News

Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine

ciber
2025-06-16 https://thehackernews.com/2025/06/playbook-transforming-your.html
Introduction The cybersecurity landscape is evolving rapidly, and so are the cyber needs of organizations worldwide. While businesses face mounting pressure from regulators, insurers, and rising threats, many still treat cybersecurity as an afterthought. As a result, providers may struggle to move beyond tactical services like one-off assessments or compliance checklists, and demonstrate "

Autosummary: The next tier, Governance, Risk, Advisory & Compliance, is built for mid-sized, regulated organizations that need support aligning with frameworks like CMMC, ISO, or HIPAA.Platforms like Cynomi enable providers to: Standardize workflows and client engagement Cut assessment times Continuously monitor risk and compliance Generate audit-ready reports automatically Operate with leaner teams Real-World Example: Burwood Group: Burwood, a technology consulting firm, expanded its business by evolving from offering smaller cybersecurity engagements to delivering ongoing strategic offerings and vCISO services that provide greater scale and recurring revenue. To stay competitive and drive lasting impact, leading service providers are repositioning cybersecurity as a strategic business enabler, and transitioning from reactive, risk-based services to ongoing cybersecurity management aligned with business goals. "


Canada’s second-largest airline WestJet is containing a cyberattack

ciber
2025-06-15 https://securityaffairs.com/179027/uncategorized/canadas-airline-westjet-is-containing-a-cyberattack.html
Canada’s airline WestJet has suffered a cyberattack that impactd access to some internal systems and the company app. WestJet is a Canadian airline that operates both domestic and international flights. Founded in 1996, it started as a low-cost carrier and has grown to become Canada’s second-largest airline, after Air Canada. WestJet is investigating a cybersecurity […] "

Autosummary: Canada’s second-largest airline WestJet is containing a cyberattack Pierluigi Paganini June 15, 2025 June 15, 2025 Canada’s airline WestJet has suffered a cyberattack that impactd access to some internal systems and the company app. "


WestJet investigates cyberattack disrupting internal systems

ciber
2025-06-14 https://www.bleepingcomputer.com/news/security/westjet-investigates-cyberattack-disrupting-internal-systems/
WestJet, Canada"s second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach. [...] "

Autosummary: "


Victoria’s Secret restores critical systems after cyberattack

ciber
2025-06-13 https://www.bleepingcomputer.com/news/security/victorias-secret-restores-critical-systems-after-cyberattack/
Victoria"s Secret has restored all critical systems impacted by a May 24 security incident that forced it to shut down corporate systems and the e-commerce website. [...] "

Autosummary: " Quarterly earnings release delayed As the company revealed after disclosing the incident last month, it was forced to take down corporate systems, some in-store services, and the e-commerce website as a precaution on May 26. "


A cyberattack on United Natural Foods caused bread shortages and bare shelves

ciber
2025-06-13 https://securityaffairs.com/178991/hacking/a-cyberattack-on-united-natural-foods-caused-bread-shortages-and-bare-shelves.html
Cyberattack on United Natural Foods Inc. (UNFI) disrupts deliveries, causing Whole Foods shortages nationwide after systems were taken offline on June 5. United Natural Foods, Inc. (UNFI) is a Providence, Rhode Island–based natural and organic food company. The largest publicly traded wholesale distributor of health and specialty food in the United States and Canada, it is Whole Foods Market‘s main supplier, with their traffic making up over […] "

Autosummary: “A corporate Whole Foods spokesperson apologized for the inconvenience and said the company is working to restock shelves quickly, but declined to answer specific questions.” reported NBC News. "


Cybercriminals are turning stolen data into a thriving black market

ciber
2025-06-12 https://www.helpnetsecurity.com/2025/06/12/europol-internet-organised-crime-threat-assessment-iocta-2025/

Cybercriminals are stealing data and running full-scale businesses around it. Europol’s latest Internet Organised Crime Threat Assessment (IOCTA) report reveals how personal data is now a core currency in the underground economy. Data is the product Cybercriminals go after everything from login credentials to credit card numbers, medical records, and social media accounts. The data criminals collect helps them access accounts, impersonate users, or sell that access to others. Europol stresses that access to an … More

The post Cybercriminals are turning stolen data into a thriving black market appeared first on Help Net Security.

"

Autosummary: AI opens new attack paths Besides improving phishing, criminals are using AI to create fake identities, forge digital fingerprints, and bypass security checks.Infostealers are a type of malware designed to extract personal data from infected devices, such as usernames, passwords, and browser history. "


The path to better cybersecurity isn’t more data, it’s less noise

ciber
2025-06-11 https://www.helpnetsecurity.com/2025/06/11/cybersecurity-data-overload/

In cybersecurity, there’s an urge to collect as much data as possible. Logs, alerts, metrics, everything. But more data doesn’t necessarily translate to better security. SOCs deal with tens of thousands of alerts every day. It’s more than any person can realistically keep up with. When too much data comes in at once, things get missed. Responses slow down and, over time, the constant pressure can lead to burnout. According to a Vectra AI survey, … More

The post The path to better cybersecurity isn’t more data, it’s less noise appeared first on Help Net Security.

"

Autosummary: What AI does well: Processes data faster than humans Reduces alert fatigue by flagging high-risk patterns Finds anomalies that may be missed in manual reviews What to watch out for: AI can still miss or misclassify threats Results depend on the quality of input data Human oversight and tuning are essential AI is not magic. According to a Vectra AI survey, 71% of SOC practitioners worry they will miss a real attack buried in a flood of alerts, and 51% believe they cannot keep pace with the increasing number of security threats. If a security incident happens, take time to review which logs and alerts helped find or stop the threat. "


Erie Insurance confirms cyberattack behind business disruptions

ciber
2025-06-11 https://www.bleepingcomputer.com/news/security/erie-insurance-confirms-cyberattack-behind-business-disruptions/
Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website. [...] "

Autosummary: Error shown when attempting to log into Erie Insurance site Today, Erie Indemnity Group filed a Form 8-K filing with the U.S. Securities and Exchange Commission, stating it detected "unusual network activity" on June 7, 2025. "


Cybersecurity jobs available right now: June 10, 2025

ciber
2025-06-10 https://www.helpnetsecurity.com/2025/06/10/cybersecurity-jobs-available-right-now-june-10-2025/

The post Cybersecurity jobs available right now: June 10, 2025 appeared first on Help Net Security.

"

Autosummary: Automation tester (Infosec) – Vulnerability management WTW | India | On-site – View job details As an Automation tester (Infosec) – Vulnerability management, you will create, maintain, and execute appropriate security testing processes to enable timely detection, risk-based prioritization, and co-ordinate the remediation of security testing findings. Senior Network Security Engineer – F5/Firewall Intertec Systems | UAE | On-site – View job details As a Senior Network Security Engineer – F5/Firewall, you will engage in planning, scheduling, and implementing network upgrades, implementations, and migrations for clients in a timely manner and during times that will have the least impact on the users of the affected systems. Manager, Cloud Security Engineer Lead Pfizer | Ireland | Hybrid – View job details As a Manager, Cloud Security Engineer Lead, you will lead and manage engineers in designing, developing, and maintaining cloud-native security solutions for enhancements and new services to protect Pfizer cloud infrastructure. "


The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier

ciber
2025-06-10 https://thehackernews.com/2025/06/the-hidden-threat-in-your-stack-why-non.html
Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs — including application secrets, API keys, service accounts, and OAuth tokens — have exploded in recent years, thanks to an "

Autosummary: At the end of the day, non-human identities and human identities may have different characteristics and needs, but both require an end-to-end approach that protects them before, during, and after authentication.Those secrets, keys, and tokens are just as sensitive as the credentials used by humans, and in some cases, even more so, as they can provide adversaries with powerful access to specific applications and services if they"re leaked.NHIs — including application secrets, API keys, service accounts, and OAuth tokens — have exploded in recent years, thanks to an ever-expanding array of apps and services that must work together and identify one another on the fly.How do we make sure we"re managing those?" Final thoughts Non-human identities are essential to businesses today, helping them automate processes, enable integrations, and ensure smooth operations. "


Balancing cybersecurity and client experience for high-net-worth clients

ciber
2025-06-09 https://www.helpnetsecurity.com/2025/06/09/renana-friedlich-barsky-lpl-financial-wealth-management-cybersecurity/

In this Help Net Security interview, Renana Friedlich-Barsky, EVP and CISO at LPL Financial, discusses how threat actors are targeting high-net-worth clients and exploiting digital touchpoints in wealth management. She explains why firms must embed security from the start to protect sensitive assets and ensure seamless, secure client experiences. How are threat actors evolving their tactics to target high-net-worth clients or exploit digital touchpoints in wealth management platforms? Threat actors are becoming more targeted and … More

The post Balancing cybersecurity and client experience for high-net-worth clients appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Renana Friedlich-Barsky, EVP and CISO at LPL Financial, discusses how threat actors are targeting high-net-worth clients and exploiting digital touchpoints in wealth management.By demonstrating how strong security enhances brand reputation, customer confidence, and regulatory compliance, CISOs help shift the perception of cybersecurity from a cost center to a business enabler, driving security and sustainable digital transformation in wealth management. "


Grocery wholesale giant United Natural Foods hit by cyberattack

ciber
2025-06-09 https://www.bleepingcomputer.com/news/security/grocery-wholesale-giant-united-natural-foods-hit-by-cyberattack/
United Natural Foods (UNFI), North America"s largest publicly traded wholesale distributor, was forced to shut down some systems following a recent cyberattack. [...] "

Autosummary: The Rhode Island-based company operates 53 distribution centers and delivers fresh and frozen products to over 30,000 locations across the United States and Canada, including supermarket chains, e-commerce providers, natural product superstores, independent retailers, and food service customers. "


Why IAM should be the starting point for AI-driven cybersecurity

ciber
2025-06-06 https://www.helpnetsecurity.com/2025/06/06/benny-porat-twine-security-ai-driven-security-decisions/

In this Help Net Security interview, Benny Porat, CEO at Twine Security, discusses applying AI agents to security decisions. He explains why identity and access management (IAM) is the ideal starting point for both augmentation and automation, and shares advice on building trust in AI agents and integrating them into existing workflows.

The post Why IAM should be the starting point for AI-driven cybersecurity appeared first on Help Net Security.

"

Autosummary: High-volume, low-complexity tasks like identity hygiene, account ownership verification, and routine IAM workflows are good examples of where to start, and then move up to more complex scenarios requiring human judgment such as remediating audit findings, stale account identification and clean up, and user access reviews (UARs), where AI will help accelerate processes while still keeping humans still in the loop. Now let’s go back to AI agents – unlike human decision-making that relies on memory and subjective recollection, AI agents create complete, immutable audit trails capturing every decision point, data input, logical step, and action taken throughout the entire process. "


Kettering Health confirms Interlock ransomware behind cyberattack

exploits ransomware ciber
2025-06-06 https://www.bleepingcomputer.com/news/security/kettering-health-confirms-interlock-ransomware-behind-cyberattack/
Healthcare giant Kettering Health, which manages 14 medical centers in Ohio, confirmed that the Interlock ransomware group breached its network and stole data in a May cyberattack. [...] "

Autosummary: "


Booking.com reservation abused as cybercriminals steal from travelers

ciber
2025-06-06 https://www.malwarebytes.com/blog/news/2025/06/booking-com-abused-by-cybercriminals-to-steal-from-travelers
Cybercriminals are abusing the hospitality industry and its booking platforms to defraud the travelers that visit them "

Autosummary: Arcona Hotels & Resorts is a German-based company specializing in operating and developing hotels, particularly focusing on leisure and holiday hotels, boutique hotels, and 5-star properties. To be clear, these types of online scams are so effective because the hotel itself has been compromised, and travelers log into official, verified websites and services only to receive malicious messages from cybercriminals who are secretly in control. "


Microsoft unveils free EU cybersecurity program for governments

government ciber
2025-06-04 https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-free-eu-cybersecurity-program-for-governments/
Microsoft announced in Berlin today a new European Security Program that promises to bolster cybersecurity for European governments. [...] "

Autosummary: "


Cybersecurity jobs available right now: June 3, 2025

ciber
2025-06-03 https://www.helpnetsecurity.com/2025/06/03/cybersecurity-jobs-available-right-now-june-3-2025/

The post Cybersecurity jobs available right now: June 3, 2025 appeared first on Help Net Security.

"

Autosummary: Manager, IT Operations (Cloud, Security and Infrastructure) GMS Health Insurance | Canada | On-site – View job details As a Manager, IT Operations (Cloud, Security and Infrastructure), you will negotiate SLAs, review performance dashboards, maintain the security risk register, and coordinate remediation across IT, architecture, and business units. Engineer, Network Security Concentra | USA | On-site – View job details As an Engineer, Network Security, you will be responsible for planning, designing, developing, evaluating, testing, and integrating the organization’s security infrastructure, including the implementation and design of multiple security solutions. Senior Security Engineer, Application Security Constantinople | Australia | Hybrid – View job details As a Senior Security Engineer, Application Security, you will enhance and manage application security tooling such as SAST, DAST (both out-of-the-box and custom), open-source vulnerability scanning, and EASM. Information Security Officer Medison Pharma | Israel | On-site – View job details As an Information Security Officer, you will be responsible for developing, updating, and maintaining the organizational information security management framework, including policies, procedures, and work plans. Senior Network Security Engineer Elavon | Ireland | Hybrid – View job details As a Senior Network Security Engineer, you will be primarily responsible for implementing and supporting security solutions and technologies to help protect the organization’s systems from unauthorized access, use, disclosure, destruction, modification, or disruption. "


How global collaboration is hitting cybercriminals where it hurts

ciber
2025-06-03 https://www.helpnetsecurity.com/2025/06/03/william-lyne-national-crime-agency-cybercrime-ecosystem-threats/

In this Help Net Security interview, William Lyne, Deputy Director of UK’s National Crime Agency, discusses the cybercrime ecosystem and the threats it enables. He explains how cybercrime is becoming more accessible and fragmented. Lyne also talks about key trends, recent disruptions, and collaboration between law enforcement and the private sector. What are the most concerning trends you’re seeing in cybercriminal behaviour today? Cybercrime is a constantly evolving threat, which is supported and enabled by … More

The post How global collaboration is hitting cybercriminals where it hurts appeared first on Help Net Security.

"

Autosummary: I cannot comment on specific, ongoing investigations, but generally we see groups like these as comprised of individuals, often young men, in English-speaking countries who often have particular social engineering skills – exploiting people within organisations as opposed to using technical means to gain access to victim systems.Again in 2024, the NCA led Op DESTABILISE, which successfully disrupted Russian-speaking illicit finance networks that we know were utilised by a number of different ransomware groups, alongside a range of other threat actors. "


Bankers Association’s attack on cybersecurity transparency

financial ciber
2025-06-03 https://www.helpnetsecurity.com/2025/06/03/bankers-association-attack-on-cybersecurity-transparency/

A coalition of banking industry associations, including SIFA, the American Bankers Association (ABA), Bank Policy Institute (BPI), and several other lobbying groups have made a disgraceful appeal to the SEC to eliminate the rule requiring public disclosure of material cybersecurity incidents within four days of detection. This rule was established to ensure shareholders are properly informed and potential victims receive timely notice so they can take protective action, which wasn’t happening consistently before the rule … More

The post Bankers Association’s attack on cybersecurity transparency appeared first on Help Net Security.

"

Autosummary: A coalition of banking industry associations, including SIFA, the American Bankers Association (ABA), Bank Policy Institute (BPI), and several other lobbying groups have made a disgraceful appeal to the SEC to eliminate the rule requiring public disclosure of material cybersecurity incidents within four days of detection. Business leaders and cybersecurity professionals should see this for what it is: a shady move to protect image and profits at the expense of transparency, fairness, security, and public trust.They’re putting forward weak, recycled arguments in the hopes of shielding their industry from public scrutiny, narrative damage, and financial consequences. "


A cyberattack hit hospitals operated by Covenant Health

ciber
2025-06-02 https://securityaffairs.com/178507/uncategorized/a-cyberattack-hit-hospitals-operated-by-covenant-health.html
A cyberattack hit three hospitals operated by Covenant Health, forcing them to shut down all systems to contain the incident. Three hospitals run by Covenant Health were hit by a cyberattack, prompting them to shut down all their systems to contain the security incident. “St. Mary’s is currently experiencing a temporary system issue that is […] "

Autosummary: A cyberattack hit hospitals operated by Covenant Health Pierluigi Paganini June 02, 2025 June 02, 2025 A cyberattack hit three hospitals operated by Covenant Health, forcing them to shut down all systems to contain the incident. "


A cyberattack hit hospitals operated by Covenant Health

ciber
2025-06-02 https://securityaffairs.com/178507/cyber-crime/a-cyberattack-hit-hospitals-operated-by-covenant-health.html
A cyberattack hit three hospitals operated by Covenant Health, forcing them to shut down all systems to contain the incident. Three hospitals run by Covenant Health were hit by a cyberattack, prompting them to shut down all their systems to contain the security incident. “St. Mary’s is currently experiencing a temporary system issue that is […] "

Autosummary: A cyberattack hit hospitals operated by Covenant Health Pierluigi Paganini June 02, 2025 June 02, 2025 A cyberattack hit three hospitals operated by Covenant Health, forcing them to shut down all systems to contain the incident. "


Cartier discloses data breach amid fashion brand cyberattacks

financial ciber
2025-06-02 https://www.bleepingcomputer.com/news/security/cartier-discloses-data-breach-amid-fashion-brand-cyberattacks/
Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers" personal information after its systems were compromised. [...] "

Autosummary: In May, Dior disclosed a data breach after threat actors breached its systems and stole customer contact details, purchase histories, and preferences. "


Don’t let dormant accounts become a doorway for cybercriminals

ciber
2025-06-02 https://www.welivesecurity.com/en/cybersecurity/dont-let-dormant-accounts-become-doorway-cybercriminals/
Do you have online accounts you haven"t used in years? If so, a bit of digital spring cleaning might be in order. "

Autosummary: One report claims that 3.2 billion credentials were stolen last year; most (75%) via infostealers Large-scale data breaches, where hackers harvest entire databases of passwords and usernames from third-party companies you might have signed up to Credential stuffing, where hackers feed breached credentials into automated software, in an attempt to unlock accounts where you’ve reused that same compromised password Brute-force techniques, where they use trial and error to guess your passwords The consequences of inactive accounts If an attacker gains access to your account, they could: Use it to send spam and scams to your contacts (e.g., if it’s an inactive email or social media account), or even launch convincing phishing attacks in your name. For those accounts you want to keep, aside from updating the password to a strong, unique credential, and storing it in a password manager, consider the following: Switching on two-factor authentication (2FA), so that even if a hacker gets hold of your password, they won’t be able to compromise your account.A good way to find these is to search your email inbox for keywords like "Welcome,” "Verify account,” “Free trial,” Thank you for signing up,” “Validate your account,” etc. "


ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

government ciber
2025-05-30 https://thehackernews.com/2025/05/connectwise-hit-by-cyberattack-nation.html
ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation-state actor, which affected a very small number of ScreenConnect "

Autosummary: "


ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor

government ciber
2025-05-30 https://securityaffairs.com/178442/hacking/connectwise-cyberattack-sophisticated-nation-state-actor.html
ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its ScreenConnect customers. ConnectWise revealed it had detected suspicious activity linked to an advanced nation-state actor. The company confirmed that the attack impacted a small number of its ScreenConnect customers. “ConnectWise recently learned of suspicious activity within our environment that we […] "

Autosummary: ConnectWise is a Florida-based software company that provides IT management solutions, including Remote Monitoring and Management (RMM), cybersecurity tools, automation software, and Business management platforms.ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor Pierluigi Paganini May 30, 2025 May 30, 2025 ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its ScreenConnect customers. "


Police takes down AVCheck site used by cybercriminals to scan malware

exploits ciber
2025-05-30 https://www.bleepingcomputer.com/news/security/police-takes-down-avcheck-antivirus-site-used-by-cybercriminals/
An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild. [...] "

Autosummary: "By leveraging counter antivirus services, malicious actors refine their weapons against the world"s toughest security systems to better slip past firewalls, evade forensic analysis, and wreak havoc across victims" systems. "


Resecurity Compliance Manage empowers cybersecurity leaders with AI-driven insights

ciber
2025-05-29 https://www.helpnetsecurity.com/2025/05/29/resecurity-compliance-manager/

Resecurity has officially launched its AI-driven Compliance Manager. The solution is engineered to help CISOs and compliance teams manage complex regulatory demands, reduce risk, and maintain alignment with global cybersecurity standards. The Compliance Manager delivers centralized visibility, automation, and expert-level guidance to ensure organizations stay audit-ready and resilient in the face of expanding data protection and information security regulations. The platform currently supports over 20 international and regional compliance frameworks, including: GDPR (General Data Protection … More

The post Resecurity Compliance Manage empowers cybersecurity leaders with AI-driven insights appeared first on Help Net Security.

"

Autosummary: "


What CISOs can learn from the frontlines of fintech cybersecurity

ciber
2025-05-29 https://www.helpnetsecurity.com/2025/05/29/ria-shetty-mastercard-cybersecurity-innovation/

At Span Cyber Security Arena, I sat down with Ria Shetty, Director, Cyber Security & Resilience for Europe at Mastercard. Our conversation cut through the hype and focused on what CISOs deal with every day: how to embed security into innovation, manage supply chain risk, and prepare both systems and people for the threats ahead. For Shetty, the idea that innovation competes with security is a false choice. “They go hand in hand,” she says. … More

The post What CISOs can learn from the frontlines of fintech cybersecurity appeared first on Help Net Security.

"

Autosummary: Her team works with banks, merchants, and partners to raise awareness, provide tools, and help them secure their full environment. “Protection on the payment side is great, but if a customer is compromised elsewhere in their environment, that becomes our problem too,” she says. “You can have the smartest tool out there, but in the end, it depends on the human,” she says.Her team can provide tools and guidance, but success depends on how organizations handle their people, processes, and partners.That’s why transparency, privacy, and security are built into every step of her team’s work, not added at the end. "


CISOs prioritize AI-driven automation to optimize cybersecurity spending

ciber
2025-05-29 https://www.helpnetsecurity.com/2025/05/29/ai-automation-investing/

Cybersecurity leaders and consultants identified AI-driven automation and cost optimization as top organizational priorities, according to Wipro. 30% of respondents are investing in AI automation to enhance their cybersecurity operations. AI-driven automation can help in detecting and responding to threats more quickly and accurately, thereby reducing the need for extensive manual intervention. 26% of respondents are focusing on tools rationalization. This approach involves evaluating and consolidating duplicate security tools across platforms to eliminate redundancies and … More

The post CISOs prioritize AI-driven automation to optimize cybersecurity spending appeared first on Help Net Security.

"

Autosummary: Some organizations are transitioning cybersecurity into a business-risk-aligned management structure to enhance accountability at the board level, promote risk-aware behavior throughout the organization, and strengthen the case for necessary cybersecurity investments. "


Review: Cybersecurity For Dummies, 3rd Edition

ciber
2025-05-29 https://www.helpnetsecurity.com/2025/05/29/review-cybersecurity-for-dummies-3rd-edition/

If you’re new to cybersecurity and looking for a book that doesn’t overwhelm you with jargon or dive too deep into technical territory, Cybersecurity For Dummies might be a solid starting point. It’s written with beginners in mind and assumes you know how to use a smartphone and computer but not much more. This latest edition, published in 2025, adds newer topics like AI threats, which help keep the material relevant. About the author Joseph … More

The post Review: Cybersecurity For Dummies, 3rd Edition appeared first on Help Net Security.

"

Autosummary: Personal safety tips for passwords, accounts, and devices Risks of public Wi-Fi and social engineering Security for small businesses and remote workers How to respond if you’re hacked Backing up and restoring your data Careers in cybersecurity What’s coming next, such as AI, smart devices, and more There are even chapters at the end that give “top ten” lists of practical advice. About the author Joseph Steinberg holds a suite of security certifications including: CISSP, ISSAP, ISSMP, and CSSLP. "


Cybercriminals exploit AI hype to spread ransomware, malware

exploits ransomware ciber
2025-05-29 https://www.bleepingcomputer.com/news/security/cybercriminals-exploit-ai-hype-to-spread-ransomware-malware/
Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads. [...] "

Autosummary: The ransom note demands a $50,000 ransom to be paid in the hard-to-trace Monero cryptocurrency, claiming that the funds will support humanitarian causes in Palestine, Ukraine, Africa, and Asia. "


Victoria’s Secret ‘s website offline following a cyberattack

ciber
2025-05-29 https://securityaffairs.com/178432/hacking/victorias-secrets-website-offline-following-a-cyberattack.html
Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats against major retailers. American lingerie, clothing, and beauty retailer Victoria’s Secret took its website offline following a cyberattack. At this time, the site shows the following message: “Valued customer, we identified and are taking steps to address a security incident. […] "

Autosummary: Victoria’s Secret ‘s website offline following a cyberattack Pierluigi Paganini May 29, 2025 May 29, 2025 Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats against major retailers. "


ConnectWise breached in cyberattack linked to nation-state hackers

government ciber
2025-05-29 https://www.bleepingcomputer.com/news/security/connectwise-breached-in-cyberattack-linked-to-nation-state-hackers/
IT management software firm ConnectWise says a suspected state-sponsored cyberattack breached its environment and impacted a limited number of ScreenConnect customers. [...] "

Autosummary: " ConnectWise is a Florida-based software company that provides IT management, RMM (remote monitoring and management), cybersecurity, and automation solutions for managed service providers (MSPs) and IT departments. "


Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

exploits ciber
2025-05-29 https://thehackernews.com/2025/05/cybercriminals-target-ai-users-with.html
Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim"s system," Cisco Talos researcher Chetan "

Autosummary: " The three malware families are below - GRIMPULL, a downloader that uses a TOR tunnel to fetch additional .NET payloads that are decrypted, decompressed, and loaded into memory as .NET assemblies FROSTRIFT, a .NET backdoor that collects system information, details about installed applications, and scans for 48 extensions related to password managers, authenticators, and cryptocurrency wallets on Chromium-based web browsers XWorm, a known .NET-based remote access trojan (RAT) with features like keylogging, command execution, screen capture, information gathering, and victim notification via Telegram STARKVEIL also serves as a conduit to launch a Python-based dropper codenamed COILHATCH that"s actually tasked with running the aforementioned three payloads via DLL side-loading. The ransomware is equipped to escalate privileges and re-execute itself with administrative permissions, if not already, and encrypts files located in the partitions "C:\," "D:\," and "E:\" that match a certain set of extensions. "


Hottest cybersecurity open-source tools of the month: May 2025

ciber
2025-05-28 https://www.helpnetsecurity.com/2025/05/28/hottest-cybersecurity-open-source-tools-of-the-month-may-2025/

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Vuls: Open-source agentless vulnerability scanner Vuls is an open-source tool that helps users find and manage security vulnerabilities. It was created to solve the daily problems admins face when trying to keep servers secure. LlamaFirewall: Open-source framework to detect and mitigate AI centric security risks LlamaFirewall is a system-level security framework for LLM-powered applications, built with a … More

The post Hottest cybersecurity open-source tools of the month: May 2025 appeared first on Help Net Security.

"

Autosummary: "


Czechia blames China for Ministry of Foreign Affairs cyberattack

ciber
2025-05-28 https://www.bleepingcomputer.com/news/security/czechia-blames-china-for-ministry-of-foreign-affairs-cyberattack/
The Czech Republic says the Chinese-backed APT31 hacking group was behind cyberattacks targeting the country"s Ministry of Foreign Affairs and critical infrastructure organizations. [...] "

Autosummary: "The malicious activity, which lasted from 2022 and affected an institution designated as Czech critical infrastructure, was perpetrated by the cyberespionage actor APT31 that is publicly associated with the Ministry of State Security," the Czech government said. "


Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack

ciber
2025-05-28 https://thehackernews.com/2025/05/czech-republic-blames-china-linked.html
The Czech Republic on Wednesday formally accused a threat actor associated with the People"s Republic of China (PRC) of targeting its Ministry of Foreign Affairs. In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. The extent of the breach is presently not "

Autosummary: The attack has been attributed to a state-sponsored threat actor tracked as APT31, which also overlaps with threat clusters known as Altaire, Bronze Vinewood, Judgement Panda, PerplexedGoblin, RedBravo, Red Keres, and Violet Typhoon (formerly Zirconium). "


Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry

ciber
2025-05-28 https://securityaffairs.com/178399/apt/czech-republic-accuses-chinas-apt31-of-a-cyberattack-on-its-foreign-ministrys-unclassified-network.html
The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on its critical infrastructure. The Czech government strongly condemned China after the cyber espionage group APT31 was linked to a cyberattack targeting the nation’s critical infrastructure. The Czech government condemned China after APT31 hackers infiltrated a ministry’s unclassified system in 2022 […] "

Autosummary: China-linked cybereaspionage group APT31 (aka Zirconium, Judgment Panda, and Red Keres) was involved in multiple cyber espionage operations, it made the headlines in 2022 after the Check Point Research team discovered that the group used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool, years before it was leaked online by Shadow Brokers hackers. APT31, also known as Zirconium or Judgment Panda, has been operational for more than a decade, stealing diplomatic cables, industrial designs, and political strategy documents from Europe, North America, and Asia. "


Cybersecurity jobs available right now: May 27, 2025

ciber
2025-05-27 https://www.helpnetsecurity.com/2025/05/27/cybersecurity-jobs-available-right-now-may-27-2025/

Application Security Engineer, SDO AppSec Amazon | EMEA | Hybrid – View job details As an Application Security Engineer, SDO AppSec, you will be responsible for creating, updating, and maintaining threat models across a diverse range of software projects. Part of your role will involve developing security automation tools to enhance efficiency and consistency. You will perform adversarial security analysis, leveraging tools to complement manual testing efforts. CISO AudioCodes | Israel | Hybrid – View … More

The post Cybersecurity jobs available right now: May 27, 2025 appeared first on Help Net Security.

"

Autosummary: Manager, Information Security Risk Acrisure | USA | On-site – View job details As a Manager, Information Security Risk, you will conduct comprehensive third party risk assessments, analyzing security policies, procedures, controls, and compliance with regulatory requirements. Cybersecurity Analyst I, Applications The University of British Columbia | Canada | Hybrid – View job details As a Cybersecurity Analyst I, Applications, you will design, implement, configure and manage application security solutions based on business, security, and privacy needs. Senior Cyber Security Engineer – Software Development JLR | Ireland | Hybrid – No longer accepting applications As a Senior Cyber Security Engineer – Software Development, you will design, implement, and maintain software applications related to security functionalities such as crypto key management, HSM APIs, secure logging, and firewalls. Information Security Director Sycurio | United Kingdom | Hybrid – View job details As an Information Security Director, you will develop, maintain, and expand the information security management system (‘ISMS’) in line with an optimise compliance for ISO27001, PCI-DSSS and SOC2 compliance. NOC Analyst The Guitar Center Company | USA | On-site – View job details As a NOC Analyst, you will monitor operational systems, networks, and applications to ensure availability, performance, and security. "


Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets

ciber
2025-05-27 https://thehackernews.com/2025/05/cybercriminals-clone-antivirus-site-to_4.html
Cybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT. The campaign indicates a "clear intent to target individuals for financial gain by compromising their credentials, crypto wallets, and potentially selling access to their systems," the "

Autosummary: "Utilizing state-of-the-art tactics such as polymorphic identifiers, advanced man‑in‑the‑middle proxy mechanisms and multi-factor authentication bypass techniques, the attackers aim to harvest credentials and two-factor authentication (2FA) codes, enabling real-time access to social media accounts," the KnowBe4 Threat Lab said in a report. "


DefectDojo’s SOC capabilities simplify cybersecurity operations

ciber
2025-05-27 https://www.helpnetsecurity.com/2025/05/27/defectdojo-soc-capabilities/

DefectDojo announced next-gen Security Operations Center (SOC) capabilities for DefectDojo Pro, which provides both SOC and AppSec professionals a unified platform for noise reduction and prioritization of SOC alerts and AppSec findings. As both SOC and AppSec teams attempt to cut through noisy data from a sprawling set of tools and sources, Dojo Pro now allows two security teams to work from the same platform. SOC teams, like their counterparts in AppSec, are facing a … More

The post DefectDojo’s SOC capabilities simplify cybersecurity operations appeared first on Help Net Security.

"

Autosummary: These include the Rules Engine, which enables teams to customize rules to automatically manipulate, edit, enhance, add custom remediation advice, escalate, or de-escalate specific findings, all without significant human effort; the universal parser, allowing for data ingestion from any tool producing JSON or XML data; and next-generation prioritization evaluation. "


Why layoffs increase cybersecurity risks

ciber
2025-05-26 https://www.helpnetsecurity.com/2025/05/26/layoffs-cybersecurity-risks/

A wave of layoffs has swept through the tech industry, leaving IT teams in a rush to revoke all access those employees may have had. Additionally, 54% of tech hiring managers say their companies are likely to conduct layoffs within the next year, and 45% say employees whose roles can be replaced by AI are most likely to be let go, according to General Assembly. Taking away access to company data the moment someone leaves … More

The post Why layoffs increase cybersecurity risks appeared first on Help Net Security.

"

Autosummary: The types of data that can be extracted: Client/customer data Company confidential Employee HR data Financial data Sensitive project files Source code Unreleased or sensitive marketing Lack of monitoring during workforce transitions: During large-scale layoffs, teams often cannot cover all aspects of offboarding alongside their regular duties. Mitigation strategies for safer offboarding Revoke access to user accounts, systems, applications, and networks. "


Outsourcing cybersecurity: How SMBs can make smart moves

ciber
2025-05-23 https://www.helpnetsecurity.com/2025/05/23/smbs-outsourcing-cybersecurity/

Outsourcing cybersecurity can be a practical and affordable option. It allows small businesses to get the protection they need without straining their budgets, freeing up time and resources to focus on core operations. 76% of SMBs lack the in-house skills to properly address security issues, increasing demand for the expertise and services of MSPs, and 78% are concerned that a severe cyberattack could drive them out of operation, according to ConnectWise. What you can outsource … More

The post Outsourcing cybersecurity: How SMBs can make smart moves appeared first on Help Net Security.

"

Autosummary: 76% of SMBs lack the in-house skills to properly address security issues, increasing demand for the expertise and services of MSPs, and 78% are concerned that a severe cyberattack could drive them out of operation, according to ConnectWise.Crisis response and decision-making During an incident, vendors can execute containment and recovery, but only your leadership can make key decisions, such as public disclosures or operational shutdowns.Even if a vendor manages backups or platforms, you should maintain the keys, including credentials, encryption policies, and recovery processes. "


Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program

ciber
2025-05-22 https://thehackernews.com/2025/05/webinar-learn-how-to-build-reasonable.html
It’s not enough to be secure. In today’s legal climate, you need to prove it. Whether you’re protecting a small company or managing compliance across a global enterprise, one thing is clear: cybersecurity can no longer be left to guesswork, vague frameworks, or best-effort intentions. Regulators and courts are now holding organizations accountable for how “reasonable” their security programs are "

Autosummary: In this live session, CIS experts will walk you through a practical, no-fluff approach to building a cybersecurity program that meets legal and industry standards—and makes sense for your size, scope, and resources. "


Why so many military veterans move into cybersecurity

ciber
2025-05-22 https://www.bbc.com/news/articles/ce3vgjzwl04o
The vigilance needed in the military can be an asset in the cybersecurity industry. "

Autosummary: But, Mrs Morin adds, "The camaraderie is exactly like the military, the busy weeks, the quiet weeks, the jokes that nobody gets unless you"ve been there done that…It"s just a really tight knit community."In addition, he says, military personnel always think in terms of "risk, defence in depth, layers of defence".But, says former infantryman James Murphy, when you see a trashcan by the side of the road, and you know no-one is collecting rubbish that day: "The spider hairs on the back of your neck start tingling." "


Marks & Spencer faces $402 million profit hit after cyberattack

ciber
2025-05-21 https://www.bleepingcomputer.com/news/security/marks-and-spencer-faces-402-million-profit-hit-after-cyberattack/
British retailer giant Marks & Spencer (M&S) is bracing for a potential profit hit of up to £300 million £300 million ($402 million) following a recent cyberattack that led to widespread operational and sales disruptions. [...] "

Autosummary: "In Fashion, Home & Beauty, online sales and trading profit have been heavily impacted by the necessary decision to pause online shopping, however stores have remained resilient. "


European Union sanctions Stark Industries for enabling cyberattacks

ciber
2025-05-21 https://www.bleepingcomputer.com/news/security/european-union-sanctions-stark-industries-for-enabling-cyberattacks/
The European Union has imposed strict sanctions against web-hosting provider Stark Industries and the two individuals running it, CEO Iurie Neculiti and owner Ivan Neculiti, for enabling "destabilising activities" against the Union. [...] "

Autosummary: “They have been acting as enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber-attacks against the Union and third countries” - Council of the European Union Stark Industries is incorporated in the United Kingdom and provides VPS/VDS servers in the UK, the Netherlands, Germany, France, Turkey, and the U.S. The company provides multiple payment methods, including Bitcoin, Monero, Dash, and Ether cryptocurrency, typically used to hide payment origin. "


A cyberattack was responsible for the week-long outage affecting Cellcom wireless network

ciber
2025-05-21 https://securityaffairs.com/178158/security/a-cyberattack-was-responsible-for-the-week-long-outage-affecting-cellcom-wireless-network.html
Cellcom, a regional wireless carrier based in Wisconsin (US), announced that a cyberattack is the cause of a service outage it faced during the past week. Cellcom, a regional wireless carrier in Wisconsin, confirmed a cyberattack that caused a week-long outage affecting voice and text services in Wisconsin and Upper Michigan. The company announced it […] "

Autosummary: A cyberattack was responsible for the week-long outage affecting Cellcom wireless network Pierluigi Paganini May 21, 2025 May 21, 2025 Cellcom, a regional wireless carrier based in Wisconsin (US), announced that a cyberattack is the cause of a service outage it faced during the past week. "


Cybersecurity jobs available right now: May 20, 2025

ciber
2025-05-20 https://www.helpnetsecurity.com/2025/05/20/cybersecurity-jobs-available-right-now-may-20-2025/

CISO Vault Cloud | Australia | Hybrid – View job details As a CISO, you will lead company’s cloud security strategy, scale the SOC team, and manage cyber threats to protect national data. You’ll work with stakeholders to enhance security, develop advanced tools, maintain up-to-date policies, and align company’s direction with government and industry partners. Chief Information Officer Aspira | USA | On-site – View job details As a Chief Information Officer, you will create, … More

The post Cybersecurity jobs available right now: May 20, 2025 appeared first on Help Net Security.

"

Autosummary: Senior Cloud Security Engineer, DevSecOps Figment | Canada | Remote – View job details As a Senior Cloud Security Engineer, DevSecOps, you will design, implement, and manage security controls for cloud infrastructure in AWS and GCP. Chief Information Officer Aspira | USA | On-site – View job details As a Chief Information Officer, you will create, implement, and maintain comprehensive policies, procedures, and frameworks that adhere to industry best practices. Information Security Operations Manager Chalhoub Group | UAE | On-site – View job details As an Information Security Operations Manager, you will oversee global SOC activities, ensuring 24/7 monitoring, detection, and response to security threats. Red Team Operator Bayer | Israel | Hybrid – View job details As a Red Team Operator, you will lead full-scope engagements—initial access, C2, evasion, lateral movement, and objective execution. Insider Threat Program Lead Marvell Technology | USA | Remote – No longer accepting applications As an Insider Threat Program Lead, you will design, implement, and manage Marvell’s Insider Threat Program, ensuring alignment with organizational goals, industry best practices and regulatory requirements. DevSecOps Engineer Leonar | France | On-site – View job details As a DevSecOps Engineer, you will drive security best practices, maintain compliance with SOC 2 and ISO 27001, propose new security measures, and support audit processes. "


Absolute Extreme Resilience accelerates recovery following cyberattacks and IT incidents

ciber
2025-05-20 https://www.helpnetsecurity.com/2025/05/20/absolute-extreme-resilience/

Absolute Security announced new Extreme Resilience capabilities available in Rehydrate, an Absolute Resilience Platform module. Rehydrate enables remote restoration of Windows endpoints at enterprise scale with a single click. It delivers full recovery even when the device OS and other security or management tools have crashed, been compromised, or become corrupted. With these new Extreme Resilience capabilities, Rehydrate is now the only business continuity restoration solution that offers playbook-driven response capabilities that empower Security and … More

The post Absolute Extreme Resilience accelerates recovery following cyberattacks and IT incidents appeared first on Help Net Security.

"

Autosummary: "


Mobile carrier Cellcom confirms cyberattack behind extended outages

ciber Telcos
2025-05-20 https://www.bleepingcomputer.com/news/security/mobile-carrier-cellcom-confirms-cyberattack-behind-extended-outages/
Wisconsin wireless provider Cellcom has confirmed that a cyberattack is responsible for the widespread service outage and disruptions that began on the evening of May 14, 2025. [...] "

Autosummary: " Cellcom initially claimed the disruption was caused by a technical issue, stating that data services, iMessage, RCS messaging, and 911 emergency services remained operational. "


AI hallucinations and their risk to cybersecurity operations

ciber
2025-05-19 https://www.helpnetsecurity.com/2025/05/19/ai-hallucinations-risk-cybersecurity-operations/

AI systems can sometimes produce outputs that are incorrect or misleading, a phenomenon known as hallucinations. These errors can range from minor inaccuracies to misrepresentations that can misguide decision-making processes. Real world implications “If a company’s AI agent leverages outdated or inaccurate data, AI hallucinations might fabricate non-existent vulnerabilities or misinterpret threat intelligence, leading to unnecessary alerts or overlooked risks. Such errors can divert resources from genuine threats, creating new vulnerabilities and wasting already-constrained SecOps … More

The post AI hallucinations and their risk to cybersecurity operations appeared first on Help Net Security.

"

Autosummary: As to senior developers, they will likely spot an error in a timely manner, however, the increasing number of them over-rely on GenAI, blindly trusting its output,” said Ilia Kolochenko, CEO of ImmuniWeb. By embedding trust, traceability, and control into AI deployment, CISOs can balance innovation with accountability, keeping hallucinations in check without slowing progress: 1.“All AI-generated responses must carry metadata including source context, model version, prompt structure, and timestamp,” Conikee notes. "


Arla Foods confirms cyberattack disrupts production, causes delays

ciber
2025-05-19 https://www.bleepingcomputer.com/news/security/arla-foods-confirms-cyberattack-disrupts-production-causes-delays/
Arla Foods has confirmed to BleepingComputer that it was targeted by a cyberattack that has disrupted its production operations. [...] "

Autosummary: The firm has an annual revenue of €13.8 billion ($15.5 billion), and its products, including the brands Arla, Lurpak, Puck, Castello, and Starbucks, are sold in 140 countries worldwide. "


Cybersecurity Skills Framework connects the dots between IT job roles and the practical skills needed

ciber
2025-05-16 https://www.helpnetsecurity.com/2025/05/16/cybersecurity-skills-framework-linux-foundation/

The Linux Foundation, in collaboration with OpenSSF and Linux Foundation Education, has released the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families. “Cybersecurity is now a leadership issue, not just a technical one,” said Steve Fernandez, General Manager at OpenSSF. “Our framework gives organizations a straightforward way to identify gaps and prioritize the security skills that matter most, based … More

The post Cybersecurity Skills Framework connects the dots between IT job roles and the practical skills needed appeared first on Help Net Security.

"

Autosummary: "


How working in a stressful environment affects cybersecurity

ciber
2025-05-16 https://www.helpnetsecurity.com/2025/05/16/stressful-environment-cybersecurity/

Stressful work environments don’t just erode morale, they can quietly undermine cybersecurity. When employees feel overworked, unsupported, or mistreated, their judgment and decision-making suffer. “From an organizational perspective, a toxic culture often leads to increased errors, missed threats, decreased productivity, and higher turnover rates,” said Rob Lee, Chief of Research and Head of Faculty at SANS Institute. According to CyberArk, 65% of office workers admit they’ve bypassed cybersecurity policies to stay productive. Frustration and anger … More

The post How working in a stressful environment affects cybersecurity appeared first on Help Net Security.

"

Autosummary: “From an organizational perspective, a toxic culture often leads to increased errors, missed threats, decreased productivity, and higher turnover rates,” said Rob Lee, Chief of Research and Head of Faculty at SANS Institute. "


Building cybersecurity culture in science-driven organizations

ciber
2025-05-15 https://www.helpnetsecurity.com/2025/05/15/anne-sofie-roed-rasmussen-novonesis-science-driven-organization-cybersecurity/

In this Help Net Security interview, Anne Sofie Roed Rasmussen, CISO at Novonesis, discusses how a science-driven organization approaches cybersecurity, aligning innovation with protection, measuring cultural progress, managing shadow IT, and earning trust from scientific leaders. How do you measure progress when it comes to building a cybersecurity culture in a science-driven organization? Science, exploration, and innovation are at the heart of our organizational DNA. However, no one is immune to making mistakes—anyone, regardless of … More

The post Building cybersecurity culture in science-driven organizations appeared first on Help Net Security.

"

Autosummary: Error. "


Nova Scotia Power confirms hackers stole customer data in cyberattack

ciber
2025-05-15 https://www.bleepingcomputer.com/news/security/nova-scotia-power-confirms-hackers-stole-customer-data-in-cyberattack/
Nova Scotia Power confirms it suffered a data breach after threat actors stole sensitive customer data in a cybersecurity incident discovered last month. [...] "

Autosummary: "


Fashion giant Dior discloses cyberattack, warns of data breach

financial ciber
2025-05-14 https://www.bleepingcomputer.com/news/security/fashion-giant-dior-discloses-cyberattack-warns-of-data-breach/
House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information. [...] "

Autosummary: According to screenshots of the notices shared online, the incident was discovered on May 7, involving unauthorized personnel access, and exposed the following information: Full name Gender Phone number Email address Postal address Purchase history Notice sent to China customers Source: marketing-interactive.com The notice posted on Dior’s Korean shop also sets the breach date to May 7, 2025, suggesting a common cybersecurity incident that had an international impact. "


Steel giant Nucor Corporation facing disruptions after cyberattack

ciber
2025-05-14 https://www.bleepingcomputer.com/news/security/steel-giant-nucor-corporation-facing-disruptions-after-cyberattack/
A cybersecurity incident on Nucor Corporation"s systems forced the company to take offline parts of its networks and implement containment measures. [...] "

Autosummary: "


Breaking down silos in cybersecurity

ciber
2025-05-13 https://www.helpnetsecurity.com/2025/05/13/marc-gafan-ionix-tyson-kopczynski-cymetry-one-cybersecurity-silos/

All organizations erect silos – silos between groups and departments, across functions and among technologies. Silos represent differences in practices, culture and operations. Their presence inhibits communication and collaboration. As companies scale from startup to mid-sized and beyond, silos multiply and ossify. As operations expand from one site to many, from on-premises to cloud, from legacy to emerging tech (e.g., cloud and AI), silos don’t topple; they persist and proliferate. Nowhere are silos more evident … More

The post Breaking down silos in cybersecurity appeared first on Help Net Security.

"

Autosummary: Practitioners continue to acquire and juggle tool sets directed at endpoints, applications, network security, vulnerability management, cloud security, threat hunting and myriad other domains. Additionally, significant time and effort are spent identifying who is responsible for specific tasks, which could be the security team, product team, DevOps or even business units.As operations expand from one site to many, from on-premises to cloud, from legacy to emerging tech (e.g., cloud and AI), silos don’t topple; they persist and proliferate. "


Review: Resilient Cybersecurity

ciber
2025-05-13 https://www.helpnetsecurity.com/2025/05/13/review-resilient-cybersecurity/

Resilient Cybersecurity touches on nearly every major function of enterprise cybersecurity, from threat detection and identity management to vendor risk and regulatory compliance. About the author Mark Dunkerley is a cybersecurity and technology leader with over 20 years of experience working in higher education, healthcare and Fortune 100 companies. Inside the book The structure of the book mirrors the process of building a cybersecurity program from the ground up. Early chapters focus on understanding the … More

The post Review: Resilient Cybersecurity appeared first on Help Net Security.

"

Autosummary: From there, he devotes individual chapters to each major program component, including vulnerability management, architecture, operations, awareness and training, and proactive services. "


Cybersecurity jobs available right now: May 13, 2025

ciber
2025-05-13 https://www.helpnetsecurity.com/2025/05/13/cybersecurity-jobs-available-right-now-may-13-2025/

The post Cybersecurity jobs available right now: May 13, 2025 appeared first on Help Net Security.

"

Autosummary: Computer Network Defense Analyst RealmOne | USA | On-site – View job details As a Computer Network Defense Analyst, you will utilize information from various sources, such as intrusion detection systems, firewalls, network traffic logs, and host system logs, to identify potential vulnerabilities, respond to cyber events, and defend against possible threats. IT Specialist III – Lead Security Analyst City of Irvine | USA | On-site – View job details As an IT Specialist III – Lead Security Analyst, you will lead the monitoring, detection, investigation, and response to security incidents using SIEM, EDR, and threat intelligence platforms. Lead Security Consultant – Offensive Security Cyderes | Canada | Remote – View job details As a Lead Security Consultant – Offensive Security, you will lead and execute advanced penetration tests across internal/external networks, web/mobile apps, APIs, cloud, and wireless environments. Network Security Specialist – L2 Global Relay | United Kingdom | Hybrid – View job details As a Network Security Specialist – L2, you will be responsible for assisting in engineering, long term strategies, planning, integration, and deployments pertaining to the IT Network. Senior InfoSec Compliance Analyst Onit | India | On-site – View job details As a Senior InfoSec Compliance Analyst, you will lead the planning and execution of security audits, assess, implement, and maintain new compliance frameworks or controls, leading cross-functional projects for certifications or attestations. "


AI vs AI: How cybersecurity pros can use criminals’ tools against them

ciber
2025-05-13 https://www.helpnetsecurity.com/2025/05/13/ai-proxies-cybersecurity/

For a while now, AI has played a part in cybersecurity. Now, agentic AI is taking center stage. Based on pre-programmed plans and objectives, agentic AI can make choices which optimize results without a need for developer intervention. As agentic AI can be programmed for various tasks, AI agents are set to create a labor revolution, from manufacturing to customer service. However, this comes at a cost, as they can also be programmed to conduct … More

The post AI vs AI: How cybersecurity pros can use criminals’ tools against them appeared first on Help Net Security.

"

Autosummary: Weighing up the good and bad While cybersecurity experts acknowledge the dangers of agentic AI, there is plenty of room for the technology to be developed for good, as we can already see in AI-powered tools for cybersecurity and intelligence gathering. Eventually, AI agents will neutralize social engineering attacks by removing their human link, just like with Daisy, the sweet old AI timewaster. "


M&S says customer data stolen in cyberattack, forces password resets

ciber
2025-05-13 https://www.bleepingcomputer.com/news/security/mands-says-customer-data-stolen-in-cyberattack-forces-password-resets/
Marks and Spencer (M&S) confirms that customer data was stolen in a cyberattack last month, when ransomware was used to encrypt servers. [...] "

Autosummary: "


Layoffs pose a cybersecurity risk: Here’s why offboarding matters

ciber
2025-05-12 https://www.helpnetsecurity.com/2025/05/12/offboarding-employees-security-risks/

In this Help Net Security video, Chase Doelling, Principal Strategist at JumpCloud, discusses the overlooked security risks associated with improper offboarding. Though many organizations focus on securely onboarding new employees, they often overlook the security risks associated with properly offboarding workers, especially when offboarding happens in mass and unexpectedly. The process of offboarding can be complex and urgent, often requiring IT teams to act quickly to deactivate access. However, many security teams are already stretched … More

The post Layoffs pose a cybersecurity risk: Here’s why offboarding matters appeared first on Help Net Security.

"

Autosummary: "


How to give better cybersecurity presentations (without sounding like a robot)

ciber
2025-05-12 https://www.helpnetsecurity.com/2025/05/12/how-to-give-better-cybersecurity-presentations/

Most people think great presenters are born with natural talent. Luka Krejci, a presentation expert, disagrees. “They are called presentation skills. Skills, not talent,” he says. “Any skill, be it dancing, football, or presenting, can be developed only if you commit and practice.” So, the first step is obvious: Quit avoiding presentations. The more you do them, the better you’ll get. Content first, delivery second We tend to focus on the performance side of presenting: … More

The post How to give better cybersecurity presentations (without sounding like a robot) appeared first on Help Net Security.

"

Autosummary: “Even super technical people enjoy everyday language, stories, examples, metaphors, or even humor,” he says.“Any skill, be it dancing, football, or presenting, can be developed only if you commit and practice.” “We usually start our presentations by introducing ourselves, the topic, and the agenda,” Krejci notes. Content first, delivery second We tend to focus on the performance side of presenting: body language, tone, gestures. "


Resecurity One simplifies cybersecurity operations

ciber
2025-05-12 https://www.helpnetsecurity.com/2025/05/12/resecurity-one/

Resecurity launched Resecurity One, the next-generation cybersecurity platform designed to improve how organizations approach cybersecurity. Resecurity One combines Digital Risk Management, Cyber Threat Intelligence, Endpoint Protection, Identity Protection, Supply Chain Risk Monitoring, and xDR capabilities into a unified solution, providing comprehensive protection against evolving cyber threats. Resecurity One is a breakthrough in cybersecurity technology that addresses the challenges faced by organizations of all sizes in managing multiple cybersecurity products. By integrating various cybersecurity functionalities into … More

The post Resecurity One simplifies cybersecurity operations appeared first on Help Net Security.

"

Autosummary: Resecurity One combines Digital Risk Management, Cyber Threat Intelligence, Endpoint Protection, Identity Protection, Supply Chain Risk Monitoring, and xDR capabilities into a unified solution, providing comprehensive protection against evolving cyber threats. Benefits of Resecurity One platform Resecurity One, as a Platform as a Service (PaaS), brings several key advantages to organizations: Reduced fragmentation: By integrating multiple cybersecurity functions into a single platform, Resecurity One eliminates the need for disparate security tools, thereby reducing complexity and enhancing operational efficiency. "


How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)

ciber
2025-05-12 https://www.welivesecurity.com/en/videos/online-disinformation-unlocked-403-cybersecurity-podcast-s2e2/
Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world. "

Autosummary: "


Operation Moonlander dismantled the botnet behind Anyproxy and 5socks cybercriminals services

ciber
2025-05-10 https://securityaffairs.com/177664/malware/operation-moonlander-dismantled-the-botnet-behind-anyproxy-and-5socks-cybercriminals-services.html
Law enforcement dismantled a 20-year botnet behind Anyproxy and 5socks cybercriminals services and arrested four suspects. Authorities dismantled a 20-year-old botnet tied to Anyproxy and 5socks as part of an international operation codenamed “Operation Moonlander”; four men, including three Russians, were indicted for running the illegal proxy networks. The U.S. Justice Department charged Russian nationals, […] "

Autosummary: The U.S. Justice Department charged Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich Morozov, 41, Aleksandr Aleksandrovich Shishkin, 36, and Dmitriy Rubtsov, 38, a Kazakhstani national, with Conspiracy and Damage to Protected Computers for conspiring with others to maintain, operate, and profit from Anyproxy and 5socks services.The system checks deny-lists to avoid detection, but open access allows customers to carry out a broad range of malicious activities like ad fraud, DDoS, brute force attacks, and data exploitation. "


Ascension reveals personal data of 437,329 patients exposed in cyberattack

ciber
2025-05-10 https://securityaffairs.com/177676/data-breach/ascension-reveals-personal-data-of-437329-patients-exposed-in-cyberattack.html
A data breach at Ascension, caused by a former partner’s compromise, exposed the health information of over 430,000 patients. Ascension is one of the largest private healthcare systems in the United States, ranking second in the United States by the number of hospitals as of 2019. At the end of April, the company notified patients that their personal and health information […] "

Autosummary: Ascension reveals personal data of 437,329 patients exposed in cyberattack Pierluigi Paganini May 10, 2025 May 10, 2025 A data breach at Ascension, caused by a former partner’s compromise, exposed the health information of over 430,000 patients. "


Cybercriminal services target end-of-life routers, FBI warns

ciber
2025-05-09 https://securityaffairs.com/177648/cyber-crime/malware-targets-end-of-life-routers.html
The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks. The FBI released a FLASH alert warning about 5Socks and Anyproxy malicious services targeting end-of-life (EOL) routers. Attackers target EoL devices to deploy malware by exploiting vulnerabilities and create botnets for attacks […] "

Autosummary: Vulnerable models include: E1200 E2500 E1000 E4200 E1500 E300 E3200 WRT320N E1550 WRT610N E100 M10 WRT310N The FBI published indicators of compromise (IoCs) associated with attacks targeting end-of-life routers and mitigations: “The FBI recommends users identify if any of the devices vulnerable to compromise are part of their networking infrastructure. "


Global cybersecurity readiness remains critically low

ciber
2025-05-08 https://www.helpnetsecurity.com/2025/05/08/cybersecurity-readiness-level-across-organizations/

Only 4% of organizations worldwide have achieved the ‘mature’ level of readiness required to withstand cybersecurity threats, according to Cisco’s 2025 Cybersecurity Readiness Index. This is a slight increase from last year’s index, in which 3% of organizations worldwide were designated as mature. This demonstrates that despite a slight improvement from last year, global cybersecurity preparedness remains low as hyperconnectivity and AI introduce new complexities for security practitioners. AI is changing the threat landscape AI … More

The post Global cybersecurity readiness remains critically low appeared first on Help Net Security.

"

Autosummary: Investment priorities shift While 96% of organizations plan to upgrade their IT infrastructure, only 45% allocate more than 10% of their IT budget to cybersecurity (down 8% year-over-year), emphasizing a critical need for more focused investment in comprehensive defense strategies, which is incredibly important as threats are not slowing. "


How agentic AI and non-human identities are transforming cybersecurity

ciber
2025-05-08 https://www.helpnetsecurity.com/2025/05/08/non-human-identities-agentic-ai-cybersecurity/

Within the average enterprise, non-human identities (NHIs) now outnumber employees, contractors, and customers by anything between 10-to-1 and 92-to-1. Add to this the fragmentation of human identity management resulting from authorizing a single person’s access to multiple on-premises, cloud computing and hybrid environments, and enterprise identity and access management (IAM) becomes extremely challenging. Trust no-one The concept of applying zero-trust policies to reduce the risk of unauthorized access to corporate IT environments has been promoted … More

The post How agentic AI and non-human identities are transforming cybersecurity appeared first on Help Net Security.

