observed to be actively exploited in real-world scenarios. The latest version of Google Chrome, namely 117.0.5938.132, has been […]

The post Actively Exploited Chrome Zero-day Patched: Update Now! appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
BlackTech APT Hackers Break into Cisco Firmware to Attack the US and Japan
BlackTech APT Hackers Break into Cisco Firmware to Attack the US and Japan

Since 2010, a group of hackers known as BlackTech APT has been engaging in malicious activities. The targets of their attacks encompass a wide range of sectors, including governmental institutions, industrial facilities, technological infrastructure, media outlets, electronic systems, mobile devices, and military establishments. In order to hide what they are doing, the group behind the […]

The post BlackTech APT Hackers Break into Cisco Firmware to Attack the US and Japan appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
Lu0Bot Node.js Malware Takes Complete Control Over Victim’s Computer
Lu0Bot Node.js Malware Takes Complete Control Over Victim’s Computer

Through strategies like polymorphic code, which continuously alters its appearance to prevent detection, as well as employing encryption and obfuscation to disguise its actions, malware is getting more complex and sneaky. Additionally, to infiltrate systems and avoid detection by traditional security measures, malware increasingly leverages social engineering and advanced delivery methods, like-  Recently, cybersecurity researchers […]

The post Lu0Bot Node.js Malware Takes Complete Control Over Victim’s Computer appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
Apple Security Fixes for iPhone, iPad, Safari, Watch & Sonoma14: Update Now!
Apple Security Fixes for iPhone, iPad, Safari, Watch & Sonoma14: Update Now!

Apple previously reported three zero-day vulnerabilities exploited in the wild by threat actors, which Apple fixed as part of an Emergency patch update. However, a new security advisory has been released by Apple, which mentions all the security patches and vulnerabilities that Apple has fixed. In the advisory, a list of Apple products was provided […]

The post Apple Security Fixes for iPhone, iPad, Safari, Watch & Sonoma14: Update Now! appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
The Rise of Automotive Hacking: How to Secure Your Vehicles Against Hacking
The Rise of Automotive Hacking: How to Secure Your Vehicles Against Hacking

Though we can’t see it, the world brims with more technology than ever. These days, devices with internet connectivity live within the ever-growing Internet of Things (IoT)—a worldwide “web” where wireless communication and information technology work together. Since the early 2000s, smart cars have appeared within the IoT, sporting more comfortable, efficient, and safer rides. […]

The post The Rise of Automotive Hacking: How to Secure Your Vehicles Against Hacking appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
North Korean and Chinese Hackers Attacking Healthcare Industries
North Korean and Chinese Hackers Attacking Healthcare Industries

Healthcare has been one of the primary industries targeted by threat actors as part of every malware or ransomware campaign. Many Advanced Persistent Threat (APT) actors are from China due to political reasons between China and the United States. These threat actors run their cybercriminal groups like organizations in which they recruit, track revenues, and […]

The post North Korean and Chinese Hackers Attacking Healthcare Industries appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Read More
North Korean hackers posed as Meta recruiter on LinkedIn
North Korean hackers posed as Meta recruiter on LinkedIn

Targets of the operation were given phony coding challenges that delivered a range of malware including a previously-unseen backdoor.

The post North Korean hackers posed as Meta recruiter on LinkedIn appeared first on CyberScoop.

Read More
Mayorkas warns Latin American leaders of Beijing’s technology influence
Mayorkas warns Latin American leaders of Beijing’s technology influence

The Biden administration sees Chinese investments in Latin America as a potential precursor to cyber operations.

The post Mayorkas warns Latin American leaders of Beijing’s technology influence appeared first on CyberScoop.

Read More
Privacy watchdog recommends court approval for FBI searches of spy data
Privacy watchdog recommends court approval for FBI searches of spy data

The recommendations from the executive branch's privacy watchdog to reform Section 702 puts the panel at odds with the White House.

The post Privacy watchdog recommends court approval for FBI searches of spy data appeared first on CyberScoop.

Read More
New working group to probe AI risks and applications
New working group to probe AI risks and applications

The free-market think tank R Street Institute is convening members of industry and government to explore AI's cybersecurity applications.

The post New working group to probe AI risks and applications appeared first on CyberScoop.

Read More
Millions of files with potentially sensitive information exposed online, researchers say
Millions of files with potentially sensitive information exposed online, researchers say

A survey by Censys found 314,000 distinct internet-connected devices and web servers with open directory listings.

The post Millions of files with potentially sensitive information exposed online, researchers say appeared first on CyberScoop.

Read More
CISA launches campaign to teach Americans to be safe online
CISA launches campaign to teach Americans to be safe online

The program is starting with a new commercial that will encourage viewers to adopt basic cyber hygiene.

The post CISA launches campaign to teach Americans to be safe online appeared first on CyberScoop.

Read More
Russian hacking operations target Ukrainian law enforcement
Russian hacking operations target Ukrainian law enforcement

Ukrainian officials say Russian hackers targeted counter-intelligence and law enforcement data during the first half of this year.

The post Russian hacking operations target Ukrainian law enforcement appeared first on CyberScoop.

Read More
How a private company helps ICE track migrants’ every move
How a private company helps ICE track migrants’ every move

Immigration and Customs Enforcement's claims about how long surveillance data is retained conflicts with internal records.

The post How a private company helps ICE track migrants’ every move appeared first on CyberScoop.

Read More
How the Cult of the Dead Cow plans to save the internet
How the Cult of the Dead Cow plans to save the internet

The "original hacking supergroup" is trying to design tools to rebuild the internet from the ground up.

The post How the Cult of the Dead Cow plans to save the internet appeared first on CyberScoop.

Read More
Youth hacking ring at the center of cybercrime spree
Youth hacking ring at the center of cybercrime spree

An online community known as "the Com" linked to a string of prominent breaches is radicalizing young people into a life of online crime.

The post Youth hacking ring at the center of cybercrime spree appeared first on CyberScoop.

Read More
Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach
Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May. China-linked hackers who breached Microsoft’s email platform in May have stolen tens of thousands of emails from U.S. State Department accounts, a Senate staffer told Reuters this week. During a briefing by U.S. State Department IT officials, […]

The post Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach appeared first on Security Affairs.

Read More
Misconfigured WBSC server leaks thousands of passports
Misconfigured WBSC server leaks thousands of passports

The World Baseball Softball Confederation (WBSC) left open a data repository exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews research team has discovered. On June 5th, our researchers discovered a misconfigured Amazon Web Services (AWS) bucket storing nearly 48,000 files. A bucket is a container for storing data within AWS’s cloud […]

The post Misconfigured WBSC server leaks thousands of passports appeared first on Security Affairs.

Read More
CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog
CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) affecting Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities Catalog. The issue is an Expression Language (EL) injection via the UserResource resource, […]

The post CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

Read More
Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109
Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. Cisco warned customers to install security updates to address an actively exploited zero-day vulnerability, tracked as CVE-2023-20109 (CVS 6.6), that resides in IOS and IOS XE software. The vulnerability resides in […]

The post Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109 appeared first on Security Affairs.

Read More
Dark Angels Team ransomware group hit Johnson Controls
Dark Angels Team ransomware group hit Johnson Controls

Johnson Controls International suffered a ransomware attack that impacted the operations of the company and its subsidiaries. Johnson Controls International plc is a multinational conglomerate with a diversified portfolio of products and services primarily focused on building technologies and solutions. The company provides HVAC (heating, ventilation, and air conditioning), solutions for building automation, fire and […]

The post Dark Angels Team ransomware group hit Johnson Controls appeared first on Security Affairs.

Read More
GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023
GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-5217, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day flaw in the Chrome browser which is tracked as CVE-2023-5217. The CVE-2023-5217 is a high-severity heap buffer overflow that affects vp8 encoding in […]

The post GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023 appeared first on Security Affairs.

Read More
Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices
Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices

A Russian zero-day broker is willing to pay $20 million for zero-day exploits for iPhones and Android mobile devices. The Russian zero-day broker firm Operation Zero is increasing payouts for top-tier mobile exploits. The company is willing to pay up to $20,000,000 for zero-day exploits for iPhone and Android devices. The Russian company pointed out […]

The post Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices appeared first on Security Affairs.

Read More
China-linked APT BlackTech was spotted hiding in Cisco router firmware
China-linked APT BlackTech was spotted hiding in Cisco router firmware

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. US and Japanese intelligence, law enforcement and cybersecurity agencies warn of a China-linked APT, tracked as BlackTech (aka Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda), that planted backdoor in Cisco router firmware […]

The post China-linked APT BlackTech was spotted hiding in Cisco router firmware appeared first on Security Affairs.

Read More
Watch out! CVE-2023-5129 in libwebp library affects millions applications
Watch out! CVE-2023-5129 in libwebp library affects millions applications

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format. The flaw was initially tracked […]

The post Watch out! CVE-2023-5129 in libwebp library affects millions applications appeared first on Security Affairs.

Read More
DarkBeam leaks billions of email and password combinations
DarkBeam leaks billions of email and password combinations

DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing records from previously reported and non-reported data breaches. The leaked logins present cybercriminals with almost limitless attack capabilities. DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches. According […]

The post DarkBeam leaks billions of email and password combinations appeared first on Security Affairs.

Read More
Nexusflow Raises $10.6m to Build Conversational Interface for Security Tools
Nexusflow Raises $10.6m to Build Conversational Interface for Security Tools

By synthesizing data from various security sources and utilizing natural language commands, Nexusflow aims to revolutionize cybersecurity operations by seamlessly interpreting human instructions and providing insights.

Read More
Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks

“The impact of this vulnerability is severe, as it grants attackers the ability to gain unauthorized access to systems, exfiltrate sensitive data, and execute malicious code remotely,” Cyfirma notes in an analysis of the bug and its exploitation.

Read More
Misconfigured AWS Storage Bucket of WSBC Leaks 4,600 Passports
Misconfigured AWS Storage Bucket of WSBC Leaks 4,600 Passports

The World Baseball Softball Confederation (WBSC) left a data repository exposed, including sensitive files such as copies of 4,600 national passports, putting individuals at risk of identity theft and other fraudulent activities.

Read More
Tech Industry Leaders and White House Clash Over Plan for Improved Cloud Security
Tech Industry Leaders and White House Clash Over Plan for Improved Cloud Security

The industry argues that KYC could cost billions of dollars in administrative costs and raise privacy concerns, while sophisticated hackers would easily work around these requirements.

Read More
Budworm Strikes Again: Updated SysUpdate Targets Government and Telecom Sectors
Budworm Strikes Again: Updated SysUpdate Targets Government and Telecom Sectors

The Budworm APT group is evolving its cyber arsenal. Budworm’s signature technique consists of executing SysUpdate on victims' networks by sideloading the DLL payload using the authentic INISafeWebSSO application - a tactic it has employed since at least 2018. Organizations should proactively update and patch their systems to counter known vulnerabilities exploited by tools like SysUpdate.

Read More
Russian Flight Booking System Leonardo Suffers Massive DDoS Attack
Russian Flight Booking System Leonardo Suffers Massive DDoS Attack

The attack caused delays at airports and affected several Russian air carriers, including Aeroflot. The Ukrainian hacktivist group IT Army claimed responsibility for the attack.

Read More
Progress Software Says Business Impact ‘Minimal’ From MOVEit Attack Spree
Progress Software Says Business Impact ‘Minimal’ From MOVEit Attack Spree

While the financial consequences for Progress have been minimal so far, potential litigation and class-action lawsuits related to the vulnerability could still have an impact in the future.

Read More
Malicious Ads Served Inside Bing's AI Chatbot to Infect Victims with Malware
Malicious Ads Served Inside Bing's AI Chatbot to Infect Victims with Malware

Ads are now being inserted into Bing Chat conversations, which poses a risk for users searching for software downloads. Malicious actors can trick users into visiting malicious sites and installing malware.

Read More
NSA is Creating a Hub for AI Security, Nakasone Says
NSA is Creating a Hub for AI Security, Nakasone Says

The center will focus on leveraging foreign intelligence insights, developing best practices, and creating risk frameworks to protect against digital attacks and prevent the theft of innovative AI capabilities.

Read More
Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Organization
Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Organization

The Budworm APT group continues to actively develop its toolset, as evidenced by its recent use of an updated version of its SysUpdate backdoor to target organizations in the Middle East and Asia.

Read More
Asian Banks are a Favorite Target of Cybercooks, and Malicious Bots Their Preferred Tool
Asian Banks are a Favorite Target of Cybercooks, and Malicious Bots Their Preferred Tool

Asia-Pacific is the second-most targeted region for malicious bot requests against financial services, with global hubs Singapore, Australia, and Japan the region's top three most targeted, accounting for the bulk of web application and API attacks.

Read More
Stealing Credentials Through Legitimate Dropbox Pages
Stealing Credentials Through Legitimate Dropbox Pages

Cybercriminals are using Dropbox to launch phishing attacks. They create a free Dropbox account, share a document with someone, and the recipient receives a legitimate-looking email from Dropbox with a link.

Read More
Security Researcher Stopped at US Border for Investigating Crypto Scam
Security Researcher Stopped at US Border for Investigating Crypto Scam

The researcher's role in investigating the scam led to a grand jury subpoena, highlighting the potential legal risks faced by ethical hackers and defenders involved in similar work.

Read More
Booking.com Customers Hit by Phishing Campaign Delivered Via Compromised Hotels Accounts
Booking.com Customers Hit by Phishing Campaign Delivered Via Compromised Hotels Accounts

The phishing attacks are highly convincing, using personalized messages and a meticulously crafted phishing page that mimics the Booking.com interface, leading victims to unknowingly provide their credit card or bank information.

Read More
Infusion Firm Faces Lawsuit After Hackers Hit Parent Company
Infusion Firm Faces Lawsuit After Hackers Hit Parent Company

The incident highlights the growing trend of private health data breach lawsuits and the increasing role of the Federal Trade Commission in enforcing health privacy laws.

Read More
Guide to ransomware and how to detect it
Guide to ransomware and how to detect it

The landscape of ransomware has undergone rapid evolution, shifting from a relatively straightforward form of malicious software primarily affecting individual computer users, to a menacing enterprise-level threat that has inflicted substantial harm on various industries and government institutions. Ransomware attacks are strategically designed to either encrypt or delete critical data and system files, compelling organisations to meet […]

The post Guide to ransomware and how to detect it appeared first on IT Security Guru.

Read More
Research reveals 80% of applications developed in EMEA contain security flaws
Research reveals 80% of applications developed in EMEA contain security flaws

Veracode, a leading global provider of intelligent software security, today released research indicating applications developed by organisations in Europe, Middle East and Africa tend to contain more security flaws than those created by their U.S. counterparts. Across all regions analysed, EMEA also has the highest percentage of ‘high severity’ flaws, meaning they would cause a […]

The post Research reveals 80% of applications developed in EMEA contain security flaws appeared first on IT Security Guru.

Read More
Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost
Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

Netwrix has surveyed more than 1,600 IT and security professionals worldwide to reveal how their organisations reduce the financial impact of a data breach via a cyber insurance policy. According to the survey, 44% of organisations are insured and 15% plan to purchase a policy within the next 12 months. Before being offered a policy, […]

The post Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost appeared first on IT Security Guru.

Read More
Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023
Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

Akamai Technologies, Inc. has today released a new State of the Internet report that explores existing and emerging cyberattacks against the financial services industry. The new report, The High Stakes of Innovation: Attack Trends in Financial Services, finds that financial services is the third-most attacked vector in the Europe, Middle East, and Africa (EMEA) region, […]

The post Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023 appeared first on IT Security Guru.

Read More
ICS Reconnaissance Attacks – Introduction to Exploiting Modbus
ICS Reconnaissance Attacks – Introduction to Exploiting Modbus

Despite being widely used in Industrial Control Systems (ICS), Modbus has been recognised as an insecure protocol. Securing and attacking Modbus has therefore been a topic for years, and it was first in 2018 that the Modbus Security protocol (MSP) was published, nearly 40 years after the initial introduction of Modbus. This article will introduce […]

The post ICS Reconnaissance Attacks – Introduction to Exploiting Modbus appeared first on IT Security Guru.

Read More
Keeper Security study shows cultural changes imperative to improve cyber incident reporting
Keeper Security study shows cultural changes imperative to improve cyber incident reporting

Keeper Security, a provider of cloud-based zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, secrets, connections and privileged access, has released findings of its Cybersecurity Disasters Survey: Incident Reporting & Disclosure. They reveal widespread shortcomings in reporting cybersecurity attacks and breaches, both to internal leadership and external authorities.   Cybersecurity incident reporting falls short  Keeper’s […]

The post Keeper Security study shows cultural changes imperative to improve cyber incident reporting appeared first on IT Security Guru.

Read More
CREST and IASME announce partnership with the NCSC to deliver Cyber Incident Exercising scheme
CREST and IASME announce partnership with the NCSC to deliver Cyber Incident Exercising scheme

CREST and IASME are delighted to announce their partnership with the NCSC to help deliver its new Cyber Incident Exercising scheme. The NCSC (National Cyber Security Centre) has created the scheme to help organisations find high quality providers that can advise and support them to effectively practise their cyber incident response plan. The benefits of […]

The post CREST and IASME announce partnership with the NCSC to deliver Cyber Incident Exercising scheme appeared first on IT Security Guru.

Read More
Cyberelements Partners with ABC Distribution Partners to Revolutionise Privileged Access Management in Europe
Cyberelements Partners with ABC Distribution Partners to Revolutionise Privileged Access Management in Europe

cyberelements, the Zero Trust Privileged Access Management (PAM) platform, today announces its strategic partnership with leading technology distributor, ABC Distribution heralding a new era in access security across Europe and beyond. cyberelements’ pioneering Zero PAM platform is set to transform how organisations secure access for standard and privileged users to critical business applications and assets. […]

The post Cyberelements Partners with ABC Distribution Partners to Revolutionise Privileged Access Management in Europe appeared first on IT Security Guru.

Read More
Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence
Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence

Adarma has announced the appointment of James Todd as Chief Technology Officer. This strategic appointment builds on the company’s continued commitment to improving security operations outcomes for enterprise and upper mid-market organisations and follows Adarma’s recent investments in people and talent, its SOCKET Threat Management Platform, and in enhancing and expanding its service offerings. With […]

The post Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence appeared first on IT Security Guru.

Read More
Nurturing Our Cyber Talent
Nurturing Our Cyber Talent

The IT Security Guru caught up with Tarnveer Singh a CISO and finalist in the Security Serious Unsung Heroes Awards 2023 for his thoughts on how to get more professionals involved in the cybersecurity industry:   There are many ways we can inspire new cybersecurity professionals to join our industry. One way is to increase […]

The post Nurturing Our Cyber Talent appeared first on IT Security Guru.

Read More
Publisher’s Spotlight: Radiant Security: Your AI-powered SOC Co-pilot
Publisher’s Spotlight: Radiant Security: Your AI-powered SOC Co-pilot

Radiant Security helps you harness the power of AI in your SOC to boost analyst productivity, detect real attacks through unlimited in-depth investigation, and rapidly respond to incidents. Radiant Security […]

The post Publisher’s Spotlight: Radiant Security: Your AI-powered SOC Co-pilot appeared first on Cyber Defense Magazine.

Read More
Defending Beyond 9-to-5: BlackCloak’s Fortress for Executives’ Digital Sanctuaries
Defending Beyond 9-to-5: BlackCloak’s Fortress for Executives’ Digital Sanctuaries

Defending Beyond 9-to-5: BlackCloak's Fortress for Executives' Digital Sanctuaries

by Annabelle Klosterman, Cybersecurity Reporter, Cyber Defense Magazine Overwhelming would be an understatement while walking through the 2023 BlackHat USA’s business hall. They featured over 440 of the industry’s leading […]

The post Defending Beyond 9-to-5: BlackCloak’s Fortress for Executives’ Digital Sanctuaries appeared first on Cyber Defense Magazine.

Read More
Six Tips to Ensure a Strong Patch Management Strategy
Six Tips to Ensure a Strong Patch Management Strategy

By Ashley Leonard, CEO and Founder, Syxsense The proliferation of software applications and updates across the market today has put pressure on enterprise security teams to implement strong patch management […]

The post Six Tips to Ensure a Strong Patch Management Strategy appeared first on Cyber Defense Magazine.

Read More
Three Ways to Protect the Data Powering Summer Vacations
Three Ways to Protect the Data Powering Summer Vacations

By Amit Shaked, CEO and Co-Founder, Laminar The travel industry is in the midst of rapid recovery following the COVID-19 pandemic. In 2022, there were over 747 million passengers who […]

The post Three Ways to Protect the Data Powering Summer Vacations appeared first on Cyber Defense Magazine.

Read More
Triple Tactics
Triple Tactics

How APIs are being Targeted with Trinity Attacks By Andy Mills, VP EMEA, Cequence Security Application Programming Interfaces (APIs) are growing twice as fast as traditional web traffic but their […]

The post Triple Tactics appeared first on Cyber Defense Magazine.

Read More
Publishers Spotlight: Nisos:  Your Managed Intelligence Partner
Publishers Spotlight: Nisos: Your Managed Intelligence Partner

Nisos is the Managed Intelligence™ team you need to consider working with to solve your most complex security challenges. They deliver smarter defense and more effective responses against advanced cyber […]

The post Publishers Spotlight: Nisos: Your Managed Intelligence Partner appeared first on Cyber Defense Magazine.

Read More
Criminals are Bypassing Authentication with Stolen Session Cookies
Criminals are Bypassing Authentication with Stolen Session Cookies

By Trevor Hilligoss, Director of Security Research, SpyCloud The last 12 months revealed a concerning trend in credential exposure. According to SpyCloud’s 2023 Identity Exposure Report, nearly half of the 721.5 […]

The post Criminals are Bypassing Authentication with Stolen Session Cookies appeared first on Cyber Defense Magazine.

Read More
Cyber Attacks on Municipalities
Cyber Attacks on Municipalities

What attracts cyber criminals to municipalities and how they can be prevented. By Veronika (Nikki) Jack, Student Majoring in Information Technology-Cybersecurity, George Mason University Cyber-attacks on municipalities have been increasing […]

The post Cyber Attacks on Municipalities appeared first on Cyber Defense Magazine.

Read More
How to interpret the 2023 MITRE ATT&CK Evaluation results
How to interpret the 2023 MITRE ATT&CK Evaluation results

How to interpret the 2023 MITRE ATT&CK Evaluation results

Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the […]

The post How to interpret the 2023 MITRE ATT&CK Evaluation results appeared first on Cyber Defense Magazine.

Read More
Publishers Spotlight: Omdia Research Risk-based Vulnerability Management Findings
Publishers Spotlight: Omdia Research Risk-based Vulnerability Management Findings

Omdia research finds risk-based vulnerability management set to encompass the vulnerability management market by 2027 The first comparative research into the evolution of the vulnerability management market authored by Omdia […]

The post Publishers Spotlight: Omdia Research Risk-based Vulnerability Management Findings appeared first on Cyber Defense Magazine.

Read More
What is a Data Processing Agreement in GDPR?
What is a Data Processing Agreement in GDPR?

Central to data protection in the EU is the GDPR and its data processing regulation. One of the most challenging aspects of GDPR is adjudicating the relationships between different parties handling data for various purposes–namely, relationships between managed service providers and the various, nebulous groups of organizations that use data for their daily operations.  In […]

The post What is a Data Processing Agreement in GDPR? appeared first on Continuum GRC.

Read More
What’s New in CSF 2.0?
What’s New in CSF 2.0?

