Small Businesses Pay Up to $1M to Recover from Breaches
Small Businesses Pay Up to $1M to Recover from Breaches Over half (58%) of US small businesses have suffered a security or data breach, with most paying hundreds of thousands
NRA responds to reports of Grief ransomware attack
The National Rifle Association (NRA) has released a statement today after a ransomware gang claimed to have attacked the organization. The Grief ransomware gang — which has ties to the
Microsoft is adding another way to update Windows 11 with Online Service Experience Packs
Credit: Microsoft Microsoft released a new Windows 11 Insider build on October 27 — Windows 11 Build 22489. In the release notes for this Dev Channel build, Microsoft officials disclosed
WordPress Plugin Bug Lets Subscribers Wipe Sites
The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media. Researchers have discovered
Salesforce and Google create cybersecurity baseline for companies checking vendors
Google and Salesforce have announced the creation of a vendor-neutral security baseline called the Minimum Viable Security Product (MVSP), which they said was an effort to “raise the bar for
Ransomware Attacks Are Evolving. Your Security Strategy Should, Too
Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti. Ransomware is an intensifying problem for all organizations, and it’s only going to get worse. What
Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam
The kid was busted after abusing Google Ads to lure users to his fake gift card site. During the early days of the pandemic, while the rest of the world
US Launches Appeal Against Assange Extradition Decision
US Launches Appeal Against Assange Extradition Decision The United States government has launched an appeal against a UK court's decision to refuse to extradite Wikileaks founder Julian Assange. Australian citizen
Google, Twitter back #ShareTheMicInCyber campaign to expand cybersecurity industry
The #ShareTheMicInCyber campaign that took over the Twitter pages of the country’s cybersecurity leaders last week is being formalized thanks to a partnership between the movement’s founders and a think
A Russian-speaking ransomware gang says it hacked the National Rifle Association
Written by Tonya Riley and AJ Vicens Oct 27, 2021 | CYBERSCOOP A ransomware group known as Grief claimed on Wednesday to have hacked the National Rifle Association, releasing 13
Adobe’s Surprise Security Bulletin Dominated by Critical Patches
Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure. Adobe has dropped a mammoth out-of-band security
India’s Supreme Court Orders Pegasus Probe
India’s Supreme Court Orders Pegasus Probe India's Supreme Court has ordered an investigation to determine whether Prime Minister Narendra Modi’s administration used spyware to illegally surveil opposition leaders, journalists, activists, tycoons, and
'Cyber event' knocks dairy giant Schreiber Foods offline amid industry ransomware outbreak
Written by Tim Starks Oct 27, 2021 | CYBERSCOOP A “cyber event” knocked plants and distribution centers offline at Schreiber Foods, a multibillion-dollar dairy company, a spokesperson told CyberScoop Wednesday.
War-Driving Technique Allows Wi-Fi Password-Cracking at Scale
A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood. War-driving – the process of driving around mapping residential Wi-Fi networks
A full analysis of Horus Eyes RAT
While continuously developing new techniques to bypass security mechanisms, cybercriminals have combined private and underground projects and brought them to update their cyber arsenal. Horus Eyes RAT (HE-RAT) is one
EC-Council Offers Free Cybersecurity Training
EC-Council Offers Free Cybersecurity Training The International Council of Electronic Commerce Consultants (EC-Council) has launched its first-ever MOOC certification series. A MOOC, or massive open online course, is a training program
Apple Patches Critical iOS Bugs; One Under Attack
Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks. Apple lovers who haven’t yet updated to iOS 15, you may want to pop
Iranian Gas Stations Crippled After Suffering Cyberattack
Soon after the cyberattack, videos and posts started surfacing on social media displaying messages that read: “Khamenei! Where is our gas?” Another sign read: “Free gas in Jamaran gas station.”
Avast releases decryptor for AtomSilo and LockFile ransomware
Avast – On Oct 17, 2021, Jiří Vinopal published information about a weakness in the AtomSilo ransomware and that it is possible to decrypt files without paying the ransom. Slightly
Squirrelwaffle Malware Used to Drop Cobalt Strike
Penetration testers prefer Cobalt Strike when trying to replicate how cybercriminal tools would look when assaulting an organization’s network. Unfortunately, hackers adapted to it, and Cobalt became a popular second-stage
Is Conti Ransomware Selling Access to Victims?
Conti ransomware is a malicious actor known to bring extreme prejudice to its victims. This is mainly due to the speed with which encrypts data and spreads to other systems.