"

Autosummary: Managing NHIs and identity sprawl with AI Identity, governance and administration (IGA) technology augmented with AI can continuously analyze each individual’s and NHI’s access, and dynamically adapt access according to that person, or entity’s behavior.Analyzing an entire enterprise ecosystem to understand who’s using what, when, and where, and then using machine learning and AI to modify and adapt policies and governance, could result in automated, cyclical improvement processes.Within the average enterprise, non-human identities (NHIs) now outnumber employees, contractors, and customers by anything between 10-to-1 and 92-to-1. "


Education giant Pearson hit by cyberattack exposing customer data

ciber
2025-05-08 https://www.bleepingcomputer.com/news/security/education-giant-pearson-hit-by-cyberattack-exposing-customer-data/
Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. [...] "

Autosummary: However, when BleepingComputer asked Pearson about whether they paid a ransom, what they meant by "legacy data," how many customers were impacted, and if customers would be notified, the company responded that they would not be commenting on these questions. "


Medical device maker Masimo warns of cyberattack, manufacturing delays

industry ciber
2025-05-07 https://www.bleepingcomputer.com/news/security/medical-device-maker-masimo-warns-of-cyberattack-manufacturing-delays/
Medical device company Masimo Corporation warns that a cyberattack is impacting production operations and causing delays in fulfilling customers" orders. [...] "

Autosummary: "


Cybersecurity jobs available right now: May 6, 2025

ciber
2025-05-06 https://www.helpnetsecurity.com/2025/05/06/cybersecurity-jobs-available-right-now-may-6-2025/

Application Security Specialist Signify | Netherlands | On-site – View job details As an Application Security Specialist, you will define and deploy the application security strategy for security improvements to be in pair with the industry and its benchmarks. Coordinate and perform security and vulnerability assessments, code reviews, pen tests and verifications, and drives remediation. Identify, assess, and manage risks to meet the security needs of the organization. CloudOps – Security TeKnowledge | UAE | … More

The post Cybersecurity jobs available right now: May 6, 2025 appeared first on Help Net Security.

"

Autosummary: Insider Threat Management Analyst Marsh McLennan | Ireland | Hybrid – View job details As an Insider Threat Management Analyst, you will design, build, test, deploy, maintain, troubleshoot, and document the MMC Insider Threat tools, functions, processes, and documentation. IT Security Operations Analyst Oldendorff Carriers | UAE | On-site – View job details As an IT Security Operations Analyst, you will investigate and analyse security events, alerts, and logs, anomalous and misuse activities to identify potential security breaches, determine the root cause, scope of impact, and extent of compromise and take appropriate actions to mitigate them and document findings to support incident response and remediation efforts. Security Developer Metrea | United Kingdom | Hybrid – View job details As a Security Developer, your responsibilities will be focused on cybersecurity analytics development, testing of configuration and configuration management, software security and risk assessment, customized configuration polices, profiles, and system features, and the development of security dashboards and reports. Principal Engineer, Cyber Security SPH Media | Singapore | On-site – View job details As a Principal Engineer, Cyber Security, you will develop, implement, and maintain secure architectures for on-premises, hybrid, and cloud-based environments. Senior Security Engineer Final | Israel | On-site – View job details As a Senior Security Engineer, you will design, deploy, and operate technologies to detect, prevent, and analyze security threats in a diverse and complex environment, encompassing both public cloud and on-premises systems. Offensive Security Team Lead JFrog | Israel | On-site – View job details As an Offensive Security Team Lead, you will lead, plan, design, and execute Red Team operations, threat modeling, and adversarial simulations against JFrog’s infrastructure and cloud environments. "


How cybercriminals exploit psychological triggers in social engineering attacks

exploits ciber
2025-05-06 https://www.helpnetsecurity.com/2025/05/06/social-engineering-human-behavior/

Most attacks don’t start with malware; they begin with a message that seems completely normal, whether it comes through email, a phone call, or a chat, and that is exactly what makes them so effective. These threats rely on psychological manipulation to bypass people, not firewalls. Pressure is applied, authority is faked, and communication is mimicked. Social engineering threats account for most cyberthreats faced by individuals in 2024, according to Avast. Some people are easier … More

The post How cybercriminals exploit psychological triggers in social engineering attacks appeared first on Help Net Security.

"

Autosummary: Mimicking friends, coworkers, trusted emails, websites, or messages makes attempts seem more legitimate, making it harder to recognize when something is a scam. “With a physical intrusion, so many factors come into play—time of day, location, the security in place, and the people trusted to maintain it.Most attacks don’t start with malware; they begin with a message that seems completely normal, whether it comes through email, a phone call, or a chat, and that is exactly what makes them so effective. "


UK Legal Aid Agency investigates cybersecurity incident

ciber
2025-05-06 https://www.bleepingcomputer.com/news/security/uk-legal-aid-agency-investigates-cybersecurity-incident/
The Legal Aid Agency (LAA), an executive agency of the UK"s Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information. [...] "

Autosummary: " On Friday, May 1st, Harrods confirmed that it restricted internet access to sites after threat actors also tried to breach its network, suggesting an active response to a cyberattack, although a breach has yet to be confirmed. "


How CISOs can talk cybersecurity so it makes sense to executives

ciber
2025-05-05 https://www.helpnetsecurity.com/2025/05/05/ciso-talk-cybersecurity-executives/

CISOs know cyber risk is business risk. Boards don’t always see it that way.​ For years, CISOs have struggled to get boards to understand security beyond buzzwords. Many feel they’re either ignored or misunderstood. But with threats growing and regulations tightening, that’s changing. Boards now expect CISOs to speak their language: risk, dollars, impact.​ Here’s how security leaders can get through, with real-world tips on making cybersecurity resonate in the boardroom. Translate risk into dollars … More

The post How CISOs can talk cybersecurity so it makes sense to executives appeared first on Help Net Security.

"

Autosummary: “I start by estimating three things: how often something bad might happen, how much it could cost, and what the business impact could be in terms of brand, sales, or market share,” he explains.They are also more likely to be given the ability to pursue use cases for generative AI, such as creating threat detection rules, analyzing data sources, incident response and forensic investigations, and proactive threat hunting, according to recent Splunk research. Tie security to business goals To align cybersecurity with business goals, CISOs must understand the company’s core mission and identify where security intersects with that mission “An example of this is creating a talk track on how cybersecurity protects revenue and growth,” said Turgal. Rather than talking about malware variants or attack vectors, Turgal presents scenarios such as: “The risk of a ransomware attack this year is 5 percent, and if it happens, the average loss would be $4.5 million.”Boards now expect CISOs to speak their language: risk, dollars, impact.​ Here’s how security leaders can get through, with real-world tips on making cybersecurity resonate in the boardroom. "


UK shares security tips after major retail cyberattacks

ciber
2025-05-05 https://www.bleepingcomputer.com/news/security/uk-shares-security-tips-after-major-retail-cyberattacks/
Following three high-profile cyberattacks impacting major UK retailers, the country"s National Cyber Security Centre (NCSC) has published guidance that all companies are advised to follow to strengthen their cybersecurity defenses. [...] "

Autosummary: " However, BleepingComputer has learned that both the M&S and Co-op attacks have been attributed to hackers utilizing tactics commonly associated with Scattered Spider, Lapsus$, and other threat actors who frequent the same Telegram channels, Discord servers, and hacking forums. "


DragonForce group claims the theft of data after Co-op cyberattack

ciber
2025-05-03 https://securityaffairs.com/177376/cyber-crime/dragonforce-group-claims-the-theft-of-data-after-co-op-cyberattack.html
Hackers claim Co-op cyberattack is worse than admitted, with major customer and employee data stolen, and provide proof to the BBC. The attackers behind the recent Co-op cyberattack, who go online with the name DragonForce, told the BBC that they had stolen data from the British retail and provided proof of the data breach. Hackers […] "

Autosummary: “This data includes Co-op Group members’ personal data such as names and contact details, and did not include members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group,” a spokesperson told BBC. "


AI and automation shift the cybersecurity balance toward attackers

ciber
2025-05-02 https://www.helpnetsecurity.com/2025/05/02/threat-actors-automation-cybersecurity/

Threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders, according to Fortinet.

The post AI and automation shift the cybersecurity balance toward attackers appeared first on Help Net Security.

"

Autosummary: In addition to zero-day vulnerabilities circulating on the darknet, initial access brokers are increasingly offering corporate credentials (20%), RDP access (19%), admin panels (13%), and web shells (12%). "


Phone theft is turning into a serious cybersecurity risk

ciber
2025-05-02 https://www.helpnetsecurity.com/2025/05/02/phone-theft-cybersecurity-threat/

Phone theft is a rising issue worldwide, and it’s more than just a property crime. It’s a serious cybersecurity threat. In the UK alone, the Metropolitan Police seizes 1,000 phones each week. Stolen phones don’t just go to local black markets. They often get funneled into larger criminal operations. For example, stolen phones can be used to bypass security features or be reprogrammed and resold. In 2024, Europol uncovered a massive phishing network that affected … More

The post Phone theft is turning into a serious cybersecurity risk appeared first on Help Net Security.

"

Autosummary: In cities like Shenzhen, known as the “Silicon Valley of China,” stolen phones are trafficked to tech companies or underground operations, where they are either dismantled for parts or resold after being tampered with. For laptops, typical steps include promptly reporting the theft, remotely locking or wiping the device, and revoking access to company systems. Mobile device security risks According to Verizon’s 2024 Mobile Security Index, 80% of organizations consider mobile devices critical to their operations.Ensure personal devices connecting to company systems are secure (encrypted, updated OS, etc.). "


Luxury department store Harrods suffered a cyberattack

ciber
2025-05-02 https://securityaffairs.com/177330/cyber-crime/luxury-department-store-harrods-suffered-a-cyberattack.html
Harrods confirmed a cyberattack, following similar incidents suffered by M&S and Co-op, making it the third major UK retailer targeted in one week. Luxury department store Harrods confirmed a cyberattack, threat actors attempted to gain unauthorised access to some of its systems. “We recently experienced attempts to gain unauthorised access to some of our systems.” […] "

Autosummary: "


UK NCSC: Cyberattacks impacting UK retailers are a wake-up call

ciber
2025-05-02 https://www.bleepingcomputer.com/news/security/uk-ncsc-cyberattacks-impacting-uk-retailers-are-a-wake-up-call/
The United Kingdom"s National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a "wake-up call." [...] "

Autosummary: Other high-profile attacks linked to Scattered Spider include those on MGM Resorts, Caesars, MailChimp, Twilio, DoorDash, Coinbase, Riot Games, and Reddit. "


Hottest cybersecurity open-source tools of the month: April 2025

ciber
2025-05-01 https://www.helpnetsecurity.com/2025/05/01/hottest-cybersecurity-open-source-tools-of-the-month-april-2025/

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. GoSearch: Open-source OSINT tool for uncovering digital footprints GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track someone’s online presence across multiple platforms. Hawk Eye: Open-source scanner uncovers secrets and PII across platforms Hawk Eye is an open-source tool that helps … More

The post Hottest cybersecurity open-source tools of the month: April 2025 appeared first on Help Net Security.

"

Autosummary: "


The 3 biggest cybersecurity threats to small businesses

ciber
2025-05-01 https://www.malwarebytes.com/blog/news/2025/05/the-3-biggest-cybersecurity-threats-to-small-businesses
These 3 cybersecurity threats may not be the most sophisticated, but they"re the most effective—and serious—threats for small businesses. "

Autosummary: How to protect your business: Use unique, strong passwords for each online account and store and create these passwords using a password manager Enable “multifactor authentication” on all important business accounts so that hackers who steal passwords cannot access accounts with only usernames and passwords Do not click on links from unknown senders If you’re asked for login information through an email or online message, do not input your login info in the email or through whatever link you’re directed towards. How to protect your business: Use unique, strong passwords for each account and store and create these passwords using a password manager Enable “multifactor authentication” on all important business accounts so that hackers who steal passwords cannot access accounts with only usernames and passwords Avoid phishing attacks by refusing to click on links from unknown senders Do not download any attachments from unknown senders or from unexpected emails. Modern gangs operate on a “Ransomware-as-a-Service” model, where ransomware developers lease out their malicious software to “affiliates” who, if successful in launching an attack, return a small portion of their ill-gotten gains back to the ransomware developers at the top. "


Harrods the next UK retailer targeted in a cyberattack

ciber
2025-05-01 https://www.bleepingcomputer.com/news/security/harrods-the-next-uk-retailer-targeted-in-a-cyberattack/
London"s iconic department store, Harrods, has confirmed it was targeted in a cyberattack, becoming the third major UK retailer to report cyberattacks in a week following incidents at M&S and the Co-op. [...] "

Autosummary: M&S and Co-op also hit by cyberattacks Last week, Marks and Spencer confirmed it had suffered a cyberattack that led to disruption of its online ordering systems, contactless payments, and Click & Collect service. "


Canadian electric utility Nova Scotia Power and parent company Emera suffered a cyberattack

ciber
2025-05-01 https://securityaffairs.com/177281/hacking/canadian-electric-utility-nova-scotia-power-and-parent-company-emera-suffered-a-cyberattack.html
Canadian electric utility Nova Scotia Power and parent company Emera are facing a cyberattack that disrupted their IT systems and networks. Nova Scotia Power Inc. is a vertically integrated electric utility serving the province of Nova Scotia, Canada. Headquartered in Halifax, it is a subsidiary of Emera Inc. The company provides electricity to over 500,000 […] "

Autosummary: Its operations encompass generation, transmission, and distribution of electricity, utilizing a diverse mix of energy sources including coal, natural gas, hydroelectric, wind, tidal, oil, and biomass. "


France ties Russian APT28 hackers to 12 cyberattacks on French orgs

rusia-ucrania ciber
2025-04-29 https://www.bleepingcomputer.com/news/security/france-ties-russian-apt28-hackers-to-12-cyberattacks-on-french-orgs/
Today, the French foreign ministry blamed the APT28 hacking group linked to Russia"s military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. [...] "

Autosummary: " According to NATO, these recent incidents include "sabotage, acts of violence, cyber and electronic interference, disinformation campaigns, and other hybrid operations" that have impacted Czechia, Estonia, Germany, Latvia, Lithuania, Poland, as well as the United Kingdom. "


SK Telecom cyberattack: Free SIM replacements for 25 million customers

ciber Telcos
2025-04-29 https://www.bleepingcomputer.com/news/security/sk-telecom-cyberattack-free-sim-replacements-for-25-million-customers/
South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May. [...] "

Autosummary: "


CEO of cybersecurity firm charged with installing malware on hospital systems

exploits ciber
2025-04-26 https://securityaffairs.com/177020/cyber-crime/ceo-of-cybersecurity-firm-charged-with-installing-malware-on-hospital-systems.html
Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma’s Computer Crimes Act. Jeffrey Bowie, CEO of the cybersecurity firm Veritaco, is facing two counts of violating Oklahoma’s Computer Crimes Act for allegedly infecting employee computers at the Oklahoma City St. Anthony Hospital. The man is accused of having installed […] "

Autosummary: The hospital offers a wide range of services, including cardiology, oncology, neurology, behavioral medicine, surgery, and kidney transplantation. "


13 core principles to strengthen AI cybersecurity

ciber
2025-04-25 https://www.helpnetsecurity.com/2025/04/25/etsi-ts-104-223-securing-ai/

The new ETSI TS 104 223 specification for securing AI provides reliable and actionable cybersecurity guidance aimed at protecting end users. Adopting a whole-lifecycle approach, the framework outlines 13 core principles that expand into 72 detailed, trackable principles across five key phases of the AI lifecycle, all designed to enhance the overall security of AI systems. The specification details transparent, high-level principles and provisions for securing AI. It provides stakeholders in the AI supply chain—from … More

The post 13 core principles to strengthen AI cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Marks & Spencer pauses online orders after cyberattack

ciber
2025-04-25 https://www.bleepingcomputer.com/news/security/marks-and-spencer-pauses-online-orders-after-cyberattack/
British retailer giant Marks & Spencer (M&S) has suspended online orders while working to recover from a recently disclosed cyberattack. [...] "

Autosummary: The multinational retailer operates over 1,400 stores, employs 64,000 employees globally, and sells various products, including clothing, food, and home goods. "


Mobile provider MTN says cyberattack compromised customer data

ciber
2025-04-25 https://www.bleepingcomputer.com/news/security/mobile-provider-mtn-says-cyberattack-compromised-customer-data/
African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries. [...] "

Autosummary: Never share passwords, PINs, or OTPs via phone, text, or email. "


Review: Artificial Intelligence for Cybersecurity

ciber
2025-04-24 https://www.helpnetsecurity.com/2025/04/24/review-artificial-intelligence-for-cybersecurity/

Artificial Intelligence for Cybersecurity is a practical guide to how AI and machine learning are changing the way we defend digital systems. The book aims to explain how AI can help solve real cybersecurity problems. It does that well, but it’s not for everyone. About the authors Bojan Kolosnjaji is a principal engineer and researcher specializing in AI-driven anomaly detection and large-scale cybersecurity analytics, with a PhD from TUM. Xiao Huang is a Stanford visiting … More

The post Review: Artificial Intelligence for Cybersecurity appeared first on Help Net Security.

"

Autosummary: At the same time, they do a good job warning readers about the risks: bias, hallucinations, bad data, and unrealistic expectations. "


Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

financial ciber
2025-04-24 https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes," Netcraft said in a fresh report shared with The Hacker News. "

Autosummary: "


When confusion becomes a weapon: How cybercriminals exploit economic turmoil

exploits ciber
2025-04-23 https://www.helpnetsecurity.com/2025/04/23/economic-uncertainty-cybersecurity/

It begins with a simple notification: “Markets in Free Fall.” Within moments, the headlines multiply: new tariffs, emergency actions, plummeting consumer confidence. Across boardrooms and break rooms, anxiety ripples at every level. People begin refreshing inboxes and apps for guidance from leadership teams, advisors, and experts. Right there, buried among legitimate memos and updates, the attacker slips in. A fake social media message. A bogus government alert. An urgent vendor notification that looks just convincing … More

The post When confusion becomes a weapon: How cybercriminals exploit economic turmoil appeared first on Help Net Security.

"

Autosummary: Threat actors impersonate officials, executives, and advisors, knowing that all they need is the illusion of authority in a moment of uncertainty.Within moments, the headlines multiply: new tariffs, emergency actions, plummeting consumer confidence. Defending effectively means thinking tactically, staying adaptive, and treating clarity as a strategic asset. "


Cybersecurity jobs available right now: April 23, 2025

ciber
2025-04-23 https://www.helpnetsecurity.com/2025/04/23/cybersecurity-jobs-available-right-now-april-23-2025/

Application Security Analyst Greenway Health | India | Remote – View job details As an Application Security Analyst, you will conduct regular security assessments of applications, including static and dynamic analysis, to identify vulnerabilities in code, configurations, and third-party dependencies. Ensure application security practices comply with healthcare regulations and industry standards. Manage and configure vulnerability scanning and security testing tools to maximize coverage and efficiency. Application Security Engineer ControlUp | Israel | Hybrid – View … More

The post Cybersecurity jobs available right now: April 23, 2025 appeared first on Help Net Security.

"

Autosummary: Establish, implement, and monitor policies, standards, systems, and controls to ensure appropriate confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, managed, and processed by the organization. Penetration Tester PwC | Italy | Hybrid – View job details As a Penetration Tester, you will be looking for security vulnerabilities on web applications, infrastructure systems, network equipment, Wi-Fi systems, mobile applications, API, etc.Provide review and consultation to risk initiatives, events, incidents, controls and applied risk mitigation strategies Senior Incident Response Coordinator Northwave Cyber Security | Germany | On-site – View job details As a Senior Incident Response Coordinator, you will oversee the execution of incident response plans, manage resources, and guide teams through the lifecycle of cybersecurity incidents. Cyber Security Specialist Hisense | Slovenia | On-site – View job details As a Cyber Security Specialist, you will be responsible for the implementation, configuration, management, and maintenance of cybersecurity systems, as well as the optimization of existing systems. "


Chinese Cybercriminals Released Z-NFC Tool for Payment Fraud

ciber
2025-04-23 https://securityaffairs.com/176829/cyber-crime/chinese-cybercriminals-released-z-nfc-tool-for-payment-fraud.html
Cybercriminals leverage NFC fraud against ATMs and POS terminals, stealing money from consumers at scale. Resecurity (USA) investigated multiple incidents identified in Q1 2025, exceeding several million dollars in damages for one of the top Fortune 100 financial institutions in the United States due to NFC fraud. Stopping cybercriminals operating from China presents significant challenges […] "

Autosummary: In one such instance, cybercriminals specifically focused on fraud automation against Barclays, Bank of Scotland, Lloyds Banking Group, Halifax, HSBC, Santander, Wise and Revolut. "


Abilene city, Texas, takes systems offline following a cyberattack

government ciber
2025-04-22 https://securityaffairs.com/176793/hacking/abilene-city-texas-takes-systems-offline-following-a-cyberattack.html
Abilene, Texas, shut down systems after a cyberattack caused server issues. IT staff and experts are investigating the security incident. Abilene, Texas, shut down systems after a cyberattack caused server issues. The incident occurred on April 18, 2025, emergency services remained operational, and no financial irregularities were found. “On April 18, 2025, City officials received […] "

Autosummary: Abilene city, Texas, takes systems offline following a cyberattack Pierluigi Paganini April 22, 2025 April 22, 2025 Abilene, Texas, shut down systems after a cyberattack caused server issues. "


Marks & Spencer confirms a cyberattack as customers face delayed orders

ciber
2025-04-22 https://www.bleepingcomputer.com/news/security/marks-and-spencer-confirms-a-cyberattack-as-customers-face-delayed-orders/
Marks & Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days that has impacted operations, including its Click and Collect service. [...] "

Autosummary: While M&S stores, its website, and its app remain operational, the company says that the cyberattack has caused some disruption to its operations. "


Cybercriminals blend AI and social engineering to bypass detection

ciber
2025-04-21 https://www.helpnetsecurity.com/2025/04/21/adversaries-cybercrime-techniques/

Attackers are focusing more on stealing identities. Because of this, companies need to use zero trust principles. They should also verify user identities more carefully, says DirectDefense. Researchers analyzed thousands of alerts, mapping them to the MITRE ATT&CK framework, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Top five attack tactics Initial access: Initial access remains the most frequently-observed adversarial tactic, representing more than 27% of escalated alerts. In 2024, … More

The post Cybercriminals blend AI and social engineering to bypass detection appeared first on Help Net Security.

"

Autosummary: AI has allowed attackers to bypass all the usual red flags you’re taught to look for, like grammatical errors, misspelled words, non-regional speech or writing, and a lack of context to your organization. “Attackers have honed their techniques to become faster and more powerful against a company’s defenses; conversely, security solutions are less able to withstand attacks on their own and need constant monitoring and tuning,” said Jim Broome, President and CTO for DirectDefense. "


7 Steps to Take After a Credential-Based cyberattack

ciber
2025-04-18 https://www.bleepingcomputer.com/news/security/7-steps-to-take-after-a-credential-based-cyberattack/
Hackers don"t break in—they log in. Credential-based attacks now fuel nearly half of all breaches. Learn how to scan your Active Directory for compromised passwords and stop attackers before they strike. [...] "

Autosummary: Here’s what makes organizations prime targets: Weak password policies create an open invitation for attackers to easily guess or crack credentials through automated tools and common password lists Failure to implement multi-factor authentication leaves even the strongest passwords vulnerable to theft Inadequate security training makes employees more vulnerable to phishing emails, social engineering tactics, and other attacks Poor network segmentation gives hackers open access once they breach a single endpoint Insufficient monitoring lets attackers operate undetected for days, weeks, or even months inside your critical systems Employee password reuse amplifies the impact of any breach, as a single stolen credential can unlock multiple systems across personal and corporate environments. Why credential-based attacks are hackers" preferred method Cybercriminals favor credential-based attacks for several reasons: They’re easy to execute: Credential-based attacks are relatively simple to deploy compared to more complex zero-day exploits.By implementing multi-factor authentication, enforcing strong password policies, training your staff regularly, auditing you Active Directory frequently and properly segmenting your network, you’ll reduce your organization"s vulnerability.With this in mind, give all relevant stakeholders clear, factual updates, including senior management, legal teams, and affected users. "


Strategic AI readiness for cybersecurity: From hype to reality

ciber
2025-04-16 https://www.helpnetsecurity.com/2025/04/16/ai-readiness-framework/

AI readiness in cybersecurity involves more than just possessing the latest tools and technologies; it is a strategic necessity. Many companies could encounter serious repercussions, such as increased volumes of advanced cyber threats, if they fail to exploit AI due to a lack of clear objectives, inadequate data readiness or misalignment with business priorities. Foundational concepts are vital for constructing a robust AI-readiness framework for cybersecurity. These concepts encompass the organization’s technology, data, security, governance … More

The post Strategic AI readiness for cybersecurity: From hype to reality appeared first on Help Net Security.

"

Autosummary: Action: Organizations must efficiently deploy an LLMOps pipeline integrated with AIOps to create a self-learning security ecosystem that supports continuous integration, model training and fine-tuning, model deployment and delivery, model retraining, and evaluation based on new threat intelligence.By addressing these issues, organizations can unlock AI’s potential to provide real-time threat detection, proactive response and adaptive defenses, ensuring that cybersecurity stays ahead of increasingly complex and frequent threats. Strong foundations and constant scrutiny AI readiness is about creating a holistic approach where organizations integrate data readiness, governance, ethical considerations, and collaboration into their AI strategy. "


U.S. Govt. Funding for MITRE"s CVE Ends April 16, Cybersecurity Community on Alert

ciber
2025-04-16 https://thehackernews.com/2025/04/us-govt-funding-for-mitres-cve-ends.html
The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosystem. The 25-year-old CVE program is a valuable tool for vulnerability management, offering a de facto standard to "

Autosummary: " "If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure," Barsoum noted in a letter sent to CVE Board Members. "


Cybercriminal groups embrace corporate structures to scale, sustain operations

ciber
2025-04-15 https://www.helpnetsecurity.com/2025/04/15/sandy-kronenberg-netarx-cybercriminal-groups-corporate-structures/

In this Help Net Security interview, Sandy Kronenberg, CEO of Netarx, discusses how cybercriminal groups are adopting corporate structures and employee incentives to scale operations, retain talent, and evade detection. He covers the strategic collaborations behind major attacks, business-like parallels, and the implications of these shifts as these groups grow more sophisticated. What motivates cybercriminal groups to adopt mainstream corporate structures and employee incentives, and what impact does this have on recruitment and retention? Loose, … More

The post Cybercriminal groups embrace corporate structures to scale, sustain operations appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Sandy Kronenberg, CEO of Netarx, discusses how cybercriminal groups are adopting corporate structures and employee incentives to scale operations, retain talent, and evade detection.Furthermore, it is reported that their team is given access to tools, training, vacation and sick-time, and health benefits, similar to employees at traditional corporations.These groups often start with an ideology that is politically motivated, but after some success, members often want financial gain, causing fractures, schisms, or name changes. "


Chief Legal Officers step up in cybersecurity oversight

ciber
2025-04-15 https://www.helpnetsecurity.com/2025/04/15/chief-legal-officers-cybersecurity-video/

In this Help Net Security video, Jennifer Chen, Executive Director of the Association of Corporate Counsel (ACC) Foundation, discusses how globally, Chief Legal Officers (CLOs) are becoming integral leaders in cybersecurity strategy, holding leadership positions, and frequently reporting cybersecurity strategies to the company board. According to the ACC Foundation, the findings highlight a significant shift in how cybersecurity is viewed through a legal and governance lens. Key findings include: Half of CLOs (50%) are part … More

The post Chief Legal Officers step up in cybersecurity oversight appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity jobs available right now: April 15, 2025

ciber
2025-04-15 https://www.helpnetsecurity.com/2025/04/15/cybersecurity-jobs-available-right-now-april-15-2025/

CISO Department of Justice | Australia | On-site – View job details As a CISO, you will be responsible for developing and implementing a cyber security strategy as well as establishing and maintaining the organisation’s strategic enterprise-wide information and cyber security management program. Cloud Security Architect Kinaxis | Canada | Remote – View job details As a Cloud Security Architect, you will design secure patterns for workloads deployed on Infrastructure-as-a-Service, Platform-as- a-Service and Software-as-a-Service environments, … More

The post Cybersecurity jobs available right now: April 15, 2025 appeared first on Help Net Security.

"

Autosummary: VP, Security Clio | Canada | Hybrid – View job details As a VP, Security, you will design, implement, and mature an enterprise-level risk management framework, including supporting policies, procedures, and standards. Senior Consultant Cyber Cloud Security Deloitte | Germany | On-site – View job details As a Senior Consultant Cyber Cloud Security, you will design cloud architectures, solutions, and processes for secure landing zones, cloud authentication, cloud security incident and risk management, et al. Cloud Security Architect Kinaxis | Canada | Remote – View job details As a Cloud Security Architect, you will design secure patterns for workloads deployed on Infrastructure-as-a-Service, Platform-as- a-Service and Software-as-a-Service environments, as well as hybrid architecture patterns, which may tightly integrate to other public clouds or on-premises systems. Cyber Security Engineer Berkeley Lab | USA | On-site – View job details As a Cyber Security Engineer, you will perform security duties including monitoring for potential threats, proactively examining network traffic and log data, investigating anomalous activity, forensic analysis, and resolution of security incidents. "


South African telecom provider Cell C disclosed a data breach following a cyberattack

financial ciber Telcos
2025-04-14 https://securityaffairs.com/176509/data-breach/south-african-telecom-provider-cell-c-disclosed-a-data-breach.html
Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Cell C is the fourth-largest mobile network operator in South Africa, ,after Vodacom, MTN, and Telkom. The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and […] "

Autosummary: Compromised data includes full names, contact details, ID numbers, banking information, driver’s license numbers, medical records and passport details.South African telecom provider Cell C disclosed a data breach following a cyberattack Pierluigi Paganini April 14, 2025 April 14, 2025 Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. "


Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind

ciber
2025-04-14 https://thehackernews.com/2025/04/cybersecurity-in-ai-era-evolve-faster.html
AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alerts, struggling to process information quickly enough to identify real threats. AI offers a way to "

Autosummary: The event will take place June 16-21, 2025, in Washington, D.C., bringing together top cybersecurity professionals for hands-on training, live labs, and expert-led discussions. "


Govtech giant Conduent confirms client data stolen in January cyberattack

ciber
2025-04-14 https://www.bleepingcomputer.com/news/security/govtech-giant-conduent-confirms-client-data-stolen-in-january-cyberattack/
American business services giant and government contractor Conduent disclosed today that client data was stolen in a January 2025 cyberattack. [...] "

Autosummary: "


Cybersecurity firm buying hacker forum accounts to spy on cybercriminals

ciber
2025-04-14 https://www.bleepingcomputer.com/news/security/cybersecurity-firm-buying-hacker-forum-accounts-to-spy-on-cybercriminals/
Swiss cybersecurity firm Prodaft has launched a new initiative called "Sell your Source" where the company purchases verified and aged accounts on hacking forums to to spy on cybercriminals. [...] "

Autosummary: "As a threat intelligence company, we specialize in obtaining visibility into the infrastructures of cybercriminals, searching for patterns, tactics, techniques, and procedures that help us understand adversarial networks and detect and mitigate potential cyberattacks," explains Prodaft. "


China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

ciber
2025-04-13 https://securityaffairs.com/176485/apt/china-admitted-its-role-in-volt-typhoon-cyberattacks-on-u-s-infrastructure.html
China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports. China reportedly admitted in a secret meeting with U.S. officials that it carried out cyberattacks on U.S. infrastructure, linked to the Volt Typhoon campaign. According to the Wall Street Journal, at a December Geneva summit, […] "

Autosummary: In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. "


Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors

rusia-ucrania ciber
2025-04-11 https://thehackernews.com/2025/04/paper-werewolf-deploys-powermodul.html
The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday. Paper Werewolf, also known "

Autosummary: Some of the other payloads dropped by PowerModul are listed below - FlashFileGrabber , which is used to steal files from removable media, such as flash drives, and exfiltrate them to the C2 server , which is used to steal files from removable media, such as flash drives, and exfiltrate them to the C2 server FlashFileGrabberOffline , a variant of FlashFileGrabber that searches removable media for files with specific extensions, and when found, copies them to the local disk within the "%TEMP%\CacheStore\connect\" folder , a variant of FlashFileGrabber that searches removable media for files with specific extensions, and when found, copies them to the local disk within the "%TEMP%\CacheStore\connect\" folder USB Worm, which is capable of infecting removable media with a copy of PowerModul PowerTaskel is functionally similar to PowerModul in that it"s also designed to run PowerShell scripts sent by the C2 server. "


Transforming cybersecurity into a strategic business enabler

ciber
2025-04-09 https://www.helpnetsecurity.com/2025/04/09/kevin-serafin-ecolab-cybersecurity-strategy-business/

In this Help Net Security interview, Kevin Serafin, CISO at Ecolab, discusses aligning security strategy with long-term business goals, building strong partnerships across the organization, and approaching third-party risk with agility. How do you define cyber risk within your organization’s overall enterprise risk framework? At Ecolab, we don’t approach cyber risk in isolation. Instead, it’s positioned as an integral component of our overall enterprise risk management framework. We define cyber risk as the potential for … More

The post Transforming cybersecurity into a strategic business enabler appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Kevin Serafin, CISO at Ecolab, discusses aligning security strategy with long-term business goals, building strong partnerships across the organization, and approaching third-party risk with agility.We define cyber risk as the potential for loss or harm related to technical infrastructure, use of technology, or management of information and, generally, we evaluate risk in a few different ways. First, we look at operational risks which includes risks that could disrupt our ability to deliver products or services including system outages, data corruption, or impact to critical infrastructure that could affect business continuity. "


Cyberattacks on water and power utilities threaten public safety

ciber
2025-04-08 https://www.helpnetsecurity.com/2025/04/08/state-of-critical-infrastructure-resilience/

62% of utility operators were targeted by cyberattacks in the past year, and of those, 80% were attacked multiple times, according to Semperis. 54% suffered permanent corruption or destruction of data and systems. (Source: Semperis) Utilities face rising cyber threats Recent high-profile cyberattacks by nation-state groups on water and electricity utilities underscore the vulnerability of critical infrastructure. A public utility in Littleton, MA, was recently compromised by a group linked to Volt Typhoon, the Chinese … More

The post Cyberattacks on water and power utilities threaten public safety appeared first on Help Net Security.

"

Autosummary: Prioritize incident response and recovery for these systems, followed by mission-critical (Tier 1) functions, business-critical (Tier 2) functions, and then all other (Tier 3) functions. "


Cybersecurity jobs available right now: April 8, 2025

ciber
2025-04-08 https://www.helpnetsecurity.com/2025/04/08/cybersecurity-jobs-available-right-now-april-8-2025/

Application Security Engineer (DevSecOps & VAPT) Derisk360 | India | On-site – View job details As an Application Security Engineer (DevSecOps & VAPT), you will integrate security into CI/CD pipelines, conduct vulnerability assessments and penetration testing, and use tools like SonarCloud and Checkmarx for secure code analysis. You will also guide developers on secure coding practices, perform code reviews, and conduct regular application security audits. Cyber and Information Security Architect Prospera Credit Union | Canada | … More

The post Cybersecurity jobs available right now: April 8, 2025 appeared first on Help Net Security.

"

Autosummary: Senior Penetration Tester Ekco | Ireland | On-site – View job details As a Senior Penetration Tester, you will conduct comprehensive penetration tests on clients’ systems across various platforms (including web applications, mobile applications, thick client applications, infrastructure, APIs, cloud platforms) to identify security vulnerabilities, weaknesses, and potential risks. Network Engineer London Luton Airport | United Kingdom | On-site – View job details As a Network Engineer, you will be responsible for designing, maintaining, and supporting the networking infrastructure in both on-premise and cloud environments, including switching, routing, encryption, security, VoIP and wireless. Manager, Cybersecurity, Global Vantage Data Centers | USA | Remote – View job details As a Manager, Cybersecurity, Global, you will develop and lead enterprise security policies, standards, and risk management frameworks to safeguard critical infrastructure. Cyber Security Engineer Chicago Housing Authority | USA | Hybrid – View job details As a Cyber Security Engineer, you will lead the design, implementation, and management of security systems, including firewalls, intrusion prevention systems, and endpoint protection. "


EncryptHub"s dual life: Cybercriminal vs Windows bug-bounty researcher

exploits ciber
2025-04-07 https://www.bleepingcomputer.com/news/security/encrypthubs-dual-life-cybercriminal-vs-windows-bug-bounty-researcher/
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. [...] "

Autosummary: "The hardest evidence was from the fact that the password files EncrypHub exfiltrated from his own system had accounts linked to both EncryptHub, like credentials to EncryptRAT, which was still in development, or his account on xss.is, and to SkorikARI, like accesses to freelance sites or his own Gmail account," explained Garcia. "


Connected cars drive into a cybersecurity crisis

ciber
2025-04-04 https://www.helpnetsecurity.com/2025/04/04/cybersecurity-risks-cars/

Technology has entered all areas of life, and our cars are no exception. They have become computers on wheels, equipped with sensors, software, and connectivity that provide safety and comfort. However, like all technological innovations, this one also brings risks, making cars vulnerable to cyberattacks. The very fact that someone can hack a vehicle and take control of it is terrifying, turning scenarios from movies into reality. Add to this the fact that software in … More

The post Connected cars drive into a cybersecurity crisis appeared first on Help Net Security.

"

Autosummary: In addition, internal vehicle networks such as the CAN bus (which connects key systems like brakes and engine control) are vulnerable to tampering, potentially allowing hackers to manipulate vehicle functions, such as speed, braking, or even disabling safety features. In the event of a security breach, things like our driving data, contacts, call logs, messages, and even location info could end up in the wrong hands. Cybersecurity risks to automotive systems Automotive systems face various cybersecurity threats, including remote hacks, physical attacks, software vulnerabilities, and malware. "


CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware

exploits government ciber
2025-04-04 https://thehackernews.com/2025/04/cert-ua-reports-cyberattacks-targeting.html
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data. The campaign, the agency said, involved the use of compromised email accounts to send phishing messages containing links pointing to legitimate "

Autosummary: "


Cybercriminals exfiltrate data in just three days

ciber
2025-04-03 https://www.helpnetsecurity.com/2025/04/03/breach-median-time/

In 56% of Sophos managed detection and response (MDR) and incident response (IR) cases, attackers gained initial access to networks by exploiting external remote services, including edge devices such as firewalls and VPNs, and by leveraging valid accounts. Compromised credentials remain the top cause of attacks The combination of external remote services and valid accounts aligns with the top root causes of attacks. For the second year in row, compromised credentials were the number one … More

The post Cybercriminals exfiltrate data in just three days appeared first on Help Net Security.

"

Autosummary: In 56% of Sophos managed detection and response (MDR) and incident response (IR) cases, attackers gained initial access to networks by exploiting external remote services, including edge devices such as firewalls and VPNs, and by leveraging valid accounts. When analyzing MDR and IR investigations, the Sophos X-Ops team looked specifically at ransomware, data exfiltration, and data extortion cases to identify how fast attackers progressed through the stages of an attack within an organization. "


7 ways to get C-suite buy-in on that new cybersecurity tool

ciber
2025-04-03 https://www.helpnetsecurity.com/2025/04/03/c-suite-cybersecurity-tool-buy-in/

You’re in the middle of a sprint, juggling deadlines, debugging code, fine-tuning pipelines, and then it happens—you stumble across the perfect cybersecurity tool. It promises to eliminate secrets in logs, reduce risks in CI/CD pipelines, and save countless hours chasing security anomalies. But there’s one final boss to clear: the C-suite. Convincing leadership, especially those more attuned to balance sheets than breach reports, can feel like selling a Wi-Fi router to someone without any internet … More

The post 7 ways to get C-suite buy-in on that new cybersecurity tool appeared first on Help Net Security.

"

Autosummary: Securing buy-in is the path forward Ultimately, the key is to speak the C-suite’s language, one that prioritizes outcomes over features, strategy over tactics, and growth over stagnation.Lead with business value, not features Executives care about outcomes, such as cost savings, operational efficiency, and competitive edge.You’re in the middle of a sprint, juggling deadlines, debugging code, fine-tuning pipelines, and then it happens—you stumble across the perfect cybersecurity tool.For instance, if the tool reduces detection and response times from five hours to one, reclaiming four hours per incident, and your team handles 100 incidents annually, the value becomes tangible. "


Building a cybersecurity strategy that survives disruption

ciber
2025-04-03 https://www.helpnetsecurity.com/2025/04/03/building-cybersecurity-strategy/

Cybersecurity isn’t what it used to be. Attackers are moving quicker, disruptions happen all the time, and many security plans built for more predictable times just can’t keep up. With everything from ransomware to geopolitical threats to cloud slip-ups hitting companies, there’s a shift happening: security needs to be ready for chaos, not just focused on keeping things safe. That shift changes everything: how companies plan, how they invest, and how they recover. From protection … More

The post Building a cybersecurity strategy that survives disruption appeared first on Help Net Security.

"

Autosummary: “Forging strong partnerships with key stakeholders, including IT teams, executive leadership, and external cybersecurity experts, enhances the effectiveness of cybersecurity strategy.Invest in automation to enhance the efficiency of detection, triage, and initial response tasks, while orchestration platforms enable coordinated workflows across security and IT tools, significantly boosting response agility.Resilience is a whole-organisation challenge, requiring collaboration among the CISO, CIO, COO, and department heads.Such collaboration ensures that security measures are integrated seamlessly into business operations and receive buy-in,” Kory Daniels, CISO at Trustwave, told Help Net Security.“The work of the CISO is ongoing, requiring constant vigilance, continuous learning, and the ability to quickly pivot strategies in response to emerging risks and technological advancements.”Investing time in creating thorough, system-specific recovery plans fosters engagement, ensures clarity during emergencies, and highlights additional steps or resources that should be addressed beforehand. "


Travelers Cyber Risk Services reduces the risk of a cyberattack

ciber
2025-04-02 https://www.helpnetsecurity.com/2025/04/02/travelers-cyber-risk-services/

The Travelers Companies announced Travelers Cyber Risk Services, a suite of capabilities added to all cyber liability policies designed to help lower both the risk of a cyberattack and the cost to recover from one. In addition to always-on threat monitoring and tailored alerts, key benefits of Travelers Cyber Risk Services include: Cyber Risk Dashboard: This 24/7 tool gives consumers the ability to monitor risks and track progress over time, view customized recommendations ranked by … More

The post Travelers Cyber Risk Services reduces the risk of a cyberattack appeared first on Help Net Security.

"

Autosummary: “This new suite of services is designed to help customers more efficiently and effectively predict, prevent and recover from cyber incidents,” said Lauren Winchester, Head of Cyber Risk Services at Travelers. "


Cybersecurity jobs available right now: April 1, 2025

ciber
2025-04-01 https://www.helpnetsecurity.com/2025/04/01/cybersecurity-jobs-available-right-now-april-1-2025/

Cloud Security Engineer Fexco | Ireland | Hybrid – View job details As a Cloud Security Engineer, you will design and implement security frameworks for cloud environments. Enforce secure access policies, MFA, and least privilege principles. Develop automated security solutions using IaC and scripting. Perform security assessments and recommend improvements. Cyber Security Analyst Shannex | Canada | On-site – View job details As a Cyber Security Analyst, you will develop and maintain security architecture principles, … More

The post Cybersecurity jobs available right now: April 1, 2025 appeared first on Help Net Security.

"

Autosummary: Senior Engineer – Cyber Security Presight | UAE | On-site – View job details As a Senior Engineer – Cyber Security, you will architect, deploy, and manage security controls across EDR, NDR, PAM, SIEM (Splunk), MDM, and endpoint security ecosystems, ensuring continuous threat visibility and response. Information Security Engineer CareDx | USA | Hybrid – View job details As an Information Security Engineer, you will design, deploy, and manage comprehensive security architectures and tools, including SIEM, EDR, firewalls, IDPS, and WAF. Software Engineer, Security Zip | USA | On-site – View job details As a Software Engineer, Security, you will develop features to improve security and mitigate risk within Zip’s products, such as multi-region user authentication, account take-over detection systems, and universal audit trails. Cyber Security Analyst Shannex | Canada | On-site – View job details As a Cyber Security Analyst, you will develop and maintain security architecture principles, strategy and practices, roadmaps, and technical applications to engineer reliable solutions and measures for the business.MT | Malta | Hybrid – View job details As a Technical Lead and Security Specialist, you will be responsible for the development and implementation of a security risk management plan, as well as for initial and periodic information security risk assessments, analysis, mitigation, and remediation. "


Why global tensions are a cybersecurity problem for every business

ciber
2025-04-01 https://www.helpnetsecurity.com/2025/04/01/global-tensions-cybersecurity-problem/

With global tensions climbing, cyber attacks linked to nation-states and their allies are becoming more common, sophisticated, and destructive. For organizations, cybersecurity can’t be treated as separate from world events anymore, they’re closely connected. Conflict between countries is spilling into cyberspace. Whether it’s during military escalations, trade disputes, or diplomatic standoffs, governments are using cyber operations to exert pressure, gather intelligence, or disrupt systems. These attacks often hit private businesses, not just governments or critical … More

The post Why global tensions are a cybersecurity problem for every business appeared first on Help Net Security.

"

Autosummary: Whether it’s during military escalations, trade disputes, or diplomatic standoffs, governments are using cyber operations to exert pressure, gather intelligence, or disrupt systems. Andrew Ginter, VP of Industrial Security at Waterfall Security, urges OT sites to take a hard look at their evolving risk landscape, especially as they adopt Internet-connected industrial services and AI-driven efficiencies.According to DeBolt, “Heightened geopolitical tensions have reflected this transition in groups originating from China, Iran, and North Korea over the last couple of years—although the latter is somewhat more well-known for its duplicitous activity that often blurs the line of more traditional e-crime threats.”Michael DeBolt, Chief Intelligence Officer at Intel 471, explains: “Increasing polarization worldwide has seen the expansion of the state-backed threat actor role, with many established groups taking on financially motivated responsibilities alongside their other strategic goals.”Don’t just involve IT, bring in legal, compliance, communications, and business units.With global tensions climbing, cyber attacks linked to nation-states and their allies are becoming more common, sophisticated, and destructive.“We’re seeing bricked controllers causing prolonged outages, damaged heavy equipment leading to even longer downtimes, and compromised safety systems—none of which are acceptable,” Ginter warns. "


How to build an effective cybersecurity simulation

ciber
2025-04-01 https://www.helpnetsecurity.com/2025/04/01/cybersecurity-simulations-exercise/

Most people groan at the prospect of security training. It’s typically delivered through dull online videos or uninspiring exercises that fail to capture real-world urgency. To make a real difference in cyber crisis readiness, personnel need the opportunity to test their mettle in a crisis, to build the muscle memory and decision-making skills that will make a difference when a real attack occurs. This is where cyber simulations come in, by providing the opportunity to … More

The post How to build an effective cybersecurity simulation appeared first on Help Net Security.

"

Autosummary: To make a real difference in cyber crisis readiness, personnel need the opportunity to test their mettle in a crisis, to build the muscle memory and decision-making skills that will make a difference when a real attack occurs.However, there should be a strong collaborative aspect, with input from security, disaster recovery, and other involved teams.This could be technical capabilities, executive decision-making, cross-team coordination, or a combination of factors. Highly granular data is important here, letting you delve in by department, team, and individual performance. Achieving real cyber crisis readiness Cybersecurity simulations are not just a compliance exercise – they build real-world resilience, helping companies prepare for a genuine crisis. "


Stellar Cyber Open Cybersecurity Alliance enhances threat detection and response

ciber
2025-04-01 https://www.helpnetsecurity.com/2025/04/01/stellar-cyber-open-cybersecurity-alliance/

Stellar Cyber launched its Open Cybersecurity Alliance based on its award-winning Open XDR platform. This initiative streamlines security operations, improves interoperability, and enhances threat detection and response for enterprises and MSSPs. The new alliance challenges the idea that in order to be effective, ecosystems must be built on proprietary data or a closed model, with a “members-only” approach advocating for a specific data format. The Open Cybersecurity Alliance takes a completely different approach by enabling … More

The post Stellar Cyber Open Cybersecurity Alliance enhances threat detection and response appeared first on Help Net Security.

"

Autosummary: The newly launched ecosystem already features integrations with top security platforms across many different categories, including endpoint detection and response (EDR), identity and access management (IAM), privileged access security (PAS), secure access service edge (SASE), next-generation firewall, email security, vulnerability management (VM), cloud security, infrastructure as a service (IaaS), and software as a service (SAAS), and more. “At Netskope, we are committed to delivering modern security, networking, and analytics solutions that empower organizations to protect their users and data, regardless of where they work,” said Andy Horwitz, SVP of Global Partner Ecosystems at Netskope. By openly integrating with best-in-class solutions across all aspects of the security stack, customers can add speed and scale to their security operations with increased visibility, more accurate threat correlation, and better response times via a unified, easy-to-use technology alliance ecosystem. "


EU invests €1.3 billion in AI and cybersecurity

ciber
2025-03-31 https://www.helpnetsecurity.com/2025/03/31/eu-digital-work-programme-funding/

The European Commission has approved the 2025-2027 Digital Europe Programme (DIGITAL) work program, allocating €1.3 billion to advance key technologies essential for the EU’s future and technological sovereignty. DIGITAL is an EU funding initiative designed to bring digital technology closer to businesses, citizens, and public administrations. Digital technology is essential for communication, work, science, and tackling environmental challenges. The COVID-19 pandemic highlighted Europe’s reliance on external systems, while Russia’s war against Ukraine exposed vulnerabilities in … More

The post EU invests €1.3 billion in AI and cybersecurity appeared first on Help Net Security.

"

Autosummary: With a total budget exceeding €8.1 billion, the program focuses on several key areas such as supercomputing, artificial intelligence, cybersecurity, advanced digital skills, and the widespread adoption of digital technologies across the economy and society. "


Cybersecurity spending set to jump 12.2% in 2025

ciber
2025-03-28 https://www.helpnetsecurity.com/2025/03/28/idc-cybersecurity-spending-2025/

Global cybersecurity spending is expected to grow by 12.2% in 2025, according to the latest forecast from the IDC Worldwide Security Spending Guide. The rise in cyber threats is pushing organizations to invest more in their defenses. AI tools are making these threats more sophisticated, which is adding to the urgency. IDC says this steady climb in spending will continue through 2028, hitting $377 billion by then. The U.S. and Western Europe will still make … More

The post Cybersecurity spending set to jump 12.2% in 2025 appeared first on Help Net Security.

"

Autosummary: Banking, federal/central government, telecommunications, capital markets, and healthcare provider will be the industries spending the most at the global level on security in 2025, while the fastest-growing will be capital markets, media and entertainment, and life sciences with an expected year-on-year growth rate of 19.4%, 17.1%, and 16.9%, respectively in 2025. "


Healthcare’s alarming cybersecurity reality

ciber
2025-03-28 https://www.helpnetsecurity.com/2025/03/28/healthcare-devices-vulnerabilities/

89% of healthcare organizations have the top 1% of riskiest Internet of Medical Things (IoMT) devices – which contain known exploitable vulnerabilities (KEVs) linked to active ransomware campaigns as well as an insecure connection to the internet – on their networks, according to Claroty. These figures represent a highly targeted, critical area where most security teams should prioritize their remediation efforts. The report is based on an analysis of over 2.25 million IoMT and 647,000 … More

The post Healthcare’s alarming cybersecurity reality appeared first on Help Net Security.

"

Autosummary: 8% of imaging systems (X-rays, CT scans, MRI, ultrasound, and more) have KEVs linked to ransomware and insecure internet connectivity—making this the riskiest medical device category—impacting 85% of organizations. 20% of hospital information systems (HIS), which manage clinical patient data, as well as administrative and financial information, have KEVs linked to ransomware and insecure internet connectivity, impacting 58% of organizations. "


Hottest cybersecurity open-source tools of the month: March 2025

ciber
2025-03-27 https://www.helpnetsecurity.com/2025/03/27/hottest-cybersecurity-open-source-tools-of-the-month-march-2025/

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Hetty: Open-source HTTP toolkit for security research Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to commercial tools like Burp Suite Pro. Fix Inventory: Open-source cloud asset inventory tool Fix Inventory is an open-source tool for detecting compliance and security risks in cloud infrastructure accounts. Commix: Open-source OS command injection exploitation … More

The post Hottest cybersecurity open-source tools of the month: March 2025 appeared first on Help Net Security.

"

Autosummary: "


A closer look at The Ultimate Cybersecurity Careers Guide

ciber
2025-03-27 https://www.helpnetsecurity.com/2025/03/27/kim-crawley-ultimate-cybersecurity-careers-guide/

In this Help Net Security interview, Kim Crawley, cybersecurity expert and Professor at the Open Institute of Technology, discusses her latest book, The Ultimate Cybersecurity Careers Guide. She shares insights on how aspiring professionals can break into the field and explores the importance of continuous learning. What makes this guide different from other available cybersecurity career resources? That’s an excellent question. The vast majority of books on cybersecurity certifications are guides to one particular certification … More

The post A closer look at The Ultimate Cybersecurity Careers Guide appeared first on Help Net Security.

"

Autosummary: Each of the big vendor neutrals (i.e., CompTIA, ISC2, etc.) has a chapter, and each of the big vendor specifics (i.e., Microsoft, AWS, etc.) has a chapter too.In this Help Net Security interview, Kim Crawley, cybersecurity expert and Professor at the Open Institute of Technology, discusses her latest book, The Ultimate Cybersecurity Careers Guide.I cowrote The Pentester Blueprint, I wrote a detailed manual on cloud “pentesting” (actually, it’s vuln scanning), I worked for Hack The Box, I did a SANS talk on pentesting reports.I personally have had CompTIA A+, Network+, Security+, and ISC2 CISSP, but that’s it. There are a handful of great cybersecurity career advice YouTubers, subreddits, social media accounts, and so on.I explain most of the common cybersecurity roles in detail, the upsides and downsides of each of them, which certs may be relevant, and how to network to get those jobs.Employers should only ask for CISSPs for roles that require a lot of previous industry experience, in SecOps, security architecture, or security leadership.But, if for example, someone gets an $800 bug bounty reward here or there, that can lead to application security and application pentesting jobs that do provide a full time income.While my readers work on becoming employable humans, I urge you to bypass GenAI in search engines, do your own thinking, and come up with your own ideas when you’re doing any sort of creative or cognitive work. "


BlackLock Ransomware Targeted by Cybersecurity Firm

exploits ransomware ciber
2025-03-26 https://securityaffairs.com/175877/cyber-crime/blacklock-ransomware-targeted-by-cybersecurity-firm.html
Resecurity found an LFI flaw in the leak site of BlackLock ransomware, exposing clearnet IPs and server details. Resecurity has identified a Local File Include (LFI) vulnerability in Data Leak Site (DLS) of BlackLock Ransomware.  Cybersecurity experts were able to exploit misconfiguration in vulnerable web-app used by ransomware operators to publish victims’ data – leading […] "

Autosummary: The impacted organizations were based in Argentina, Aruba, Brazil, Canada, Congo, Croatia, Peru, France, Italy, Spain, the Netherlands, the United States, the United Kingdom, and the UAE. "


Spring clean your security data: The case for cybersecurity data hygiene

ciber
2025-03-25 https://www.helpnetsecurity.com/2025/03/25/security-data-hygiene/

Spring cleaning isn’t just for your closets; security teams should take the same approach to their security operations data, where years of unchecked log growth have created a bloated, inefficient and costly mess. The modern Security Operations Center (SOC) is drowning in security telemetry from endpoints, cloud, SaaS applications, identity platforms and a growing list of other sources. In practice, most of these are redundant, irrelevant, or just outright noise, and are affecting detection effectiveness, … More

The post Spring clean your security data: The case for cybersecurity data hygiene appeared first on Help Net Security.

"

Autosummary: Instead, security teams should focus on curation, contextualization, and value efficiency and forward only what matters when it matters, enriching it effectively, and storing everything where it makes the most sense.In practice, most of these are redundant, irrelevant, or just outright noise, and are affecting detection effectiveness, operational efficiency, and the ability to extract real insights.Stop DIYing security data management For years, security teams had little choice but to repurpose log management tools, custom scripts, and DIY approaches to make sense of security telemetry.Instead, lean-forward teams should be leveraging a variety of techniques – including machine learning, vector analysis, knowledge graphs and LLMs – to automate event transformation, refinement, and prioritization. "


Cybersecurity jobs available right now: March 25, 2025

ciber
2025-03-25 https://www.helpnetsecurity.com/2025/03/25/cybersecurity-jobs-available-right-now-march-25-2025/

Analyst – Cyber Threat Intelligence Adecco | UAE | On-site – View job details As an Analyst – Cyber Threat Intelligence, you will conduct threat hunting missions across multi-cloud environments and perform cyber forensics to analyze security incidents. You will also engage in offensive security assessments, participate in red teaming, and support incident response efforts to mitigate breaches. Application and Product Security Senior Analyst (Penetration Testing) Vertiv | USA | On-site – View job details … More

The post Cybersecurity jobs available right now: March 25, 2025 appeared first on Help Net Security.

"

Autosummary: Information Security Engineer II (Network Security) First Citizens | India | On-site – View job details As an Information Security Engineer II (Network Security), you will be responsible for analyzing, designing, installing, configuring, maintaining, and repairing of network security infrastructure and application components. Network & Cloud Security Specialist Sagen | Canada | Hybrid – View job details As a Network & Cloud Security Specialist, you will execute the deployment of security controls for Sagen’s networks and network access including all associated VPN, firewalls, intrusion detection and prevention systems, web application firewalls, and cloud access controls. Senior Security Consultant – Offensive Security Stratascale | USA | Remote – View job details As a Senior Security Consultant – Offensive Security, you will perform penetration testing against complex environments covering both external, internal, web application, and other forms of offensive security engagements. Cyber Security Architect Varonis | Israel | Hybrid – View job details As a Cyber Security Architect, you will be responsible for designing, developing, and implementing security solutions to protect Varonis’ infrastructure, applications, and data from cyber threats. "


Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack

ciber
2025-03-25 https://securityaffairs.com/175833/security/astral-foods-cyber-attack.html
Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack disrupting deliveries and impacting operations. Astral Foods is a South African integrated poultry producer and one of the country’s largest food companies. It specializes in poultry production, animal feed, and related agricultural operations. The company supplies chicken products to retail, wholesale, […] "

Autosummary: Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack Pierluigi Paganini March 25, 2025 March 25, 2025 Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack disrupting deliveries and impacting operations. "


A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia

ciber
2025-03-25 https://securityaffairs.com/175810/hacking/cyberattack-hit-ukraines-national-railway-operator.html
A cyberattack on Ukraine’s national railway operator Ukrzaliznytsia disrupted online ticket services, causing long lines at Kyiv’s station. The Record Media first reported the news of a cyber attack on Ukraine’s national railway operator Ukrzaliznytsia that disrupted online ticket services, causing long lines at Kyiv’s station. The incident led to overcrowding and long delays as […] "

Autosummary: A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia Pierluigi Paganini March 25, 2025 March 25, 2025 A cyberattack on Ukraine’s national railway operator Ukrzaliznytsia disrupted online ticket services, causing long lines at Kyiv’s station. "


The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses

ciber
2025-03-25 https://www.helpnetsecurity.com/2025/03/25/cynomi-vciso-academy/

By now, it’s no secret—cyber threats are on the rise, and the need for strong cybersecurity is greater than ever. Globally small and medium-sized businesses (SMBs) are prime targets for cyberattacks, yet many can’t afford a full-time Chief Information Security Officer (CISO). That’s where the virtual CISO (vCISO) model comes in, offering a cost-effective way for SMBs to get expert security leadership in using a flexible model and without the big price tag. For MSPs … More

The post The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses appeared first on Help Net Security.

