Okta Says It Goofed in Handling the Lapsus$ Attack
“We made a mistake,” Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers. On Friday, Okta – the authentication
Critical Sophos Security Bug Allows RCE on Firewalls
The security vendor’s appliance suffers from an authentication-bypass issue. Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution. The flaw, tracked as
Microsoft is adding a new driver-blocklist feature to Windows Defender on Windows 10 and 11
Credit: Microsoft Microsoft is adding a new Vulnerable Driver Blocklist feature to Windows Defender on Windows 10, Windows 11, and Windows Server 2016 or newer releases. This feature is aimed
Washington Health District Suffers Another Data Breach
Phishing attacks on Spokane Regional Health District triggers two data breach announcements in 2022Read More: https://www.infosecurity-magazine.com/news/washington-health-district-2-data/
Okta: We made a mistake over Lapsus$ breach notification
Okta has admitted it “made a mistake” by not telling customers sooner about a security breach in January, in which hackers were able to access the laptop of a third-party
US Proposes Healthcare Cybersecurity Act
Bipartisan proposal aims to protect America’s healthcare and public health sector Read More: https://www.infosecurity-magazine.com/news/us-proposes-healthcare/
Zero-day Attacks Doubled in 2021
Researchers find a spike in zero-day exploits and faster exploitation speeds in 2021Read More: https://www.infosecurity-magazine.com/news/zeroday-attacks-doubled-in-2021/
US Comms Regulator Deems Kaspersky a National Security Risk
The FCC added Kaspersky to a list of entities it believes poses an “unacceptable risk to national security or to the security and safety of US persons”Read More: https://www.infosecurity-magazine.com/news/us-comms-kaspersky-national/
Ransomware payments: Here's how much falling victim will now cost you
The average ransom demand made following a ransomware attack has risen to $2.2 million as cyber criminals are becoming bolder and have a bigger impact on the businesses they’re targeting.
Man linked to multi-million dollar ransomware attacks gets 66 months in prison for online fraud
An Estonian man connected to multimillion dollar ransomware attacks has received a 5-and-a-half-year jail sentence for his involvement in online fraud schemes. The US Department of Justice says Maksim Berezan,
86% of Organizations Have Faced a Nation-State Cyber-Attack
Russia and China were identified as the most likely perpetrators of nation-state-backed attacksRead More: https://www.infosecurity-magazine.com/news/organizations-faced-nationstate/
Lack of speedy notification was 'a mistake,' Okta says
Written by Joe Warminsky Mar 28, 2022 | CYBERSCOOP “We want to acknowledge that we made a mistake,” identity authentication company Okta said Friday regarding a two-month delay in notifying
Hundreds more packages found in malicious npm 'factory'
Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat
RAV Antivirus: How to Protect Your Data in 2022
Did you know that cybercrime has become more profitable than the global trade of all major illegal drugs combined? With annual damages of around $6.5 trillion (according to the Annual
V8 Vulnerability Hits Chrome and Edge
Following the identification of a V8 vulnerability in Chrome and Edge that shows an exploit in the wild, users who employ Windows, macOS, and Linux should update Chrome builds to
New Korplug Variant Discovered
The Korplug RAT (also known as PlugX) is a spyware that has previously been associated with Chinese APT organizations and has been linked to targeted assaults on significant institutions in
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
Avast – Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be a compromised
CISA: Here are 66 more security flaws actively being used by hackers – so get patching
The US Cybersecurity and Infrastructure Security Agency (CISA) has told federal agencies to patch 66 new security bugs based on evidence of active exploitation. These new 66 bugs join a
The Clock is Ticking: What to do immediately after a ransomware attack
Ransomware is a fast-growing threat impacting organizations of all sizes, across all industries. Earlier this month, national security authorities in the United States, the United Kingdom and Australia issued advisories
Cyber Intelligence Insights – Australian State and Territory Government
Significant governance, capability and funding gaps common to most Australian state and territory governments include: 1. Business continuity planning: Business continuity plans and disaster recovery plans do not reflect the
Estonian Gets 66 Months for Ransomware Conspiracy
Man worked for DirectConnection cybercrime forumRead More: https://www.infosecurity-magazine.com/news/estonian-gets-66-months-for/
Sophos patches critical remote code execution vulnerability in Firewall
Sophos has patched a remote code execution (RCE) vulnerability in the Firewall product line. Sophos Firewall is an enterprise cybersecurity solution that can adapt to different networks and environments. Firewall
Ransomware Attacks Soar by 100% in 2021
Reports to ICO top 600 in just a yearRead More: https://www.infosecurity-magazine.com/news/ransomware-attacks-soar-100-2021/
Huawei sees revenue dip 28%, pivots to tap green demand
Huawei Technologies has reported a 28.56% dip in its revenue last year, which saw a sharp decline in its smartphone business. Embattled amidst ongoing US trade sanctions, the Chinese technology
One in 10 UK Staff Circumvent Corporate Security
Cisco warns of awareness gap among hybrid workersRead More: https://www.infosecurity-magazine.com/news/one-in-10-uk-staff-circumvent/