The National Institute of Standards and Technology (NIST) has always been at the forefront of cybersecurity guidance. With the Cybersecurity Framework (CSF) 2.0 release, NIST has addressed the evolving challenges of modern cybersecurity. This article discusses some of the bigger changes in the recently released CSF 2.0, spotlighting governance and supply chain security while emphasizing […]

The post What’s New in CSF 2.0? appeared first on Continuum GRC.

Read More
What Is ISO 9001
What Is ISO 9001

ISO 9001 is a universally recognized standard that provides a framework for organizations to establish, implement, and refine their quality management systems. Rooted in principles that prioritize customer satisfaction, leadership involvement, and a continuous improvement ethos, ISO 9001 offers a structured approach to achieving excellence in operational processes.  This article delves into the intricacies of […]

The post What Is ISO 9001 appeared first on Continuum GRC.

Read More
CCPA and CPRA Attestations and Audits
CCPA and CPRA Attestations and Audits

The California Consumer Privacy Act (CCPA)  is a strict set of rules for companies in California, defining what these organizations must do to protect consumer privacy. Although the CCPA does not require formal audits, the upcoming CPRA expansion will call for these practices, particularly in consumer protection and privacy areas. As concerns about data privacy […]

The post CCPA and CPRA Attestations and Audits appeared first on Continuum GRC.

Read More
What Is ISO 17021 and Certification of Management Systems?
What Is ISO 17021 and Certification of Management Systems?

The ISO/IEC 17021-1:2015 is a global guideline designed to shape how organizations that perform audits and certifications for management systems should operate. Released by the International Organization for Standardization and the International Electrotechnical Commission, this standard aims to improve the reliability and uniformity of these audits and certifications by outlining the essential requirements these organizations […]

The post What Is ISO 17021 and Certification of Management Systems? appeared first on Continuum GRC.

Read More
What Is Passwordless Authentication?
What Is Passwordless Authentication?

Passwords are our oldest form of digital security… and, in most cases, one of the weakest links in identity management and authentication. Phishing, database breaches, and poor digital hygiene have made authentication challenging for security and compliance. They have become the quintessential keys to our online kingdoms. As cyberattacks grow more sophisticated, there’s a mounting […]

The post What Is Passwordless Authentication? appeared first on Continuum GRC.

Read More
How to Determine Cybersecurity Impact Level Using FIPS 199
How to Determine Cybersecurity Impact Level Using FIPS 199

The Federal Information Processing Standard (FIPS) 199 provides organizations and individuals with the necessary guidance to determine a cybersecurity threat’s impact level accurately. These impact levels define the level of security a system should have to protect the data contained therein adequately.  This article will take you through an overview of FIPS 199 and how […]

The post How to Determine Cybersecurity Impact Level Using FIPS 199 appeared first on Continuum GRC.

Read More
Understanding the Difference Between HIPAA and HITRUST
Understanding the Difference Between HIPAA and HITRUST

Within the world of healthcare compliance and information security, there’s been increasing confusion around some terms and organizations. We’ve heard a bit about some of this confusion, specifically around HITRUST and HIPAA.  Both are connected to the preservation of health information, yet they fulfill separate functions and are founded on differing principles. This article clarifies […]

The post Understanding the Difference Between HIPAA and HITRUST appeared first on Continuum GRC.

Read More
What Are the Evaluation Criteria for JAB Prioritization?
What Are the Evaluation Criteria for JAB Prioritization?

The Federal Risk and Authorization Management Program (FedRAMP) plays a pivotal role in safeguarding the security of cloud services within the U.S. federal government. An essential element of this program is the Joint Authorization Board (JAB), which is responsible for prioritizing and authorizing cloud offerings offered by cloud providers.  The JAB prioritization process is a […]

The post What Are the Evaluation Criteria for JAB Prioritization? appeared first on Continuum GRC.

Read More
What Are Digital Signatures and How Do They Work?
What Are Digital Signatures and How Do They Work?

In traditional document management, we have several ways to authenticate the legitimacy of information–a signature, a watermark, etc. In digital spaces, we don’t readily have these tools to use. That fact, along with the reality that any piece of information can be copied ad infinitum, made authentication a challenge that security experts needed to solve.  […]

The post What Are Digital Signatures and How Do They Work? appeared first on Continuum GRC.

Read More
Sophisticated Ransomware Calls for Sophisticated Protection and Recovery
Sophisticated Ransomware Calls for Sophisticated Protection and Recovery

Ensuring data protection is an uphill battle as attacker tools and strategies grow more sophisticated over time, and turning to immutable ransomware protection is critical as it offers organizations secure storage that will ensure data protection and quick recovery following an attack.

Read More
Hong Kong Crypto Company Mixin Networks Facing Major Questions After $200 Million Theft
Hong Kong Crypto Company Mixin Networks Facing Major Questions After $200 Million Theft

Hong Kong-based Mixin Networks, a decentralized exchange and cross-chain transfer network, was temporarily forced to suspend operations following a hack of its cloud database. The crypto company is offering a $20 million bug bounty for full return of the stolen funds.

Read More
Cyber Attack Compromised the International Criminal Court’s Information Systems
Cyber Attack Compromised the International Criminal Court’s Information Systems

The International Criminal Court is investigating a cyber attack with the assistance of Dutch authorities after intruders compromised its information systems with sensitive information about ongoing cases.

Read More
Chainalysis: North Korean Hackers Forming Stronger Ties With Russian Crypto Exchanges
Chainalysis: North Korean Hackers Forming Stronger Ties With Russian Crypto Exchanges

Chainalysis finds that state-backed North Korean hackers are more reliant than ever on illicit crypto exchanges in Russia to move money. North Korean hackers are thought to have stolen $3.54 billion in cryptocurrency over the last seven and a half years.

Read More
Clorox Cyber Attack to Cause Product Shortages, Impact First Quarter Results
Clorox Cyber Attack to Cause Product Shortages, Impact First Quarter Results

A cyber attack disclosed by Clorox in mid-August is now expected to negatively impact first quarter results for 2024 due to "widescale disruption" that the company is still struggling to recover from. A recent SEC filing indicates that product shortages through this period should also be expected.

Read More
Why the Financial Services Industry Needs to Build a Healthy Data Culture
Why the Financial Services Industry Needs to Build a Healthy Data Culture

As financial services organizations become increasingly dependent on data, it is critical to ensure that data is properly identified, organized, secured, and governed. Creating a solid data governance foundation will reduce risk while also increasing the ability to harness the value of data to drive business results.

Read More
Pizza Hut Australia’s Data Breach Impacts over 190K Customers
Pizza Hut Australia’s Data Breach Impacts over 190K Customers

Pizza Hut Australia has sent data breach notifications to 193,000 customers after a third party accessed a database containing personal and transactional information.

Read More
Privacy Settlement Reached in California Location Tracking Case, Google to Pay $93 Million
Privacy Settlement Reached in California Location Tracking Case, Google to Pay $93 Million

The California location tracking issue dates back to 2018. Over 40 states have already reached similar privacy settlements with the tech giant, with Google having now paid over $600 million in total.

Read More
Data Leak by Microsoft AI Researchers Exposes 38TB of Private Internal Data
Data Leak by Microsoft AI Researchers Exposes 38TB of Private Internal Data

The data leak reportedly stems from the activity of two AI researchers, who had disk backups of their workstations exposed. This included some 30,000 messages with assorted Microsoft team members in addition to private keys, login credentials and internal secrets.

Read More
TikTok Receives €345 Million GDPR Fine in Years-Old Children’s Privacy Case
TikTok Receives €345 Million GDPR Fine in Years-Old Children’s Privacy Case

A children's privacy complaint that dates back to 2021 has resulted in a major GDPR fine for TikTok. The issue largely centers on the "Family Pairing" feature introduced in 2020 which had no real verification process ensuring that the linked parent account actually belonged to a parent.

Read More
$70 Million Loss After Data Breach of CoinEx Crypto Exchange, Services Temporarily Suspended
$70 Million Loss After Data Breach of CoinEx Crypto Exchange, Services Temporarily Suspended

Hack of crypto exchange CoinEx's hot wallets has led to a loss of about $70 million in assorted asset types. The data breach was reportedly caused by compromised private keys suspected to be stolen by North Korea's Lazarus group.

Read More
Embracing Privacy by Design as a Corporate Responsibility
Embracing Privacy by Design as a Corporate Responsibility

A shift from data protection as a burdensome obligation to a framework of privacy by design delivers three big results: less costs to adapt to new legislation, growth in consumer confidence and trust, and it runs less risks for a business in case of inevitable mishaps.

Read More
Why Europe Needs to Prioritize the Switch to Quantum-Safe Encryption
Why Europe Needs to Prioritize the Switch to Quantum-Safe Encryption

Quantum machines will soon crack the encryption algorithms we use today to protect everything from national critical infrastructure to online banking. Europe, while a historic leader in quantum science, seems to be struggling to implement a meaningful and unified security response.

Read More
Greater Manchester Police Investigating a Third-Party Data Breach From a Ransomware Attack
Greater Manchester Police Investigating a Third-Party Data Breach From a Ransomware Attack

A third-party data breach has exposed the personal data of UK’s Greater Manchester Police (GMP) officers and staff. Company that produces GMP’s staff ID cards was affected by a ransomware attack.

Read More
Iranian Hackers Use Password Spray Attacks to Compromise Defense Organizations, Pharmaceutical Firms
Iranian Hackers Use Password Spray Attacks to Compromise Defense Organizations, Pharmaceutical Firms

A recent campaign by Iranian hackers has been very successful in using password spray attacks to breach high-value targets, with a particular focus on defense organizations and satellites as well as pharmaceutical company research.

Read More
Airbus Data Breach from a Partner Airline’s Compromised Account Leaks Confidential Information
Airbus Data Breach from a Partner Airline’s Compromised Account Leaks Confidential Information

Airbus has confirmed a data breach that exposed confidential business information via a partner airline’s compromised account. Threat actors compromised a Turkish Airlines employee account using the Redline info-stealer malware in August 2023.

Read More
Investigation Finds Elon Musk May Have Violated FTC Order With Failure to Conduct Required Privacy and Security Review for “Twitter Blue”
Investigation Finds Elon Musk May Have Violated FTC Order With Failure to Conduct Required Privacy and Security Review for “Twitter Blue”

A government investigation of Elon Musk's tenure as leader of Twitter has determined that there may be violations of a 2022 FTC order that required certain privacy and security measures be implemented.

Read More
Rethinking Cybersecurity: The Power of the Hacker Mindset
Rethinking Cybersecurity: The Power of the Hacker Mindset

For organizations to stand a chance against cybercriminals, adopting a hacker mindset is crucial. Understanding their tactics, regularly updating skills, and proactively seeking vulnerabilities are the keys to outpacing cybercriminals.

Read More
Facebook Messenger Phishing Campaign Targets Millions of Business Accounts Locking Out Owners
Facebook Messenger Phishing Campaign Targets Millions of Business Accounts Locking Out Owners

Facebook Messenger phishing campaign targeted millions of business accounts using fake and hijacked personal accounts to trick business owners into installing an infostealer that harvests passwords and cookies before locking them out.

Read More
Mozilla: Connected Cars Perform Dismally on Privacy Tests, Every Brand Collecting Excessive Personal Information
Mozilla: Connected Cars Perform Dismally on Privacy Tests, Every Brand Collecting Excessive Personal Information

Privacy tests have found that every connected car brand collects more personal data than it needs to, and employs it for non-essential purposes. The vast majority are sharing or selling customer data.

Read More
Caesars Entertainment Discloses Cyber Attack, Ransom Payment Made Weeks Before MGM Heist
Caesars Entertainment Discloses Cyber Attack, Ransom Payment Made Weeks Before MGM Heist

Caesars Entertainment quietly disclosed its own recent cyber attack in a SEC filing. Unlike MGM, Caesars appears to have skated through their own incident by making a $15 million ransom payment to the hackers.

Read More
New Pegasus Spyware Zero-Click Patched Out by Apple in Ongoing Battle Against Commercial Zero-Days
New Pegasus Spyware Zero-Click Patched Out by Apple in Ongoing Battle Against Commercial Zero-Days

Citizen Lab reports that the new Pegasus spyware zero-click zero-day impacts the most recent version of iOS (16.6) and likely prior versions dating back to the iPhone 8. As with the prior Pegasus attack vector, victims only need to receive a iMessage to be compromised; they do not need to open the message or interact with it.

Read More
Two Major Dutch Consumer Groups Bring Privacy Lawsuit Against Google
Two Major Dutch Consumer Groups Bring Privacy Lawsuit Against Google

Two Dutch consumer groups, the Privacy Protection Foundation and Consumentenbond, have filed suit against Google over its targeted advertising auctions. The suit is seeking the equivalent of $804 for each Google user harmed by its "constant surveillance" and sharing of personal data.

Read More
SSE vs SASE: What You Need to Know
SSE vs SASE: What You Need to Know

For IT leaders that only require a subset of Secure Access Service Edge (SASE) capabilities, preferring to focus mainly on the security aspects and leaving out the networking components, Security Service Edge (SSE), an emerging new cloud-native security framework, is potentially a better fit.

Read More
Okta: Sophisticated Social Engineering Attacks Are Targeting Super Administrators
Okta: Sophisticated Social Engineering Attacks Are Targeting Super Administrators

Okta has warned about social engineering attacks by sophisticated actors targeting super administrators by tricking service desk staff into resetting multi-factor authentication for privileged users.

Read More
Privacy Advocates Celebrate Death of UK Online Safety Bill Clause as Government Admits Encrypted Messaging Can’t Be Scanned Without Breaking It
Privacy Advocates Celebrate Death of UK Online Safety Bill Clause as Government Admits Encrypted Messaging Can’t Be Scanned Without Breaking It

The most controversial portion of UK's Online Safety Bill appears to be dead in the water, as Ofcom has publicly admitted that the technology to create backdoors into encrypted messaging without breaking it does not exist.

Read More
Attackers Aren’t Just Getting Bolder – They’re Getting More Persistent
Attackers Aren’t Just Getting Bolder – They’re Getting More Persistent

When targeted by an Advanced Persistent Threat (APT), an organization needs to be ready to defend from a variety of different attacks coming from different directions, sometimes all at once, and sometimes over a period of time.

Read More
Healthcare IT Service Provider IBM Data Breach Impacts Johnson & Johnson Customers
Healthcare IT Service Provider IBM Data Breach Impacts Johnson & Johnson Customers

Johnson & Johnson’s IT service provider IBM has notified over 1 million Janssen CarePath customers of a data breach that leaked personal and medical information.

Read More
“Cybersecurity Issue” at MGM Brings Vegas Strip Properties to a Standstill
“Cybersecurity Issue” at MGM Brings Vegas Strip Properties to a Standstill

MGM, one of the two largest casino-hotel chains on the Strip, has not yet confirmed the nature of the attack, calling it a 'cybersecurity issue.' The properties remain open, but operations such as front desk check-ins and payouts for casino games have had to shift to entirely manual operations.

Read More
US and UK Authorities Have Sanctioned Conti Ransomware and TrickBot Cybercrime Gangs
US and UK Authorities Have Sanctioned Conti Ransomware and TrickBot Cybercrime Gangs

The US Department of Treasury and the UK’s Foreign Office have sanctioned 11 Russian nationals for their role in Conti ransomware and TrickBot cybercrime gangs.

Read More
New SEC Disclosure Rule: Do the Benefits Outweigh the Concerns?
New SEC Disclosure Rule: Do the Benefits Outweigh the Concerns?

SEC's new rule for public companies to report data breaches within four days is a significant step towards transparency, cybersecurity preparedness, and standardizing reporting practices. Since news of the law broke, many security professionals have however expressed conflicting opinions.

Read More
TikTok’s New Data Center in Dublin Goes Live as Part of “Project Clover” EU Privacy Program
TikTok’s New Data Center in Dublin Goes Live as Part of “Project Clover” EU Privacy Program

The opening of the Irish data center is part of the final stage of a EU privacy plan TikTok kicked off in mid-2021, seeking to address user data security concerns and the legal status of its international data transfers.

Read More
New X Privacy Policy Promises No Non-Public Personal Data Use in AI Models, Requires Consent for Biometric Info
New X Privacy Policy Promises No Non-Public Personal Data Use in AI Models, Requires Consent for Biometric Info

Elon Musk followed the privacy policy update with a statement affirming that X's machine learning and AI models would not be trained with private and confidential information, such as direct messages.

Read More
Microsoft Releases Details of Theft of Signing Key by Chinese Hackers
Microsoft Releases Details of Theft of Signing Key by Chinese Hackers

Microsoft has traced the signing key theft back to a "crash dump" error. A breach of a Microsoft engineer's work account by the Chinese hackers then yielded access to the crash dump and the embedded signing key.

Read More
As Supply Chain Attacks Accelerate, SMBs Can Benefit From Multi-Layered Integrations
As Supply Chain Attacks Accelerate, SMBs Can Benefit From Multi-Layered Integrations

For SMBs, one breach that compromises the larger entities of their supply chain is enough to jeopardize business-critical revenue streams. With supply chain attacks an ongoing reality, now is the time for SMBs to think proactively about how to maximize the value of their security stack.

Read More
Security Service Edge (SSE) Gives Enterprises a Sophisticated Defense Against Cyberattack
Security Service Edge (SSE) Gives Enterprises a Sophisticated Defense Against Cyberattack

Security Service Edge (SSE) converges multiple cybersecurity capabilities within a single, cloud-native software stack, and is designed to protect all enterprise edges – sites, users and applications, including the IoT-connected points — even as the contours of those edges shift.

Read More
Staggering Data Breach Exposed 47,000 London Met Police Officers and Staff
Staggering Data Breach Exposed 47,000 London Met Police Officers and Staff

The UK Met Police is on high alert after a massive data breach exposed the identities and photographs of officers, including undercover cops and counter-terrorism agents.

Read More
Data Breach of Security Fencing Contractor Impacts UK Military Bases, Files Confirmed Stolen
Data Breach of Security Fencing Contractor Impacts UK Military Bases, Files Confirmed Stolen

UK military contractor confirmed that some information about military bases was stolen in the data breach, but insists that none of it was confidential or highly sensitive. Attackers apparently compromised a computer running manufacturing machine software that was still outfitted with Windows 7.

Read More
Data Breach at Apparel Giant Forever 21 Impacts Over 500,000 Individuals
Data Breach at Apparel Giant Forever 21 Impacts Over 500,000 Individuals

Forever 21 has confirmed a data breach that impacted over 500,000 current and former employees. The company has however assured victims that hackers have deleted the stolen personal information, which included Social Security Numbers.

Read More
Consents and Their Management Under India’s Digital Personal Data Protection Act
Consents and Their Management Under India’s Digital Personal Data Protection Act

India has enacted its long-awaited privacy legislation, the Digital Personal Data Protection Act on August 12. While there are various aspects of this Act which distinguish it from other privacy laws in the world, one that is particularly interesting is its approach towards user consent.

Read More
OpenAI Complaint Filed With Polish DPA Alleges Multiple GDPR Violations
OpenAI Complaint Filed With Polish DPA Alleges Multiple GDPR Violations

A complaint in Poland alleges GDPR violations by ChatGPT in the areas of lawful basis for data processing, data access, fairness, transparency and personal privacy.

Read More
Barracuda ESG Zero-Day Attacks by Chinese Hackers Compromised Numerous U.S. Government Email Severs
Barracuda ESG Zero-Day Attacks by Chinese Hackers Compromised Numerous U.S. Government Email Severs

Barracuda ESG zero-day attacks by Chinese state-sponsored threat actors compromised multiple U.S. state, local, and tribal government email servers. Over 200,000 private and government organizations worldwide depend on Barracuda email security gateway (ESG) appliances.

Read More
Delinea 2023 State of Cyber Insurance Report: Exclusions Increasing as Costs, Reasons for Denial of Coverage Going Up
Delinea 2023 State of Cyber Insurance Report: Exclusions Increasing as Costs, Reasons for Denial of Coverage Going Up

Report shows cyber insurance coverage continues to become harder to obtain even as demand and prices continue to increase. For some small businesses, even a meaningful level of partial coverage might be out of reach at this point.

Read More
Schrems Continuing International Data Transfer Crusade With GDPR Complaint Against Fitbit
Schrems Continuing International Data Transfer Crusade With GDPR Complaint Against Fitbit

GDPR complaint points out that Fitbit forces EU users to accept international data transfers as a requirement to use the service, something that may not meet regulatory standards for free and informed consent.

Read More
Security Breach at Japan’s Cyber Security Agency May Have Been the Work of Chinese Hackers
Security Breach at Japan’s Cyber Security Agency May Have Been the Work of Chinese Hackers

A long-term breach of Japan's national cyber security agency may be the work of state-backed Chinese hackers. The security breach occurred in October 2022 and was disclosed in August of this year.

Read More
Revisiting the SolarWinds Incident With the Final SEC Cybersecurity Disclosure Rules
Revisiting the SolarWinds Incident With the Final SEC Cybersecurity Disclosure Rules

The SEC has been clear that proper risk management and timely cyber incident disclosures protect investors and other stakeholders. The regulators may make an example out of SolarWinds and its leadership at the time of the Orion incident to set the tone for the importance of software supply chain security.

Read More
Major Malware Botnet Offline After US-Led International Effort Takes Down Qakbot
Major Malware Botnet Offline After US-Led International Effort Takes Down Qakbot

The infrastructure for the Qakbot malware botnet that has been a plague since 2007 has been dismantled by an FBI-led law enforcement action. The botnet was composed of over 700,000 infected computers, and is responsible for hundreds of millions of dollars in damages worldwide during its run.

Read More
The Death of Authenticity: Generative AI and Large Language Models
The Death of Authenticity: Generative AI and Large Language Models

We live in an age that values authenticity: being true to who you are and what you value. It is ironic, then, that one of the more recent innovations of the past few years—Large Language Models, or Generative AI—is in the process of undermining authenticity itself.

Read More
Over 2.6 Million Duolingo User Records Obtained via Data Scraping Published on Hacking Forum
Over 2.6 Million Duolingo User Records Obtained via Data Scraping Published on Hacking Forum

Account information of over 2.6 million Duolingo users was obtained via data scraping of an exposed API, and recently leaked on an underground hacking forum.

Read More
Crypto Exchange Creditors Hit by SIM Swap Attack, Customer Information From FTX and Other Insolvent Companies Exposed in Data Breach
Crypto Exchange Creditors Hit by SIM Swap Attack, Customer Information From FTX and Other Insolvent Companies Exposed in Data Breach

Kroll reports that the data breach was traced to a SIM swap attack on the phone of one of its employees, and that "limited" and "non-sensitive" claimant data was exposed. FTX account holders are already receiving phishing emails.

Read More
Despite Fines and Major Platform Changes, YouTube Still Violating Child Privacy by Serving Targeted Ads
Despite Fines and Major Platform Changes, YouTube Still Violating Child Privacy by Serving Targeted Ads

A new report from ad evaluation firm Adalytics finds that some of YouTube’s targeted ads are still slipping through the cracks, and potentially violating federal child privacy law. The revelation has prompted two US Senators to write a letter to the FTC.

Read More
Navigating Your Path to a Career in Cyber Security: Practical Steps and Insights
Navigating Your Path to a Career in Cyber Security: Practical Steps and Insights

Landing a job in cyber security may require persistence and continuous learning, so it's important to keep refining your skills, networking, and seeking new opportunities.

Read More
BlackCat/AlphaV Ransomware Gang Claims Seiko Data Breach, Starts Leaking Stolen Information
BlackCat/AlphaV Ransomware Gang Claims Seiko Data Breach, Starts Leaking Stolen Information

Japanese watchmaker Seiko has suffered a data breach that leaked sensitive information, with the Russian ransomware gang BlackCat/AlphaV claiming responsibility for the attack.