"

Autosummary: Some key highlights of the academy include: Expert guidance from industry experts who share their practical knowledge and experience on a wide range of essential vCISO functions, including risk and compliance assessments, cybersecurity strategy development, and effective communication of risks to executive teams. Empowering MSPs and MSSPs to accelerate their vCISO journey By bridging the knowledge gap and offering structured, accessible learning, the vCISO Academy empowers service providers to: Broaden their perspective: The vCISO Academy provides a deeper understanding of what it means to be a vCISO with specialized training to address the cybersecurity shortage. "


Q4 2024 – a brief overview of the main incidents in industrial cybersecurity

industry ciber
2025-03-25 https://ics-cert.kaspersky.com/publications/q4-2024-a-brief-overview-of-the-main-incidents-in-industrial-cybersecurity/
In Q4 2024, 107 incidents were publicly confirmed by victims. All of these incidents are included in the table at the end of the overview, with select incidents described in detail. Report at a glance Attacks leading to insolvency Kreisel Manufacturing | Denial of operations, insolvency | Ransomware German bulk material handling company Kreisel GmbH & […] "

Autosummary: Stoli Group Manufacturing, food and beverage | Denial of operations, denial of IT services, data leakage, bankruptcy | Ransomware Stoli Group USA and Kentucky Owl, U.S.-based subsidiaries of the Luxembourg-based vodka manufacturer Stoli Group, filed for Chapter 11 bankruptcy on November 29, months after a ransomware attack disrupted their operations. Medion Manufacturing, electronics | Denial of operations, denial of IT systems, data leakage | Ransomware German electronic products supplier Medion AG, a subsidiary of Lenovo, a Chinese multinational technology company, became the target of a cyberattack.Countries with the highest number of reported incidents: USA: 81% (87 incidents) Germany: 6% (7 incidents) Japan: 4% (4 incidents) This quarter, we saw incidents in certain countries where we rarely see public confirmation of incidents: Costa Rica, Luxembourg, Latvia, Burkina Faso, and Pakistan. Other major incidents of interest Microlise Transportation, logistics| Denial of IT systems, denial of services | Ransomware Microlise, a British telematics and fleet management solution provider, was affected by the cyberattack known to have disrupted DHL’s store deliveries for the retailer NISA. Biggest impact prevented by responders TetraSoft Energy, mining | Denial of operations and services, supply chain / trusted partner A targeted cyberattack on TetraSoft, a Russian company that provides remote monitoring of hydrocarbon production and drilling, was detected and stopped.According to the company, the threat actors stole a total of 50,694 files from NPCV, including internal documents related to green procurement, health and safety, policies, and transactions, as well as emails from business partners.According to Financial Times, Serco, which handles the transport of prisoners for the Ministry of Justice, has seen vehicle tracking, panic alarms, navigation, and notifications related to estimated arrival times disabled. Incidents at large organizations Schneider Electric Energy, manufacturing | Personal data leakage | Ransomware On November 4, French energy management and automation solutions company Schneider Electric confirmed a cyberattack involving unauthorized access to one of its internal project execution tracking platforms hosted in an isolated environment following claims by the Grep (Hellcat) group of an incident involving the theft of 40 GB and a ransom demand. "


Cyberattack takes down Ukrainian state railway’s online services

government ciber
2025-03-24 https://www.bleepingcomputer.com/news/security/cyberattack-takes-down-ukrainian-state-railways-online-services/
Ukrzaliznytsia, Ukraine"s national railway operator, has been hit by a massive cyberattack that disrupted online services for buying tickets both through mobile apps and the website. [...] "

Autosummary: The incident forced people to booths to buy physical tickets, causing overcrowding, delays, long waiting times, and frustration. "


Cybersecurity jobs available right now in the USA: March 20, 2025

ciber
2025-03-20 https://www.helpnetsecurity.com/2025/03/20/cybersecurity-jobs-available-right-now-in-the-usa-march-20-2025/

AI Security Architect Verizon | USA | Hybrid – View job details As an AI Security Architect, you will ensure security architecture reviews are integrated into Verizon’s AI development lifecycle. This includes embedding robust security measures from design to deployment, conducting risk assessments on AI models, and implementing security tools and protocols in AI/ML operations. Application Penetration Tester – Cyber Security Supervisor RSM US LLP | USA | Hybrid – View job details As an … More

The post Cybersecurity jobs available right now in the USA: March 20, 2025 appeared first on Help Net Security.

"

Autosummary: Senior Application Security Engineer CLEAR | USA | On-site – View job details As a Senior Application Security Engineer, you will perform security risk assessments, manual penetration security testing, automate security testing, threat modeling, and develop/conduct education on secure coding. CISO Equinix | USA | Hybrid – View job details As a CISO, you will develop and execute a comprehensive information security strategy that is aligned with business objectives, risk appetite, goals, regulatory requirements, and industry best practices. Network Security Engineer (DevSecOps) Intel | USA | Hybrid – View job details As a Network Security Engineer (DevSecOps), you will assist in architecting network security products, including testing, validation, and selection.You will tune and enhance system infrastructure for security, automate manual tasks through scripting and application development, investigate and adopt new security technologies and tools as needed, and evaluate, test, and integrate new security controls, settings, and tools. "


Sperm bank breach deposits data into hands of cybercriminals

financial ciber
2025-03-19 https://www.malwarebytes.com/blog/news/2025/03/sperm-bank-breach-deposits-data-into-hands-of-cybercriminals
Sperm donor giant California Cryobank has announced it has suffered a data breach that exposed customers" personal information. "

Autosummary: The Breach Notification Rule requires the provision of a notification to affected individuals, the Secretary of Health and Human Services, and, in certain circumstances, to the media, in the event of a breach of unsecured PHI. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts. The handling, storage, and sharing of protected health information (PHI) within sperm banks falls under the Health Insurance Portability and Accountability Act (HIPAA): The Privacy Rule requires sperm banks to implement safeguards to protect the privacy of PHI and sets limits and conditions on the uses and disclosures that can be made without patient consent. "


Cybersecurity jobs available right now: March 18, 2025

ciber
2025-03-18 https://www.helpnetsecurity.com/2025/03/18/cybersecurity-jobs-available-right-now-march-18-2025/

Application Security Expert monday.com | United Kingdom | Hybrid – View job details As an Application Security Expert, you will provide guidance on security best practices and compliance, and undertake security testing. Develop security testing plans and integrate them into the software development lifecycle. Perform and oversee security testing and manage remediation of identified vulnerabilities. Application Security Analyst II, Information Security First National Financial | Canada | On-site – View job details As an Application … More

The post Cybersecurity jobs available right now: March 18, 2025 appeared first on Help Net Security.

"

Autosummary: Manager, Cybersecurity with Data security, Security AI, DLP NielsenIQ | India | On-site – View job details As a Manager, Cybersecurity with Data security, Security AI, DLP, you will lead the design, implementation, and management of data security solutions, including but not limited to DLP, CASB, database security, and DSPM. Application Security Analyst II, Information Security First National Financial | Canada | On-site – View job details As an Application Security Analyst II, Information Security, you will analyze and document processes, policies, controls, and standards to ensure compliance with security frameworks and regulations. Cyber Security Engineer METEOR | Malaysia | On-site – View job details As a Cyber Security Engineer, you will be responsible for application security, cybersecurity, network security, information security, and vulnerability assessment. I have read and agree to the terms & conditions Leave this field empty if you"re human: Cryptographic Key Operations Lead, Vice President State Street | Ireland | On-site – View job details As a Cryptographic Key Operations Lead, Vice President, oversee the daily operations and security of cryptographic key management, ensuring compliance with financial industry regulations. "


Review: Cybersecurity Tabletop Exercises

ciber
2025-03-17 https://www.helpnetsecurity.com/2025/03/17/review-cybersecurity-tabletop-exercises/

Packed with real-world case studies and practical examples, Cybersecurity Tabletop Exercises offers insights into how organizations have successfully leveraged tabletop exercises to identify security gaps and enhance their incident response strategies. The authors explore a range of realistic scenarios, including phishing campaigns, ransomware attacks, and insider threats, demonstrating how these exercises can uncover vulnerabilities before an actual crisis occurs. It also highlights key lessons learned from exercises that didn’t go as planned, providing a well-rounded … More

The post Review: Cybersecurity Tabletop Exercises appeared first on Help Net Security.

"

Autosummary: Real-world examples The book uses a practical, step-by-step approach, guiding readers through every phase of a successful tabletop exercise, from initial planning and execution to follow-up evaluations. "


Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users" Actions

exploits ciber
2025-03-17 https://thehackernews.com/2025/03/cybercriminals-exploit-css-to-evade.html
Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users" actions. That"s according to new findings from Cisco Talos, which said such malicious activities can compromise a victim"s security and privacy. "The features available in CSS allow attackers and spammers to track users" actions and "

Autosummary: "


Week in review: NIST selects HQC for post-quantum encryption, 10 classic cybersecurity books

ciber
2025-03-16 https://www.helpnetsecurity.com/2025/03/16/week-in-review-nist-selects-hqc-for-post-quantum-encryption-10-classic-cybersecurity-books/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST selects HQC as backup algorithm for post-quantum encryption Last year, NIST standardized a set of encryption algorithms that can keep data secure from a cyberattack by a future quantum computer. Now, NIST has selected a backup algorithm that can provide a second line of defense for the task of general encryption, which safeguards internet traffic and stored data alike. … More

The post Week in review: NIST selects HQC for post-quantum encryption, 10 classic cybersecurity books appeared first on Help Net Security.

"

Autosummary: Hetty: Open-source HTTP toolkit for security research Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to commercial tools like Burp Suite Pro. Defending against EDR bypass attacks In this Help Net Security video, John Dwyer, Director of Security Research at Binary Defense, discusses how over-reliance on EDR and lack of monitoring EDR telemetry health has become a risk in corporate security, the evolving tools and techniques attackers are using, and key mistakes companies are making when it comes to their EDR. New infosec products of the week: March 14, 2025 Here’s a look at the most interesting products from the past week, featuring releases from Alloy, Detectify, Pondurance, and SimSpace. "


Cybersecurity classics: 10 books that shaped the industry

industry ciber
2025-03-13 https://www.helpnetsecurity.com/2025/03/13/cybersecurity-classics-books/

Cybersecurity constantly evolves, but some books have stood the test of time, shaping how professionals think about security, risk, and digital threats. Whether you’re a CISO, a seasoned expert, or cybersecurity enthusiast, these must-reads belong on your shelf. Masters of Deception: The Gang That Ruled Cyberspace Author: Michele Slatalla Set against the backdrop of the 1990 AT&T phone network crash, Masters of Deception chronicles an important moment in hacker history: law enforcement cracked down on … More

The post Cybersecurity classics: 10 books that shaped the industry appeared first on Help Net Security.

"

Autosummary: Through meticulous research and firsthand interviews, Krebs unravels the rise of digital crime syndicates that flood inboxes with fraudulent pharmacy ads, malware, and phishing schemes—operations that steal identities, drain bank accounts, and even endanger lives. Author: Kim Zetter In Countdown to Zero Day, journalist Kim Zetter unravels the gripping story of Stuxnet, the world’s first true cyberweapon, a sophisticated piece of malware designed not just to steal data but to cause real-world destruction. "


Cybersecurity jobs available right now in Europe: March 13, 2025

ciber
2025-03-13 https://www.helpnetsecurity.com/2025/03/13/cybersecurity-jobs-available-right-now-in-europe-march-13-2025/

Cloud Security Engineer TUI Group | Portugal | Hybrid – View job details As a Cloud Security Engineer, you will contribute to the implementation of security solutions and will work alongside our Security Operations team to ensure appropriate controls are engineered, addressing the technical requirements of our global business. You will support the implementation and maintenance of identity protection, threat detection, and email security solutions across Microsoft 365 environment. Cybersecurity Architect ExpressVPN | Poland | … More

The post Cybersecurity jobs available right now in Europe: March 13, 2025 appeared first on Help Net Security.

"

Autosummary: Senior Enterprise IT and OT Security Architect Volvo Group | Sweden | On-site – View job details As a Senior Enterprise IT and OT Security Architect, you will develop security architectural frameworks and blueprints that guide the design, development, and implementation of secure infrastructure, encompassing data protection, authentication, authorization, encryption, and allied security measures. Security Architect (SIEM) EPAM Systems | Latvia | Remote – View job details As a Security Architect (SIEM), you will lead the design, deployment, and configuration of SIEM solutions, ensuring seamless integration with various security tools, systems, and log sources. Cybersecurity Architect ExpressVPN | Poland | Hybrid – View job details As a Cybersecurity Architect, you will plan, implement, manage, monitor and upgrade security measures/architectures for the protection of the organization’s data, systems, and networks. SecOps Engineer Showpad | Romania | Hybrid – View job details As a SecOps Engineer, you will monitor and respond to security events involving vulnerabilities, endpoints, user behavior analytics, firewalls, IDS/IPS, and external threat intelligence. "


Burnout in cybersecurity: How CISOs can protect their teams (and themselves)

ciber
2025-03-12 https://www.helpnetsecurity.com/2025/03/12/cybersecurity-burnout-ciso/

Cybersecurity is a high-stakes, high-pressure field in which CISOs and their teams constantly battle threats, compliance requirements, and business expectations. The demand for 24/7 vigilance, sophisticated attacks, and a shortage of skilled professionals have led to a burnout epidemic in the industry. For CISOs, this isn’t just a personal issue, it’s a business risk. A burned-out team is less effective, more prone to errors, and more likely to leave, creating knowledge gaps that further strain … More

The post Burnout in cybersecurity: How CISOs can protect their teams (and themselves) appeared first on Help Net Security.

"

Autosummary: These challenges are placing immense pressure on CISOs, resulting in heightening stress and the risk of burnout on them and their teams,” Brian Honan, CEO at BH Consulting, told Help Net Security.Cybersecurity is a high-stakes, high-pressure field in which CISOs and their teams constantly battle threats, compliance requirements, and business expectations. Managing the workload: Prioritization and automation Security teams are overwhelmed by a never-ending stream of alerts, incidents, and compliance requirements. “In addition to managing cyber threats and changing business challenges, today’s CISO must also deal with the increasing burden to deal with regulations such as the EU GDPR, NIS2, and DORA. "


Cybersecurity jobs available right now: March 11,2025

ciber
2025-03-11 https://www.helpnetsecurity.com/2025/03/11/cybersecurity-jobs-available-right-now-march-112025/

The post Cybersecurity jobs available right now: March 11,2025 appeared first on Help Net Security.

"

Autosummary: Senior Penetration Tester Ekco | Ireland | On-site – View job details As a Senior Penetration Tester, you will conduct comprehensive penetration tests on clients’ systems across various platforms (including web applications, mobile applications, thick client applications, infrastructure, APIs, cloud platforms) to identify security vulnerabilities, weaknesses, and potential risks. Digital Security – Principal Specialist, Security Risk & Assurance AVEVA | United Kingdom | Hybrid – View job details As a Digital Security – Principal Specialist, Security Risk & Assurance, you will build, operate, and optimise security risk management and risk assurance services that enable effective, and data driven risk management and reporting across operations. Open-Source Intelligence Analyst/Senior Associate, Forensic Deloitte | Canada | Hybrid – View job details As an Open-Source Intelligence Analyst/Senior Associate, Forensic, you collect, assess and disseminate publicly available data and information from social media, deep, and dark web sources in response to priority intelligence requirements on matters relating to financial crime, integrity and reputation concerns, strategy and a variety of risk issues. Endpoint Security Engineer HCLTech | UAE | On-site – View job details As an Endpoint Security Engineer, you will design, deploy, and manage endpoint security solutions such as antivirus, EDR, DLP, and device control systems. "


Smart cybersecurity spending and how CISOs can invest where it matters

ciber
2025-03-11 https://www.helpnetsecurity.com/2025/03/11/ciso-smart-cybersecurity-spending/

CISOs face mounting pressure to spend wisely on security. Yet, many organizations remain vulnerable due to misplaced priorities and inefficient budgeting. This article explores common pitfalls and offers strategies to strengthen cybersecurity. Recent data highlights a paradox: while cybersecurity budgets rise, security incidents continue unabated. A survey by the Ponemon Institute revealed a 59% increase in cyber budgets year-over-year, yet 61% of organizations experienced a data breach or cybersecurity incident in the past two years. … More

The post Smart cybersecurity spending and how CISOs can invest where it matters appeared first on Help Net Security.

"

Autosummary: When security spending isn’t part of a closed-loop system that connects real-world threats to measurable outcomes, you’re essentially paying for digital theater rather than actual protection,” Alex Rice, CTO at HackerOne, told Help Net Security. Areas that need more investment Incident response planning Many organizations lack an incident response plan, leading to prolonged recovery times and increased breach costs. Recommendation: Allocate funds for ongoing, role-specific cybersecurity training to foster a security-aware culture. "


How remote work strengthens cybersecurity teams

ciber
2025-03-11 https://www.helpnetsecurity.com/2025/03/11/remote-work-cybersecurity-teams/

The global transition to remote work has reshaped traditional workplace dynamics, introducing challenges and opportunities for cybersecurity teams. For CISOs and security professionals, embracing a remote workforce can be a strategic advantage, enhancing team capabilities and driving the modernization of security practices. Specialized security positions For CISOs struggling to fill highly specialized cybersecurity roles, remote work provides a critical advantage: access to a global talent marketplace where niche expertise is more readily available. Instead of … More

The post How remote work strengthens cybersecurity teams appeared first on Help Net Security.

"

Autosummary: For example, having deep-knowledge specialists distributed around the world, working flexible hours, allows an organization to pull them in during an incident response, whatever the time of day, or day of the week. "


Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

ciber
2025-03-11 https://securityaffairs.com/175223/security/cybersecurity-challenges-in-cross-border-data-transfers-and-regulatory-compliance-strategies.html
Cross-border data transfers enable global business but face challenges from varying cybersecurity laws, increasing risks of cyberattacks and data breaches. The digital revolution has enabled organizations to operate seamlessly across national boundaries, relying on cross-border data transfers to support e-commerce, cloud computing, artificial intelligence, and financial transactions. However, as data moves across multiple jurisdictions, it […] "

Autosummary: Table 2: Geopolitical Factors Affecting Cross-Border Data Transfers Factor Impact on Data Transfers Trade Restrictions Limits data exchange between certain countries Data Localization Laws Requires in-country storage, increasing compliance costs Government Surveillance Laws Allows state access to private sector data Cybersecurity Diplomacy Conflicts Disrupts international cooperation on cybersecurity standards As geopolitical tensions continue to rise, businesses must remain vigilant in monitoring changes in regulatory policies that could impact their ability to transfer data securely.At the same time, the growing threats of cyberattacks, including ransomware, phishing, and insider threats, highlight the need for continuous monitoring, automated compliance solutions, and robust security architectures to safeguard sensitive data during cross-border transactions.Hackers deploy various techniques, such as man-in-the-middle attacks, ransomware, phishing schemes, and supply chain compromises, to intercept, manipulate, or steal sensitive data.Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies Pierluigi Paganini March 11, 2025 March 11, 2025 Cross-border data transfers enable global business but face challenges from varying cybersecurity laws, increasing risks of cyberattacks and data breaches. "


Switzerland’s NCSC requires cyberattack reporting for critical infrastructure within 24 hours

ciber
2025-03-11 https://securityaffairs.com/175260/laws-and-regulations/switzerlands-ncsc-requires-cyberattack-reporting-for-critical-infrastructure-within-24-hours.html
Switzerland’s NCSC mandates critical infrastructure organizations to report cyberattacks within 24 hours of discovery. Switzerland’s National Cybersecurity Centre (NCSC) now requires critical infrastructure organizations to report cyberattacks within 24 hours due to rising cybersecurity threats. The new policy related to security breach notification is introduced as a response to the increasing number of cyber incident. […] "

Autosummary: Switzerland’s NCSC requires cyberattack reporting for critical infrastructure within 24 hours Pierluigi Paganini March 11, 2025 March 11, 2025 Switzerland’s NCSC mandates critical infrastructure organizations to report cyberattacks within 24 hours of discovery. "


Swiss critical sector faces new 24-hour cyberattack reporting rule

ciber
2025-03-10 https://www.bleepingcomputer.com/news/security/swiss-critical-sector-faces-new-24-hour-cyberattack-reporting-rule/
Switzerland"s National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery. [...] "

Autosummary: "


Review: The Cybersecurity Trinity

ciber
2025-03-10 https://www.helpnetsecurity.com/2025/03/10/review-the-cybersecurity-trinity/

The Cybersecurity Trinity provides a comprehensive approach to modern cybersecurity by integrating AI, automation, and active cyber defense (ACD) into a unified strategy. Instead of addressing these elements in isolation, the author demonstrates how they work together to enhance security effectiveness, offering a practical and actionable framework grounded in the NIST Cybersecurity Framework. About the author Donnie Wendt, an adjunct professor of cybersecurity at Utica University, brings over 30 years of hands-on experience in cybersecurity, … More

The post Review: The Cybersecurity Trinity appeared first on Help Net Security.

"

Autosummary: About the author Donnie Wendt, an adjunct professor of cybersecurity at Utica University, brings over 30 years of hands-on experience in cybersecurity, combining practical implementation expertise with academic research to explore security strategies. "


X hit by ‘massive cyberattack’ amid Dark Storm’s DDoS claims

ciber
2025-03-10 https://www.bleepingcomputer.com/news/security/x-hit-by-massive-cyberattack-amid-dark-storms-ddos-claims/
The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare. [...] "

Autosummary: "


X users report login troubles as Dark Storm claims cyberattack

ciber
2025-03-10 https://www.malwarebytes.com/blog/news/2025/03/x-users-report-login-troubles-as-dark-storm-claims-cyberattack
In the early morning hours of March 10, thousands of users on X (formerly Twitter) began having trouble logging into the... "

Autosummary: "


Elon Musk blames a massive cyberattack for the X outages

ciber
2025-03-10 https://securityaffairs.com/175209/hacking/elon-musk-x-ddos-attack-dark-dark-storm-team.html
Elon Musk said that the global outages impacting its platform X during the day are being caused by a cyberattack. A major cyber attack appears to be the root cause of the global outage on X, according to its CEO Elon Musk. About 40,000 users reported issues accessing Twitter, according to Downdetector.com. Musk has provided […] "

Autosummary: “This is amongst the longest Twitter outages tracked in terms of duration, and the pattern is consistent with a denial of service attack targeting X’s infrastructure at scale,” Alp Toker, director of internet monitor Netblocks, told Recorded Future News. "


Can AI-powered gamified simulations help cybersecurity teams keep up?

ciber
2025-03-07 https://www.helpnetsecurity.com/2025/03/07/ai-gamified-simulations-cybersecurity/

Traditional training often lacks the hands-on experience cybersecurity teams need to counter advanced threats. AI-powered gamified simulations combine artificial intelligence with interactive learning to enhance their skills. Conventional cybersecurity training programs frequently rely on static content, which can become outdated. These programs may also lack the engagement necessary to maintain participant interest, leading to suboptimal retention of critical skills. In contrast, gamified simulations introduce dynamic, scenario-based learning environments that mirror real-world cyber threats, fostering more … More

The post Can AI-powered gamified simulations help cybersecurity teams keep up? appeared first on Help Net Security.

"

Autosummary: In contrast, gamified simulations introduce dynamic, scenario-based learning environments that mirror real-world cyber threats, fostering more profound understanding and retention. "


Free vCISO Course: Turning MSPs and MSSPs into Cybersecurity Powerhouses

ciber
2025-03-06 https://www.bleepingcomputer.com/news/security/free-vciso-course-turning-msps-and-mssps-into-cybersecurity-powerhouses/
The vCISO Academy is a free learning platform to equip service providers with training needed to build and expand their vCISO offerings. Learn more from Cynomi on how the Academy helps you launch or expand your vCISO services. [...] "

Autosummary: Key features of the academy include: Expert guidance from industry experts who share their practical knowledge and experience on a wide range of essential vCISO functions, including risk and compliance assessments, cybersecurity strategy development, and effective communication of risks to executive teams.Download to get a better understanding of the vCISO’s main duties, roles and responsibilities Download for free The Expertise Gap in Delivering vCISO Services While the market for vCISO services is rapidly expanding, many MPSs and MSSPs struggle to offer these services due to lack of in-house expertise and resources. "


Cybersecurity jobs available right now in the USA: March 6, 2025

ciber
2025-03-06 https://www.helpnetsecurity.com/2025/03/06/cybersecurity-jobs-available-right-now-in-the-usa-march-6-2025/

CISO Amplitude | USA | Hybrid – View job details As a CISO, you will develop, implement, and maintain a comprehensive security strategy aligned with Amplitude’s business goals and risk tolerance. Oversee the identification, assessment, and mitigation of security risks across the organization and its product lines. Lead and coordinate investigations into security incidents, ensuring timely resolution and thorough post-incident reviews. Cloud Cyber Security Technical Advisor (GRC) – VP MUFG | USA | On-site – … More

The post Cybersecurity jobs available right now in the USA: March 6, 2025 appeared first on Help Net Security.

"

Autosummary: Cyber Security Engineer, Senior Consultant – Cloud Security Visa | USA | Hybrid – View job details As a Cyber Security Engineer, Senior Consultant – Cloud Security, you will be responsible for security architecture for hybrid cloud and support design of cloud solutions meeting standardization, consolidation, security, and regulatory compliance, for different use cases. Cybersecurity Engineer Ace Hardware | USA | On-site – View job details As a Cybersecurity Engineer, you will implement and configure security solutions, such as firewalls, encryption, authentication, authorization, logging, and monitoring, to protect web applications from cyberattacks and ensure compliance with security policies and regulations. Principal Incident Response Engineer Acrisure | USA | On-site – View job details As a Principal Incident Response Engineer, you will develop and implement incident response plans, including threat detection, investigation, containment, eradication, and recovery. Cyber Defense Incident Responder Edgewater Federal Solutions | USA | Hybrid – View job details As a Cyber Defense Incident Responder, you will perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation. "


Omega Systems’ Enterprise Password Management solution reduces the risk of cyberattacks

ciber
2025-03-05 https://www.helpnetsecurity.com/2025/03/05/omega-systems-enterprise-password-management/

Omega Systems has expanded its cybersecurity offerings with the addition of a new Enterprise Password Management solution to help companies minimize the risk of password-related cyberattacks. Omega’s fully managed password solution is the latest addition to the company’s managed security service portfolio, which is designed to help businesses counter dangerous threat landscape. “Businesses are facing security threats at every turn, but credential theft remains one of the most dangerous and prolific attack vectors for hackers … More

The post Omega Systems’ Enterprise Password Management solution reduces the risk of cyberattacks appeared first on Help Net Security.

"

Autosummary: "


Identity: The New Cybersecurity Battleground

ciber
2025-03-05 https://thehackernews.com/2025/03/identity-new-cybersecurity-battleground.html
The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of these vulnerabilities lies Identity—the gateway to enterprise security and the number one attack vector "

Autosummary: Checklist: Can your Identity solution… □ Seamlessly integrate with your key enterprise Saas applications, e.g., your CRM, productivity, collaboration, ERP, and IT ops management apps? The path to Identity-first security Identity-first security creates an open, efficient, and secure ecosystem for managing apps and systems without siloes, custom integrations, or security gaps. Ask yourself, can your Identity solution… □ Give you visibility into all threats across all systems, devices, and types, and customer accounts? "


Polish Space Agency POLSA disconnected its network following a cyberattack

ciber
2025-03-05 https://securityaffairs.com/174930/security/polish-space-agency-polsa-disconnected-its-network-following-a-cyberattack.html
The Polish space agency POLSA announced it has disconnected its network from the internet following a cyberattack. The Polish space agency POLSA was forced to disconnect its network from the internet in response to a cyberattack. The agency revealed that it has disconnected its infrastructure to contain the attack and secure data, a circumstance that […] "

Autosummary: Polish Space Agency POLSA disconnected its network following a cyberattack Pierluigi Paganini March 05, 2025 March 05, 2025 The Polish space agency POLSA announced it has disconnected its network from the internet following a cyberattack.— Polska Agencja Kosmiczna (@POLSA_GOV_PL) March 2, 2025 We cannot rule out an attack by a nation-state actor, especially Russia, given the country’s strategic support for Ukraine in the ongoing conflict. "


Cybersecurity jobs available right now: March 4, 2025

ciber
2025-03-04 https://www.helpnetsecurity.com/2025/03/04/cybersecurity-jobs-available-right-now-march-4-2025/

Application Security Engineer Via | Israel | Hybrid – View job details As a Application Security Engineer, you will perform security assessments, including penetration testing, vulnerability scanning, and code reviews, to identify security weaknesses in applications. Define and implement application security testing strategies, including static analysis, dynamic analysis, and software composition analysis. Cloud Security Architect Kinaxis | Canada | Hybrid – View job details As a Cloud Security Architect, you will lead and participate in … More

The post Cybersecurity jobs available right now: March 4, 2025 appeared first on Help Net Security.

"

Autosummary: ICT/Cyber Security Engineer Honeywell | Italy | On-site – View job details As an ICT/Cyber Security Engineer, you will contribute to the designing, engineering, configuring, implementing, commissioning, securing and supporting of ICT infrastructure (Server, Storage, Network, Virtual Platforms) and enterprise applications at both new and existing client sites. I have read and agree to the terms & conditions Leave this field empty if you"re human: Cybersecurity Threat & Vulnerability | Manager | Cyber Security | Technology Consulting PwC | Ireland | Hybrid – View job details As a Cybersecurity Threat & Vulnerability | Manager | Cyber Security | Technology Consulting, you will conduct security assessments, red team exercises, web application penetration testing, vulnerability assessment and secure configuration review to identify risks and recommend appropriate remediation measures. IT Security Engineer Dataiku | France | Hybrid – View job details As an IT Security Engineer, you will be part of the design, implementation and running of a broad range of security controls, including but not limited to identity management, endpoint security, data leakage prevention, and security of the various cloud components used in Dataiku. "


Polish Space Agency offline as it recovers from cyberattack

ciber
2025-03-04 https://www.bleepingcomputer.com/news/security/polish-space-agency-offline-as-it-recovers-from-cyberattack/
​The Polish Space Agency (POLSA) has been offline since it disconnected its systems from the Internet over the weekend to contain a breach of its IT infrastructure. [...] "

Autosummary: CSIRT NASK, together with CSIRT MON, supports POLSA in activities aimed at restoring the operational functioning of the Agency," said Krzysztof Gawkowski, Poland"s Minister of Digital Affairs. "


Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme

ciber
2025-02-28 https://thehackernews.com/2025/02/microsoft-exposes-llmjacking.html
Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence (GenAI) services in order to produce offensive and harmful content. The campaign, called LLMjacking, has targeted various AI offerings, including Microsoft"s Azure OpenAI Service. The tech giant is "

Autosummary: "


Hottest cybersecurity open-source tools of the month: February 2025

ciber
2025-02-27 https://www.helpnetsecurity.com/2025/02/27/hottest-cybersecurity-open-source-tools-of-the-month-february-2025/

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Kunai: Open-source threat hunting tool for Linux Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments. BadDNS: Open-source tool checks for subdomain takeovers BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types. Misconfig Mapper: Open-source tool to uncover security misconfigurations Misconfig Mapper … More

The post Hottest cybersecurity open-source tools of the month: February 2025 appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity jobs available right now in Europe: February 27, 2025

ciber
2025-02-27 https://www.helpnetsecurity.com/2025/02/27/cybersecurity-jobs-available-right-now-in-europe-february-27-2025/

The post Cybersecurity jobs available right now in Europe: February 27, 2025 appeared first on Help Net Security.

"

Autosummary: Cloud Cybersecurity Engineer Fever | Spain | On-site – View job details As a Cloud Cybersecurity Engineer, you will be focused on helping to prevent and protect Fever from security threats, vulnerabilities and weaknesses that can potentially lead to security incidents by proactively testing, implementing and improving the security of our cloud services, applications and infrastructure, ensuring they remain resilient against evolving threats. AI/ML Security Engineer Swift | Netherlands | Hybrid – View job details As an AI/ML Security Engineer, you will design, develop, and implement security frameworks and strategies to protect AI/ML models and their use, and related data, applications and systems from adversarial attacks and other security threats. Cyber Security Engineer Space Hellas | Greece | On-site – View job details As a Cyber Security Engineer, you will design, implement, and manage cybersecurity solutions across on-premises, cloud, and hybrid environments. Senior Cybersecurity Analyst SOC ZF Group | Poland | Hybrid – View job details As a Senior Cybersecurity Analyst SOC, you will coordinate and lead incident response activities, including threat identification, containment, eradication, and recovery. "


Microsoft names cybercriminals behind AI deepfake network

ciber
2025-02-27 https://www.bleepingcomputer.com/news/microsoft/microsoft-names-cybercriminals-behind-ai-deepfake-network/
Microsoft has named multiple threat actors part of a cybercrime gang accused of developing malicious tools capable of bypassing generative AI guardrails to generate celebrity deepfakes and other illicit content. [...] "

Autosummary: "


Warning issued as hackers offer firms fake cybersecurity audits to break into their systems

ciber
2025-02-27 https://www.tripwire.com/state-of-security/beware-fake-cybersecurity-audits-cybercriminals-use-scams-breach-corporate
Companies are being warned that malicious hackers are using a novel technique to break into businesses - by pretending to offer audits of the company"s cybersecurity. Read more in my article on the Tripwire State of Security blog. "

Autosummary: " Image The genuine CERT-UA explained in its warning that, in some cases, it does use remote access software (such as AnyDesk) to assist in the defence of organisations, only after prior agreement through pre-agreed communications channels. "


What cybersecurity pros read for fun

ciber
2025-02-26 https://www.helpnetsecurity.com/2025/02/26/cybersecurity-fiction-books/

While cybersecurity pros spend much of their time immersed in technical reports, risk assessments, and policy documents, fiction offers a refreshing perspective on security and hacking. Great cyber-themed novels can teach lessons on human psychology, cyber warfare, and the ethics of technology while also entertaining and thought-provoking. Here are eight fiction books that every cybersecurity leader should consider adding to their reading list. Daemon – Daniel Suarez Why read it? → Explores the potential dangers … More

The post What cybersecurity pros read for fun appeared first on Help Net Security.

"

Autosummary: As law enforcement, hackers, and intelligence agencies struggle to contain the daemon’s impact, the book raises real-world concerns about AI, automation, and cybersecurity threats.Russinovich, an expert in Windows security and malware analysis, delivers an authentic portrayal of cyber threats, malware attacks, and incident response. "


Cybersecurity jobs available right now: February 25, 2025

ciber
2025-02-25 https://www.helpnetsecurity.com/2025/02/25/cybersecurity-jobs-available-right-now-february-25-2025/

Application Security Engineer Binance | UAE | Remote – View job details As a Application Security Engineer, you will enhance and maintain the security postures of Binance’s affiliates specializing in DeFi and Web3. Serve as the first responder for security issues identified through penetration tests, bug bounty programs, and assessments. Analyze penetration test findings and implement code-level solutions to resolve vulnerabilities. Application Security Engineer TheFork | France | On-site – View job details As an … More

The post Cybersecurity jobs available right now: February 25, 2025 appeared first on Help Net Security.

"

Autosummary: Oversee and, when necessary, contribute to the configuration and operation of a comprehensive suite of security tools and technologies, including firewalls, IDS/IPS, WAF, proxies, email security, DLP, IRM/DRM, ATP, network infrastructure, and endpoint protection solutions. Specialist – Network Security Eaton | USA | Remote – View job details As a Specialist – Network Security, you will monitor technology, platform, and systems to ensure required performance, availability, and capacity. Security Engineer – Offensive Security TikTok | United Kingdom | On-site – View job details As a Security Engineer – Offensive Security, you will Cconduct vulnerability research of the most critical systems of core product ecosystems such as TikTok, TikTok LIVE, Lemon8, and others. Senior IT Security Specialist Röchling Automotive | Italy | On-site – View job details As a Senior IT Security Specialist, you will develop, implement and keep updated security policies, protocols, and procedures. "


Cybersecurity needs a leader, so let’s stop debating and start deciding

ciber
2025-02-25 https://www.helpnetsecurity.com/2025/02/25/cybersecurity-ownership/

Have you ever heard anyone earnestly ask in a business, “Who owns legal?” or “Who sets the financial strategy?” Probably not – it should be obvious, right? Yet, when it comes to cybersecurity, the question of ownership still seems to spark endless debates. That might have been understandable back in the 1990s when key security roles like the CISO were still being ironed out. But these days, it should be a serious red flag. Security … More

The post Cybersecurity needs a leader, so let’s stop debating and start deciding appeared first on Help Net Security.

"

Autosummary: This means setting clear policies, defining risk tolerance and, most importantly, ensuring that security decisions are made based on actual business needs, not internal politics. Without clear governance, security efforts easily become reactive, disjointed, and prone to being overruled by whoever shouts the loudest in the boardroom.Yet, too often, security is still treated as an isolated function, left to operate in a vacuum. But the real issue isn’t just finding the right person; it’s ensuring they have the authority, resources, and business-wide support to execute effectively. "


Mastering the cybersecurity tightrope of protection, detection, and response

ciber
2025-02-21 https://www.helpnetsecurity.com/2025/02/21/chester-wisniewski-sophos-threats-strategy-response/

In this Help Net Security interview, Chester Wisniewski, Director and Global Field CISO at Sophos, discusses the shifting ransomware landscape, the risks posed by quantum decryption threats, and the role of vendor security validation. Wisniewski notes that cyber resilience is more crucial than mere defense, with AI playing a key role in managing threats, and calls for ongoing improvements, transparency, and proactive measures. With ransomware payments decreasing, some cybercriminals are shifting toward data-centric extortion rather … More

The post Mastering the cybersecurity tightrope of protection, detection, and response appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Chester Wisniewski, Director and Global Field CISO at Sophos, discusses the shifting ransomware landscape, the risks posed by quantum decryption threats, and the role of vendor security validation. Wisniewski notes that cyber resilience is more crucial than mere defense, with AI playing a key role in managing threats, and calls for ongoing improvements, transparency, and proactive measures. That isn’t to say we shouldn’t be migrating to quantum resistant cryptography as soon as we possibly can, as those same cybercriminals, if they gain the ability in the future, will likely steal things like encrypted backups and still attempt using them for extortion. "


Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3

ciber
2025-02-21 https://thehackernews.com/2025/02/cybercriminals-can-now-clone-any-brands.html
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand"s legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale. The latest iteration of the phishing suite "represents a significant "

Autosummary: The latest iteration of the phishing suite "represents a significant shift in criminal capabilities, reducing the barrier to entry for bad actors to target any brand with complex, customizable phishing campaigns," Netcraft said in a new analysis. "


Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

exploits ciber
2025-02-20 https://thehackernews.com/2025/02/cybercriminals-use-eclipse-jarsigner-to.html
A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation. "The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation," the AhnLab SEcurity Intelligence Center (ASEC) "

Autosummary: " The South Korean cybersecurity firm said the malware is propagated in the form of a compressed ZIP archive that includes the legitimate executable as well as the DLLs that are sideloaded to launch the malware - Documents2012.exe, a renamed version of the legitimate jarsigner.exe binary jli.dll, a DLL file that"s modified by the threat actor to decrypt and inject concrt140e.dll concrt140e.dll, the XLoader payload The attack chain crosses over to the malicious phase when "Documents2012.exe" is run, triggering the execution of the tampered "jli.dll" library to load the XLoader malware. "


US healthcare org pays $11M settlement over alleged cybersecurity lapses

ciber
2025-02-20 https://www.bleepingcomputer.com/news/security/us-healthcare-org-pays-11m-settlement-over-alleged-cybersecurity-lapses/
Health Net Federal Services (HNFS) and its parent company, Centene Corporation, have agreed to pay $11,253,400 to settle allegations that HNFS falsely certified compliance with cybersecurity requirements under its Defense Health Agency (DHA) TRICARE contract. [...] "

Autosummary: "


Cybersecurity jobs available right now in the USA: February 20, 2025

ciber
2025-02-20 https://www.helpnetsecurity.com/2025/02/20/cybersecurity-jobs-available-right-now-in-the-usa-february-20-2025/

Compliance & Privacy Specialist McKesson | Remote – View job details As a Compliance & Privacy Specialist, you will identify potential gaps, establish and maintain policies and procedures to guide the business in complying with regulatory requirements, create and deliver workforce education on privacy and data protection standards, establish and enhance auditing and monitoring activities along with corresponding metrics, and investigate potential policy and regulatory infractions within the business. Cybersecurity Analyst Messer | On-site – … More

The post Cybersecurity jobs available right now in the USA: February 20, 2025 appeared first on Help Net Security.

"

Autosummary: Security Engineer II, Stores Application Security Amazon | On-site – View job details As a Security Engineer II, Stores Application Security, you will you will be responsible for creating, updating, and maintaining threat models for various software projects, conducting manual and automated secure code reviews (primarily in Java, Python, and JavaScript), developing security automation tools, and performing adversarial security analysis using cutting-edge tools. Intern – Cybersecurity Analyst KPI Solutions | On-site – View job details As an Intern – Cybersecurity Analyst, you will conduct real-time 24/7 security monitoring and intrusion detection analysis for all KPI networks, servers, cloud platforms, and endpoint (laptop, desktop, mobile, and internet of things/IOT) systems. Cyber Security Engineer, Compliance – SOX Community Health Systems | Remote – View job details As a Cyber Security Engineer, Compliance – SOX, you will coordinate periodic access reviews for key SOX systems and applications, including running reports in multiple systems, analyzing data, and investigating exceptions for potential risk exposure. "


VC-backed cybersecurity startups and the exit crunch

ciber
2025-02-19 https://www.helpnetsecurity.com/2025/02/19/venture-backed-cybersecurity-startups-video/

The cybersecurity startup landscape is at a crossroads. As venture-backed companies strive for successful exits, the bar has risen dramatically, requiring more funding, higher revenue, and faster growth than ever before. In this Help Net Security video, Mark Kraynak, Founding Partner at Acrew Capital, breaks down the Exit Escape Velocity for Cybersecurity Startups report to explore the challenges of IPOs and M&A deals in the post-COVID era.

The post VC-backed cybersecurity startups and the exit crunch appeared first on Help Net Security.

"

Autosummary: "


Q3 2024 – a brief overview of the main incidents in industrial cybersecurity

industry ciber
2025-02-19 https://ics-cert.kaspersky.com/publications/q3-2024-a-brief-overview-of-the-main-incidents-in-industrial-cybersecurity/
Many large companies, including some well-known brands, affected by cyberattacks. An unusually high number of victims were in critical sectors such as utilities and power and energy. "

Autosummary: The group claimed to have access to 1 TB of organizational data, including corporate data, financial data, NDAs, confidential data, HR data, hiring data, R&D data, engineering data, personal employee documents and information, and customer data.The review concluded on July 9, by which time it was determined that some of the affected files contained personal information, including full name, Social Security number, and possibly one or more of the following: passport number, driver’s license number, tax ID, financial account number, payment card number, medical information, and/or insurance information.While the information involved varied depending on the individual, the type of information that may have been exposed includes: name, Social Security number, address, date of birth, email address, driver’s license number, financial account information, as well as tax, medical, and health insurance information.The port took steps to block further activity, including disconnecting its systems from the internet, but the encryption and response measures affected some services, including baggage, check-in kiosks, ticketing, Wi-Fi, passenger display boards, the port’s website, the flySEA app, and reserved parking.On September 16, K&S completed this review and discovered that the potentially exposed records included the names, identification numbers, bank account numbers, and/or bank routing numbers of current and/or former employees as well as their dependents and other individuals associated with K&S. Upon discovering the incident, K&S reset passwords for all employee accounts, suspended mobile email access for employees, identified and removed malicious files, and significantly enhanced its monitoring, logging, and detection capabilities. Chemicals Innophos Holdings Inc. hit by cyberattack Manufacturing, chemicals | Denial of operations, personal data leakage Innophos Holdings Inc., a US manufacturer of chemicals for the food, health, nutrition, and industrial markets, reported to the attorney general of Maine in August that it had experienced a data breach that may have compromised sensitive personal information in its systems. Netherland, Sewell & Associates, Inc. hit by ransomware Energy | Denial of IT systems, personal data leakage| Ransomware Netherland, Sewell & Associates, Inc., a US upstream engineering provider specializing in the oil and gas industry, suffered a ransomware attack that disrupted the company’s network in July and filed a breach notification document with the attorney general of Maine in September. Kulicke and Soffa Industries, Inc. hit by ransomware Manufacturing, electronics | Denial of operations, personal data leakage | Ransomware Kulicke and Soffa Industries, Inc. (K&S), a US manufacturer of semiconductors and electronic assembly solutions, reported to the attorney general of Maine and submitted an 8-K filing that it experienced a data breach in which the sensitive personal information in its systems may have been accessed and acquired.​They claimed to have stolen a wide range of information from Microchip Technology’s compromised systems, including private and personal confidential data, customer documents, as well as budget, payroll, accounting, contract, tax, ID and financial information. Electronics Microchip Technology hit by ransomware Manufacturing, electronics | Denial of IT systems, denial of operations and services, data leakage, personal data leakage | Ransomware US chip manufacturer Microchip Technology Incorporated detected suspicious activity in its information systems on August 17, according to an SEC 8-K filing.While the affected information varied depending on the individual, the type of information potentially exposed includes: name, Social Security number, date of birth, contact details, government ID and/or passport number, financial information, and medical information. Port of Seattle hit by ransomware Transportation, logistics | Denial of IT systems, denial of services, data leakage | Ransomware The Port of Seattle (USA), which operates the port and Seattle-Tacoma International Airport, announced via social media on August 24 that it had experienced certain system outages that indicated a possible cyberattack.The types of personal data affected included a combination of name, address, NRIC/FIN number, date of birth, photograph, work permit number, bank account details, telephone number and passport number. Elyria Foundry Holdings LLC hit by ransomware Manufacturing | Personal data leakage | Ransomware Elyria Foundry Holdings LLC, a US manufacturer of iron castings for various industries, including automotive, engineering, and other commercial uses, detected suspicious activity on its computer network on June 25 and filed a breach notification document with the attorney general of Maine in September. Hanon Systems USA, LLC hit by ransomware Manufacturing, automotive | Personal data leakage | Ransomware US thermal management solutions manufacturer Hanon Systems USA, LLC was the victim of a ransomware event on July 21 that saw certain information accessed by a third-party actor and held under the threat of ransom, according to a breach notification document filed with the Maine attorney general in September.After detecting the incident with its security tools, the company immediately initiated its standard response protocols to contain, assess and remediate the incident, including beginning an investigation with outside experts, activating its incident response plan, notifying federal law enforcement authorities, and taking certain systems offline out of an abundance of caution.The company said the personal information stolen by the attackers varied depending on the victim’s relationship with the company and may have included: name, date of birth, Social Security number, address, salary information, W-2s, and tax return documents.While the affected information varies depending on the individual, the type of information potentially exposed includes: name, Social Security number, driver’s license number, state or federal identification number, financial account information, and health insurance information.The following types of personal information were stored on the compromised systems: full name, date of birth, driver’s license number, Social Security number, bank account number and routing number, and other personnel-related information, including medical questionnaires. Kantsu hit by ransomware Transportation, logistics | Denial of services, denial of operations, personal data leakage | Ransomware Japanese logistics and transportation company Kantsu was the victim of a ransomware attack on September 12, resulting in the detection of an infection on some of its servers and the shutdown of its networks to prevent further attacks. Logistics and transportation JAS Worldwide hit by ransomware Transportation, logistics | Denial of IT services, denial of operations| Ransomware JAS Worldwide, a global freight company headquartered in the USA, confirmed on August 27 that it had been the victim of a ransomware cyberattack that had disrupted its operations and customer services. S&F Concrete Contractors, Corp. hit by ransomware Construction, engineering | Personal data leakage | Ransomware US construction company S&F Concrete Contractors, Corp. notified the attorneys general of Vermont and Maine it had experienced a data breach that may have compromised the sensitive personal identifiable information and protected health information in its systems. Oldenburg Group hit by ransomware Manufacturing | Personal data leakage | Ransomware Oldenburg Group and its Visa Lighting division, a US-based supplier of heavy equipment and architectural lighting products, reported to the attorneys general of Maine and Vermont that it experienced a cyberattack between May 4 and May 5, in which an attacker believed to be associated with the Play ransomware group installed ransomware on the company’s primary servers and may have accessed personal information stored on the servers. V.H. Blackinton & Company hit by cyberattack Manufacturing | Personal data leakage V.H. Blackinton & Company, Inc., a US manufacturer of public safety badges and uniform insignias, discovered unusual activity in its digital environment on August 30, according to a report submitted to the attorneys general of Maine and Vermont in September. CRB Engineering hit by ransomware Construction, engineering | Denial of IT systems, personal data leakage | Ransomware US engineering, construction and consulting firm CRB Engineering notified the New Hampshire attorney general that it had experienced a data breach that may have compromised the sensitive personal identifiable information in its systems. Noritsu America Corporation hit by ransomware Manufacturing | Personal data leakage | Ransomware Noritsu America Corporation, a US manufacturer of high-end professional digital imaging equipment and a subsidiary of the Japanese holding company Noritsu, was the victim of a cyberattack that exfiltrated personal information, according to a data breach notification submitted in August. Anderson Feazel Management, Inc. hit by cyberattack Energy | Personal data leakage US energy company Anderson Feazel Management, Inc., which specializes in oil and gas production, suffered an attack on its computer system on or around July 31.Upon detecting the unauthorized activity, the company immediately began taking steps to contain, assess and remediate the incident, including launching an investigation, activating its incident response plan, and shutting down some systems. Basement Systems hit by ransomware Construction, engineering | Denial of IT systems, personal data leakage | Ransomware US construction company Basement Systems notified the attorneys general of Maine and Vermont that it had experienced a data breach that may have compromised the sensitive personal identifiable information in its systems. Granit Design hit by ransomware Manufacturing | Personal data leakage | Ransomware Granit Design, a Canadian manufacturer of natural stone, quartz and ultra-compact surfaces, notified the attorneys general of Maine and Vermont in September that it had experienced a cybersecurity incident affecting the confidentiality of its employee data. Blue Ridge Rural Water Company Inc. hit by cyberattack Water supply, energy, utility | Personal data leakage US-based Blue Ridge Rural Water Company Inc. suffered a cyberattack on its corporate network, which was a separate system from its water management network. "


The Browser Blind Spot: Why Your Browser is the Next Cybersecurity Battleground

ciber
2025-02-19 https://www.bleepingcomputer.com/news/security/the-browser-blind-spot-why-your-browser-is-the-next-cybersecurity-battleground/
For years, defensive security strategies have focused on three core areas: network, endpoint, and email. Meanwhile, the browser, sits across all of them. This article examines three key areas where attackers focus their efforts and how browser-based attacks are evolving. [...] "

Autosummary: Just as EDR transformed endpoint security, Browser Detection & Response (BDR) must become a core component of enterprise security, enabling real-time telemetry, JavaScript execution analysis, and browser-layer threat intelligence integration into security operations. By operating within the browser’s execution environment, these threats evade traditional detection mechanisms, allowing cybercriminals to hijack user sessions, pass drive-by downloads, steal credentials, and compromise sensitive data. Threat trail for web-based mail phishing attack in Keep Aware Organizations must adopt a browser-native threat detection model, monitoring session behaviors, credential input patterns, and high-risk interactions in real time. "


Cybersecurity jobs available right now: February 18, 2025

ciber
2025-02-18 https://www.helpnetsecurity.com/2025/02/18/cybersecurity-jobs-available-right-now-february-18-2025/

Airport Cybersecurity Engineer II Salt Lake City Corporation | USA | On-site – View job details As an Airport Cybersecurity Engineer II, you will develop and implement policies, procedures, and training plans for security and network administration. Assess and mitigate cybersecurity threats. Manage incident response and recovery plans. Application Security Architect WalkMe | Israel | Hybrid – View job details As an Application Security Architect, you will conduct design and code reviews to ensure secure … More

The post Cybersecurity jobs available right now: February 18, 2025 appeared first on Help Net Security.

"

Autosummary: Security Engineer Clover Health | Canada | Remote – View job details As a Security Engineer, you will implement, operationalize and monitor security applications such as EDR, DLP, SAST, vulnerability management, and CSPM systems. Security Architect, AI, Automation IBM | Ireland | Hybrid – View job details As a Security Architect, AI, Automation, you will collaborate with SecDevOps teams to integrate security into CI/CD pipelines, ensuring compliance with regulatory standards like FedRAMP and NIST. Cyber Security Engineer ALTEN | Belgium | Hybrid – View job details As a Cyber Security Engineer, you will analyze system and network requirements, and design secure architectures from scratch, ensuring network hardening and the application of best security practices. Network Security Engineer Al Etihad Payments | UAE | On-site – View job details As a Network Security Engineer, you will will be responsible for designing, implementing, and maintaining the network and security infrastructure of AEP’s. "


Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

exploits ciber
2025-02-18 https://thehackernews.com/2025/02/cybercriminals-exploit-onerror-event-in.html
Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that"s capable of stealing sensitive payment information from online shopping sites. The attacks are known to "

Autosummary: "The attacker accomplishes two impressive goals with this malicious script: avoiding easy detection by security scanners by encoding the malicious script within an <img> tag, and ensuring end users don"t notice unusual changes when the malicious form is inserted, staying undetected as long as possible," Martin said. "


Compliance Isn’t Security: Why a Checklist Won’t Stop Cyberattacks

ciber
2025-02-18 https://www.bleepingcomputer.com/news/security/compliance-isnt-security-why-a-checklist-wont-stop-cyberattacks/
Think you"re safe because you"re compliant? Think again. Recent studies continue to highlight the concerning trend that compliance with major security frameworks does not necessarily prevent data breaches. Learn more from Pentera on how automated security validation bridges the security gaps. [...] "

Autosummary: The Disconnect Between Compliance and Security Compliance frameworks like PCI-DSS, SEC, and DORA are designed to protect sensitive data and reduce risk, providing clear guidance on managing confidentiality, integrity, and availability.Organizations must go beyond regulatory requirements by incorporating proactive security measures, such as: Validating defenses regularly to ensure effectiveness Identifying gaps in vendor security and third-party integrations Eliminating security weaknesses caused by misconfigurations, poor access controls, and outdated policies. "


6 considerations for 2025 cybersecurity investment decisions

ciber
2025-02-18 https://www.helpnetsecurity.com/2025/02/18/2025-cybersecurity-investments-decisions/

Cybersecurity professionals may be concerned about the constantly shifting threat landscape. From the increased use of artificial intelligence (AI) by malicious actors to the expanding attack surface, cybersecurity risks evolve, and defenders need to mitigate them. Despite a period of cybersecurity budget growth between 2021 and 2022, this growth has slowed in the last few years, meaning that cybersecurity leaders need to carefully consider how their purchases improve their current security and compliance posture. To … More

The post 6 considerations for 2025 cybersecurity investment decisions appeared first on Help Net Security.

"

Autosummary: As organizations choose their cybersecurity investments for 2025, they should consider how to implement identity hygiene, processes for implementing, maintaining, and monitoring user access across complex environments, including those consisting of interconnected applications and large numbers of difficult-to-manage users, like service accounts. Some examples of ways that these service accounts can create risks include: Developers building in-house systems who create a security workaround Third-party vendors’ systems Legacy devices, accounts, and entitlements whose password policies haven’t been updated Identifying and managing service accounts will be a key security risk mitigation strategy. Reducing friction for users improves security adoption Organizations need to deploy more security products, create deeper security policies, and monitor their environment with more rigor, but each time they add a new control they create additional friction for the end users. "


Cybercriminals shift focus to social media as attacks reach historic highs

ciber
2025-02-18 https://www.helpnetsecurity.com/2025/02/18/cybercriminals-social-media-attacks/

A new report from Gen highlights a sharp rise in online threats, capping off a record-breaking 2024. Between October and December alone, 2.55 billion cyber threats were blocked – an astonishing rate of 321 per second. The risk of encountering a threat climbed to 27.7% in Q4, with social engineering attacks accounting for 86% of all blocked threats. This underscores the increasingly sophisticated psychological tactics cybercriminals are using to deceive victims. “We’re continuing to see … More

The post Cybercriminals shift focus to social media as attacks reach historic highs appeared first on Help Net Security.