Chrome and Edge hit with V8 type confusion vulnerability with in-the-wild exploit
Image: slyellow/Shutterstock Google is urging users on Windows, macOS, and Linux to update Chrome builds to version 99.0.4844.84, following the discovery of a vulnerability that has an exploit in the
Kaspersky blacklisted by FCC alongside China Telecom and China Mobile
Image: Getty Images The US Federal Communications Commission (FCC) has added Kaspersky to the country’s entity list, along with China Telecom and China Mobile. First reported by Bloomberg, the Kaspersky
US Adds Kaspersky to List of Firms Posing Threat to National Security
HackerOne and Dicker Data have also cut ties with Kaspersky after FCC’s decision amid the ongoing conflict between Ukraine and Russia. FCC’s Covered List signifies firms considered a threat and
Comment on Confirmed: Anonymous Hacks Central Bank of Russia; Leaks 28GB of Data by Steven
One of the Anonymous affiliate groups going by the Twitter handle of @Thblckrbbtworld has leaked 28GB worth of Central Bank of Russia data in support of Ukraine. Anonymous hacktivist collective
Confirmed: Anonymous Hacks Central Bank of Russia; Leaks 28GB of Data
One of the Anonymous affiliate groups going by the Twitter handle of @Thblckrbbtworld has leaked 28GB worth of Central Bank of Russia data in support of Ukraine. Anonymous hacktivist collective
DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector
The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant. The U.S. Department of Justice (DOJ) has
100s of Russian Building Controllers Can be Remotely Hacked
Researcher Jose Bertin has identified critical security vulnerabilities in a building controller made by Russian firm Tekon Avtomatika (Tekon.ru). Jose Bertin, an IT security researcher, has identified critical vulnerabilities in
The Power of Community: Get Involved with Local, Business and Vendor Groups to Help Your Company
Having a place where you feel you belong and contribute is an important part of any business’s success. In this video blog, Desraie Thomas, channel development manager at Datto, talks
Threat Roundup for March 18 to March 25
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between March 18 and March 25. As with previous roundups, this post isn’t meant to be an
Estonian man sentenced to prison for role in cyber intrusions, ransomware attacks
Written by Suzanne Smalley Mar 25, 2022 | CYBERSCOOP An Estonian man was sentenced to 66 months in federal prison Friday for participating in ransomware attacks which caused more than
Senate Committee Questions Pentagon’s Information Restrictions
Panel queries whether Pentagon is abusing new data protection designation to keep info from public Read More: https://www.infosecurity-magazine.com/news/committee-questions-pentagons-data/
Florida Sheriff’s Officer Charged with Cyber-Flashing Minor
Law man was the subject of 28 complaints before his arrest over obscene Snapchat imagesRead More: https://www.infosecurity-magazine.com/news/officer-charged-cyberflashing/
Modern Gaming Sucks Because of Abundance Fatigue
As you peruse the Xbox or Playstation store games, probably skipping through the deals to see if there is anything tasty, your mind will no doubt settle on the idea
Major League Baseball Players’ Personal Data Stolen
Sports stars’ information swiped in cyber-attack on third-party vendor Read More: https://www.infosecurity-magazine.com/news/baseball-players-personal-data/
What Is FOSS Software? Definition, Usage, and Vulnerabilities
Free Open-Source Software (FOSS) is a software category that incorporates computer programs that are freely licensed and open-source. In essence, FOSS software is free to download, use, modify or study.
Utah Becomes Latest US State to Pass a Data Privacy Law
The Utah Consumer Privacy Act (UCPA) follows in the footsteps of laws passed in California, Virginia and ColoradoRead More: https://www.infosecurity-magazine.com/news/utah-pass-data-privacy-law/
Social Engineering Attacks Target Morgan Stanley Client Accounts
A new wave of social engineering attacks has been targeting Morgan Stanley client accounts as Morgan Stanley’s wealth and asset management subsidiary claims. Morgan Stanley Client Accounts Compromised by Social
A Honda Vulnerability Allows Hackers to Use a Replay Attack
In a replay attack, a hostile hacker may trick a website or service into granting them access to your account by reusing the information that the website or service uses
EU and US Agree Deal to Reopen Seamless Transatlantic Data Flows
The new framework is designed to revamp the previous Privacy Shield arrangement between the EU and USRead More: https://www.infosecurity-magazine.com/news/eu-us-transatlantic-data-flows/
UK police arrest seven individuals suspected of being hacking group members
UK law enforcement has made a spate of arrests in connection to an unnamed hacking group. Detective Inspector Michael O’Sullivan, from the City of London Police, said in a statement
These fake crypto wallets want to steal from iPhone and Android users
Cyber criminals are attempting to stealing cryptocurrency from Android and iPhone users by luring them into downloading malicious apps posing as cryptocurrency wallet services. Cybersecurity researchers at ESET have identified
Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch
Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February. North
What is ransomware? Everything you need to know about one of the biggest menaces on the web
What is ransomware? Ransomware is one of the biggest cybersecurity problems on the internet and one of the biggest forms of cybercrime that organisations face today. Ransomware is a form