Ransomware Dubbed Ranzy Locker Has Affected No Less Than 30 US Companies in 2021, FBI Reports
A flash alert was published on Monday by the Federal Bureau of Investigation emphasizing the effects Ranzy Locker ransomware has had over this year on US companies. According to the
1,000,000 Sites Affected by OptinMonster Vulnerabilities
WordFence – Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 28, 2021 the Wordfence
Secondary Infektion, a Russian disinformation outfit, impersonated Swedish lawmaker
Written by Jeff Stone Oct 27, 2021 | CYBERSCOOP A suspected Russian disinformation campaign used manipulated images and fabricated internet personas to promote false narratives online in an effort to
Not upgrading to iOS 15? Then you need to install this update now
Back when Apple first announced the iOS 15, it promised that users could choose to stay on iOS 14 if they wanted to and still get updates. Apple is delivering
Linux Foundation: confidential computing market to reach $54 billion in 2026
The confidential computing market is expected to reach $54 billion by 2026, according to a new market study from the Linux Foundation and the Confidential Computing Consortium. Conducted by Everest
Weeks early: Adobe dumps massive security patch update
Adobe has issued a vast security update targeting 14 products including Lightroom, Photoshop, and InDesign. On October 26, the tech giant issued over 80 patches for vulnerabilities including critical code
Cyberattack Cripples Iranian Fuel Distribution Network
The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens. An attack on the fuel distribution chain
Cyber Attack Cripples Iranian Fuel Distribution Network
The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens. An attack on the fuel distribution chain
Building Cybersecurity Resiliency – An Interview with a Threat Forensic Investigator
The threat landscape is changing. Crimeware, a class of malware designed specifically to automate cybercrime, is growing in prevalence. It’s often provided as a service or a pre-made, easy-to-execute kit
Break into the elite field of cybersecurity by learning Risk Management Frameworks
StackCommerce ZDNet Recommends Best security key 2021 While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.
These phishing emails use QR codes to bypass defences and steal Microsoft 365 usernames and passwords
Cyber criminals are sending out phishing emails containing QR codes in a campaign designed to harvest login credentials for Microsoft 365 cloud applications. Usernames and passwords for enterprise cloud services like Microsoft
Lazarus Hacking Group Now Focusing on IT Supply Chain Attacks
Lazarus Group, the Advanced Persistent Threat (APT) hacking group linked to the North Korean government, has shifted its attention to new targets, with cybersecurity researchers noticing that the actor is
Iranian Gas Stations Unable to Operate After Massive Cyberattack
The National Iranian Oil Products Distribution Company (NIOPDC) was founded in 1928 and has been in charge of the supply and distribution of oil products for almost 80 years. The
Meet Balikbayan Foxes: a threat group impersonating the Philippine gov't
Proofpoint has uncovered a new, “highly active” threat group that is impersonating the Philippine government and businesses to spread Trojan malware. On Wednesday, researchers Selena Larson and Joe Wise said
Microsoft warns over uptick in password spraying attacks
Cyber attackers aren’t just looking for software flaws, supply chain weakness, and open RDP connections. The other key asset hackers are after is identities, especially account details that will give
Microsoft warns over uptick in password spraying attacks
Cyber attackers aren’t just looking for software flaws, supply chain weakness, and open RDP connections. The other key asset hackers are after is identities, especially account details that will give
HM Treasury Hit by Five Million Malicious Emails in Past Three Years
HM Treasury Hit by Five Million Malicious Emails in Past Three Years Her Majesty’s Treasury, the UK government department responsible for the nation’s economic policy, has been hit by nearly
EPP EDR: What Is Each and How They Differ
When it comes to cybersecurity incidents, your company’s endpoints are some of the most important IT assets you want to monitor and protect. The massive increase in remote work due
70% of WiFi Networks Cracked by Researcher to Show Their Lack of Security
A researcher wanted to prove that a hacker could hijack a home network with ease by exploiting their lack of security, so he cracked 70% of a 5,000 WiFi network
Triada Trojan Conceals Itself in WhatsApp Mod
Security Intelligence – Triada Trojan Conceals Itself in WhatsApp Mod A variant of the Triada Trojan concealed itself within a WhatsApp mod for Android devices, Kaspersky found in August. What
North Korean Lazarus APT Targets Software Supply Chain
North Korean Lazarus APT Targets Software Supply Chain A notorious North Korean APT group has been observed compromising the software supply chain, in campaigns reminiscent of the attacks on SolarWinds
Ofcom's Scam Call-Blocking Plan Could Save Consumers Millions
Ofcom's Scam Call-Blocking Plan Could Save Consumers Millions A plan by the UK telecoms regulator to block scam calls from abroad could save consumers nearly £10m annually in money lost
Digital Extortionists DDoS VoIP Providers
Digital Extortionists DDoS VoIP Providers A trade body has warned of a major DDoS attack campaign designed to extort money from global Voice over IP (VoIP) providers. Comms Council UK,
QuintessenceLabs raises AU$25m to take quantum-based cyber solutions global
Canberra-based quantum cybersecurity solutions firm QuintessenceLabs (QLabs) has completed a AU$25 million series B funding round that will be used to expand the company globally and more than double its
FCC kicks China Telecom out of United States
Image: Getty Images The United States Federal Communications Commission (FCC) has removed the authority of China Telecom to operate in the US, and given it 60 days to pack its
Australia launches new initiative for blocking scam government texts
The federal government has launched a new initiative to block scam text messages posing as legitimate government sender IDs. The new initiative was launched following a year-long pilot program that
Leverage Virtual Patching to Prevent Network Threats
Trend Micro – Understanding IPS Patching An intrusion prevention system (IPS) acts as a security mechanism to detect and prevent network threats. The system accomplishes this by scanning network traffic