"

Autosummary: “We’re continuing to see scam-related threats becoming far more dangerous as they hide, sometimes in plain sight, throughout every aspect of our digital life,” said Siggi Stefnisson, Cyber Safety CTO at Gen. “This quarter we saw them prey on people’s emotions, such as the need to shop on budget during the holidays, the desire to find love during the end of the year, the hope for change during government elections and more. The dark side of social media Phishing attacks surged by 14% in Q4 2024, with cybercriminals exploiting website-building platforms like Wix to create convincing fake sites and spoofing brands like Apple iCloud through fraudulent invoice scams. "


Venture capital giant Insight Partners hit by cyberattack

ciber
2025-02-18 https://www.bleepingcomputer.com/news/security/venture-capital-giant-insight-partners-hit-by-cyberattack/
New York-based venture capital and private equity firm Insight Partners has disclosed that its systems were breached in January following a social engineering attack. [...] "

Autosummary: "


12 Million Zacks accounts leaked by cybercriminal

ciber
2025-02-14 https://www.malwarebytes.com/blog/news/2025/02/12-million-zacks-accounts-leaked-by-cybercriminal
A cybercriminal claims to have stolen 15 Million of data records on Zacks’ customers and clients. "

Autosummary: If you have high reputation and want the source code send a PM Breached by @Jurak and @StableFish Below is a sample of the customers database: CLUE , HINT , PASSWORD , USERNAME , LAST_NAME , FIRST_NAME , CUSTOMER_ID , DATE_REGISTERED , DATE_UPDATED , DISPLAY_NAME , FIRM_NAME , TIMEZONE_CODE , LAST_PASSWORD_CHANGE” BleepingComputer says it has reached out to Zacks on several occasions but didn’t get a response.The data contains names, email addresses, usernames, passwords, phone numbers, addresses, company names, and additional personal information. In October 2024, we found data reported to belong to Zacks containing 8,441 records which includes email addresses, physical addresses, phone numbers, and full names, and potentially other compromised user details. "


US Coast Guard told to improve its cybersecurity, after warning raised that hacked ports could cost $2 billion per day

ciber
2025-02-13 https://www.tripwire.com/state-of-security/us-coast-guard-urged-strengthen-cybersecurity-amid-2b-daily-port-risk
The US Coast Guard has been urged to improve the cybersecurity infrastructure of the Maritime Transportation System (MTS), which includes ports, waterways, and vessels essential for transporting over $5.4 trillion worth of goods annually. Read more in my article on the Tripwire State of Security blog. "

Autosummary: If port operations were to shut down due to a successful cyber attack, the impact to the local economy "could reach $2 billion per day", Long Beach Port CEO Mario Cordero told CBS News this week, as it investigated the threat of Chinese-manufactured ship-to-share cranes being vulnerable to hackers. "


North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks

ciber
2025-02-13 https://thehackernews.com/2025/02/north-korean-apt43-uses-powershell-and.html
A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors. The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet "

Autosummary: The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet Chollima. "


North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack

exploits ciber
2025-02-12 https://thehackernews.com/2025/02/north-korean-hackers-exploit-powershell.html
The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them. "To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a "

Autosummary: "Chapman, an American citizen, conspired with overseas IT workers from October 2020 to October 2023 to steal the identities of U.S. nationals and used those identities to apply for remote IT jobs and, in furtherance of the scheme, transmitted false documents to the Department of Homeland Security," the DoJ said. "


Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel

rusia-ucrania ciber
2025-02-12 https://securityaffairs.com/174148/cyber-crime/russian-cybercriminal-alexander-vinnik-is-being-released-from-u-s.html
Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel, a Trump administration source told CNN. The New York Times first reported that Alexander Vinnik, a Russian money laundering suspect, is being released from U.S. custody in exchange for Marc Fogel, according to a Trump administration source. Alexander Vinnik, a […] "

Autosummary: The virtual currency exchange received criminal proceeds from various illegal activities, including computer intrusions, ransomware attacks, identity theft, corruption, and drug distribution. Subsequently, Vinnik returned to Greece before being extradited to the U.S.. “Today’s result shows how the Justice Department, working with international partners, reaches across the globe to combat cryptocrime,” said Deputy Attorney General Lisa Monaco. "


What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)

ciber
2025-02-12 https://www.welivesecurity.com/en/videos/what-is-penetration-testing-unlocked-403-cybersecurity-podcast-ep-10/
Ever wondered what it"s like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security. "

Autosummary: "


Arvest Bank CISO on building a strong cybersecurity culture in banking

financial ciber
2025-02-11 https://www.helpnetsecurity.com/2025/02/11/mike-calvi-arvest-bank-banking-cybersecurity/

In this Help Net Security interview, Mike Calvi, CISO at Arvest Bank, discusses building a strong cybersecurity culture within the banking sector. He explains how leadership, effective reporting, and proactive engagement with associates are key in strengthening security. Calvi also touches on how banks can measure success and balance accountability while fostering a collaborative environment.

The post Arvest Bank CISO on building a strong cybersecurity culture in banking appeared first on Help Net Security.

"

Autosummary: Based on their chosen topic, such as cybersecurity, social engineering, fraud, money laundering, physical security, etc., the reporting mechanism auto-routes the submission to the correct team. Additionally, our human risk management (HRM) team does a great job keeping cybersecurity front and center with the associates through internal news articles, intranet banners, and internal chat spaces for cybersecurity collaboration.The awareness, shared by all associates in the bank, that protecting the organization is everyone’s responsibility, not just the Security and IT teams, is becoming the norm. "


Cybersecurity jobs available right now: February 11, 2025

ciber
2025-02-11 https://www.helpnetsecurity.com/2025/02/11/cybersecurity-jobs-available-right-now-february-11-2025/

Application Offensive Security Consultant Sharp Decisions | USA | On-site – View job details As an Application Offensive Security Consultant, you will perform Offensive Security Testing against applications and APIs. Perform application threat hunting to evaluate risk to applications. Perform manual security testing of applications. Provide the vulnerability information in the predefined report format after performing the testing using manual methodology and tools Automotive Cybersecurity Assessor / Engineer UL Solutions | South Korea | On-site … More

The post Cybersecurity jobs available right now: February 11, 2025 appeared first on Help Net Security.

"

Autosummary: Space Segment Security Engineer EUMETSAT | Germany | On-site – View job details As a Space Segment Security Engineer, you will perform routine operations related to spacecraft security, including management, access control and operational use of satellite authentication and encryption keys, and related facilities, across multiple sites and in close cooperation with the spacecraft operations and mission control systems teams. Senior Director of Security, CISO Hiive | Canada | Hybrid – View job details As a Senior Director of Security, CISO, you will define and drive Hiive’s global security vision, aligning security initiatives with business objectives, and ensuring that security is a key enabler for company growth and innovation. Security Engineer Allego | European Union | Remote – View job details As a Security Engineer, you will be responsible for designing and updating the overall cybersecurity strategy, managing security improvement projects, overseeing security testing strategies such as vulnerability scanning and penetration testing, and performing regular threat analysis to stay up-to-date with the current security landscape. "


⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]

ciber
2025-02-10 https://thehackernews.com/2025/02/thn-weekly-recap-top-cybersecurity_10.html
In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack. This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question "

Autosummary: This week’s list includes — CVE-2025-25064, CVE-2025-25065 (Zimbra Collaboration), CVE-2024-57968, CVE-2025-25181 (Advantive VeraCore), CVE-2025-20124, CVE-2025-20125 (Cisco Identity Services Engine), CVE-2025-23114 (Veeam Backup), CVE-2024-56161 (AMD), CVE-2025-21415 (Azure AI Face Service), CVE-2024-53104 (Linux Kernel/Android), CVE-2022-22706 (Arm), CVE-2025-23369 (GitHub Enterprise Server), PSV-2023-0039, PSV-2024-0117 (NETGEAR), CVE-2025-24118 (Apple), CVE-2025-24648, CVE-2024-43333 (Admin and Site Enhancements plugin), and CVE-2025-24734 (Better Find and Replace plugin).Organizations are also recommended to follow vendor hardening guides, subscribe to vendor notifications and advisories, keep devices always updated, enable centralized logging, enforce multi-factor authentication (MFA), disable unused functionality, maintain detailed device inventories, track configuration changes, detect hardware changes, review security policies, implement role-based access control, and include edge device compromise in their incident response plans.Organizations are also recommended to follow vendor hardening guides, subscribe to vendor notifications and advisories, keep devices always updated, enable centralized logging, enforce multi-factor authentication (MFA), disable unused functionality, maintain detailed device inventories, track configuration changes, detect hardware changes, review security policies, implement role-based access control, and include edge device compromise in their incident response plans.These networks, watchTowr said, originated from the government networks of the U.S., the U.K., Poland, Australia, South Korea, Turkey, Taiwan, and Chile; military networks, Fortune 500 companies, instant messaging platforms, and universities.These networks, watchTowr said, originated from the government networks of the U.S., the U.K., Poland, Australia, South Korea, Turkey, Taiwan, and Chile; military networks, Fortune 500 companies, instant messaging platforms, and universities.Over a period of two months, the cybersecurity company said the buckets in question received more than 8 million HTTP requests for software updates, JavaScript files, virtual machine images, pre-compiled binaries for Windows, Linux, and macOS, and SSL-VPN configurations, among others.Over a period of two months, the cybersecurity company said the buckets in question received more than 8 million HTTP requests for software updates, JavaScript files, virtual machine images, pre-compiled binaries for Windows, Linux, and macOS, and SSL-VPN configurations, among others. — Five Eyes cybersecurity agencies in Australia, Canada, New Zealand, the U.K., and the U.S., along with Czechia and Japan, have released joint guidance for network edge devices, urging device manufacturers to improve forensic visibility by integrating secure-by-default logging to help defenders detect attacks and investigate incidents.Five Eyes Nations Release Guidance for Edge Devices — Five Eyes cybersecurity agencies in Australia, Canada, New Zealand, the U.K., and the U.S., along with Czechia and Japan, have released joint guidance for network edge devices, urging device manufacturers to improve forensic visibility by integrating secure-by-default logging to help defenders detect attacks and investigate incidents. "


Cyberattack disrupts Lee newspapers" operations across the US

ciber
2025-02-10 https://www.bleepingcomputer.com/news/security/cyberattack-disrupts-lee-newspapers-operations-across-the-us/
Lee Enterprises, one of the largest newspaper groups in the United States, says a cyberattack that hit its systems caused an outage last week and impacted its operations. [...] "

Autosummary: Its portfolio includes the Buffalo News in New York, the Richmond Times-Dispatch in Virginia, the Arizona Daily Star, the Omaha World-Herald in Nebraska, the Press of Atlantic City, the St. Louis Post-Dispatch in Missouri, the Casper Star-Tribune in Wyoming, and dozens of other media outlets. "


A Cybersecurity Leader’s Guide to SecVal in 2025

ciber
2025-02-09 https://www.bleepingcomputer.com/news/security/a-cybersecurity-leaders-guide-to-secval-in-2025/
Are your defenses truly battle-tested? Security validation ensures you"re not just hoping your security works—it proves it. Learn more from Pentera on how to validate against ransomware, credential threats, and unpatched vulnerabilities in the GOAT Guide. [...] "

Autosummary: It’s possible to keep a proactive stance against ransomware by emulating strains—such as LockBit, REvil, Maze, or Conti — to assess how effectively defenses detect, contain, and neutralize these threats. Security validation ensures that credential-based defenses, like MFA, SSO, and account lockout mechanisms, function as intended. Author Bio Aviv Cohen, a seasoned Chief Marketing Officer, is a speaker, cartoonist, and author with over 20 years of experience in product and marketing management. "


The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025

ciber
2025-02-06 https://thehackernews.com/2025/02/the-evolving-role-of-pam-in.html
Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions. Why is PAM climbing the ranks of leadership priorities? While Gartner "

Autosummary: Depending on the industry or region, organizations may be subjected to the GDPR, HIPAA, PCI DSS, SOX, DORA, NIS2, and others.These cybersecurity standards, laws, and regulations mandate robust access controls, data protection measures, incident response capabilities, and thorough auditing activities.In the last year alone, 68% of all breaches included a human element, with people being involved either via error, privilege misuse, use of stolen credentials, or social engineering.By addressing pressing challenges such as insider threats, strict regulatory compliance, new types of cyberattacks, and the complexities of hybrid IT environments, PAM ensures that organizations remain resilient in the face of dynamic risks. High-profile incidents, such as the Change Healthcare data breach, in which 190 million records were compromised due to weak third-party access controls, underscore the need for robust PAM solutions. A robust PAM solution ensures that only the right people, at the right time, with the right level of access, can interact with your critical systems — helping you stay resilient and compliant. Note: Syteca also integrates with SIEMs, ticketing systems, and SSO software, allowing you to build a cybersecurity ecosystem tailored to your specific needs. "


Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

ciber
2025-02-06 https://securityaffairs.com/173932/cyber-crime/spanish-police-arrested-notorious-hacker.html
Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US. Spanish National Police arrested a hacker responsible for multiple cyberattacks on government institutions in Spain and the U.S.. Targe including the U.S. Army, UN, NATO, and other agencies. Some of the breached organizations are the U.S. Army, […] "

Autosummary: “The suspect, who claimed responsibility for the intrusions into dark web forums, managed to access the computer services of public and private entities, including the Civil Guard, the Ministry of Defense, the National Mint and Stamp Factory, the Ministry of Education, Vocational Training and Sports, the Generalitat Valenciana, various Spanish universities, databases of NATO and the US Army, as well as other international companies and entities.” “The suspect, who had extensive knowledge of computers, had managed to set up a complex technological network through the use of anonymous messaging and browsing applications, through which he had managed to hide his tracks and thus make his identification difficult.” concludes the statement. "


More destructive cyberattacks target financial institutions

financial ciber
2025-02-05 https://www.helpnetsecurity.com/2025/02/05/financial-institutions-cybersecurity-incidents/

Financial institutions will continue to be the ultimate targets for criminals and threat actors, as a successful attack offers a significant payoff, according to Contrast Security. Contrast Security has surveyed 35 of the world’s leading financial institutions to better understand their cyber threat landscape and the extent to which they are — or are not — addressing key threats. 64% of financial institutions said their organization had experienced cybersecurity incidents in the past 12 months. … More

The post More destructive cyberattacks target financial institutions appeared first on Help Net Security.

"

Autosummary: Over two-thirds experienced attacks focused on stealing non-public market information, with cybercriminals using it for insider trading, digital front running, and shorting stock before they dox the stolen, confidential data to the regulators. "


Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts

ciber
2025-02-05 https://thehackernews.com/2025/02/cybercriminals-use-axios-and-node-fetch.html
Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments. Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks. "Originally sourced from public "

Autosummary: The Axios campaign is said to have primarily singled out high-value targets like executives, financial officers, account managers, and operational staff across transportation, construction, finance, IT, and healthcare verticals. "


Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks

ciber
2025-02-05 https://thehackernews.com/2025/02/silent-lynx-using-powershell-golang-and.html
A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan. "This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector," Seqrite Labs researcher Subhajeet Singha said in a technical report "

Autosummary: "


Cybersecurity jobs available right now: February 4, 2025

ciber
2025-02-04 https://www.helpnetsecurity.com/2025/02/04/cybersecurity-jobs-available-right-now-february-3-2025/

Application Security Architect ReversingLabs | Ireland | Remote – View job details As an Application Security Architect, you will conduct security assessments and vulnerability scans of applications, APIs, and other software components. Identify, analyze, and report security vulnerabilities and risks. Develop and implement security controls and countermeasures to mitigate identified risks. Associate, Information Security Santander | USA | On-site – View job details As an Associate, Information Security, you will conduct regular security assessments and … More

The post Cybersecurity jobs available right now: February 4, 2025 appeared first on Help Net Security.

"

Autosummary: Senior Network Cyber Security Specialist Sapiens | Israel | Hybrid – View job details As a Senior Network Cyber Security Specialist, you will secure and optimize hybrid networks, integrating SDN across on-premises, Azure, and AWS, while implementing micro-segmentation strategies using tools like NSX, Azure Virtual Network (VNet) Peering, and AWS Security Groups. IT Security Engineer Riverty | Germany | Hybrid – View job details As an IT Security Engineer, you will plan, implement, monitor, and upgrade security measures for the organization’s data, systems, and networks with a specific emphasis on application security. Security Intern Prysmian | Italy | On-site – View job details As a Security Intern, you will execute OSINT activities related to security scenarios and threats, draft security risk assessments—including both country security risk assessments and those for specific assets or occurrences—support the identification of security mitigation measures in physical and travel security, and assist in drafting security procedures and plans. Associate, Information Security Santander | USA | On-site – View job details As an Associate, Information Security, you will conduct regular security assessments and vulnerability scans using tools such as AWS GuardDuty, AWS Inspector, and AWS Config. "


The hidden dangers of a toxic cybersecurity workplace

ciber
2025-02-03 https://www.helpnetsecurity.com/2025/02/03/rob-lee-sans-institute-toxic-cybersecurity-environment/

In this Help Net Security interview, Rob Lee, Chief of Research and Head of Faculty at SANS Institute, discusses what a toxic environment looks like and how professionals can recognize red flags such as high turnover, burnout, and a pervasive fear of mistakes. Addressing these issues early is key to maintaining a healthy and effective team. Can you describe what a “toxic cybersecurity environment” looks like? What are some of the red flags professionals should … More

The post The hidden dangers of a toxic cybersecurity workplace appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Rob Lee, Chief of Research and Head of Faculty at SANS Institute, discusses what a toxic environment looks like and how professionals can recognize red flags such as high turnover, burnout, and a pervasive fear of mistakes.From an organizational perspective, a toxic culture often leads to increased errors, missed threats, decreased productivity, and higher turnover rates.The constant pressure, combined with the growing complexity of threats, leads many CISOs to leave their positions, with some even vowing, “never again will I do this job.” "


⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February]

ciber
2025-02-03 https://thehackernews.com/2025/02/thn-weekly-recap-top-cybersecurity.html
This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference.  Let’s take a "

Autosummary: This week"s list includes — CVE-2025-0626, CVE-2024-12248, CVE-2025-0683 (Contec CMS8000), CVE-2025-22217 (Broadcom VMware Avi Load Balancer), CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, CVE-2025-22222 (Broadcom VMware Aria Operations and Aria Operations for Logs), CVE-2024-55415, CVE-2024-55416, CVE-2024-55417 (PHP Voyager), CVE-2025-22604 (Cacti), CVE-2024-40891 (Zyxel), CVE-2025-23040 (GitHub Desktop), CVE-2024-52012 (Apache Solr), CVE-2025-0065 (TeamViewer), CVE-2024-12647, CVE-2024-12648, CVE-2024-12649 (Canon Laser Printers and Small Office Multifunctional Printers), CVE-2025-0493 (MultiVendorX plugin), CVE-2024-12822 (Media Manager for UserPro plugin), CVE-2025-0851 (Deep Java Library), CVE-2025-20061, CVE-2025-20014 (mySCADA myPRO), CVE-2024-13448 (ThemeREX Addons plugin), CVE-2025-0357 (WPBookit plugin), CVE-2024-1354 (Bootstrap Ultimate theme), CVE-2024-56404 (One Identity Identity Manager), CVE-2024-53299 (Apache Wicket), and CVE-2024-12857 (AdForest theme)."Consent for the processing of sensitive personal data, such as biometric data, must be free, informed, unequivocal and provided in a specific and highlighted manner, for specific purposes," the National Data Protection Authority (ANPD) said."Consent for the processing of sensitive personal data, such as biometric data, must be free, informed, unequivocal and provided in a specific and highlighted manner, for specific purposes," the National Data Protection Authority (ANPD) said.Using the access provided by the vulnerability, an attacker who only knew the victim"s last name and ZIP code, email address, phone number, or license plate could have remotely started, stopped, locked, or unlocked any vehicle.Apple Fixed an Actively Exploited Zero-Day — Apple released software updates for iOS, iPadOS, macOS, tvOS, visionOS, and watchOS to address a zero-day vulnerability (CVE-2025-24085) that it said has been exploited in the wild. — Apple released software updates for iOS, iPadOS, macOS, tvOS, visionOS, and watchOS to address a zero-day vulnerability (CVE-2025-24085) that it said has been exploited in the wild.Get started 🔔 Top News Law Enforcement Operation Takes Down Illicit Cybercrime Services — A series of law enforcement operations have taken down various online marketplaces such as Cracked, Nulled, Sellix, StarkRDP, and HeartSender that sold hack tools, illegal goods, and crimeware solutions. — A series of law enforcement operations have taken down various online marketplaces such as Cracked, Nulled, Sellix, StarkRDP, and HeartSender that sold hack tools, illegal goods, and crimeware solutions. — Brazilian data privacy regulators have prohibited Tools for Humanity (TFH), a biometric identity company co-founded by OpenAI CEO Sam Altman, from offering compensation to citizens for iris scans, saying such data collection practice interferes with a person"s decision to grant consent for access to sensitive personal data. "


Platformization is key to reduce cybersecurity complexity

ciber
2025-01-31 https://www.helpnetsecurity.com/2025/01/31/security-platformization-complexity/

Organizations are facing security complexity challenges as they juggle an average of 83 different security solutions from 29 vendors, according to a report by IBM and Palo Alto Networks. It also shows 7 out of 10 surveyed companies with a high degree of security platformization report their cybersecurity investments have helped business outcomes such as operational efficiencies and revenue generation. The rising threat of sophisticated cyberattacks In the study, 52% of surveyed executives note fragmentation … More

The post Platformization is key to reduce cybersecurity complexity appeared first on Help Net Security.

"

Autosummary: The rising threat of sophisticated cyberattacks In the study, 52% of surveyed executives note fragmentation of security solutions is limiting their ability to deal with cyber threats, but 75% of organizations that have embraced security platformization agree that better integration across security, hybrid cloud, AI, and other technology platforms is crucial. "


Cybersecurity crisis in numbers

ciber
2025-01-29 https://www.helpnetsecurity.com/2025/01/29/data-breach-notices/

The number of US data compromises in 2024 (3,158) decreased 1% compared to 2023 (3,202), 44 events away from tying a record for the number of compromises tracked in a year, according to the Identity Theft Resource Center. Data breach notices surge The number of data breach notices issued in the past year (1,728,519,397) increased 312% from 2023 (419,337,446). The increase was primarily due to six “mega-breaches” that resulted in at least 100 million breach … More

The post Cybersecurity crisis in numbers appeared first on Help Net Security.

"

Autosummary: In 2024, the financial services industry, led by commercial banks and insurance, was the most breached industry, followed by healthcare (the most attacked industry each year from 2018 until 2024), professional services, manufacturing and technology. “With a near-record number of compromises and over 1.7 billion victim notices, often tied to inadequate cyber practices, we are also seeing an increase in notices that provide limited actionable information for victims,” said Eva Velasquez, CEO of the Identity Theft Resource Center. "


AI in Cybersecurity: What"s Effective and What’s Not – Insights from 200 Experts

ciber
2025-01-29 https://thehackernews.com/2025/01/ai-in-cybersecurity-whats-effective-and.html
Curious about the buzz around AI in cybersecurity? Wonder if it"s just a shiny new toy in the tech world or a serious game changer? Let"s unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity. Join Ravid Circus, a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a revealing "

Autosummary: Join Ravid Circus, a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a revealing survey of 200 industry insiders. "


Cybersecurity jobs available right now: January 28, 2025

ciber
2025-01-28 https://www.helpnetsecurity.com/2025/01/28/cybersecurity-jobs-available-right-now-january-28-2025/

Application Security Engineer Bumble | United Kingdom | Hybrid – View job details As an Application Security Engineer, you will design and implement security testing tools within CI/CD pipelines to detect vulnerabilities early without impacting development speed. Conduct risk assessments and threat modelling exercises to identify potential vulnerabilities and prioritise security measures based on impact. Identify and prioritise vulnerabilities, driving remediation efforts and offering mitigation strategies to engineering teams. CISO Global-e | Israel | On-site … More

The post Cybersecurity jobs available right now: January 28, 2025 appeared first on Help Net Security.

"

Autosummary: Cyber Defense, Monitoring & Incident Management Mizuho | USA | Hybrid – View job details As a Cyber Defense, Monitoring & Incident Management, you will oversee tools, technologies, and processes related to security operations, including vulnerability management, data loss prevention, EDR/NDR/XDR.Define cyber security governance and control strategies for emerging technologies such as cloud & containerization, block-chain, etc. I have read and agree to the terms & conditions Leave this field empty if you"re human: Cloud Advisory (IAM) Architect Slalom | Canada | On-site – View job details As a Cloud Advisory (IAM) Architect, you will lead the design and implementation of IAM architectures, including client and workforce identity solutions, integrating zero trust principles to secure users, devices, and applications. Senior Security Advisor – Cyber Supply Chain Risk Management Intact | Canada | Hybrid – View job details As a Senior Security Advisor – Cyber Supply Chain Risk Management, you will develop, implement, and enhance programs that monitor, measure, analyze and report on third-party risk exposures across all business areas and compare against the organization’s risk appetite. Incident Response Lead Trimble | Germany | Remote – View job details As an Incident Response Lead, you will lead the incident management process for the family of events, including platform/product incidents, cyberattacks, data protection, or information security hazards. Head of Cyber Defense Center CMA CGM | France | On-site – View job details As a Head of Cyber Defense Center, you will build and maintain an efficiently functional and collaborative CDC model with the appropriate interfaces, processes and workflows between SOC, incident response, vulnerability management, and threat intelligence functions. "


Top-Rated Chinese AI App DeepSeek Limits Registrations Amid Cyberattacks

ciber
2025-01-28 https://thehackernews.com/2025/01/top-rated-chinese-ai-app-deepseek.html
DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it"s restricting registrations on the service, citing malicious attacks. "Due to large-scale malicious attacks on DeepSeek"s services, we are temporarily limiting registrations to ensure continued service," the company said in an incident report page. "Existing users can log in "

Autosummary: "During the pre-training stage, training DeepSeek-V3 on each trillion tokens requires only 180K H800 GPU hours, i.e., 3.7 days on our cluster with 2048 H800 GPUs," the company said in a study. "


Chinese AI platform DeepSeek faced a “large-scale” cyberattack

ciber
2025-01-28 https://securityaffairs.com/173546/security/chinese-ai-platform-deepseek-faced-a-large-scale-cyberattack.html
Chinese AI company DeepSeek has disabled registrations for its DeepSeek-V3 chat platform following a “large-scale” cyberattack. DeepSeek has designed a new AI platform that quickly gained attention over the past week primarily due to its significant advancements in artificial intelligence and its impactful applications across various industries.  DeepSeek’s AI model is highly appreciated due to […] "

Autosummary: Chinese AI platform DeepSeek faced a “large-scale” cyberattack Pierluigi Paganini January 28, 2025 January 28, 2025 Chinese AI company DeepSeek has disabled registrations for its DeepSeek-V3 chat platform following a “large-scale” cyberattack. "


PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks

ciber
2025-01-28 https://thehackernews.com/2025/01/purecrypter-deploys-agent-tesla-and-new.html
A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that"s delivered by means of PureCrypter. TorNet is so "

Autosummary: " To counter such attacks, it"s recommended to develop advanced filtering techniques that can detect hidden text salting and content concealment, including detecting use of CSS properties like "visibility" and "display," and adopt visual similarity detection approach (e.g., Pisco) to enhance detection capabilities. "


Don’t let these open-source cybersecurity tools slip under your radar

ciber
2025-01-27 https://www.helpnetsecurity.com/2025/01/27/open-source-cybersecurity-tools-free/

This article showcases free, open-source cybersecurity tools that help you identify and address vulnerabilities, detect intrusion, protect websites from cyber attacks, monitor and detect suspicious activities across your network. Am I Isolated: Open-source container security benchmark Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. Argus: Open-source information gathering toolkit Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly … More

The post Don’t let these open-source cybersecurity tools slip under your radar appeared first on Help Net Security.

"

Autosummary: Evilginx: Open-source man-in-the-middle attack framework Evilginx is an open-source man-in-the-middle attack framework designed to phish login credentials and session cookies, enabling attackers to bypass 2FA safeguards. Aranya: Open-source toolkit to accelerate secure by design concepts By leveraging the Aranya toolkit, developers can embed secure by design concepts into their products, enabling high-assurance message delivery, secure data exchange, and access control between applications, machines, and sensors without requiring additional security tools. Neosync: Open-source data anonymization, synthetic data orchestration Neosync is an open-source, developer-centric solution designed to anonymize PII, generate synthetic data, and synchronize environments for improved testing and debugging. "


⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]

ciber
2025-01-27 https://thehackernews.com/2025/01/thn-weekly-recap-top-cybersecurity_27.html
Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention. As we unpack these complex topics, we"ll equip you with sharp insights to "

Autosummary: This week"s list includes — CVE-2025-23006 (SonicWall), CVE-2025-20156 (Cisco Meeting Management), CVE-2025-21556 (Oracle Agile Product Lifecycle Management Framework), CVE-2025-0411 (7-Zip), CVE-2025-21613 (go-git), CVE-2024-32444 (RealHomes theme for WordPress), CVE-2024-32555 (Easy Real Estate plugin), CVE-2016-0287 (IBM i Access Client Solutions), CVE-2024-9042 (Kubernetes). — A group of academics has disclosed 119 security vulnerabilities impacting LTE and 5G implementations, Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, srsRAN, that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network.Over 100 Flaws in LTE and 5G Implementations — A group of academics has disclosed 119 security vulnerabilities impacting LTE and 5G implementations, Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, srsRAN, that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network.Active since at least 2019, the group has singled out individuals and entities in China, Taiwan, Hong Kong, South Korea, the United States, and New Zealand.Active since at least 2019, the group has singled out individuals and entities in China, Taiwan, Hong Kong, South Korea, the United States, and New Zealand.Critical Security Flaws in ABB ASPECT-Enterprise, NEXUS, and MATRIX Products — More than a 100 security flaws have been disclosed in ABB ASPECT-Enterprise, NEXUS, and MATRIX series of products that could enable an attacker to disrupt operations or execute remote code. — A never-before-seen China-aligned hacking group named PlushDaemon carried out a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023 to deliver malware known as SlowStepper, a fully-featured backdoor with an extensive set of information gathering features.PlushDaemon Linked to Supply Chain Compromise of South Korean VPN Provider — A never-before-seen China-aligned hacking group named PlushDaemon carried out a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023 to deliver malware known as SlowStepper, a fully-featured backdoor with an extensive set of information gathering features. — One of the vulnerabilities exploited by the China-linked Salt Typhoon hacking group for initial access is CVE-2021-26855 (aka ProxyLogon), a nearly four-year-old flaw in Microsoft Exchange Server. "


EU sanctions Russian GRU hackers for cyberattacks against Estonia

rusia-ucrania ciber
2025-01-27 https://www.bleepingcomputer.com/news/security/eu-sanctions-russian-gru-hackers-for-cyberattacks-against-estonia/
The European Union sanctioned three hackers, part of Unit 29155 of Russia"s military intelligence service (GRU), for their involvement in cyberattacks targeting Estonia"s government agencies in 2020. [...] "

Autosummary: "


DeepSeek halts new signups amid "large-scale" cyberattack

ciber
2025-01-27 https://www.bleepingcomputer.com/news/security/deepseek-halts-new-signups-amid-large-scale-cyberattack/
Chinese AI platform DeepSeek has disabled registrations on it DeepSeek-V3 chat platform due to an ongoing "large-scale" cyberattack targeting its services. [...] "

Autosummary: "KELA"s AI Red Team was able to jailbreak the model across a wide range of scenarios, enabling it to generate malicious outputs, such as ransomware development, fabrication of sensitive content, and detailed instructions for creating toxins and explosive devices. "


Aviat Networks enhances software cybersecurity offering

ciber
2025-01-24 https://www.helpnetsecurity.com/2025/01/24/aviat-cybersecurity-products/

Aviat Networks announced that it has enhanced its Secure Software Development Lifecycle (SSDLC) process and Software Vulnerability Alert (SVA) service designed to strengthen Aviat’s software and firmware development process to comply with latest cybersecurity requirements. With the increasing number of vulnerabilities, threats and attacks, SSDLC and SVA are now seen as essential countermeasures to protect against software security threats for critical communications networks. Aviat’s SSDLC is a structured process to improve cybersecurity for all Aviat … More

The post Aviat Networks enhances software cybersecurity offering appeared first on Help Net Security.

"

Autosummary: "


Funding soars in a milestone year for Israeli cybersecurity

ciber
2025-01-23 https://www.helpnetsecurity.com/2025/01/23/israeli-cybersecurity-funding-2024-video/

In this Help Net Security video, Or Salom, Analyst at YL Ventures, discusses the State of the Cyber Nation Report 2024. The report reveals resilience and growth in the Israeli cybersecurity industry, with total investments reaching $4 billion across 89 funding rounds—more than double the $1.89 billion raised in 2023. Key highlights: Record-breaking seed activity: 50 seed rounds in 2024 with total seed funding reaching $400M, demonstrating sustained confidence in early-stage Israeli cybersecurity innovation. Explosive … More

The post Funding soars in a milestone year for Israeli cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity books on ransomware you shouldn’t miss

exploits ransomware ciber
2025-01-22 https://www.helpnetsecurity.com/2025/01/22/ransomware-cybersecurity-books/

This list of ransomware-focused cybersecurity books is tailored for professionals seeking practical insights and deeper knowledge. Covering technical strategies, real-world cases, and the evolving tactics of attackers, these books offer valuable perspectives to help strengthen defenses and refine incident response plans. Ransomware and Cyber Extortion: Response and Prevention Authors: Karen Sprenger, Sherri Davidoff, and Matt Durrin This guide offers value to everyone involved in prevention, response, planning, or policy: CIOs, CISOs, incident responders, investigators, negotiators, … More

The post Cybersecurity books on ransomware you shouldn’t miss appeared first on Help Net Security.

"

Autosummary: "


Conduent confirms cybersecurity incident behind recent outage

ciber
2025-01-22 https://www.bleepingcomputer.com/news/security/conduent-confirms-cybersecurity-incident-behind-recent-outage/
American business services giant and government contractor Conduent confirmed today that a recent outage resulted from what it described as a "cyber security incident." [...] "

Autosummary: " However, one day later, after being asked to confirm if a cyberattack caused the outage, Conduent sent an updated statement saying the "operational disruption" was caused by "a cyber security incident. "


Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review

ciber
2025-01-22 https://thehackernews.com/2025/01/trump-terminates-dhs-advisory-committee.html
The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS).  "In alignment with the Department of Homeland Security"s (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory "

Autosummary: "In alignment with the Department of Homeland Security"s (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory committees within DHS, effective immediately," Acting Secretary Benjamine C. Huffman said in a January 20, 2025, memo. "


Cybersecurity jobs available right now: January 21, 2025

ciber
2025-01-21 https://www.helpnetsecurity.com/2025/01/21/cybersecurity-jobs-available-right-now-january-21-2025/

CISO Sempra Infrastructure | USA | Hybrid – View job details As a CISO, you will develop and implement a robust information security strategy and program that aligns with the organization’s objectives and regulatory requirements. Assess and manage cybersecurity risks across the organization’s digital infrastructure, networks, and sensitive data. Implement risk mitigation strategies and ensure regular risk assessments and audits. Cloud Security Engineer UBX | Philippines | On-site – View job details As a Cloud … More

The post Cybersecurity jobs available right now: January 21, 2025 appeared first on Help Net Security.

"

Autosummary: Senior Privacy Engineer – Incident Response, Devices & Services Trust & Privacy (DSTP) Amazon | USA | On-site – View job details As a Senior Privacy Engineer – Incident Response, Devices & Services Trust & Privacy (DSTP), you will own and support the design, development, implementation, and maintenance of DSTS’ privacy incident response infrastructure, tools, and processes. Senior Cybersecurity Specialist AVIO | Italy | Hybrid – View job details As a Senior Cybersecurity Specialist, you will analyze and identify cybersecurity threats, assess their severity, design and implement security solutions to protect IT systems and data, manage the security and protection of company data by securing applications and databases and ensuring systems are always up to date, and ensure that the company complies with standards, best practices, and internal policies related to IT security. Cyber Security Engineer IAG | New Zealand | Hybrid – View job details As a Cyber Security Engineer, you will develop and maintain attack emulation, detection, and response methodologies, create automations and API integrations using ServiceNow, and lead CTED BAU uplift activities within scope, time, and quality. Software Security Engineer Allego | France | Remote – View job details As a Software Security Engineer, you will be responsible for designing and updating the overall cybersecurity strategy, managing security improvement projects, overseeing the security testing strategy (including vulnerability scanning and penetration testing), performing regular threat analyses to stay updated on the current security landscape, and ensuring compliance with applicable laws and regulations. "


Criminal IP Teams Up with OnTheHub for Digital Education Cybersecurity

ciber
2025-01-21 https://www.bleepingcomputer.com/news/security/criminal-ip-teams-up-with-onthehub-for-digital-education-cybersecurity/
AI SPERA announced today that it has partnered with education platform OnTheHub to provide its integrated cybersecurity solution, Criminal IP, to students and educational institutions. [...] "

Autosummary: Error. "


13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks

ciber
2025-01-21 https://thehackernews.com/2025/01/13000-mikrotik-routers-hijacked-by.html
A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity "take[s] advantage of misconfigured DNS records to pass email protection techniques," Infoblox security researcher David Brunsdon said in a technical report published last week. "This "

Autosummary: "Regardless of how they"ve been compromised, it seems as though the actor has been placing a script onto the [Mikrotik] devices that enables SOCKS (Secure Sockets), which allow the devices to operate as TCP redirectors," Brunsdon said. "


NDR’s role in a modern cybersecurity stack

ciber
2025-01-20 https://www.helpnetsecurity.com/2025/01/20/cybersecurity-stack-ndr-role-video/

Attacks happen frequently on the security stack or within an enterprise. Often, they’re carried out by some unknown entity on the other side of the globe. You don’t know who you’re dealing with. You don’t know who they are. In this Help Net Security video, Jerry Mancini, NETSCOUT’s Senior Director, Office of the Enterprise CTO, discusses NDR’s role in a modern cybersecurity stack.

The post NDR’s role in a modern cybersecurity stack appeared first on Help Net Security.

"

Autosummary: "


⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]

ciber
2025-01-20 https://thehackernews.com/2025/01/thn-weekly-recap-top-cybersecurity_20.html
As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that can"t be fought with "

Autosummary: This week"s list includes — CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 (Windows Hyper-V NT Kernel Integration VSP), CVE-2024-55591 (Fortinet), CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159 (Ivanti Endpoint Manager), CVE-2024-7344 (Howyar Taiwan), CVE-2024-52320, CVE-2024-48871 (Planet Technology WGS-804HPT industrial switch), CVE-2024-12084 (Rsync), CVE-2024-57726, CVE-2024-57727, CVE-2024-57728 (SimpleHelp), CVE-2024-44243 (Apple macOS), CVE-2024-9042 (Kubernetes), CVE-2024-12365 (W3 Total Cache plugin), CVE-2025-23013 (Yubico), CVE-2024-57579, CVE-2024-57580, CVE-2024-57581, CVE-2024-57582 (Tenda AC18), CVE-2024-57011, CVE-2024-57012, CVE-2024-57013, CVE-2024-57014, CVE-2024-57015, CVE-2024-57016, CVE-2024-57017, CVE-2024-57018, CVE-2024-57019, CVE-2024-57020, CVE-2024-57021, CVE-2024-57022, CVE-2024-57023, CVE-2024-57024, CVE-2024-57025 (TOTOLINK X5000R), CVE-2025-22785 (ComMotion Course Booking System plugin), and 44 vulnerabilities in Wavlink AC3000 routers. 🔒 Tip of the Week Monitor, Detect, and Control Access with Free Solutions — In today"s complex threat landscape, advanced, cost-effective solutions like Wazuh and LAPS offer powerful defenses for small-to-medium enterprises.Wazuh, an open-source SIEM platform, integrates with the Elastic Stack for real-time threat detection, anomaly monitoring, and log analysis, enabling you to spot malicious activities early. 🔧 Cybersecurity Tools AD-ThreatHunting: Detect and stop threats like password sprays, brute force attacks, and admin misuse with real-time alerts, pattern recognition, and smart analysis tools.Together, these tools provide a robust, multi-layered defense strategy, giving you the ability to detect, respond to, and mitigate threats efficiently without the high cost of enterprise solutions.It supports scanning installed packages, binaries, and source code across Linux, Windows, and Mac, while also generating SBOMs in SPDX and CycloneDX formats.The phishing kit is also called WikiKit owing to the fact that site visitors whose IP address originates from a data center, cloud provider, bot, proxy, or VPN are directed to a Microsoft-related Wikipedia page.The phishing kit is also called WikiKit owing to the fact that site visitors whose IP address originates from a data center, cloud provider, bot, proxy, or VPN are directed to a Microsoft-related Wikipedia page. "


U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon

ciber
2025-01-18 https://thehackernews.com/2025/01/us-sanctions-chinese-cybersecurity-firm.html
The U.S. Treasury Department"s Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. "People"s Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, including the recent "

Autosummary: Earlier this week, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said "China"s sophisticated and well-resourced cyber program represents the most serious and significant cyber threat to our nation, and in particular, U.S. critical infrastructure. "


U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

ciber
2025-01-18 https://securityaffairs.com/173209/intelligence/u-s-treasury-sanctioned-cybersecurity-firm-and-shanghai-cyber-actor-linked-salt-typhoon.html
The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., LTD., for its involvement in the activities of the Salt Typhoon APT group, […] "

Autosummary: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon Pierluigi Paganini January 18, 2025 January 18, 2025 The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach. "


U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

ciber
2025-01-18 https://securityaffairs.com/173209/uncategorized/u-s-treasury-sanctioned-cybersecurity-firm-and-shanghai-cyber-actor-linked-salt-typhoon.html
The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., LTD., for its involvement in the activities of the Salt Typhoon APT group, […] "

Autosummary: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon Pierluigi Paganini January 18, 2025 January 18, 2025 The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach. "


EU takes decisive action on healthcare cybersecurity

ciber
2025-01-17 https://www.helpnetsecurity.com/2025/01/17/eu-action-plan-healthcare-cybersecurity/

The Commission has presented an EU action plan aimed at strengthening the cybersecurity of hospitals and healthcare providers. The initiative is an essential step in shielding the healthcare sector from cyber threats. Digitalization is revolutionizing healthcare, enabling better patient services through innovations such as electronic health records, telemedicine, and AI-driven diagnostics. However, cyberattacks can delay medical procedures, create gridlock in emergency rooms, and disrupt vital services, which, in severe cases, could directly impact the lives … More

The post EU takes decisive action on healthcare cybersecurity appeared first on Help Net Security.

"

Autosummary: The action plan proposes, among others, for ENISA, the EU agency for cybersecurity, to establish a pan-European Cybersecurity Support Centre for hospitals and healthcare providers, providing them with tailored guidance, tools, services, and training.However, cyberattacks can delay medical procedures, create gridlock in emergency rooms, and disrupt vital services, which, in severe cases, could directly impact the lives of Europeans. "


How CISOs can elevate cybersecurity in boardroom discussions

ciber
2025-01-16 https://www.helpnetsecurity.com/2025/01/16/ross-young-team8-cybersecurity-boardroom-discussions/

Ross Young is the CISO in residence at Team8 and the creator of the OWASP Threat and Safeguard Matrix (TaSM). In this interview, he shares his perspective on how cybersecurity professionals can tailor their presentations to the board, aligning security strategies with business priorities. He also discusses common misconceptions that boards have about cybersecurity and offers practical advice on building lasting relationships with executives to ensure cybersecurity stays front and center in ongoing business discussions. … More

The post How CISOs can elevate cybersecurity in boardroom discussions appeared first on Help Net Security.

"

Autosummary: While investment is important, organizations need coordinated effort between operational management (first line), risk management functions (second line), and internal audit (third line) to create an effective security posture.While the security team typically operates in the second line of defense alongside risk management and compliance functions, primary responsibility for security begins with first-line operational teams, particularly developers securing their applications.The first line of defense, including developers and operational staff, must actively implement security practices in their daily work, regardless of certification status. "


HarvestIQ.ai provides actionable insights for cybersecurity professionals

ciber
2025-01-16 https://www.helpnetsecurity.com/2025/01/16/harvestiq-ai-platform/

IT-Harvest launched HarvestIQ.ai, a platform featuring two AI assistants designed to redefine how professionals navigate the cybersecurity landscape. The Analyst AI provides access to IT-Harvest’s comprehensive database of 4,070 cybersecurity vendors, offering users instant insights into market players, trends, and innovations. Meanwhile, the Architect AI empowers users with tailored guidance on cybersecurity products, leveraging IT-Harvest’s in-depth analysis of over 11,300 products to help organizations make informed decisions about their cybersecurity strategies. “HarvestIQ.ai is a game-changer … More

The post HarvestIQ.ai provides actionable insights for cybersecurity professionals appeared first on Help Net Security.

"

Autosummary: Error. "


Biden signs executive order to bolster national cybersecurity

ciber
2025-01-16 https://www.bleepingcomputer.com/news/security/biden-signs-executive-order-to-bolster-national-cybersecurity/
Days before leaving office, President Joe Biden signed an executive order to shore up the United States" cybersecurity by making it easier to sanction hacking groups targeting federal agencies and the nation"s critical infrastructure. [...] "

Autosummary: "


Cybersecurity is stepping into a new era of complexity

ciber
2025-01-15 https://www.helpnetsecurity.com/2025/01/15/cybersecurity-complexity-era/

Cybersecurity is entering a new era of complexity, according to the World Economic Forum’s Global Cybersecurity Outlook 2025 report. Growing complexity intensifies cyber inequity This complexity arises from the rapid growth of emerging technologies, prevailing geopolitical uncertainty, the evolution of threats, regulatory challenges, vulnerabilities in supply chain interdependencies and the growing cyber skills gap. Growing complexity further intensifies cyber inequity, deepening the divide between developed and emerging economies, expanding sectoral disparities, and widening the gap … More

The post Cybersecurity is stepping into a new era of complexity appeared first on Help Net Security.

"

Autosummary: Growing complexity intensifies cyber inequity This complexity arises from the rapid growth of emerging technologies, prevailing geopolitical uncertainty, the evolution of threats, regulatory challenges, vulnerabilities in supply chain interdependencies and the growing cyber skills gap. "


Cybersecurity jobs available right now: January 14, 2025

ciber
2025-01-14 https://www.helpnetsecurity.com/2025/01/14/cybersecurity-jobs-available-right-now-january-14-2025/

Application Security DevOps engineer Twixor | India | On-site – View job details As an Application Security DevOps engineer, you will implement and oversee application security measures to protect company’s software and infrastructure. Conduct regular security assessments and vulnerability testing. Develop and maintain secure coding practices and standards. Design, implement, and maintain secure CI/CD pipelines. Perform threat modeling and risk assessments. CISO Degroof Petercam | Belgium | Hybrid – View job details As a CISO, … More

The post Cybersecurity jobs available right now: January 14, 2025 appeared first on Help Net Security.

"

Autosummary: Senior Security Engineer, Offensive Security VXI Global Solutions | USA | Hybrid – View job details As a Senior Security Engineer, Offensive Security, you will manage complete red team exercises, drive security improvement across the organization, research emerging attack vectors, vulnerabilities and techniques. Cloud Security Engineer (Azure) Tech Mahindra | UAE | On-site – View job details As a Cloud Security Engineer (Azure), you will implement and configure cloud security controls and policies, manage access to data, and monitor threats to ensure that apps, containers, infrastructure, and networks are protected.Perform full, detailed security risk assessments and penetration tests on a wide variety of high or critical business solutions that include but are not limited to software, hardware, networks, and mobile devices as well as complex solutions that may include any number of the above configurations Security Researcher Lasso Security | Israel | On-site – View job details As a Security Researcher, you will design and lead technical security research in the field of LLMs. Cybersecurity Engineer, Resilience Electrolux Group | Czechia | On-site – View job details As a Cybersecurity Engineer, Resilience, you will perform risk assessment tests and audits of connected systems for cybersecurity issues, identify security vulnerabilities in digital products, applications, systems and infrastructure and drive their mitigation. "


⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]

ciber
2025-01-13 https://thehackernews.com/2025/01/thn-weekly-recap-top-cybersecurity_01424177917.html
The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure. Let’s turn awareness into action and keep one step ahead "

Autosummary: This week’s list includes — CVE-2024-8474 (OpenVPN Connect), CVE-2024-46981 (Redis), CVE-2024-51919, CVE-2024-51818 (Fancy Product Designer plugin), CVE-2024-12877 (GiveWP – Donation Plugin and Fundraising Platform), CVE-2024-12847 (NETGEAR DGN1000), CVE-2025-23016 (FastCGI fcgi2), CVE-2024-10215 (WPBookit plugin), CVE-2024-11350 (AdForest theme), CVE-2024-13239 (Drupal), CVE-2024-54676 (Apache OpenMeetings) CVE-2025-0103 (Palo Alto Networks Expedition), CVE-2024-53704 (SonicWall SonicOS), CVE-2024-50603 (Aviatrix Controller), CVE-2024-9138, and CVE-2024-9140 (Moxa).India, Germany, the U.S., France, Brazil, South Korea, Belgium, Spain, Poland, and Italy accounted for the top 10 countries with the most number of requests.India, Germany, the U.S., France, Brazil, South Korea, Belgium, Spain, Poland, and Italy accounted for the top 10 countries with the most number of requests.Popular Windows Applications Vulnerable to WorstFit Attack — Several Windows-based applications such as curl.exe, excel.exe, openssl.exe, plink.exe, tar.exe, and wget.exe have been found susceptible to a brand-new attack surface called WorstFit, which exploits a character conversion feature built into Windows called Best-Fit." — As companies rush to leverage artificial intelligence (AI) applications, MLOps platforms used to develop, train, deploy and monitor such applications could be targeted by attackers, allowing them to not only gain unauthorized access, but also impact the confidentiality, integrity and availability of the machine learning (ML) models and the data they provide.The attacks involve the use of Windows Shortcut (LNK), Windows Installer (MSI), and Microsoft Management Console (MSC) files, likely distributed via spear-phishing, as the first-stage component to trigger the infection chain, ultimately leading to the deployment of PlugX using DLL side-loading techniques.The attacks involve the use of Windows Shortcut (LNK), Windows Installer (MSI), and Microsoft Management Console (MSC) files, likely distributed via spear-phishing, as the first-stage component to trigger the infection chain, ultimately leading to the deployment of PlugX using DLL side-loading techniques.MLOps Platforms Could Become a New Attack Target — As companies rush to leverage artificial intelligence (AI) applications, MLOps platforms used to develop, train, deploy and monitor such applications could be targeted by attackers, allowing them to not only gain unauthorized access, but also impact the confidentiality, integrity and availability of the machine learning (ML) models and the data they provide. "


January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance

ciber
2025-01-10 https://www.helpnetsecurity.com/2025/01/10/january-2025-patch-tuesday-forecast/

Welcome to 2025 and a new year of patch excitement! In my December article, I talked about Microsoft’s Secure Future Initiative (SFI) and how it manifested in many of the Microsoft products released in 2024. While this security technology trend will continue in 2025, I believe we will also see some major changes to guidance regarding the security requirements, operations, and other aspects associated with our industry. Before we get into some of those details, … More

The post January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance appeared first on Help Net Security.

"

Autosummary: Microsoft set of updates Microsoft released a small set of updates that only applied to Windows 10, Windows 11, Office, and Sharepoint.While this security technology trend will continue in 2025, I believe we will also see some major changes to guidance regarding the security requirements, operations, and other aspects associated with our industry. "


Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs

ciber
2025-01-10 https://thehackernews.com/2025/01/taking-pain-out-of-cybersecurity.html
Cybersecurity reporting is a critical yet often overlooked opportunity for service providers managing cybersecurity for their clients, and specifically for virtual Chief Information Security Officers (vCISOs). While reporting is seen as a requirement for tracking cybersecurity progress, it often becomes bogged down with technical jargon, complex data, and disconnected spreadsheets that fail to "

Autosummary: Sample Report: Vulnerability and Scan Findings Sample Report: Risk Mitigation Plan Streamlining reporting with technology Manual reporting processes—juggling spreadsheets, extracting charts, and compiling disconnected data—are time-consuming and error-prone. According to Miller, "Cybersecurity reporting is about creating a shared vision with your clients, where they see cybersecurity as a driver of growth, efficiency, and long-term success. Elements of an effective vCISO report To make reports valuable and actionable, focus on these key components: Know your audience: Tailor your reports to different stakeholders.While reporting is seen as a requirement for tracking cybersecurity progress, it often becomes bogged down with technical jargon, complex data, and disconnected spreadsheets that fail to resonate with decision-makers." The guide—"Taking the Pain Out of Cybersecurity Reporting"—walks you through how to transform raw data into compelling narratives, demonstrate measurable value, and shape the future of your client"s cybersecurity strategy. "


Cybersecurity in 2025: Global conflict, grown-up AI, and the wisdom of the crowd

ciber
2025-01-09 https://www.helpnetsecurity.com/2025/01/09/2025-cybersecurity-community/

As we look ahead to cybersecurity developments in 2025, there’s bad news and good—expect to see new challenging attacks and the cybersecurity community increasingly working together to counter threats that are beyond the scope of individual organizations.

The post Cybersecurity in 2025: Global conflict, grown-up AI, and the wisdom of the crowd appeared first on Help Net Security.

"

Autosummary: AI as a tool, a target, and a threat In 2025, expect the AI hype to subside, some real-world use cases of generative AI start to emerge, and AI security and safety to mature significantly. CISOs, and the organizations they serve, will increasingly need to take a wider view to ensure robust cybersecurity, putting greater focus on the security of every component of their supply chains. "


MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan

ciber
2025-01-09 https://thehackernews.com/2025/01/mirrorface-leverages-anel-and-noopdoor.html
Japan"s National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. The primary objective of the attack campaign is to steal information related to Japan"s national "

Autosummary: "


Cybersecurity jobs available right now: January 8, 2025

ciber
2025-01-08 https://www.helpnetsecurity.com/2025/01/08/cybersecurity-jobs-available-right-now-january-8-2025/

AI Penetration Tester Microsoft | Canada | Remote – View job details As an AI Penetration Tester, you will discover and exploit vulnerabilities end-to-end in order to assess the security of AI systems. Execute offensive operations on production AI systems using real world adversarial tactics and techniques to identify failures. Develop tools and techniques to scale and accelerate offensive emulation and vulnerability discovery specific for AI systems. Application Security Engineer Emerson | India | Hybrid … More

The post Cybersecurity jobs available right now: January 8, 2025 appeared first on Help Net Security.

"

Autosummary: Information Security Specialist – Red Team Operator TD | Canada | Hybrid – View job details As an Information Security Specialist – Red Team Operator, you will define, develop, implement, and manage standards, policies, procedures, and solutions that mitigate risk and maximize security, availability of service, efficiency and effectiveness. Application Security Engineer Emerson | India | Hybrid – View job details As an Application Security Engineer, your responsibilities will include analyzing UML diagrams, DFDs, and threat models for security flaws while providing detailed recommendations for software and system setups to address them, mentoring developers on security topics and secure coding practices, developing and delivering security training for developers and management, analyzing requirements and conducting code reviews to identify security flaws, and establishing direction for security requirements in custom hardware and software. Senior Manager, Global Incident Response Experian | USA | Remote – View job details As a Senior Manager, Global Incident Response, you will develop and grow the Advanced Response team’s processes, capabilities, and overarching strategy to contribute to an overall increase in incident response effectiveness at Experian. IT Security Engineer Alpitronic | Italy | On-site – View job details As an IT Security Engineer, you will perform risk assessment analysis, by identifying vulnerabilities that could be exploited by malicious attackers, to proactively anticipate and prevent cyber-attacks. "


eBay CISO on managing long-term cybersecurity planning and ROI

ciber
2025-01-07 https://www.helpnetsecurity.com/2025/01/07/sean-embry-ebay-enterprise-cybersecurity-planning/

In this Help Net Security interview, Sean Embry, CISO at eBay, discusses key aspects of cybersecurity leadership. He shares insights on balancing long-term strategic planning with immediate threat response, evaluating the ROI of new technologies, and addressing employee cybersecurity fatigue. As a CISO, how do you balance long-term strategic cybersecurity investments with immediate tactical threat response? The most important word here is “balance”, and effective cybersecurity programs need to have a longer-term strategy but be … More

The post eBay CISO on managing long-term cybersecurity planning and ROI appeared first on Help Net Security.

"

Autosummary: They need to form a broad communications base within the company to understand the state of security and compliance across the entire enterprise (that means hygiene, controls, access, platform security, perimeter security, etc.) and what the business strategy or new high-priority efforts are (e.g. Agentic GPT). It’s this shared understanding and support that helps us prevent fatigue, and we utilize several mechanisms to ensure our teams are included in our plans: We have virtual architecture teams with representation from all of the technology domains where we review the architecture and engineering behind new tools or policies (scalability, access management, compute impact, etc.). "


Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

ciber
2025-01-07 https://thehackernews.com/2025/01/farewell-to-fallen-cybersecurity-stars.html
It"s time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a tribute to "

Autosummary: Legacy Multi-Factor Authentication (MFA) Cause of Death: Compromised by sophisticated phishing, man-in-the-middle (MitM), SIM-swapping, and MFA prompt bombing attacks." The Role of FIDO2 and Phishing-Resistant Authentication: In place of legacy MFA, phishing-resistant, FIDO2-compliant solutions have emerged as the gold standard for authentication, driving the industry toward a passwordless future.These solutions deliver adaptive, context-aware security, and integrate biometrics, hardware security keys, and passwordless technologies to provide unparalleled user convenience and resilience against evolving threats. Additionally, passwordless solutions integrate seamlessly with identity and access management (IAM) systems, creating a unified approach to authentication, lifecycle management, and compliance monitoring. "


US govt launches cybersecurity safety label for smart devices

ciber
2025-01-07 https://www.bleepingcomputer.com/news/security/us-govt-launches-cybersecurity-safety-label-for-smart-devices/
​Today, the White House announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for internet-connected consumer devices. [...] "

Autosummary: " The program was unveiled in July 2023, when major electronics, appliance, and consumer product makers like Amazon, Google, Best Buy, LG Electronics U.S.A., Logitech, and Samsung Electronics announced their participation. "


Only 26% of Europe’s top companies earn a high rating for cybersecurity

ciber
2025-01-06 https://www.helpnetsecurity.com/2025/01/06/european-companies-cybersecurity-rating/

With the EU’s Digital Operational Resilience Act (DORA) deadline approaching on 17th January, 2025, Europe’s top 100 companies face an urgent cybersecurity challenge, according to SecurityScorecard. A-rated companies safer from breaches The report highlights the role of SecurityScorecard’s A-to-F rating system in delivering actionable insights into cyber resilience. Companies with an A rating were found to be 13.8 times less likely to experience a breach than those with an F rating. Europe’s largest organizations are … More

The post Only 26% of Europe’s top companies earn a high rating for cybersecurity appeared first on Help Net Security.

"

Autosummary: Scandinavian companies lead in cybersecurity, with only 20% receiving a C rating or lower, compared to the UK (24%), Germany (34%), France (40%), and Italy (41%). "


Is healthcare cybersecurity in critical condition?

ciber
2025-01-06 https://www.helpnetsecurity.com/2025/01/06/healthcare-cybersecurity-2024-trends/

This article highlights key findings and trends in healthcare cybersecurity for 2024. From the rising impact of cyberattacks on patient care to the vulnerabilities posed by medical devices and supply chains, these insights provide an overview of the current state of cybersecurity in the healthcare sector. 6 key elements for building a healthcare cybersecurity response plan With 89% of practices already using tools like two-factor authentication (2FA), the importance of integrating robust cybersecurity software cannot … More

The post Is healthcare cybersecurity in critical condition? appeared first on Help Net Security.