Read More
Ransomware Attack on Danish Hosting Providers Causes Almost Complete Data Loss for Customers
Ransomware Attack on Danish Hosting Providers Causes Almost Complete Data Loss for Customers

Two web hosting providers in Denmark are teetering on the brink after a devastating ransomware attack that wiped out most customer data. Given the ongoing difficulty of recovery, the companies are recommending that customers move to other hosting providers.

Read More
Tesla’s Data Breach That Exposed Over 75,000 Employees Was an Inside Job
Tesla’s Data Breach That Exposed Over 75,000 Employees Was an Inside Job

Tesla has disclosed that the data breach impacting over 75,000 employees was an inside job. The electric automaker said two employees copied and shared confidential data with the German newspaper Handelsblatt.

Read More
US Consumer Finance Watchdog Proposes New Restrictions on Data Brokers
US Consumer Finance Watchdog Proposes New Restrictions on Data Brokers

US consumer finance watchdog appears to have data brokers in its crosshairs, announcing that it is developing a new rules proposal for the industry. CFPB specifically noted a focus on the impact of AI and announced that an outline of proposals will be released sometime in September.

Read More
China Blames US Intelligence Agencies for Cyber Attack on Wuhan Emergency System, Claims Spies Were Probing for Underground Facilities
China Blames US Intelligence Agencies for Cyber Attack on Wuhan Emergency System, Claims Spies Were Probing for Underground Facilities

The attribution of the Wuhan cyber attack was followed by an announcement from Chinese authorities that a "highly secretive global reconnaissance system" run by US intelligence agencies would be exposed.

Read More
ChatGPT – IP and Privacy Considerations
ChatGPT – IP and Privacy Considerations

Copying of protected works is generally a no-no. But, training of AI tools such as ChatGPT requires copying enormous amounts of data. The two positions appear potentially irreconcilable. This is where the “text and data mining” (TDM) exception to copyright and database rights comes in.

Read More
Rapattoni Cyber Attack Disrupts The Real Estate Industry
Rapattoni Cyber Attack Disrupts The Real Estate Industry

Real estate professionals lost access to property data and resorted to manual systems after a Californian multiple listing service (MLS) Rapattoni Corporation suffered a cyber attack.

Read More
Possible Multi-Billion Dollar Lawsuit Aimed at Google’s “Incognito Mode” Ruled a Triable Issue Due to Consumer Privacy Concerns
Possible Multi-Billion Dollar Lawsuit Aimed at Google’s “Incognito Mode” Ruled a Triable Issue Due to Consumer Privacy Concerns

Google's bid to get rid of a class action lawsuit involving its "Incognito Mode" took a serious blow in a California court, as a judge denied the company's request for a summary judgment and said that the consumer privacy concerns raised by the company's data handling were fit for trial.

Read More
What the SEC’s Investigation of SolarWinds Means for CISOs and Cybersecurity Disclosures
What the SEC’s Investigation of SolarWinds Means for CISOs and Cybersecurity Disclosures

This appears to be the first time that the SEC has sent a Wells Notice to a CISO. While novel, this Wells Notice furthers the SEC’s recent enforcement and rulemaking focus on meaningful and timely cybersecurity-related disclosures, as well as holding individual liable for their roles in company violations.

Read More
Tesla: Company Is in Compliance With Chinese Data Security Laws, “Sentry Mode” Is No Threat
Tesla: Company Is in Compliance With Chinese Data Security Laws, “Sentry Mode” Is No Threat

A recent airport ban seems to have prompted a Weibo post by the company offering reassurances on its data security. The post reiterated that Tesla staff cannot access customer video remotely.

Read More
Data Leak of Identifying Information of Northern Ireland Police Officers Amidst a Backdrop of Increased Tensions
Data Leak of Identifying Information of Northern Ireland Police Officers Amidst a Backdrop of Increased Tensions

Data leak occurred when a sensitive document was mistakenly shared in connection to a freedom of information request, and takes place amidst a backdrop of increased tensions and fears of terrorism that have been growing since early 2023.

Read More
CSRB Exposes Lapsus$ Hacker Group’s Cyber Extortion Activities and Systemic Failures Enabling Them
CSRB Exposes Lapsus$ Hacker Group’s Cyber Extortion Activities and Systemic Failures Enabling Them

The US Cyber Safety Review Board (CSRB) has published a comprehensive analysis of the Lapsus$ hacker group’s cyber extortion activities. The report highlighted simple but effective tactics the Lapsus$ hackers used to compromise organizations and the existing security gaps enabling them.

Read More
Companies Storing Personal Data Subject to New Compliance Audits in China in 2024
Companies Storing Personal Data Subject to New Compliance Audits in China in 2024

Any business in China with more than one million records of personal data, or those with just 10,000 records of sensitive personal data, are looking at new annual compliance audit requirements by the Cyberspace Administration of China (CAC).

Read More
It’s a Process, Not a Product: A Proven Approach to Zero Trust
It’s a Process, Not a Product: A Proven Approach to Zero Trust

The true essence of Zero Trust lies in embracing a process-centric approach rather than relying solely on products. CISA has established a set of maturity pillars that guide organizations in their journey toward zero trust. Understanding these pillars is essential for CISOs and CPOs looking to build a robust security framework.

Read More
4 Million Impacted in Colorado Department of Health Care IBM MOVEit Data Breach
4 Million Impacted in Colorado Department of Health Care IBM MOVEit Data Breach

Threat actors accessed personal and protected health information from the Colorado Department of Health Care after third-party vendor IBM suffered a MOVEit data breach.

Read More
DHS Subjecting Cloud Services to Security Reviews After Repeated Microsoft Security Issues
DHS Subjecting Cloud Services to Security Reviews After Repeated Microsoft Security Issues

Though Microsoft is hardly alone in terms of cloud services experiencing serious security breaches, a string of Redmond mishaps appears to have prompted new security reviews by the Cyber Safety Review Board (CSRB).

Read More
The Strange Evolution of Data Loss Prevention (DLP)
The Strange Evolution of Data Loss Prevention (DLP)

DLP still ‘lives on’ in the capabilities of its successors and in the re-vamped versions hardline DLP providers have developed today. Let’s take a look at where this all came from, why the pivot, and where DLP is going in the future (which is, we can say, today).

Read More
Worldcoin’s Targeting of Developing Countries in Biometric Data Collection Raises Privacy Concerns
Worldcoin’s Targeting of Developing Countries in Biometric Data Collection Raises Privacy Concerns

Under a month into the project, privacy concerns have already caused Worldcoin to be banned by some countries and targeted for regulation in others. The central issue is its collection of biometric data, as it promises "free money" in return for capturing iris scans.

Read More
EvilProxy Phishing Campaign Targets Over 120,000 Microsoft 365 Users
EvilProxy Phishing Campaign Targets Over 120,000 Microsoft 365 Users

Security researchers have discovered an EvilProxy phishing campaign targeting 120,000 Microsoft 365 users with a focus on business executives with access to financial assets or sensitive information.

Read More
How to Stop Leaky Forms From Putting Ecommerce Customer Data at Risk
How to Stop Leaky Forms From Putting Ecommerce Customer Data at Risk

Some ecommerce sites may be unwittingly placing customer data at risk of exposure through forms that unintentionally collect PII without user consent. Here’s what retail security teams need to know about “leaky forms” and how to implement security policies that can protect customer data from this hazard.

Read More
Telegram Ban in Iraq Due to “National Security Concerns” Lifted
Telegram Ban in Iraq Due to “National Security Concerns” Lifted

Telegram was suspended in Iraq at the ISP level for about a week by order of the Ministry of Communications. The cited reason was "national security concerns" and the leaking of private personal data of citizens.

Read More
Beating MFA Fatigue: Why Hackers Have Resorted to Prompt Bombing
Beating MFA Fatigue: Why Hackers Have Resorted to Prompt Bombing

One of the most significant barriers for cybercriminals when trying to compromise a user account is Multi-Factor Authentication (MFA). But what happens when users are overrun by notifications? Enter MFA bombing attacks to exploit MFA fatigue.

Read More
Dentons Quit Operations in China Due to Incoming Data Regulations
Dentons Quit Operations in China Due to Incoming Data Regulations

With fines and penalties (such as potential shutdown of company operations) looming in November of this year, some companies are opting to bail out of China rather than even attempt to comply with the slew of new data regulations.

Read More
China’s Draft Rules Would Force User Consent for Facial Recognition Technology, With Expected Government Exceptions
China’s Draft Rules Would Force User Consent for Facial Recognition Technology, With Expected Government Exceptions

China’s new rules for facial recognition technology require companies to protect personal information, and to demonstrate a "specific purpose" and "sufficient necessity" when collecting biometric data of this nature.

Read More
Colorado Department of Higher Education Data Breach Leaks Personal Information Spanning Over 13 Years
Colorado Department of Higher Education Data Breach Leaks Personal Information Spanning Over 13 Years

Colorado Department of Higher Education (CDHE) has suffered a massive data breach leaking sensitive personal information of current and former students and educators spanning over a decade.

Read More
Blizzard of EU Regulation Triggers Changes at Meta, Company Will Now Obtain User Consent Before Serving Targeted Ads
Blizzard of EU Regulation Triggers Changes at Meta, Company Will Now Obtain User Consent Before Serving Targeted Ads

Since the GDPR went into effect in 2018, Meta has done nearly everything possible to claim legitimate interest to avoid user consent for collecting personal information for targeted ads. The company appears to have finally reached the end of its rope in this area, though a recently announced changeover to a consent basis.

Read More
Your Company (And Your Teams) Are Using AI Whether You Know It or Not; Here Are Four Steps to Lay a Foundation for Better Policies
Your Company (And Your Teams) Are Using AI Whether You Know It or Not; Here Are Four Steps to Lay a Foundation for Better Policies

Setting up the right AI governance is a crucial foundation in these early days of AI. Companies that get governance right will be able to move faster, more confidently in the space – likely outperforming companies that lack the right safeguards to mobilize AI effectively.

Read More
How Privilege Solutions Dominate the World of Cybersecurity
How Privilege Solutions Dominate the World of Cybersecurity

Privilege solutions wield a transformative influence on the realm of cybersecurity, with two essential components, Privileged Identity Management (PIM) and Privileged Endpoint Management (PEM), taking center stage.

Read More
How to Choose the Right Identity Security Solution for Your Business
How to Choose the Right Identity Security Solution for Your Business

In the context of identity security, assessing your business needs and risk profile entails a thorough examination of your organization's particular requirements and weaknesses.

Read More
How to Educate Your Employees on Identity Authorization and Authentication
How to Educate Your Employees on Identity Authorization and Authentication

Identity authorization and authentication are fundamental aspects of cybersecurity that ensure only authorized users gain access to systems and data.

Read More
How to Protect Your Identity Online: 10 Best Practices for Cybersecurity
How to Protect Your Identity Online: 10 Best Practices for Cybersecurity

You may dramatically lower your risk of falling victim to cyber dangers and safeguard your privacy and security online by putting these 10 best practices into effect. Remain alert, knowledgeable, and safe.

Read More
How Zero Trust Architecture Can Enhance Your Identity Security
How Zero Trust Architecture Can Enhance Your Identity Security

In a rapidly evolving digital landscape where traditional security paradigms fall short, the concept of Zero Trust Security has emerged as a proactive and comprehensive approach to safeguarding sensitive data and digital assets.

Read More
Identity Security vs Identity Management: What’s the Difference and Why It Matters
Identity Security vs Identity Management: What’s the Difference and Why It Matters

In the realm of digital identification, identity security and identity management stand as two distinct yet interconnected realms. Identity security takes center stage, driven by its core objective of safeguarding sensitive data and preserving the authenticity of an individual's identity.

Read More
The Benefits of Authentication Tools for Identity Security
The Benefits of Authentication Tools for Identity Security

Privileged Access Management (PAM) plays a crucial role in cyber security by providing granular control over identities and accounts, particularly those with elevated access privileges within an organization.

Read More
The Future of Identity Security: Biometrics, Blockchain, and Beyond
The Future of Identity Security: Biometrics, Blockchain, and Beyond

Blockchain allows the concept of self-sovereign identification in the field of identity management, where individuals have complete control over their personal information and how it is shared.

Read More
The Rise of Synthetic Identity Fraud: How to Detect and Prevent It
The Rise of Synthetic Identity Fraud: How to Detect and Prevent It

Synthetic identity fraud, which takes advantage of flaws in conventional identity verification systems, has emerged as a major threat to cybersecurity. It is challenging to identify this kind of fraud using traditional techniques since it includes the construction of fictional identities using a combination of true and made-up information.

Read More
The Role of Cross-Domain and Webauthn Cybersecurity Tools
The Role of Cross-Domain and Webauthn Cybersecurity Tools

As individuals and companies interact with increasingly different online platforms, apps, and services, the demand for a consistent approach to data and information security has expanded enormously across cybersecurity technologies that address the problem of managing security across domains by providing integrated solutions that traverse conventional boundaries.

Read More
The Top 5 Identity Security Threats in 2023 and How to Avoid Them
The Top 5 Identity Security Threats in 2023 and How to Avoid Them

With the emergence of identity assaults driven by AI in 2023, the cybersecurity environment has undergone a worrying metamorphosis. Traditional security solutions are ineffective against these dynamic attacks because AI gives attackers the tools to automate and customize their tactics.

Read More
UK Voter Data Breach Leaked the Personal Information of 40 Million Individuals
UK Voter Data Breach Leaked the Personal Information of 40 Million Individuals

Massive UK Electoral Commission data breach leaked voter data of 40 million individuals who registered to vote between 2014 and 2022. The electoral body said it first detected suspicious activity on its network in October 2022 and discovered that threat actors had accessed the systems 14 months prior.

Read More
Former Military Officials: Chinese Hackers Penetrated Japanese Military Networks in 2020, Maintained Presence Into 2021
Former Military Officials: Chinese Hackers Penetrated Japanese Military Networks in 2020, Maintained Presence Into 2021

Official sources say that Chinese hackers combed Japan's military networks over an extended period between 2020 and 2021 in search of military plans, documentation of capabilities, and assessments of vulnerabilities.

Read More
Zoom AI Data Collection Catching Users by Surprise, May Face Regulatory Action in EU
Zoom AI Data Collection Catching Users by Surprise, May Face Regulatory Action in EU

Zoom's plan for AI data collection is apparently to scrape it from internal customer activity. The March TOS update changed the platform terms to announce that Zoom reserved the right to use platform video, audio and chat content to train AI models.

Read More
Data Flowing From Connected Vehicles May Cause Manufacturers to Run Afoul of California Privacy Law
Data Flowing From Connected Vehicles May Cause Manufacturers to Run Afoul of California Privacy Law

Under the new terms of the California Privacy Rights Act (CPRA), the California Privacy Protection Agency (CPPA) will be examining a broad range of data collected by car manufacturers, including what the vehicle cameras capture and what is passing through their apps.

Read More
Navigating the Ethical Landscape of AI in Cybersecurity
Navigating the Ethical Landscape of AI in Cybersecurity

With its ability to analyze vast amounts of data quickly and accurately, AI can augment human capabilities and improve overall cybersecurity measures. However, there are also concerns surrounding its development and implementation. One of the biggest concerns is the question of control.

Read More
The FBI, CISA, NSA and the Five Eyes Published the Top Most Exploited Vulnerabilities of 2022
The FBI, CISA, NSA and the Five Eyes Published the Top Most Exploited Vulnerabilities of 2022

Cybersecurity agencies from the Five Eyes Alliance published the list of the 12 most exploited vulnerabilities of 2022, revealing that hackers prefer older unpatched software bugs, with one dating back to 2018.

Read More
CISA Issues New Strategic Plan Outlining Alignment With National Cybersecurity Strategy Through FY 2026
CISA Issues New Strategic Plan Outlining Alignment With National Cybersecurity Strategy Through FY 2026

To a great degree the strategic plan builds on the previously published CISA Strategic Intent and formalizes a number of cybersecurity strategy initiatives the agency is already well underway with.

Read More
How Preemptive Action Can Mitigate Supply Chain Cyberattacks
How Preemptive Action Can Mitigate Supply Chain Cyberattacks

Each partner in the software supply chain must understand their role in maintaining the security of the process. Transitioning from a blame-game to a proactive stance allows organizations to implement a well-defined, adaptable, and optimized strategy that helps mitigate risks and protect the supply chain.

Read More
Resurgent Hacktivist Group Executes Over 750 DDoS Attacks Targeting India, Israel, the Netherlands, and Others
Resurgent Hacktivist Group Executes Over 750 DDoS Attacks Targeting India, Israel, the Netherlands, and Others

A politically and religiously motivated hacktivist group has executed over 750 DDoS attacks and dozens of website defacements against India, Israel, the Netherlands, and others.

Read More
Emerging Market of Cybercrime Tools Driven by Generative AI Offers Automated Assistance With Fraud, Malware Creation
Emerging Market of Cybercrime Tools Driven by Generative AI Offers Automated Assistance With Fraud, Malware Creation

Generative AI models in the style of ChatGPT are being sold that promise to help create malware, write phishing emails, set up attack sites, scan for vulnerabilities, and more. The latest DarkBART and DarkBERT projects have been trained on dark web sites.

Read More
Safeguarding Data in a Rapidly Evolving Threat Landscape: Importance of DSPM
Safeguarding Data in a Rapidly Evolving Threat Landscape: Importance of DSPM

In the contemporary digital era, data has developed into a priceless resource for businesses across all industries. However, with the rapid evolution of technology comes an equally fast-evolving threat landscape. Sensitive data is now significantly at danger due to the sophistication of cyberattacks and data breaches. To effectively protect data, organizations must embrace robust data […]

The post Safeguarding Data in a Rapidly Evolving Threat Landscape: Importance of DSPM appeared first on CyberDB.

Read More
Cases of Hacker Attacks on Online Casinos
Cases of Hacker Attacks on Online Casinos

Online casino operators had learned well how to secure themselves from all sorts of dangers, including data breaches and cyber-attacks. Leading gambling sites and best return casinos have enough resources to employ up-to-date security technologies that constantly evolve. Therefore, they can significantly reduce the possible risk of being hacked. However, no matter how much effort […]

The post Cases of Hacker Attacks on Online Casinos appeared first on CyberDB.

Read More
Cybersecurity for Law Firms
Cybersecurity for Law Firms

Cybersecurity for law firms is more important than ever, regardless of the size of the firm. As cyber threats increase and become more advanced, law firms need to make cybersecurity a top priority. Clients entrust law firms with their confidential information, and any breach of this trust can lead to substantial reputation damage and financial […]

The post Cybersecurity for Law Firms appeared first on CyberDB.

Read More
Cyber Security Trends to Look Out for in 2023 and Beyond
Cyber Security Trends to Look Out for in 2023 and Beyond

As many technological advancements are taking place, cyber security has become a major concern for most organizations. The past few years have brought a revolution in technology as more people understand technology and rely on it in many ways. To ensure the safety and security of online activities Internet Service Providers use various technologies such […]

The post Cyber Security Trends to Look Out for in 2023 and Beyond appeared first on CyberDB.

Read More
Why is secure cloud storage necessary for your business?
Why is secure cloud storage necessary for your business?

Business optimization is an essential condition for its profitability. In this aspect, cloud storage helps to eliminate additional costs and organize work properly. How reliable is cloud storage? One of the principles of the providers’ work is to maintain strict confidentiality. A secure cloud is designed to store and protect user information in a high-quality […]

The post Why is secure cloud storage necessary for your business? appeared first on CyberDB.

Read More
DevOps Security Metrics and KPIs: A Comprehensive Guide
DevOps Security Metrics and KPIs: A Comprehensive Guide

In the ever-evolving landscape of software development, the integration of security measures into the DevOps process is paramount. DevOps, a cultural and technical movement aimed at breaking down the silos between development and operations teams, has revolutionized how software is delivered. However, ensuring that this rapid delivery doesn’t compromise security requires a robust set of […]

The post DevOps Security Metrics and KPIs: A Comprehensive Guide appeared first on CyberDB.

Read More
Data Safety in Digital Gambling: Ensuring Your Bitcoin Casino’s Security
Data Safety in Digital Gambling: Ensuring Your Bitcoin Casino’s Security

Since the inception of the Internet, our world has increasingly become digitized in nearly every aspect. For example, advances in technology have genuinely revolutionized the gaming industry and, in particular, the world of gambling. Nowadays, many gamblers have transitioned to online platforms where they can play their favorite games in their comfort zones. In this […]

The post Data Safety in Digital Gambling: Ensuring Your Bitcoin Casino’s Security appeared first on CyberDB.

Read More
How to Choose a Secured Online Gambling Site in India
How to Choose a Secured Online Gambling Site in India

In recent years, online gambling has witnessed explosive growth in India. With a burgeoning number of online casinos and betting platforms, it’s crucial to know how to separate the wheat from the chaff when choosing a secured online gambling site. In this article, we’ll guide you through the essential factors to consider to ensure a […]

The post How to Choose a Secured Online Gambling Site in India appeared first on CyberDB.

Read More
Tips for Training Your Staff on the Best Cybersecurity Practices
Tips for Training Your Staff on the Best Cybersecurity Practices

Implementing a cybersecurity strategy is important for any business owner. A data breach can lead to expensive fines, a negative company reputation, and a loss of income. While you can learn everything you need to know about the best cybersecurity strategies, your information is only as secure as your weakest employee. Every employee, partner, and […]

The post Tips for Training Your Staff on the Best Cybersecurity Practices appeared first on CyberDB.

Read More
Secure Your Business Systems: Top Tips for Protection
Secure Your Business Systems: Top Tips for Protection

Business systems are the backbone of any successful company. They allow for efficient operations, streamlined communication, and effective management. However, with the increasing reliance on technology, the need for strong cybersecurity measures has become more important than ever. In today’s world, cyber threats are not a matter of if, but when. Therefore, it is crucial […]

The post Secure Your Business Systems: Top Tips for Protection appeared first on CyberDB.

Read More
Cybereason Sets the New Industry Standard in 2023 MITRE ATT&CK Evaluations: Enterprise
Cybereason Sets the New Industry Standard in 2023 MITRE ATT&CK Evaluations: Enterprise

Fresh off the press: the results of the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise have been published, putting 30 security solutions to the test in real world scenarios that mimic the Turla threat actor.

Read More
The Cybersecurity Capability the Industry Nearly Forgot
The Cybersecurity Capability the Industry Nearly Forgot

When I started in cybersecurity back in the early 90’s, entire cyber security capabilities were just a couple of MB in size and would fit on a couple of floppy disks. Today, many cyber security capabilities are so big and complex that they rely on cloud computing, either for processing speed or the ability to leverage large data sets used in for example with Machine Learning as part of the detection and response capabilities.  

Read More
Malicious Life Podcast: Is Generative AI Dangerous?
Malicious Life Podcast: Is Generative AI Dangerous?

Every so often, the entire landscape of cybersecurity shifts, all at once: The latest seismic shift in the field occurred just last year. So in this episode of Malicious Life we’re going to take a look into the future of cybersecurity: at how generative AI like ChatGPT will change cyberspace, through the eyes of five research teams breaking ground in the field. We’ll start off simple, and gradually build to increasingly more complex, more futuristic examples of how this technology might well turn against us, forcing us to solve problems we’d never considered before. – check it out...

Read More
THREAT ANALYSIS: Assemble LockBit 3.0
THREAT ANALYSIS: Assemble LockBit 3.0

Cybereason issues Threat Analysis reports to investigate emerging threats and provide practical recommendations for protecting against them.

Read More
Extend Cloud Detection and Response with Sysdig and Cybereason
Extend Cloud Detection and Response with Sysdig and Cybereason

Open XDR integration enriches Sysdig CDR signals to correlate and identify Malicious Operations across the broader enterprise.

