Ex-carrier employee sentenced for role in SIM-swapping scheme
A former sales representative of a mobile carrier has been sentenced after accepting bribes to perform SIM-swapping attacks. This week, the US Department of Justice (DoJ) said that Stephen Defiore,
22% of Brits Received Proof of Vaccination Phishing Email in Past Six Months
22% of Brits Received Proof of Vaccination Phishing Email in Past Six Months Nearly a quarter (22%) of Brits have received phishing emails asking them to download their ‘proof of
Network Computing Awards 2021: Heimdal™ Wins Best Cloud-Delivered Security Solution
Great efforts pay off! We are very proud and thrilled to announce that Heimdal™ won first place in the Cloud-Delivered Security Solution of the Year category at the Network Computing
Enhancing Cyber Resilience through Extended Detection and Response (XDR)
Summary Advanced attacks represent a challenge for organizations that are getting breached due to architectural misfits and resource challenges Enlarging the width and depth of threat detection and response helps
South African police arrest eight men suspected of targeting widows in romance scams
South African police have arrested eight suspects in connection to romance scams that defrauded at least 100 women. The gang used “sob stories” as a lure to push women —
Microsoft Teams: Now your video calls support end-to-end encryption
Microsoft has rolled out a public preview of E2EE for one-to-one Teams calls, bringing its enterprise platform up to par with Facebook’s consumer apps, WhatsApp and Messenger. Microsoft announced the
Halloween Horror-Show for Candy-Maker Hit by Ransomware
Halloween Horror-Show for Candy-Maker Hit by Ransomware A major US confectionary manufacturer has been hit by ransomware at one of its busiest times of the year, according to reports. Chicago-based Ferrara –
Ransomware: Looking for weaknesses in your own network is key to stopping attacks
Ransomware is a major cybersecurity threat to organisations around the world, but it’s possible to reduce the impact of an attack if you have a thorough understanding of your own
Over 80% of Brits Deluged with Scam Calls and Texts
Over 80% of Brits Deluged with Scam Calls and Texts Some 45 million Brits received fraudulent phone calls and texts over the summer, according to new data from Ofcom. The UK’s
Government Agents Compromise REvil Backups to Force Group Offline
Government Agents Compromise REvil Backups to Force Group Offline The US authorities appear to have scored another win in their fight against ransomware by forcing the infamous REvil group offline.
All You Need to Know About DNS Spoofing to Keep Your Organization Safe
This post is also available in: Danish The DNS in and of itself has never been secure. Being created in the 1980s when the Internet was a complete novelty, protection
My Health Record imaging services security failed ADHA password standards
My Health Record system’s physical and information security measures used to access the My Health Record system for pathology and diagnostic imaging services did not meet the ADHA’s recommended standard
Google reports new highs for governments requesting content to be removed
Google issued its Content Removal Transparency Report for the first half of 2021, and warned it has continued to see a rising trend in requests from governments, as they pass
India Releases Cybersecurity Guidelines for Power Sector
Trend Micro – The Indian Government’s Power Ministry and the Central Electricity Authority (CEA) recently released cybersecurity guidelines to enhance the power sector’s cybersecurity readiness. It is the first time
Multiple governments involved in coordinated takedown of REvil ransomware group: Reuters
Cybersecurity experts have told Reuters that law enforcement officials from multiple countries were involved in the disruption of the REvil ransomware gang, which went dark for the second time on
Republican Senate leaders slam new TSA cybersecurity regulations for rail, aviation industry
Republican leaders in the US Senate have come out harshly against new cybersecurity regulations designed to protect US railroad and airport systems. The new rules were handed down earlier this
US Imprisons Bulletproof Hosting Providers
US Imprisons Bulletproof Hosting Providers Two men from Eastern Europe have been imprisoned in the United States for helping cyber-criminals carry out cyber-attacks against individuals and financial institutions in America.