"

Autosummary: The consequences of potential failures caused by cybersecurity incidents that affect end-of-life patient devices—including infusion pumps, network modules, gateways, incubators, cardiac rhythm management systems, mobility monitors, and others—can impact patient safety. "


⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]

ciber
2025-01-06 https://thehackernews.com/2025/01/thn-weekly-recap-top-cybersecurity.html
Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line between convenience and vulnerability has never been thinner. This week, we dive into the hidden risks, surprising loopholes, and the clever tricks "

Autosummary: This week"s list includes — CVE-2024-43405 (ProjectDiscovery Nuclei), CVE-2024-54152 (Angular Expressions), CVE-2024-12912, CVE-2024-13062 (ASUS router AiCloud), CVE-2024-12828 (Webmin CGI), CVE-2024-56040, CVE-2024-56041 (VibeThemes VibeBP), CVE-2024-56042, CVE-2024-56043, CVE-2024-56044, CVE-2024-56045, CVE-2024-56046 (VibeThemes WPLMS), CVE-2024-56249 (Webdeclic WPMasterToolKit), CVE-2024-56198 (path-sanitizer npm package), CVE-2024-55078 (WukongCRM), and CVE-2024-12583 (Dynamics 365 Integration plugin)."The companies are also prohibited from misrepresenting how they collect, maintain, use, delete or disclose consumers" personal information; and the extent to which the companies protect the privacy, security, availability, confidentiality, or integrity of personal information," the FTC said."The companies are also prohibited from misrepresenting how they collect, maintain, use, delete or disclose consumers" personal information; and the extent to which the companies protect the privacy, security, availability, confidentiality, or integrity of personal information," the FTC said.The vulnerability, tracked as CVE-2024-49113 (CVSS score: 7.5), was patched by Microsoft last month, along with CVE-2024-49112 (CVSS score: 9.8), a remote code execution flaw in the same component.The vulnerability, tracked as CVE-2024-49113 (CVSS score: 7.5), was patched by Microsoft last month, along with CVE-2024-49112 (CVSS score: 9.8), a remote code execution flaw in the same component. 📰 Around the Cyber World Two Indian Nationals Charged in the U.S. — The U.S. Department of Justice has announced charges against two Indian nationals, Ahmed Maqbul Syed, 57, and Rupesh Chandra Chintakindi, 27, for orchestrating a tech support fraud scheme targeting elderly victims in the U.S. Both have been charged with conspiracy to commit money laundering. — The U.S. Department of Justice has announced charges against two Indian nationals, Ahmed Maqbul Syed, 57, and Rupesh Chandra Chintakindi, 27, for orchestrating a tech support fraud scheme targeting elderly victims in the U.S. Both have been charged with conspiracy to commit money laundering.The largest single thefts amounted to $55.48 million and $32.51 million in August and September, respectively, accounting for 52% of the year"s total large-scale (above $1 million) losses, per Scam Sniffer.The largest single thefts amounted to $55.48 million and $32.51 million in August and September, respectively, accounting for 52% of the year"s total large-scale (above $1 million) losses, per Scam Sniffer." 🎥 Expert Webinar Future-Ready Trust: Manage Certificates Like Never Before — Trust is the foundation of every digital interaction, but managing it across users, devices, and systems is harder than ever. "


Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages

ciber
2025-01-06 https://thehackernews.com/2025/01/russian-speaking-attackers-target.html
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation"s Hardhat tool in order to steal sensitive data from developer systems. "By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, "

Autosummary: The list of identified counterfeit packages is as follows - nomicsfoundations @nomisfoundation/hardhat-configure installedpackagepublish @nomisfoundation/hardhat-config @monicfoundation/hardhat-config @nomicsfoundation/sdk-test @nomicsfoundation/hardhat-config @nomicsfoundation/web3-sdk @nomicsfoundation/sdk-test1 @nomicfoundations/hardhat-config crypto-nodes-validator solana-validator node-validators hardhat-deploy-others hardhat-gas-optimizer solidity-comments-extractors Of these packages, @nomicsfoundation/sdk-test has attracted 1,092 downloads. "


India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements

ciber
2025-01-06 https://thehackernews.com/2025/01/india-proposes-digital-data-rules-with.html
The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India"s Press Information Bureau (PIB) said in a statement released Sunday. "Citizens are empowered with rights to demand data erasure, "

Autosummary: Some of the other notable provisions of the DPDP Act that data fiduciaries are expected to comply are listed below - Implement mechanisms for detecting and addressing breaches and maintenance of logs In the event of a data breach, provide detailed information about the sequence of events that led to the incident, actions taken to mitigate the threat, and the identity of the individual(s), if known, within 72 hours (or more, if permitted) to the Data Protection Board (DPB) Delete personal data no longer needed after a three-year period and notify individuals 48 hours before erasing such information Clearly display on their websites/apps the contact details of a designated Data Protection Officer (DPO) who is responsible for addressing any questions regarding users" processing of personal data Obtain verifiable consent from parents or legal guardians prior to processing the personal data of children under 18 or persons with disabilities (exemptions include healthcare professionals, educational institutions, and childcare providers, but only restricted to specific activities like health services, educational activities, safety monitoring, and transportation tracking) "


U.S. Sanctions Chinese Cybersecurity Firm for State-Backed Hacking Campaigns

government ciber
2025-01-04 https://thehackernews.com/2025/01/us-treasury-sanctions-beijing.html
The U.S. Treasury Department"s Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or "

Autosummary: "


US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

ciber
2025-01-04 https://securityaffairs.com/172665/intelligence/us-sanctioned-chinese-cybersecurity-firm-linked-flax-typhoon.html
The U.S. Treasury Department sanctioned Chinese cybersecurity firm Integrity Tech for its involvement in attacks attributed to the Flax Typhoon group. The U.S. Treasury sanctioned a Chinese cybersecurity firm, Integrity Tech, for links to cyberattacks by China’s state-backed Flax Typhoon APT group (also called Ethereal Panda or RedJuliett). The China-linked APT group used Integrity Tech’s infrastructure to […] "

Autosummary: Since May 2020, over 200,000 devices, including SOHO routers, NVR/DVR devices, NAS servers, and IP cameras, have been compromised and added to the Raptor Train botnet, making it one of the largest China-linked IoT botnets discovered. "


When risky cybersecurity behavior becomes a habit among employees

ciber
2025-01-02 https://www.helpnetsecurity.com/2025/01/02/employees-risky-behaviors/

While the majority of employees avoid risky behaviors, a small subset makes them a habit, posing a significant cybersecurity challenge, according to Mimecast. 48% of employees engaged in behaviors that exposed their organizations to cyber risk, with browsing violations being the most common (36% of users). Browsing violations, unlike phishing and malware events, do not directly impact security. However, they can increase the likelihood of encountering malware or online scams. Impersonation phishing widespread across sectors … More

The post When risky cybersecurity behavior becomes a habit among employees appeared first on Help Net Security.

"

Autosummary: Executives, sales, and board members, being public-facing roles, also receive a high volume of phishing emails. "


The biggest cybersecurity and cyberattack stories of 2024

ciber
2025-01-01 https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2024/
2024 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. Below are fourteen of what BleepingComputer believes are the most impactful cybersecurity stories of 2024. [...] "

Autosummary: Data breaches linked to these attacks, which started in April 2024, have affected hundreds of millions of individuals using the services of AT&T, Ticketmaster, Santander, Pure Storage, Advance Auto Parts, Los Angeles Unified, QuoteWizard/LendingTree, and Neiman Marcus. On February 19, authorities took down LockBit"s infrastructure, which included 34 servers hosting the data leak website and its mirrors, data stolen from the victims, cryptocurrency addresses, decryption keys, and the affiliate panel. CDK Global provides clients in the auto industry with a SaaS platform that handles all aspects of a car dealership"s operation, including CRM, financing, payroll, support and service, inventory, and back-office operations.2024 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. Information-stealing malware campaigns are running rampant this year, used in many different campaigns to steal infected users" browser information, cookies, saved credentials, credit cards, and cryptocurrency wallets.Attacks on edge networking devices run rampant This year, we continued to see attacks targeting edge networking devices from various manufacturers, including Fortinet, TP-Link, Ivanti, and Cisco. Microsoft continued to delay its release while adding additional features, such as automatically filtering sensitive content, allowing users to exclude specific apps, websites, or in-private browsing sessions, and it can be removed if needed. "


The state of cybersecurity and IT talent shortages

government ciber
2024-12-31 https://www.helpnetsecurity.com/2024/12/31/cybersecurity-skills-gap-trends-2024/

This article highlights key findings and trends in the 2024 IT and cybersecurity skills gap, from the shortage of cybersecurity talent to the rising demand for certifications and upskilling programs, offering insights into the current state of skills development in the tech industry. Most women in IT work overtime to advance in their careers While 32% of respondents already think that men and women are treated equally in the workplace, 31% of women strongly believe … More

The post The state of cybersecurity and IT talent shortages appeared first on Help Net Security.

"

Autosummary: 95% of surveyed employees said their organization has a talent development program in place, but only 25% find it to be highly effective, with a lack of time (42%), learning formats (30%), and leadership support (26%) as their main obstacles. "


Hottest cybersecurity open-source tools of the month: December 2024

ciber
2024-12-31 https://www.helpnetsecurity.com/2024/12/31/hottest-cybersecurity-open-source-tools-of-the-month-december-2024/

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. SafeLine: Open-source web application firewall (WAF) SafeLine is an open-source and self-hosted Web Application Firewall (WAF) that protects websites from cyber attacks. Trapster Community: Open-source, low-interaction honeypot Trapster Community is an open-source, lightweight, low-interaction honeypot designed for deployment within internal networks. It enhances network security by creating a deceptive layer that monitors and detects suspicious activities. FuzzyAI: … More

The post Hottest cybersecurity open-source tools of the month: December 2024 appeared first on Help Net Security.

"

Autosummary: "


Massive healthcare breaches prompt US cybersecurity rules overhaul

ciber
2024-12-31 https://www.bleepingcomputer.com/news/security/massive-healthcare-breaches-prompt-us-cybersecurity-rules-overhaul/
The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to secure patients" health data following a surge in massive healthcare data leaks. [...] "

Autosummary: "


The sixth sense of cybersecurity: How AI spots threats before they strike

ciber
2024-12-30 https://www.helpnetsecurity.com/2024/12/30/vineet-chaku-reaktr-ai-ai-powered-cybersecurity/

In this Help Net Security interview, Vineet Chaku, President of Reaktr.ai, discusses how AI is transforming cybersecurity, particularly in anomaly detection and threat identification. Chaku talks about the skills cybersecurity professionals need to collaborate with AI systems and address the ethical concerns surrounding deployment.

The post The sixth sense of cybersecurity: How AI spots threats before they strike appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Vineet Chaku, President of Reaktr.ai, discusses how AI is transforming cybersecurity, particularly in anomaly detection and threat identification.AI systems need a lot of data to function, raising concerns about how that data is collected, stored, and used.We need to develop skills in areas like figuring out how threats might affect AI systems, understanding how to protect against attacks that target AI itself, and working with AI to develop stronger security strategies. "


Cybercriminals tighten their grip on organizations

ciber
2024-12-30 https://www.helpnetsecurity.com/2024/12/30/cybercrime-threat-2024/

Cybercriminals are using a variety of new methods to target organizations across industries. In this article, we examine the most pressing trends and findings from the 2024 surveys on the growing threat of cybercrime. Social engineering scams sweep through financial institutions North American financial institutions fielded 10 times more reports of social engineering scams in 2024 than they did a year ago. Account-opening fraud declined by nearly 60% in the last year, as banks implemented additional controls, … More

The post Cybercriminals tighten their grip on organizations appeared first on Help Net Security.

"

Autosummary: Fraudsters primarily used text messages (50%), fake websites (48%), social media (37%), hacking (31%), BEC scams (31%) and deepfakes (11%) to dupe organizations. Malware families such as Gafgyt (3.12%), Mirai (2.09%), and Bedevil (1.84%) appeared less often than in prior years, which may be a reflection of attempts to neutralize botnets from propagating. "


⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

ciber
2024-12-30 https://thehackernews.com/2024/12/thn-weekly-recap-top-cybersecurity_0611565081.html
Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it"s a hidden flaw in popular software or a clever new attack method, staying informed is key to protecting yourself and your organization. In this week"s update, we"ll cover the most important developments in "

Autosummary: The list includes — CVE-2024-56337 (Apache Tomcat), CVE-2024-45387 (Apache Traffic Control), CVE-2024-43441 (Apache HugeGraph-Server), CVE-2024-52046 (Apache MINA), CVE-2024-12856 (Four-Faith routers), CVE-2024-47547, CVE-2024-48874, and CVE-2024-52324 (Ruijie Networks) 📰 Around the Cyber World ScreenConnect Used to Deploy AsyncRAT — Microsoft has revealed that cybercriminals are leveraging tech support scams to deploy AsyncRAT through the remote monitoring and management (RMM) software ScreenConnect, the first time that ScreenConnect is used to deploy malware, instead of as a persistence or lateral movement tool."However, the fact that one of the previous CARR administrators, "MotherOfBears," has joined NoName057(16), the continuous forwarding of CARR posts, and previous statements, suggest that both groups seem to collaborate closely, which can also indicate a cooperation with Sandworm Team.""However, the fact that one of the previous CARR administrators, "MotherOfBears," has joined NoName057(16), the continuous forwarding of CARR posts, and previous statements, suggest that both groups seem to collaborate closely, which can also indicate a cooperation with Sandworm Team."At a larger scale, if an adversary is able to write Group Policy Objects (GPOs), then they would be able to distribute this policy throughout the domain and systematically stop most, if not all, security solutions on all endpoints in the domain, potentially allowing for the deployment of post-exploitation tooling and/or ransomware.A lesser number of victims have been recorded in Belarus, Canada, Moldova, Israel, Kyrgyzstan, Turkey, and Vietnam.A lesser number of victims have been recorded in Belarus, Canada, Moldova, Israel, Kyrgyzstan, Turkey, and Vietnam."In late-May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 BTC, worth $308 million at the time of the attack," authorities said."In late-May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 BTC, worth $308 million at the time of the attack," authorities said."The new Convention against Cybercrime will enable faster, better-coordinated, and more effective responses, making both digital and physical worlds safer," the UN said. "


Cybersecurity firm"s Chrome extension hijacked to steal users" data

ciber
2024-12-27 https://www.bleepingcomputer.com/news/security/cybersecurity-firms-chrome-extension-hijacked-to-steal-users-data/
At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users. [...] "

Autosummary: Among Cyberhaven"s customers are Snowflake, Motorola, Canon, Reddit, AmeriHealth, Cooley, IVP, Navan, DBS, Upstart, and Kirkland & Ellis. "


Cybersecurity spending trends and their impact on businesses

ciber
2024-12-26 https://www.helpnetsecurity.com/2024/12/26/cybersecurity-budget-insights-2024/

Managing cybersecurity and IT budgets is a critical element of organizational strategy. With increasing threats to data security, the rise of ransomware, and the need to protect IT infrastructure, organizations must invest wisely in cybersecurity to stay secure. This article shares key insights from cybersecurity budget surveys conducted in 2024. Despite massive security spending, 44% of CISOs fail to detect breaches Despite global information security spending projected to reach $215 billion in 2024, 44% of … More

The post Cybersecurity spending trends and their impact on businesses appeared first on Help Net Security.

"

Autosummary: The top three areas of investment for 2024 cybersecurity budgets are internal security assessments (60%), identity and access management (IAM) programs (58%) and the acquisition of additional cybersecurity tools (51%). "


Cybersecurity jobs available right now: December 24, 2024

ciber
2024-12-24 https://www.helpnetsecurity.com/2024/12/24/cybersecurity-jobs-available-right-now-december-24-2024/

Application Security DevOps engineer Twixor | India | On-site – View job details As an Application Security DevOps engineer, you will Implement and oversee application security measures to protect company’s software and infrastructure. Conduct regular security assessments and vulnerability testing. Develop and maintain secure coding practices and standards. Design, implement, and maintain secure CI/CD pipelines. Perform threat modeling and risk assessments. Application Security Engineer Webster Bank | USA | On-site – View job details As … More

The post Cybersecurity jobs available right now: December 24, 2024 appeared first on Help Net Security.

"

Autosummary: SOC Cyber Security Senior Analyst Honeywell | Romania | Hybrid – View job details As a SOC Cyber Security Senior Analyst, you will monitor SIEM, trouble tickets, email notifications, and in-person escalations, as well as logs from infrastructure components, applications, or network devices such as firewalls and IDS/IPS. Senior Cybersecurity Threat Intelligence Engineer Stratasys | Israel | On-site – View job details As a Senior Cybersecurity Threat Intelligence Engineer, you will lead proactive threat hunting initiatives to detect sophisticated cyber threats, attack vectors, and vulnerabilities across all environments (on-premises, cloud, hybrid). Threat Intelligence Analyst ASOS.com | United Kingdom | On-site – View job details As a Threat Intelligence Analyst, you will monitor and gather threat intelligence from an array of sources, including OSINT, dark web forums, industry feeds, and other relevant data sources. Head of Security Jade Software | New Zealand | On-site – View job details As a Head of Security, you will manage, maintain and continuously improve company-wide security risk management, compliance, and operational security processes. "


What open source means for cybersecurity

ciber
2024-12-23 https://www.helpnetsecurity.com/2024/12/23/open-source-security-2024-reports/

With outdated and inadequately maintained components, along with insecure dependencies, the open-source ecosystem presents numerous risks that could expose organizations to threats. In this article, you will find excerpts from 2024 open-source security reports that can help your organization strengthen its software security practices. 70% of open-source components are poorly or no longer maintained Regardless of geographic origin, the average mid-size application has several disturbing trends leading to critical vulnerabilities. Open-source contributes 2 to 9 times … More

The post What open source means for cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Top 10 Cybersecurity Trends to Expect in 2025

ciber
2024-12-23 https://thehackernews.com/2024/12/top-10-cybersecurity-trends-to-expect.html
The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with protecting sensitive information for their customers while continuing to provide seamless and easy user experiences. Here’s a closer look at ten emerging challenges and threats set to shape the "

Autosummary: Meanwhile, attackers create bots that behave like real users by mimicking human actions such as typing, clicking, or scrolling, making them difficult to detect using standard security methods. AI-driven attacks, such as deepfake impersonations and convincing phishing scams, are also likely to become more prevalent, making insider threats harder to detect.For example, in a recent attack on Ford, attackers exploited the company"s supply chain to insert malicious code into Ford"s systems, creating a backdoor that the attackers could use to expose sensitive customer data.These systems take into account user behavior, location, and device type to make intelligent, risk-based decisions about access control.The threat of insider attacks Insider threats are expected to intensify in 2025 due to the continued rise of remote work, AI-powered social engineering, and evolving data privacy concerns. "


⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

ciber
2024-12-23 https://thehackernews.com/2024/12/thn-weekly-recap-top-cybersecurity.html
The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up. Hackers are using everyday tools in harmful ways, hiding spyware in trusted apps, and finding new ways to take advantage of old security gaps. "

Autosummary: The list includes — CVE-2024-12727, CVE-2024-12728, CVE-2024-12729 (Sophos Firewall), CVE-2023-48788 (Fortinet FortiClient EMS), CVE-2023-34990, (Fortinet FortiWLM), CVE-2024-12356 (BeyondTrust Privileged Remote Access and Remote Support), CVE-2024-6386 (WPML plugin), CVE-2024-49576, CVE-2024-47810 (Foxit Software), CVE-2024-49775 (Siemens Opcenter Execution Foundation), CVE-2024-12371, CVE-2024-12372, CVE-2024-12373 (Rockwell Automation PowerMonitor 1000), CVE-2024-52875 (GFI KerioControl), CVE-2024-56145 (Craft CMS), CVE-2024-56050, CVE-2024-56052, CVE-2024-56054, CVE-2024-56057 (VibeThemes WPLMS), CVE-2024-12626 (AutomatorWP plugin), CVE-2024-11349 (AdForest theme), CVE-2024-51466 (IBM Cognos Analytics), CVE-2024-10244 (ISDO Software Web Software), CVE-2024-4995 (Wapro ERP Desktop), CVE-2024-10205 (Hitachi Ops Center Analyzer), and CVE-2024-46873 (Sharp router) 📰 Around the Cyber World Recorded Future Gets Labeled "Undesirable" in Russia — Russian authorities have tagged U.S. threat intelligence firm Recorded Future as an "undesirable" organization, accusing it of participating in propaganda campaigns and cyberattacks against Moscow."These tools enable capabilities such as keystroke logging, data exfiltration, security bypasses, and covert system control, suggesting that the campaign is part of a potentially prolonged espionage effort," Rapid7 said, describing it as an advanced and targeted threat."These tools enable capabilities such as keystroke logging, data exfiltration, security bypasses, and covert system control, suggesting that the campaign is part of a potentially prolonged espionage effort," Rapid7 said, describing it as an advanced and targeted threat.Some of the most impacted verticals included manufacturing, industrial control systems (ICS) equipment and engineering, transportation, communications, oil and gas, electric, and government.Some of the most impacted verticals included manufacturing, industrial control systems (ICS) equipment and engineering, transportation, communications, oil and gas, electric, and government.The group, first documented by Kaspersky back in early 2014, infected the company with malware such as FakeHMP, Careto2, and Goreto that are designed to harvest files, keystrokes, and screenshots; run shell commands; and deploy more malware.The group, first documented by Kaspersky back in early 2014, infected the company with malware such as FakeHMP, Careto2, and Goreto that are designed to harvest files, keystrokes, and screenshots; run shell commands; and deploy more malware. ⚡ Threat of the Week LockBit Developer Rostislav Panev Charged in the U.S. — Rostislav Panev, a 51-year-old dual Russian and Israeli national, has been charged in the U.S. for allegedly acting as the developer of the now-disrupted LockBit ransomware-as-a-service (RaaS) operation, netting about $230,000 between June 2022 and February 2024.HeartCrypt Packer-as-a-Service Operation Exposed — A new packer-as-a-service (PaaS) called HeartCrypt has been advertised for sale on Telegram and underground forums since February 2024 to protect malware such as Remcos RAT, XWorm, Lumma Stealer, and Rhadamanthys.This being one," Recorded Future"s chief executive, Christopher Ahlberg, wrote on X. Russian authorities have tagged U.S. threat intelligence firm Recorded Future as an "undesirable" organization, accusing it of participating in propaganda campaigns and cyberattacks against Moscow."In HeartCrypt"s PaaS model, customers submit their malware via Telegram or other private messaging services, where the operator then packs and returns it as a new binary," Palo Alto Networks Unit 42 said, adding it identified over 300 distinct legitimate binaries that were used to inject the malicious payload. "


AI is becoming the weapon of choice for cybercriminals

ciber
2024-12-20 https://www.helpnetsecurity.com/2024/12/20/ai-technologies-challenges-2024/

AI changes how organizations look at cybersecurity GenAI is compromising security while promising efficiency This article highlights key findings from 2024 reports on AI and GenAI technologies, focusing on their potential and major challenges. Overreliance on GenAI to develop software compromises security 96% of security and software development professionals report that their companies use GenAI-based solutions for building or delivering applications. Among these respondents, 79% report that all or most of their development teams regularly … More

The post AI is becoming the weapon of choice for cybercriminals appeared first on Help Net Security.

"

Autosummary: As today’s risks are increasingly driven by AI and GenAI, the way employees work, and the proliferation of cloud applications, respondents state they need more visibility into source code sent to repositories (88%), files sent to personal cloud accounts (87%), and customer relationship management (CRM) system data downloads (90%). 92% of security pros have security concerns around generative AI, with specific apprehensions including employees entering sensitive company data into an AI tool (48%), using AI systems trained with incorrect or malicious data (44%), and falling for AI-enhanced phishing attempts (42%).Nearly half of respondents describe their risk tolerance towards AI as very high (17%) or high (29%), while only 12% report a low (9%) or very low (3%) AI risk tolerance. "


Why cybersecurity is critical to energy modernization

industry ciber
2024-12-20 https://www.helpnetsecurity.com/2024/12/20/anjos-nijk-encs-energy-grid-cybersecurity/

In this Help Net Security interview, Anjos Nijk, Managing Director of the European Network for Cyber security (ENCS), discusses cybersecurity in the energy sector as it modernizes with renewable sources and smart grid technologies. Nijk also addresses the need for international collaboration, the impact of IoT on security, and the emerging technologies that can enhance the resilience and reliability of critical energy infrastructure. As the energy sector undergoes significant modernization, particularly with the integration of … More

The post Why cybersecurity is critical to energy modernization appeared first on Help Net Security.

"

Autosummary: So, we need to implement technology to maintain control, but also need to create the conditions for residential users, operators and integrators to securely install, operate and maintain their infrastructure. However, connected infrastructures, such as renewables and EV charging networks, fall outside the direct control of grid operators, and can also cause blackouts in the grid.In this Help Net Security interview, Anjos Nijk, Managing Director of the European Network for Cyber security (ENCS), discusses cybersecurity in the energy sector as it modernizes with renewable sources and smart grid technologies. "


Leadership skills for managing cybersecurity during digital transformation

ciber
2024-12-19 https://www.helpnetsecurity.com/2024/12/19/dan-lohrmann-presidio-digital-transformation-risks/

In this Help Net Security interview, Dan Lohrmann, CISO at Presidio, discusses the need for organizations to rethink their leadership and operational strategies and the cybersecurity risks they have to deal with during digital transformation.

The post Leadership skills for managing cybersecurity during digital transformation appeared first on Help Net Security.

"

Autosummary: Ensure that repeatable cybersecurity processes are implemented, including updates to areas such as access controls, incident response plans, backup and recovery, vulnerability management, end-to-end change management and other aspects of operational security.In this Help Net Security interview, Dan Lohrmann, CISO at Presidio, discusses the need for organizations to rethink their leadership and operational strategies and the cybersecurity risks they have to deal with during digital transformation.This positive change can lead to greater empowerment, as employees gain access to real-time data, (AI tools, and automated systems that help them make decisions and improve their productivity). "


US considers banning TP-Link routers over cybersecurity concerns

ciber
2024-12-19 https://securityaffairs.com/172128/uncategorized/us-considers-banning-tp-link-routers.html
The U.S. government may ban TP-Link routers in 2025 if investigations confirm their use could pose a national security risk. The U.S. government is investigating whether TP-Link routers, linked to cyberattacks, pose a national security risk, the Wall Street Journal reported. According to the WSJ, the U.S. government is considering banning TP-Link routers starting in […] "

Autosummary: Active since 2021, Storm-0940 gains access through password spraying, brute-force attacks, and exploiting network edge services, targeting sectors like government, law, defense, and NGOs in North America and Europe.The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities. "


Consumers wrongly attribute all data breaches to cybercriminals

financial ciber
2024-12-18 https://www.helpnetsecurity.com/2024/12/18/data-breach-consumers-trust/

Breaches in 2024 had less impact on consumers’ trust in brands compared to the previous year (a 6.5% decrease from 62% in 2023 to 58% in 2024), according to a recent Vercara report. Most consumers also remain unaware of the role they may play in cyber incidents. Consumers don’t trust companies hit by data breaches The research reveals that consumers are unaware of the impact of insider threats, and instead assume bad actors are to … More

The post Consumers wrongly attribute all data breaches to cybercriminals appeared first on Help Net Security.

"

Autosummary: Survey respondents believe that the top four causes of breaches are: Bad actors hacking into a company’s system – 36% (with 67% of Generation Z holding this belief) A company having extremely poor security measures – 33% Bad actors breaking into physical offices – 8% Insider threats – 5% While insider threats ranked last on this list, in reality, human error is the cause of most sensitive data loss. "


US considers banning TP-Link routers over cybersecurity risks

ciber
2024-12-18 https://www.bleepingcomputer.com/news/security/us-considers-banning-tp-link-routers-over-cybersecurity-risks/
The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. [...] "

Autosummary: " In November 2022, the FCC also banned sales of communications equipment made by five other Chinese companies (i.e., Huawei Technologies, ZTE Corporation, Hytera Communications, Hangzhou Hikvision Digital Technology, and Dahua Technology) due to "unacceptable risks to national security. "


Cybersecurity jobs available right now: December 17, 2024

ciber
2024-12-17 https://www.helpnetsecurity.com/2024/12/17/cybersecurity-jobs-available-right-now-december-17-2024/

CISO ONE Security | Israel | Hybrid – View job details As a CISO, you will be responsible for overseeing information security, cybersecurity, application security, and business continuity strategies. The role involves implementing and managing security measures and collaborating with internal teams to ensure data protection and compliance. Cloud Security Engineer KUBRA | Canada | Hybrid – View job details As a Cloud Security Engineer, you will perform security assessments of KUBRA systems, applications, and … More

The post Cybersecurity jobs available right now: December 17, 2024 appeared first on Help Net Security.

"

Autosummary: Senior Security Engineer, Offensive Security VXI Global Solutions | USA | Hybrid – View job details As a Senior Security Engineer, Offensive Security, you will independently manage complete red team exercises,research emerging attack vectors, vulnerabilities and techniques, develop custom payloads and exploits. Manager | Cyber | Cyber Defense & Resilience Deloitte | UAE | On-site – View job details As a Manager | Cyber | Cyber Defense & Resilience, you will conduct security assessments, threat modelling, and risk analysis to identify potential security gaps and recommend solutions. Senior Security Architect – Compliance Team TELUS | Canada | On-site – View job details As a Senior Security Architect – Compliance Team, you will help identify, implement, maintain and update critical security controls to strengthen overall security posture for RFP programs. "


Overlooking platform security weakens long-term cybersecurity posture

ciber
2024-12-16 https://www.helpnetsecurity.com/2024/12/16/platform-security-concerns/

Platform security – securing the hardware and firmware of PCs, laptops and printers – is often overlooked, weakening cybersecurity posture for years to come, according to HP. The report, based on a global study of 800+ IT and security decision-makers (ITSDMs) and 6000+ work-from-anywhere (WFA) employees, shows that platform security is a growing concern with 81% of ITSDMs agreeing that hardware and firmware security must become a priority to ensure attackers cannot exploit vulnerable devices. … More

The post Overlooking platform security weakens long-term cybersecurity posture appeared first on Help Net Security.

"

Autosummary: The prioritization, or lack thereof, of hardware and firmware security requirements during procurement can have ramifications across the entire lifetime of a fleet of devices – from increased risk exposure, to driving up costs or negative user experience – if security and manageability requirements are set too low compared to the available state of the art,” warns Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Inc. “It’s essential that end-user device infrastructures become resilient to cyber risks. The report, based on a global study of 800+ IT and security decision-makers (ITSDMs) and 6000+ work-from-anywhere (WFA) employees, shows that platform security is a growing concern with 81% of ITSDMs agreeing that hardware and firmware security must become a priority to ensure attackers cannot exploit vulnerable devices. Five stages of the device lifecycle Supplier selection – In addition, 34% say a PC, laptop or printer supplier has failed a cybersecurity audit in the last five years, with 18% saying the failure was so serious that they terminated their contract. "


⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

ciber
2024-12-16 https://thehackernews.com/2024/12/thn-recap-top-cybersecurity-threats_16.html
This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there’s a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small. Meanwhile, law enforcement has scored wins "

Autosummary: The list includes — CVE-2024-11639 (Ivanti CSA), CVE-2024-49138 (Windows CLFS Driver), CVE-2024-44131 (Apple macOS), CVE-2024-54143 (OpenWrt), CVE-2024-11972 (Hunk Companion plugin), CVE-2024-11205 (WPForms), CVE-2024-12254 (Python), CVE-2024-53677 (Apache Struts), CVE-2024-23474 (SolarWinds Access Rights Manager), CVE-2024-43153, CVE-2024-43234 (Woffice theme), CVE-2024-43222 (Sweet Date theme), JS Help Desk (JS Help Desk plugin), CVE-2024-54292 (Appsplate plugin), CVE-2024-47578 (Adobe Document Service), CVE-2024-54032 (Adobe Connect), CVE-2024-53552 (CrushFTP), CVE-2024-55884 (Mullvad VPN), and CVE-2024-28025, CVE-2024-28026, CVE-2024-28027, CVE-2024-21786 (MC Technologies MC-LR Router), CVE-2024-21855, CVE-2024-28892, and CVE-2024-29224 (GoCast).IOCONTROL has been used to attack IoT and SCADA devices of various types including IP cameras, routers, PLCs, HMIs, firewalls, and more from different vendors such as Baicells, D-Link, Hikvision, Red Lion, Orpak, Phoenix Contact, Teltonika, and Unitronics.IOCONTROL has been used to attack IoT and SCADA devices of various types including IP cameras, routers, PLCs, HMIs, firewalls, and more from different vendors such as Baicells, D-Link, Hikvision, Red Lion, Orpak, Phoenix Contact, Teltonika, and Unitronics. — Academic researchers from KU Leuven, the University of Lübeck, and the University of Birmingham have devised a new technique called (CVE-2024-21944, CVSS score: 5.3) that employs $10 off-the-shelf equipment combining Raspberry Pi Pico, a DDR Socket, and a 9V source to breach AMD"s Secure Encrypted Virtualization (SEV) guarantees.BadRAM Relies on $10 Equipment to Break AMD Security — Academic researchers from KU Leuven, the University of Lübeck, and the University of Birmingham have devised a new technique called BadRAM (CVE-2024-21944, CVSS score: 5.3) that employs $10 off-the-shelf equipment combining Raspberry Pi Pico, a DDR Socket, and a 9V source to breach AMD"s Secure Encrypted Virtualization (SEV) guarantees."These attacks are characterized by a sudden and significant increase in authentication attempts and failures, which trigger alerts across monitoring systems, including Gateway Insights and Active Directory logs," the company said, adding they could result in excessive logging, management CPU overload, and appliance instability."These attacks are characterized by a sudden and significant increase in authentication attempts and failures, which trigger alerts across monitoring systems, including Gateway Insights and Active Directory logs," the company said, adding they could result in excessive logging, management CPU overload, and appliance instability."BadRAM completely undermines trust in AMD"s latest Secure Encrypted Virtualization (SEV-SNP) technology, which is widely deployed by major cloud providers, including Amazon AWS, Google Cloud, and Microsoft Azure," security researcher Jo Van Bulck told The Hacker News. "


Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list

exploits ciber
2024-12-15 https://www.helpnetsecurity.com/2024/12/15/week-in-review-microsoft-fixes-exploited-0-day-top-cybersecurity-books-for-your-holiday-gift-list/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes exploited zero-day (CVE-2024-49138) On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code with higher privileges. Top cybersecurity books for your holiday gift list The holiday season is approaching, and with it, the tradition of gift-giving. For professionals … More

The post Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list appeared first on Help Net Security.

"

Autosummary: New infosec products of the week: December 13, 2024 Here’s a look at the most interesting products from the past week, featuring releases from Cato Networks, Horizon3.ai, SecureAuth, Stamus Networks, Trellix, and Versa Networks. Strengthening security posture with comprehensive cybersecurity assessments In this Help Net Security interview, Phani Dasari, CISO at HGS, discusses key aspects of cybersecurity assessments, including effective tools and methodologies, the role of AI and automation, and strategies for aligning assessments with organizational needs. "


Auto parts giant LKQ says cyberattack disrupted Canadian business unit

ciber
2024-12-13 https://www.bleepingcomputer.com/news/security/auto-parts-giant-lkq-says-cyberattack-disrupted-canadian-business-unit/
Automobile parts giant LKQ Corporation disclosed that one of its business units in Canada was hacked, allowing threat actors to steal data from the company. [...] "

Autosummary: "


Krispy Kreme cybersecurity incident disrupts online ordering

ciber
2024-12-12 https://www.helpnetsecurity.com/2024/12/12/krispy-kreme-cybersecurity-incident-disrupts-online-ordering/

Popular US doughnut chain Krispy Kreme has been having trouble with its online ordering system as well as digital payments at their brick-and-mortar shops since late November, and now we finally know why: an 8-K report filed with the US Securities and Exchange Commission (SEC) has revealed that the company has suffered a “cybersecurity incident”. The company was notified about unauthorized activity on a portion of its information technology systems on November 29, 2024, and … More

The post Krispy Kreme cybersecurity incident disrupts online ordering appeared first on Help Net Security.

"

Autosummary: "


Lynx ransomware behind Electrica energy supplier cyberattack

exploits ransomware industry ciber
2024-12-11 https://www.bleepingcomputer.com/news/security/lynx-ransomware-behind-electrica-energy-supplier-cyberattack/
​The Romanian National Cybersecurity Directorate (DNSC) says the Lynx ransomware gang breached Electrica Group, one of the largest electricity suppliers in the country. [...] "

Autosummary: INC vs Lynx ransomware string comparison (BleepingComputer) Since it emerged as a ransomware-as-a-service (RaaS) operation in July 2023, INC Ransom has also breached many education, healthcare, government, and industrial entities, including Yamaha Motor Philippines, Scotland"s National Health Service (NHS), and the U.S. division of Xerox Business Solutions (XBS). "


Krispy Kreme cyberattack impacts online orders and operations

ciber
2024-12-11 https://www.bleepingcomputer.com/news/security/krispy-kreme-cyberattack-impacts-online-orders-and-operations/
US doughnut chain Krispy Kreme suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. [...] "

Autosummary: "On November 29, 2024, Krispy Kreme, Inc. was notified regarding unauthorized activity on a portion of its information technology systems," reads the filing. "


Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

financial ciber
2024-12-11 https://securityaffairs.com/171859/cyber-crime/smishing-triad-cybercriminals-impersonate-dubai-police.html
Resecurity uncovered a large-scale fraud campaign in the UAE where scammers impersonate law enforcement to target consumers. Resecurity has identified a wide-scale fraudulent campaign targeting consumers in the UAE by impersonating law enforcement. Victims are asked to pay non-existent fines online (traffic tickets, parking violations, driving license renewals) following multiple phone calls made on behalf […] "

Autosummary: Previously, Resecurity described multiple episodes of Smishing Triad activity targeting online banking, e-commerce and payment systems customers in other geographies including USA, EU, UK, Pakistan, India, UAE and KSA. According to a recent Strategic Analysis Report released by the UAE Financial Intelligence Unit (UAEFIU), fraud, particularly in the UAE, remains a major risk, contributing to money laundering activities, with an estimated financial loss of AED 1.2 billion (equal to USD 326 million) between 2021 and 2023. "


Strengthening security posture with comprehensive cybersecurity assessments

ciber
2024-12-10 https://www.helpnetsecurity.com/2024/12/10/phani-dasari-hgs-cybersecurity-assessments/

In this Help Net Security interview, Phani Dasari, CISO at HGS, discusses key aspects of cybersecurity assessments, including effective tools and methodologies, the role of AI and automation, and strategies for aligning assessments with organizational needs.

The post Strengthening security posture with comprehensive cybersecurity assessments appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Phani Dasari, CISO at HGS, discusses key aspects of cybersecurity assessments, including effective tools and methodologies, the role of AI and automation, and strategies for aligning assessments with organizational needs.Framework-based assessments, such as those using NIST CSF, ISO 27001, or HIPAA, offer structured methodologies for comprehensive risk management and compliance. "


Cybersecurity jobs available right now: December 10, 2024

ciber
2024-12-10 https://www.helpnetsecurity.com/2024/12/10/cybersecurity-jobs-available-right-now-december-10-2024/

Cloud Security Engineer Sendbird | USA | Hybrid – View job details As a Cloud Security Engineer, you will work with engineering teams to build secure infrastructure at scale, secure multi-account and multi-cloud infrastructure for Sendbird, own CSPM and cloud security tooling while building automations, embed security tools into the CI/CD system for IaC scanning, identify security gaps and develop solutions, and research and identify new attacks targeting Sendbird’s products. Cyber Network Analyst Cynerio | … More

The post Cybersecurity jobs available right now: December 10, 2024 appeared first on Help Net Security.

"

Autosummary: Perform tests and assessments in the cloud, including but not limited to AWS, Azure, GCP, etc. Specialist, Network Security M42 Health | UAE | On-site – View job details As a Specialist, Network Security, you will design, implement, and maintain enterprise network-security infrastructure and multi-cloud platforms, including firewalls, wireless systems, and load balancers. DevOps Security Engineer with DLP Sensation Business Consulting | Canada | On-site – View job details As a DevOps Security Engineer with DLP, you will automate on-prem infrastructure processes to implement and enhance DLP controls, improve DevOps practices within the squad by leveraging Infrastructure as Code, test automation, and CI/CD, and manage a global DLP security infrastructure while working with various security products such as Symantec DLP, Splunk, Microsoft Information Protection, and Netskope. Network Security Specialist TYH Investment | India | Hybrid – View job details As a Network Security Specialist, you will configure, manage, and maintain various firewalls and security solutions, including but not limited to F5, Cisco, Palo Alto, Check Point, and other platforms. "


US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks

exploits ransomware ciber
2024-12-10 https://www.helpnetsecurity.com/2024/12/10/us-sanctions-sichuan-silence-guan-tianfeng/

The Department of the Treasury is sanctioning Chinese cybersecurity company Sichuan Silence, and one of its employees, Guan Tianfeng, for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide. Many of the victims were U.S. critical infrastructure companies. The Department of Justice unsealed an indictment on Guan for the same activity. The U.S. Department of State also announced a Rewards for Justice reward offer of up to $10 million for … More

The post US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks appeared first on Help Net Security.

"

Autosummary: OFAC is designating Sichuan Silence and Guan pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, for being responsible for or complicit in, or having engaged in, directly or indirectly cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that have the purpose or effect of harming, or otherwise significantly compromising the provision of services by, a computer or network of computers that support one or more entities in a critical infrastructure sector. "


Top cybersecurity books for your holiday gift list

ciber
2024-12-09 https://www.helpnetsecurity.com/2024/12/09/cybersecurity-books-gift-ideas/

The holiday season is approaching, and with it, the tradition of gift-giving. For professionals and enthusiasts alike, a well-chosen book can provide both knowledge and inspiration. To help with ideas on what to give, we’ve compiled a list of cybersecurity books to consider. Security Yearbook 2024: A History and Directory of the IT Security Industry Author: Richard Stiennon In the book, you’ll find a comprehensive directory of cybersecurity vendors, updated for 2024, complete with headquarters … More

The post Top cybersecurity books for your holiday gift list appeared first on Help Net Security.

"

Autosummary: Author: Richard Stiennon In the book, you’ll find a comprehensive directory of cybersecurity vendors, updated for 2024, complete with headquarters location, category, sub-category, number of employees, and growth trends. "


What makes for a fulfilled cybersecurity career

ciber
2024-12-09 https://www.helpnetsecurity.com/2024/12/09/fulfilled-cybersecurity-career-insight-video/

In this Help Net Security video, Richard Hummel, NETSCOUT’s Director of Threat Intelligence, talks about his journey into cybersecurity and offers insight for those that are interested in pursuing it as a career.

The post What makes for a fulfilled cybersecurity career appeared first on Help Net Security.

"

Autosummary: "


⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8)

ciber
2024-12-09 https://thehackernews.com/2024/12/thn-recap-top-cybersecurity-threats_9.html
This week’s cyber world is like a big spy movie. Hackers are breaking into other hackers’ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to "

Autosummary: The list includes — CVE-2024-41713 (Mitel MiCollab), CVE-2024-51378 (CyberPanel), CVE-2023-45727 (Proself), CVE-2024-11680 (ProjectSend), CVE-2024-11667 (Zyxel), CVE-2024-42448 (Veeam), CVE-2024-10905 (SailPoint IdentityIQ), CVE-2024-5921 (Palo Alto Networks GlobalProtect), CVE-2024-29014 (SonicWall), CVE-2014-2120 (Cisco Adaptive Security Appliance), CVE-2024-20397 (Cisco NX-OS), CVE-2024-52338 (Apache Arrow), CVE-2024-52316 (Apache Tomcat), CVE-2024-49803, CVE-2024-49805 (IBM Security Verify Access Appliance), CVE-2024-12053 (Google Chrome), CVE-2024-38193 (Microsoft Windows), and CVE-2024-12209 (WP Umbrella: Update Backup Restore & Monitoring plugin).Salt Typhoon Guidance Issued — Australia, Canada, New Zealand, and the U.S. issued a joint guidance for organizations to safeguard their networks against threats posed by Salt Typhoon, which has been recently linked to a spate of cyber attacks directed against telecommunication companies in the U.S., including AT&T, T-Mobile, and Verizon. Australia, Canada, New Zealand, and the U.S. issued a joint guidance for organizations to safeguard their networks against threats posed by Salt Typhoon, which has been recently linked to a spate of cyber attacks directed against telecommunication companies in the U.S., including AT&T, T-Mobile, and Verizon.A majority of the campaigns distributing the malware have targeted users in Austria, Belgium, France, Italy, Portugal, Spain, Turkey, and the United Kingdom.A majority of the campaigns distributing the malware have targeted users in Austria, Belgium, France, Italy, Portugal, Spain, Turkey, and the United Kingdom."Criminals use AI-generated text to appear believable to a reader in furtherance of social engineering, spear-phishing, and financial fraud schemes such as romance, investment, and other confidence schemes or to overcome common indicators of fraud schemes," the FBI said."Criminals use AI-generated text to appear believable to a reader in furtherance of social engineering, spear-phishing, and financial fraud schemes such as romance, investment, and other confidence schemes or to overcome common indicators of fraud schemes," the FBI said."Once Ogletree had access to the victim companies" networks, Ogletree accessed and stole confidential data, including data that was later posted for sale on the dark web, and, at times, used the companies" services to facilitate the theft of cryptocurrency from unwitting victims. "


Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers

ciber
2024-12-05 https://thehackernews.com/2024/12/researchers-uncover-4-month-cyberattack.html
A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn"t rule out the possibility that the intrusion may have occurred earlier. "The attackers moved laterally "

Autosummary: Besides using DLL side-loading to execute malicious payloads, the attack entails the use of open-source tools like FileZilla, Impacket, and PSCP, while also employing living-off-the-land (LotL) programs like Windows Management Instrumentation (WMI), PsExec, and PowerShell. "


Americans urged to use encrypted messaging after large, ongoing cyberattack

ciber
2024-12-05 https://www.malwarebytes.com/blog/news/2024/12/americans-urged-to-use-encrypted-messaging-after-large-ongoing-cyberattack
US telecom providers have been infiltrated to a worrying level by an APT group. The advice is to use encrypted messaging. "

Autosummary: The FBI official added: “People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant multi-factor authentication for email, social media, and collaboration tool accounts.” "


Romania"s election systems targeted in over 85,000 cyberattacks

ciber
2024-12-05 https://www.bleepingcomputer.com/news/security/romanias-election-systems-targeted-in-over-85-000-cyberattacks/
A declassified report from Romania"s Intelligence Service says that the country"s election infrastructure was targeted by more than 85,000 cyberattacks. [...] "

Autosummary: Following this incident, account credentials for Romanian election sites, including bec.ro (Central Election Bureau), roaep.ro, and registrulelectoral.ro (voter registration), were leaked on a Russian cybercrime forum. "


65% of office workers bypass cybersecurity to boost productivity

ciber
2024-12-04 https://www.helpnetsecurity.com/2024/12/04/employees-privileged-access-security-risk/

High-risk access exists throughout the workplace, in almost every job role, proving that the time has come for organizations to re-think the way they protect their workforce, according to CyberArk. CyberArk surveyed 14,003 employees in the UK, USA, France, Germany, Australia and Singapore to uncover workforce behaviors that security teams are most keen to put a stop to. Employees depend on privileged access to complete daily tasks These days, almost all employees have some kind … More

The post 65% of office workers bypass cybersecurity to boost productivity appeared first on Help Net Security.

"

Autosummary: CyberArk found that all employees surveyed access work applications and services from their corporate device, including access communications and collaboration tools e.g. Teams, Slack, Outlook (52%), IT admin and management tools (41%) and customer-facing apps (34%). "


Six password takeaways from the updated NIST cybersecurity framework

ciber
2024-12-04 https://www.bleepingcomputer.com/news/security/six-password-takeaways-from-the-updated-nist-cybersecurity-framework/
Updated NIST guidelines reject outdated password security practices in favor of more effective protections. Learn from Specops Software about 6 takeaways from NIST"s new guidance that help create strong password policies. [...] "

Autosummary: For example, users often: Start their passwords with a capital letter (e.g., welcome456 becomes Welcome456) End their passwords with a number or symbol (e.g., Welcome456, Welcome2024!!)Password length > password complexity For years, organizations have created password policies that follow a rigid formula — requiring users to include upper and lowercase letters, numbers, and symbols — to create passwords that are difficult to crack.Instead of asking users to come up with a random, difficult-to-remember combination of letters, numbers, and symbols, urge them to create longer passwords or passphrases that will be easy to recall but harder for hackers to guess. "


Treat AI like a human: Redefining cybersecurity

ciber
2024-12-03 https://www.helpnetsecurity.com/2024/12/03/doug-kersten-appfire-ai-oversight/

In this Help Net Security interview, Doug Kersten, CISO of Appfire, explains how treating AI like a human can change the way cybersecurity professionals use AI tools. He discusses how this shift encourages a more collaborative approach while acknowledging AI’s limitations. Kersten also discusses the need for strong oversight and accountability to ensure AI aligns with business goals and remains secure. Treating AI like a human can accelerate its development. Could you elaborate on how … More

The post Treat AI like a human: Redefining cybersecurity appeared first on Help Net Security.

"

Autosummary: Like humans, AI, while powerful, is not infallible—it can make mistakes, propagate biases, or produce outputs that don’t align with organizational goals. While AI can provide valuable insights and automate critical functions, humans—across technical, security, legal, and leadership teams—must ensure that accountability is upheld when mistakes occur.AI models are only as good as the data they consume, and if that data is incomplete, biased, or outdated, the outputs may be flawed.Security leaders, legal teams, and compliance officers must collaborate to create governance structures that ensure proper accountability for AI-driven decisions, especially in sensitive areas like cybersecurity. "


Cybersecurity jobs available right now: December 3, 2024

ciber
2024-12-03 https://www.helpnetsecurity.com/2024/12/03/cybersecurity-jobs-available-right-now-december-3-2024/

Application Security Engineer TE Connectivity | USA | Remote – View job details As an Application Security Engineer, you will design, develop, and implement a robust Application Security program. Create and maintain application security policies, standards, and procedures. Participate in the incident response process, focusing on application-related security incidents. Investigate and analyze security breaches and provide actionable recommendations to prevent recurrence. Cryptography engineer Leonar | France | On-site – View job details As a Cryptography … More

The post Cybersecurity jobs available right now: December 3, 2024 appeared first on Help Net Security.

"

Autosummary: Cyber Defense Specialist MSC Cruises | Italy | On-site – View job details As a Cyber Defense Specialist, you will operate and optimize security tooling/products, including security email gateway, firewall, IDS/IPS, web security gateway, emergency detect and response, logging and auditing, event and incident management, privileged access management and authentication. Offensive Security Engineer Cyberbit | Israel | On-site – View job details As an Offensive Security Engineer, you will design, build, and implement red team labs, vulnerable websites, CTF challenges, and exercises tailored for varying skill levels, covering offensive security concepts, AWS-based infrastructure, and Docker deployments. Manager, Threat Detection & Penetration Testing Stripe | USA | Remote – View job details As a Manager, Threat Detection & Penetration Testing, you will lead, mentor, and support a team of threat analysts and penetration testers in detecting, analyzing, and mitigating security threats. Cyber Analyst, Digital Forensics Incident Response At-Bay | USA | Remote – View job details As a Cyber Analyst, Digital Forensics Incident Response, you will investigate cyber incidents, analyze evidence, and assist in recovery efforts, including threat actor negotiations. "


Whitepaper: 9 traits of effective cybersecurity leaders of tomorrow

ciber
2024-12-03 https://www.helpnetsecurity.com/2024/12/03/isc2-security-leaders-traits-whitepaper/

The cyber world needs your expertise. However, the security leaders of tomorrow require a broad set of skills that job experience alone does not arm you with. What do organizations demand? And how can you acquire the technical and soft skills that drive business prosperity? Download the whitepaper to: Overcome cybersecurity challenges putting enterprise success at risk Make a positive and lasting impact Explore the 9 key characteristics of effective leaders in the field Fill … More

The post Whitepaper: 9 traits of effective cybersecurity leaders of tomorrow appeared first on Help Net Security.

"

Autosummary: "


A Guide to Securing AI App Development: Join This Cybersecurity Webinar

ciber
2024-12-02 https://thehackernews.com/2024/12/a-guide-to-securing-ai-app-development.html
Artificial Intelligence (AI) is no longer a far-off dream—it’s here, changing the way we live. From ordering coffee to diagnosing diseases, it’s everywhere. But while you’re creating the next big AI-powered app, hackers are already figuring out ways to break it. Every AI app is an opportunity—and a potential risk. The stakes are huge: data leaks, downtime, and even safety threats if security "

Autosummary: Titled "Building Tomorrow, Securely: Securing the Use of AI in App Development," this session will arm you with the knowledge and tools to tackle the challenges of AI-powered innovation. "


THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1)

ciber
2024-12-02 https://thehackernews.com/2024/12/thn-recap-top-cybersecurity-threats.html
Ever wonder what happens in the digital world every time you blink? Here"s something wild - hackers launch about 2,200 attacks every single day, which means someone"s trying to break into a system somewhere every 39 seconds. And get this - while we"re all worried about regular hackers, there are now AI systems out there that can craft phishing emails so convincingly, that even cybersecurity "

Autosummary: The list includes:: CVE-2024-11680 (ProjectSend), CVE-2023-28461 (Array Networks AG and vxAG), CVE-2024-10542, CVE-2024-10781 (Spam protection, Anti-Spam, and FireWall plugin), CVE-2024-49035 (Microsoft Partner Center), CVE-2024-49806, CVE-2024-49803, CVE-2024-49805 (IBM Security Verify Access Appliance), CVE-2024-50357 (FutureNet NXR routers), CVE-2024-52338 (Apache Arrow R package), CVE-2024-52490 (Pathomation), CVE-2024-8672 (Widget Options – The #1 WordPress Widget & Block Control plugin), CVE-2024-11103 (Contest Gallery plugin), CVE-2024-42327 (Zabbix), and CVE-2024-53676 (Hewlett Packard Enterprise Insight Remote Support).Since at least May 2024, the group has been found to quickly embrace and modify existing ransomware builders such as AzzaSec, Diamond, Doubleface (aka Invisible), LockBit, Chaos, and Babuk to launch its attacks.RomCom Exploits Mozilla Fire and Windows 0-Days: The Russia-aligned threat actor known as RomCom chained two zero-day security flaws in Mozilla Firefox (CVE-2024-9680, CVSS score: 9.8) and Microsoft Windows (CVE-2024-49039, CVSS score: 8.8) as part of attacks designed to deliver the eponymous backdoor on victim systems without requiring any user interaction. The Russia-aligned threat actor known as RomCom chained two zero-day security flaws in Mozilla Firefox (CVE-2024-9680, CVSS score: 9.8) and Microsoft Windows (CVE-2024-49039, CVSS score: 8.8) as part of attacks designed to deliver the eponymous backdoor on victim systems without requiring any user interaction.Ideal for threat hunting, incident response, and security operations, it streamlines integration, ensures rapid deployment of updated detection rules, and supports multiple backends via pySigma.Ideal for threat hunting, incident response, and security operations, it streamlines integration, ensures rapid deployment of updated detection rules, and supports multiple backends via pySigma.According to data collected by Corvus, RansomHub, Play, LockBit 3.0, MEOW, and Hunters International have accounted for 40% of all attacks observed in Q3 2024.According to data collected by Corvus, RansomHub, Play, LockBit 3.0, MEOW, and Hunters International have accounted for 40% of all attacks observed in Q3 2024. 🔒 Tip of the Week Your Screenshots Are Secretly Talking Behind Your Back — Every screenshot you share could reveal your device info, location, OS version, username, and even internal system paths without your knowledge.Cybersecurity firm Morphisec said it identified five significant NTLM vulnerabilities that could be exploited to leak the credentials via Malicious RTF Document Auto Link in Microsoft Word, Remote Image Tag in Microsoft Outlook, Remote Table Refresh in Microsoft Access, Legacy Player Files in Microsoft Media Player, and Remote Recipient List in Microsoft Publisher. "


Wanted Russian Cybercriminal Linked to Hive and LockBit Ransomware Has Been Arrested

exploits ransomware rusia-ucrania ciber
2024-11-30 https://thehackernews.com/2024/11/wanted-russian-cybercriminal-linked-to.html
A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. "At present, "

Autosummary: "


UK hospital, hit by cyberattack, resorts to paper and postpones procedures

ciber
2024-11-29 https://www.bitdefender.com/en-us/blog/hotforsecurity/uk-hospital-hit-by-cyberattack-resorts-to-paper-and-postpones-procedures
A British hospital is grappling with a major cyberattack that has crippled its IT systems and disrupted patient care. Read more in my article on the Hot for Security blog. "

Autosummary: WUTH, which manages Arrowe Park Hospital, Clatterbridge Hospital, and Wirral Women and Children"s Hospital, proactively isolated its IT systems when it first detected the threat, forcing it to revert to manual processes and the use of pen-and-paper. "


Russia arrests cybercriminal Wazawaka for ties with ransomware gangs

exploits ransomware ciber
2024-11-29 https://www.bleepingcomputer.com/news/security/russia-arrests-cybercriminal-wazawaka-for-ties-with-ransomware-gangs/
Russian law enforcement has arrested and indicted notorious ransomware affiliate Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for developing malware and his involvement in several hacking groups. [...] "

Autosummary: In April 2021, the defendant and Babuk ransomware coconspirators allegedly deployed malicious payloads on the systems of the Metropolitan Police Department in Washington, D.C. In May 2022, Matveev and Hive ransomware gang members allegedly encrypted the systems of a nonprofit behavioral healthcare organization headquartered in Mercer County, New Jersey. "


Why cybersecurity leaders trust the MITRE ATT&CK Evaluations

ciber
2024-11-28 https://www.helpnetsecurity.com/2024/11/28/cynet-mitre-attck-evaluations/

In today’s dynamic threat landscape, security leaders are under constant pressure to make informed choices about which solutions and strategies they employ to protect their organizations. The “MITRE Engenuity ATT&CK Evaluations: Enterprise” stand out as an essential resource for cybersecurity decision makers to navigate this challenge. Unlike other independent assessments, MITRE ATT&CK Evaluations simulate real-world threats to assess how competing cybersecurity vendors detect and respond to real-world threats. As soon as the highly anticipated 2024 MITRE … More

The post Why cybersecurity leaders trust the MITRE ATT&CK Evaluations appeared first on Help Net Security.

"

Autosummary: Several key factors set MITRE ATT&CK Evaluations apart from other independent analyst assessments, making them particularly valuable for security leaders: Real-world conditions: Unlike other assessments, MITRE ATT&CK Evaluations are based on simulated TTPs by specific threat actors. "


UK hospital network postpones procedures after cyberattack

ciber
2024-11-28 https://www.bleepingcomputer.com/news/security/uk-hospital-network-postpones-procedures-after-cyberattack/
Major UK healthcare provider Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, has suffered a cyberattack that caused a systems outage leading to postponing appointments and scheduled procedures. [...] "

Autosummary: Collectively, these hospitals contribute to NHS Trust"s total of 855 beds and provide 24-hour emergency services, acute medical services, critical care, surgery, diagnostic services, pediatrics, maternity services, and cancer care. "


Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware

exploits ciber
2024-11-28 https://thehackernews.com/2024/11/cybercriminals-exploit-popular-game.html
A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique "

Autosummary: The newest addition is Godot Engine, a game development platform that allows users to design 2D and 3D games across platforms, including Windows, macOS, Linux, Android, iOS, PlayStation, Xbox, Nintendo Switch, and the web. "


A cyberattack impacted operations at UK Wirral University Teaching Hospital

ciber
2024-11-28 https://securityaffairs.com/171509/uncategorized/uks-wirral-university-teaching-hospital-cyberattack.html
UK’s Wirral University Teaching Hospital suffered a cyberattack that caused delays in appointments and procedures. Wirral University Teaching Hospital NHS Foundation Trust (WUTH) is an NHS Foundation Trust. It provides healthcare for people of the Wirral Peninsula and the surrounding areas of North West England and North Wales. The trust is responsible for Arrowe Park […] "

Autosummary: A cyberattack impacted operations at UK Wirral University Teaching Hospital Pierluigi Paganini November 28, 2024 November 28, 2024 UK’s Wirral University Teaching Hospital suffered a cyberattack that caused delays in appointments and procedures. "


Supply chain managers underestimate cybersecurity risks in warehouses

ciber
2024-11-27 https://www.helpnetsecurity.com/2024/11/27/warehouses-cybersecurity-concern/

32% of warehouse respondents report that social engineering is one of the most-used entry points in warehouse cyberattacks – tied with software vulnerabilities (32%) and followed by devices (19%), according to Ivanti. Cyberattacks on warehouses threaten supply chain stability As the backbone of the supply chain, a cyberattack on a warehouse can result in major consequences such as significant operational downtime, damage to a company’s reputation and financial losses. Given the vast amount of data … More

The post Supply chain managers underestimate cybersecurity risks in warehouses appeared first on Help Net Security.