Read More
Malicious Life Podcast: Why aren't there more bug bounty programs?
Malicious Life Podcast: Why aren't there more bug bounty programs?

On the face of it, there's an obvious economic incentive for both vendors and security researchers to collaborate on disclosing vulnerabilities safely and privately. Yet bug bounty programs have gained prominence only in the past decade or so, and even today only a relatively small portion of vendors have such programs at place. Why is that? – check it out...

Read More
Malicious Life Podcast: The Voynich Manuscript
Malicious Life Podcast: The Voynich Manuscript

The constant battle between those who wish to encrypt data and those who wish to break these ciphers has made modern encryption schemes extremely powerful. Subsequently, the tools and methods to break them became equivalently sophisticated. Yet, could it be that someone in the 15th century created a cipher that even today’s most brilliant codebreakers and most sophisticated and advanced tools - cannot break?...

Read More
Malicious Life Podcast: Roman Seleznev: Did the Punishment Fit the Crime?
Malicious Life Podcast: Roman Seleznev: Did the Punishment Fit the Crime?

In 2019, Roman Seleznev, a 34 years-old Russian national, was sentenced to 27 years in prison: A sentence that’d make any criminal quiver. Seleznev's deeds had a horrendous effect on the 2.9 million individuals whose credit cards he stole and sold to cyber criminals for identity theft and financial crimes. On one hand, it’s hard to imagine any nonviolent computer crime worth 27 years in prison. But then what is an appropriate sentence for such a man as Seleznev? – check it out...

Read More
Cybereason's New Unified MalOp Dashboard
Cybereason's New Unified MalOp Dashboard

Cybereason is excited to announce a new unified Malop Dashboard

As cyber threats continue to evolve, Security Operations Center (SOC) teams face immense challenges in protecting their organizations. To be successful SOC needs not only the right technology but effective leverage of people and processes. To help SOC teams stay ahead of the curve, Cybereason introduces a unified dashboard designed to provide additional insights into emerging threats, operational metrics and provide insights to continuously improve SOC processes and procedures.

Read More
Malicious Life Podcast: Sony BMG's Rootkit Fiasco
Malicious Life Podcast: Sony BMG's Rootkit Fiasco

"We made a mistake and Sony paid a terrible price.” A terrible price indeed: an arrogant and ill-advised decision to include a rootkit in its music CDs cost Sony BMG a lot of money - and painted it as a self-centered, self-serving company that cares more about its bottom line than its customers. Why did Sony BMG make such a poor decision? – check it out...

Read More
How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards
How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Read More
Soon�
Soon�

Posted by Sean @ 12:52 GMT


Our "construction project" is progressing nicely.

A work in progress

And it should resolve this…

Mobile usability issues

Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.




On 18/08/15 At 12:52 PM

Read More
Work In Progress
Work In Progress

Posted by Sean @ 13:25 GMT


Regular readers will have noticed it's been slow here of late.

Under Construction
Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.




On 13/08/15 At 01:25 PM

Read More
"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT


Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:

iOS 9 Public Beta 2, Install

And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.

iOS 9 Public, Safari Block Alerts

We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.




On 23/07/15 At 09:53 AM

Read More
Duke APT group's latest tools: cloud services and Linux support
Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT


Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.

seaduke_crossplatform (39k image)
An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.

bastion_z (12k image)
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.

onedrive_z (7k image)
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".

decoy_ndi_small (63k image)
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.

decoy_fax (72k image)
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP




On 22/07/15 At 11:59 AM

Read More
'Zero Days', The Documentary
'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT


VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.



The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.




On 20/07/15 At 12:40 PM

Read More
IOS Crash Report: Blocking
IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT


The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:

iosclean.com

Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:

Prevent this page from creating additional dialogs

Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.

error1014.com

The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)




On 17/07/15 At 10:15 AM

Read More
Hacking Team 0-day Flash Wave with Exploit Kits
Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT


After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.

overall_stats (11k image)


Here are the stats for each exploit kit:

ek_stats (27k image)


The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:

weekend_wave_stats (22k image)


Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:

angler_vs_hanjuan_urlpattern (9k image)


We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:

anglerek_ht0d_3 (26k image)


HanJuan Flash Exploit:

hanjuanek_ht0d_3 (23k image)


There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.






On 13/07/15 At 12:29 PM

Read More
The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?
The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT


When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):

hacking_team_client_list (86k image)

Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:

hacking_team_hack_1 (95k image)

hacking_team_hack_2 (72k image)

Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.


Post by – Su Gim




On 08/07/15 At 02:31 AM

Read More
Problematic Wassenaar Definitions
Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT


The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.

Wassenaar Arrangement definitions
(Source)


So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.




On 09/06/15 At 01:25 PM

Read More
Found Item: UK Wi-Fi Law?
Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT


I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.

_WalkinWiFi

Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean




On 08/06/15 At 01:27 PM

Read More
SMS Exploit Messages
SMS Exploit Messages

Posted by Sean @ 13:56 GMT


There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.


S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:


Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:


Effective Power Unicode iOS hack vs Twitter




On 28/05/15 At 01:56 PM

Read More
Ransomware Spam E-Mails Targeting Users in Italy and Spain
Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT


In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:

crypt_email (104k image)

When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:

crypt_email_redirect_italy (187k image)

So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:

crypt_email_mal_italy (302k image)

Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:

crypt_email_redirect_spain (74k image)

If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:

crypt_email_target_spain (57k image)

And then to the malware itself:

crypt_email_mal_spain (313k image)

This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor




On 19/05/15 At 03:17 AM

Read More
Mac Hack Demonstration
Mac Hack Demonstration

Posted by Sean @ 12:46 GMT


Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.

Kids hack their Dad's computer on her Raspberry Pi

Don't worry, it's an authorized hack, she asked her mom for permission.




On 15/05/15 At 12:46 PM

Read More
Email Security Considerations for Microsoft 365 Users
Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Read More
Email Security Considerations for Google Workspace Users
Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Read More
Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates
Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Read More
Universities and Colleges Face Multi-faceted Email Security Challenges
Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Read More
Spam vs Phish: The Problem with User-Reported Phish Buttons
Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Read More
Phishing for Google Impersonation Attacks
Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

Read More
GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes
GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

GMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Read More
Native vs SEG vs ICES: What You Need to Know About Email Security
Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Read More
Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security
Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Read More
Global Supply Chain: Attackers Targeting Business Deliveries
Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries.  As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

Read More
9 Best Carbon Black Alternatives & Competitors in 2023
9 Best Carbon Black Alternatives & Competitors in 2023

A quick search on the Internet retrieved a pack of VMware Carbon Black alternatives for endpoint protection services. I analyzed features, pros, cons and pricing and then I drew conclusions. So, here`s a list of 9 Best Carbon Black Alternatives on the cybersecurity market. It includes details about key features, ease of deployment, support, and […]

The post 9 Best Carbon Black Alternatives & Competitors in 2023 appeared first on Heimdal Security Blog.

Read More
12 Benefits of Zero Trust for Mid-Sized Businesses
12 Benefits of Zero Trust for Mid-Sized Businesses

Zero Trust security is evolving from “nice to have” to an absolute must for organizations everywhere. Fortunately, Zero Trust offers numerous advantages to companies of all sizes, including medium-sized ones. While achieving full Zero Trust is a long-term goal, even partial Zero Trust environments help businesses of this size enhance their security posture and benefit […]

The post 12 Benefits of Zero Trust for Mid-Sized Businesses appeared first on Heimdal Security Blog.

Read More
Why Organizations Struggle With Vulnerability Management?
Why Organizations Struggle With Vulnerability Management?

Where Do Organizations Struggle With Vulnerability Management? With over 60% of companies having been the victims of cyberattacks in the last year, you can see that companies seem to be struggling with the way in which they manage vulnerabilities. Vulnerability management can be a daunting operation, and at times confusing, but most problems can be […]

The post Why Organizations Struggle With Vulnerability Management? appeared first on Heimdal Security Blog.

Read More
What Is Patch Management as a Service (PMaaS) & What Can It Do For You?
What Is Patch Management as a Service (PMaaS) & What Can It Do For You?

What to do if you don’t have the time, workforce, or knowledge to deal with Patch Management? We’ve got the solution for you. More and more vulnerability management vendors have begun to offer services that do all the heavy lifting to keep you safe from cyber attacks. This is known as Patch Management as a […]

The post What Is Patch Management as a Service (PMaaS) & What Can It Do For You? appeared first on Heimdal Security Blog.

Read More
Heimdal® Achieves ISAE 3000 SOC 2 Type II Certification, Demonstrating Compliance with the Highest Security Standards
Heimdal® Achieves ISAE 3000 SOC 2 Type II Certification, Demonstrating Compliance with the Highest Security Standards

Heimdal is delighted to announce that it has once again received accreditation for ISAE 3000 SOC 2 Type II for the 3rd time in a row, demonstrating its unwavering dedication to providing the highest level of data protection and security for its clients. The SOC 2 reports, issued under the ISAE 3000 standard, are based on […]

The post Heimdal® Achieves ISAE 3000 SOC 2 Type II Certification, Demonstrating Compliance with the Highest Security Standards appeared first on Heimdal Security Blog.

Read More
Sony`s Systems Breached. Ransomed.vc Claims Stealing 260 GB of Data
Sony`s Systems Breached. Ransomed.vc Claims Stealing 260 GB of Data

Ransomed.vc threat group claims they`re responsible for an alleged Sony data breach and attempt to sell the stolen data on the dark web. While Ransomed.vc stated they compromised „all of Sony`s systems”, and stole 260 GB of data, the file tree they provided as proof does not exceed 6,000 files. As Sony allegedly refused to […]

The post Sony`s Systems Breached. Ransomed.vc Claims Stealing 260 GB of Data appeared first on Heimdal Security Blog.

Read More
Phobos Ransomware: Everything You Need to Know and More
Phobos Ransomware: Everything You Need to Know and More

In the ever-evolving landscape of cyber threats, ransomware remains a pervasive and destructive weapon in the arsenal of cybercriminals. Among the various ransomware strains, Phobos has gained notoriety for its sophisticated capabilities and devastating consequences. This article delves into Phobos ransomware, exploring its origins, modus operandi, impact, and prevention measures. What is Phobos Ransomware? First […]

The post Phobos Ransomware: Everything You Need to Know and More appeared first on Heimdal Security Blog.

Read More
NY College Must Spend $3.5M on Cybersecurity After Breach Affecting 200k Students
NY College Must Spend $3.5M on Cybersecurity After Breach Affecting 200k Students

After a data breach in 2021 exposed the personal information of nearly 200,000 people, the attorney general of New York requested a university to invest $3.5 million in cybersecurity. The measure addresses the data security deficiencies that led to a ransomware attack in 2021. Marymount Manhattan College (MMC), a liberal arts college in New York […]

The post NY College Must Spend $3.5M on Cybersecurity After Breach Affecting 200k Students appeared first on Heimdal Security Blog.

Read More
7 Best Sophos Alternatives & Competitors in 2023 [Features, Pricing & Reviews]
7 Best Sophos Alternatives & Competitors in 2023 [Features, Pricing & Reviews]

In the ever-evolving cybersecurity landscape, businesses constantly seek robust security solutions to protect their digital assets.  Sophos, a well-known name in the cybersecurity industry, has been a trusted choice for many organizations. However, with the market continuously expanding and new threats emerging, exploring alternatives and competitors is essential to ensure your cybersecurity needs are met.  […]

The post 7 Best Sophos Alternatives & Competitors in 2023 [Features, Pricing & Reviews] appeared first on Heimdal Security Blog.

Read More
Apple Fixes 3 New Actively Exploited Zero-Day Vulnerabilities
Apple Fixes 3 New Actively Exploited Zero-Day Vulnerabilities

Apple released an emergency security update to patch three newly identified zero-days exploited actively by threat actors. The vulnerabilities affected iPhone and Mac users, and with this, the total zero-days fixed by Apple this year rose to 16. What Do We Know About the Vulnerabilities? Two of the vulnerabilities were found in the WebKit browser […]

The post Apple Fixes 3 New Actively Exploited Zero-Day Vulnerabilities appeared first on Heimdal Security Blog.

Read More
New Threat Group: Sandman Targets Telecommunication Companies Across the World With Infostealers
New Threat Group: Sandman Targets Telecommunication Companies Across the World With Infostealers

A previously unknown threat group known as “Sandman” is making its presence felt. The group uses a modular information-stealing malware called “LuaDream” to target telecommunication service providers in the Middle East, Western Europe, and South Asia. Sandman: How This New Threat Operates In order to maximize its cyberespionage operations, Sandman adopts a low profile to […]

The post New Threat Group: Sandman Targets Telecommunication Companies Across the World With Infostealers appeared first on Heimdal Security Blog.

Read More
Computer Security Incident Response Team (CSIRT): How to Build One
Computer Security Incident Response Team (CSIRT): How to Build One

According to the World Economic Forum, “widespread cybercrime and cyber insecurity” is rated as one of the greatest worldwide dangers for the following two and ten years. This means that your organization needs to constantly improve its cybersecurity posture. A known way of doing this is through a Computer Security Incident Response Team (CSIRT). This […]

The post Computer Security Incident Response Team (CSIRT): How to Build One appeared first on Heimdal Security Blog.

Read More
International Criminal Court Reveals System Breach and Plans to Bolster Security
International Criminal Court Reveals System Breach and Plans to Bolster Security

The International Criminal Court (ICC) announced on September 19th that hackers breached their computer systems. ICC storages highly sensitive information about war crimes and is thus one of the world`s most important public institutions. What We Know About the ICC System Breach Tuesday afternoon ICC disclosed that last week they detected anomalous activity on their […]

The post International Criminal Court Reveals System Breach and Plans to Bolster Security appeared first on Heimdal Security Blog.

Read More
Critical GitLab Pipeline Vulnerability Revealed. Users are urged to patch immediately
Critical GitLab Pipeline Vulnerability Revealed. Users are urged to patch immediately

GitLab disclosed critical vulnerability that enables hackers to run pipelines as other users by leveraging scheduled security scan policies. The platform issued an advisory and urged users to apply available updates as soon as possible. The GitLab pipeline vulnerability was dubbed CVE-2023-4998 and received a 9.6 CVSS risk score. More About the GitLab Pipeline Vulnerability […]

The post Critical GitLab Pipeline Vulnerability Revealed. Users are urged to patch immediately appeared first on Heimdal Security Blog.

Read More
Improper Usage of SAS Token Leads to Massive Microsoft Data Leakage
Improper Usage of SAS Token Leads to Massive Microsoft Data Leakage

Microsoft researchers leaked 38TB of sensitive data to a public GitHub repository while training open-source AI learning models. The Microsoft data leakage occurred starting July 2020 and white hat hackers only discovered and reported it on June 22nd, 2023. Consequently, Microsoft issued an advisory claiming that: No customer data was exposed, and no other Microsoft […]

The post Improper Usage of SAS Token Leads to Massive Microsoft Data Leakage appeared first on Heimdal Security Blog.

Read More
Are You Still Storing Passwords In Plain Text Files?, (Fri, Sep 29th)
Are You Still Storing Passwords In Plain Text Files?, (Fri, Sep 29th)

"Infostealer" malware have&#;x26;#;xc2;&#;x26;#;xa0;been in the wild for a long time now. Once the computer&#;x26;#;39;s victim is infected, the goal is to steal "juicy" information like passwords, cookies, screenshots, keystrokes, and more. Yesterday, I spotted an interesting sample. It&#;x26;#;39;s delivered through an FTP connection. The file (SHA256:2bf9a44bd546e0fd1448521669136220dc49146b0f3a5cd7863698ac79b5e778) is unknown on VirusTotal.

Read More
ISC Stormcast For Friday, September 29th, 2023 https://isc.sans.edu/podcastdetail/8680, (Fri, Sep 29th)
ISC Stormcast For Friday, September 29th, 2023 https://isc.sans.edu/podcastdetail/8680, (Fri, Sep 29th)

No summary available.

Read More
IPv4 Addresses in Little Endian Decimal Format, (Thu, Sep 28th)
IPv4 Addresses in Little Endian Decimal Format, (Thu, Sep 28th)

If you look at the XML EventData of Windows events like 1002 (DHCP error), you will see something like this:

Read More
ISC Stormcast For Thursday, September 28th, 2023 https://isc.sans.edu/podcastdetail/8678, (Thu, Sep 28th)
ISC Stormcast For Thursday, September 28th, 2023 https://isc.sans.edu/podcastdetail/8678, (Thu, Sep 28th)

No summary available.

Read More
ISC Stormcast For Wednesday, September 27th, 2023 https://isc.sans.edu/podcastdetail/8676, (Wed, Sep 27th)
ISC Stormcast For Wednesday, September 27th, 2023 https://isc.sans.edu/podcastdetail/8676, (Wed, Sep 27th)

No summary available.

Read More
Apple Releases MacOS Sonoma Including Numerous Security Patches, (Tue, Sep 26th)
Apple Releases MacOS Sonoma Including Numerous Security Patches, (Tue, Sep 26th)

As expected, Apple today released macOS Sonoma (14.0). This update, in addition to new features, provides patches for about 60 different vulnerabilities. Older MacOS versions received updates addressing these vulnerabilities last week with the MacOS 13.6. When these updates were released, the security content was not made public, but with today&#;x26;#;39;s release of macOS 14, Apple revealed the security content of these prior updates.

Read More
ISC Stormcast For Tuesday, September 26th, 2023 https://isc.sans.edu/podcastdetail/8674, (Tue, Sep 26th)
ISC Stormcast For Tuesday, September 26th, 2023 https://isc.sans.edu/podcastdetail/8674, (Tue, Sep 26th)

No summary available.

Read More
A new spin on the ZeroFont phishing technique, (Tue, Sep 26th)
A new spin on the ZeroFont phishing technique, (Tue, Sep 26th)

Last week, I came across an interesting phishing e-mail, in which a text written in a font with zero-pixel size was used in quite a novel way.

Read More
ISC Stormcast For Monday, September 25th, 2023 https://isc.sans.edu/podcastdetail/8672, (Mon, Sep 25th)
ISC Stormcast For Monday, September 25th, 2023 https://isc.sans.edu/podcastdetail/8672, (Mon, Sep 25th)

No summary available.

Read More
YARA Support for .LNK Files, (Sun, Sep 24th)
YARA Support for .LNK Files, (Sun, Sep 24th)

The upcoming version of YARA 4.4.0 will include a new module for .lnk files.

Read More
Your KnowBe4 Fresh Content Updates from September 2023
Your KnowBe4 Fresh Content Updates from September 2023

Check out the 66 new pieces of training content added in September, alongside the always fresh content update highlights, events and new features.

Read More
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Read More
[Heads Up] China Invests Billions in Huge Global Disinformation Campaign
[Heads Up] China Invests Billions in Huge Global Disinformation Campaign

Dustin Volz from the WSJ dropped a huge scoop today. This is rocket fuel infosec budget ammo I would send to my C-suite in a New York minute. They said: "Fake authors, bot armies and lawsuits are among the tactics Beijing employs to reshape the information landscape." Here are a few paragraphs of the article and then there's a link to the whole thing below:

Read More
Ransomware Now Considered a “Crisis” in the Financial Services Sector
Ransomware Now Considered a “Crisis” in the Financial Services Sector

A recent panel discussion of banking CISOs and experts at the SIBOS conference focused on the current state of ransomware and what institutions should do to protect themselves.

Read More
It’s Official – Generative AI Has Made Phishing Emails Foolproof
It’s Official – Generative AI Has Made Phishing Emails Foolproof

The most basic use of tools like ChatGPT to script out professional-looking emails has all but eliminated improperly written content as an indicator of a potential phishing scam.

Read More
Threat Group UNC3944 Continues to See Success Using Text-Based Social Engineering
Threat Group UNC3944 Continues to See Success Using Text-Based Social Engineering

A new update on UNC3944 group's activities shows how they are evolving their focus squarely on SMiShing credential harvesting attacks that result in data theft/extortion attacks.

Read More
Pharma Industry Seeing Reduction in Data Breach Costs, But Still Have Much to Do
Pharma Industry Seeing Reduction in Data Breach Costs, But Still Have Much to Do

Insights from IBM’s Cost of a Data Breach Report on the Pharmaceutical Industry shows that while the overall cost has improved, there are clear areas of risk that need to be addressed.

Read More
Facebook Messenger Becomes the Delivery Mechanism for Infostealer Malware Attack
Facebook Messenger Becomes the Delivery Mechanism for Infostealer Malware Attack

Millions of business accounts on Facebook are the target of a new malware attack, which is seeing a success rate of 1 out of 70, causing concern for the security of corporate credentials.

Read More
Zero-Point Fonts in Phishing Emails
Zero-Point Fonts in Phishing Emails

Attackers are using zero-point fonts to make phishing emails appear as though they’ve been verified by security scanners, BleepingComputer reports.

Read More
Cyber Insurance Claims Increased by 12% in First Half of 2023, Attacks More Frequent and Severe Than Ever
Cyber Insurance Claims Increased by 12% in First Half of 2023, Attacks More Frequent and Severe Than Ever

The latest cyber claims report from Coalition, a digital risk insurance provider, finds a 12% increase in cyber insurance claims in the first half of 2023 over the second half of 2022, due to surging attack frequency and severity.

Read More
Black Hat Fireside Chat: In a hyper-connected world, effectively securing APIs is paramount
Black Hat Fireside Chat: In a hyper-connected world, effectively securing APIs is paramount

APIs. The glue of hyper connectivity; yet also the wellspring of risk.

Related: The true scale of API breaches

I had an enlightening discussion at Black Hat USA 2023 with Traceable.ai Chief Security Officer Richard Bird about how these snippets … (more…)

Read More
News alert: Wisner Baum lawsuit alleges joint spyware scheme by Google, Meta, H&R Block
News alert: Wisner Baum lawsuit alleges joint spyware scheme by Google, Meta, H&R Block

Los Angeles, Calif.,  Sept. 27, 2023 — Citing organized crime statutes, attorneys with Wisner Baum have filed the first RICO class action alleging that H&R Block, Meta, and Google jointly schemed to install spyware on the H&R Block site, scraping … (more…)

Read More
News alert: DigitalAPICraft and Google partner to simplify development, integration of new apps
News alert: DigitalAPICraft and Google partner to simplify development, integration of new apps

London, UK and Austin, Tex., Sept. 27, 2023 — Organisations around the world are rushing to build API (application programming interface) marketplaces to foster greater connectivity between them and their partners and users.

Global spend on API marketplaces is set … (more…)

Read More
News alert: ACM TechBrief lays out risks, policy implications of generative AI technologies
News alert: ACM TechBrief lays out risks, policy implications of generative AI technologies

New York, NY, Sept. 27, 2023 – ACM, the Association for Computing Machinery has released “TechBrief: Generative Artificial Intelligence.”

It is the latest in the quarterly ACM TechBriefs series of short technical bulletins that present scientifically grounded perspectives … (more…)

Read More
Breaking News Q&A: What Cisco’s $28 billion buyout of Splunk foretells about cybersecurity
Breaking News Q&A: What Cisco’s $28 billion buyout of Splunk foretells about cybersecurity

There’s a tiny bit more to Cisco’s acquisition of Splunk than just a lumbering hardware giant striving to secure a firmer foothold in the software business.

Related: Why ‘observability’ is rising to the fore

Cisco CEO Chuck Robbins has … (more…)

Read More
News Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practices
News Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practices

Washington, DC, Sept.26, 2023 — The Internet Infrastructure Coalition (i2Coalition) launched the VPN Trust Initiative (VTI) in 2020 to establish a baseline for how virtual private network (VPN) providers should operate.

