Russia Issues Its Own TLS Certs
The country’s citizens are being blocked from the internet because foreign certificate authorities can’t accept payments due to Ukraine-related sanctions, so it created its own CA. Russia is offering its own
Avast Suspends Operations in Russia and Belarus
Cybersecurity firm joins growing list of companies pulling out of Russia following invasion of UkraineRead More: https://www.infosecurity-magazine.com/news/avast-suspends-russia/
French Bank Denies Access to Russian Workforce
BNP Paribas rescinds access privileges for its Russia-based workers over cyber-attack fears Read More: https://www.infosecurity-magazine.com/news/french-bank-denies-access-to/
NetWalker Suspect Extradited to US
US to try former Canadian government employee accused of ransomware attacksRead More: https://www.infosecurity-magazine.com/news/netwalker-suspect-extradited-to-us/
Strategies for IT Business Leaders to Manage Employees’ Mental Health
Dr. Sagar Samtani is an Assistant Professor in the Kelley School of Business at Indiana University (IU) and a Grant Thornton Scholar. His research interests are in cyber-threat intelligence. Dr.
Data centres are still a tempting target for hackers: Here's how to improve your security
Even if the cloud computing is on the rise, there are still a lot of corporate data centres around and these are a very tempting target for cyber criminals and
Proxy vs VPN – Differences and Advantages
VPNs and proxy servers are both technologies that allow you to keep your online activities private while browsing, sending emails, reading online messages, streaming video, or downloading files. However, each
WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities
WordFence – Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability
Raccoon Stealer Crawls Into Telegram
The credential-stealing trash panda is using the chat app to store and update C2 addresses as crooks find creative new ways to distribute the malware. A credential stealer that first
BazarBackdoor Malware Distributed via Corporate Website Contact Forms
Threat actors are employing a new technique and leveraging website contact forms instead of common phishing emails to deliver BazarBackdoor. This helps them bypass security software detection. What Is BazarBackdoor?
LastPass vs 1Password: Battle of the password manager titans
Passwords are a fact of life, and if you’re one of those people who reuses the same couple of passwords because that’s all you can remember, then you really need
Anonymous Claims to Have Leaked Over 360,000 Files From Russian Federal Agency
Anonymous revealed it has leaked files from the agency responsible for the supervision of communications, information technology and mass mediaRead More: https://www.infosecurity-magazine.com/news/anonymous-leaked-files-russian/
UK Announces Legislation to Govern Digital Identity Security
The new rules are designed to improve trust in digital identity solutionsRead More: https://www.infosecurity-magazine.com/news/uk-legislation-digital-identity/
Ukraine’s IT Army Targeted by Disguised Malware
Last month, the Ukrainian government announced the formation of a new Information Technology Army. The initiative is made of volunteers from across the globe who will perform cyberattacks and distributed
Google: More Chrome browser zero-day flaws are being spotted in-the-wild. That's not always a bad thing
2021 was a record year for the number of zero-day flaws in Chrome that attackers were exploiting before Google knew about them. Is Google losing the race against attackers? According
SaaS Security: How to Protect Your Enterprise in the Cloud
The SaaS architecture allows companies to focus on their core business while the third-party provider focuses on managing the security. Find out more about what software as a service model
#DSbD: Cybersecurity Advances Must Focus on Building Trust in Technologies
Cybersecurity must be about growing trust in technologies rather than surveillance and control, argues Prof Adam JoinsonRead More: https://www.infosecurity-magazine.com/news/dsbd-cybersecuirty-advances-trust/
Ukrainian IT Army Hijacked by Info-stealing Malware
DDoS tools may be booby-trapped, warns CiscoRead More: https://www.infosecurity-magazine.com/news/ukrainian-it-army-hijacked-malware/
SEC Proposes Four-Day Breach Notification Rules
Move is aimed at driving accountability and transparency Read More: https://www.infosecurity-magazine.com/news/sec-proposes-fourday-breach/
Vodafone and Mercado Libre Likely Hit by Ransomware Attacks
Lapsus group appears to have compromised new targetsRead More: https://www.infosecurity-magazine.com/news/vodafone-mercado-libre-ransomware/
Spoofing: What It Is and How Can You Prevent It?