"

Autosummary: The top budget priorities for supply chain managers are sourcing and procurement (41%), workforce productivity (40%), automation technologies (39%), and lowering operating costs (39%). "


Hottest cybersecurity open-source tools of the month: November 2024

ciber
2024-11-27 https://www.helpnetsecurity.com/2024/11/27/open-source-cybersecurity-tools-november-2024/

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. ScubaGear ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for potential security gaps. ScubaGear analyzes an organization’s M365 tenant configuration, offering actionable insights and recommendations to help administrators address security gaps and strengthen defenses within their Microsoft 365 environment. Am I Isolated: Open-source container security … More

The post Hottest cybersecurity open-source tools of the month: November 2024 appeared first on Help Net Security.

"

Autosummary: "


The Black Friday 2024 Cybersecurity, IT, VPN, & Antivirus Deals

ciber
2024-11-27 https://www.bleepingcomputer.com/news/security/the-black-friday-2024-cybersecurity-it-vpn-and-antivirus-deals/
Black Friday 2024 is almost here, and great deals are already live in computer security, software, online courses, system admin services, antivirus, and VPN software. These promotions offer deep discounts from various companies and are only available for a limited time. [...] "

Autosummary: "


Cybercriminals used a gaming engine to create undetectable malware loader

exploits ciber
2024-11-27 https://www.helpnetsecurity.com/2024/11/27/godot-engine-malware-loader-godloader/

Threat actors are using an ingenious new way for covertly delivering malware to a wide variety of operating systems and platforms: they have created a malware loader that uses Godot Engine, an open-source game engine. The loader – dubbed GodLoader – is distributed through the Stargazers Ghost Network, an extensive network of GitHub accounts and repositories that provides malware distribution “as-a-Service”. According to Check Point researchers, over 17,000 machines have been infected with the malicious … More

The post Cybercriminals used a gaming engine to create undetectable malware loader appeared first on Help Net Security.

"

Autosummary: Crafting the malware loader with the Godot Engine Godot Engine is a popular free and open source 2D and 3D game engine / development platform that can both run on many platforms and export projects to Windows, Linux, macOS, Android, iOS, various VR platforms, and more. "


Cybersecurity jobs available right now: November 26, 2024

ciber
2024-11-26 https://www.helpnetsecurity.com/2024/11/26/cybersecurity-jobs-available-right-now-november-26-2024/

Application Security Engineer Agoda | UAE | Hybrid – View job details As an Application Security Engineer, you will develop and design application-level security controls and standards. Perform application security design reviews against new products and services. Track and prioritize all security issues. Build internal security tools that help fix security problems at scale. Perform code review and drive remediation of discovered issues. Enable automated security testing at scale to measure vulnerability, and report on … More

The post Cybersecurity jobs available right now: November 26, 2024 appeared first on Help Net Security.

"

Autosummary: Schubring Global Solutions | USA | On-site – View job details As a Cybersecurity Engineer (RMF/ATO), you will conduct cybersecurity hardening activities (system patching, updating (applications, OSs, firmware, antivirus, etc.), applying Secure Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs), and any other secure configuration requirements. Industrial Security Officer Helsing | Germany | On-site – View job details As an Industrial Security Officer, you will lead the design, deployment, and operation of advanced security systems, including intruder alerts, CCTV, and access control systems, in compliance with German national and NATO security standards for one of our sites. SOC/SIRT Engineer Datavant | USA | Remote – View job details As a SOC/SIRT Engineer, you will design, mature, and implement advanced playbooks for triage, investigation, and response to cyber threats, with a focus on continuous improvement and automation.Implement and manage standard AWS security tools including but not limited to AWS Security Hub, AWS GuardDuty, Inspector, CloudTrail, WAF, KMS, Config, IAM Access Analyzer. "


Practical strategies to build an inclusive culture in cybersecurity

ciber
2024-11-26 https://www.helpnetsecurity.com/2024/11/26/alona-geckler-acronis-cybersecurity-diversity/

In this Help Net Security interview, Alona Geckler, Chief of Staff, SVP of Business Operations at Acronis, shares her insights on the diversity environment in the cybersecurity and IT industries. She discusses the progress made over the past two decades, initiatives to foster inclusivity, and the remaining challenges. Geckler addresses unconscious bias and barriers to career advancement, offering practical strategies for organizations to foster more inclusive environments. How has the industry evolved in terms of … More

The post Practical strategies to build an inclusive culture in cybersecurity appeared first on Help Net Security.

"

Autosummary: At Acronis, we’ve embraced this evolution with yearly mentorship programs, Women in Tech (WiT) Chapters across different regions, and initiatives like our WiT Cyberbreakfasts, which we’ve launched in Switzerland, Brazil, Singapore, Serbia, and Israel, with plans to expand into other countries.For instance, our Women in Tech (WiT) programs and panels at industry events, our mentorship programs, and conduction our own research, such as Fear of Missing Out survey, for example, all reflect our commitment to celebrating and increasing diversity.Years ago, structured opportunities for women and minorities were limited sand uncoordinated, but today there are numerous initiatives, including mentorship programs, scholarships, and coding boot camps, that specifically support these groups.Establishing supportive Employee Resource Groups, such as Acronis’ Voices of Employees, as an example, — a working group where representatives from various departments launch initiatives to help employees unite, connect, and build stronger networks — can create a valuable space for dialogue and peer support. "


Why Cybersecurity Leaders Trust the MITRE ATT&CK Evaluations

ciber
2024-11-26 https://www.bleepingcomputer.com/news/security/why-cybersecurity-leaders-trust-the-mitre-attack-evaluations/
The "MITRE Engenuity ATT&CK Evaluations: Enterprise" stand out as an essential resource for cybersecurity decision makers. Learn more from Cynet on what to expect in the upcoming 2024 MITRE ATT&CK Evaluation results. [...] "

Autosummary: Several key factors set MITRE ATT&CK Evaluations apart from other independent analyst assessments, making them particularly valuable for security leaders: Real-World Conditions: Unlike other assessments, MITRE ATT&CK Evaluations are based on simulated TTPs by specific threat actors. "


Commvault Clumio Backtrack helps recover data from errors, accidents, or cyberattacks

ciber
2024-11-26 https://www.helpnetsecurity.com/2024/11/26/commvault-clumio-backtrack/

Commvault announced Clumio Backtrack, a new capability that will enable enterprises to use automation to rapidly revert objects – or pieces of data – stored in Amazon Simple Storage Service (Amazon S3) to a specific version at a specific point and time. This makes it quick and easy for cloud operations, IT, and security teams to recover data from errors, accidents, or cyberattacks, almost as if they were able to turn back the clock to … More

The post Commvault Clumio Backtrack helps recover data from errors, accidents, or cyberattacks appeared first on Help Net Security.

"

Autosummary: “With the increasing complexity of enterprise data environments, businesses need fast, scalable, and secure data recovery solutions for the cloud-first world,” said Woon Jung, CTO – Cloud Native, Commvault. "


RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

exploits ciber
2024-11-26 https://thehackernews.com/2024/11/romcom-exploits-zero-day-firefox-and.html
The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. "In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user "

Autosummary: A privilege escalation vulnerability in Windows Task Scheduler (Patched by Microsoft in November 2024) RomCom, also known as Storm-0978, Tropical Scorpius, UAC-0180, UNC2596, and Void Rabisu, has a track record of conducting both cybercrime and espionage operations since at least 2022. "


AI Kuru, cybersecurity and quantum computing

ciber
2024-11-25 https://www.helpnetsecurity.com/2024/11/25/ai-quantum-computers/

As we continue to delegate more infrastructure operations to artificial intelligence (AI), quantum computers are advancing towards Q-day (i.e., the day when quantum computers can break current encryption methods). This could compromise the security of digital communications, as well as autonomous control systems that use AI and ML to make decisions. As AI and quantum converge to reveal extraordinary novel technologies, they will also combine to produce new threat vectors and quantum cryptanalysis. AI and … More

The post AI Kuru, cybersecurity and quantum computing appeared first on Help Net Security.

"

Autosummary: AI-diagnosticians have described it as the symptoms of a chronic disease variously characterized as model-collapse, MADness, etc., where AI’s primary source of nutrition was AI-generated junk food, euphemistically known as synthetic data.As we continue to delegate more infrastructure operations to artificial intelligence (AI), quantum computers are advancing towards Q-day (i.e., the day when quantum computers can break current encryption methods). "


DOJ: Man hacked networks to pitch cybersecurity services

ciber
2024-11-25 https://www.bleepingcomputer.com/news/security/doj-man-hacked-networks-to-pitch-cybersecurity-services/
A Kansas City man has been indicted for allegedly hacking into computer networks and using this access to promote his cybersecurity services. [...] "

Autosummary: According to the Department of Justice, Nicholas Michael Kloster, 31, of Kansas City, Missouri, breached two computer networks, a health club business and a nonprofit organization. "


THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 - Nov 24)

ciber
2024-11-25 https://thehackernews.com/2024/11/thn-recap-top-cybersecurity-threats_25.html
We hear terms like “state-sponsored attacks” and “critical vulnerabilities” all the time, but what’s really going on behind those words? This week’s cybersecurity news isn’t just about hackers and headlines—it’s about how digital risks shape our lives in ways we might not even realize. For instance, telecom networks being breached isn’t just about stolen data—it’s about power. Hackers are "

Autosummary: ‎️‍🔥 Trending CVEs Recent cybersecurity developments have highlighted several critical vulnerabilities, including: CVE-2024-44308, CVE-2024-44309 (Apple), CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-11003, CVE-2024-10224 (needrestart), CVE-2024-51092 (LibreNMS), CVE-2024-10217, CVE-2024-10218 (TIBCO), CVE-2024-50306 (Apache Traffic Server), CVE-2024-10524 (wget), CVE-2024-34719 (Android), CVE-2024-9942 (WPGYM), CVE-2024-52034 (mySCADA myPRO), and CVE-2024-0138 (NVIDIA).The attacks primarily target vulnerable IoT devices from various vendors like NETGEAR, Uniview, Reolink, Zyxel, Comtrend, SmartRG, Linear Emerge, Hikvision, and NUUO, using automated scripts in order to deploy the Ngioweb malware.The attacks primarily target vulnerable IoT devices from various vendors like NETGEAR, Uniview, Reolink, Zyxel, Comtrend, SmartRG, Linear Emerge, Hikvision, and NUUO, using automated scripts in order to deploy the Ngioweb malware.The attacks, dubbed RoboPAIR, have been successfully demonstrated against "a self-driving LLM, a wheeled academic robot, and, most concerningly, the Unitree Go2 robot dog, which is actively deployed in war zones and by law enforcement," security researcher Alex Robey said.This development coincides with U.S. telecom providers, including AT&T, Verizon, T-Mobile, and Lumen Technologies, becoming targets of another China-linked hacking group, Salt Typhoon.Ptitsyn, who is alleged to be an administrator, has been charged in a 13-count indictment with wire fraud conspiracy, wire fraud, conspiracy to commit computer fraud and abuse, four counts of causing intentional damage to protected computers, and four counts of extortion in relation to hacking.Ptitsyn, who is alleged to be an administrator, has been charged in a 13-count indictment with wire fraud conspiracy, wire fraud, conspiracy to commit computer fraud and abuse, four counts of causing intentional damage to protected computers, and four counts of extortion in relation to hacking.With features like database and column detection, data length discovery, and multiple extraction methods (character-by-character, binary search, or dictionary attack), BlindBrute ensures efficient data retrieval."The policy update, which compelled users to accept expanded data collection and sharing within the Meta group on a "take-it-or-leave-it" basis, violated user autonomy by offering no opt-out option," the Internet Freedom Foundation (IFF) said."The policy update, which compelled users to accept expanded data collection and sharing within the Meta group on a "take-it-or-leave-it" basis, violated user autonomy by offering no opt-out option," the Internet Freedom Foundation (IFF) said.Millions of Data Records Exposed Due to Power Pages Misconfigurations: Missing or misconfigured access controls in websites built with Microsoft Power Pages are exposing private organizations and government entities" sensitive data to outside parties, including full names, email addresses, phone numbers, and home addresses, leading to potential breaches. "


Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks

ciber
2024-11-25 https://thehackernews.com/2024/11/cybersecurity-flaws-in-iac-and-pac.html
Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp"s Terraform and Styra"s Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to breach cloud platforms and exfiltrate data. "Since these are hardened languages with limited capabilities, they"re supposed to be more "

Autosummary: Some of the other recommendations to mitigate such risks include - Implement a granular role-based access control (RBAC) and follow the principle of least privilege Set up application-level and cloud-level logging for monitoring and analysis Limit the network and data access of the applications and the underlying machines Prevent automatic execution of unreviewed and potentially malicious code in CI/CD pipelines Furthermore, organizations can use IaC scanning tools and solutions like Terrascan and Checkov to preemptively identify misconfigurations and compliance issues prior to deployment. "


A cyberattack on gambling giant IGT disrupted portions of its IT systems

ciber
2024-11-23 https://securityaffairs.com/171311/hacking/cyberattack-on-gambling-giant-igt.html
A cyberattack on gambling giant IGT disrupted its systems, forcing the company to take certain services offline. International Game Technology (IGT) detected a cyberattack on November 17, the company promptly started its incident response procedures. International Game Technology PLC (IGT), formerly Gtech S.p.A. and Lottomatica S.p.A., is a multinational gambling company that produces slot machines […] "

Autosummary: "


Cybercriminals turn to pen testers to test ransomware efficiency

exploits ransomware ciber
2024-11-22 https://www.helpnetsecurity.com/2024/11/22/pen-testers-ransomware-recruiting/

Ransomware gangs recruit pen testers to improve attack reliability Threat actors employ pen testers to improve ransomware effectiveness Threat actors are recruiting pen testers to test and improve the reliability of their ransomware for affiliate programs, according to Cato Networks. Any good developer knows that software needs to be tested before deploying in production environments. This is also true for ransomware gangs. They want to ensure that their ransomware can be deployed successfully against organizations. … More

The post Cybercriminals turn to pen testers to test ransomware efficiency appeared first on Help Net Security.

"

Autosummary: Out of the hundreds of AI applications that Cato CTRL monitors, 10 AI applications were tracked and used by organizations (Bodygram, Craiyon, Otter.ai, Writesonic, Poe, HIX.AI, Fireflies.ai, PeekYou, Character.AI, and Luma AI), revealing various security risks. "


Cyberattack at French hospital exposes health data of 750,000 patients

ciber
2024-11-21 https://www.bleepingcomputer.com/news/security/cyberattack-at-french-hospital-exposes-health-data-of-750-000-patients/
A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. [...] "

Autosummary: Source: BleepingComputer These records allegedly contain the following information: Full name Date of birth Gender Home address Phone number Email address Physician Prescriptions Health card history The data was offered for purchase to three users, and currently, no buyers have been declared on the sale listing. "


Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service

ciber
2024-11-21 https://www.helpnetsecurity.com/2024/11/21/ukrainian-cyberwar-tryzub-cyber-training-service/

The Computer Emergency Response Team of Ukraine (CERT-UA), part of the State Service of Special Communications and Information Protection (SSSCIP), has joined forces with the simulation training platform Cyber Ranges to unveil TRYZUB, a cyber resilience training and capability development service. TRYZUB primarily protects military, government entities, and critical infrastructure sectors such as energy, healthcare, finance, telecommunications, and education. Its training is designed for military units, law enforcement, government agencies, and operators of essential infrastructure … More

The post Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity jobs available right now: November 20, 2024

ciber
2024-11-20 https://www.helpnetsecurity.com/2024/11/20/cybersecurity-jobs-available-right-now-november-20-2024/

Application Security Engineer ENOC | UAE | On-site – View job details As an Application Security Engineer, you will establish and maintain DLP policies to prevent unauthorized access, transmission, or disclosure of sensitive data, focusing on both on-premises and cloud environments. Design, implement, and manage CASB solutions to control and monitor access to cloud applications and safeguard data across cloud services. Application Security Engineer Intellias | Poland | Remote – View job details As an … More

The post Cybersecurity jobs available right now: November 20, 2024 appeared first on Help Net Security.

"

Autosummary: L2 SOC Analyst Neuron Solutions | Malaysia | On-site – View job details As a L2 SOC Analyst, you will analyze security alerts, incidents, and anomalies from a variety of sources (network, endpoint, cloud, etc.), leveraging Azure Sentinel and other security platforms. Information Security Compliance Manager Sidetrade | France | Hybrid – View job details As an Information Security Compliance Manager, you will assist with the development, implementation, and maintenance of information security policies, procedures, and processes in alignment with ISO 27001, SOC 1 and 2, and PCI DSS requirements. Senior Security Engineer – SecOps Robinhood | Canada | On-site – View job details As a Senior Security Engineer – SecOps, you will build and maintain automation workflows to improve the efficiency, speed, and accuracy of our security operations, focusing on reducing manual work and enhancing incident response times. Senior Security Engineer, Software Supply Chain Security Amazon | USA | On-site – View job details As a Senior Security Engineer, Software Supply Chain Security, you will identify security issues and risks, and developing mitigation plans. Cloud Security Lead Pollard Digital Solutions | Canada | Remote – View job details As a Cloud Security Lead, you will lead the development, implementation and management of cloud security policies, procedures and controls to protect our organizations data, systems and assets. "


NHIs Are the Future of Cybersecurity: Meet NHIDR

ciber
2024-11-20 https://thehackernews.com/2024/11/nhis-are-future-of-cybersecurity-meet.html
The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take "

Autosummary: With NHIDR, organizations can safeguard their assets, maintain compliance, and stay ahead of the threat landscape —because when it comes to protecting critical systems, proactive defense is essential. "


Quantum DXi9200 helps organizations manage and reduce cybersecurity risks

ciber
2024-11-20 https://www.helpnetsecurity.com/2024/11/20/quantum-dxi9200/

Quantum announces the DXi9200, the latest generation of its flagship DXi9000 Series hybrid (flash + dense disk) data protection appliances, designed for scalable, efficient backup and recovery services for large organizations. With the continuing threat of ransomware attacks, organizations need to take a comprehensive and proactive approach to secure their data and data copies, continuously validate recovery operations, and quickly recover in case of attack. As the industry’s most scalable, feature-rich, and efficient data protection … More

The post Quantum DXi9200 helps organizations manage and reduce cybersecurity risks appeared first on Help Net Security.

"

Autosummary: Backup data integrity against alteration, deletion or corruption with offline immutable snapshot data copies, frequent native data integrity health checks, parity-protected RAID, and a compatible ecosystem of data protection and malware scanning software, including Veeam, Veritas, and Commvault. "


Dev + Sec: A collaborative approach to cybersecurity

ciber
2024-11-19 https://www.helpnetsecurity.com/2024/11/19/dev-sec-collaborative-approach/

The age-old tension between development and security teams has long been a source of friction in organizations. Developers prioritize speed and efficiency, aiming to deliver features and products quickly with a fast-paced, iterative development cycle and move on efficiently. On the other hand, security teams strive to balance risk and innovation but must focus on protecting sensitive data and systems with guardrails and ensuring compliance with stringent regulations. These contrasting priorities and communication gaps lead … More

The post Dev + Sec: A collaborative approach to cybersecurity appeared first on Help Net Security.

"

Autosummary: An organization in which developers and security view their goals as contradictory or, even worse, cease to collaborate altogether, may contend with delayed releases, system downtimes and increased costs – not to mention an acrimonious working environment, decreased morale and growing security risks. Using tools that are designed for developers, not only for security professionals, ensures that security is an inherent concern but part of the developer’s workflow, not an external – and annoying – afterthought. "


THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)

ciber
2024-11-18 https://thehackernews.com/2024/11/thn-recap-top-cybersecurity-threats_18.html
What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative—using everything from human trust to hidden flaws in "

Autosummary: 🔥 Trending CVEs Recent cybersecurity developments have highlighted several critical vulnerabilities, including: CVE-2024-10924, CVE-2024-10470, CVE-2024-10979, CVE-2024-9463, CVE-2024-9465, CVE-2024-43451, CVE-2024-49039, CVE-2024-8068, CVE-2024-8069, CVE-2023-28649, CVE-2023-31241, CVE-2023-28386, CVE-2024-50381, CVE-2024-7340, and CVE-2024-47574. WIRTE, a Middle Eastern threat actor affiliated with Hamas, has orchestrated cyber espionage operations against the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, as well as carried out disruptive attacks that exclusively target Israeli entities using SameCoin wiper.WIRTE Targets Israel With SameCoin Wiper: WIRTE, a Middle Eastern threat actor affiliated with Hamas, has orchestrated cyber espionage operations against the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, as well as carried out disruptive attacks that exclusively target Israeli entities using SameCoin wiper.These are fake files, links, or credentials, like "Confidential_Report_2024.xlsx" or a fake AWS key, placed in spots hackers love to snoop—shared drives, admin folders, or cloud storage.URLCrazy is an OSINT tool designed for cybersecurity professionals to generate and test domain typos or variations, effectively detecting and preventing typo squatting, URL hijacking, phishing, and corporate espionage. "


Using AI to drive cybersecurity risk scoring systems

ciber
2024-11-15 https://www.helpnetsecurity.com/2024/11/15/ai-driven-risk-scoring-systems-cybersecurity-video/

In this Help Net Security video, Venkat Gopalakrishnan, Principal Data Science Manager at Microsoft, discusses the development of AI-driven risk scoring models tailored for cybersecurity threats, and how AI is revolutionizing risk assessment and management in cybersecurity.

The post Using AI to drive cybersecurity risk scoring systems appeared first on Help Net Security.

"

Autosummary: "


Cybercriminals hijack DNS to build stealth attack networks

ciber
2024-11-15 https://www.helpnetsecurity.com/2024/11/15/sitting-ducks-attack/

Hijacking domains using a ‘Sitting Ducks attack’ remains an underrecognized topic in the cybersecurity community. Few threat researchers are familiar with this attack vector, and knowledge is scarce. However, the prevalence of these attacks and the risk to organizations are significant. Infoblox researchers estimate that over 1 million registered domains could be vulnerable daily. More evidence found on Sitting Ducks Attacks During a Sitting Ducks attack, the malicious actor gains control of a domain by … More

The post Cybercriminals hijack DNS to build stealth attack networks appeared first on Help Net Security.

"

Autosummary: This actor uses hijacked domains to augment their malicious traffic distribution system (TDS) called 404TDS to run malicious spam operations, deliver porn, establish remote access trojan (RAT) C2s, and drop malware such as DarkGate and AsyncRAT. "


How cybersecurity failures are draining business budgets

ciber
2024-11-14 https://www.helpnetsecurity.com/2024/11/14/cybersecurity-failures-business-budgets/

Security leaders feel under increasing pressure to provide assurances around cybersecurity, exposing them to greater personal risk – yet many lack the data and resources to accurately report and close cybersecurity gaps, according to Panaseer. The report analyses the findings of a survey of 400 security decision makers (SDMs) across the US and UK. Security leaders turn to indemnity insurance for protection 61% of organizations have suffered a security breach in the past year because … More

The post How cybersecurity failures are draining business budgets appeared first on Help Net Security.

"

Autosummary: Furthermore, 89% of security leaders are expected to provide more data around the role and effectiveness of security investments – with 76% saying they are under greater pressure to provide metrics to justify cyber RoI. However, 67% say cybersecurity teams are not equipped with the specialized analytical tools needed to provide these assurances to boards and regulators.Armed with this golden source of truth, CISOs are empowered to provide assurances, report risk in good faith, discover gaps in security and plug them before a security incidents take place, protecting both themselves and their company.” "


Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage

industry ciber
2024-11-14 https://www.helpnetsecurity.com/2024/11/14/google-cybersecurity-forecast-2025/

Google Cloud unveiled its Cybersecurity Forecast for 2025, offering a detailed analysis of the emerging threat landscape and key security trends that organizations worldwide should prepare for. The report delivers insights into the tactics of cyber adversaries, providing advice for increasing security posture in the coming year. The year of AI-driven cyberattacks The report highlights a shift in the cybersecurity landscape: the rise of artificial intelligence (AI) as a double-edged sword. While AI offers new … More

The post Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage appeared first on Help Net Security.

"

Autosummary: Key recommendations: Prioritize cloud security: Organisations should embrace cloud-native security solutions, such as cloud-based SIEM and SOAR platforms, to improve visibility, threat detection, and incident response capabilities. “2025 is going to be the year when AI moves from pilots and prototypes into large-scale adoption,” Phil Venables, VP, TI Security & CISO, Google Cloud, added. "


Tips for a successful cybersecurity job interview

ciber
2024-11-13 https://www.helpnetsecurity.com/2024/11/13/cybersecurity-job-interview-questions-tips/

Whether you’re looking to enhance your existing cybersecurity skills or just beginning your journey in the field, cybersecurity offers a wide range of career opportunities. If you’re considering a career shift, exploring new job opportunities, or aiming to upgrade your skill set, take time to learn about the questions to prepare for in your upcoming cybersecurity job interview. Preparing for the job interview Researching the potential employer will enable you to answer questions in ways … More

The post Tips for a successful cybersecurity job interview appeared first on Help Net Security.

"

Autosummary: Explain the concept of a secure password Discuss the importance of disaster recovery planning in cybersecurity Discuss the role of artificial intelligence in cybersecurity Explain the concept of micro-segmentation in network security Explain the concept of federated identity management Final cybersecurity interview questions Companies typically use final interviews to address any remaining questions and assess which finalist is the best fit for the role, team, and company. "


Cybersecurity jobs available right now: November 12, 2024

ciber
2024-11-12 https://www.helpnetsecurity.com/2024/11/12/cybersecurity-jobs-available-right-now-november-12-2024/

Cloud Security Lead CIÉ – Córas Iompair Éireann | Ireland | Hybrid – View job details As a Cloud Security Lead, you will ensure the security of CIE’s Azure environment by developing and implementing cloud security strategies and policies. You will safeguard cloud-based data and applications, collaborate with IT teams to integrate cloud security measures, and assess and advise on cloud security configurations. Additionally, you will contribute to security-related design and implementation and work closely … More

The post Cybersecurity jobs available right now: November 12, 2024 appeared first on Help Net Security.

"

Autosummary: Network Security Specialist Taldor | Israel | On-site – View job details As a Network Security Specialist, you will be responsible for access control, device protection, firewall management, IPS, DLP, and the installation, operation, and maintenance of cybersecurity products (including mobile device antivirus). Information Security Specialist – Red Team Operator TD | Canada | Hybrid – View job details As an Information Security Specialist – Red Team Operator, you will provide consultation and advice to partners on a broad range of Technology Controls, Information Security programs, policies, standards, and incidents within your specialized area. Senior Security Engineer – Web Application Firewall (WAF) DraftKings | USA | Remote – View job details As a Senior Security Engineer – Web Application Firewall (WAF), you will manage and enhance security for the CDN and WAF, including DoS/DDoS mitigation, credential-stuffing prevention, and overall cloud security posture improvement. Information Security Engineer (VAPT) NCR Voyix | India | Hybrid – View job details As an Information Security Engineer (VAPT), you will conduct penetration tests on internal and external networks, web applications, mobile applications, APIs, and cloud environments. "


Ambitious cybersecurity regulations leave companies in compliance chaos

ciber
2024-11-12 https://www.helpnetsecurity.com/2024/11/12/regulations-organizations-challenges-video/

While the goal of cybersecurity regulations is to bring order among organizations and ensure they take security and risks seriously, the growing number of regulations has also introduced a considerable set of challenges that organizations and their leaders must address. Sara Behar, Content Manager at YL Ventures, discusses how recent regulatory actions and high-profile legal incidents involving cybersecurity leaders have influenced CISO reporting. Chris Denbigh-White, CSO at Next DLP, discusses how emerging technologies, such as … More

The post Ambitious cybersecurity regulations leave companies in compliance chaos appeared first on Help Net Security.

"

Autosummary: "


A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel

ciber
2024-11-12 https://securityaffairs.com/170823/hacking/cyberattack-payment-systems-israel.html
A cyberattack in Israel allegedly disrupted communication services, causing widespread malfunction of credit card readers across the country on Sunday. The Jerusalem Post reported that thousands of credit card readers across at gas stations and supermarket chains in Israel stopped working on Sunday morning following an alleged DDoS attack that hit the company responsible for […] "

Autosummary: The attack lasted one hour before being mitigated, it impacted multiple companies across Israel, including the Maccabi health fund, taxi service Gett, food ordering app Wolt, and public transportation payment systems Rav Kav Online and Hop-On. "


4 reasons why veterans thrive as cybersecurity professionals

ciber
2024-11-11 https://www.helpnetsecurity.com/2024/11/11/veterans-cybersecurity-professionals/

Through their past military service, veterans are trained to think like adversaries, often share that mission-driven spirit and excel when working with a team to achieve a larger goal. They develop and champion the unique traits that cybersecurity companies need in prospective talent. These organizations must take note, as tapping veterans for cybersecurity roles can mutually benefit their business and the individuals they hire. Below, I’ll explain four reasons veterans make excellent cybersecurity company employees. … More

The post 4 reasons why veterans thrive as cybersecurity professionals appeared first on Help Net Security.

"

Autosummary: When training, military members constantly simulate real-world combat situations so that, when the attack is real, they already know how they’ll react.Veterans are always oriented against the threat they face, and cybersecurity, like a combat situation, is one of the only fields that poses a constant quasi-state of attack. "


Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware

exploits ciber
2024-11-11 https://thehackernews.com/2024/11/cybercriminals-use-excel-exploit-to.html
Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT "provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer," Fortinet FortiGuard Labs researcher Xiaopeng Zhang said in an analysis published last week. "However, threat actors have "

Autosummary: These commands allow the program to harvest files, enumerate and terminate processes, manage system services, edit Windows Registry, execute commands and scripts, capture clipboard content, alter a victim"s desktop wallpaper, enable camera and microphone, download additional payloads, record the screen, and even disable keyboard or mouse input. "


A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine

ciber
2024-11-11 https://securityaffairs.com/170779/hacking/south-korea-claims-pro-russia-actors-ddos-attacks.html
South Korea claims Pro-Russia actors intensified cyberattacks on national sites after it decided to monitor North Korean troops in Ukraine. South Korea’s government blames pro-Russia threat actors for an intensification of cyberattacks on national sites after it decided to monitor North Korean troops in Ukraine. South Korea reports that over 10,000 North Korean troops are […] "

Autosummary: A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine Pierluigi Paganini November 11, 2024 November 11, 2024 South Korea claims Pro-Russia actors intensified cyberattacks on national sites after it decided to monitor North Korean troops in Ukraine. "


The ROI of Security Investments: How Cybersecurity Leaders Prove It

ciber
2024-11-11 https://thehackernews.com/2024/11/the-roi-of-security-investments-how.html
Cyber threats are intensifying, and cybersecurity has become critical to business operations. As security budgets grow, CEOs and boardrooms are demanding concrete evidence that cybersecurity initiatives deliver value beyond regulation compliance. Just like you wouldn’t buy a car without knowing it was first put through a crash test, security systems must also be validated to confirm their value. "

Autosummary: The automated platform has built-in content of TTPs for conducting tests, covering techniques like Kerberoasting, network scanning, brute forcing etc, relieving the team from having to create this.Instead of relying solely on expensive, highly-skilled engineers to carry out manual validations across all systems, we could focus our elite teams on high-value, targeted red-teaming exercises. Watch the full on-demand webinar with Shawn Baird, Associate Director of Offensive Security & Red Teaming at DTCC, and Pentera Field CISO, Jason Mar-Tang. We met with Shawn Baird, Associate Director of Offensive Security & Red Teaming at DTCC, to discuss how to effectively communicate the business value of his Security Validation practices and tools to his upper management. "


THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 - Nov 10)

ciber
2024-11-11 https://thehackernews.com/2024/11/thn-recap-top-cybersecurity-threats_11.html
⚠️ Imagine this: the very tools you trust to protect you online—your two-factor authentication, your car’s tech system, even your security software—turned into silent allies for hackers. Sounds like a scene from a thriller, right? Yet, in 2024, this isn’t fiction; it’s the new cyber reality. Today’s attackers have become so sophisticated that they’re using our trusted tools as secret pathways, "

Autosummary: ‎️‍🔥 Trending CVEs Recently trending CVEs include: CVE-2024-39719, CVE-2024-39720, CVE-2024-39721, CVE-2024-39722, CVE-2024-43093, CVE-2024-10443, CVE-2024-50387, CVE-2024-50388, CVE-2024-50389, CVE-2024-20418, CVE-2024-5910, CVE-2024-42509, CVE-2024-47460, CVE-2024-33661, CVE-2024-33662. Tips for Organizations: Update and Patch Systems: Immediately apply the latest security updates to all edge devices and firewalls, particularly those from Sophos, to mitigate known vulnerabilities like CVE-2020-12271, CVE-2020-15069, CVE-2020-29574, CVE-2022-1040, and CVE-2022-3236. Immediately apply the latest security updates to all edge devices and firewalls, particularly those from Sophos, to mitigate known vulnerabilities like CVE-2020-12271, CVE-2020-15069, CVE-2020-29574, CVE-2022-1040, and CVE-2022-3236.Over 30 Vulnerabilities Found in IBM Security Verify Access: Nearly a three dozen vulnerabilities have been disclosed in IBM Security Verify Access (ISVA) that, if successfully exploited, could allow attackers to escalate privileges, access sensitive information, and compromise the entire authentication infrastructure. An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi. Nearly a three dozen vulnerabilities have been disclosed in IBM Security Verify Access (ISVA) that, if successfully exploited, could allow attackers to escalate privileges, access sensitive information, and compromise the entire authentication infrastructure.An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi."India very likely uses its cyber program to advance its national security imperatives, including espionage, counterterrorism, and the country"s efforts to promote its global status and counter narratives against India and the Indian government," the Canadian Centre for Cyber Security said."India very likely uses its cyber program to advance its national security imperatives, including espionage, counterterrorism, and the country"s efforts to promote its global status and counter narratives against India and the Indian government," the Canadian Centre for Cyber Security said." Multiple security vulnerabilities identified in the Mazda Connect Connectivity Master Unit (CMU) infotainment unit (from CVE-2024-8355 through CVE-2024-8360), which is used in several models between 2014 and 2021, could allow for execution of arbitrary code with elevated permissions. "


The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses

ciber
2024-11-08 https://thehackernews.com/2024/11/the-vciso-academy-transforming-msps-and.html
We’ve all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers (CISOs). This gap is driving the rise of the virtual CISO (vCISO) model, offering a cost-effective "

Autosummary: Key features of the academy include: Expert guidance from industry experts who share their practical knowledge and experience on a wide range of essential vCISO functions, including risk and compliance assessments, cybersecurity strategy development, and effective communication of risks to executive teams.Journey By addressing the knowledge shortage and providing structured, accessible learning, the vCISO academy allows service providers to: Broaden your perspective: The vCISO Academy provides a deeper understanding of what it means to be a vCISO with specialized training to address the cybersecurity shortage. "


Webinar: Learn How Storytelling Can Make Cybersecurity Training Fun and Effective

ciber
2024-11-08 https://thehackernews.com/2024/11/webinar-learn-how-storytelling-can-make.html
Let’s face it—traditional security training can feel as thrilling as reading the fine print on a software update. It’s routine, predictable, and, let’s be honest, often forgotten the moment it"s over. Now, imagine cybersecurity training that’s as unforgettable as your favorite show. Remember how "Hamilton" made history come alive, or how "The Office" taught us CPR (Staying Alive beat, anyone?)? "

Autosummary: What to Expect in the Webinar: Industry experts, Dima Kumets (Principal Product Manager) and James O"Leary (Product Marketing Manager), will guide you through a fresh approach to security training that resonates with users and admins alike. "


Key cybersecurity predictions for 2025

ciber
2024-11-06 https://www.helpnetsecurity.com/2024/11/06/key-cybersecurity-predictions-2025-video/

In this Help Net Security video, Chris Gibson, CEO at FIRST, discusses the evolving threat landscape and provides a unique take on where data breaches and cyber attacks will be in 2025.

The post Key cybersecurity predictions for 2025 appeared first on Help Net Security.

"

Autosummary: "


The cybersecurity gender gap: How diverse teams improve threat response

ciber
2024-11-06 https://www.helpnetsecurity.com/2024/11/06/julie-madhusoodanan-linkedin-gender-gap-cybersecurity/

In this Help Net Security interview, Julie Madhusoodanan, Head of CyberSecurity at LinkedIn, discusses how closing the gender gap could enhance cybersecurity’s effectiveness in combating emerging threats. With women still underrepresented in cybersecurity roles, she emphasizes how diverse teams bring essential skills and innovative perspectives. Madhusoodanan outlines strategies like inclusive hiring, mentorship, and flexible work policies as essential steps to foster gender balance in the field. What impact would closing the gender gap in cybersecurity … More

The post The cybersecurity gender gap: How diverse teams improve threat response appeared first on Help Net Security.

"

Autosummary: Ultimately, closing the gender gap will require a multi-pronged approach, including educational reforms to promote inclusive access to cybersecurity (and STEM) education, targeted training programs for women, highlighting female role models in cybersecurity, and more. These initiatives offer women guidance, support, and networking opportunities, which are key for navigating career paths in a male-dominated field. Upskilling and career growth; training and mentorship schemes, especially in pre- and middle-management roles Factoring in gender when up-skilling for AI; as the workplace is transformed, ensuring training is handled in a fair and equitable way. "


Washington courts" systems offline following weekend cyberattack

ciber
2024-11-06 https://www.bleepingcomputer.com/news/security/washington-courts-systems-offline-following-weekend-cyberattack/
​​Court systems across Washington state have been down since Sunday when officials said "unauthorized activity" was detected on their networks. [...] "

Autosummary: "


Cybersecurity jobs available right now: November 5, 2024

ciber
2024-11-05 https://www.helpnetsecurity.com/2024/11/05/cybersecurity-jobs-available-right-now-november-5-2024/

Application Security Engineer MassMutual | USA | Hybrid – View job details As an Application Security Engineer, you will conduct in-depth security assessments, including vulnerability scanning, and code reviews. Ensure secure coding practices are followed, and security controls are incorporated into software designs. Conduct detailed threat modeling to identify attack vectors and potential weaknesses. Ensure compliance with security regulations, frameworks, and industry standards such as OWASP. Cybersecurity Engineer, Resilience Electrolux Group | Italy | On-site … More

The post Cybersecurity jobs available right now: November 5, 2024 appeared first on Help Net Security.

"

Autosummary: Offensive Security Engineer Cyberbit | Israel | On-site – View job details As an Offensive Security Engineer, you will design, build, and implement red team labs, vulnerable websites, CTF challenges, and exercises tailored for varying skill levels, covering offensive security concepts, AWS-based infrastructure, and Docker deployments. Senior Threat Detection and Validation Engineer dunnhumby | United Kingdom | Hybrid – View job details As a Senior Threat Detection and Validation Engineer, you will conduct periodic validation testing (including, but not limited to, atomic testing, breach and attack simulations, adversary simulation exercises, purple teaming, tabletops, and penetration testing) to validate the effectiveness or identify security gaps and vulnerabilities in the organization’s security controls. Senior Penetration Tester emaratech | UAE | On-site – View job details As a Senior Penetration Tester, you will perform in-depth penetration tests on web applications, mobile applications (iOS and Android), network infrastructure (web server, DB, Firewall, wireless access points), and cloud environments. Senior Manager, Security Architecture Ontario Power Generation | Canada | On-Site – View job details As a Senior Manager, Security Architecture, you will provide leadership for the development of the security strategy and contribute to the delivery of critical cyber security projects across Cloud, IT and OT to improve overall security capabilities, maturity, and risk posture. "


IRISSCON 2024 to address AI’s dual impact on cybersecurity

ciber
2024-11-04 https://www.helpnetsecurity.com/2024/11/04/irisscon-2024/

The IRISSCERT Cyber Crime Conference (IRISSCON) returns on November 6th at the Aviva Stadium, where global cybersecurity leaders will explore AI’s revolutionary role in defending against and contributing to cyber threats. As Ireland’s longest-standing cybersecurity conference, IRISSCON 2024 will dive into AI’s impact on how it both enhances security and enables cybercriminals to scale and automate attacks. With generous support from diamond sponsors ESET, Symantec, and BH Consulting, the event will highlight cutting-edge AI strategies … More

The post IRISSCON 2024 to address AI’s dual impact on cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Hiring guide: Key skills for cybersecurity researchers

ciber
2024-11-04 https://www.helpnetsecurity.com/2024/11/04/rachel-barouch-haik-hiring-cybersecurity-researchers/

In this Help Net Security interview, Rachel Barouch, an Organizational Coach for VCs and startups and a former VP HR in both a VC and a Cybersecurity startup, discusses the dynamics of cybersecurity researchers and team-building strategies. She highlights that these researchers, often brilliant and introverted, come with distinctive working styles, making it challenging to foster collaboration. However, with the right approach to assessing, managing, retaining and developing them, organizations can unlock their potential and … More

The post Hiring guide: Key skills for cybersecurity researchers appeared first on Help Net Security.

"

Autosummary: However, with the right approach to assessing, managing, retaining and developing them, organizations can unlock their potential and drive high-performance teams, ultimately boosting the startup’s market value, especially in the context of mergers and acquisitions (M&As).Programming expertise, particularly in languages like Python, C/C++, and assembly, combined with deep knowledge of operating system internals, is crucial. "


Cybersecurity in crisis: Are we ready for what’s coming?

ciber
2024-11-04 https://www.helpnetsecurity.com/2024/11/04/cyber-protection-level-video/

In this Help Net Security video, James Edgar, CISO at Corpay, reveals insights into cybersecurity health, concerns, challenges, and other considerations for building a solid defense program. Key insights revealed in Corpay’s 2024 State of Business Cybersecurity Report: 67% of respondents blame lack of capital resources for preventing companies from reaching their desired level of cyber protection. 61% of respondents plan to test or implement AI tools for cybersecurity purposes in the next 12 months. … More

The post Cybersecurity in crisis: Are we ready for what’s coming? appeared first on Help Net Security.

"

Autosummary: "


THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03)

ciber
2024-11-04 https://thehackernews.com/2024/11/thn-recap-top-cybersecurity-threats.html
This week was a total digital dumpster fire! Hackers were like, "Let"s cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️‍♀️) We"re talking password-stealing bots, sneaky extensions that spy on you, and even cloud-hacking ninjas! 🥷 It"s enough to make you want to chuck your phone in the ocean. "

Autosummary: ‎️‍🔥 Trending CVEs CVE-2024-50550, CVE-2024-7474, CVE-2024-7475, CVE-2024-5982, CVE-2024-10386, CVE-2023-6943, CVE-2023-2060, CVE-2024-45274, CVE-2024-45275, CVE-2024-51774 📰 Around the Cyber World Security Flaws in PTZ Cameras: Threat actors are attempting to exploit two zero-day vulnerabilities in pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, business conferences, government, religious places, and courtroom settings. Threat actors are attempting to exploit two zero-day vulnerabilities in pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, business conferences, government, religious places, and courtroom settings.Affected cameras use VHD PTZ camera firmware < 6.3.40, which is found in PTZOptics, Multicam Systems SAS, and SMTAV Corporation devices based on Hisilicon Hi3516A V600 SoC V60, V61, and V63.Affected cameras use VHD PTZ camera firmware < 6.3.40, which is found in PTZOptics, Multicam Systems SAS, and SMTAV Corporation devices based on Hisilicon Hi3516A V600 SoC V60, V61, and V63. Nearly a dozen flaws have been disclosed in OpenText NetIQ iManager, an enterprise directory management tool, some of which could be chained together by an attacker to achieve pre-authentication remote code execution, or allow an adversary with valid credentials to escalate their privileges within the platform and ultimately achieve post-authenticated code execution.Multiple Vulnerabilities in OpenText NetIQ iManager: Nearly a dozen flaws have been disclosed in OpenText NetIQ iManager, an enterprise directory management tool, some of which could be chained together by an attacker to achieve pre-authentication remote code execution, or allow an adversary with valid credentials to escalate their privileges within the platform and ultimately achieve post-authenticated code execution." Funnull, the Chinese company that acquired Polyfill[.]io JavaScript library earlier this year, has been linked to investment scams, fake trading apps, and suspect gambling networks. "


6 key elements for building a healthcare cybersecurity response plan

ciber
2024-10-30 https://www.helpnetsecurity.com/2024/10/30/healthcare-cybersecurity-incident-response-plan/

Medical practices remain vulnerable to cyberattacks, with over a third unable to cite a cybersecurity incident response plan, according to Software Advice. This gap exposes healthcare providers to risks of patient data breaches, HIPAA violations, financial penalties, and patient safety concerns. The findings come at a critical time, as the Health Infrastructure Security and Accountability Act seeks to establish minimum cybersecurity standards across the healthcare industry. Software Advice’s survey found that 59% of medical practices … More

The post 6 key elements for building a healthcare cybersecurity response plan appeared first on Help Net Security.

"

Autosummary: “Downtime from a cyberattack can disrupt production, profits, and reputation for most businesses, but in healthcare, it means inaccessible medical records, malfunctioning devices, and delayed critical procedures,” said Lisa Morris, associate principal medical analyst at Software Advice. "


Cybersecurity jobs available right now: October 29, 2024

ciber
2024-10-29 https://www.helpnetsecurity.com/2024/10/29/cybersecurity-jobs-available-right-now-october-29-2024/

API Gateway Security Engineer Ness Technologies | Israel | Hybrid – View job details As an API Gateway Security Engineer, you will be responsible for managing and implementing API Gateway solutions with a strong focus on information security. Your responsibilities will include ongoing maintenance of API systems, managing secure permissions and access, monitoring API traffic to identify anomalies, threats, and intrusion attempts, and collaborating with security and infrastructure teams to identify and manage security risks, … More

The post Cybersecurity jobs available right now: October 29, 2024 appeared first on Help Net Security.

"

Autosummary: Senior Cybersecurity Architect Kyndryl | France | Hybrid – View job details As a Senior Cybersecurity Architect, you will design the integration of various security technologies, including EDR, SIEM, and DLP solutions, within complex IT environments spanning on-premises, cloud, and hybrid infrastructures. Network Security Engineer DRW | United Kingdom | On-site – View job details As a Network Security Engineer, you will architect, troubleshoot, and implement firewalls, intrusion detection/prevention systems (IDPS), and VPN concentrators into new or existing networks. Senior Security Engineer, Firmware Roku | United Kingdom | On-site – View job details As a Senior Security Engineer, Firmware, you will develop new product solutions for cryptographic key programming, secure boot, and secure enclave. "


A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation

ciber
2024-10-29 https://thehackernews.com/2024/10/a-sherlock-holmes-approach-to.html
Sherlock Holmes is famous for his incredible ability to sort through mounds of information; he removes the irrelevant and exposes the hidden truth. His philosophy is plain yet brilliant: “When you have eliminated the impossible, whatever remains, however improbable, must be the truth.” Rather than following every lead, Holmes focuses on the details that are needed to move him to the solution. In "

Autosummary: Discover how the Picus Security Validation Platform seamlessly integrates with your existing systems, the broadest exposure validation capabilities through advanced capabilities like Breach and Attack Simulation (BAS), Automated Penetration Testing, and Red Teaming to help you reduce risk, save time, and fortify your defenses against evolving threats. The Holes in Your Armor: What Threat Exposures Mean In cybersecurity, exposure is a vulnerability, misconfiguration, or security gap existing in an organization"s IT environment, which could be used by any threat actor.Even Mr. Spock echoed this logic, remarking, "An ancestor of mine maintained that if you eliminate the impossible, whatever remains, however improbable, must be the truth." CTEM consists of five key phases: Scoping, Discovery, Prioritization, Validation, and Mobilization. "


Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials

ciber
2024-10-28 https://thehackernews.com/2024/10/cybercriminals-use-webflow-to-deceive.html
Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage. "The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for "

Autosummary: "The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for multiple company webmail platforms, as well as Microsoft 365 login credentials," Netskope Threat Labs researcher Jan Michael Alcantara said in an analysis. "


THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)

ciber
2024-10-28 https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats_28.html
Cybersecurity news can sometimes feel like a never-ending horror movie, can"t it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don"t worry, we"re here to break it all down in plain English and arm you with the "

Autosummary: Get the Guide ️🔥 Trending CVEs CVE-2024-41992, CVE-2024-20481, CVE-2024-20412, CVE-2024-20424, CVE-2024-20329, CVE-2024-38094, CVE-2024-8260, CVE-2024-38812, CVE-2024-9537, CVE-2024-48904 🔔 Top News Severe Cryptographic Flaws in 5 Cloud Storage Providers: Cybersecurity researchers have discovered severe cryptographic issues in end-to-end encrypted (E2EE) cloud storage platforms Sync, pCloud, Icedrive, Seafile, and Tresorit that could be exploited to inject files, tamper with file data, and even gain direct access to plaintext.Cybersecurity researchers have discovered severe cryptographic issues in end-to-end encrypted (E2EE) cloud storage platforms Sync, pCloud, Icedrive, Seafile, and Tresorit that could be exploited to inject files, tamper with file data, and even gain direct access to plaintext.SEC Fines 4 Companies for Misleading SolarWinds Disclosures: The U.S. Securities and Exchange Commission (SEC) charged four public companies, Avaya, Check Point, Mimecast, and Unisys, for making "materially misleading disclosures" related to the large-scale cyber attack that stemmed from the hack of SolarWinds in 2020. The U.S. Securities and Exchange Commission (SEC) charged four public companies, Avaya, Check Point, Mimecast, and Unisys, for making "materially misleading disclosures" related to the large-scale cyber attack that stemmed from the hack of SolarWinds in 2020.4 REvil Members Sentenced in Russia: Four members of the now-defunct REvil ransomware operation, Artem Zaets, Alexei Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov, have been sentenced to several years in prison in Russia.To enhance DNS security, use a privacy-focused resolver that doesn"t track your searches (a private catalog), block malicious sites using a "hosts" file (rip out the cards for dangerous books), and employ a browser extension with DNS filtering (hire a librarian to keep an eye out). "


Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

ciber
2024-10-28 https://securityaffairs.com/170324/security/third-party-identities-cybersecurity-supply-chain.html
A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. Identity-related attack vectors are a significant concern, with a substantial percentage of cyberattacks—often cited as over 70%—involving compromised credentials or identity theft. However, this problem primarily stems from a lack of visibility. Do you […] "

Autosummary: As Guido Gerrits, EMEA Field Channel Director at IAM vendor Thales, explains, The progress of IAM has resulted in the inclusion of functionalities like single sign-on, multi-factor authentication, adaptive access controls, and identity governance.Plus, you can orchestrate user journey flows, customizing fundamental digital interactions like: Onboarding Logins Self-Service With IAM, seamless integration is possible across a range of applications, from WhatsApp to Salesforce to Splunk.Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain Pierluigi Paganini October 28, 2024 October 28, 2024 A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging.As companies jump online, into the cloud, into SaaS, deeper into cyberspace, and further into third-party dependency, locking down their access points is of critical concern. "


SEC Charges 4 Companies Over Misleading SolarWinds Cyberattack Disclosures

ciber
2024-10-25 https://thehackernews.com/2024/10/sec-charges-4-companies-over-misleading.html
The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that stemmed from the hack of SolarWinds in 2020. The SEC said the companies – Avaya, Check Point, Mimecast, and Unisys – are being penalized for how they handled the disclosure process in the aftermath of "

Autosummary: "


What’s more important when hiring for cybersecurity roles?

ciber
2024-10-24 https://www.helpnetsecurity.com/2024/10/24/skills-certifications/

When building a cybersecurity team, you likely asked yourself, “Should I focus on certifications or real-world skills?” And since you rarely encounter entry-level candidates who can hit the ground running, naturally, you’d consider a candidate with both. But that’s not always the best option unless you have the time, money, and patience. One of these factors usually has a priority over the other. Your starting point or a nice-to-have? ISACA’s State of Cybersecurity 2024 Report … More

The post What’s more important when hiring for cybersecurity roles? appeared first on Help Net Security.

"

Autosummary: Sometimes, you’ll need certifications; other times, you’ll need skills, and if you’re lucky, you’ll get a good mix of both! If risk mitigation is your priority, then skilled candidates have the hands-on experience to resolve issues faster; however, they come with a higher initial cost. And since you rarely encounter entry-level candidates who can hit the ground running, naturally, you’d consider a candidate with both. "


Cybersecurity jobs available right now: October 23, 2024

ciber
2024-10-23 https://www.helpnetsecurity.com/2024/10/23/cybersecurity-jobs-available-right-now-october-23-2024/

Cybersecurity Engineer Texas Instruments | USA | On-site – View job details As a Cybersecurity Engineer, you will design, implement and maintain cybersecurity controls for security tools to help drive zero trust and secure by design principles across complex environments. Validate and test security configurations and controls to a variety of security (e.g., firewalls, email gateway, WAFs, DLP, endpoint protection, baselines, etc.). Cyber Security Architect – Product Security Honeywell | USA | On-site – View … More

The post Cybersecurity jobs available right now: October 23, 2024 appeared first on Help Net Security.

"

Autosummary: Senior Manager, IT – Vulnerability and Attack Surface Management Kraft Heinz | Canada | On-site – View job details As a Senior Manager, IT – Vulnerability and Attack Surface Management, you will ensure timely identification, analysis, and remediation of vulnerabilities across all IT assets, including applications, servers, networks, and endpoints. Software Security Manager Ingenico | France | On-site – View job details As a Software Security Manager, you will define the software security strategy aligned with company objectives and regulatory requirements and elaborate with development & operation teams the methods, tools and policies to support the security model, in particular Security by design, Secure Software Development Life Cycle, Vulnerability management, security-awareness trainings. Cyber Security Architect – Product Security Honeywell | USA | On-site – View job details As a Cyber Security Architect -Product Security, you will support secure lifecycle process activities for SaaS and On-Prem Offerings, including security requirements, threat modeling, risk assessment, analysis of findings from penetration tests, and tools. Deputy CISO Novanta | USA | Remote – View job details As a Deputy CISO, you will be responsible for developing and maintaining a security architecture process, the security operations center (SOC), network operations center (NOC) related to security, and compliance strategy that enables the enterprise capabilities that are clearly aligned with business, technology, threat drivers, data privacy and regulations. "


Myths holding women back from cybersecurity careers

ciber
2024-10-22 https://www.helpnetsecurity.com/2024/10/22/dr-kathryn-jones-cardiff-university-women-cybersecurity-career/

In this Help Net Security interview, Dr Kathryn Jones, Head of School, Computer Science and Informatics at Cardiff University, discusses the challenges and misconceptions that deter women from pursuing careers in cybersecurity. Dr Jones also outlines the diverse skills, mentorship, and outreach programs that empower women to thrive in cybersecurity careers. What are some common misconceptions or biases that may deter women from pursuing a career in cybersecurity? One misconception is the stereotype of a … More

The post Myths holding women back from cybersecurity careers appeared first on Help Net Security.

"

Autosummary: At Cardiff School of Computer Science and Informatics, our Director of Teaching, Elaine Haigh, and Dr Yulia Cherdantseva, director or our Academic Centre of Excellence in Cyber Security Education, are both strong leaders with expertise in cybersecurity and play a significant role leading and enhancing our educational offering.Additionally, our Cyber Innovation Hub, led by Professor Pete Burnap, plays a vital role in providing opportunities for individuals to upskill, incubate, and grow start-up ideas.In Wales, for example, the Women in Cyber group offers a well-established community where women can meet regularly to share experiences, discuss challenges, and find support. "


Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks

exploits ciber
2024-10-22 https://thehackernews.com/2024/10/cybercriminals-exploiting-docker-api.html
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. "In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host," researchers Abdelrahman Esmail and Sunil Bharti said in a technical "

Autosummary: "


Evolving cybercriminal tactics targeting SMBs

industry ciber
2024-10-21 https://www.helpnetsecurity.com/2024/10/21/bec-human-error-video/

A recent Todyl report revealed a 558% increase in BEC (Business Email Compromise), AiTM (Adversary-in-the-Middle), and ATO (Account Takeover) attacks in 2024. In this Help Net Security video, David Langlands, Chief Security Officer at Todyl, discusses these evolving cyber threats. Here are the key findings from the report: BEC is evolving as attackers shift from traditional malware to exploiting human error and vulnerable communication channels. Attackers are exploiting gaps in security like the lack of … More

The post Evolving cybercriminal tactics targeting SMBs appeared first on Help Net Security.

"

Autosummary: "


THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)

ciber
2024-10-21 https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats_21.html
Hi there! Here’s your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time. It"s a constant battle. "

Autosummary: " ‎️‍Trending CVEs CVE-2024-38178, CVE-2024-9486, CVE-2024-44133, CVE-2024-9487, CVE-2024-28987, CVE-2024-8963, CVE-2024-40711, CVE-2024-30088, CVE-2024-9164 🔔 Top News Apple macOS Flaw Bypasses Privacy Controls in Safari Browser: Microsoft has disclosed details about a now-patched security flaw in Apple"s Transparency, Consent, and Control (TCC) framework in macOS that could be abused to get around a user"s privacy preferences and access data. Cybersecurity Resources & Insights LIVE Webinars The exact steps that transformed their data security overnight Insider tricks to implement DSPM with minimal disruption The roadmap that slashed security incidents by 70% Join Ian Ahl, Mandiant"s former threat-hunting mastermind, as he: Decrypts LUCR-3"s shadowy tactics that breach 9 out of 10 targets Unveils the Achilles" heel in your cloud defenses you never knew existed Arms you with the counterpunch that leaves LUCR-3 reeling This isn"t a webinar.87,000+ Internet-Facing Fortinet Devices Vulnerable to CVE-2024-23113: About 87,390 Fortinet IP addresses are still likely susceptible to a critical code execution flaw (CVE-2024-23113, CVSS score: 9.8), which was recently added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog. About 87,390 Fortinet IP addresses are still likely susceptible to a critical code execution flaw (CVE-2024-23113, CVSS score: 9.8), which was recently added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog.Google Outlines Two-Pronged Approach to Tackle Memory Safety Challenges: Google said it"s migrating to memory-safe languages such as Rust, Kotlin, Go, as well as exploring interoperability with C++ through Carbon, to ensure a seamless transition. "


U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

ciber
2024-10-18 https://thehackernews.com/2024/10/us-and-allies-warn-of-iranian.html
Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks. "Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain access to organizations in the healthcare and "

Autosummary: The attacks have targeted healthcare, government, information technology, engineering, and energy sectors, per the Australian Federal Police (AFP), the Australian Signals Directorate"s Australian Cyber Security Centre (ACSC), the Communications Security Establishment Canada (CSE), the U.S. Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA). "


How to leverage $200 million FCC program boosting K-12 cybersecurity

ciber
2024-10-18 https://www.bleepingcomputer.com/news/security/how-to-leverage-200-million-fcc-program-boosting-k-12-cybersecurity/
In 2024, the Federal Communications Commission (FCC) launched the K-12 Cybersecurity Pilot Program, a groundbreaking initiative backed by $200 million in funding. Learn more from Cynet about how schools and libraries can apply to this program. [...] "

Autosummary: Long-Term Impact and Cynet’s Role Beyond Funding As a leading provider of cybersecurity solutions with extensive experience in K-12 education, schools, universities, and libraries, Cynet Security is committed to building a resilient digital infrastructure for the entire education sector. With Cynet, schools strengthen their cybersecurity posture, improve their chances of receiving funding, and ensure they’re equipped to combat an ever-evolving threat landscape. "


The role of compromised cyber-physical devices in modern cyberattacks

ciber
2024-10-17 https://www.helpnetsecurity.com/2024/10/17/fyodor-yarochkin-trend-micro-compromised-cyber-physical-devices/

Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution Architect with Trend Micro, believes that getting a better understanding of attackers’ infrastructure leads to a better understanding of the attackers themselves. (The answers have been lightly edited for clarity.) In your talk at Deep Conference next week, you will be talking about cyber-physical devices being compromised and used by cyber criminals and state-sponsored threat … More

The post The role of compromised cyber-physical devices in modern cyberattacks appeared first on Help Net Security.