The goal is to help avoid oversights, misunderstandings, or … (more…)

Read More
GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity
GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority.

Related: SMBs too often pay ransom

Small businesses, including nonprofit … (more…)

Read More
News alert: SSH announces another US financial institution selects PrivX as its PAM solution
News alert: SSH announces another US financial institution selects PrivX as its PAM solution

Helsinki, Finland, Sept. 22, 2023 – A leading global financial institution has selected PrivX as its privileged access management (PAM) solution. The customer is one of the largest and most important financial institutions in the world.

This is third major … (more…)

Read More
News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs
News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

Chicago, Ill., Sept. 21, 2023 — MxD, the Digital Manufacturing and Cybersecurity Institute, today hosted a roundtable discussion with the White House Office of the National Cyber Director. Also in attendance were Access Living, The College of Lake County, … (more…)

Read More
GUEST ESSAY: Caring criminals — why some ransomware gangs now avoid targeting hospitals
GUEST ESSAY: Caring criminals — why some ransomware gangs now avoid targeting hospitals

Ransomware is a significant threat to businesses worldwide. There are many gangs that work together to orchestrate increasingly damaging attacks. However, some of these groups follow codes of conduct that prevent them from purposefully targeting hospitals.

Related: How Putin has (more…)

Read More
Google’s Bard conversations turn up in search results
Google’s Bard conversations turn up in search results

Categories: News

Categories: Privacy

Tags: Google

Tags: Bard

Tags: AI

Tags: LLM

Tags: crawled

Tags: search

After an update for Google's Bard AI, users found that shared conversations were turning up in search results.

(Read more...)

The post Google’s Bard conversations turn up in search results appeared first on Malwarebytes Labs.

Read More
Malicious ad served inside Bing's AI chatbot
Malicious ad served inside Bing's AI chatbot

Categories: Threat Intelligence

Tags: bing chat

Tags: AI

Tags: malvertising

Tags: ads

Users looking for software downloads may be tricked into visiting malicious websites via their interaction with Bing Chat.

(Read more...)

The post Malicious ad served inside Bing's AI chatbot appeared first on Malwarebytes Labs.

Read More
Pegasus spyware and how it exploited a WebP vulnerability
Pegasus spyware and how it exploited a WebP vulnerability

Categories: Android

Categories: Apple

Categories: Exploits and vulnerabilities

Tags: Pegasus

Tags: spyware

Tags: nso

Tags: webp

Tags: libwebp

Tags: buffer overflow

The company behind the infamous Pegasus spyware used a vulnerability in almost every browser to plant their malware on victim's devices.

(Read more...)

The post Pegasus spyware and how it exploited a WebP vulnerability appeared first on Malwarebytes Labs.

Read More
Xenomorph hunts cryptocurrency logins on Android
Xenomorph hunts cryptocurrency logins on Android

Categories: Personal

Tags: android

Tags: xenomorph

Tags: malware

Tags: phone

Tags: google play

Tags: cryptocurrency

We take a look at a new Android scam involving Xenomorph malware and a hunt for cryptocurrency credentials.

(Read more...)

The post Xenomorph hunts cryptocurrency logins on Android appeared first on Malwarebytes Labs.

Read More
Malwarebytes MDR wins G2 awards for
Malwarebytes MDR wins G2 awards for "Best ROI," "Easiest to Use," and more

Categories: Business

Customers rated Malwarebytes MDR as “Easiest to do Business With,” “Best Est. ROI,” “Easiest to Use,” and “Easiest Admin, and more.

(Read more...)

The post Malwarebytes MDR wins G2 awards for "Best ROI," "Easiest to Use," and more appeared first on Malwarebytes Labs.

Read More
Malwarebytes Admin update: New Detection screens to manage threats!
Malwarebytes Admin update: New Detection screens to manage threats!

Categories: Business

We released version 1.2 of the Malwarebytes Admin app for IOS and Android last week, featuring new Detections features that adds visibility into threats.

(Read more...)

The post Malwarebytes Admin update: New Detection screens to manage threats! appeared first on Malwarebytes Labs.

Read More
Webinar: Bridging digital transformation & cybersecurity
Webinar: Bridging digital transformation & cybersecurity

Categories: Business

How can organizations stay secure amidst the ceaseless tide of change?

(Read more...)

The post Webinar: Bridging digital transformation & cybersecurity appeared first on Malwarebytes Labs.

Read More
Child health data stolen in registry breach
Child health data stolen in registry breach

Categories: Exploits and vulnerabilities

Categories: News

Categories: Ransomware

Tags: MOVEit

Tags: vulnerability

Tags: Cl0p

Tags: ransomware

Tags: BORN

Tags: NSC

Tags: privacy

Tags: identity theft

Canadian healthcare organization Better Outcomes Registry & Network (BORN) has disclosed a data breach affecting client data.

(Read more...)

The post Child health data stolen in registry breach appeared first on Malwarebytes Labs.

Read More
Credit card thieves target Booking.com customers
Credit card thieves target Booking.com customers

Categories: News

Categories: Scams

Tags: booking.com

Tags: obfuscated

Tags: hospitality

Tags: anti-sandboxing

A very clever and complex phishing campaign uses organizations in the hospitality industry to get customers' credit card information.

(Read more...)

The post Credit card thieves target Booking.com customers appeared first on Malwarebytes Labs.

Read More
Ransomware group claims it's
Ransomware group claims it's "compromised all of Sony systems"

Categories: News

The ransomware group RansomedVC says its selling Sony's data.

(Read more...)

The post Ransomware group claims it's "compromised all of Sony systems" appeared first on Malwarebytes Labs.

Read More
TikTok flooded with fake celebrity nude photo Temu referrals
TikTok flooded with fake celebrity nude photo Temu referrals

Categories: Personal

Tags: TikTok

Tags: celeb

Tags: celebrity

Tags: fake

Tags: nude

Tags: nudes

Tags: scam

Tags: referral

Tags: temu

A bogus celebrity leaked photos scam linked to Temu referrals is doing the rounds on TikTok.

(Read more...)

The post TikTok flooded with fake celebrity nude photo Temu referrals appeared first on Malwarebytes Labs.

Read More
What does a car need to know about your sex life? Lock and Code S04E20
What does a car need to know about your sex life? Lock and Code S04E20

Categories: Podcast

This week on the Lock and Code podcast, we speak with Mozilla's Privacy Not Included team about the invasive data collection practices of modern cars.

(Read more...)

The post What does a car need to know about your sex life? Lock and Code S04E20 appeared first on Malwarebytes Labs.

Read More
A week in security (September 18 - September 24)
A week in security (September 18 - September 24)

Categories: News

Tags: Themebleed

Tags: zero-days

Tags: Apple

Tags: T-Mobile

Tags: MGM

Tags: metaverse

A list of topics we covered in the week of September 18 to September 24 of 2023

(Read more...)

The post A week in security (September 18 - September 24) appeared first on Malwarebytes Labs.

Read More
Emergency update! Apple patches three zero-days
Emergency update! Apple patches three zero-days

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: emergency

Tags: update

Tags: CVE-2023-41991

Tags: CVE-2023-41992

Tags: CVE-2023-41993

Apple has released patches for three zero-day vulnerabilities that may have been actively exploited.

(Read more...)

The post Emergency update! Apple patches three zero-days appeared first on Malwarebytes Labs.

Read More
T-Mobile spills billing information to other customers
T-Mobile spills billing information to other customers

Categories: News

Categories: Personal

Tags: T-Mobile

Tags: billing details

Tags: data breach

Tags: glitch

T-Mobile customers recently found other subscribers' information on their online dashboards.

(Read more...)

The post T-Mobile spills billing information to other customers appeared first on Malwarebytes Labs.

Read More
Involved in a data breach? Here’s what you need to know
Involved in a data breach? Here’s what you need to know

Categories: News

Categories: Personal

If you've received a message from a company saying your data has been caught up in a breach, you might be unsure what to do next. Well, we have some tips for you...

(Read more...)

The post Involved in a data breach? Here’s what you need to know appeared first on Malwarebytes Labs.

Read More
Steer clear of cryptocurrency recovery phrase scams
Steer clear of cryptocurrency recovery phrase scams

Categories: Personal

Tags: cryptocurrency

Tags: mark cuban

Tags: scam

Tags: phish

Tags: phishing

Tags: wallet

Tags: hot

Tags: cold

Tags: metamask

Tags: extension

Tags: browser

Tags: mobile

Tags: android

Tags: search engine

We take a look at a common cryptocurrency scam which focuses on your recovery phrase.

(Read more...)

The post Steer clear of cryptocurrency recovery phrase scams appeared first on Malwarebytes Labs.

Read More
DoppelPaymer ransomware group suspects identified
DoppelPaymer ransomware group suspects identified

Categories: News

Categories: Ransomware

More DoppelPaymer ransomware group suspects have been identified by blockchain investigations and had search warrants executed against them.

(Read more...)

The post DoppelPaymer ransomware group suspects identified appeared first on Malwarebytes Labs.

Read More
The privacy perils of the Metaverse
The privacy perils of the Metaverse

Categories: Personal

Tags: metaverse

Tags: meta

Tags: Facebook

Tags: VR

Tags: AR

Tags: XR

Tags: reality

Tags: virtual reality

Tags: privacy

Tags: safety

We take a look at the privacy implications of the Metaverse.

(Read more...)

The post The privacy perils of the Metaverse appeared first on Malwarebytes Labs.

Read More
The mystery of the CVEs that are not vulnerabilities
The mystery of the CVEs that are not vulnerabilities

Categories: Business

Categories: Exploits and vulnerabilities

Categories: News

Tags: CVE

Tags: NVD

Tags: vulnerabilities

Tags: CVE-2020-19909

Researchers have raised the alarm about a large set of CVE for older bugs that never were vulnerabilities.

(Read more...)

The post The mystery of the CVEs that are not vulnerabilities appeared first on Malwarebytes Labs.

Read More
IT Governance Podcast 22.09.23: MGM Resorts, Microsoft Azure, International Criminal Court
IT Governance Podcast 22.09.23: MGM Resorts, Microsoft Azure, International Criminal Court

This week, we discuss a cyber attack on MGM Resorts that has allegedly cost the company millions of dollars in revenue even before it began its remediation efforts, the leak of 38 terabytes of Microsoft data and a cyber attack on the International Criminal Court in The Hague.

The post IT Governance Podcast 22.09.23: MGM Resorts, Microsoft Azure, International Criminal Court appeared first on IT Governance UK Blog.

Read More
MGM Resorts suffers ransomware infection following social engineering attack
MGM Resorts suffers ransomware infection following social engineering attack

The gaming giant MGM Resorts has shut down large parts of its systems following a ransomware attack, causing widespread disruption across its hotels and casinos. TechCrunch reports that many of MGM’s casinos are “out of action” and staff have had to resort to using pen and paper. The story was first reported by the malware repository vx-underground on 13 September. It claimed that the perpetrators were an associate of the ALPHV/BlackCat ransomware-as-a-service group identified as Scattered Spider. An admin for ALPHV/BlackCat later confirmed this to BleepingComputer. Scattered Spider is known for its social engineering attacks, such as impersonating help desk

The post MGM Resorts suffers ransomware infection following social engineering attack appeared first on IT Governance UK Blog.

Read More
Catches of the Month: Phishing Scams for September 2023
Catches of the Month: Phishing Scams for September 2023

Welcome to our September 2023 catches of the month feature, which examines recent phishing scams and the tactics criminals use to trick people into compromising their data. Following last month’s news that Microsoft was the most impersonated brand in phishing scams in Q2 2023 – which is hardly surprising given its popularity – this month we discuss three more Microsoft-based scams: two involving Teams and one exploiting Word. Storm-0324 malware distributor targets victims via Teams Microsoft reports that a threat actor identified as Storm-0324, who has been associated with email phishing campaigns since at least 2016, has been sending phishing

The post Catches of the Month: Phishing Scams for September 2023 appeared first on IT Governance UK Blog.

Read More
IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi
IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi

This week, we discuss security issues at the Electoral Commission, Meta’s appeal against daily GDPR fines, and a breach affecting 10 million users of the French unemployment agency Pôle emploi. Also available on Spotify, Amazon Music, Apple Podcasts and SoundCloud. Transcript: Hello and welcome to the IT Governance podcast for Friday, 8 September 2023. Here’s the news: As discussed in our 11 August podcast, the Electoral Commission issued a public notification of what it called a “complex cyber-attack” on 8 August, in which “hostile actors” gained access to the UK’s electoral registers, which contain somewhere in the region of 46 million people’s personal information. According to the

The post IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi appeared first on IT Governance UK Blog.

Read More
List of Data Breaches and Cyber Attacks in 2023
List of Data Breaches and Cyber Attacks in 2023

Welcome back to our new-look list of data breaches and cyber attacks. On this page, you’ll find a comprehensive analysis of recent data breaches. According to our research, there were 73 publicly disclosed security incidents in August 2023, and they accounted for 79,729,271 compromised records. You can find a link to the full list below, where you can also find more detail about the biggest cyber attacks of August, as well as the year so far. Each month, we’ll update this page with the latest figures and links, so be sure to bookmark it to keep an eye out for

The post List of Data Breaches and Cyber Attacks in 2023 appeared first on IT Governance UK Blog.

Read More
List of Data Breaches and Cyber Attacks in August 2023 – 79,729,271 Records Breached
List of Data Breaches and Cyber Attacks in August 2023 – 79,729,271 Records Breached

IT Governance found 73 publicly disclosed security incidents in August 2023, accounting for 79,729,271 breached records. You can find the full list below, divided into four categories: cyber attacks, ransomware, data breaches, and malicious insiders and miscellaneous incidents. For more details about the year’s incidents, check out our new page, which provides a complete list of known data breaches and cyber attacks in 2023. It also breaks down each month’s cyber security incidents and provides more information about the biggest and most notable breaches of the month. Cyber attacks Ransomware Data breaches Malicious insiders and miscellaneous incidents

The post List of Data Breaches and Cyber Attacks in August 2023 – 79,729,271 Records Breached appeared first on IT Governance UK Blog.

Read More
IT Governance Podcast 25.8.23: Tesla, Duolingo, Lapsus$ trial
IT Governance Podcast 25.8.23: Tesla, Duolingo, Lapsus$ trial

This week, we discuss “insider wrongdoing” at Tesla, a data breach affecting 2.6 million Duolingo users and the conclusion of a two-month court case against members of the Lapsus$ gang. Also available on Spotify, Amazon Music, Apple Podcasts and SoundCloud. Transcript: Hello and welcome to the IT Governance podcast for Friday, 25 August 2023. Here’s the news: A data breach at Tesla, which affected 75,735 people and saw sensitive company data compromised, was caused by two former employees, the electric car maker has said. In a data breach notice filed with Maine’s attorney general, Tesla’s data privacy officer, Steven Elentukh, said its investigation into the

The post IT Governance Podcast 25.8.23: Tesla, Duolingo, Lapsus$ trial appeared first on IT Governance UK Blog.

Read More
IT Governance Podcast 11.8.23: Electoral Commission, PSNI, Capita
IT Governance Podcast 11.8.23: Electoral Commission, PSNI, Capita

This week, we discuss data breaches affecting the Electoral Commission and the Police Service of Northern Ireland, and the financial repercussions of Capita’s March ransomware incident. Also available on Spotify, Amazon Music, Apple Podcasts and SoundCloud.

The post IT Governance Podcast 11.8.23: Electoral Commission, PSNI, Capita appeared first on IT Governance UK Blog.

Read More
A Guide to the GDPR and CCTV in the Workplace
A Guide to the GDPR and CCTV in the Workplace

You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation).  Its rules don’t only cover written details, like names and addresses; it applies to any information that can identify someone.  That includes pictures and videos, which is why you should be careful about the way you use CCTV.  In this article, we look at the relationship between the GDPR and CCTV footage, and provide our tips to ensure that your video surveillance methods are GDPR-compliant.  1. Make sure people know they’re being recorded Transparency is a core principle of the GDPR.  You must tell people

The post A Guide to the GDPR and CCTV in the Workplace appeared first on IT Governance UK Blog.

Read More
Catches of the Month: Phishing Scams for August 2023
Catches of the Month: Phishing Scams for August 2023

Welcome to our August 2023 catches of the month feature, in which we explore the latest phishing scams and the tactics that cyber criminals use to trick people into handing over personal data. This month, we have a pair of stories about Microsoft. The first looks at an alarming rise in phishing scams that impersonate the tech firm, while the second discusses a new security feature that’s designed to protect users from password compromise. Microsoft becomes the most mimicked phishing brand Phishing scams involving Microsoft have soared in the past three months, according to research from the security firm Check Point.

The post Catches of the Month: Phishing Scams for August 2023 appeared first on IT Governance UK Blog.

Read More
A cryptor, a stealer and a banking trojan
A cryptor, a stealer and a banking trojan

In this report, we share our latest crimeware findings: the ASMCrypt cryptor/loader related to DoubleFinger, a new Lumma stealer and a new version of Zanubis Android banking trojan.

Read More
QR codes in email phishing
QR codes in email phishing

Scammers are camouflaging phishing links with QR codes and distributing them through email.

Read More
Overview of IoT threats in 2023
Overview of IoT threats in 2023

IoT threats: how devices get hacked, what malware is uploaded, and what services are on offer on the dark web in 2023.

Read More
Threat landscape for industrial automation systems. Statistics for H1 2023
Threat landscape for industrial automation systems. Statistics for H1 2023

In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%.

Read More
Free Download Manager backdoored – a possible supply chain attack on Linux machines
Free Download Manager backdoored – a possible supply chain attack on Linux machines

Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.

Read More
From Caribbean shores to your devices: analyzing Cuba ransomware
From Caribbean shores to your devices: analyzing Cuba ransomware

The article analyzes the malicious tactics, techniques and procedures (TTP) used by the operator of the Cuba ransomware, and details a Cuba attack incident.

Read More
Evil Telegram doppelganger attacks Chinese users
Evil Telegram doppelganger attacks Chinese users

Spyware Telegram mod in Uighur and Chinese spreads through Google Play stealing messages and other user data.

Read More
IT threat evolution in Q2 2023. Non-mobile statistics
IT threat evolution in Q2 2023. Non-mobile statistics

PC malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.

Read More
IT threat evolution in Q2 2023. Mobile statistics
IT threat evolution in Q2 2023. Mobile statistics

The smartphone malware statistics for Q2 2023 includes data for Android malware, adware, banking Trojans and ransomware.

Read More
IT threat evolution in Q2 2023
IT threat evolution in Q2 2023

Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others.

Read More
Meta’ One Good Deed
Meta’ One Good Deed

This week on the podcast, we get up to speed on the MGM and Caesars Entertainment ransomware incidents from the previous week. After that, we take a deep dive into a blog post from Meta’s application security team for their VR headsets. After that, we cover Microsoft’s analysis of an ATP’s pivot from email to […]

Read More - Meta’ One Good Deed

Read More
iPhone’s Latest 0-Day
iPhone’s Latest 0-Day

This week on the podcast, we cover Microsoft’s final report on their July incident involving nation-state actors compromising enterprise email accounts. After that, we discuss a zero-day, zero-click vulnerability in iOS being actively exploited in the wild before ending with a chat about an upcoming change to how Android handles CA certificates.

Read More - iPhone’s Latest 0-Day

Read More
The Qakbot Takedown
The Qakbot Takedown

This week on the podcast, we cover the FBI-lead, multinational takedown of the Qakbot botnet of over 700,000 victim devices. After that, we cover two android malware variants including one targeting victims in southeast Asia and another built by the Russian GRU.

Read More - The Qakbot Takedown

Read More
Weaponizing WinRAR
Weaponizing WinRAR

This week on the podcast we cover the latest evolutions of the North Korean threat actor Lazarus before covering an actively-exploited 0day vulnerability in the popular unarchiver WinRAR. We end the episode with an AI-related attack that doesn’t actually use AI.

Read More - Weaponizing WinRAR

Read More
U.S. Cyber Trust Mark
U.S. Cyber Trust Mark

This week on the podcast we cover the FCC’s proposal for a security assurance labeling program for IoT devices. Before that, we discuss the latest AI research challenge hosted by DARPA as well as some research into a novel attack against the AI/ML supply chain.

Read More - U.S. Cyber Trust Mark

Read More
Def Con 2023 Recap
Def Con 2023 Recap

On this week’s episode, we chat about some of our favorite talks from this year’s Def Con security conference. We’ll cover several topics including artificial intelligence, hacking mobile point of sale devices, and how worried we should or shouldn’t be about cyber warfare.

Read More - Def Con 2023 Recap

Read More
BlackHat 2023 Recap
BlackHat 2023 Recap

In this special end-of-week episode of The 443, we cover some of our favorite talks from this year’s edition of the BlackHat cybersecurity conference in Las Vegas. We’ll discuss the trends we saw and summaries of interesting topics including AI, nation state warfare, and improving cyber defense.

Read More - BlackHat 2023 Recap

Read More
What Is Same-Origin Policy? Replay
What Is Same-Origin Policy? Replay

This week we look back to an episode that originally aired in May 2021 where we remember a Def Con legend then dive in to two web browsing security acronyms. Keep an eye out later this week as we come to you from this year’s Black Hat and Def Con cybersecurity conferences!

Read More - What Is Same-Origin Policy? Replay

Read More
Qakbot Qacktivity
Qakbot Qacktivity

This week on the podcast, we cover the latest evolutions of the decade-old Qakbot malware including changes in how attackers deliver it. After that, we give an update on the SEC’s new rules around mandatory security disclosure. We then end by reviewing CISA’s analysis of Risk and Vulnerability Assessments they completed for their constituents in […]

Read More - Qakbot Qacktivity

Read More
Red Teaming AI Systems
Red Teaming AI Systems

This week on the podcast, we give an update on last week’s discussion around a China-based APT targeting government organizations. After that, we cover the latest uses of generative AI like ChatGPT by malicious hackers. Finally, we end with a report from Google on their efforts around Red Teaming Artificial Intelligence systems.

Read More - Red Teaming AI Systems

Read More
New Microsoft Office 0-Day
New Microsoft Office 0-Day

This week on the podcast we cover two stories that came out of Microsoft’s July Patch Tuesday. The first involves an incident within Microsoft that lead to foreign cybercriminals compromising the email accounts of multiple government agencies. The second story involves an actively exploited 0-day vulnerability in Office that at the time of recording, remains […]

Read More - New Microsoft Office 0-Day

Read More
Q1 2023 Internet Security Report
Q1 2023 Internet Security Report

This week on the podcast, we cover WatchGuard Threat Lab’s Internet Security Report for Q1 2023. Throughout the episode, we’ll discuss the key trends for cyber threats impacting small and midsize organizations globally including the top malware and network attach detections as well as a look specifically at the endpoint. We round out the episode […]

Read More - Q1 2023 Internet Security Report

Read More
RepoJacking
RepoJacking

On this week’s podcast we discuss a recent analysis on the risks of GitHub RepoJacking. After that, we dive in to the Barracuda 0-day that China-based threat actors are actively exploiting as well as a novel command and control distribution method for a separate China-based APT.

Read More - RepoJacking

Read More
A New Russian APT
A New Russian APT

On this week’s episode we discuss the newly named threat actor Cadet Blizzard, including their typical tools, tactics and procedures. We also cover CISA’s newest binding directive to federal agencies. Before that, we give an update on exploited MOVEit Transfer servers and the latest Bitcoin laundering technique.

Read More - A New Russian APT

Read More
Minecraft Mod Malware
Minecraft Mod Malware

This week on the podcast we cover a supply chain attack of sorts against Minecraft gamers. After that, we cover a vulnerability in MOVEit Transfer that threat actors are exploiting in the wild to steal data and deploy ransomware. Finally, we wne with our review of the latest Verizon Data Breach Investigations Report (DBIR).