What Is Spoofing? Spoofing is a type of cyberattack that involves assuming a false identity and manipulating a victim into disclosing sensitive information or granting access to their device. Cybercriminals
NetWalker ransomware affiliate extradited to the US for further charges
Image: Getty Images The NetWalker ransomware gang affiliate who was sentenced to seven years in prison by Canadian courts at the end of January was extradited to the United States
Alleged Ukrainian member of REvil Ransomware Gang extradited to US
Yaroslav Vasinskyi (22) is believed to be part of the REvil Ransomware gang that was behind multiple ransomware attacks against the United States including the Kaseya supply chain attack. A
New security threats target industrial control and OT environments
Written by CyberScoop Staff Mar 10, 2022 | CYBERSCOOP Last year, the range of cyber risks threatening industrial sectors grew and accelerated, led mainly by ransomware. However, the industrial control
Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers
Be careful when downloading a tool to cyber-target Russia: It could be an infostealer wolf dressed in sheep’s clothing that grabs your cryptocurrency info instead. Looking to cyber-screw Russia, Ukrainian
Talos Threat Source newsletter (March 10, 2022) — Fake social media posts spread in wake of Ukraine invasion
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter — complete with a new format and feel. First off, it goes without saying, but we’re all
Colorado Elections Clerk Charged with Identity Theft
Grand jury indicts two women on suspicion of tampering with election equipmentRead More: https://www.infosecurity-magazine.com/news/elections-clerk-charged-id-theft/
A basic text-color trick can fool phishing filters
Written by Joe Warminsky Mar 10, 2022 | CYBERSCOOP Underneath all the chatter about advanced cybercrime techniques, sometimes it’s the little things that get the job done. Researchers at Avanan
Anonymous and affiliates hacked 90% of Russian misconfigured databases
A new report reveals that since the Russian attack on Ukraine, Anonymous and its affiliate groups have compromised 90% of misconfigured cloud databases owned by different Russian organizations. As you
Canadian man accused of extorting $28 million in ransomware scheme extradited to U.S.
Written by AJ Vicens Mar 10, 2022 | CYBERSCOOP A Canadian man arrested in January 2021 for his role in the NetWalker ransomware attacks was extradited to the U.S. and
Qakbot Debuts New Technique
Old botnet performs new trick by inserting itself into the middle of email threads Read More: https://www.infosecurity-magazine.com/news/qakbot-debuts-new-technique/
Alleged Kaseya Attacker Extradited to US
Defendant indicted over deployment of REvil ransomware arrives in America Read More: https://www.infosecurity-magazine.com/news/alleged-kaseya-attacker-extradited/
New security threats target industrial control and OT environments
Read More: https://www.cyberscoop.com/new-security-threats-target-industrial-control-and-ot-environments/
AI Accountability Framework Created to Guide Use of AI in Security
The framework aims to mitigate ethical issues surrounding use of AI in securityRead More: https://www.infosecurity-magazine.com/news/ai-accountability-framework/
What Is Whaling Phishing?
Whaling phishing is a method used by cybercriminals that aim to obtain sensitive information about a target, steal money, or access their computer systems for malicious purposes. Whaling differs from
Watch out for this phishing attack that hijacks your email chats to spread malware
A prolific botnet used to deliver malware, ransomware and other malicious payloads is spreading itself by hijacking email conversations in order to trick PC users into downloading it in what’s
Microsoft: There's a critical shortage of women in cybersecurity, and we need to do something about it
Getty Images/iStockphoto Encouraging more women to pursue cybersecurity careers is “mission-critical” to filling some of the 2.5 million open jobs worldwide and tackling a global shortage of tech skills, Microsoft
Most Orgs Would Take Security Bugs Over Ethical Hacking Help
A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways. Enterprises are putting greater stock in cybersecurity,
AI Best Practices: Steps to Success for Business Leaders and Practitioners
Although artificial intelligence has permeated the technology landscape, companies are still struggling to understand how to integrate AI processes to meet business goals. AI’s transformative possibilities can only be unlocked
Russia May Use Ransomware Payouts to Avoid Sanctions
FinCEN warns financial institutions to beware of unusual cryptocurrency payments or illegal transactions Russia may use to evade restrictions imposed due to its invasion of Ukraine. Russia may ramp up
Multi-Ransomwared Victims Have It Coming–Podcast
Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles. You hate to blame
It's time to stop hoping that cybersecurity problems will just go away
Businesses are reluctant to admit cybersecurity weaknesses because they fear reputational damage – but by choosing to hide their heads in the sand and ignore security vulnerabilities, they risking more
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
By Asheer Malhotra, Vitor Ventura and Arnaud Zobec. Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating
In a world of deepfakes, this billion-dollar startup wants you to trust AI-powered ID checks
Digital identity is a crowded marketplace, but Veriff believes its AI tech sets it apart. Image: Veriff In late January 2022, Estonia gained its sixth tech unicorn after identity verification
Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads
The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things. The Qakbot botnet is getting more dangerous,
Cybercriminals are posing as Ukraine fundraisers to steal cryptocurrency
Written by Tonya Riley Mar 10, 2022 | CYBERSCOOP Ukraine and charities supporting the nation have turned to soliciting cryptocurrency donations during Russia’s invasion of the country. The gamble on
Latin e-commerce giant Mercado Libre hacked
Latin American e-commerce company Mercado Libre had its systems hacked in an incident that exposed information related to 300,000 users of the platform. ZDNet Recommends The best security key While
Russian Government Sites Hacked
A supply chain attack is a type of attack that aims to inflict damage upon an organization by leveraging vulnerabilities in its supply network. Cybercriminals often manipulate hardware or software