"

Autosummary: We don’t see so much DDoS, but we see a lot of other unwanted actions, such as web scraping, credential spraying, cryptocurrency pump-and-dump campaigns, scraping of online shops, sneaker bot activity, online ticket speculation, carding (to match geolocation to the card owner location), and so on. Recent botnet disruptions by law enforcement have revealed that botnet operators are currently favoring the 3-Tier architecture: compromised (IoT, server, endpoint) devices make Tier 1, Tier 2 are servers forwarding communications between those devices and the servers issuing orders (Tier 3). Devices that interconnect the physical world give attackers a unique perspective: they allow them to perform on-ground observation of events, to monitor and observe the impact of their attacks, and can even sometimes make an impact on the physical world (although this would normally require them to be connect to some sort of SCADA/ICS equipment). "


Cognizant Neuro Cybersecurity enhances threat detection and response

ciber
2024-10-17 https://www.helpnetsecurity.com/2024/10/17/cognizant-neuro-cybersecurity/

Cognizant announced the debut of Cognizant Neuro Cybersecurity, a new addition to Cognizant’s Neuro suite of platforms, designed to amplify cybersecurity resilience by integrating and orchestrating point cybersecurity solutions across the enterprise. Sophisticated threat actors, hybrid workforces, and the complexity of managing multiple security tools all weigh on an enterprise’s ability to manage cybersecurity risks. Traditional siloed technology and operations often lack the ability to deliver the insights that enable rapid decisions to preserve security … More

The post Cognizant Neuro Cybersecurity enhances threat detection and response appeared first on Help Net Security.

"

Autosummary: “As cybersecurity challenges become increasingly sophisticated and threats more acute, enterprises must adapt continually to remain a step ahead of threat actors,” said Annadurai Elango, EVP and Global Head, Core Technologies and Insights, Cognizant. "


Cybersecurity jobs available right now: October 16, 2024

ciber
2024-10-16 https://www.helpnetsecurity.com/2024/10/16/cybersecurity-jobs-available-right-now-october-16-2024/

Application Security Engineer Cognism | France | Hybrid – View job details As an Application Security Engineer, you will conduct in-depth security assessments of web applications, identifying vulnerabilities using automated tools (e.g., SAST, DAST) and manual techniques. You will analyze source code for security vulnerabilities, focusing on secure coding practices, and provide feedback to developers on mitigating risks. Additionally, you will work with DevOps teams to integrate security testing tools and processes into CI/CD pipelines, … More

The post Cybersecurity jobs available right now: October 16, 2024 appeared first on Help Net Security.

"

Autosummary: Penetration Tester Ekco | Ireland | Hybrid – View job details As a Penetration Tester, you will conduct comprehensive penetration tests on clients’ systems across various platforms (including web applications, thick client applications, infrastructure, APIs, cloud platforms) to identify security vulnerabilities, weaknesses, and potential risks. Lead Detection Engineer UKG | Ireland | Hybrid – View job details As a Lead Detection Engineer, you will be providing hands-on solutions, customization and tuning, automation, dashboards, and use case development for the SIEM, SOAR, and other stakeholder requirements for threat informed defense strategies. Senior Governance Risk and Compliance Specialist Nippon Gases | Italia | Hybrid – View job details As a Senior Governance Risk and Compliance Specialist, you will develop, enhance, operationalize enterprise-level security, risk policies, processes, and controls to mitigate risk and comply with applicable laws and regulations. Cyber Security Engineer DS Smith | United Kingdom | Hybrid – View job details As a Cyber Security Engineer, you will be a member of team of a global network of security specialists supporting business facing operations, ICS/OT, IT, and the digital security function, with a focus on mitigating and reducing the threat levels within the business related to digital services. "


Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)

ciber
2024-10-16 https://www.welivesecurity.com/en/videos/protecting-children-grooming-unlocked-403-cybersecurity-podcast-ep-7/
“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online and even be the start of a predatory relationship "

Autosummary: "


Breaking down the numbers: Q3 2024 cybersecurity funding activity recap

ciber
2024-10-14 https://www.helpnetsecurity.com/2024/10/14/cybersecurity-funding-q3-2024/

We present a list of selected cybersecurity companies that received funding during the third quarter of 2024 (Q3 2024). Apono October | 15.5 million Apono has raised $15.5 million in a Series A funding led by New Era Capital Partners, with participation from Mindset Ventures, Redseed Ventures, Silvertech Ventures, initial seed investors, and more. Chainguard July | $140 million Chainguard has completed a $140 million Series C round of funding led by Redpoint Ventures, Lightspeed … More

The post Breaking down the numbers: Q3 2024 cybersecurity funding activity recap appeared first on Help Net Security.

"

Autosummary: Opnova September | $3.75 million Backed by $3.75 million in pre-seed funding co-led by Faber, ScaleX, and Preface Ventures, Opnova is set to redefine IT operations by addressing the challenges posed by rework—the time spent on repetitive, mundane, yet essential tasks. "


THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 - Oct 13)

ciber
2024-10-14 https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats.html
Hey there, it"s your weekly dose of "what the heck is going on in cybersecurity land" – and trust me, you NEED to be in the loop this time. We"ve got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin – it"s full of stuff they don"t 🤫 want you to know. So let"s jump in before we get FOMO. ⚡ Threat of the Week GoldenJackal Hacks Air-Gapped Systems: Meet "

Autosummary: Gorilla Botnet Launches 300,000 DDoS Attacks Across 100 Countries: A botnet malware family called Gorilla issued over 300,000 attack commands in the month of September 2024 alone, targeting universities, government websites, telecoms, banks, gaming, and gambling sectors.OpenAI Disrupts Malicious Operations: OpenAI said it has disrupted over 20 malicious cyber operations since the start of the year that abused its generative artificial intelligence (AI) chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and vulnerability research. OpenAI said it has disrupted over 20 malicious cyber operations since the start of the year that abused its generative artificial intelligence (AI) chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and vulnerability research." Threat actors have found an effective social engineering vector in phone calls in order to trick users into performing an unintended action, a technique also called telephone-oriented attack delivery (TOAD), callback phishing, and hybrid vishing (a combination of voice and phishing).Social Engineering Via Phone Calls: Threat actors have found an effective social engineering vector in phone calls in order to trick users into performing an unintended action, a technique also called telephone-oriented attack delivery (TOAD), callback phishing, and hybrid vishing (a combination of voice and phishing). 📰 Around the Cyber World Microsoft Announces Windows 11 Security Baseline: Microsoft has released the Windows 11, version 24H2 security baseline with added protections to LAN Manager, Kerberos, User Account Control, and Microsoft Defender Antivirus. "


Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships

ciber
2024-10-14 https://www.welivesecurity.com/en/cybersecurity/aspiring-digital-defender-explore-cybersecurity-internships-scholarships-apprenticeships/
The world needs more cybersecurity professionals – here are three great ways to give you an ‘in’ to the ever-growing and rewarding security industry "

Autosummary: Job security: Almost all industries require cybersecurity, including health, government, education, law, financial services, and manufacturing – cybersecurity roles aren’t going anywhere. Although internships are typically unpaid, several major players, including CISA, DoD, DHS and IBM, offer paid opportunities, ensuring that students at all stages of their cyber journey can get a foot in the door without undue financial stress.The world needs more cybersecurity professionals – here are three great ways to give you an ‘in’ to the ever-growing and rewarding security industry In a day and age where everything is digital, a data breach or cyberattack can cost any organization dearly, affecting it financially, operationally, legally and reputationally – to the point of possibly jeopardizing its very existence. "


What lies ahead for AI in cybersecurity

ciber
2024-10-10 https://www.helpnetsecurity.com/2024/10/10/ai-cybersecurity-potential-video/

AI is becoming recognized for its potential to strengthen cybersecurity measures and tackle the skills gap across various sectors. Its ability to streamline data management processes boosts efficiency and strengthens security protocols. However, the rise of GenAI has raised alarms about the effectiveness of traditional data privacy practices, urging a reevaluation of existing strategies. Aaron Fulkerson, CEO of Opaque, discusses how the weaponization of GenAI has made existing data privacy practices (like masking, anonymization, tokenization, … More

The post What lies ahead for AI in cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

ciber
2024-10-10 https://thehackernews.com/2024/10/cybercriminals-use-unicode-to-hide.html
Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script"s obfuscation, which seemed a bit bizarre because of all the accented characters," Jscrambler researchers said in an analysis. "The heavy use of Unicode characters, many "

Autosummary: Three days later, the other group responded: "I agree 50/50, you can add your code :)" Then on September 30, the first threat actor replied back, stating "Alright ) so how can I contact you though? "


Cybersecurity jobs available right now: October 9, 2024

ciber
2024-10-09 https://www.helpnetsecurity.com/2024/10/09/cybersecurity-jobs-available-right-now-october-9-2024/

Cloud Cybersecurity Analyst III Texas Health and Human Services | USA | Hybrid – View job details As a Cloud CSAIII, you will be responsible for designing, implementing, and managing security solutions for cloud environments. You will ensure that cloud infrastructures are secure, resilient, and compliant with organizational policies and industry regulations. Your role will involve collaborating with various stakeholders to integrate security best practices into cloud solutions, maintaining a robust security posture, and supporting … More

The post Cybersecurity jobs available right now: October 9, 2024 appeared first on Help Net Security.

"

Autosummary: ICT/Cyber Security Engineer Honeywell | Italy | On-site – View job details As an ICT/Cyber Security Engineer, you will contribute to the designing, engineering, configuring, implementing, commissioning, securing and supporting of ICT infrastructure (Server, Storage, Network, Virtual Platforms) and Enterprise Applications at both new and existing client sites. Penetration Tester PepsiCo | USA | Hybrid – View job details As a Penetration Tester, you will conduct penetration tests across Web applications, APIs, mobile applications, infrastructure, cloud environments, and devices. Data Protection Specialist TeamViewer | Germany | Hybrid – View job details As a Data Privacy Specialist, you will play a critical role in ensuring compliance with data protection laws, supporting day-to-day operations and AI-related projects, managing privacy governance, and collaborating with key stakeholders to drive internal compliance and privacy-related improvements across the organization.Drive all phases of penetration tests and red team engagements, including scoping, planning, communications, timelines, and execution of key activities (reconnaissance, vulnerability identification, exploitation, and reporting). Senior Offensive Cyber Security Engineer Astranis Space Technologies | USA | On-site – View job details As a Senior Offensive Cyber Security Engineer, you will conduct penetration testing, vulnerability assessments, and red team exercises across the company’s digital landscape to identify and mitigate potential security threats before they become incidents. "


Recent Dr.Web cyberattack claimed by pro-Ukrainian hacktivists

ciber
2024-10-09 https://www.bleepingcomputer.com/news/security/recent-drweb-breach-claimed-by-dumpforums-pro-ukrainian-hacktivists/
A group of pro-Ukrainian hacktivists has claimed responsibility for the September breach of Russian security company Doctor Web (Dr.Web). [...] "

Autosummary: "We managed to hack into and offload the corporate GitLab server where internal development and projects were stored, the corporate mail server, Confluence, Redmine, Jenkins, Mantis, RocketChat - systems where development was conducted and tasks were discussed," DumpForums said. "


American Water shuts down systems after cyberattack

ciber
2024-10-08 https://www.helpnetsecurity.com/2024/10/08/american-water-cyberattack/

American Water, the largest water and wastewater utility company in the US, has shut down some of its systems following a cyberattack. While the company confirmed that none of its water or wastewater facilities or operations have been negatively affected by the attack, they proactively took their customer portal service (MyWater) offline, and their call center “has limited functionality” while portal is offline. What happened? New Jersey-based American Water is a public utility company with … More

The post American Water shuts down systems after cyberattack appeared first on Help Net Security.

"

Autosummary: "


American Water shut down some of its systems following a cyberattack

ciber
2024-10-08 https://securityaffairs.com/169510/hacking/cyber-attack-hit-american-water.html
American Water, the largest publicly traded water and wastewater utility company in the US, shut down some of its systems following a cyberattack. American Water, the largest U.S. water and wastewater utility company, shut down some systems following a cyberattack. American Water is an American public utility company that, through its subsidiaries, provides water and wastewater services in […] "

Autosummary: American Water shut down some of its systems following a cyberattack Pierluigi Paganini October 08, 2024 October 08, 2024 American Water, the largest publicly traded water and wastewater utility company in the US, shut down some of its systems following a cyberattack. "


OTAVA S.E.C.U.R.E. Score simplifies cybersecurity strategy for businesses

ciber
2024-10-08 https://www.helpnetsecurity.com/2024/10/08/otava-s-e-c-u-r-e-score/

OTAVA introduced the OTAVA S.E.C.U.R.E. Score to help businesses further improve their security posture. The S.E.C.U.R.E. Score is a dynamic metric that assesses vulnerabilities, and makes recommendations on how to close security gaps and minimize risk. The S.E.C.U.R.E. acronym stands for Shrink, Examine, Contain, Undo, Recover, and Evaluate – the incremental steps to understanding areas of vulnerability, and how to protect businesses from evolving and escalating cyber threats. “Businesses continue to face increasing threats of … More

The post OTAVA S.E.C.U.R.E. Score simplifies cybersecurity strategy for businesses appeared first on Help Net Security.

"

Autosummary: S.E.C.U.R.E. Score monitors all relevant areas of the cloud services environment, regardless of the vendor, including monitoring, Security Information and Event Management (SIEM), malware solutions, data protection and disaster recovery solutions, patching, and other areas of vulnerability. "


Cyberattack Group "Awaken Likho" Targets Russian Government with Advanced Tools

government rusia-ucrania ciber
2024-10-08 https://thehackernews.com/2024/10/cyberattack-group-awaken-likho-targets.html
Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. "The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems," Kaspersky said, detailing a new campaign that began in June 2024 and continued at least until "

Autosummary: "


THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)

ciber
2024-10-07 https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats-and.html
Ever heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week"s cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it"s too late! ⚡ Threat of the Week Double Trouble: Evil Corp & LockBit Fall: A consortium of international law enforcement agencies took steps to arrest four "

Autosummary: As of September 21, 2024, 72.4% of CVEs (18,358 CVEs) in the NVD have yet to be analyzed, VulnCheck said, adding "46.7% of Known Exploited Vulnerabilities (KEVs) remain unanalyzed by the NVD (compared to 50.8% as of May 19, 2024)."As of September 21, 2024, 72.4% of CVEs (18,358 CVEs) in the NVD have yet to be analyzed, VulnCheck said, adding "46.7% of Known Exploited Vulnerabilities (KEVs) remain unanalyzed by the NVD (compared to 50.8% as of May 19, 2024)."" A Chinese nation-state actor known as Salt Typhoon penetrated the networks of U.S. broadband providers, including AT&T, Verizon, and Lumen, and likely accessed "information from systems the federal government uses for court-authorized network wiretapping requests," The Wall Street Journal reported.A Chinese nation-state actor known as Salt Typhoon penetrated the networks of U.S. broadband providers, including AT&T, Verizon, and Lumen, and likely accessed "information from systems the federal government uses for court-authorized network wiretapping requests," The Wall Street Journal reported. A group of German researchers has found that current implementations of Resource Public Key Infrastructure (RPKI), which was introduced as a way to introduce a cryptographic layer to Border Gateway Protocol (BGP), "lack production-grade resilience and are plagued by software vulnerabilities, inconsistent specifications, and operational challenges."A group of German researchers has found that current implementations of Resource Public Key Infrastructure (RPKI), which was introduced as a way to introduce a cryptographic layer to Border Gateway Protocol (BGP), "lack production-grade resilience and are plagued by software vulnerabilities, inconsistent specifications, and operational challenges." "


American Water shuts down online services after cyberattack

ciber
2024-10-07 https://www.bleepingcomputer.com/news/security/american-water-shuts-down-online-services-after-cyberattack/
American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack. [...] "

Autosummary: "


MoneyGram confirms hackers stole customer data in cyberattack

financial ciber
2024-10-07 https://www.bleepingcomputer.com/news/security/moneygram-confirms-hackers-stole-customer-data-in-cyberattack/
MoneyGram has confirmed that hackers stole customers" personal information and transaction data in a September cyberattack that caused a five-day outage. [...] "

Autosummary: "


MoneyGram: No evidence ransomware is behind recent cyberattack

financial exploits ransomware ciber
2024-10-05 https://www.bleepingcomputer.com/news/security/moneygram-no-evidence-ransomware-is-behind-recent-cyberattack/
MoneyGram says there is no evidence that ransomware is behind a recent cyberattack that led to a five-day outage in September. [...] "

Autosummary: "After working with leading external cybersecurity experts, including CrowdStrike, and coordinating with U.S. law enforcement, the majority of our systems are now operational, and we have resumed money transfer services," says an email obtained by BleepingComputer. "


Outlast game development delayed after Red Barrels cyberattack

ciber
2024-10-04 https://www.bleepingcomputer.com/news/security/outlast-game-development-delayed-after-red-barrels-cyberattack/
Canadian video game developer Red Barrels is warning that the development of its Outlast games will likely be delayed after the company suffered a cyberattack impacting its internal IT systems and data. [...] "

Autosummary: "The Red Barrels team regrets to announce that its internal IT systems were recently impacted by a cybersecurity event, involving access to some of its data," reads a statement on Red Barrel"s website. "


UK nuclear site Sellafield fined $440,000 for cybersecurity shortfalls

ciber
2024-10-04 https://www.bleepingcomputer.com/news/security/uk-nuclear-site-sellafield-fined-440-000-for-cybersecurity-shortfalls/
Nuclear waste processing facility Sellafield has been fined £332,500 ($440k) by the Office for Nuclear Regulation (ONR) for failing to adhere to cybersecurity standards and putting sensitive nuclear information at risk over four years, from 2019 to 2023. [...] "

Autosummary: The site is involved in retrieving nuclear waste, fuel, and sludge from legacy ponds and silos, storing radioactive materials such as plutonium and uranium, managing spent nuclear fuel rods, and remediating and decommissioning nuclear facilities. "


Sellafield nuclear site hit with £332,500 fine after “significant cybersecurity shortfalls”

ciber
2024-10-04 https://www.bitdefender.com/blog/hotforsecurity/sellafield-nuclear-site-332500-fine-cybersecurity-shortfalls/
The UK"s Sellafield nuclear waste processing and storage site has been fined £332,500 by regulators after its IT systems were found to have been left vulnerable to hackers and unauthorised access for years. Read more in my article on the Hot for Security blog. "

Autosummary: Error. "


Cybercriminals capitalize on poorly configured cloud environments

ciber
2024-10-04 https://www.helpnetsecurity.com/2024/10/04/cloud-environments-attack-surface/

Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface, according to Elastic. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts. The most prevalent malware family observed this year was Cobalt Strike, accounting for 27.02% of infections. Cobalt Strike is a very mature commercial post-exploitation framework with an experienced research and development team. It is so effective … More

The post Cybercriminals capitalize on poorly configured cloud environments appeared first on Help Net Security.

"

Autosummary: Malware families such as Gafgyt (3.12%), Mirai (2.09%), and Bedevil (1.84%) appeared less often than in prior years, which may be a reflection of attempts to neutralize botnets from propagating. "


Cybersecurity hiring slows, pros’ stress levels rise

ciber
2024-10-02 https://www.helpnetsecurity.com/2024/10/02/cybersecurity-professionals-stress-levels-grow/

66% of cybersecurity professionals say their role is more stressful now than it was five years ago, according to ISACA. Major contributors to rising stress levels among cybersecurity professionals According to the data, the top reasons for increased stress among cybersecurity professionals are: An increasingly complex threat landscape (81%) Low budget (45%) Worsening hiring/retention challenges (45%) Insufficiently trained staff (45%) Lack of prioritization of cybersecurity risks (34%). In line with this sentiment around challenging threats, … More

The post Cybersecurity hiring slows, pros’ stress levels rise appeared first on Help Net Security.

"

Autosummary: Major contributors to rising stress levels among cybersecurity professionals According to the data, the top reasons for increased stress among cybersecurity professionals are: An increasingly complex threat landscape (81%) Low budget (45%) Worsening hiring/retention challenges (45%) Insufficiently trained staff (45%) Lack of prioritization of cybersecurity risks (34%). "


Cybersecurity jobs available right now: October 2, 2024

ciber
2024-10-02 https://www.helpnetsecurity.com/2024/10/02/cybersecurity-jobs-available-right-now-october-2-2024/

Applied Cybersecurity Engineer (Center for Securing the Homeland) MITRE | USA | Hybrid – View job details As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to address business and operational challenges, including those related to technical IT and OT systems as well as military and government operations. You will define requirements, develop … More

The post Cybersecurity jobs available right now: October 2, 2024 appeared first on Help Net Security.

"

Autosummary: Director Trust, Data Privacy Roku | United Kingdom | On-site – View job details As a Director Trust, Data Privacy, you will monitor and ensure compliance with regional (GDPR, ePrivacy, CCPA, CPRA, LGPD etc) privacy requirements across Roku’s engineering organizations.Applied Cybersecurity Engineer (Center for Securing the Homeland) MITRE | USA | Hybrid – View job details As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to address business and operational challenges, including those related to technical IT and OT systems as well as military and government operations. Incident Response and Forensics Officer UnionBank of the Philippines | Philippines | On-site – View job details As a Incident Response and Forensics Officer, you will assist in the detection, analysis, and response to security incidents, including malware infections, unauthorized access attempts, and data breaches. Tech Lead for Cyber Defense Operation Center Stellantis | France | On-site – View job details As a Tech Lead for Cyber Defense Operation Center, you will be responsible for designing, implementing, and maintaining the CDOC architecture, tools, and workflows, as well as leading a team of security analysts and engineers. Senior Cyber Security Engineer CommScope | USA | Remote – View job details As a Senior Cyber Security Engineer, you will design, implement, maintain, monitor, and manage cyber security systems and controls. "


SAFE X equips CISOs with integrated data from all their existing cybersecurity products

ciber
2024-10-02 https://www.helpnetsecurity.com/2024/10/02/safe-security-safe-x/

Safe Security launched SAFE X, a generative AI-powered mobile app for CISOs. SAFE X delivers CISOs real-time business impact insights into their cybersecurity posture, enabling better decision-making and risk prioritization. CISOs often invest millions of dollars in building their cyber stacks, yet they lack critical business impact insights to prioritize and protect their organization effectively. Instead, they are bogged down by a patchwork of manual reports and outdated dashboards that lack business context and offer … More

The post SAFE X equips CISOs with integrated data from all their existing cybersecurity products appeared first on Help Net Security.

"

Autosummary: “Unlike traditional solutions, SAFE X offers CISOs a unified platform for daily, on-demand, access to critical cyber risk data, enabling them to make data-driven decisions to protect their business,” said Brandon Pinzon, former CSO of Argo Group. With the launch of SAFE X, CISOs can now prioritize and immediately act on cyber risks that have the greatest material impact on the business—whether financial, reputational, operational, or compliance-related. "


News agency AFP hit by cyberattack, client services impacted

ciber
2024-10-01 https://securityaffairs.com/169175/hacking/news-agency-afp-hit-by-cyberattack-client-services-impacted.html
AFP suffered a cyberattack affecting its IT systems and content delivery for partners, the incident impacted some client services. Agence France-Presse (AFP) reported a cyberattack on Friday that impacted its IT systems and content delivery for partners. The media agency confirmed that the global news coverage remains unaffected, however some client services were impacted. AFP […] "

Autosummary: It is responsible for collecting, verifying, cross-checking and disseminating information, in a neutral, factual form, intended to be used directly by all types of media (radio, television, written press, websites) and also to serve as a source and alert for large companies and administrations. "


Cybersecurity Awareness Month needs a radical overhaul – it needs legislation

ciber
2024-10-01 https://www.welivesecurity.com/en/cybersecurity/cybersecurity-awareness-month-radical-overhaul-legislation/
Despite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practices "

Autosummary: Beyond tips and tricks After a decade of promoting the same guidance (Cybersecurity Awareness Month itself marks its 21st anniversary this year), it’s time for the industry to have a radical rethink and, alongside doing the talking, legislate and enforce better cybersecurity practices, especially where personally identifiable information (PII) or other data of value is at stake.Without even looking at the official theme of this year’s edition of the campaign, I rattled off the usual advice to a colleague last week – use strong and unique passwords, enable multi-factor authentication (MFA), and avoid clicking on phishing links – and sure enough, I captured almost all the main points of this year’s official “Secure Our World” theme. "


THN Cybersecurity Recap: Last Week"s Top Threats and Trends (September 23-29)

ciber
2024-09-30 https://thehackernews.com/2024/09/thn-cybersecurity-recap-last-weeks-top_30.html
Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could"ve opened the door to remote attacks. Google"s switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But it wasn"t all good news – Kaspersky"s forced exit from the US market left users with more "

Autosummary: " A critical firmware supply chain issue known as PKfail (CVE-2024-8105), which allows attackers to bypass Secure Boot and install malware, has been now found to impact more devices, including medical devices, desktops, laptops, gaming consoles, enterprise servers, ATMs, PoS terminals, and even voting machines.A critical firmware supply chain issue known as PKfail (CVE-2024-8105), which allows attackers to bypass Secure Boot and install malware, has been now found to impact more devices, including medical devices, desktops, laptops, gaming consoles, enterprise servers, ATMs, PoS terminals, and even voting machines. 🔒 Tip of the Week Prevent Data Leaks to AI Services: Protect sensitive data by enforcing strict policies against sharing with external AI platforms, deploying DLP tools to block confidential transmissions, restricting access to unauthorized AI tools, training employees on the risks, and using secure, in-house AI solutions.In yet another law enforcement action, the U.S. government charged three Iranian nationals, Masoud Jalili, Seyyed Ali Aghamiri, and Yasar (Yaser) Balaghi, who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data in an attempt to interfere with the upcoming elections."Incorporating Tails into the Tor Project"s structure allows for easier collaboration, better sustainability, reduced overhead, and expanded training and outreach programs to counter a larger number of digital threats," the organizations said. "


Media giant AFP hit by cyberattack impacting news delivery services

ciber
2024-09-30 https://www.bleepingcomputer.com/news/security/media-giant-afp-hit-by-cyberattack-impacting-news-delivery-services/
Global news agency AFP (Agence France-Presse) is warning that it suffered a cyberattack on Friday, which impacted IT systems and content delivery services for its partners. [...] "

Autosummary: " AFP is an award-winning Paris-based news agency with a presence in 150 countries, employing over 2,400 people in 260 cities, and covering news in French, English, Arabic, Portuguese, Spanish, and French. "


A cyberattack on Kuwait Health Ministry impacted hospitals in the country

government ciber
2024-09-28 https://securityaffairs.com/169031/security/cyberattack-on-kuwait-health-ministry-impacted-hospitals.html
The Kuwait Health Ministry is recovering from a cyberattack that disrupted systems at multiple hospitals and disabled the Sahel healthcare app. Kuwait’s Health Ministry was the victim of a cyberattack that took systems at several of the country’s hospitals offline. The cyber attack also impacted the Ministry of Health website, which is still offline, and […] "

Autosummary: "


Developing an effective cyberwarfare response plan

ciber
2024-09-27 https://www.helpnetsecurity.com/2024/09/27/nadir-izrael-armis-ai-cyberwarfare/

In this Help Net Security interview, Nadir Izrael, CTO at Armis, discusses how AI has transformed cyberwarfare by amplifying attacks’ scale and sophistication. Izrael emphasizes the need for AI-powered defenses and proactive cybersecurity strategies to combat these evolving threats. How has adopting AI transformed the nature of cyberwarfare, and what specific capabilities does it offer to threat actors? AI has transformed the nature of cyberwarfare. Threat actors can amplify the scale and sophistication of attacks … More

The post Developing an effective cyberwarfare response plan appeared first on Help Net Security.

"

Autosummary: Armis Labs has identified several threat actors actively using AI to advance their cyber capabilities, including Russian-affiliated Forest Blizzard (APT28), North Korean hackers Emerald Sleet (Kimusky), Iranian threat actors Crimson Sandstorm (Imperial Kitten), and Chinese state-affiliated groups Charcoal Typhoon (Aquatic Panda) and Salmon Typhoon (Maverick Panda).To do this, organizations need a comprehensive strategy that proactively identifies and mitigates cyber asset risks, remediates security findings and vulnerabilities, and protects the entire attack surface.In this Help Net Security interview, Nadir Izrael, CTO at Armis, discusses how AI has transformed cyberwarfare by amplifying attacks’ scale and sophistication. "


Cybersecurity Certifications: The Gateway to Career Advancement

ciber
2024-09-27 https://thehackernews.com/2024/09/cybersecurity-certifications-gateway-to.html
In today"s fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you"re a seasoned cyber professional or just starting your journey, signing up for the GIAC Newsletter ensures you"re always informed and equipped for "

Autosummary: For employers, certified professionals bring enhanced work quality, productivity, and innovation to the table, making certifications a win-win for everyone involved.Furthermore, certified professionals tend to have greater work autonomy, with 74% experiencing more independence, which fosters a culture of innovation within organizations. "


Active Directory compromise: Cybersecurity agencies provde guidance

ciber
2024-09-26 https://www.helpnetsecurity.com/2024/09/26/active-directory-compromise/

Active Directory (AD), Microsoft’s on-premises directory service for Windows domain networks, is so widely used for enterprise identity and access management that compromising it has become almost a standard step in cyber intrusions. “Active Directory is susceptible to compromise due to its permissive default settings, its complex relationships, and permissions; support for legacy protocols and a lack of tooling for diagnosing Active Directory security issues,” Five Eyes cybersecurity agencies have clarified in a recently released … More

The post Active Directory compromise: Cybersecurity agencies provde guidance appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity jobs available right now: September 25, 2024

ciber
2024-09-25 https://www.helpnetsecurity.com/2024/09/25/cybersecurity-jobs-available-right-now-september-25-2024/

CISO Guardz | Israel | Hybrid – View job details As a CISO, you will develop and implement security policies and procedures to enhance the security of the company’s IT environment. Develop, implement, and maintain a comprehensive information security strategy to protect company data, production systems, and networks from threats; ensure compliance with relevant security standards, regulations, and best practices (PCI DSS, SOX, ISO 27001, etc). Cloud Security Architect Nuix | Australia | Hybrid – … More

The post Cybersecurity jobs available right now: September 25, 2024 appeared first on Help Net Security.

"

Autosummary: (Senior) Test Engineer Cybersecurity – SDV Hub CARIAD | Germany | On-site – View job details As a (Senior) Test Engineer Cybersecurity – SDV Hub, you will conduct comprehensive security testing, including penetration testing, vulnerability assessments, and ethical hacking, to identify and address potential security risks in automotive systems.Develop, implement, and maintain a comprehensive information security strategy to protect company data, production systems, and networks from threats; ensure compliance with relevant security standards, regulations, and best practices (PCI DSS, SOX, ISO 27001, etc). Cloud Security Architect Nuix | Australia | Hybrid – View job details As a Cloud Security Architect, you will design, build, and secure cloud architecture on AWS and Azure, utilizing tools like Lacework, Mend, and SonarQube for continuous security and compliance. Information Security and Data Protection Manager Taaleem | UAE | On-site – View job details As an Information Security and Data Protection Manager, you will develop and maintain information security policies, standards, procedures, and guidance. "


Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

exploits ciber
2024-09-25 https://thehackernews.com/2024/09/transportation-companies-hit-by.html
Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as to inject malicious content into existing email conversations. As many "

Autosummary: " The disclosure comes amid the emergence of various stealer malware strains such as Angry Stealer, BLX Stealer (aka XLABB Stealer), Emansrepo Stealer, Gomorrah Stealer, Luxy, Poseidon, PowerShell Keylogger, QWERTY Stealer, Taliban Stealer, X-FILES Stealer, and a CryptBot-related variant dubbed Yet Another Silly Stealer (YASS). "


Arkansas City water treatment facility switched to manual operations following a cyberattack

financial government ciber
2024-09-25 https://securityaffairs.com/168871/hacking/arkansas-city-water-treatment-facility-cyberattack.html
Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations due to a cyberattack. Arkansas City, Kansas, had to switch its water treatment facility to manual operations over the weekend due to a cyberattack that was detected on Sunday. As of the 2020 census, Arkansas City has […] "

Autosummary: "


Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool

exploits ciber
2024-09-25 https://thehackernews.com/2024/09/cybersecurity-researchers-warn-of-new.html
Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers" systems. "It has a standard set of features commonly found in penetration testing tools and its developer created it using the Rust programming language," Unit 42"s Dominik "

Autosummary: "As new APIs are added to Windows, new ideas for injection techniques are appearing," security researcher Aleksandra "Hasherezade" Doniec said. "


Future-proofing cybersecurity: Why talent development is key

ciber
2024-09-24 https://www.helpnetsecurity.com/2024/09/24/jon-france-isc2-cybersecurity-workforce/

In this Help Net Security interview, Jon France, CISO at ISC2, discusses cybersecurity workforce growth. He outlines organizations’ challenges, such as budget constraints and limited entry-level opportunities. France also points to the urgent need to upskill current employees and adopt inclusive hiring practices to tackle the growing skills gap in the industry. The ISC2 report indicates that the growth of the cybersecurity workforce could be more stable. What are the main reasons behind this slowdown, … More

The post Future-proofing cybersecurity: Why talent development is key appeared first on Help Net Security.

"

Autosummary: The most critical gaps identified include skills in AI (34%), cloud security (30%), zero trust (27%), digital forensics (25%), and application security (24%). In Europe, three major causes of skills shortages have been identified: difficulty finding candidates with the right skills (33%), limited budgets (29%), and IT departments introducing new technology without the expertise to secure it (29%).Companies that succeed in recruiting and retaining diverse talent invest in diversity, equity, and inclusion (DEI) initiatives, set measurable diversity goals, and expand recruitment efforts beyond traditional job portals. Organizations must also focus on expanding entry-level opportunities, upskilling current employees, and building more diverse pipelines of talent to bridge the widening skills gap. "


MoneyGram confirms a cyberattack is behind dayslong outage

financial ciber
2024-09-24 https://www.bleepingcomputer.com/news/security/moneygram-confirms-a-cyberattack-is-behind-dayslong-outage/
Money transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday. [...] "

Autosummary: "Upon detection, we immediately launched an investigation and took protective steps to address it, including proactively taking systems offline, which impacted network connectivity. "


A cyberattack on MoneyGram caused its service outage

financial ciber
2024-09-24 https://securityaffairs.com/168827/security/moneygram-outage-caused-by-cyberattack.html
American peer-to-peer payments and money transfer company MoneyGram confirmed that a cyberattack caused its service outage. American interstate and international peer-to-peer payments and money transfer company MoneyGram confirmed that its services are currently unavailable due to a cyberattack. On September 22, the company informed its customers that it was experiencing a network outage impacting connectivity to a number of our systems. The […] "

Autosummary: A cyberattack on MoneyGram caused its service outage Pierluigi Paganini September 24, 2024 September 24, 2024 American peer-to-peer payments and money transfer company MoneyGram confirmed that a cyberattack caused its service outage. "


Kansas water plant cyberattack forces switch to manual operations

ciber
2024-09-24 https://www.bleepingcomputer.com/news/security/kansas-water-plant-cyberattack-forces-switch-to-manual-operations/
Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning. [...] "

Autosummary: U.S. Water and Wastewater Systems (WWS) Sector facilities have also been breached multiple times over the last decade in Ghost, ZuCaNo, and Makop ransomware attacks that impacted a South Houston wastewater treatment plan in 2011, a water company with outdated software and hardware equipment in 2016, the Southern California Camrosa Water District in August 2020, and a Pennsylvania water system in May 2021. "


Organizations are changing cybersecurity providers in wake of Crowdstrike outage

ciber
2024-09-23 https://www.helpnetsecurity.com/2024/09/23/changing-cybersecurity-providers/

More often than not, a cyber attack or a cyber incident that results in business disruption will spur organizations to make changes to improve their cybersecurity and cyber resilience – and sometimes that means changing cybersecurity providers. The recent massive worldwide outage caused by a faulty Crowdstrike sensor content update has had a similar effect on many German organizations, a recent report by the German Federal Office for Information Security (BSI) and Germany’s digital association … More

The post Organizations are changing cybersecurity providers in wake of Crowdstrike outage appeared first on Help Net Security.

"

Autosummary: Increasing network segmentation (49%) Building redundancies in IT (48%) Implementation of zero-trust architecture (39%) Increased use of cloud services (35%) Implementation of offline fallback solutions (31%) Review/adjustment of service level agreements (31%), etc. Interestingly enough, even though two-thirds (64%) of the polled organizations think that an incident like the CrowdStrike outage cannot be completely prevented, 30% have or are planning to diversify IT security solutions they use. "


THN Cybersecurity Recap: Last Week"s Top Threats and Trends (September 16-22)

ciber
2024-09-23 https://thehackernews.com/2024/09/thn-cybersecurity-recap-last-weeks-top.html
Hold on tight, folks, because last week"s cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let"s dive into the details and see what lessons we can glean "

Autosummary: Targets of the campaigns include entities in South Korea and the U.S. 📰 Around the Cyber World Sandvine Leaves 56 "Non-democratic" Countries: Sandvine, the company behind middleboxes that have facilitated the delivery of commercial spyware as part of highly-targeted attacks, said it has exited 32 countries and is in process of ceasing operations in another 24 countries, citing elevated threats to digital rights." 🔥 Cybersecurity Resources & Insights — Upcoming Webinars Zero Trust: Anti-Ransomware Armor : Join our next webinar with Zscaler"s Emily Laufer for a deep dive into the 2024 Ransomware Report, uncovering the latest trends, emerging threats, and the zero-trust strategies that can safeguard your organization.The botnet consisted of over 260,000 devices in June 2024, with victims scattered across North America, Europe, Asia, Africa, and Oceania, and South America."The misuse of deep packet inspection technology is an international problem that threatens free and fair elections, basic human rights, and other digital freedoms we believe are inalienable," it said."The misuse of deep packet inspection technology is an international problem that threatens free and fair elections, basic human rights, and other digital freedoms we believe are inalienable," it said. Sandvine, the company behind middleboxes that have facilitated the delivery of commercial spyware as part of highly-targeted attacks, said it has exited 32 countries and is in process of ceasing operations in another 24 countries, citing elevated threats to digital rights. "


Cybersecurity and compliance: The dynamic duo of 2024

ciber
2024-09-23 https://grahamcluley.com/feed-sponsor-manageengine/
Graham Cluley Security News is sponsored this week by the folks at ManageEngine. Thanks to the great team there for their support! It’s almost the end of 2024, and one thing is clear: cybersecurity and compliance are no longer optional; they’re inseparable pillars of survival. This year has seen some of the most severe cyber … Continue reading "Cybersecurity and compliance: The dynamic duo of 2024" "

Autosummary: By automating patches, detecting vulnerabilities, and managing configurations, it ensures that your endpoints – the most vulnerable entry points for attackers – are fortified, compliant, and resilient.Learn firsthand from industry experts about real-world breaches, the financial havoc they wreaked, and, most importantly, how they could have been avoided. Enter ManageEngine: Your Cybersecurity and Compliance Savior In the midst of this chaos, ManageEngine has proven itself as a trusted partner for organizations grappling with the twin challenges of compliance and cybersecurity. "


Striking the balance between cybersecurity and operational efficiency

ciber
2024-09-20 https://www.helpnetsecurity.com/2024/09/20/michael-oberlaender-flexible-cybersecurity-strategy/

In this Help, Net Security interview, Michael Oberlaender, ex-CISO, and book author, discusses how to strike the right balance between security and operational efficiency. Oberlaender advises companies starting their cybersecurity journey and stresses the importance of aligning with various frameworks. He also introduces his latest book, which provides insights into the CISO role and effective cybersecurity leadership. How do you balance the need for security with operational efficiency and flexibility in an organization’s cybersecurity strategy? … More

The post Striking the balance between cybersecurity and operational efficiency appeared first on Help Net Security.

"

Autosummary: Establish your security operations center (SOC), perform consistent, immutable backups (on non-online systems), rollout some antimalware features, get your identity and access management (IAM) in order, build your fortress with firewalls, DMZs, zero trust networks, cloud security zones, develop your encryption vision, key management systems, activate the encryption and perform key rotation.ISO27XXX, NIST-800-XXX, NIST CSF, CIS, COBIT, COSO, ITIL, PCI, OWASP, plus a plethora of others, plus all the regulations. On the opposite side, the far right lane (truck lane, again, if not in left-hand traffic) is where security is overburdened, many controls, not all of them making sense, poor implementation, and slowing down all following traffic). "


Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

exploits ciber
2024-09-20 https://thehackernews.com/2024/09/critical-ivanti-cloud-appliance.html
Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the company as part of CSA 4.6 Patch 519 and CSA 5.0. "Path Traversal in the Ivanti CSA before 4.6 Patch "

Autosummary: "


Healthcare"s Diagnosis is Critical: The Cure is Cybersecurity Hygiene

ciber
2024-09-19 https://thehackernews.com/2024/09/healthcares-diagnosis-is-critical-cure.html
Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital"s systems are held hostage by ransomware, it’s not just data at risk — it’s the care of patients who depend on life-saving treatments. Imagine an attack that forces emergency care to halt, surgeries "

Autosummary: Criminals target systems with vulnerabilities in basic areas, such as unpatched software, unsafe network services, and unencrypted web communications​. These weaknesses provide easy entry points for attackers, allowing them to compromise critical systems and, ultimately, hold organizations hostage with ransomware.Cybercriminals target suppliers, partners, and other third-party entities that may have weaker cybersecurity defenses​. Healthcare organizations must scrutinize their suppliers" cybersecurity hygiene, ensuring they meet high standards of protection and continuously monitoring them for potential vulnerabilities. By assigning A to F cybersecurity hygiene ratings across multiple domains, including software patching, network filtering, and web encryption, RiskRecon helps organizations identify their vulnerabilities and prioritize areas for improvement​.Healthcare accounted for 17.8% of all breach events and 18.2% of destructive ransomware events since 20121, surpassing other sectors like finance, government, and education. "


Antivirus firm Dr.Web disconnected all servers following a cyberattack

ciber
2024-09-19 https://securityaffairs.com/168577/hacking/antivirus-firm-dr-web-suffers-cyberattack.html
Russian anti-virus firm Doctor Web (Dr.Web) disconnected all servers following a cyberattack over the weekend. This week, the Russian anti-malware firm Doctor Web (Dr.Web) announced that it had disconnected all servers following a cyberattack on Saturday, September 14. The company revealed it has detected “signs of unauthorised interference” to its IT infrastructure. The company pointed […] "

Autosummary: Antivirus firm Dr.Web disconnected all servers following a cyberattack Pierluigi Paganini September 19, 2024 September 19, 2024 Russian anti-virus firm Doctor Web (Dr.Web) disconnected all servers following a cyberattack over the weekend. "


Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6)

ciber
2024-09-19 https://www.welivesecurity.com/en/videos/influencing-influencers-unlocked-403-cybersecurity-podcast-ep-6/
How do analyst relations professionals "sort through the noise" and help deliver the not-so-secret sauce for a company"s success? We spoke with ESET"s expert to find out. "

Autosummary: "


Cybersecurity jobs available right now: September 18, 2024

ciber
2024-09-18 https://www.helpnetsecurity.com/2024/09/18/cybersecurity-jobs-available-right-now-september-18-2024/

Application Security Engineer CHANEL | France | On-site – View job details As an Application Security Engineer, you will perform application-focus, offensive, security assessments of existing and upcoming Chanel’s features and products. Enforce smart CI/CD security tooling (SAST, dependencies checker, IAST, RASP). Identify vulnerability in the source code and design of our products. Fix vulnerabilities or support development team on fixing. Maintain and contribute to Chanel’s Secure Development Lifecycle. Contribute to our Red Team / … More

The post Cybersecurity jobs available right now: September 18, 2024 appeared first on Help Net Security.

"

Autosummary: Senior Red Team Operator Deloitte | Australia | On-site – View job details As a Senior Red Team Operator, you will deliver red team campaigns by performing intelligence gathering on target networks, people, processes, and technologies, finding creative ways to gain a foothold in target networks, delivering malware and establishing command and control (C2), and moving stealthily within target networks to achieve campaign objectives while remaining undetected by blue teams. Senior Engineer – Application Security Trust in SODA | Ireland | Remote – View job details As a Senior Engineer – Application Security, you will design, develop, test, deploy and maintain SAST, SCA and secret scanning tools into the CI/CD pipeline and developer workflow tools. Senior Security Engineer Avrioc Technologies | UAE | On-site – View job details As a Senior Security Engineer, you will design, implement, and manage SIEM, PAM, and DAM solutions to secure access to critical systems and sensitive data. Network and Security Engineer SiPearl | France | Hybrid – View job details As a Network and Security Engineer, you will manage the company’s networks (2 data centers in France, offices in France, Germany, Spain, and remote offices). Malware Reverse Engineer IBM | Philippines | On-site – View job details As a Malware Reverse Engineer, you will completely reverse engineer malicious software, write detailed reports on command functionality, malware communications, and encryption mechanisms, and develop targeted python scripts to support identification and automation efforts. Senior Manual Ethical Hacker Bank of America | United Kingdom | On-site – View job details As a Senior Manual Ethical Hacker, you will assess company’s application security by conducting penetration tests, evaluate both internal and external web, mobile, and web service applications. "


The cybersecurity workforce of the future requires diverse hiring practices

ciber
2024-09-17 https://www.helpnetsecurity.com/2024/09/17/cybersecurity-workplace-skills-shortage/

The global cybersecurity workforce gap reached a new high with an estimated 4.8 million professionals needed to effectively secure organizations, a 19% year-on-year increase, according to ISC2. Despite the growing need for professionals, global workforce growth has slowed for the first time since ISC2 began estimating the workforce size six years ago, holding at an estimated 5.5 million people (a 0.1% year-on-year increase). This contrasts with last year, when the workforce grew 8.7% year-on-year despite … More

The post The cybersecurity workforce of the future requires diverse hiring practices appeared first on Help Net Security.

"

Autosummary: While 74% of professionals agree that the 2024 threat landscape is the most challenging it has been in the last five years, budget pressures on the cybersecurity workforce include: 37% experiencing budget cuts (+7% from 2023) 25% experiencing layoffs in their cybersecurity team (+3% from 2023) 38% experiencing hiring freezes (+6% from 2023) 32% seeing fewer promotions (+6% from 2023) Skills gaps put organizations at risk This year, a record 15,852 cybersecurity practitioners and decision-makers participated in the study. "


Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

financial exploits ciber
2024-09-16 https://thehackernews.com/2024/09/cybercriminals-exploit-http-headers-for.html
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users" credentials. "Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content," Palo Alto "

Autosummary: Dubbed Greasy Opal by Arkose Labs, the Czech Republic-based "cyber attack enablement business" is believed to have been operational since 2009, offering to customers a toolkit of sorts for credential stuffing, mass fake account creation, browser automation, and social media spam at a price point of $190 and an additional $10 for a monthly subscription. Over 36% of the attacks have singled out the business-and-economy sector, followed by financial services (12.9%), government (6.9%), health and medicine (5.7%), and computer and internet (5.4%). "


RansomHub claims Kawasaki cyberattack, threatens to leak stolen data

ciber
2024-09-13 https://www.bleepingcomputer.com/news/security/ransomhub-claims-kawasaki-cyberattack-threatens-to-leak-stolen-data/
Kawasaki Motors Europe has announced that it"s recovering from a cyberattack that disrupted service disruptions as the RansomHub ransomware gang threatens to leak stolen data. [...] "

Autosummary: With the influx of skilled affiliates, RansomHub has seen a surge in successful attacks, including those against a division of Rite Aid, Frontier, Planned Parenthood, Halliburton, Christie"s, Last month, a joint advisory between the FBI, CISA, and the Department of Health and Human Services (HHS) reported that RansomHub breached 210 victims from a wide range of critical U.S. infrastructure sectors since it launched in February. "


Internal disconnects vs. cybersecurity: How connectivity shapes challenges

ciber
2024-09-12 https://www.helpnetsecurity.com/2024/09/12/organizations-technology-connectivity-advantages/

Concerns about the trustworthiness of internal data exist in nearly all organizations globally, according to TeamViewer. 99% of business leaders pointed to factors undermining trust in internal data, citing multiple versions of the truth (38%), conflicting data management practices (32%) and too many instances of poor hardware reliability (31%) as top reasons for mistrust. Organizations face technology connectivity gaps Interestingly this mistrust of internal data varies across company size. It is more likely to be … More

The post Internal disconnects vs. cybersecurity: How connectivity shapes challenges appeared first on Help Net Security.

"

Autosummary: When asked how seamless technology connectivity could help their organization: 80% of respondents state is allows for better customer interactions and increases customer satisfaction 81% say it enables better innovation 82% believe it allows more time for considered decision making 86% consider it an important aspect of working at their company increasing talent retention The research also uncovered a correlation between excellent connectivity and industry leadership, with 33% of business leaders at organizations with excellent technology connectivity saying their financial performance is among the leaders in their industry. "


Top priorities for federal cybersecurity: Infrastructure, zero trust, and AI-driven defense

ciber
2024-09-12 https://www.helpnetsecurity.com/2024/09/12/erica-banks-booz-allen-hamilton-federal-cybersecurity/

In this Help Net Security, Erica Banks, VP and a leader in Booz Allen’s civilian services business, discusses the Federal Cybersecurity Strategy’s role in safeguarding national assets. Banks outlines key areas for improvement, including funding, talent retention, and leveraging AI for enhanced cyber defense. The Federal Cybersecurity Strategy is a crucial part of protecting national assets. How effective do you think the current strategy is in mitigating cyber threats, and what areas need more attention … More

The post Top priorities for federal cybersecurity: Infrastructure, zero trust, and AI-driven defense appeared first on Help Net Security.

"

Autosummary: Given the diverse range of missions these federal agencies support, it is essential that they are protected against disruptive cyber threats, and zero trust principles — assume a breach; never trust, always verify; allow only least-privileged access – can provide protection in real time.With the National Cyber Strategy Implementation Plan pushing for a more aggressive approach to cyber preparedness and constant attacks increasing the pressure for accountability, companies and the U.S. government need to be strategically allocating roles, responsibilities, and resources to outpace evolving threats. Banks outlines key areas for improvement, including funding, talent retention, and leveraging AI for enhanced cyber defense. "


Benefits and best practices of leveraging AI for cybersecurity

ciber
2024-09-12 https://www.helpnetsecurity.com/2024/09/12/benefits-best-practices-ai-cybersecurity-video/

AI has become a key player in protecting valuable organizational insights from threats. Thanks to AI-enabled data protection practices such as behavior monitoring, enterprises no longer have to be reactive to a cyberattack but can be proactive before a potential threat arises. In this Help Net Security video, Andrew Riddell, Principal Cybersecurity Architect, Logicalis US, explains the benefits and best practices of leveraging AI for cybersecurity.

The post Benefits and best practices of leveraging AI for cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Suspect arrested over the Transport for London cyberattack

ciber
2024-09-12 https://www.helpnetsecurity.com/2024/09/12/suspect-arrested-tfl-cyberattack/

The UK National Crime Agency has arrested and detained a suspect – a 17-year-old male in Walsall (West Midlands) – on suspicion of Computer Misuse Act offences in relation to the Transport for London (TfL) cyberattack, the agency has announced today. Also today, TfL has provided some insight into what their investigation has discovered, namely, that the attack was fist noticed on September 1 (Sunday), and that some customer data has been accessed – though … More

The post Suspect arrested over the Transport for London cyberattack appeared first on Help Net Security.

"

Autosummary: "


Transport for London confirms customer data stolen in cyberattack

ciber
2024-09-12 https://www.bleepingcomputer.com/news/security/transport-for-london-confirms-customer-data-stolen-in-cyberattack/
Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses. [...] "

Autosummary: Last Friday, TfL staff was still facing system outages and disruptions, including the inability to respond to customer requests submitted via online forms, issue refunds for journeys paid with contactless methods, and more. "


Cybersecurity giant Fortinet discloses a data breach

financial ciber
2024-09-12 https://securityaffairs.com/168332/data-breach/fortinet-disclosed-a-data-breach.html
Fortinet disclosed a data breach after a threat actor claimed the theft of 440GB of files from the company’s Microsoft Sharepoint server. Today, Fortinet told Cyber Daily that a threat actor gained unauthorized access to a third-party service it used. “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance […] "

Autosummary: “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and we have communicated directly with customers as appropriate,” a company spokesman told Cyber Daily. "


Cybersecurity is a fundamental component of patient care and safety

ciber
2024-09-11 https://www.helpnetsecurity.com/2024/09/11/patient-care-cybersecurity/

Healthcare institutions are custodians of vast repositories of sensitive patient data, encompassing comprehensive health histories, insurance profiles, and billing data. The ramifications of a data breach often extend far beyond the immediate task of patching the vulnerabilities and notifying the affected parties. Often, the less visible costs of these incidents can be equally, if not more, devastating to healthcare providers and the patients they serve. The aftermath of a cyberattack can reverberate for months, impacting … More

The post Cybersecurity is a fundamental component of patient care and safety appeared first on Help Net Security.

"

Autosummary: Cyber threats impact everyone, from doctors and nurses to IT staff, administrators, and patients, which is why protections and policies must be equally as widespread throughout healthcare providers’ workflows. The aftermath of a cyberattack can reverberate for months, impacting an organization from legal, financial, operational, and empathetic standpoints. "


Cybersecurity jobs available right now: September 11, 2024

ciber
2024-09-11 https://www.helpnetsecurity.com/2024/09/11/cybersecurity-jobs-available-right-now-september-11-2024/

ACISO HTX | Singapore | Hybrid – View job details As an ACISO, you will formulate Agency ICT security strategy and work plan, alignment to MHA and HTX’s IT & Cybersecurity strategic directions. Evaluate existing IT environment against MHA and HTX’s IT & Cybersecurity strategic directions. Ensure security governance, compliance by implementing cyber security risk assessment and risk acceptance at appropriate Agency stakeholders. Review, endorse, develop risk management and mitigation plans. Audit / Risk / … More

The post Cybersecurity jobs available right now: September 11, 2024 appeared first on Help Net Security.

"

Autosummary: Engineer – Artificial Intelligence Presight | UAE | On-site – View job details As an Engineer – Artificial Intelligence, you will design, develop, and optimize computer vision algorithms and models for various surveillance applications, including object detection, tracking, activity recognition, and anomaly detection. Junior Cybersecurity Engineer Quintech Electronics & Communications | USA | On-site – View job details As a Junior Cybersecurity Engineer, you will assist with configuration and management for network devices and security, manage identity and access authorization, process access requests to network resources, including network shares, firewall ACLs, etc. Evaluate and decrease instances of inappropriate or excessive access to promote the principle of least privilege. Principal Associate, Penetration Tester Capital One | USA | Hybrid – View job details As a Principal Associate, Penetration Tester, you will perform penetration testing of APIs, web applications, networks, and cloud services, as well as related applications and infrastructure. Audit / Risk / Compliance Manager Hapag-Lloyd AG | India | On-site – View job details As an Audit / Risk / Compliance Manager, you will design and implement a governance framework specific to IT Infrastructure and Operations to track, manage, and resolve audit findings, risks, and compliance issues. IAM Systems Engineer AIDA Cruises | Germany | Hybrid – View job details As a IAM Systems Engineer, you will be responsibile for the development, maintenance and implementation of IAM systems including User lifecycle Management, authentication, and access controls ensuring confidentiality, integrity and availability of IAM systems and data. "


Highline Public Schools school district suspended its activities following a cyberattack

ciber
2024-09-11 https://securityaffairs.com/168305/cyber-crime/highline-public-schools-school-district-cyberattack.html
Highline Public Schools, a school district in Washington state, remains closed following a cyberattack that occurred two days ago. Two days ago Highline Public Schools (HPS), a school district in Washington state, suffered a cyber attack that caused a significant disruption of its activities. Highline Public Schools (HPS) is a public school district in King County, headquartered in Burien, Washington, […] "

Autosummary: Highline Public Schools school district suspended its activities following a cyberattack Pierluigi Paganini September 11, 2024 September 11, 2024 Highline Public Schools, a school district in Washington state, remains closed following a cyberattack that occurred two days ago. "


33 open-source cybersecurity solutions you didn’t know you needed

ciber
2024-09-10 https://www.helpnetsecurity.com/2024/09/10/open-source-cybersec-tools/

Open-source cybersecurity tools provide transparency and flexibility, allowing users to examine and customize the source code to fit specific security needs. These tools make cybersecurity accessible to a broader range of organizations and individuals. In this article, you will find a list of 33 open-source cybersecurity tools for Linux, Windows, and macOS that you should consider to enhance protection and stay ahead of potential threats. Authentik: Open-source identity provider Authentik is an open-source identity provider … More

The post 33 open-source cybersecurity solutions you didn’t know you needed appeared first on Help Net Security.