DOJ Sues Robocaller to Pay Massive Fine
DOJ Sues Robocaller to Pay Massive Fine The United States' Department of Justice (DOJ) is seeking to recover a financial penalty of nearly $10m that was imposed on a man
U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn
Meanwhile, Zerodium’s quest to buy VPN exploits is problematic, researchers said. The launch of a standing offer to pay for Windows virtual private network (VPN) software zero-day exploits came to
TA551 Shifts Tactics to Install Sliver Red-Teaming Tool
A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment. The criminal threat group known as TA551 has added the Sliver
450 million cyberattacks attempted on Japan Olympics infrastructure: NTT
The NTT Corporation, which provided wide-ranging telecommunications services and network security for the Olympic & Paralympic Games in Tokyo this summer, said there were more than 450 million attempted cyberattacks
CISA Awards $2M to Cybersecurity Training Programs
CISA Awards $2M to Cybersecurity Training Programs The United States' Cybersecurity and Infrastructure Security Agency (CISA) has awarded two organizations $2m to develop cybersecurity workforce training programs. Award recipients NPower
Gigabyte Allegedly Hit by AvosLocker Ransomware
If AvosLocker stole Gigabyte’s master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds. The AvosLocker ransomware gang is
US rolls out new rules governing export of hacking, cyberdefense tools
The US Commerce Department has released new rules designed to stop companies from selling hacking tools to China, Russia and other countries that may use them for nefarious purposes. The
72% of Organizations Experienced a DNS Attack in the Last Year
72% of Organizations Experienced a DNS Attack in the Last Year Nearly three-quarters (72%) of organizations have suffered a domain name system (DNS) attack in the last 12 months, according
Data analytics firm exposed 2m Instagram and TikTok users’ data
The victims of this “data leak” also include celebrities like Alicia Keys, Loren Gray, Kylie Jenner, Ariana Grande, and Kim Kardashian. The cybersecurity team at Safety Detectives, led by Anurag
Introducing ATT&CK v10: More Objects, Parity and Features
Amy L. RobertsonOct 21 · 6 min read By Amy L. Robertson (MITRE), Alexia Crumpton (MITRE), and Chris Ante (MITRE) As announced a couple of weeks ago, we’re back with
Microsoft announces security programs for nonprofits as nation-state attacks increase
Microsoft unveiled a new suite of tools on Thursday built to protect nonprofits as threats against philanthropic organizations globally have skyrocketed, particularly from nation-states. The Microsoft Security Program for Nonprofits
#ISC2Congress: How to Mitigate Evolving Insider Threats
#ISC2Congress: How to Mitigate Evolving Insider Threats The changing nature of insider threats was described by Lisa Forte, founder, Red Goat Cyber Security, during a keynote presentation at this week’s virtual ISC2
C2 Communication Is Enabled via WebSockets in a Fresh PurpleFox Botnet Version
PurpleFox botnet, the well-known Dirty Moe, goes on and develops more vulnerability exploits and payloads. The fresh news on this botnet shows how this time it establishes C2 communication via
Distributed Denial of Service Attacks Against Russia Have Tripled
Distributed Denial of Service, otherwise known as DDoS attacks are online attacks in which legitimate users are prevented from accessing their target online location. The attack happens by flooding the
Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts
According to Google, YouTube influencers have been targeted with password-stealing malware in a phishing campaign allegedly conducted by Russian-speaking cybercriminals. Security experts with Google’s Threat Analysis Group (TAG), who first
Why is Cybersecurity Failing Against Ransomware?
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo. Yes,
Windows Defender Is an Underutilized Endpoint Security Resource
Microsoft Defender Antivirus suffers from a perception problem. For the first decade of its existence, starting with its 2006 release, Defender was a much-maligned piece of software that no business
Gummy Browsers: The New Cyberattack Developed by Researchers
Academic experts from a U.S. university designed a new type of cyberattack dubbed Gummy Browsers. Its main characteristics include the capturing of fingerprints and also tricking the browser. Gummy Browsers
Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween
Chicago-based Ferrara acknowledged an Oct. 9 attack that encrypted some systems and disrupted production. The manufacturer of some of Halloween’s most popular sweet treats has been hit with a ransomware
Palo Alto warns of BEC-as-a-service, finds average wire fraud attempted is $567,000 with peak of $6 million
Business email compromise (BEC) continues to cost victims thousands — and sometimes millions — of dollars, according to a new report from Palo Alto Networks’ threat research group Unit 42.
Hacker Exploits an Old Microsoft Office Vulnerability to Deliver RATs
Cybersecurity researchers have recently come across an unknown threat actor conducting a crimeware operation in which it attacks organizations in India and Afghanistan using political and government-themed malicious domains. As
The United States Government Will Ban the Reselling of Potentially Hacking Tools to Authoritarian Regimes
The Bureau of Industry and Security (BIS) supports the US national security, foreign policy, and economic objectives by maintaining an effective export control and treaty compliance system and encouraging continuing
Google disrupts massive phishing and malware campaign
Google has blocked 1.6 million phishing emails since May 2021 that were part of a malware campaign to hijack YouTube accounts and promote cryptocurrency scams. According to Google’s Threat Analysis
Why Third-Party Testing is Critical for Informed Customer Decisions
With 400+ new threats discovered each minute and 30 billion threat queries validated daily; it is fair to say that 2021 is a banner year for cybercrime. While some cybercriminals
Threat Actors Abusing Discord to Spread Malware
Threat Actors Abusing Discord to Spread Malware Researchers have discovered new multi-function malware abusing the core functions of popular group app platform Discord. Check Point explained in a blog post
20+ Free Remote Desktop Software Tools You Need to Know
Remote desktop software is basically a computer program that lets you connect to another computer. The PC you will connect to is named “the host”, your PC from where you
US to Ban Export of Hacking Tools to Authoritarian States
US to Ban Export of Hacking Tools to Authoritarian States The US government has issued new rules designed to prevent the export of hacking and surveillance tools to regimes guilty
Data Scrapers Expose 2.6 Million Instagram and TikTok Users
Data Scrapers Expose 2.6 Million Instagram and TikTok Users Security researchers have discovered over two million social media user profiles scraped from the internet after they were unwittingly exposed online
US judge sentences duo for roles in running bulletproof hosting service
A US judge has sentenced two Eastern European men for operating a bulletproof hosting service leveraged by cybercriminals to deploy malware. On Wednesday, the US Department of Justice (DoJ) said
Gartner predicts privacy law changes, consolidation of cybersecurity services and ransomware laws for next 4 years
Gartner analysts released their list of cybersecurity and privacy predictions for the next few years, floating a number of potential ideas about how the world will respond to certain problems
Russian Cyber-criminals Switch to Cloud
Russian Cyber-criminals Switch to Cloud Cybersecurity firm Kaspersky today released research on Russian-speaking cyber-criminal activity and how it has changed over the past six years. The study by Kaspersky’s Computer Incident Investigation Department found