Conti’s Leaked Ransomware Used to Target Russian Businesses
Conti’s source code was exposed after the company allied with Russia in the Ukraine conflict, and a security researcher obtained 170,000 internal chat messages as well as the source code
Why you might consider working with an MSP to obtain cyber insurance
Cyber insurance is quickly becoming one of the most essential cybersecurity services available to an organization. Unlike traditional services that offer defense, proactive threat hunting, or reactive remediation, cyber insurance
New Meta Malware Used in Malspam Campaign
A new META malware, an info-stealer that seems to be more and more popular among hackers, has been discovered being leveraged by threat actors in a recent malspam campaign. What
Why you need to install and use Instagram story saver
It is quite difficult to deny the fact that we live in the age of the Internet. According to analytics firm App Annie, a person currently interacts with their mobile
Fraudsters Steal £58m in 2021 Via Remote Access Tools
Victims often receive an unsolicited call firstRead More: https://www.infosecurity-magazine.com/news/fraudster-steal-58m-2021-via/
Raspberry Pi Ditches Default Logins to Boost Security
Users asked to choose new username and password on boot-upRead More: https://www.infosecurity-magazine.com/news/raspberry-pi-default-logins-boost/
FIN7 Pen Tester Gets Five Years Behind Bars
Carbanak Group specialist coordinated network intrusionsRead More: https://www.infosecurity-magazine.com/news/fin7-pen-tester-gets-five-years/
Managed Security Service – What It Is and Why Does Your Company Need It
The unification revolution of cybersecurity solutions has started – and managed security service providers are leading the way. Managed security services (MSS) refer to a service model or capability offered
Singapore begins licensing cybersecurity vendors
Vendors offering two categories of cybersecurity services in Singapore now must apply for a licence to continue providing such services. They have up to six months to do so or
OpenSSH now defaults to protecting against quantum computer attacks
Post-quantum cryptography has arrived by default with the release of OpenSSH 9 and the adoption of the hybrid Streamlined NTRU Prime + x25519 key exchange method. “The NTRU algorithm is
Ads, NFTs and other badness: Pour one out for the decline of dumb TVs
Image: Vizio In my particular lounge room sits a relic of a time long gone, a 15-year-old plasma TV that is dumb as a box of hammers, and thankfully so.
FBI Disrupts Cyclops Blink Botnet Used by Russian Intelligence Directorate
According to US authorities, the Cyclops Blink botnet was controlled by the Russian Federation’s Main Intelligence Directorate (GRU) and had compromised thousands of devices worldwide. A court-authorized operation against a
FBI Disrupts Cyclops Blink Botnet Used by Russian Intelligence Directorate
According to US authorities, the Cyclops Blink botnet was controlled by the Russian Federation’s Main Intelligence Directorate (GRU) and had compromised thousands of devices worldwide. A court-authorized operation against a
Threat Roundup for April 1 to April 8
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 1 and April 8. As with previous roundups, this post isn’t meant to be an
DOJ's Sandworm operation raises questions about how far feds can go to disarm botnets
Written by Suzanne Smalley Apr 8, 2022 | CYBERSCOOP The notion that citizens are protected from unreasonable search and seizure is a bedrock legal principle: A court must issue a
Denial-of-service disrupts Finnish government sites during Zelenskyy speech
Written by Tim Starks Apr 8, 2022 | CYBERSCOOP A denial-of-service attack knocked the websites for Finland’s defense and foreign ministries offline Friday, the government there said, just as Ukrainian
Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’
Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times. Researchers have found the info-stealing Android malware Sharkbot lurking
Northern Ireland TrustFord Sites Hit by Ransomware Gang
The attack is believed to have been committed by Conti ransomware gangRead More: https://www.infosecurity-magazine.com/news/northern-ireland-trustford/
Finland Government Sites Forced Offline by DDoS Attacks
Finnish ministries of foreign affairs and defense forced offline earlier today by DDoS attacksRead More: https://www.infosecurity-magazine.com/news/finland-government-sites-offline/
The Best Virtual Desktop Solutions You Might Need in 2022
Desktop virtualization is a term that refers to a software solution that isolates the desktop environment and any related application software from the client device used to access the desktop
APT-C-23 Hacking Group Targets Israeli Officials in Catfish Campaign
Hamas-linked cybercrime organization dubbed ‘APT-C-23’ was noticed catfishing Israeli officials working in defense, law, enforcement, and government institutions, resulting in the deployment of new malware. The operation employs high-level social
New Malware Leveraged Cryptominers to Target AWS Lambda
A cryptomining malware designed particularly to target Amazon Web Services (AWS) Lambda cloud systems has been recently identified by security experts. What Happened? Denonia is the name attributed by security
#ISC2Events: Supply Chain Security is a Multifaceted Challenge
Orgs must know range of factors when managing supply chain risk, says (ISC)2’s CISO, Jon FranceRead More: https://www.infosecurity-magazine.com/news/isc2events-supply-chain-security/
Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine
Written by Joe Warminsky Apr 8, 2022 | CYBERSCOOP Microsoft says it has shut down internet infrastructure that Russian state-backed hackers used to attack the networks of organizations in Ukraine
A Member of the FIN7 Hacking Gang Was Sentenced to Five Years in Jail
A financial-motivated threat organization that has been active since 2013, FIN7 has targeted the retail, restaurant, and hospitality industries in the United States, often deploying point-of-sale malware to achieve its
Identity and Access Management (IAM) Explained: Definition, Benefits and More
Identity and access management is a key component in ensuring the security of data. It can be used to protect companies against data breaches by providing a layer of security
FIN7 hacking group member sentenced to five years behind bars
A Ukrainian national has been sentenced as a member of the FIN7 hacking group. On Thursday, the US Department of Justice (DoJ) announced the sentencing of Denys Iarmak to five
APT28 Domains Used in Cyberattacks Against Ukraine Taken Down by Microsoft
Microsoft was able to successfully disrupt cyberattacks targeting Ukraine that were conducted by the Russian APT28 cybercrime group after shutting down seven domains used as attack infrastructure. What Is APT28?
