Australian Government to Invest $9.9bn in Cyber
Country seeks to triple cyber capabilities of its digital intelligence agency, ASD Read More: https://www.infosecurity-magazine.com/news/australian-government-to-invest/
Meet BlackGuard: a new infostealer peddled on Russian hacker forums
Researchers have uncovered a new infostealer malware being peddled in Russian underground forums. Dubbed BlackGuard, zScaler says that the new malware strain is “sophisticated” and has been made available to
Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges. A
FBI efforts to disrupt business email compromise scams leads to 65 arrests
A major businesses email compromise (BEC) scheme which has cost victims millions of dollars has been disrupted in an international operation coordinated by the FBI. Over a period of three
National Emergency in the United States Prolonged
On April 1, 2015, former President Barack Obama issued Executive Order 13694, which sanctioned anyone who were coordinating or participating to cyberattacks against the United States and proclaimed a state
QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug
QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch. Customers of Taiwan-based QNAP Systems
Ransomware penetration testing: Verifying your ransomware readiness
Infosec Institute – Ransomware is a top priority for almost all information security teams. It is a common, severe threat that can have devastating consequences for the organization. However, even
A Blockchain Primer and a Bored Ape Headscratcher – Podcast
Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe. Why in the world would a collection
Google: Multiple hacking groups are using the war in Ukraine as a lure in phishing attempts
Hostile hacking groups are exploiting Russia’s invasion of Ukraine to carry out cyberattacks designed to steal login credentials, sensitive information, money and more from victims around the world. According to
Cybersecurity managers with a direct line to executive boards set the tone for investment: study
A new report examines how an organization’s approach to cyberattack incident and response strategies can have implications for investment in the broader cybersecurity market. On Thursday, financial services and credit
NATO Countries Targeted in Russian Phishing Attacks, Google Reports
According to the Google Threat Analysis Group (TAG), a great number of threat actors are currently exploiting the event of the Russian invasion in Ukraine to launch phishing and malware
Singapore, US expand bilateral economic cooperation to include AI governance
Singapore and the US have agreed to expand their economic cooperation to include artificial intelligence (AI) governance and cybersecurity initiatives involving other Asean markets. The two nations also will collaborate
Microsoft: These are the Windows Update policies you should set for your PCs (and rollercoasters)
Microsoft has detailed how you should use Windows Update policies to keep your devices updated and secure, from single-user devices right through to kiosks and billboards – and rollercoasters. The
IT and Software Consultancy Company Globant Got Hacked
Globant is an information technology and software development company with more than 16,000 workers globally and projected sales of $1.2 billion in 2021. Globant, which was founded in Buenos Aires,
Globant admits to data breach after Lapsus$ releases source code
Globant has admitted to a data breach after notorious hacking group Lapsus$ allegedly leaked the firm’s source code. ZDNet Recommends Globant is an IT and software development giant headquartered in
No Patch Available Yet for Critical SpringShell Bug
Vulnerability has echoes of infamous Struts and Log4Shell vulnerabilitiesRead More: https://www.infosecurity-magazine.com/news/no-patch-available-critical/
Viasat: Denial of Service Attack Impacted Tens of Thousands
Provider claims attackers first compromised VPN applianceRead More: https://www.infosecurity-magazine.com/news/viasat-denial-service-impacted/
Global Police Arrest 65 in Multimillion-Dollar BEC Bust
FBI-led operation lasted three monthsRead More: https://www.infosecurity-magazine.com/news/global-police-arrest-65-bec/
CyberCX Cyber Dialogue: Russia-Ukraine war and the state of cyber
While the suffering of the people of Ukraine remains the most pressing issue around Russia’s invasion, this war also has implications for global cyber security. We assembled leading cyber experts
CyberCX Cyber Dialogue: In conversation with Tim Watts MP with Alastair MacGibbon. Copy
This instalment of our Cyber Dialogue webcast series features Shadow Assistant Minister for Cyber Security Tim Watts MP in conversation with CyberCX Chief Strategy Officer Alastair MacGibbon. In this fascinating
Australia's second tranche of cyber laws passes both Houses
Image: Asha Barbaschow/ZDNet Australia’s second tranche of cyber laws has passed through both houses of Parliament, meaning entities running “systems of national significance” will soon be beholden to enhanced cybersecurity
Additional Budget funds for AFP to be used for deploying 'hacking' Bill warrants
Image: ACT Policing Australian Federal Police (AFP) Commissioner Reece Kershaw told senators on Thursday morning that additional funding from this year’s Budget would allow his law enforcement agency to start
FBI arrests 65 in BEC scams that took $51 million from U.S. businesses
Written by Tonya Riley Mar 30, 2022 | CYBERSCOOP The FBI and global partners carried out an operation that resulted in the arrest of 65 U.S. individuals that allegedly scammed
Russian, Chinese, Belarusian hackers increasingly using Ukraine-themed lures in attacks, Google observes
Written by AJ Vicens Mar 30, 2022 | CYBERSCOOP Within the last two weeks, a Russia-based hacking group has targeted several U.S. nongovernmental organizations and think tanks, the military of
