Security Teams are Responsible for Over 165k Assets
Concerns that the attack surface is expanding faster than ability to secure itRead More: https://www.infosecurity-magazine.com/news/security-teams-responsible-over/
Multi-factor authentication: How to enable 2FA to step up your security
You are one data breach away from having your entire online life turned upside down. The problem is passwords, which are hopelessly fragile ways to secure valuable resources. Don’t be
Cyber company Okta is latest potential victim of Lapsus$ hackers
Written by Joe Warminsky Mar 22, 2022 | CYBERSCOOP Identity authentication company Okta, which provides services to thousands of companies as well as U.S. government agencies, acknowledged Tuesday morning that
White House warns: Do these 8 things now to boost your security ahead of potential Russian cyberattacks
It’s one thing for tech companies to urge users to enable multi- or two-factor authentication, but now the White House is urging all US organizations to do it because of
Social engineering attacks to dominate Web3, the metaverse
Researchers predict that a surge in social engineering attacks will dominate web3 and the metaverse. Web3 is the term coined for what could become the next face of the internet.
On the Radar: Securing Web 3.0, the Metaverse and beyond
By Jaeson Schultz. Internet technology evolves rapidly, and the World Wide Web (WWW or Web) is currently experiencing a transition into what many are calling “Web 3.0”. Web 3.0 is
Modernizing our Certificates and Badges
Offensive Security’s certificates and badges are evolving! Beginning April 5, 2022, we will modernize the look of our certifications, and how we issue our accreditations. Our new approach is more
#IMOS22: Ciaran Martin Discusses Cyber-Threats from the Russia-Ukraine Conflict
Ciaran Martin believes organizations must be prepared for heightened cyber risks emanating from the Russia-Ukraine conflictRead More: https://www.infosecurity-magazine.com/news/ciaran-martin-cyber-threats-russia/
Google removes Android app with 100,000 downloads from Play Store over password-stealing malware
Google has removed an app with over 1000,000 downloads from its Play Store after security researchers warned that the app was able to harvest the Facebook credentials of smartphone users.
100,000 Google Play Users Targeted by Android Password Stealing Malware
The Google Play Store has seen over 100,000 downloads of malicious Android software that performs Facebook credentials theft. It seems that the application is still available for download. Android Password
Malware as a Service (MaaS). What It Is and How It Can Threaten Your Business?
Malware-as-a-Service (MaaS) is the term used to describe the unlawful leasing of software and hardware for the purpose of conducting cyber-attacks. Owners of MaaS servers provide threat actors with a
Malware as a Service. What It Is and How It Can Threaten Your Business?
Malware-as-a-Service (MaaS) is the term used to describe the unlawful leasing of software and hardware for the purpose of conducting cyber-attacks. Owners of MaaS servers provide threat actors with a
Okta says breach evidence posted by Lapsus$ hackers linked to January 'security incident'
Okta says that a rapid investigation into the sharing of screenshots appearing to show a data breach has revealed they relate to a “contained” security incident that took place in
Dark Web Drug Peddler Gets Nine Years
Police cracked encrypted chat messages to bust organized crime groupRead More: https://www.infosecurity-magazine.com/news/dark-web-drug-peddler-gets-nine/
Okta Investigates Possible Lapsus Breach
Concerns rise that ransomware group used access to target customersRead More: https://www.infosecurity-magazine.com/news/okta-investigates-possible-lapsus/
APAC firms see need to train staff in digital skills, but few actually do so
Most organisations in Asia-Pacific realise their employees need training in digital skills, but few have put in place plans to do so. With cloud and cybersecurity amongst the top digital
McAfee Enterprise's security service edge business is now called Skyhigh Security
At the start of this year, Symphony Technology Group (STG) announced Trellix was the new name for the business unit that resulted from the merger of McAfee Enterprise and FireEye last October.
Mitigate Top 5 Common Cybersecurity Vulnerabilities
Trend Micro – Vulnerabilities in software and infrastructure are a fact of life for developers and SREs, but that doesn’t mean you must accept them. Given the exponential growth of
Browser-in-the-Browser Attack Makes Phishing Nearly Invisible
Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google,
Biden warns organizations to harden cyber defences against Russian cyber attacks
Image: Getty Images US President Joe Biden has warned local organizations to bolster their cyber defence efforts as Russia is considering conducting cyber attacks in retaliation to sanctions imposed against
Corrupted open-source software enters the Russian battlefield
It started as an innocent protest. Npm, JavaScript’s package manager maintainer RIAEvangelist, Brandon Nozaki Miller, wrote and published an open-code npm source-code package called peacenotwar. It did little except add
White House issues call to action in light of new intelligence on Russian cyberthreat
Written by Tonya Riley Mar 21, 2022 | CYBERSCOOP The Biden administration renewed calls Monday for the private sector to address known vulnerabilities and shore up cyberdefenses in light of
Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts
The trojanized Craftsart Cartoon Photo Tools app is available in the official Android app store, but it’s actually spyware capable of stealing any and all information from victims’ social-media accounts.
