Shutterfly Hit by Data Breach
Conti ransomware is an extremely damaging malicious actor due to the speed with which encrypts data and spreads to other systems. The cyber-crime action is thought to be led by
A Third of UK Businesses Experience Cyber-Attacks at Least Once a Week
Around two in five businesses experienced breaches or cyber-attacks in the past 12 monthsRead More: https://www.infosecurity-magazine.com/news/third-businesses-cyber-attacks-week/
State-backed hacking attacks are a big worry, but most firms don't know what to watch out for
The vast majority of cybersecurity professionals think that the business they work for is a target for nation-state hackers, but only a small fraction think that their organisation can confidently
CISOs at SMBs Need to Prepare for Zero-Day Vulnerabilities
Zero-day vulnerabilities are among the most worrisome cyber security risks for organizations, because they deal with the unknown and there is little time to mitigate the risks. These are software
This new ransomware targets data visualization tool Jupyter Notebook
A new strain of Python ransomware is targeting environments using Jupyter Notebook. Jupyter Notebook is an open source web environment for data visualization. The modular software is used to model
NCSC: Time to Rethink Russian Supply Chain Risks
Kremlin coercion and sanctions could impact Western customersRead More: https://www.infosecurity-magazine.com/news/ncsc-rethink-russian-supply-chain/
IoT warning: Hackers are gaining access to UPS devices. Here's how to protect yours
Change the default user name and password settings on your internet-connected uninterruptible power supply (UPS) units, the US government has warned. UPS units are meant to provide power backup
Log4Shell Used in a Third of Malware Infections
Software supply chain attacks realize researchers’ worst fearsRead More: https://www.infosecurity-magazine.com/news/log4shell-used-in-a-third-of/
Attackers Steal $618m From Crypto Firm
Cyber-heist could be biggest ever recordedRead More: https://www.infosecurity-magazine.com/news/attackers-steal-618m-from-crypto/
Ethereum sidechain Ronin that powers play-to-earn game is fleeced for over $600m
Image: Ronin In a shock to absolutely no one paying attention to the so-called Web3 space, the touted security of blockchain-driven solutions might not be all it is cracked up
Senator calls on Nick Xenophon to detail his Huawei contract terms
Image: Sam Mooy/Getty Images South Australian independent Senator Rex Patrick has called on his former boss, and previous occupant of his Senate seat, Nick Xenophon to reveal the details of
Australia may not be able to fill Coalition's 1,900 proposed cyber jobs
Image: Getty Images The federal government’s big-ticket tech item in last night’s annual Budget was its proposed AU$9.9 billion injection into Australia’s cybersecurity and intelligence capabilities. Chief among the objectives
An In-Depth Look at ICS Vulnerabilities Part 1
Trend Micro – In 2021, there were significant changes in the methods used by cyber attackers. More advanced destructive supply chain attacks also came to the surface this year. This
Hackers steal more than $600M from Ronin blockchain used to play Axie Infinity
Written by Suzanne Smalley Mar 29, 2022 | CYBERSCOOP The cryptocurrency used to play the Pokémon-inspired blockchain game Axie Infinity was the target of a March 23 crypto heist of
FBI joins other intelligence agencies in warning about Russia
Written by Tonya Riley Mar 29, 2022 | CYBERSCOOP The FBI’s top cyber official called Russia a “formidable foe” in an oversight hearing Tuesday by the House Judiciary Committee. “We
Log4JShell Used to Swarm VMware Servers with Miners, Backdoors
Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing. What researchers are calling a “horde” of miner bots and
Singapore offers certification scheme to tag companies with robust security posture
Singapore has introduced certification programmes to tag small and large enterprises that have adopted good cybersecurity practices. The move is touted as essential for companies to ascertain their security posture
Coordinated phishing campaign targeted election officials in nine states, according to FBI
Written by AJ Vicens Mar 29, 2022 | CYBERSCOOP An invoice-themed phishing campaign targeted elections officials in at least nine states in October 2021, according to a warning the FBI
Personal Data of 620 FSB Officers Published Online
Ukrainian Directorate of Intelligence shares personal data of Russian agents Read More: https://www.infosecurity-magazine.com/news/data-620-fsb-officers-published/
Yandex is Sending iOS Users' Data to Russia
Researcher claims Russian tech company is sending data harvested from iOS app users to Russia Read More: https://www.infosecurity-magazine.com/news/yandex-is-sending-ios-users-data/
Five Ways to Optimize and Diversify Your Workforce
Many companies are facing persistent skills gaps and workforce shortages. With women and other underrepresented groups leaving jobs en masse and more job postings every day, businesses are certainly feeling
82% of Public Sector Applications Contain Security Flaws
The researchers also found the public sector takes twice as long to fix flaws once detected compared to other industriesRead More: https://www.infosecurity-magazine.com/news/public-sector-apps-security-flaws/
Dental Practice Fined for Sharing Patient Data on Social Media
OCR fines dental practice $50K for disclosing PHI of patient who posted a negative review onlineRead More: https://www.infosecurity-magazine.com/news/dental-upi-shared-patient-data/
Hackers are getting faster at exploiting zero day flaws. That's going to be a problem for everyone
Hackers were much faster to exploit software bugs in 2021, with the average time to exploitation down from 42 days in 2020 to just 12 days. That marks a 71%