Read More - Minecraft Mod Malware

Read More
How Not to Update Software
How Not to Update Software

This week on the podcast, we give a quick update on the latest Volt Typhoon activity before covering a newly for sale EDR bypass tool. After that, we discuss Gigabyte’s decision to rootkit their own motherboards before ending with a new macOS vulnerability.

Read More - How Not to Update Software

Read More
Naming APTs
Naming APTs

This week on the podcast, we cover Microsoft’s latest refresh of naming conventions for advanced persistent threat (APT) actors worldwide, as well as an update on two specific threat actors and their latest tactics. We also cover a ransomware event targeting a biotechnology company with an interesting twist.

Read More - Naming APTs

Read More
TikTok is Banned, Kind Of
TikTok is Banned, Kind Of

This week on the podcast, we cover the recent TikTok ban coming from the state of Montana and discuss whether it was justified and what the potential security impact is. Before that, we give an update on two US Supreme Court cases that were poised to potentially strip away Section 230 protections. We also highlight […]

Read More - TikTok is Banned, Kind Of

Read More
Scratching the Surface of Rhysida Ransomware
Scratching the Surface of Rhysida Ransomware

A few days ago, I was scrolling through Twitter and came across a post by the MalwareHunterTeam briefly discussing a new Ransomware group – Rhysida. A lack of results from a Google search shows this is a newer group prepping to start operations. I grabbed a sample and downloaded it, and the executable confirmed that […]

Read More - Scratching the Surface of Rhysida Ransomware

Read More
An Interview with ChatGPT
An Interview with ChatGPT

This week on the podcast, Marc kick’s Corey off the podcast and interview’s ChatGPT to learn its thoughts on AI applications in cybersecurity, both on offense and defense.

Read More - An Interview with ChatGPT

Read More
Securing Healthcare Tech
Securing Healthcare Tech

This week on the podcast, we cover two new malware research pieces, including the latest evolution of a delivery vehicle as old as time. After that, we cover recent regulations in the healthcare industry that have a chance to push the industry to a more secure future.

Read More - Securing Healthcare Tech

Read More
Rustbuckets and Papercuts
Rustbuckets and Papercuts

This week on the podcast, we cover a recently discovered macOS malware attack that uses a multi-stage delivery mechanism. Before that, we discuss an actively-exploited vulnerability in the print management software PaperCut, as well as an update on the 3CX supply chain attack.

Read More - Rustbuckets and Papercuts

Read More
MSPs Around the World – Americas
MSPs Around the World – Americas

This week’s podcast comes from the WatchGuard Apogee partner conference for the Americas where we bring on special guests Kevin Willette of Verus Corporation and Neil Holme of Impact Business Technology to discuss the challenges and opportunities MSPs and MSSPs will face in the coming years. This is the first of a multipart series where […]

Read More - MSPs Around the World – Americas

Read More
Zero Trust Maturity Model 2.0
Zero Trust Maturity Model 2.0

This week on the podcast, we cover two new publications out of CISA. First, we dive into CISA’s guidance to manufacturers and customers on products that are secure-by-design and secure-by-default. Next, we discuss CISA’s latest Zero Trust Maturity Model which any organization can use to gauge how far along they are on the ZTA path […]

Read More - Zero Trust Maturity Model 2.0

Read More
Cybersecurity News: A Trio of Vulnerabilities, BreachForums Admin Arrested, Hundreds of Ransomware Victims, and The Rise of AI
Cybersecurity News: A Trio of Vulnerabilities, BreachForums Admin Arrested, Hundreds of Ransomware Victims, and The Rise of AI

This post arrives later than usual, but as they say, “Better late than never.” Researchers and the media have highlighted various unique, interesting, or destructive vulnerabilities in the last few weeks. We decided to pick three of these vulnerabilities and talk about them. One was patched with Microsoft’s Patch Tuesday in March; another affects the […]

Read More - Cybersecurity News: A Trio of Vulnerabilities, BreachForums Admin Arrested, Hundreds of Ransomware Victims, and The Rise of AI

Read More
Operation Cookie Monster
Operation Cookie Monster

This week on the podcast, we discuss another cybercrime marketplace takedown dubbed Operation Cookie Monster. After that, we discuss Microsoft’s attempts to limit the distribution of a popular hacking toolkit. Finally, we discuss a recent analysis by Dr. Ken Tindell of Canis Automotive Labs around how criminals were able to steal his friend’s Toyota Rav4. […]

Read More - Operation Cookie Monster

Read More
Another Software Supply Chain Attack
Another Software Supply Chain Attack

This week on The 443, we discuss the latest software supply chain attack with a potential blast radius of thousands of organizations. Then we cover a new protocol vulnerability in the Wi-Fi wireless standard before ending with some research into insecure Microsoft Azure applications.

Read More - Another Software Supply Chain Attack

Read More
3CX Supply Chain Attack
3CX Supply Chain Attack

    3CX created the desktop phone app 3CXDesktopApp and now finds itself in the middle of a supply chain attack. As a recognized company in the softphone space, 3CX provides services to many large companies including Honda, Coca-Cola, BMW, Holiday Inn among others, according to the testimonials on their website. This week though, they […]

Read More - 3CX Supply Chain Attack

Read More
The NSA’s Guidance on Securing Authentication
The NSA’s Guidance on Securing Authentication

This week we have all the acronyms as we cover a joint publication by CISA and the NSA with Identity and Access Management (IAM) best practices. We then cover some new proposed cybersecurity rules out of the Securities and Exchange Commission (SEC) before ending with an FBI takedown of a popular hacking forum.

Read More - The NSA’s Guidance on Securing Authentication

Read More
Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches

It’s Monday, and there’s no better way to start a new week than with some cybersecurity-related news. So, if you need an excuse to procrastinate a bit more, allow us to fill that void. For this iteration, we made a few minor improvements, as always. In addition to the table of contents from last time, […]

Read More - Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches

Read More
An Update on Section 230
An Update on Section 230

  On this week’s episode we look back to our initial monologue on Section 230 protections that allow the social media and the internet as a whole to function. We cap off the episode replay with a new discussion on a recent supreme court case that has the potential to dramatically impact the internet as […]

Read More - An Update on Section 230

Read More
Here Come The Regulations
Here Come The Regulations

  On today’s episode, we cover two new sets of cybersecurity regulations, fresh off the heels of the White House’s National Cybersecurity Strategy publication, targeting different critical infrastructure sectors in the United States. We’ll also cover the latest in nation state activity targeting network connectivity appliances and end with some fun research into an oldie but […]

Read More - Here Come The Regulations

Read More
US National Cybersecurity Strategy
US National Cybersecurity Strategy

This week’s episode is all about the White House’s recently released National Cybersecurity Strategy. We’ll walk through the strategy from top to bottom and discuss the key elements most likely to impact individuals and organizations as well as our overall thoughts on the direction the US Federal Government is planning to take.

Read More - US National Cybersecurity Strategy

Read More
Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!

A new week, a new month, and a new Cybersecurity News post! This iteration contains a whopping eight (8) stories covering the last two to four weeks. Since cybersecurity is a diverse field of assorted specializations, we attempt to match that with various stories touching on all aspects of cybersecurity. This time we cover a […]

Read More - Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!

Read More
Cybersecurity’s Toll on Mental Health
Cybersecurity’s Toll on Mental Health

This week on the episode we have a discussion about stress related issues impacting cybersecurity professionals and ways to combat them. Before that, we cover the latest news including new 0click exploit protection from Samsung, the latest update on GoDaddy’s security woes, and Twitters latest erratic move.

Read More - Cybersecurity’s Toll on Mental Health

Read More
Successfully Prosecuting a Russian Hacker
Successfully Prosecuting a Russian Hacker

In today’s episode, we discuss a recent court case resulting in the succesful conviction of a Russian national tied to breaking in to several publicly traded US companies. We also cover the latest details on the ESXiArgs ransomware attacks that have been impacting organizations globally as well as the latest CISA alert on nation-state ransomware […]

Read More - Successfully Prosecuting a Russian Hacker

Read More
Cybersecurity News: Automated Ransomware Attacks, U.S. No Fly List Leaked, and A.I. Detecting A.I.
Cybersecurity News: Automated Ransomware Attacks, U.S. No Fly List Leaked, and A.I. Detecting A.I.

Welcome to another iteration of Cybersecurity News. The fairly new and unorthodox, semi-monthly news article that highlights a handful of noteworthy cybersecurity-related stories and provides extra references and resources to do further research if you desire. We aim to solidify a more concrete release schedule going forward and will release more information once we have […]

Read More - Cybersecurity News: Automated Ransomware Attacks, U.S. No Fly List Leaked, and A.I. Detecting A.I.

Read More
Live Audience MSP Q&A Panel
Live Audience MSP Q&A Panel

On this week’s very special episode of the podcast, we sit down with Matt Lee, Calvin Engen, and Scott Williamson, three MSP security and business experts for a Q&A panel in front of a live audience! We’ll cover everything from how MSPs and MSSPs should address the cyber threat landscape to what vendors can do […]

Read More - Live Audience MSP Q&A Panel

Read More
A Technical Analysis of ISAACWiper
A Technical Analysis of ISAACWiper

Shortly after Putin launched his “special military operation” in Ukraine on February 24th, 2022, researchers from ESET published information about two novel destructive malware families – HermeticWiper and ISAACWiper. HermeticWiper was part of a three-pronged campaign that included a worm and pseudo-ransomware component known as HermeticWizard and HermeticRansom, respectively. HermeticWiper is the data-wiping component. ISAACWiper, […]

Read More - A Technical Analysis of ISAACWiper

Read More
What is CVSS?
What is CVSS?

This week on the podcast we cover the Common Vulnerability Scoring System (CVSS) including how it works and some of its limitations. Before that though, we discuss a recent survey on the risks of ChatGPT’s usage in cyberattacks and the latest activity from Lazarus, the North Korean government hacking operation.

Read More - What is CVSS?

Read More
CISA Warns of Weaponized RMM Software
CISA Warns of Weaponized RMM Software

On today’s episode, we cover a recent Department of Justice operation that resulted in taking down a major ransomware organization. After that, we cover two recent publications from CISA, the first on malicious use of legitimate RRM software and the second giving guidance to K-12 on how to address cybersecurity concerns.

Read More - CISA Warns of Weaponized RMM Software

Read More
Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Sifting through the most recent cybersecurity-related news may seem daunting, and keeping up with the latest developments is arduous. However, the WatchGuard Threat Lab is happy to filter through the latest cybersecurity news and highlight some stories we believe are important, noteworthy, or interesting. The goal is to focus on a few recent cybersecurity-related stories, […]

Read More - Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Read More
Law Enforcement Infiltrate and Seize Hive Ransomware Operation
Law Enforcement Infiltrate and Seize Hive Ransomware Operation

In a sudden, stunning announcement today, the United States Department of Justice, the FBI, and federal agencies from 13 countries from Europol, announced the seizure of the transnational Hive ransomware operation. The seizure was part of a months-long operation that began in late July 2022 when the FBI infiltrated the Hive network. Deputy Attorney General […]

Read More - Law Enforcement Infiltrate and Seize Hive Ransomware Operation

Read More
Report Roundup
Report Roundup

This week on the podcast, we cover key findings from  three individual reports published last week. In the first report we’ll dive into the world of blockchain analysis looking for illicit transactions. In the second report, we’ll cover the state of SMB security. The final report includes a discussion of overall financial crime involving stolen […]

Read More - Report Roundup

Read More
Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach

Regarding malware, breaches, and the overall threat landscape, 2023 is off to a dynamic start. Malvertising (malicious advertising) continues to be a successful attack vector for hackers, especially from sponsored ads via Google searches. Jon DiMaggio released his long-awaited Ransomware Diary series beginning with the first iteration of the LockBit ransomware group. Also, a new […]

Read More - Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach

Read More
The RCE Vulnerability That Wasn’t
The RCE Vulnerability That Wasn’t

This week on the podcast we cover a recently-disclosed vulnerability in the popular JavaScript library JsonWebToken. After that, we give an update to weaponizing ChatGPT, the currently free Artificial Intelligence chat bot that has made waves since it’s release in November. We round out the episode with a wave farewell to Windows 7 and Windows […]

Read More - The RCE Vulnerability That Wasn’t

Read More
When Trying to Catch ‘Em All, Leave This RAT Alone
When Trying to Catch ‘Em All, Leave This RAT Alone

Recently, researchers have observed threat actors using a website previously associated with the popular AR game, PokemonGo to distribute a remote access trojan (RAT). The method of delivery is a cleverly disguised game installer that includes a copy of the commonly used NetSupport Manager application, which on its own is technically a trusted application. The […]

Read More - When Trying to Catch ‘Em All, Leave This RAT Alone

Read More
Reviving a Dead Botnet
Reviving a Dead Botnet

This week on the podcast we cover a recent analysis by Mandiant on a Russia-based APT using a decade old botnet to deliver new attacks. Before that, we cover an update from LastPass about their most recent breach as well as the 200 million Twitter accounts leaked last week.

Read More - Reviving a Dead Botnet

Read More
Q3 2022 Internet Security Report
Q3 2022 Internet Security Report

This week on the podcast we discuss key findings from the WatchGuard Threat Lab’s Q3 2022 Internet Security Report. We’ll cover everything from the top malware threats to the latest network attack trends targeting small and midsize enterprises globally and give practical defensive tips that anyone can use to keep their organizations safe. [PowerPress]

Read More - Q3 2022 Internet Security Report

Read More
2023 Security Predictions
2023 Security Predictions

It’s that time of year for us to discuss the WatchGuard Threat Lab’s 2023 cyber security predictions! On this episode, we will cover the six predictions plus another two that didn’t make the cut as well as some defensive strategies to try and help stop them from coming true.

Read More - 2023 Security Predictions

Read More
Apple’s New Privacy Expansion
Apple’s New Privacy Expansion

This week on the podcast, we cover Apple’s latest announcement of expanded privacy and security features for their users. Before that, we cover a major breach in the Android ecosystem followed by a new Internet Explorer (yes, that still exists) 0-day vulnerability.

Read More - Apple’s New Privacy Expansion

Read More
Hacking Hyundai
Hacking Hyundai

On this week’s episode, we cover the latest in car hacking, this time involving a vulnerability that could have given remote attackers full control over certain Hyundai models’ doors, lights and engine. After that, we discuss the latest breach impacting a major password management app and how it’s different from previous ones we’ve seen. We […]

Read More - Hacking Hyundai

Read More
CISA Incident Response Learnings
CISA Incident Response Learnings

On today’s episode we cover a pair of alerts from the Cybersecurity Infrastructure and Security Agency (CISA), one detailing the tools, tactics and procedures from a prolific ransomware organization and another walking through a recent incident response engagement CISA completed with a federal agency. Before that though, we learn about what happens when you use […]

Read More - CISA Incident Response Learnings

Read More
Attack Surface Management
Attack Surface Management

This week on the podcast we dive into the world of attack surface management. We discuss what your attack surface is made up of including some areas you may not have thought of and then cover the best ways to reduce and ultimately protect it.

Read More - Attack Surface Management

Read More
Endurance Ransomware Claims Breach of US Federal Government
Endurance Ransomware Claims Breach of US Federal Government

The WatchGuard Security Team spends a lot of time chasing ransomware extortion groups throughout the dark web. So, it only fits that one of the newer ransomware extortion groups is named Endurance Ransomware. It appears this “group” is one individual known as IntelBroker, who has allegedly breached several entities of the US government and two […]

Read More - Endurance Ransomware Claims Breach of US Federal Government

Read More
2022 Cybersecurity Predictions Recap
2022 Cybersecurity Predictions Recap

This week on the podcast we take a look back at our 2022 cybersecurity predictions and give ourselves a grading on how well we did. From cyber insurance to space hacks, we’ll cover each of the 6 predictions we made last December and discuss why we think they did or did not come to fruition. […]

Read More - 2022 Cybersecurity Predictions Recap

Read More
Why OpenSSL Downgraded Their Vulnerability
Why OpenSSL Downgraded Their Vulnerability

On this episode we cover the much anticipated OpenSSL vulnerabilities that were disclosed and patched on November 1st and why the 6 year streak of no critical issues continues. After that, we dive back in to election security and the hacking activity that could have the most impact. We end with an update from Apple […]

Read More - Why OpenSSL Downgraded Their Vulnerability

Read More
CISA’s Cybersecurity Performance Goals
CISA’s Cybersecurity Performance Goals

This week on the podcast we cover CISA’s freshly-released Cybersecurity Performance Goals (CPGs) designed to help smaller organizations bridge the gap between frameworks and practical implementation. After that, we discuss a new bill working its way through the US Senate designed to address open source software security risks. Finally, we end with a research post […]

Read More - CISA’s Cybersecurity Performance Goals

Read More
Ransomware TTPs Deep Dive
Ransomware TTPs Deep Dive

This week on the podcast, we cover another remote code execution vulnerability that looks extremely concerning on the surface but might be less serious in reality. After that, we cover two research articles by Microsoft on ransomware campaigns including defensive takeaways for all organizations.

Read More - Ransomware TTPs Deep Dive

Read More
Cyber Energy Star
Cyber Energy Star

This week on the podcast we cover a proposed program from the White House to create an Energy Star-like label for cybersecurity in consumer products. Before that, we cover two other updates from the federal government including a new open source tool from CISA and the latest reincarnation of Privacy Shield.

Read More - Cyber Energy Star

Read More
Q2 Threats and Guilty CSOs
Q2 Threats and Guilty CSOs

Q2 Threats and Guilty CSOs

This week on the podcast, we focus on highlighting WatchGuard’s Q2 Internet Security Report, covering the latest threat trends and what you can do to avoid them. However, we also pack in our security news segment, with an Optus breach update from an Australian IT and security expert and WatchGuard Partner, the latest on the […]

Read More - Q2 Threats and Guilty CSOs

Read More
Optus Opts Out of PII Protection
Optus Opts Out of PII Protection

This week on the podcast, we cover an Optus data breach that could affect over 10 million Australian customers, and what they should do to protect themselves. We highlight a new malware-as-a-service (MaaS) information stealer that lowers the cost and technical bar for cybercriminals. Finally, we end with some good news about how the FBI […]

Read More - Optus Opts Out of PII Protection

Read More
Two Microsoft Exchange Server Zero-Day Vulnerabilities (aka ProxyNotShell)
Two Microsoft Exchange Server Zero-Day Vulnerabilities (aka ProxyNotShell)

Update 10/6/2022 : Microsoft has released several updates since their post on the “ProxyNotShell” Exchange vulnerabilities.  If you followed their initial mitigation steps, they are not sufficient to block this threat and your Exchange server may remain vulnerable. Security researchers began poking at the initial mitigation recommendations and found ways to bypass their initial detection […]

Read More - Two Microsoft Exchange Server Zero-Day Vulnerabilities (aka ProxyNotShell)

Read More
An Uber Hack
An Uber Hack

The 443 Podcast -An Uber Hack

This week on the podcast, we cover Uber’s most recent security incident and the alleged individual behind it. After that, we dive into the world of gas station operational technology and potential security weaknesses in one tool. Finally, we end with a chat about the FBI CISO Academy and how the FBI as a whole […]

Read More - An Uber Hack

Read More
Are CISOs Legally Accountable for Security?
Are CISOs Legally Accountable for Security?

This week on the podcast we cover a court case that is attempting to hold the ex-CISO of a popular tech company accountable for their actions involving a data breach dating back to 2016. Before that though, we dive in to a novel command and control (C2) method as well as the latest commoditization of […]

Read More - Are CISOs Legally Accountable for Security?

Read More
A Day in the Life of a Malware Analyst
A Day in the Life of a Malware Analyst

This week on the podcast we sit down with Ryan Estes, a malware analyst on  the WatchGauard Threat Lab team, to discuss what it takes to rapidly differentiate malware from goodware. In this interview, we discuss what it takes to get in to malware analytics, popular tools to help with the task, and resources anyone […]

Read More - A Day in the Life of a Malware Analyst

Read More
The Twitter Thing
The Twitter Thing

This week on the podcast, we cover the big whistleblower complaint against Twitter including our hot takes on who to believe. We then cover an FBI alert on evasion techniques cyber criminals are deploying in their authentication attacks before finishing with a highlight of a very convincing phish.

Read More - The Twitter Thing

Read More
2022 Black Hat and Def Con Recap
2022 Black Hat and Def Con Recap

  This week on the podcast we review our time at this year’s Black Hat and Def Con cybersecurity conferences in Las Vegas. We’ll cover how the WatchGuard CTF contest went this year and discuss takeaways from a few of the briefings we attended.

Read More - 2022 Black Hat and Def Con Recap

Read More
Hacker Summer Camp 2022
Hacker Summer Camp 2022

This week on the podcast, we give our preview of the Black Hat and Def Con cybersecurity conferences, aka Hacker Summer Camp. Throughout the episode, we’ll discuss the briefings and panels we’re most excited to see and what we hope to get out of them. If you’re not able to attend either conference in person […]

Read More - Hacker Summer Camp 2022

Read More
Private Sector Offensive Actors
Private Sector Offensive Actors

This week on the podcast we discuss the shifting landscape of phishing attacks in the wake of Microsoft’s efforts to block malicious Office macros. We then cover a private organization that has been found not just selling exploit tools but also participating in offensive cyber operations. We end the episode with a review of IBM […]

Read More - Private Sector Offensive Actors

Read More
USA’s Answer to GDPR
USA’s Answer to GDPR

This week on the podcast, we discuss the current cyber skills gab and a federal program designed to help combat it. After that, we dive in to the American Data Privacy protection Act and what it potentially means if passed by US Congress. We end this week with a quick update on Microsoft’s attempts to […]

Read More - USA’s Answer to GDPR

Read More
Rolling PWN
Rolling PWN

This week on the podcast we cover the latest in car hacking research, this time targeting vulnerabilities in remote keyless entry. We then dive in to Microsoft’s latest research on Adversary in the Middle (AitM) attacks and end with key findings from the latest WatchGuard Threat Lab quarterly Internet Security Report.

Read More - Rolling PWN

Read More
Over a Billion Records Leaked in Shanghai National Police Database Hack
Over a Billion Records Leaked in Shanghai National Police Database Hack

This past week, a hacker by the name of ChinaDan allegedly breached the Shanghai National Police (SHGA) database and has put the nearly 23 TB of data up for sale for 10 bitcoin (BTC), or a little over $200k USD as of this writing. ChinaDan claims the data contains “information on 1 Billion Chinese national […]

Read More - Over a Billion Records Leaked in Shanghai National Police Database Hack

Read More
LockBit Ransomware Group Introduces Bug Bounties and More
LockBit Ransomware Group Introduces Bug Bounties and More

The LockBit ransomware group has unveiled a new website – LockBit 3.0 – to host their ransom extortions and data leaks. The website includes several new features, including an unprecedented bug bounty program to assist the group in securing their site; acceptance of the privacy cryptocurrency, Zcash; and the addition of receiving payments from users […]

Read More - LockBit Ransomware Group Introduces Bug Bounties and More

Read More
Grading Gartner’s Guesses
Grading Gartner’s Guesses

This week on the podcast, we discuss two recent security reports, one on the topic of open source software and the other on “insecure by design” in the Operational Technology (OT) space. We go through the key findings from each report and what our thoughts are on their accuracy within the real world. We end […]

Read More - Grading Gartner’s Guesses

Read More
200th Episode Extravaganza
200th Episode Extravaganza

In celebration of our 200th episode, this week on the podcast we take a look back at the last few years and revisit some of our favorite episodes. Along the way, we’ll give updates on a few of our cybersecurity predictions from years past that took just a little bit longer than anticipated to come […]

Read More - 200th Episode Extravaganza

Read More
Robux Ransomware
Robux Ransomware

This week on the podcast we cover the latest and most bizarre ransomware extortion demand we’ve seen in recent memory. Before that though, we cover the latest updates on nation state hacking activity including threats of escalating attacks leading to physical retaliation.