Conti Ransomware V. 3, Including Decryptor, Leaked
The latest is a fresher version of the ransomware pro-Ukraine researcher ContiLeaks already released, but it’s reportedly clunkier code. Pro-Ukraine security researcher @ContiLeaks yesterday uploaded a fresher version of Conti
New Mexico Appoints Cybersecurity Advisor
Annie Winterfield Manriquez becomes state’s first senior advisor for Cybersecurity and Critical Infrastructure Read More: https://www.infosecurity-magazine.com/news/new-mexico-appoints-cybersecurity/
FTC Accuses CafePress of Data Breach “Cover-Up”
Commission orders e-commerce platform to compensate small businesses and improve security Read More: https://www.infosecurity-magazine.com/news/ftc-cafepress-data-cover-up/
Dental Care Data Breach May Impact 1 Million Texans
Social Security numbers at risk in state’s largest reported breach since notification law enacted Read More: https://www.infosecurity-magazine.com/news/dental-care-data-breach-may-impact/
Microsoft investigating hacking group's claims of successful breach
Written by AJ Vicens Mar 21, 2022 | CYBERSCOOP A cybercrime group that’s been targeting a string of high-profile victims with data theft, extortion and website defacements over the last
Bridgestone Hit as Ransomware Torches Toyota Supply Chain
A ransomware attack struck Bridgestone Americas, weeks after another Toyota supplier experienced the same and a third reported some kind of cyber hit. On Friday, Bridgestone Corp. admitted that a
14 Tips for MSPs to Prepare for the Inevitable Cybersecurity Incident
Whether or not additional cyberattacks are coming because of the Russian invasion of Ukraine, it’s imperative that MSPs and other tech businesses act now to effectively mitigate the risks. It
Venezuelan leftists took to Twitter in attempt to swing Colombian presidential election
Written by Suzanne Smalley Mar 21, 2022 | CYBERSCOOP Venezuelan leftist organizations orchestrated a disinformation campaign to drive social media narratives supporting a leftist Colombian presidential candidate who is currently
Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers
Ukrainian security officials have warned of ongoing attacks by InvisiMole, a hacking group with ties to the Russian advanced persistent threat (APT) group Gamaredon. Ukraine Crisis Last week, the Computer
New Phishing Toolset Allows for Browser in the Browser (BitB) Attacks
When logging onto websites, users often have the choice of signing in with Google, Microsoft, Apple, Twitter, or even Steam. A single-sign-on (SSO) browser window will open, inviting the user
Diavol Ransomware Receives Free Decryptor
Good news for victims of Diavol ransomware. Emsisoft, the well-known cybersecurity company, has just provided a free decryptor for this ransomware family linked to the TrickBot gang. Now victims can
Converting a PCAP into Zeek logs and investigating the data
Use case Let’s learn how to take a PCAP from the ‘Malware-Traffic-Analysis‘ website and transform it into Zeek logs using Brim. We will then break down the log files to
New Conti ransomware source code leaked
New versions of Conti’s ransomware source code have been reportedly leaked by a researcher displeased with the group’s public declaration of support to Russia. As reported by Bleeping Computer, a
FBI warns on ransomware that uses DDoS to threaten victims. Here's what to watch out for
AvosLocker, a ransomware-as-a-service menace that launched in July 2021, continues to attack US critical infrastructure, the US Federal Bureau of Investigations (FBI) has warned in an advisory. The AvosLocker gang
Suspected DarkHotel APT resurgence targets luxury Chinese hotels
A new wave of suspected activity conducted by the DarkHotel advanced persistent threat (APT) group has been disclosed by researchers. Last week, Trellix researchers Thibault Seret and John Fokker said
AvosLocker Ransomware Striking Critical Infrastructure Targets
US agencies issue IoC alert to help network defendersRead More: https://www.infosecurity-magazine.com/news/avoslocker-strikes-critical/
NFT Fraud in the UK Soars 400% in 2021
English courts praised for giving victims a sympathetic hearing Read More: https://www.infosecurity-magazine.com/news/nft-fraud-uk-soars-400-2021/
MDR—What is it and Why Should SMBs Care?
When dealing with the latest and most serious threats, cyber security leaders and teams need all the help they can get. One weapon to consider adding to the arsenal of
Over 40,000 London Voters Have Data Leaked to Strangers
Tory-run Wandsworth Council to blame for email errorRead More: https://www.infosecurity-magazine.com/news/over-40000-london-voters-data/
For Magecart groups and other credit-card skimmers, old and new opportunities abound
Written by Joe Warminsky Mar 21, 2022 | CYBERSCOOP At a time when big cybercrime headlines typically involve embattled ransomware gangs or cryptocurrency heists, a less-dramatic activity like online credit-card
Australia pledges new powers for combatting online disinformation
Image: Getty Images The Australian federal government has pledged new laws for cracking down against the spread of harmful disinformation and misinformation on social media. Under the proposed laws, the
Australia launches federal cybercrime centre as part of national plan
Image: Getty Images Australian Home Affairs Minister Karen Andrews has launched a centre to bolster the country’s cybercrime fighting efforts. The AU$89 million cybercrime centre forms part of Home Affairs’
We are headed for an ecosystem of cyber haves and cyber nots: Cisco advisory CISO
Image: Getty Images When policy makers are dreaming about how cybersecurity will be handled in the future, it consists of governments issuing warnings to organisations, the community sharing intel with
Riskware. Cybersecurity Threats You Must Be Aware Of
This post is also available in: Danish Whether we use it mostly at home or at work, the Internet is not always a safe place – clearly. As cybersecurity professionals,
Anonymous Leaks 79GB of Russian Oil Pipeline Giant’s Email Data
Anonymous claims it breached Omega Company which is the in-house R&D unit of Transneft, the largest oil pipeline company in the world based in Moscow, Russia. As Russia’s invasion of