Exchange Servers Speared in IcedID Phishing Campaign
The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques. The ever-evolving banking trojan IcedID is back again with
Mars Stealer: Exclusive New Threat Research
The Morphisec Labs team has conducted research on the new Mars infostealer. Mars is based on the older Oski Stealer and was first discovered in June 2021. The new Mars
Intelligence Failures of Lincoln’s Top Spies: What CTI Analysts Can Learn From the Civil War
Selena Larson Mar 29 ·9 min read Guest Post by ATT&CKcon 3.0 Keynote Speaker, Selena Larson Allan Pinkerton (Alexander Gardner — Library of Congress) At the onset of the Civil
Using Russian tech? It's time to look at the risks again, says cybersecurity chief
Organisations using Russian-linked software or products have been told to take time to consider the risk involved with using those technologies following Russia’s invasion of Ukraine. New guidance from the
How to use MITRE ATT&CK Navigator: A step-by-step guide
Sorting through information can be a difficult task at the best of times. When you are dealing with a literal mountain of actionable data like the MITRE ATT&CK Knowledge Base,
Threat Hunting Journal – March 2022 E.O.M Edition
The early spring edition of Heimdal™ Security’s threat hunting journal brings new contenders, old contenders, and more telemetry. No major improvements since last month, with the Trojan King still refusing
Transparent Tribe campaign uses new bespoke malware to target Indian government officials
By Asheer Malhotra and Justin Thattil with contributions from Kendall McKay. Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are
Transparent Tribe APT returns to strike India's government and military
The Transparent Tribe hacking group is back with a new malware arsenal and victim list including India’s government and military. Active since at least 2013, the advanced persistent threat (APT)
SunCrypt Ransomware Still Alive in 2022
One of the first groups to use “triple extortion” tactics in their attacks was SunCrypt. This group is a RaaS (Ransomware as a Service) group. SunCrypt doesn’t have a big
Ukraine Suffers Significant Internet Disruption Following Cyber-Attack
The attack led to the “most severe” disruption to connectivity in Ukraine since the Russian invasion beganRead More: https://www.infosecurity-magazine.com/news/ukraine-internet-disruption-cyber/
Ukraine destroys five bot farms that were spreading 'panic' among citizens
SBU The Security Service of Ukraine (SBU) has destroyed five “enemy” bot farms engaged in activities to frighten Ukrainian citizens. In a March 28 release, the SBU said that the
Log4Shell exploited to infect VMware Horizon servers with backdoors, crypto miners
The Log4Shell vulnerability is being actively exploited to deliver backdoors and cryptocurrency miners to vulnerable VMware Horizon servers. On Tuesday, Sophos cybersecurity researchers said the attacks were first detected in
Threat Actors Hijack Email Reply Chains on Vulnerable Exchange Servers to Deliver IcedID Malware
A new email phishing operation has been noticed employing the conversation hijacking strategy to distribute the IcedID banking trojan-type malware onto compromised computers via unpatched and publicly-exposed Microsoft Exchange servers.
Purple Fox Threat Actors Leverage New FatalRAT Version
The ones who created Purple Fox malware have upgraded their malware arsenal, as currently, they are using a new FatalRAT version, a remote access trojan. Besides, its functionalities to avoid
Sanctions Hitting Russian Cyber-Criminals Hard
Carders, social media scammers and others feeling the pinchRead More: https://www.infosecurity-magazine.com/news/sanctions-hitting-russian-criminals/
Australian Budget 2022 delivers AU$9.9 billion for spicy cyber
Image: Asha Barbaschow/ZDNet The federal government has released its 2022-23 federal Budget, containing a AU$9.9 billion kitty for bolstering cybersecurity and intelligence capabilities in the midst of a growing cyberthreat
European Police Bust Multimillion-Dollar Investment Fraud Gang
Group estimated to have made $3.3m per monthRead More: https://www.infosecurity-magazine.com/news/police-bust-fraud-gang/
Security Incidents Reported to FCA Surge 52% in 2021
UK financial services firms hit by breaches and ransomwareRead More: https://www.infosecurity-magazine.com/news/security-incidents-reported-fca/
EU and US confirm new transatlantic data flow agreement on the way
Image: Getty Images The European Commission and the United States announced a new Trans-Atlantic Data Privacy Framework over the weekend, signalling clarification may be on the way regarding what data
Anonymous Hacks 2 Russian Industrial Firms, Leak 112GB of Data for Ukraine
Anonymous has taken Operation OpRussia a step further by targeting MashOil and RostProekt, which happened to be giants in their respective industries. The online hacktivist group Anonymous has claimed responsibility
Update Chrome Browser Now – Google Releases Emergency Security Update
At least 3.2 billion Chrome users could be at risk because of the high severity zero-day vulnerability. Google released an emergency security update for Google Chrome Stable on 25th March
Ukrainian telecom hit with major disruption, its most severe since Russian invasion
Written by AJ Vicens Mar 28, 2022 | CYBERSCOOP One of Ukraine’s key internet service providers suffered a significant outage Monday, with observers noting a distinct drop in accessibility spanning
Okta Says It Goofed in Handling the Lapsus$ Attack
“We made a mistake,” Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers. On Friday, Okta – the authentication
Critical Sophos Security Bug Allows RCE on Firewalls
The security vendor’s appliance suffers from an authentication-bypass issue. Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution. The flaw, tracked as