Read More - Robux Ransomware

Read More
0-Days for Days
0-Days for Days

This week on the podcast we cover two fresh 0-day vulnerabilities, one in Windows and another in Atlassian’s Confluence, both under active exploitation in the wild. Additionally, we cover Costa Rica’s no good, terrible month in Cybersecurity.

Read More - 0-Days for Days

Read More
Package Hijacking
Package Hijacking

This week on the podcast, we discuss the line between ethical security research and malicious activity thanks to a compromised open source software package. After that we cover the latest industry to fall victim to Ransomware and end by highlighting a 0-click vulnerability in Zoom’s message system discovered by Google Project Zero.

Read More - Package Hijacking

Read More
WatchGuard Launches PSIRT Page
WatchGuard Launches PSIRT Page

WatchGuard’s Product Security Incident Response Team (PSIRT) has launched our public PSIRT page to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as well as WatchGuard’s investigations into industry-wide security issues that may impact our products or services. Our PSIRT page also provides information for […]

Read More - WatchGuard Launches PSIRT Page

Read More
Building Security Strategies with Matt Lee
Building Security Strategies with Matt Lee

This week on the podcast we sit down for a chat with Matt Lee, Sr. Director of Security and Compliance at Pax8 and well-known cyber security educator, to discuss security strategies for MSPs and midsize enterprises in the face of a dynamic threat landscape. We cover everything from picking a framework to getting buy in […]

Read More - Building Security Strategies with Matt Lee

Read More
CISA Guidance for MSPs
CISA Guidance for MSPs

195

This week on the podcast we walk through CISA alert AA222-131A which gives bulleted guidance to MSPs and customers of MSPs on how to navigate their relationship security as threats targeting service providers continue to grow. We’ll walk through the list and hit each recommendation and give our own guidance on top of them for […]

Read More - CISA Guidance for MSPs

Read More
The REturn of REvil?
The REturn of REvil?

This week on the podcast we discuss the latest rumblings around the return of the prolific ransomware-as-a-service organization REvil. Before that though, we dive in to the latest tools, tactics and procedures of the Lazarous nation state hacking group as well as a recently discovered form of fileless malware evasion.

Read More - The REturn of REvil?

Read More
Most Exploited Vulnerabilities of 2021
Most Exploited Vulnerabilities of 2021

This week on the podcast, we dive into CISA’s list of the 15 most exploited vulnerabilities in 2021. We’ll walk through each flaw and give a refresher on their history and how attackers have exploited them. After that, we cover the latest ransomware-as-a-service threat that has victimized over 60 organizations worldwide before ending with a […]

Read More - Most Exploited Vulnerabilities of 2021

Read More
Psychic Signatures
Psychic Signatures

This week on the podcast we cover a critical and easily-exploited vulnerability in how some recent versions of Java handle cryptography. We also discuss the latest in a series of alerts from CISA and international intelligence organizations on cyber threats to critical infrastructure. Finally, we end with a condensed overview of the latest internet security […]

Read More - Psychic Signatures

Read More
Hidden Hafnium
Hidden Hafnium

This week on the podcast, we cover the latest evasion and persistence techniques from the state-sponsored threat actors known as Hafnium. Then, we dive into the world of ICS and SCADA devices to discuss the latest joint-agency alert from the US Government. We then round out the episode by highlighting some recent research into spoofing […]

Read More - Hidden Hafnium

Read More
Patch Management Lag
Patch Management Lag

This week on the podcast we discuss one of the most rampant yet easily resolved risks facing many organizations today, not installing vendor-supplied security fixes. We’ll cover some of the reasons why organizations might fall behind on patching as well as the potentially serious consequences. After that, we cover the latest 0-day Chromium vulnerability before […]

Read More - Patch Management Lag

Read More
For the Love of InfoSec, Don’t Over-Expose Administrative Management Portals
For the Love of InfoSec, Don’t Over-Expose Administrative Management Portals

When talking to IT and Security professionals, everyone seems to know they shouldn’t overly-expose management portals. And yet, every year we learn some new statistic showing tens of thousands of devices or software products with management portals exposed on the Internet. In hopes of changing this trend, this article talks about why management portals sometimes […]

Read More - For the Love of InfoSec, Don’t Over-Expose Administrative Management Portals

Read More
The Rise and Fall of Lapsus$
The Rise and Fall of Lapsus$

This week on the podcast we cover the hacking organization Lapsus$ including their tactics, targets, and how they ended up with several members arrested last week. After that, we cover the cyber cold war and threats of Russian revenge attacks against the US energy sector that prompted classified meetings with potentially targeted organizations.

Read More - The Rise and Fall of Lapsus$

Read More
Sharing Cyclops Blink Threat Intelligence with the Community
Sharing Cyclops Blink Threat Intelligence with the Community

At WatchGuard, we understand the importance of sharing threat intelligence with the information security (infosec) community when safe and appropriate. Not only does this information sharing help to directly defend against known threats, but it also helps the community at large learn from the attacks found in the wild, and appropriately adjust detection and defense […]

Read More - Sharing Cyclops Blink Threat Intelligence with the Community

Read More
SATCOM Security
SATCOM Security

This week on the podcast, we cover a CISA alert on securing satellite communications (SATCOM) in the wake of several recent incidents involving providers and networks in eastern Europe. After that, we check in on the TSA’s cybersecurity rules for pipeline distribution networks and how adoption is going so far in the industry.

Read More - SATCOM Security

Read More
US-Backed Cryptocurrency
US-Backed Cryptocurrency

This week on the podcast, we cover last week’s Executive Order from the White House that lays the foundation for a United States Central Bank Digital Currency, or CBDC, and what it means for the future of Cryptocurrency. We also discuss recent research from Mandiant on APT41, a Chinese threat actor that has recently turned […]

Read More - US-Backed Cryptocurrency

Read More
Conti Leaks
Conti Leaks

This week on the podcast we cover the recent leaks highlighting the inner workings of the Conti ransomware group that started with chat logs and grew to entire source code dumps. We then round out the episode by discussing the recent Nvidea breach and how some of the stolen information might fuel future attacks.

Read More - Conti Leaks

Read More
5G Didn’t Break Your Car
5G Didn’t Break Your Car

5G didn’t put malware on these Mazda’s entertainment systems but many Seattle Mazda drivers couldn’t change their radio station after turning it to the local NPR station, KUOW. As one reddit user put it, “the whole audio system and Bluetooth just keeps trying to reboot.” Some users also reported they couldn’t use their backup cameras. […]

Read More - 5G Didn’t Break Your Car

Read More
Rewind: Can We Trust Facial Recognition
Rewind: Can We Trust Facial Recognition

This week on the podcast we dig back into our archives for an episode that originally aired back in July 2020 where we discussed one of our analysts first-hand research into facial recognition biases.

Read More - Rewind: Can We Trust Facial Recognition

Read More
SpoolFool: Windows Print Spooler Fooled Again
SpoolFool: Windows Print Spooler Fooled Again

Microsoft’s monthly Patch Tuesday already occurred this month, so you know what that means – more disclosed vulnerabilities. This iteration of patches included fixes for a combined 70 vulnerabilities, including one zero-day. Thankfully, none of these fall into Microsoft’s “critical” category. However, there are four Elevation of Privilege vulnerabilities targeting the Windows Print Spooler service […]

Read More - SpoolFool: Windows Print Spooler Fooled Again

Read More
BGP-Powered Crypto Theft
BGP-Powered Crypto Theft

This week on the podcast we cover a cryptocurrency heist that abused the backbone of the internet to steal millions of dollars of coins. In related news, we also cover the FBI’s new Virtual Asset Exploitation Team and their focus on tracking cryptocurrency-related cybercrime as well as a recent alert on business email compromise from […]

Read More - BGP-Powered Crypto Theft

Read More
Russia, Fighters of Cybercrime?
Russia, Fighters of Cybercrime?

This week on the podcast we cover Russia’s latest crackdown on cybercriminals within their borders and try to answer the “why now?” question. We also discuss a multi-billion dollar cryptocurrency recovery by the US Justice Department including the arrest of two New Yorkers allegedly responsible for the 2016 Bitfinex hack.

Read More - Russia, Fighters of Cybercrime?

Read More
New Oski Stealer Variant, “Mars Stealer”, Targets Credentials, Crypto, and 2FA
New Oski Stealer Variant, “Mars Stealer”, Targets Credentials, Crypto, and 2FA

In early 2020, during the emergence of the COVID-19 pandemic, researchers discovered a novel malware named Oski Stealer, capable of stealing browser data such as cookies, history, payment information, and autofill information, as well as cryptocurrency wallets, login credentials of applications, and Authy 2FA information. It can also take screenshots of your desktop and perform […]

Read More - New Oski Stealer Variant, “Mars Stealer”, Targets Credentials, Crypto, and 2FA

Read More
Face Recognition and Privacy Concerns Works Its Way Into Taxes
Face Recognition and Privacy Concerns Works Its Way Into Taxes

taxes paperwork

The US IRS has plans to use a 3rd party identification system to prevent tax-related identity theft. The IRS plans to contract with ID.me to identify people using, among other factors, face recognition. James Hendler, professor of Computer, Web and Cognitive Sciences, wrote about some issues with the IRS’s plan. How will the data be […]

Read More - Face Recognition and Privacy Concerns Works Its Way Into Taxes

Read More
Hacking Back at North Korea
Hacking Back at North Korea

This week on the podcast, we cover the heist of $322 million in cryptocurrency from the distributed exchange Wormhole, including a long discussion on the why it feels like cryptocurrency is still the wild west of technology. After that, give an update on our brief mention in last week’s episode about North Korea’s internet seemingly […]

Read More - Hacking Back at North Korea

Read More
The Pwnkit Problem
The Pwnkit Problem

This week on the podcast, we cover Pwnkit, a privilege escalation vulnerability impacting almost every modern Linux release worldwide. We also dive in to the world of macOS malware with DazzleSpy, a remote a remote access trojan targeting Hong Kong pro-democracy advocates. Finally, we end with an update on North Korea’s Lazarus APT and their […]

Read More - The Pwnkit Problem

Read More
Q3 2021 Internet Security Report
Q3 2021 Internet Security Report

This week on the podcast we discuss the latest Internet Security Report from the WatchGuard Threat Lab. Built with threat intelligence gathered from tens of thousands of Firebox UTM appliances that have opted-in to sharing data, the quarterly report lets us talk about the latest malware and attack trends targeting organizations globally. On this episode, […]

Read More - Q3 2021 Internet Security Report

Read More
Log4j Becomes The Highest Detected Vulnerability Days After Release
Log4j Becomes The Highest Detected Vulnerability Days After Release

Log4Shell attacks have spread throughout the Internet due to the ease with which attackers can perform them. The WatchGuard Threat Lab sees a sample of these attacks from our customers’ perspectives when they opt to provide anonymized threat intelligence data from their Fireboxes. This limited data, along with our analysis, gives us a unique opportunity […]

Read More - Log4j Becomes The Highest Detected Vulnerability Days After Release

Read More
The Death of the Carding Marketplace
The Death of the Carding Marketplace

This week on the podcast we give a quick update to the Log4Shell saga after the researchers detected the first significant campaign that uses the critical vulnerability. After that, we dive in to the world of carding marketplaces where cybercriminals buy and sell stolen credit card information and discuss possible reasons for why these marketplaces […]

Read More - The Death of the Carding Marketplace

Read More
Is Cybersecurity Vocational?
Is Cybersecurity Vocational?

This week on the podcast we give an update on log4j2 and it’s most recently-disclosed vulnerabilities before covering a recent report on credential stuffing by the New York Attorney General. Then, we discuss this recent article in DarkReading on whether or not cybersecurity jobs should be considered professional or vocational.

Read More - Is Cybersecurity Vocational?

Read More
HP iLO and the Newly Discovered iLOBleed Rootkit
HP iLO and the Newly Discovered iLOBleed Rootkit

Iranian researchers at Amnpardaz security firm have discovered rootkits in HPs iLO (Integrated Lights-Out) management modules. These optional chips are added to servers for remote management and grant full high-level access to the system. This includes the ability to turn the server on and off, configure hardware and firmware settings, and additional administrator functions. The […]

Read More - HP iLO and the Newly Discovered iLOBleed Rootkit

Read More
Post-Purchase Monetization of the TV and Your Diminishing Privacy
Post-Purchase Monetization of the TV and Your Diminishing Privacy

The internet came by storm. Yes, for years it wasn’t accessible to the major populace, but over time it found its way into the office, school, home, and now more specifically into the living room. With the evolution of the internet came few rules. In came the market makers who began to define basic expectations […]

Read More - Post-Purchase Monetization of the TV and Your Diminishing Privacy

Read More
Give Us Your SSN, Your Email Password, and Your Dream Job
Give Us Your SSN, Your Email Password, and Your Dream Job

Every so often, there is a phish that stands out because of its brazenness. Today, we came across a bank phish that requested a few verification details: Username and Password Social Security Number Email address and email password used for 2-Step verification Security Questions: What was your dream job as a child? Who is your […]

Read More - Give Us Your SSN, Your Email Password, and Your Dream Job

Read More
Active Compromises of vCenter Using The Log4J Vulnerability
Active Compromises of vCenter Using The Log4J Vulnerability

Much of what we see exploiting the log4j2 vulnerability, CVE-2021-44228, appears like a scan for the vulnerability, not necessarily exploitation. However, our own honey pot https://github.com/WatchGuard-Threat-Lab/log4shell-iocs has seen activity from this exploit to install coin miners. In one of the first targeted cases for this vulnerability, a ransomware gang have exploited VMware vCenter with Conti […]

Read More - Active Compromises of vCenter Using The Log4J Vulnerability

Read More
Log4Shell Deep Dive
Log4Shell Deep Dive

This week we take a deep dive into CVE-2021-44228, better known as Log4Shell, a critical vulnerability in the massively popular log4j2 logging library for Java applications. We discuss how the flaw came about, how it works, and why this specific issue has the potential to cause lasting headaches for the security industry for years to […]

Read More - Log4Shell Deep Dive

Read More
Bluetooth Is Safe Enough For You
Bluetooth Is Safe Enough For You

Politico published a short piece about Kamala Harris’s hesitancy with Bluetooth devices. They considered this a bit amusing, perhaps considering her paranoid based on their tone. While the article’s content was light, it did discuss some important security concerns that any Jane Doe might care about. Besides Kamala Harris opting for wired headphones instead of […]

Read More - Bluetooth Is Safe Enough For You

Read More
Our 2022 Security Predictions
Our 2022 Security Predictions

As we move in to the end of the year it’s time for us to discuss WatchGuard Threat Lab’s 2022 cybersecurity predictions. While many of our predictions tend to come off as extreme, they’re all grounded in the trends that we’ve been following and what we expect to see continue into the coming year. If […]

Read More - Our 2022 Security Predictions

Read More
Critical RCE Vulnerability in Log4J2
Critical RCE Vulnerability in Log4J2

[Updated 13-12-2021: Additional information for WatchGuard customers] On Thursday, security researchers disclosed a critical, unauthenticated remote code execution (RCE) vulnerability in log4j2, a popular and widely used logging library for java applications. CVE-2021-44228 is a full 10.0 on the CVSS vulnerability scoring system due to a combination of how trivial the exploit is and damaging […]

Read More - Critical RCE Vulnerability in Log4J2

Read More
2021 Security Predictions Grading
2021 Security Predictions Grading

Its getting to be the end of the year which means its time to take a look back at WatchGuard Threat Lab’s 2021 security predictions and give ourselves a grading on how well we did! On this episode, we’ll go through our 8 predictions for 2021, recap the trends that fueled them, and discuss either […]

Read More - 2021 Security Predictions Grading

Read More
Dangers of Bicubic Interpolation In Pictures
Dangers of Bicubic Interpolation In Pictures

We have seen interpolation in the news concerning a recent court case. Here we cover what interpolation does to an image, not only because of the recent news but also because face recognition uses interpolation to better recognize a face – something we have covered in the past.   Interpolation means to take pixels in an image and calculate what their […]

Read More - Dangers of Bicubic Interpolation In Pictures

Read More
CISA Alert Tips Off Adversaries
CISA Alert Tips Off Adversaries

This week on the podcast we discuss how a recent CISA alert on specific threat actor activity tipped off a separate adversary, leading to a new wave of attacks against vulnerable systems across multiple industries. We also cover the latest US and international law enforcement crackdowns on ransomware operators as well as a breakthrough on […]

Read More - CISA Alert Tips Off Adversaries

Read More
The Evolution of Phishing: A WatchGuard Real-World Example
The Evolution of Phishing: A WatchGuard Real-World Example

Phishing is a type of social engineering attack where threat actors attempt to trick users into providing sensitive information via email. Typically, this involves creating a phishing campaign where threat actors will send the same phishing email to a large batch of recipients in an attempt to trick at least a small subset of these […]

Read More - The Evolution of Phishing: A WatchGuard Real-World Example

Read More
Trojan Source
Trojan Source

On this week’s episode of the podcast, we cover a newly discovered method for hiding malicious source code in plain sight, CISA’s new Known Exploited Vulnerabilities Catalog, and action from the US Department of Commerce on the Pegasus spyware manufacturer NSO Group.

Read More - Trojan Source

Read More
Face Recognition Removed from Facebook But Added to Metaverse
Face Recognition Removed from Facebook But Added to Metaverse

Facebook’s face recognition has one of the largest training databases in the world, built from photos that users have uploaded since Facebook’s inception, but that database’s time may be coming to an end. In a blog post on Facebook they recently announced that they are going to remove the controversial face recognition technology from Facebook.  “We’re shutting down the Face Recognition system […]

Read More - Face Recognition Removed from Facebook But Added to Metaverse

Read More
The Security Conscious NRA Breached by Russian Hacking Group
The Security Conscious NRA Breached by Russian Hacking Group

The NRA has found itself in the middle of a potential breach and ransomware attack. This happened last week after the Russian hacking group Greif reportedly gained access. Greif has close ties to Evil Corp (another advanced hacking group currently sanctioned by the US) or may even just be the same group rebranded. Grief posted […]

Read More - The Security Conscious NRA Breached by Russian Hacking Group

Read More
Stealing Make-believe Money
Stealing Make-believe Money

This week on the podcast, we cover a heist of over $130 million worth of cryptocurrency from a distributed financial (DeFi) organization and have an in depth discussion on why cryptocurrency-related platforms continue to suffer substantial breaches. Before that though, we cover an apparent ransomware attack against the National Rifle Association and an FBI raid […]

Read More - Stealing Make-believe Money

Read More
Nobelium Threat Group Sets Sights on IT Providers
Nobelium Threat Group Sets Sights on IT Providers

The Microsoft Threat Intelligence Center (MSTIC) detected attacks by the Nobelium group targeting IT services providers. The intent was to “gain access to downstream customers” such as Cloud Service Providers (CSP) and Managed Service Providers (MSP). If the Nobelium name sounds familiar, it’s because they were the threat actor behind the 2020 SolarWinds compromise. MSTIC […]

Read More - Nobelium Threat Group Sets Sights on IT Providers

Read More
China Linked Hacking Group Compromises 13 Telcos
China Linked Hacking Group Compromises 13 Telcos

Many cellular network protocols don’t have clear documentation explaining them, especially when it comes to the proprietary protocols used by 4G and 5G networks. This makes them difficult to understand by the average person, but also potentially vulnerable to anyone willing to take the time to research them and find issues. We haven’t yet seen attacks […]

Read More - China Linked Hacking Group Compromises 13 Telcos

Read More
Schrödinger’s REvil
Schrödinger’s REvil

171

This week on the podcast, we cover the latest news on REvil, the ransomware-as-a-service organization responsible for the Kaseya attack earlier this year among many others. After that, we cover an update from the US Commerce Department on new export rules around selling hacking tools outside of the United States, nearly 6 years after the […]

Read More - Schrödinger’s REvil

Read More
InfoSec News From Last Week October 25th, 2021
InfoSec News From Last Week October 25th, 2021

  Exploit Broker Zerodium Increasing Focus on VPNs The exploit broker Zerodium announced they are seeking exploits for ExpressVPN, NordVPN, and Surfshark VPNs. VPNs are becoming a more lucrative target.  Zerodium’s announcement has brought attention to that. Many use VPNs because they believe it protects their privacy. However, it also puts the responsibility of that […]

Read More - InfoSec News From Last Week October 25th, 2021

Read More
US Government Sets Rules for Hacking Tool Exports
US Government Sets Rules for Hacking Tool Exports

The US Department of Commerce announced export controls on hacking tools used for surveillance. The aim is to curb access to authoritarian governments who have been identified for human rights violations and abuses. Any companies who intend to sell their wares abroad will need to acquire a License Exception Authorized Cybersecurity Exports (ACE). An additional […]

Read More - US Government Sets Rules for Hacking Tool Exports

Read More
InfoSec News From Last Week October 18th, 2021
InfoSec News From Last Week October 18th, 2021

Azure, BitBucket, GitHub, and GitLab revoke SSH Keys After GitKraken Vulnerability Git software client GitKraken disclosed an SSH key generation flaw in a post this past Monday. The flaw was discovered in versions 7.6.x, 7.7.x, and 8.0.0 for releases available between mid-May to late-June this year. GitKraken uses the library keypair to generate SSH keys […]

Read More - InfoSec News From Last Week October 18th, 2021

Read More
VirusTotal Global Ransomware Report
VirusTotal Global Ransomware Report

This week on the podcast we cover VirusTotal’s first ever global ransomware report which analyzes ransomware trends over the last year from the unique position of the world’s largest malware intelligence platform. Before that though, we cover another APT group with a ridiculous name found exploiting a zero-day vulnerability in Windows.

Read More - VirusTotal Global Ransomware Report

Read More
HTML Basics That We Often Miss
HTML Basics That We Often Miss

  By now you have probably heard of Missouri governor Mike Parson tweet threatening to prosecute a journalist for responsibly disclosing a data breach. If you missed it though, according to the tweet and the governor’s ensuing press conference, a journalist from the St. Louis Post-Dispatch found teachers’ SSNs embedded in a public web page […]

Read More - HTML Basics That We Often Miss

Read More
The SMS Breach You Didn’t Hear About
The SMS Breach You Didn’t Hear About

This week on the podcast we discuss a breach that lasted over 5 years involving a company responsible for routing SMS messages for 95 of the top 100 mobile carriers in the world. Before that though, we’ll cover the recent Facebook downtime incident as well as the seemingly total compromise of the video game streaming […]

Read More - The SMS Breach You Didn’t Hear About

Read More
InfoSec News Weekly Wrap-Up October 8th, 2021
InfoSec News Weekly Wrap-Up October 8th, 2021

SMS Routing Company Syniverse Discloses Breach Spanning 5 Years Syniverse claims to be “the world’s most connected company” serving so many large telecommunication companies that it should be assumed that your provider is one of their customers. Their reach is significant, acting as the intermediary for text messages between carriers and routing calls between networks. […]

Read More - InfoSec News Weekly Wrap-Up October 8th, 2021

Read More
US Agencies Have Been Busy
US Agencies Have Been Busy

U.S. Agencies have been making headlines recently for a lot of their new cyber related regulations. The following are several noteworthy of examples of what they have been up to. The Federal Communications Commission (FCC) and Robocalls The FCC expects phone carriers to block illegal robocalls from providers not yet registered with the Robocall Mitigation […]

Read More - US Agencies Have Been Busy

Read More
How SMBs Deal With An Uptick in Breaches
How SMBs Deal With An Uptick in Breaches

A recent survey of 700 SMBs (small and medium businesses) by Untangle shows an increase in cybersecurity budgets and awareness. While some companies still have users working remotely, 50% of respondents have moved back into the office or at least some form of hybrid work environment. Most companies – 64% – see breaches as the […]

Read More - How SMBs Deal With An Uptick in Breaches

Read More
Twitch Affected by Large Data Leak
Twitch Affected by Large Data Leak

  Update 1: Twitch believes login credentials have not been exposed (October 7th, 2021): Twitch posted a statement on their blog that, “At this time, we have no indication that login credentials have been exposed.” Additionally, as credit card details are not stored by Twitch, they have ruled out exposure. We recommend changing your password […]

Read More - Twitch Affected by Large Data Leak

Read More
To Not Share is To Care
To Not Share is To Care

October is Cybersecurity (or, for the less civilized, ‘cyber security’) Awareness Month. Every October, CISA hosts security awareness presentations. Additionally, Cybersecurity Awareness month means an increase in jaded by posts by InfoSec professionals on Twitter and emails from corporate reiterating security basics. There are plenty of positives to be found. Individuals are increasingly familiar with […]

Read More - To Not Share is To Care

Read More
Q2 2021 Internet Security Report
Q2 2021 Internet Security Report

This week on the podcast we cover the latest quarterly Internet Security Report from the WatchGuard Threat Lab. We’ll go over the latest attack trends and key findings from Q2 2021 as well as defensive tips for keeping your systems safe from the latest threat landscape.