Raspberry Pi just made a big change to boost security
Raspberry Pi has made a change to its operating system Raspberry Pi OS that removes the default username and password. Until now, the default username and password for the tiny
YouTube Fraudsters Steal $1.7m in Crypto 'Giveaway'
Scheme used footage from entrepreneurs and crypto enthusiastsRead More: https://www.infosecurity-magazine.com/news/youtube-fraudsters-crypto-giveaway/
Microsoft: Nearly All Russian State Actors Now Targeting Ukraine
Tech giant disrupts APT28 but warns of all-out cyber-offensive Read More: https://www.infosecurity-magazine.com/news/russian-state-targeting-ukraine/
Using Google's Chrome browser? This new feature will help you fix your security settings
slyellow — Shutterstock Google is releasing a new tool to help users configure their privacy settings in the Google Chrome browser in the form of a guided tour. The new
Global Supply Chain Attacks Surge 51% in H2 2021
Few are confident they could respond to quickly to a breachRead More: https://www.infosecurity-magazine.com/news/global-supply-chain-attacks-surge/
Ensign unveils cybersecurity employment scheme for individuals with autism
Ensign InfoSecurity has inked a partnership with Singapore’s Autism Resource Centre (ARC) to roll out an employment scheme designed for individuals on the spectrum. The programme, which has led to
Hamas Hackers Posing as Women to Con Snr Israeli Officials into Installing Malware
A Middle Eastern hacking group supposedly connected to Hamas uses malware to steal sensitive data from Windows and Android devices of high-ranking Israeli officials. Sophisticated Catfish Campaign Targeting Israeli Officials
CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
Trend Micro – The payload from the first stage can be sent as a single request without using different headers as shown in Figure 4 and as described in this
FIN7 hacker sentenced to five years
Written by Tonya Riley Apr 7, 2022 | CYBERSCOOP Denys Iarmak, a high-level member of the criminal hacking group FIN7, was sentenced to five years in prison today by a
The security analyst: An expert in beginner's clothing
This month, we are thrilled to announce new research: Role Profile: Security Analyst. This research is both a necessary document as well as a labor of love. I often say
Factors to Consider when Choosing a Robotic Arm
When deciding on an industrial robot for your facility, many options are to be considered. This article will help you understand how to choose the best robotic arm for your
Threat Source newsletter (April 7, 2022) — More money for cybersecurity still doesn't solve the skills gap problem
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. U.S. President Joe Biden’s proposed budget would include an 11 percent increase in the federal government’s IT
Website of Russian Oil Giant Gazprom Neft Down After Alleged Hack
A statement allegedly from Gazprom CEO Alexie Miller was briefly displayed on the websiteRead More: https://www.infosecurity-magazine.com/news/russian-oil-gazprom-neft-hack/
Bank of Ireland Fined €463,000 Over Data Breaches
The bank was fined for the breaches and the delays in communicating with affected customersRead More: https://www.infosecurity-magazine.com/news/bank-of-ireland-fined-463000-over/
Create a Better Employee Experience for your MSP Business
One of the best ways—if not the best way—to recruit and retain employees is to foster a great environment for your current staff, creating an experience that makes your team
Brand Protection is Essential for Cybersecurity
Is brand protection so important? Yes. Very much! According to a 2020 study, 70% of customers believe that brand trust is more important now than ever, and 53% make their
Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin
WordFence – On March 10, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “SiteGround Security”, a WordPress plugin that is installed
The Cyber Threat Landscape for 2022
Cybersecurity professionals be warned: 2022 offers no respite from the wave of cybercrime that’s tormented enterprises these past couple of years. Cybersecurity was already a fast-moving sector prior to Covid-19.
Suspected Chinese hackers are targeting India's power grid
Written by Tonya Riley Apr 7, 2022 | CYBERSCOOP Hackers likely affiliated with the Chinese government have been going after North India’s power supply, according to a report by Recorded
SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds. A server-side request