$625m Stolen From Ronin Network – The Blockchain Behind Axie Infinity Game
The company is collaborating with the law enforcement agency to recover 173,600 ETH and 25.5 million USDC (USD Coin) from the attacker. Ronin Network (RON), a blockchain network underlying the
Viasat: Feb. cyber attack impacted tens of thousands of customers in Ukraine, Europe
Satellite communications giant Viasat on Wednesday shared new information from its investigation into the February cyberattack that took down service for broadband customers in Ukraine and across Europe. The company
Critical RCE Bug in Spring Could Be the Next Log4Shell, Researchers Warn
The so-called ‘Spring4Shell’ bug has cropped up, so to speak, and could be lurking in literally millions of Java applications. A critical security vulnerability has bloomed in the Spring Cloud
U.S. telecommunications company likely targeted by Russian hackers shares details of Feb. 24 attack
Written by AJ Vicens Mar 30, 2022 | CYBERSCOOP The U.S. telecommunications company targeted as the Russian military attacked Ukraine on Feb. 24 said Wednesday that a misconfigured virtual private
Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more. Cyberattackers are targeting uninterruptible power supply (UPS) devices, which provide battery backup power during power surges
FBI Investigating More than 100 Ransomware Variants
Cyber Division’s assistant director says impact of ransomware has “grown to dangerous proportions” Read More: https://www.infosecurity-magazine.com/news/fbi-investigating-100-ransomware/
New Research Claims Biden's Disclosure Deadlines Are Unrealistic
New research shows organizations unprepared for strict new cyber incident reporting requirements Read More: https://www.infosecurity-magazine.com/news/bidens-disclosure-deadlines/
Lapsus$ ‘Back from Vacation’
Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers’ DevOps platforms – to its hit list. The Lapsus$ data extortionists are
Google Chrome Bug Actively Exploited as Zero-Day
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine. Google has updated its Stable channel for the desktop version of Chrome,
Personal Data of 820,000 NYC Students Exposed
Grading system hack causes potentially historic breach of students’ personal data Read More: https://www.infosecurity-magazine.com/news/personal-data-of-820k-nyc-students/
Two-factor authentication is a great idea. But not enough people are using it
Hackers can easily use stolen usernames and passwords to conduct cyber attacks because many online accounts still don’t use two-factor authentication controls designed to help keen them safe. Two-factor
The Complete Guide to Desktop Virtualization and Its Importance
Desktop virtualization refers to the software solution that separates the desktop environment and any associated application software from the actual client device that is used to access the desktop environment.
Remcos Trojan: Analyzing the Attack Chain
Morphisec Labs has detected a new wave of Remcos trojan infection. The theme of the phishing emails is again financial, this time as payment remittances sent from financial institutions. The
Infosecurity Europe Unveils Keynote Speakers for 2022 Event
Day 1 will include a talk from Major General Tom Copinger-Symes CBE, director of strategy and military digitisation with UK Strategic CommandRead More: https://www.infosecurity-magazine.com/news/infosecurity-europe-keynote/
Get an extra 50% off these 10 ethical hacking e-learning bundles
StackCommerce Cybersecurity skills are highly valued in the tech industry, and there are always job openings available. So if you want to switch to a well-paid tech job, these 10
How you can help Ukraine: Donation sites and resources
These contribution opportunities were suggested by the companies we profiled in the companion piece, “Ukrainian software developers: Email and photos from the war zone.” Humanitarian Support NBU Fundraising Account: According
Ukrainian software developers share their stories and photos from the war zone
Eugene Krupnov: “A day after we left, an enemy rocket hit a high-rise building not far from our home in Kyiv.” Image: Eugene Krupnov “Our daughter kept asking if we
Purple Fox rootkit and how it has been disseminated in the wild
The Purple Fox rootkit has been a malicious and powerful weapon active since March 2018 and covered as an exploit kit. This piece of malware acts as a wormable binary.
MSHTML Flaw Exploited to Attack Russian Dissidents
A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin. A spearphishing campaign targeting Russian citizens and government entities that are not
Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk
WordFence – On February 15, 2022, the Wordfence Threat Intelligence team finished research on two separate vulnerabilities in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin with over 100,000
US Congress Approves Strengthening American Cybersecurity Act
Security Intelligence – US Congress Approves Strengthening American Cybersecurity Act Federal agencies and critical infrastructure owners and operators may need to change how they respond to cyber attacks. The U.S. Congress
New Subscription: Learn Fundamentals
The OffSec Training Library (OTL) continues to expand! Today we are excited to launch Learn Fundamentals, our entry-level cybersecurity training plan. How should I prepare for the OSCP? Where can
These remote work job scams promise easy money but aim to steal your savings
Cyber criminals are posing as recruiters and employers to offer people fake jobs in a scheme designed to steal money, personal data and trick victims into helping them commit money
Election Officials Warned by the FBI of Credential Phishing Campaigns
On Tuesday, the Federal Bureau of Investigation (FBI) issued a warning to the US election and other state and local government officials about a widespread phishing operation that has been