Read More - Q2 2021 Internet Security Report

Read More
FBIs Botched Plan to Catch REvil Cost Victims Millions
FBIs Botched Plan to Catch REvil Cost Victims Millions

Earlier this year Kaseya, who provides IT management software to service providers that support tens of thousands of organizations from schools to hospitals, was involved in a ransomware attack fueled by a compromise of their VSA Remote Monitoring and Management (RMM) software. While the ransomware only impacted a small percentage of their customer base, thousands […]

Read More - FBIs Botched Plan to Catch REvil Cost Victims Millions

Read More
Half of Respondents Admitted to Sharing Their Passwords
Half of Respondents Admitted to Sharing Their Passwords

  We often write about passwords and password policies from the IT/security administrator side, usually after a password becomes compromised. We recently found a survey that looked at compromised passwords from the user’s side to better understand how users feel about them. The survey shows a few key points that shed light on the social […]

Read More - Half of Respondents Admitted to Sharing Their Passwords

Read More
Kaseya’s Trusted Third Party
Kaseya’s Trusted Third Party

This week on the podcast we discuss the recently disclosed identify of the”Trusted Third Party” that Kaseya acquired the REvil ransomware master decryption key from, as well as the morals around a decision to hold on to the decryption key for multiple weeks before handing it off to Kaseya. We then cover a new APT […]

Read More - Kaseya’s Trusted Third Party

Read More
OMIGOD!
OMIGOD!

This week on the podcast we discuss the recently patched zero-click vulnerability in iOS, macOS and WatchOS that researchers at TheCitizen Lab discovered while investigating NSO Group’s Pegasus spyware. After that, we cover a vulnerability in the OMI Agent that comes automatically installed on all Azure Linux virtual machines. We finish by covering Microsoft’s latest […]

Read More - OMIGOD!

Read More
OWASP Update
OWASP Update

This week on the podcast we discuss the first update to the OWASP Top 10 since 2017. OWASP servers as an excellent resource for improving web application security so we’re excited to run through the latest refresh of their top security weaknesses. We also discuss phishing attacks that abuse Internationalized Domain Names (IDNs) in emails […]

Read More - OWASP Update

Read More
Azure Linux VMs Vulnerable Due to Pre-Installed Agents
Azure Linux VMs Vulnerable Due to Pre-Installed Agents

Update 1:  OMI agent is not installed on Azure FireboxV/Cloud instances (September 17th, 2021): We reviewed our FireboxV/Cloud instance for Azure and confirmed that the OMI agent cannot be installed on the image. We recommend reviewing the additional guidance Microsoft published on September 16th, 2021 for securing the OMI affected resources/tools. Original Post (September 16th, […]

Read More - Azure Linux VMs Vulnerable Due to Pre-Installed Agents

Read More
ProxyWare
ProxyWare

This week on the podcast we cover ProxyWare, a form of malware that monetizes your internet access for the benefit of the attacker. After that, we discuss ChaosDB, a vulnerability that could have enabled any Azure user to gain full access to any other user’s CosmosDB instance. Finally, we end with a discussion of location […]

Read More - ProxyWare

Read More
Stop Following Me – Rewind
Stop Following Me – Rewind

163

This week on the podcast we dig back in the archives to 2019 where we discussed how web servers manage to track users across sites using browser fingerprinting methods. Even though some improvements like removing third-party cookies have been made to limit tracking, plenty of additional fingerprinting options still remain.

Read More - Stop Following Me – Rewind

Read More
PolyNetwork Heist
PolyNetwork Heist

162 PolyNetwork

This week on the podcast we cover one of the largest cryptocurrency heists in history, with a surprising twist of an ending! Before that we’ll chat about the latest T-Mobile data breach and what we can learn about protecting user identity. We end the episode with a discussion about one of the latest episodes of […]

Read More - PolyNetwork Heist

Read More
Mobile Carriers Leak 123 million Customer Records in One Week
Mobile Carriers Leak 123 million Customer Records in One Week

Over the last week we saw 70 million AT&T customers and 53 million T-Mobile customers have their personal data leaked to hackers. While we didn’t find any connections between these two breaches the timing of the incidents  is strange. AT&T has so far denied the breach involving their customers. While we don’t have confirmation from […]

Read More - Mobile Carriers Leak 123 million Customer Records in One Week

Read More
DEF CON 29 Recap
DEF CON 29 Recap

This week on the podcast we chat about a few of our favorite presentations from the 2021 edition of the DEF CON security conference out of Las Vegas. If haven’t checked them out yourself, visit the DEF CON YouTube channel or media.defcon.org to view this year’s and all previous year’s content.

Read More - DEF CON 29 Recap

Read More
Supply Chain Attacks Through an IDE
Supply Chain Attacks Through an IDE

David Dworken, a Google security researcher, presented a recent Defcon talk about how he found over 30 vulnerabilities in various Integrated Development Environments (IDEs) over the course of a few months of research.  Many believe that source code on its own is benign as long as you don’t compile and run it, but as Dworken proved, simply loading code into an IDE can cause infections. A popular example of this comes from […]

Read More - Supply Chain Attacks Through an IDE

Read More
ProxyShell, Exchange Servers Under Attack Again
ProxyShell, Exchange Servers Under Attack Again

With the 2021 editions of the BlackHat and DEF CON security conferences all wrapped up, one of the presentation that made the biggest waves was the latest research from Orange Tsai of Devcore Security Consulting. Tsai was the researcher responsible for identifying and disclosing CVE-2021-26855, better known as ProxyLogon, to Microsoft back in January 2021, […]

Read More - ProxyShell, Exchange Servers Under Attack Again

Read More
Bad BGP
Bad BGP

160 bad bgp

This week on the podcast, we chat about a recent report from Qrator that highlights some of the massive weaknesses in the backbone of the internet. After that, we discuss a recent research blog post from Yan (@bcrypt) showing her work in finding a CSRF flaw in OK Cupid that bypassed Cross-Origin Resource Sharing (CORS) […]

Read More - Bad BGP

Read More
Defcon Talk Timeless-Timing-Attacks
Defcon Talk Timeless-Timing-Attacks

Cyber security breach concept

  A recent Defcon talk by Tom Van Goethem and Mathy Vanhoef, “Timeless Timing Attacks” made significant progress on ways to create timing attacks over a network. Timing attacks work by extracting data form devices based on how long it takes to respond. To successfully run a timing attack, the attacker usually must be directly […]

Read More - Defcon Talk Timeless-Timing-Attacks

Read More
What Is Zero-Trust Security?
What Is Zero-Trust Security?

159 zero trust

This week on the podcast we talk Zero-Trust. What is it? How do you implement it? And why should all IT professionals work towards updating their networks to this security architecture? We’ll answer all that and more after a quick Kaseya update and a security memorandum from the White House.

Read More - What Is Zero-Trust Security?

Read More
What to Make of the Biden Administration’s New ICS Cybersecurity Initiative
What to Make of the Biden Administration’s New ICS Cybersecurity Initiative

Yesterday, the Biden Administration unveiled a new initiative to help improve the cybersecurity stance of the industrial control systems (ICS) that manage the nation’s critical infrastructure. As recent events (like the Colonial Pipeline ransomware incident) have shown, disruptions to critical infrastructure can have serious, potentially even fatal consequences. In short, this is a very real need and […]

Read More - What to Make of the Biden Administration’s New ICS Cybersecurity Initiative

Read More
Why So SeriousSAM
Why So SeriousSAM

158 Serious SAM

This week on the podcast we cover the latest Microsoft Windows privilege escalation vulnerability, SeriousSAM aka HaveNightmare. Before that, we discuss NSO Group and their spyware software known as Pegasus and whether private organizations should be allowed to market and sell spyware to government agencies.

Read More - Why So SeriousSAM

Read More
Section 230 – Rewind
Section 230 – Rewind

157 section 230 rewind

With the White House announcing this month that it plans to investigate potential changes to Section 230, the safe harbor laws that enable websites to moderate content without risk of liability for content they fail to remove, we wanted to bring back an episode from last year where we discuss exactly what these laws are […]

Read More - Section 230 – Rewind

Read More
REvil Hasn’t Gone Anywhere (Probably)
REvil Hasn’t Gone Anywhere (Probably)

Many of the recent high-profile ransomware attacks like those against Acer, JBS and more recently, customers of Kaseya, have been the work of the ransomware as a service group REvil. After the most recent attack that exploited multiple zero-day vulnerabilities in Kaseya’s VSA software and left thousands of organizations encrypted, REvil appears to have gone […]

Read More - REvil Hasn’t Gone Anywhere (Probably)

Read More
The PrintNightmare Saga Continues to Frustrate System Administrators
The PrintNightmare Saga Continues to Frustrate System Administrators

Nightmare

  Update 1: Third PrintNightmare CVE published (July 16th, 2021): Microsoft published CVE-2021-34481 on July 15th for a local privilege escalation vulnerability. The third Print Spooler service vulnerability is considered separate from PrintNightmare (CVE-2021-34527), but it is still within a similar sphere of printer driver vulnerabilities. Gentilkiwi, the author of the Mimikatz utility, posted a […]

Read More - The PrintNightmare Saga Continues to Frustrate System Administrators

Read More
Kaseya & PrintNightmare
Kaseya & PrintNightmare

156 Print Nightmare

This week on the podcast we cover the Kaseya mass ransomware incident from July 7. While the event is still ongoing, we already have evidence for how the attack occurred and exactly what the threat actors did on affected endpoints. In this episode we dive in to the details around the incident and defensive tips […]

Read More - Kaseya & PrintNightmare

Read More
A Market for Lemons?
A Market for Lemons?

155 market for lemons

We recorded this episode before news of the massive attack against Kasaye users broke on Friday. Suffice to say, next week’s episode will give a full debrief of the incident including how it happened, who it affected, and what all MSPs can learn from it. In the meantime, check out Corey’s post on the Kaseya […]

Read More - A Market for Lemons?

Read More
Breaking Alert: MSP Targeted Ransomware Attack (Kaseya Supply Chain Attack)
Breaking Alert: MSP Targeted Ransomware Attack (Kaseya Supply Chain Attack)

Managed Service Providers (MSPs), especially ones using Kaseya VSA, should read this and take action as soon as possible. High-level Summary: On Friday, July 2, some MSPs using the on-premises version of Kaseya VSA suffered ransomware attacks that trickled down to their customers. Kaseya says around 1500 companies (so far), many customers of MSPs, have […]

Read More - Breaking Alert: MSP Targeted Ransomware Attack (Kaseya Supply Chain Attack)

Read More
Q1 2021 Internet Security Report
Q1 2021 Internet Security Report

Its that time of year again! This week on the podcast, we cover the latest internet security report from the WatchGuard Threat Lab. We’ll go over the latest trends in malware and network attacks targeting WatchGaurd customer networks through the first quarter of the year, as well as defensive tips for all organizations.

Read More - Q1 2021 Internet Security Report

Read More
AutoIt Malware: To obfuscate, or not to obfuscate
AutoIt Malware: To obfuscate, or not to obfuscate

What is malware? Its goal is to bypass computer defenses, infect a target, and often remain on the system if possible. A variety of evasion techniques depend on a mix between the skill of the author and the defenses of the intended victim. One of the most widely used tactics in malware is obfuscation. Obfuscation […]

Read More - AutoIt Malware: To obfuscate, or not to obfuscate

Read More
Python Modules: Not As Safe As You Think
Python Modules: Not As Safe As You Think

  We normally think of malware and threats coming from executables, packages, and scripts. Researchers recently found a supply chain attack using a different method. Programs use Python scripts to manage and run services. You especially see this in Unix-based operating systems. When it comes to security many professionals use Python to automate tasks. Because […]

Read More - Python Modules: Not As Safe As You Think

Read More
Domain Parking, PUPs, and Annoying Push Notifications
Domain Parking, PUPs, and Annoying Push Notifications

It has been 11 years since the Google Doodle Pac-Man game was published. Many of us may remember this Google Doodle as it was the first interactive Google Doodle made. Unfortunately, like many fun things, there are those who see opportunity and take advantage of that. We recently noticed DNSWatch traffic blocking googlepacman[.]net. After some […]

Read More - Domain Parking, PUPs, and Annoying Push Notifications

Read More
Dark Web Bake Sale
Dark Web Bake Sale

  This week on the podcast we discuss an often overlooked item for sale on underground forums, authentication cookies. Before that though, we’ll cover a few surprising stats from a  recent ransomware study by Cybereason and an update from NATO on cyber warfare.

Read More - Dark Web Bake Sale

Read More
Anom
Anom

This week on the podcast, we discuss operation Trojan Shield, a multi-year program where the FBI in partnership with international law enforcement agencies developed and distributed an encrypted communications application on the underground that gave them full access into criminal messages. We’ll also cover the latest news from the recent Colonial Pipeline and JBS ransomware […]

Read More - Anom

Read More
Law Enforcement Agencies Went the Extra Mile with An0m
Law Enforcement Agencies Went the Extra Mile with An0m

In an operation headed by the US Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP), international law enforcement agencies managed to gather 27 million encrypted messages used for criminal communications, through an elaborate operation that involved development and distribution of a custom communications application for  modified phones. Unsurprisingly, organized crime groups take extraordinary […]

Read More - Law Enforcement Agencies Went the Extra Mile with An0m

Read More
FIFA 21 Source Code Leak From Member of Reemerging Hacking Group
FIFA 21 Source Code Leak From Member of Reemerging Hacking Group

A KickAss hacking group member (not the Torrent group) who goes by Leakbook claims to have the full FIFA 21 source code, which they have listed for sale on a popular hacking forum. In addition to the FIFA 21 source code they also claim to have access to the matchmaking servers, Frostbite source code, private […]

Read More - FIFA 21 Source Code Leak From Member of Reemerging Hacking Group

Read More
Atomic Flashcards
Atomic Flashcards

151 atomic flashcards

This week on the podcast, we take a look at how soldiers unknowingly leaked highly-sensitive information about the United States’ foreign nuclear arsenal and discuss how we can reprogram humans to not make similar mistakes. We also cover the latest major ransomware incident targeting manufacturing and industrial control, a damning privacy admission from Google’s own […]

Read More - Atomic Flashcards

Read More
“The Biggest Cyber Attack In New Zealand’s History”
“The Biggest Cyber Attack In New Zealand’s History”

A large cyber attack has caused chaos in the New Zealand healthcare system over the past few weeks. Multiple hospitals in New Zealand became crippled due to locked phone lines and computers from a large ransomware attack. Though the ransom note didn’t contain a dollar amount the note indicates a “ransomware event” according to the […]

Read More - “The Biggest Cyber Attack In New Zealand’s History”

Read More
WiFi FragAttacks
WiFi FragAttacks

WiFi Lock

A few years ago, in 2017, researchers Mathy Vanhoef and Frank Piessens published a whitepaper showcasing serious vulnerabilities within practically all modern protected Wi-Fi networks. The vulnerabilities lie within the Wi-Fi standard itself and are exploited using Key Reinstallation Attacks (KRACKs). These attacks primarily target the 4-way handshake of the WPA2 protocol – the current […]

Read More - WiFi FragAttacks

Read More
An Epic Battle
An Epic Battle

149 An Epic Battle

This week on the podcast we cover an epic battle between a video game giant and a tech behemoth that has the potential to change mobile security forever. After that, we cover updates to several recent security events including the SolarWinds breach, the attempted poisoning of the Oldsmar, FL water supply, and the ransomware attack […]

Read More - An Epic Battle

Read More
Oil for Ransom
Oil for Ransom

148 oil for ransom

This week on the podcast we cover the ransomware attack against Colonial Pipeline which left the east coast of the United States in fear of gas shortages for more than a week. We’ll discuss the threat actors behind it, how they possibly got in, and what the response was from Colonial and the United States […]

Read More - Oil for Ransom

Read More
Biden Orders Massive Overhaul of Federal Agency Security
Biden Orders Massive Overhaul of Federal Agency Security

cyber war

In response to recent cybersecurity incidences like the SolarWinds breach, Microsoft Exchange Server vulnerabilities, and the Colonial Pipeline ransomware attack, President Biden signed an executive order to increase the cybersecurity stance of the federal government and all civilian agencies it contracts with. The 34-page executive order implements minimum security standards for the government and contractors. […]

Read More - Biden Orders Massive Overhaul of Federal Agency Security

Read More
21 Nails
21 Nails

147 21 nails

This week on the podcast we cover a 12 year old vulnerability in Dell’s firmware update driver impacting hundreds of millions of servers, workstations and tablets. Then, we dive in to 21 nails, a collection of vulnerabilities in the Exim Mail Transfer Agent (MTA) which has wide use across the internet. We’ll go over a […]

Read More - 21 Nails

Read More
DC Police Alleged Victim of Double-Extortion Ransomware Attack
DC Police Alleged Victim of Double-Extortion Ransomware Attack

Another day, another breach. Although, this time, the victim is the Metropolitan Police Department in Washington D.C. and the breach was induced by double-extortion ransomware known as Babuk. The group behind the ransomware attack, the Babuk Ransomware Group, hosts a webpage of their leaks with their most recent addition being the DC Police. The original […]

Read More - DC Police Alleged Victim of Double-Extortion Ransomware Attack

Read More
Understanding How Rising Cryptocurrency Prices Affect Cybersecurity
Understanding How Rising Cryptocurrency Prices Affect Cybersecurity

In the past few months there has been a dramatic increase in cryptocurrency prices. In fact, the crypto market value topped $2 trillion for the first time in history and bitcoin, the largest form of digital currency, hit a record high of more than $61,000, rallying over 100% in 2021 alone. As a result of growing crypto prices, individual investors and businesses have become bigger targets for cryptojacking – and no industry is immune. For example […]

Read More - Understanding How Rising Cryptocurrency Prices Affect Cybersecurity

Read More
2021 World Password Day: How Many Will Be Stolen This Year?
2021 World Password Day: How Many Will Be Stolen This Year?

Password management

You know what they say about passwords… You’re only one weak password away from a breach. Despite the increasing sophistication of hacker technologies and tools, the easiest step of a hack is still cracking the password. In fact, it’s so easy that many times it doesn’t even involve guessing at all. The scariest part about […]

Read More - 2021 World Password Day: How Many Will Be Stolen This Year?

Read More
What Is Same-Origin Policy?
What Is Same-Origin Policy?

146 Same Origin Policy

This week on the podcast, we mourn a Dan Kaminsky, a well-loved hacker responsible for identifying one of the biggest vulnerabilities in the history of the internet. Then, we continue our dive into web app security standards with a discussion on Same-Origin Policy and Cross Origin Resource Sharing (CORS) and how they help protect us […]

Read More - What Is Same-Origin Policy?

Read More
China’s Explicitly Biased Face Recognition Model
China’s Explicitly Biased Face Recognition Model

Dystopia

  According to an article by Techdirt, the Chinese government has created “Uyghur alarms” by an explicitly biased face recognition service which they are using. China uses face recognition to identify and target Uyghur people. Under the guise of identifying the different races in China, the model used appears to specifically identify Uyghur and Tibetan face […]

Read More - China’s Explicitly Biased Face Recognition Model

Read More
Cellebrite Good Times
Cellebrite Good Times

This week on the podcast, we cover Signal CEO Moxie Marlinspike’s analysis of a phone forensic analysis tool made by the grey-hat hacking organization Cellebrite. Before that though, we cover another solved mystery from the SolarWinds Orion saga.

Read More - Cellebrite Good Times

Read More
Judge Rules FBI Can Hack Into Exchange Servers
Judge Rules FBI Can Hack Into Exchange Servers

FBI

  (Updated 04/22/2021 to include court order) For the last few months, we have seen Exchange Servers fall to vulnerabilities from the HAFNIUN attacks. Even after Microsoft released patches for the serious flaws, we continue to see attacks on Exchange Servers and hear of more Exchange Servers becoming compromised. This shouldn’t be news as many publications […]

Read More - Judge Rules FBI Can Hack Into Exchange Servers

Read More
On A Tuesday
On A Tuesday

144 On A Tuesday

This week on the podcast we cover a couple of major events from April’s Patch Tuesday including four new remote code execution vulnerabilities in Exchange Server and some additional developments in the saga of March’s Exchange Server exploits.

Read More - On A Tuesday

Read More
Combating Disinformation with Nina Jankowicz Rewind
Combating Disinformation with Nina Jankowicz Rewind

143 Combating Disinformation

This week on the podcast, we go back to one of our favorite episodes from last year near the start of the pandemic where we sat down with security expert Nina Jankowicz to discuss what the rapid change to remote work would mean for security.

Read More - Combating Disinformation with Nina Jankowicz Rewind

Read More
Q4 2020 Internet Security Report
Q4 2020 Internet Security Report

142 Q4 2020 ISR

Its that time of year again! This week on the podcast we dive in to the latest internet security report out of the WatchGuard Threat Lab. We’ll cover the latest trends in malware, both at the perimeter and the endpoint, as well as network attacks and malicious domains. Additionally, we’ll recap the top security incident […]

Read More - Q4 2020 Internet Security Report

Read More
Deobfuscating a Dropper for a ZLoader Trojan Variant
Deobfuscating a Dropper for a ZLoader Trojan Variant

Computer code

On March 18th, 2021, the DNSWatch Tailored Analysis Team received an email from an internal WatchGuard employee who deemed the email as suspicious. The initial email included an attachment with the title Attachment_57904. A DNSWatch Analyst performed an initial assessment of the file in search of any malicious indicators or behaviors only to discover that […]

Read More - Deobfuscating a Dropper for a ZLoader Trojan Variant

Read More
Analysis of a Dridex Banking Trojan Phish
Analysis of a Dridex Banking Trojan Phish

Phishing email

At the beginning of March, as many Americans were eagerly awaiting another round of stimulus payments, news began to circulate about cybercriminals taking advantage of the American Rescue Plan offering financial assistance (payments and other aids) as part of COVID-19 relief. We got a hold of some of these phishing emails and upon scrutiny, we […]

Read More - Analysis of a Dridex Banking Trojan Phish

Read More
Ubiquitous for all the Wrong Reasons
Ubiquitous for all the Wrong Reasons