"

Autosummary: SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting SELKS is a free, open-source, turnkey solution for Suricata-based network intrusion detection and protection (IDS/IPS), network security monitoring (NSM), and threat hunting. Cilium: Open-source eBPF-based networking, security, observability Cilium is an open-source, cloud-native solution that leverages eBPF technology in the Linux kernel to provide, secure, and monitor network connectivity between workloads. Sinon: Open-source automatic generative burn-in for Windows deception hosts Sinon is an open-source, modular tool for the automatic burn-in of Windows-based deception hosts. Ghidra: Open-source software reverse engineering framework Ghidra, a cutting-edge open-source software reverse engineering (SRE) framework, is a product of the National Security Agency (NSA) Research Directorate. "


Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia

ciber
2024-09-10 https://thehackernews.com/2024/09/experts-identify-3-chinese-linked.html
A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as part of a renewed state-sponsored operation codenamed Crimson Palace, indicating an expansion in the scope of the espionage effort. Cybersecurity firm Sophos, which has been monitoring the cyber offensive, said it comprises three intrusion sets tracked as Cluster "

Autosummary: " In a nutshell, the three clusters work hand in hand, while simultaneously focusing on specific tasks in the attack chain: infiltrating target environments and conducting reconnaissance (Alpha), burrow deep into the networks using various C2 mechanisms (Bravo), and exfiltrating valuable data (Charlie). "


Poland thwarted cyberattacks that were carried out by Russia and Belarus

ciber
2024-09-10 https://securityaffairs.com/168258/cyber-warfare-2/poland-thwarted-cyberattacks-russia-and-belarus.html
Poland ‘s security officials announced that they successfully thwarted cyberattacks that were carried out by Russia and Belarus. Poland security services announced they have thwarted a cyber operation orchestrated by Russia and Belarus, aimed at destabilizing the country, according to Deputy Prime Minister and Minister for digital affairs Krzysztof Gawkowski. “The Belarusian and Russian foreign […] "

Autosummary: In April 2022, the same group claimed the responsibility for DDoS attacks on the sites of institutions in states such as the USA, Estonia, Poland, the Czech Republic, and also on NATO sites. “Poland has registered up to 1,000 online attacks daily targeting government institutions and agencies, officials said, linking them to the country’s support for neighboring Ukraine in its 2 1/2-year war against Russia’s invasion.” reported the Associated Press. "


AI cybersecurity needs to be as multi-layered as the system it’s protecting

ciber
2024-09-09 https://www.helpnetsecurity.com/2024/09/09/ai-cybersecurity-needs/

Cybercriminals are beginning to take advantage of the new malicious options that large language models (LLMs) offer them. LLMs make it possible to upload documents with hidden instructions that are executed by connected system components. This is a boon to cybercriminals and, thus, a substantive risk to the enterprises using them. LLMs can be tricked in many ways. Cybercriminals can input malicious prompts that trick the LLM into overriding its guardrails (i.e., generating harmful outputs), … More

The post AI cybersecurity needs to be as multi-layered as the system it’s protecting appeared first on Help Net Security.

"

Autosummary: Examples of these attacks include full-scale tax fraud in China, where attackers fraudulently acquired $77 million by creating fake shell companies and sending invoices to victims the tax system recognized as clients, and unemployment claim fraud in California, in which attackers withdrew $3.4 million in falsified unemployment benefits by collecting real identities to create fake driver licenses, thus exploiting flaws in the system’s identity verification process.From there, cybersecurity solutions fall into four key categories: design, development, deployment, and operation. "


Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

exploits ciber
2024-09-09 https://thehackernews.com/2024/09/chinese-hackers-exploit-visual-studio.html
The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia. "This threat actor used Visual Studio Code"s embedded reverse shell feature to gain a foothold in target networks," Palo Alto Networks Unit 42 researcher Tom Fakterman said in a "

Autosummary: Mustang Panda, also known by the names BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, RedDelta, and Red Lich, has been operational since 2012, routinely conducting cyber espionage campaigns targeting government and religious entities across Europe and Asia, particularly those located in South China Sea countries. "


Highline Public Schools closes schools following cyberattack

ciber
2024-09-09 https://www.bleepingcomputer.com/news/security/highline-public-schools-closes-schools-following-cyberattack/
Highline Public Schools, a K-12 district in Washington state, has shut down all schools and canceled school activities after its technology systems were compromised in a cyberattack. [...] "

Autosummary: In a statement issued Monday, the district confirmed that all schools would remain closed, and all activities, including athletics and meetings, would be canceled on September 9. "


Transport for London staff faces systems disruptions after cyberattack

ciber
2024-09-06 https://www.bleepingcomputer.com/news/security/transport-for-london-staff-faces-systems-disruptions-after-cyberattack/
​Transport for London, the city"s public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack. [...] "

Autosummary: "Many of our staff have limited access to systems and email and, as a result, we may be delayed or unable to respond to your query or any webforms previously submitted," TfL said in a Friday update. "


How to gamify cybersecurity preparedness

ciber
2024-09-05 https://www.helpnetsecurity.com/2024/09/05/cybersecurity-preparedness-training/

Organizations’ preparedness and resilience against threats isn’t keeping pace with cybercriminals’ advancements. Some CEOs still believe that cybersecurity requires episodic intervention rather than ongoing attention. That isn’t the reality for many companies; cyber threat preparedness requires a concerted training effort, so cybersecurity teams are ready when an attack occurs. Cybersecurity practitioners often share curiosity as a key personality trait, and many enjoy hands-on learning approaches. This naturally makes gamified experiences like competitions and capture-the-flags a … More

The post How to gamify cybersecurity preparedness appeared first on Help Net Security.

"

Autosummary: Gamified training unearths unexpected skills Technical acumen on cybersecurity teams is table stakes – gamified training helps uncover and develop the soft skills needed to successfully thwart or remediate a threat, such as empathy, delegation, and time management. Understanding company priorities, initiatives, and risks With the cost of a data breach nearing $4.5 million, organizations can’t afford to have teams at odds during an emergency, when every minute counts. "


Planned Parenthood confirms cyberattack as RansomHub claims breach

ciber
2024-09-05 https://www.bleepingcomputer.com/news/security/planned-parenthood-confirms-cyberattack-as-ransomhub-claims-breach/
Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage. [...] "

Autosummary: Planned Parenthood listed on RansomHub"s extortion site Source: BleepingComputer Last week, the FBI, CISA, the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS) issued a joint advisory about RansomHub"s trend of targeting healthcare organizations, of which this is another example. "


The future of automotive cybersecurity: Treating vehicles as endpoints

industry ciber
2024-09-05 https://www.helpnetsecurity.com/2024/09/05/automotive-cybersecurity-future/

The automotive industry is facing many of the same cybersecurity risks and threats that successful organizations in other sectors are up against, but it’s also battling some distinct ones. In this Help Net Security interview, Josh Smith, Principal Threat Analyst at Nuspire – a managed security services provider that has deep roots in the automotive sector and protects clients like GM and Subaru – talks about the present risks and threats and opines on the … More

The post The future of automotive cybersecurity: Treating vehicles as endpoints appeared first on Help Net Security.

"

Autosummary: Advanced persistent threat groups, such as APT4, APT6 and APT37, are notorious for their focus on intellectual property theft, especially in industries where proprietary technology and competitive advantage are critical. Given the proprietary nature and immense competitive value of automotive technology, these firms must be particularly vigilant against espionage attempts, as the consequences of a successful attack could be devastating both financially and reputationally, potentially leading to lost market share and long-term erosion of trust. In this Help Net Security interview, Josh Smith, Principal Threat Analyst at Nuspire – a managed security services provider that has deep roots in the automotive sector and protects clients like GM and Subaru – talks about the present risks and threats and opines on the future of automotive cybersecurity. Every technology, no matter how advanced, comes with its own set of weaknesses, and automotive technology is no exception. "


NIST Cybersecurity Framework (CSF) and CTEM – Better Together

ciber
2024-09-05 https://thehackernews.com/2024/09/nist-cybersecurity-framework-csf-and.html
It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally "

Autosummary: It"s a comprehensive collection of guidelines, best practices, and recommendations, divided into five core functions: Identify, Protect, Detect, Respond, and Recover.To make this happen, CTEM programs integrate advanced tech like exposure assessment, security validation, automated security validation, attack surface management, and risk prioritization. 2.0 brings with it some changes; among other advancements, it adds in "Govern" as a first step, because, according to ISC.2.org, "the CSF"s governance component emphasizes that cybersecurity is a major source of enterprise risk that senior leaders must consider alongside others such as finance and reputation. "


Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords

ciber
2024-09-05 https://www.bleepingcomputer.com/news/security/hacker-trap-fake-onlyfans-tool-backstabs-cybercriminals-steals-passwords/
Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. [...] "

Autosummary: Malicious GitHub repository Source: Veriti Specifically, the GitHub repository contains executables that resemble checkers for Disney+ accounts, Instagram, and a supposed Mirai botnet builder: Disney+ account thieves are targeted with "DisneyChecker.exe" Instagram hackers are lured by "InstaCheck.exe" Wannabe botnet creators are lured with "ccMirai.exe" Digging deeper into the malware"s communications, Veriti"s researchers found a set of ".shop" domains that acted as command and control (C2) servers, sending commands to Lumma and receiving the exfiltrated data. "


Cybersecurity jobs available right now: September 4, 2024

ciber
2024-09-04 https://www.helpnetsecurity.com/2024/09/04/cybersecurity-jobs-available-right-now-september-4-2024/

Cyber Systems Operations United States Air Force | USA | On-site – View job details The United States Air Force is looking for a Cyber Systems Operations Specialist to design, install, and support systems to ensure they operate properly and remain secure from outside intrusion. Cloud Security Service Manager SAP Fioneer | Germany | Remote – View job details You will be responsible for driving continuous improvement of security standards and system hardening, supporting audits … More

The post Cybersecurity jobs available right now: September 4, 2024 appeared first on Help Net Security.

"

Autosummary: Cyber Security Analyst Suncare Community Services | Australia | On-site – View job details In the role of Cyber Security Analyst within the ICT team, you will play a role in safeguarding our ICT infrastructure and data by implementing and maintaining robust security practices, controlling access to ICT systems, supporting the ISMS, and conducting regular audits to identify and mitigate potential risks. "


Protecting national interests: Balancing cybersecurity and operational realities

ciber
2024-09-04 https://www.helpnetsecurity.com/2024/09/04/david-ferbrache-beyond-blue-national-cybersecurity/

With cyber threats becoming increasingly sophisticated and targeting critical infrastructure, in this Help Net Security interview, David Ferbrache, managing director of Beyond Blue, discusses the current state of cybersecurity readiness and resilience. Ferbrache talks about the complexities of managing both traditional and digital infrastructures, the critical role of regulatory bodies, the urgent need for public and private sector collaboration to counteract these threats, and much more. With the increasing sophistication of cyber threats targeting national … More

The post Protecting national interests: Balancing cybersecurity and operational realities appeared first on Help Net Security.

"

Autosummary: While we still depend on traditional national infrastructure providers like water, oil, gas, and electricity, we increasingly rely on the digital ecosystem.With cyber threats becoming increasingly sophisticated and targeting critical infrastructure, in this Help Net Security interview, David Ferbrache, managing director of Beyond Blue, discusses the current state of cybersecurity readiness and resilience. Cybersecurity is one of the most evolving aspects of national security, with a changing threat landscape, new attack tactics, and an increasingly complex and interdependent critical national infrastructure. "


Microchip Technology confirms data was stolen in cyberattack

ciber
2024-09-04 https://www.bleepingcomputer.com/news/security/microchip-technology-confirms-data-was-stolen-in-cyberattack/
American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang. [...] "

Autosummary: Microchip Technology entry on Play ransomware"s leak site (BleepingComputer) ​They claimed to have stolen a wide range of information from Microchip Technology"s compromised systems, including "private and personal confidential data, clients documents, budget, payroll, accounting, contracts, taxes, IDs, finance information," and more. "


Halliburton confirms data stolen in recent cyberattack

ciber
2024-09-03 https://www.bleepingcomputer.com/news/security/halliburton-confirms-data-stolen-in-recent-cyberattack/
Oil and gas giant Halliburton has confirmed in a filing today to the Securities and Exchange Commission (SEC) that data was stolen in the recent attack linked to the RansomHub ransomware gang. [...] "

Autosummary: "


London’s city transport hit by cybersecurity incident

government ciber
2024-09-03 https://www.malwarebytes.com/blog/news/2024/09/londons-city-transport-hit-by-cybersecurity-incident
Transport for London (TfL) is apparently fighting a cybersecurity incident but is rather sparing in providing details "

Autosummary: The contactless website is used to purchase online tickets, upgrade travelcards (Oystercards), check travel history, and request refunds. "


Webinar: Learn to Boost Cybersecurity with AI-Powered Vulnerability Management

exploits ciber
2024-09-02 https://thehackernews.com/2024/09/webinar-learn-to-boost-cybersecurity.html
The world of cybersecurity is in a constant state of flux. New vulnerabilities emerge daily, and attackers are becoming more sophisticated. In this high-stakes game, security leaders need every advantage they can get. That"s where Artificial Intelligence (AI) comes in. AI isn"t just a buzzword; it"s a game-changer for vulnerability management. AI is poised to revolutionize vulnerability "

Autosummary: Key Takeaways from this Must-Attend Webinar: AI Innovations: Get an in-depth look at how AI is changing the face of vulnerability management. "


Transport for London (TfL) is dealing with an ongoing cyberattack

ciber
2024-09-02 https://securityaffairs.com/167946/hacking/transport-for-london-tfl-ongoing-cyberattack.html
Transport for London (TfL) is investigating an ongoing cyberattack, however, customer information was compromised. Transport for London (TfL) is investigating an ongoing cyberattack. However, the TfL stated that there is no evidence that customer information was compromised during the incident. “We are currently dealing with an ongoing cyber security incident. At present, there is no […] "

Autosummary: Transport for London (TfL) is dealing with an ongoing cyberattack Pierluigi Paganini September 02, 2024 September 02, 2024 Transport for London (TfL) is investigating an ongoing cyberattack, however, customer information was compromised. "


A macro look at the most pressing cybersecurity risks

ciber
2024-08-30 https://www.helpnetsecurity.com/2024/08/30/forescout-2024h1-threat-review/

Forescout’s 2024H1 Threat Review is a new report that reviews the current state of vulnerabilities, threat actors, and ransomware attacks in the first half of 2024 and compares them to H1 2023. “Attackers are looking for any weak point to breach IT, IoT, and OT devices, and organizations that don’t know what they have connected to their networks or if it’s secured are being caught flat-footed,” said Barry Mainz, Forescout CEO. “To mitigate these extensive … More

The post A macro look at the most pressing cybersecurity risks appeared first on Help Net Security.

"

Autosummary: "


Accenture expands partnership with Google Cloud to boost AI adoption and cybersecurity

ciber
2024-08-30 https://www.helpnetsecurity.com/2024/08/30/accenture-google-cloud-ai-adoption/

Accenture and Google Cloud announced that their strategic alliance is advancing solutions for enterprise clients and seeing strong momentum across industries in two critical and related areas: GenAI and cybersecurity. As part of the announcement today, the two companies are increasing their investments in services that support businesses through every stage of their GenAI projects, including providing the expertise to determine optimal use cases, piloting projects for strategic innovation and deploying the engineering prowess needed … More

The post Accenture expands partnership with Google Cloud to boost AI adoption and cybersecurity appeared first on Help Net Security.

"

Autosummary: Gabriel Ferreira, CEO, Banco BV, said, “The GenCore project, developed by Banco BV, Accenture, and Google Cloud, uses AI to create hyper-personalized interactions with customers, making communication 80% faster and 100 times more personalized. “Accenture’s decade-long partnership with Google Cloud is helping our clients across industries accelerate and scale their use of GenAI as a catalyst for reinvention, to strengthen cybersecurity, and create long-term value faster,” said Julie Sweet, CEO, Accenture. "


New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

ciber
2024-08-30 https://thehackernews.com/2024/08/new-cyberattack-targets-chinese.html
Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. "The attackers managed to move laterally, establish persistence and remain undetected within the systems for more than two weeks," Securonix researchers Den Iuzvyk and Tim Peck said in a new report. The "

Autosummary: The covert campaign, codenamed SLOW#TEMPEST and not attributed to any known threat actor, commences with malicious ZIP files that, when unpacked, activates the infection chain, leading to the deployment of the post-exploitation toolkit on compromised systems. "


Cyberattackers Exploit Google Sheets for Malware Control in Global Espionage Campaign

exploits ciber
2024-08-30 https://thehackernews.com/2024/08/cyberattackers-exploit-google-sheets.html
Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control (C2) mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeting over 70 organizations worldwide by means of a bespoke tool called Voldemort that"s equipped to "

Autosummary: Targeted sectors include insurance, aerospace, transportation, academia, finance, technology, industrial, healthcare, automotive, hospitality, energy, government, media, manufacturing, telecom, and social benefit organizations. "


Iranian cybercriminals are targeting WhatsApp users in spear phishing campaign

financial ciber
2024-08-30 https://www.malwarebytes.com/blog/news/2024/08/iranian-cybercriminals-are-targeting-whatsapp-users-in-spear-phishing-campaign
Iranian spies posing as technical support agents contacted targeted individuals in Israel, Palestine, Iran, the UK, and the US on WhatsApp "

Autosummary: Other names for this group—depending on the vendor– are APT42, Storm-2035, Charming Kitten, Damselfly, Mint Sandstorm, TA453, and Yellow Garuda. "


Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32

ciber
2024-08-29 https://thehackernews.com/2024/08/vietnamese-human-rights-group-targeted.html
A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster known as APT32, a Vietnamese-aligned hacking crew that"s also known as APT-C-00, Canvas Cyclone (formerly Bismuth), Cobalt Kitty, and OceanLotus. The intrusion is "

Autosummary: "


Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

exploits rusia-ucrania ciber
2024-08-29 https://thehackernews.com/2024/08/russian-hackers-exploit-safari-and.html
Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement "

Autosummary: CVE-2024-4671 - A use-after-free flaw in Chrome"s Visuals component that could result in arbitrary code execution (Fixed by Google in Chrome version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux in May 2024) CVE-2024-5274 - A type confusion flaw in the V8 JavaScript and WebAssembly engine that could result in arbitrary code execution (Fixed by Google in Chrome version 125.0.6422.112/.113 for Windows and macOS, and version 125.0.6422.112 for Linux in May 2024) The November 2023 and February 2024 campaigns are said to have involved the compromises of the two Mongolian government websites – both in the first and only mfa.gov[.]mn in the latter – to deliver an exploit for CVE-2023-41993 by means of a malicious iframe component pointing to an actor-controlled domain. "


Halliburton cyberattack linked to RansomHub ransomware gang

exploits ransomware ciber
2024-08-29 https://www.bleepingcomputer.com/news/security/halliburton-cyberattack-linked-to-ransomhub-ransomware-gang/
The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company"s IT systems and business operations. [...] "

Autosummary: "As soon as we learned of the issue, we activated our cybersecurity response plan and took steps to address it, including (1) proactively taking certain systems offline to help protect them, (2) engaging the support of leading external advisors, including Mandiant, and (3) notifying law enforcement. However, soon after, it was discovered that the operation also utilized ransomware encryptors in its double-extortion attacks, where the threat actors breached networks, stole data, and then encrypted files. "


Cybersecurity jobs available right now: August 28, 2024

ciber
2024-08-28 https://www.helpnetsecurity.com/2024/08/28/cybersecurity-jobs-available-right-now-august-28-2024/

Business Information Security Officer Toyota North America | USA | On-site – View job details Acting as an Information Security ambassador to the business, this role works with technology, data, risk, business, and the larger TFS Information Security team to provide relationship-based security services to the business, promote secure designs, and manage the execution of security testing and remediation. Cyber Security Consultant WithSecure | UK | On-site – View job details The ideal candidate will … More

The post Cybersecurity jobs available right now: August 28, 2024 appeared first on Help Net Security.

"

Autosummary: Business Information Security Officer Toyota North America | USA | On-site – View job details Acting as an Information Security ambassador to the business, this role works with technology, data, risk, business, and the larger TFS Information Security team to provide relationship-based security services to the business, promote secure designs, and manage the execution of security testing and remediation. "


Cybercriminals capitalize on travel industry’s peak season

industry ciber
2024-08-28 https://www.helpnetsecurity.com/2024/08/28/cybercriminals-capitalize-travel-season/

Cybercriminals are capitalizing on the travel and hospitality industry’s peak season, using increased traffic as cover for their attacks, according to Cequence Security. Researchers investigated the top 10 travel and hospitality sites to identify externally visible edge, cloud infrastructure, application stack, API hosts, and security vulnerabilities. Threat researchers observed a consistent pattern across industries: increased website traffic during peak seasons, like the travel and hospitality industry’s vacation and holiday periods, coincides with a surge in … More

The post Cybercriminals capitalize on travel industry’s peak season appeared first on Help Net Security.

"

Autosummary: Researchers investigated the top 10 travel and hospitality sites to identify externally visible edge, cloud infrastructure, application stack, API hosts, and security vulnerabilities. "


DICK’s Sporting Goods says confidential data exposed in cyberattack

ciber
2024-08-28 https://www.bleepingcomputer.com/news/security/dicks-sporting-goods-says-confidential-data-exposed-in-cyberattack/
DICK"S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that sensitive information was exposed in a cyberattack detected last Wednesday. [...] "

Autosummary: "On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information," the retailer giant said. "


Diligent NIS2 Compliance Toolkit helps organizations bolster their cybersecurity resilience

ciber
2024-08-28 https://www.helpnetsecurity.com/2024/08/28/diligent-nis2-compliance-toolkit/

Diligent launched its Network and Information Security Directive (NIS2) Compliance Toolkit, designed to help organizations navigate the complexities of the European Union (EU) NIS2 Directive and bolster their cybersecurity resilience. The toolkit maps cybersecurity risk management obligations mandated by NIS2 against Cyber Risk Management Group’s (CRMG) leading controls library, which is based on international standards and best practices. This helps organizations demonstrate a clear commitment to NIS2 compliance requirements to drive trust with customers, partners, … More

The post Diligent NIS2 Compliance Toolkit helps organizations bolster their cybersecurity resilience appeared first on Help Net Security.

"

Autosummary: Powered by CRMG’s leading controls library, Diligent’s NIS2 Compliance Toolkit aligns mandated NIS2 cybersecurity measures with international standards, and provides tailored content to help organizations implement new boardroom accountability, mandatory cybersecurity measures, and incident reporting requirements. "


DICK"S shuts down email, locks employee accounts after cyberattack

ciber
2024-08-28 https://www.bleepingcomputer.com/news/security/dicks-shuts-down-email-locks-employee-accounts-after-cyberattack/
DICK"S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that sensitive information was exposed in a cyberattack detected last Wednesday. [...] "

Autosummary: "On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information," the retailer giant said. "


RSA Authenticator App improves cybersecurity for federal agencies

ciber
2024-08-27 https://www.helpnetsecurity.com/2024/08/27/rsa-authenticator-app/

RSA announced new passwordless, phishing-resistant capabilities that meet stringent technical standards and can help public sector agencies, contractors, and systems integrators fulfill Executive Order 14028 and National Security Memo 8 to improve the nation’s cybersecurity. The RSA Authenticator App is FIDO2-certified and now supports device-bound passkeys that comply with the strictest federal cybersecurity regulations. Part of RSA ID Plus, an identity and access management (IAM) platform built on NIST principles, RSA can provide the authentication … More

The post RSA Authenticator App improves cybersecurity for federal agencies appeared first on Help Net Security.

"

Autosummary: "


Seattle-Tacoma Airport IT systems down due to a cyberattack

ciber
2024-08-26 https://www.bleepingcomputer.com/news/security/seattle-tacoma-airport-it-systems-down-due-to-a-cyberattack/
The Seattle-Tacoma International Airport has confirmed that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights over the weekend. [...] "

Autosummary: On Saturday, August 24, the Port of Seattle warned that it and the SEA Airport were suffering an ongoing outage caused by a "possible cyberattack," forcing them to isolate certain critical systems to contain the damage. "


Exploring Android threats and ways to mitigate them | Unlocked 403 cybersecurity podcast (ep.5)

ciber
2024-08-26 https://www.welivesecurity.com/en/videos/exploring-android-threats-and-ways-to-mitigate-them-unlocked-403-cybersecurity-podcast-ep5/
The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure "

Autosummary: "


A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport

ciber
2024-08-26 https://securityaffairs.com/167581/hacking/port-of-seattle-sea-tac-airport-cyberattack.html
A cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport, websites and phone systems were impacted. Media reported that the Port of Seattle, which also operates the Seattle-Tacoma International Airport, has suffered a cyber attack that impacted the websites, email and phone services. According to The Seattle Times, the cyber […] "

Autosummary: A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport Pierluigi Paganini August 26, 2024 August 26, 2024 A cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport, websites and phone systems were impacted. In response to the incident, the Port isolated critical systems The Port of Seattle, including SEA Airport, is experiencing an internet and web systems outage, which is impacting some systems at the airport. "


Webinar: Experience the Power of a Must-Have All-in-One Cybersecurity Platform

ciber
2024-08-23 https://thehackernews.com/2024/08/webinar-experience-power-of-must-have.html
Let"s be honest. The world of cybersecurity feels like a constant war zone. You"re bombarded by threats, scrambling to keep up with patches, and drowning in an endless flood of alerts. It"s exhausting, isn’t it? But what if there was a better way? Imagine having every essential cybersecurity tool at your fingertips, all within a single, intuitive platform, backed by expert support 24/7. This is "

Autosummary: Here"s what you"ll witness: Simulating real-world threats : Watch how the platform detects, investigates, and neutralizes attacks in real-time. "


US oil giant Halliburton confirms cyberattack behind systems shutdown

industry ciber
2024-08-23 https://www.bleepingcomputer.com/news/security/us-oil-giant-halliburton-confirms-cyberattack-behind-systems-shutdown/
​Halliburton, one of the world"s largest providers of services to the energy industry, has confirmed a cyberattack that forced it to shut down some of its systems earlier this week. [...] "

Autosummary: "On August 21, 2024, Halliburton Company (the "Company") became aware that an unauthorized third party gained access to certain of its systems," the oil services giant said in a filing with the U.S. Securities and Exchange Commission (SEC). "


A cyberattack disrupted operations of US chipmaker Microchip Technology

ciber
2024-08-22 https://securityaffairs.com/167369/hacking/cyberattack-disrupted-operations-microchip-technology.html
Semiconductor manufacturer Microchip Technology announced that its operations were disrupted by a cyberattack. U.S. chipmaker Microchip Technology suffered a cyberattack that disrupted operations at several of its manufacturing plants. The company detected potentially suspicious activity involving its IT infrastructure on August 17, 2024. The attack severely impacted the production capacity of the company that shut […] "

Autosummary: Its wafer fabs are located in Tempe, Arizona, Gresham, Oregon, and Colorado Springs, Colorado. "


A cyberattack hit US oil giant Halliburton

industry ciber
2024-08-22 https://securityaffairs.com/167435/hacking/halliburton-cyberattack.html
US oil giant Halliburton announced that it was hit by a cyberattack that is affecting operations at its Houston, Texas offices. Halliburton, a major U.S. oil company, announced that a cyberattack hit its IT infrastructure, particularly impacting operations at its Houston offices. Halliburton Company is an American multinational corporation and the world’s second largest oil service company which […] "

Autosummary: A cyberattack hit US oil giant Halliburton Pierluigi Paganini August 22, 2024 August 22, 2024 US oil giant Halliburton announced that it was hit by a cyberattack that is affecting operations at its Houston, Texas offices. "


Cybersecurity jobs available right now: August 21, 2024

ciber
2024-08-21 https://www.helpnetsecurity.com/2024/08/21/cybersecurity-jobs-available-right-now-august-21-2024/

Associate Cybersecurity Operations Officer UNICC | USA | On-site – View job details The Center aims to provide trusted ICT services and digital business solutions. You will work under the direct supervision and guidance of the Head of Cybersecurity Operations within the Cybersecurity Division and in close collaboration with the CSO teams. Cybersecurity Engineer, Compliance Electrolux | Italy | Hybrid – View job details You’ll leverage your expertise to guide digital product teams and facilitate … More

The post Cybersecurity jobs available right now: August 21, 2024 appeared first on Help Net Security.

"

Autosummary: Cyber Risk Specialist – Compliance Bayer | Poland | Hybrid – View job details The Cyber Risk Specialist—Compliance supervises, delegates, and assists in developing and implementing compliance monitoring methodologies and programs to proactively identify, report, and remediate all compliance risks. Security Researcher Hunters | Israel | Hybrid – View job details Hunters are looking for a top-notch security researcher, to resolve the toughest issue in cybersecurity: utilizing terabytes of data for detecting attacks, incident investigation, and prioritizing threats. "


Microchip Technology manufacturing facilities impacted by cyberattack

industry ciber
2024-08-21 https://www.helpnetsecurity.com/2024/08/21/microchip-technology-cyberattack/

American semiconductor manufacturer Microchip Technology Incorporated has had some of its business operations disrupted by a cyberattack. “As a result of the incident, certain of the Company’s manufacturing facilities are operating at less than normal levels, and the Company’s ability to fulfill orders is currently impacted,” the company revealed in a SEC filing on Tuesday. What is known about the cyberattack? Microchip Technology detected potentially suspicious activity involving its IT systems on August 17, 2024. … More

The post Microchip Technology manufacturing facilities impacted by cyberattack appeared first on Help Net Security.

"

Autosummary: Its products are used by companies in a variety of industries, including automotive, communications, computing, medical, aerospace and defense. "


Cybercriminals exploit file sharing services to advance phishing attacks

financial exploits ciber
2024-08-20 https://www.helpnetsecurity.com/2024/08/20/file-sharing-phishing-attacks/

Threat actors use popular file-hosting or e-signature solutions as a disguise to manipulate their targets into revealing private information or downloading malware, according to Abnormal Security. A file-sharing phishing attack is a unique type of phishing threat in which a cybercriminal poses as a known colleague or familiar file-hosting or e-signature solution and sends a target a malicious email containing a link to what appears to be a shared file or document. Should the recipient … More

The post Cybercriminals exploit file sharing services to advance phishing attacks appeared first on Help Net Security.

"

Autosummary: The majority of these attacks were sophisticated in nature, with 60% exploiting legitimate domains, most commonly webmail accounts, such as Gmail, iCloud, and Outlook; productivity and collaboration platforms; file storage and sharing platforms like Dropbox; and e-signature solutions like Docusign. "


Strategies for security leaders: Building a positive cybersecurity culture

ciber
2024-08-20 https://www.helpnetsecurity.com/2024/08/20/cybersecurity-culture-strategies/

Culture is a catalyst for security success. It can significantly reduce cybersecurity risks and boost cybersecurity resilience of any organization. Culture can also greatly enhance the perceived value, relevance and reputation of the cybersecurity function. So how can security leaders develop a positive brand and culture for cybersecurity? Listed below are some recommendations and best practices: 1. Understand the prevailing culture and context To understand why the workforce behaves in a certain way about technology … More

The post Strategies for security leaders: Building a positive cybersecurity culture appeared first on Help Net Security.

"

Autosummary: For example, any regional cultural differences, the particular industry sector, the underlying company structure, the lack of awareness and knowledge of security norms, and conflicting business priorities, can all weigh on any planned change to team culture and security behaviors. 3. Set clear goals and aspirations As part of the design blueprint for security culture change, the security leader should set clear aspirations for what the team is trying to achieve, underpinned by conversations about how the culture underscores the effectiveness of the team, and the importance of making the change. "


Microchip Technology discloses cyberattack impacting operations

ciber
2024-08-20 https://www.bleepingcomputer.com/news/security/microchip-technology-discloses-cyberattack-impacting-operations/
American chipmaker Microchip Technology Incorporated has disclosed that a cyberattack impacted its systems over the weekend, disrupting operations across multiple manufacturing facilities. [...] "

Autosummary: "


Protecting academic assets: How higher education can enhance cybersecurity

ciber
2024-08-19 https://www.helpnetsecurity.com/2024/08/19/how-higher-education-can-enhance-cybersecurity-video/

Cyber attacks against higher education institutions increased by 70% in 2023. This is largely due to legacy endpoint security management and practices, limited IT support staff, and overwhelming amounts of data, much of which is PII (personally identifiable information). In this Help Net Security video, Doug Thompson, Chief Education Architect at Tanium, discusses how higher education institutions can defend against even the most sophisticated threats/vulnerabilities despite limited resources. Institutions must approach endpoint security management with … More

The post Protecting academic assets: How higher education can enhance cybersecurity appeared first on Help Net Security.

"

Autosummary: "


To improve your cybersecurity posture, focus on the data

ciber
2024-08-19 https://www.helpnetsecurity.com/2024/08/19/security-data-fabric/

Effectively converging, managing and using enterprise data is a huge undertaking. Enterprises have vast hoards of data, but those hoards exist within siloed systems and applications, and it requires a lot of manual effort by highly skilled data scientists, engineers and analysts to extract value from all that data. Data preparation is a rudimentary and necessary task, but it prevents engineers from focusing their time on the high-value tasks like identifying security gaps or storytelling … More

The post To improve your cybersecurity posture, focus on the data appeared first on Help Net Security.

"

Autosummary: This initiative requires that you: Understand that it needs the right data feeds Evaluate your data state Identify data sources across the business Understand how you can collect these datasets Understand how to combine, normalize and transform this data for greater business context and insights Build reporting on this layer and share with stakeholders One of the biggest struggles that security teams have is identifying which data sources are needed for full visibility into their security posture and how these sources can support various efforts, such as continuous controls monitoring or automated threat hunting. Looking for data in all the right places A security data fabric approach helps with transforming raw data into analysis-ready datasets, streamlining data analysis workflows, enabling data quality and integrity, and ultimately facilitating a stronger security posture. Once you’ve located the needed data sources and who’s in charge of them, and gotten their buy-in, the next step is figuring out how to get the data into your security data fabric platform. "


Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware

exploits ciber
2024-08-19 https://thehackernews.com/2024/08/cybercriminals-exploit-popular-software.html
Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical report. "The infection utilizes a trojanized MSIX installer, which executes a PowerShell script to "

Autosummary: "


Business and tech consolidation opens doors for cybercriminals

ciber
2024-08-16 https://www.helpnetsecurity.com/2024/08/16/technology-consolidation-risks/

Cyber threats continued to intensify in the first half of 2024 as cybercriminals exploited security gaps from growing business and technological consolidation, according to Resilience. Consolidation in business and tech fuels new third-party risks Rebounding merger and acquisition (M&A) activity and increasing technology consolidation—in which industries rely on single suppliers for critical platform services—both created a staggering number of potential new points of failure for hackers to exploit. Global M&A deal volume increased 36% in … More

The post Business and tech consolidation opens doors for cybercriminals appeared first on Help Net Security.

"

Autosummary: Of all claims received since January 2023, 35% were the result of a vendor data breach or ransom attack exploiting a third-party vendor—including notable vulnerabilities associated with Ivanti software—and in 2024 that number is already 40%, and expected to grow. "


How NoCode and LowCode free up resources for cybersecurity

ciber
2024-08-16 https://www.helpnetsecurity.com/2024/08/16/nocode-lowcode-cybersecurity-video/

In this Help Net Security video, Frederic Najman, Executive Member of the SFPN (French Union of NoCode Professionals), discusses how NoCode and LowCode technologies enable companies to free up development resources to tackle cybersecurity issues. In a context where three-quarters of CISOs report that their organization has faced an application security incident in the past two years, NoCode and LowCode tools offer new options to free up resources and find solutions to minimize risk.

The post How NoCode and LowCode free up resources for cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity jobs available right now: August 14, 2024

ciber
2024-08-14 https://www.helpnetsecurity.com/2024/08/14/cybersecurity-jobs-available-right-now-august-14-2024/

Cloud Security Specialist EPAM Systems | Chile | Remote – View job details As a Cloud Security Specialist, you will be responsible for creating and maintaining security policies and assisting in the implementation and automation of security solutions within cloud environments. Assist in CSPM tool testing and scoring and CSPM strategic tool implementation. Create and maintain Logic Apps for automation of responses and tickets and create KPI reporting. upport GIS Engineering initiatives. Cloud Security Specialist … More

The post Cybersecurity jobs available right now: August 14, 2024 appeared first on Help Net Security.

"

Autosummary: Senior Manager, Cloud Security Operations Vanguard | Japan | Remote – View job details As a Senior Manager, Cloud Security Operations, you will oversee the development and delivery of IT security standards and best practices, to conduct formal incident investigations, lead advanced incident handling scenarios including internal and external data breaches, abnormal network and host activity, and assess risk derived from a platform or data-lake. Cyber Security Network Engineer Mitsubishi Chemical Europe | Germany | On-site – View job details As a Cyber Security Network Engineer, you will be responsible for the support, administation, planning and further development of the Cisco network infrastructure (LAN/WLAN) as well as the European WAN, the firewall, VPN and security systems. Information Security Analyst Jumia Group | Egypt | On-site – View job details As an Information Security Analyst, you will contribute to the improvement of processes and procedures by analyzing process performance data and measures, comparing process performance against performance targets, reporting process performance information, and recommending changes to processes, performance measures and/or targets to maximize process performance. Information Security Manager Whizmo | UAE | On-site – View job details As an Information Security Manager, you will develop, enforce, and govern security policies to protect critical data, information, and knowledge assets. Information Security Specialist – Red Team Operator TD | Canada | Hybrid – View job details As an Information Security Specialist – Red Team Operator, you will conduct penetration testing for network, system, application, mobile, traditional web and wireless. "


AutoCanada discloses cyberattack impacting internal IT systems

ciber
2024-08-14 https://www.bleepingcomputer.com/news/security/autocanada-discloses-cyberattack-impacting-internal-it-systems/
Hackers targeted AutoCanada in a cyberattack last Sunday that impacted the automobile dealership group"s internal IT systems, which may lead to disruptions. [...] "

Autosummary: " “The CDK outage disrupted operations resulting in lost sales and profits, OEM inventory grew across the industry causing higher days supply in key brands and impacting floorplan costs, and rising unemployment combined with falling GDP in a still elevated rate environment perpetuated consumer uncertainty” - Paul Antony, AutoCanada’s Chairman In numbers, AutoCanada recorded losses of $33.1 million in Q2 2024, whereas in the same quarter last year, it had a profit of $45.2 million. "


Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast

ciber
2024-08-11 https://www.helpnetsecurity.com/2024/08/11/week-in-review-tips-for-starting-your-cybersecurity-career-patch-tuesday-forecast/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: August 2024 Patch Tuesday forecast: Looking for a calm August release August 2024 July ended up being more ‘exciting’ than many of us wanted; we’re supposed to be in the height of summer vacation season. First, we had a large set of updates on Patch Tuesday, then we had to work through the CrowdStrike event, and finally many of us … More

The post Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast appeared first on Help Net Security.

"

Autosummary: Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every few days, according to GitProtect.io.The featured vendors are: BackBox, Cybral, DryRun Security, HackNotice, Heeler Security, Hushmesh, MobileHop, Nagomi Security, Ox Security, Plainsea, Raven, Scribe Security, Spyderbat, and Xygeni. New infosec products of the week: August 9, 2024 Here’s a look at the most interesting products from the past week, featuring releases from: Rapid7, AppOmni, Contrast Security, Elastic, Cequence Security, Veza, ArmorCode, and EndorLabs. Securing against GenAI weaponization In this Help Net Security video, Aaron Fulkerson, CEO of Opaque, discusses how the weaponization of generative AI (GenAI) has made existing data privacy practices (like masking, anonymization, tokenization, etc.) "


NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise?

ciber
2024-08-09 https://www.helpnetsecurity.com/2024/08/09/nis2-cybersecurity-innovation-catalyst/

The Network and Information Security (NIS) 2 Directive is possibly one of the most significant pieces of cybersecurity regulation to ever hit Europe. The 27 EU Member States have until 17 October 2024 to adopt and publish the standards necessary to comply with NIS2, which brings increased requirements to strengthen security conditions and report more regularly, with shorter deadlines, on cyber-attacks. The scope of the NIS2 directive has been dramatically broadened: in some countries, the … More

The post NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise? appeared first on Help Net Security.

"

Autosummary: AI can also provide advanced security services, for example, leveraging filtering and threat prevention to prevent sophisticated web-based threats, zero-day threats, evasive command-and-control attacks and DNS hijacking attacks. Ex-ante or ex-post risk measures Donald David Stewart Ferguson, an academic, argues that the limited effectiveness of the NIS2 Directive is primarily due to the narrow scope of the cybersecurity risk management measures, including the lack of specific measures focused on the reconnaissance phase of a cyberattack.Of course, sector-specific laws around cyber security already exist, but for businesses to achieve true holistic cybersecurity, they must adopt a tailored approach. "


Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals

exploits ransomware ciber
2024-08-09 https://www.helpnetsecurity.com/2024/08/09/maas-threat-landscape/

The sophistication of cyber threats has escalated dramatically, with malicious actors’ deploying advanced tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and evade detection, according to Darktrace. Subscription-based tools such as Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) have also lowered the barrier-to-entry for less experienced attackers, making it easier to carry out complex, multistage attacks. “The threat landscape continues to evolve, but new threats often build upon old foundations rather than replacing them. While we have … More

The post Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals appeared first on Help Net Security.

"

Autosummary: MaaS continues to pose significant risk for organizations The findings show that cybercrime-as-a-service continues to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up a significant portion of malicious tools in use by attackers. "


CSC ServiceWorks discloses data breach after 2023 cyberattack

financial ciber
2024-08-09 https://www.bleepingcomputer.com/news/security/csc-serviceworks-discloses-data-breach-after-2023-cyberattack/
​CSC ServiceWorks, a leading provider of commercial laundry services, has disclosed a data breach after the personal information of an undisclosed number of individuals was exposed in a 2023 cyberattack. [...] "

Autosummary: "


Unlock the Future of Cybersecurity: Exclusive, Next Era AI Insights and Cutting-Edge Training at SANS Network Security 2024

ciber
2024-08-08 https://thehackernews.com/2024/08/unlock-future-of-cybersecurity.html
The Immersive Experience Happening This September in Las Vegas!In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical. SANS Institute, the premier global authority in cybersecurity training, is thrilled to announce Network Security 2024, a landmark event designed to empower cybersecurity professionals "

Autosummary: This includes a unique, 3-part add on to your experience: extended OnDemand course, labs, and content access following the event from the course Author, AIS247: AI Security Essentials for Business Leaders course, plus admission to the AI Cybersecurity Summit @Night event, further enriching the on-site learning experience. "


Black Hat USA 2024: How cyber insurance is shaping cybersecurity strategies

ciber
2024-08-08 https://www.welivesecurity.com/en/business-security/black-hat-usa-2024-cyber-insurance-shaping-cybersecurity-strategies/
Cyber insurance is not only a safety net, but it can also be a catalyst for advancing security practices and standards "

Autosummary: What the future holds for business cybersecurity, according to cyber insurers The cyber risk insurance ecosystem is changing, moving from human-based underwriting, annual policies, with dozens of inputs and physical forms to a machine-augmented, continuous monitoring of zillions of inputs, all in the digital realm. "


France"s Grand Palais discloses cyberattack during Olympic games

ciber
2024-08-06 https://www.bleepingcomputer.com/news/security/frances-grand-palais-discloses-cyberattack-during-olympic-games/
The Grand Palais Réunion des musées nationaux (Rmn) in France is warning that it suffered a cyberattack on Saturday night, August 3, 2024. [...] "

Autosummary: However, claims that the attack affected other museums, including the prestigious Louvre—which is especially vital during the current tourism boom—were disputed on X by the Louvre"s director, Matthias Grolier. "


How to start your cybersecurity career: Expert tips and guidance

ciber
2024-08-05 https://www.helpnetsecurity.com/2024/08/05/start-cybersecurity-career-expert-tips/

As businesses strive to protect their data and privacy, the demand for skilled cybersecurity professionals continues to grow. This article provides expert advice to help you navigate the early stages of your cybersecurity career, offering practical tips and insights. Brian Honan, CEO at BH Consulting When advising people at the start of their cybersecurity careers, I recommend that they focus on human networking. I strongly recommend that people get involved in the cybersecurity community/industry. This … More

The post How to start your cybersecurity career: Expert tips and guidance appeared first on Help Net Security.

"

Autosummary: Biljana Cerin, Information Risk, Business Development and Project Lead, Infoedge My opinion about starting a career in cybersecurity is a very strong one: if you don’t have a true passion for the field, if you find it a “trendy” profession at the moment, and are not willing to learn, listen, and expand your professional comfort zone every day, taking full responsibility for your actions, you should stay away from it.These domains include SOC processes & methodologies, SIEM operations, tactical analysis, log analysis, threat hunting, Active Directory attack analysis, network traffic analysis, malware analysis, and DFIR operations.I would recommend vital networking through professional associations, and as soon as you feel confident about some, no matter how small, professional domain, I’d suggest getting “out there” and presenting your knowledge – within your team, a department maybe as the next step, and as you grow further, through available professional communities’ events. Once the answer is yes to both of these questions, I’d try and find a mentor who can guide me through the significant amount of information, knowledge, and requirements related to the field and pursuing formal education through colleges, universities, or specialised seminars by well-respected organizations, should the finances or arrangements with the employer allow.As a result, individuals looking to start or pivot into a cybersecurity career must find alternative ways to gain these practical skills, such as self-teaching, internships, apprenticeships, or on-the-job training. "


How life sciences companies use AI to fill the cybersecurity skills gap

ciber
2024-08-05 https://www.helpnetsecurity.com/2024/08/05/life-sciences-companies-cybersecurity-skills-gap-video/

In this Help Net Security video, Beth Miller, Field CISO at Code42, highlights a significant trend: 73% of life sciences companies turn to AI to address the cybersecurity skills gap, surpassing adoption rates in other industries. Underresourced security teams face increasing insider-driven data loss events, exacerbated by emerging technologies like AI and GenAI. Leaked trade secrets or critical intellectual property – research data, customer lists, pricing decks, formulary plans, clinical trial data, and source code … More

The post How life sciences companies use AI to fill the cybersecurity skills gap appeared first on Help Net Security.

"

Autosummary: "


The role of AI in cybersecurity operations

ciber
2024-08-05 https://www.helpnetsecurity.com/2024/08/05/ai-soc-analysts/

Security operation centers (SOCs) need to be better equipped to manage the sheer scale of data to monitor and the increasing sophistication of threats. SOC analysts face a daunting task: sifting through thousands of alerts every day – most of which are false positives – while swiftly identifying and mitigating genuine threats. Many organizations have turned to AI to alleviate their SOC analysts’ load, but some cybersecurity workers fear that there may come a time … More

The post The role of AI in cybersecurity operations appeared first on Help Net Security.

"

Autosummary: For example, AI-powered solutions can automate routine activities like alert triaging, log analysis, and vulnerability scanning, enabling human analysts to allocate their time and expertise toward more critical endeavors such as threat hunting, incident response planning, and security architecture design. As technologies like AI SOC analysts advance, they do not eclipse the need for human oversight; instead, they create opportunities for cybersecurity professionals to engage in more meaningful, analytical, and creative problem-solving tasks. "


The Loper Bright Decision: How it Impacts Cybersecurity Law

ciber
2024-08-05 https://thehackernews.com/2024/08/the-loper-bright-decision-how-it.html
The Loper Bright decision has yielded impactful results: the Supreme Court has overturned forty years of administrative law, leading to potential litigation over the interpretation of ambiguous laws previously decided by federal agencies. This article explores key questions for cybersecurity professionals and leaders as we enter a more contentious period of cybersecurity law. Background What is "

Autosummary: However, to ensure compliance with cybersecurity regulations that might now be challenged in court, companies should: Assess existing cybersecurity requirements to ensure they align with current regulations that are supported by clear statutory authority. The Loper Bright decision by the U.S. Supreme Court overruled the Chevron deference, stating that courts, not agencies, will decide all relevant questions of law arising on review of agency action. TSA"s emergency amendments in 2022 for cybersecurity requirements for passenger and freight railroad carriers, as well as airport and aircraft operators, may be challenged. "


IBM Consulting Cybersecurity Assistant helps clients accelerate alert investigation

ciber
2024-08-05 https://www.helpnetsecurity.com/2024/08/05/ibm-consulting-cybersecurity-assistant/

IBM generative AI capabilities to its managed Threat Detection and Response Services utilized by IBM Consulting analysts to advance and streamline security operations for clients. Built on IBM’s watsonx data and AI platform, the new IBM Consulting Cybersecurity Assistant is designed to accelerate and improve the identification, investigation and response to critical security threats. In addition to being included in IBM Consulting’s threat detection and response practice, the Cybersecurity Assistant will be part of IBM … More

The post IBM Consulting Cybersecurity Assistant helps clients accelerate alert investigation appeared first on Help Net Security.

"

Autosummary: Built into IBM’s TDR Services, the new capability cross-correlates alerts and enhances insights from SIEM, network, EDR, vulnerability, and telemetry to provide a holistic and integrative threat management approach. "


Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware

exploits ciber
2024-08-02 https://thehackernews.com/2024/08/cybercriminals-abusing-cloudflare.html
Cybersecurity companies are warning about an uptick in the abuse of Clouflare"s TryCloudflare free service for malware delivery. The activity, documented by both eSentire and Proofpoint, entails the use of TryCloudflare to create a one-time tunnel that acts as a conduit to relay traffic from an attacker-controlled server to a local machine through Cloudflare"s infrastructure. Attack chains "

Autosummary: It said it "observes miscreants moving their domains, which are already listed in the DBL, to Cloudflare to disguise the backend of their operation, be it spamvertized domains, phishing, or worse." "


Webinar: Discover the All-in-One Cybersecurity Solution for SMBs

ciber
2024-08-02 https://thehackernews.com/2024/08/webinar-discover-all-in-one.html
In today"s digital battlefield, small and medium businesses (SMBs) face the same cyber threats as large corporations, but with fewer resources. Managed service providers (MSPs) are struggling to keep up with the demand for protection. If your current cybersecurity strategy feels like a house of cards – a complex, costly mess of different vendors and tools – it"s time for a change. Introducing "

Autosummary: Who Should Attend: Small and Medium Businesses: Get enterprise-level protection at an affordable price. "


U.S. released Russian cybercriminals in diplomatic prisoner exchange

rusia-ucrania ciber
2024-08-02 https://securityaffairs.com/166459/uncategorized/russian-cybercriminals-diplomatic-prisoner-exchange.html
Today, 24 prisoners were released in an international swap between Russia and Western countries, including convicted  Russian cybercriminals. In the recent international prisoner swap two notorious Russian cybercriminals, Roman Seleznev (40) and Vladislav Klyushin (42), are among those released. In December 2017, the Russian hacker Roman Seleznev, aka Track2, Bulba and Ncux, was sentenced to 27 years in prison, he was convicted […] "

Autosummary: Kliushin was charged alongside four other Russian citizens, Ivan Ermakov (aka Ivan Yermakov, 35), Nikolai Rumiantcev (aka Nikolay Rumyantsev, 33), Mikhail Vladimirovich Irzak (aka Mikka Irzak, 43), and Igor Sergeevich Sladkov (42).Seleznev developed automated systems for systemic identity… pic.twitter.com/0P36EKtoMB — vx-underground (@vxunderground) August 1, 2024 In December 2017, the Russian hacker Roman Seleznev, aka Track2, Bulba and Ncux, was sentenced to 27 years in prison, he was convicted of causing $170 million in damage by hacking into point-of-sale systems. "


$75 million record-breaking ransom paid to cybercriminals, say researchers

ciber
2024-08-01 https://www.tripwire.com/state-of-security/75-million-record-breaking-ransom-paid-cybercriminals-say-researchers
The staggering sum of US $75 million has reportedly been paid to a ransomware gang in what is believed to be the largest known ransom payment made by a cyber attack victim since records began. Read more in my article on the Hot for Security blog. "

Autosummary: Image Dark Angels, having compromised a company"s security, decide whether to encrypt a business"s files and then, more often than not, spend days or even weeks exfiltrating vast amounts of data. "


Cybersecurity jobs available right now: July 31, 2024

ciber
2024-07-31 https://www.helpnetsecurity.com/2024/07/31/cybersecurity-jobs-available-right-now-july-31-2024/

Cloud Security Architect Precisely | United Kingdom | Remote – View job details As a Cloud Security Architect, you will be responsible for the design and architecture of Precisely’s cloud security posture. Determine security requirements by evaluating business and product strategies, researching cloud security standards and new technologies, conducting system security and vulnerability analyses and performing risk assessments. Cybersecurity Engineer Electrolux Group | Italy | On-site – View job details As a Cybersecurity Engineer, you … More

The post Cybersecurity jobs available right now: July 31, 2024 appeared first on Help Net Security.

"

Autosummary: Senior Cyber Security Expert TECNIMONT | Italy | On-site – View job details As a Senior Cyber Security Expert, you will manage key cybersecurity solutions, including AV/EDR, SIEM, Zero Trust, Network Detection & Response, WAF, VA/PT both infrastructure and application, and DLP. Information Security Specialist (Cloud Security) Vertiv | Philippines | On-site – View job details As an Information Security Specialist (Cloud Security), you will design, deploy, and manage our cloud-based SIEM platform, ensuring comprehensive visibility into security events, alerts, and logs across all cloud services and applications. MDDR Manager Varonis | USA | On-site – View job details As an MDDR Manager, you will assist in the development, documentation, analysis, testing, and modification of Varonis’ threat detection systems, playbooks, runbooks, and MDDR team operations. Junior IT and Security Compliance Specialist Covercy | Israel | Hybrid – View job details As a Junior IT and Security Compliance Specialist, you will manage IT infrastructure for optimal performance and security, support network security, data protection, and system monitoring. Cyber Security Analyst Century Aluminum | USA | On-site – View job details The role of the Cyber Security Analyst responsibilities include monitoring, identifying, and resolving any risks or vulnerabilities to safeguard Century’s information technology network, applications, and systems from external and internal cyber security threats. "


Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes

exploits ciber
2024-07-31 https://thehackernews.com/2024/07/cybercriminals-deploy-100k-malware.html
A new malicious campaign has been observed making use of malicious Android apps to steal users" SMS messages since at least February 2022 as part of a large-scale campaign. The malicious apps, spanning over 107,000 unique samples, are designed to intercept one-time passwords (OTPs) used for online account verification to commit identity fraud. "Of those 107,000 malware samples, over 99,000 of "

Autosummary: " Victims of the campaign have been detected in 113 countries, with India and Russia topping the list, followed by Brazil, Mexico, the U.S., Ukraine, Spain, and Turkey. "


World leading silver producer Fresnillo discloses cyberattack

ciber
2024-07-31 https://www.bleepingcomputer.com/news/security/world-leading-silver-producer-fresnillo-discloses-cyberattack/
​Fresnillo PLC, the world"s largest silver producer and a top global producer of gold, copper, and zinc, said attackers gained access to data stored on its systems during a recent cyberattack. [...] "

Autosummary: "


Cybercriminals Target Polish Businesses with Agent Tesla and Formbook Malware

exploits ciber
2024-07-30 https://thehackernews.com/2024/07/cybercriminals-target-polish-businesses.html
Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses (SMBs) in Poland during May 2024 that led to the deployment of several malware families like Agent Tesla, Formbook, and Remcos RAT. Some of the other regions targeted by the campaigns include Italy and Romania, according to cybersecurity firm ESET. "Attackers used previously "

Autosummary: Regardless of what malware is deployed, Agent Tesla, Formbook, and Remcos RAT come with capabilities to siphon sensitive information, allowing the threat actors to "prepare the ground for their next campaigns. "


Cyber Threat Intelligence: Illuminating the Deep, Dark Cybercriminal Underground

ciber
2024-07-30 https://thehackernews.com/2024/07/cyber-threat-intelligence-illuminating.html
Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  The deep and dark web, otherwise known as the cybercriminal underground, is where malicious actors gather to "

Autosummary: Click here to learn more Take a guided tour of the underground Because the dark web is a hub for cybercriminals to exchange tools, information, and services, dark web threat intelligence is crucial for companies, as it offers an uncensored view into the current cybercrime landscape and trends. "


Is your password policy working? Key cybersecurity KPIs to measure

ciber
2024-07-30 https://www.bleepingcomputer.com/news/security/is-your-password-policy-working-key-cybersecurity-kpis-to-measure/
Are your password policies having a positive impact on the cybersecurity posture of your org? Learn more from Specops Software about how to align password policies with wider cybersecurity KPIs. [...] "

Autosummary: Get a snapshot of your password vulnerabilities today Specops Password Auditor is a free read-only auditing tool that helps IT teams proactively identify password vulnerabilities in their organization’s Active Directory. User-driven password reset requests Tracking how often users are resetting their passwords can help identify weak spots in your security system or faulty authentication protocols. Regular scans of your Active Directory with an auditing tool should show a reduction or complete elimination of end user accounts with no password, expired passwords, or identical password to other users. "


The cost of cybersecurity burnout: Impact on performance and well-being

ciber
2024-07-29 https://www.helpnetsecurity.com/2024/07/29/cybersecurity-professionals-stress-burnout-statistics/

This article includes excerpts from recent reports we covered, providing statistics and insights into the levels of stress and burnout experienced by cybersecurity professionals. Most cybersecurity pros took time off due to mental health issues Hack The Box | Building a firewall against cybersecurity burnout | June 2024 74% of cybersecurity professionals globally say that they have taken time off due to work-related mental well-being problems, with staff reporting taking an average of 3.4 sick … More

The post The cost of cybersecurity burnout: Impact on performance and well-being appeared first on Help Net Security.

"

Autosummary: Proofpoint | 2024 Voice of the CISO | May 2024 In 2024, 53% of CISOs admitted to burnout compared to 60% last year, while 66% feel they face excessive expectations, a steady increase from 61% last year and 49% in 2022. "


Week in review: CrowdStrike-triggered outage insights, recovery, and measuring cybersecurity ROI

ciber
2024-07-28 https://www.helpnetsecurity.com/2024/07/28/week-in-review-crowdstrike-triggered-outage-insights-recovery-and-measuring-cybersecurity-roi/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for Crowdstrike Falcon Sensors that threw Windows hosts into a blue-screen-of-death (BSOD) loop. Vulnerability in Telegram app for … More

The post Week in review: CrowdStrike-triggered outage insights, recovery, and measuring cybersecurity ROI appeared first on Help Net Security.

"

Autosummary: Confidential AI: Enabling secure processing of sensitive data In this Help Net Security interview, Anand Pashupathy, VP & GM, Security Software & Services Division at Intel, explains how Intel’s approach to confidential computing, particularly at the silicon level, enhances data protection for AI applications and how collaborations with technology leaders like Google Cloud, Microsoft, and Nvidia contribute to the security of AI solutions.Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for Crowdstrike Falcon Sensors that threw Windows hosts into a blue-screen-of-death (BSOD) loop. "


AI-generated deepfake attacks force companies to reassess cybersecurity

ciber
2024-07-26 https://www.helpnetsecurity.com/2024/07/26/deepfake-response-plans/

As AI-generated deepfake attacks and identity fraud become more prevalent, companies are developing response plans to address these threats, according to GetApp. In fact, 73% of US respondents report that their organization has developed a deepfake response plan. This concern stems from the growing sophistication of AI-driven impersonation attacks that can undermine traditional security measures like biometric authentication, which were previously considered highly secure but are now being called into question. Companies are developing deepfake … More

The post AI-generated deepfake attacks force companies to reassess cybersecurity appeared first on Help Net Security.

"

Autosummary: Companies are developing deepfake response plans Also, much like phishing attack preparation, it appears that companies are looking to run simulations of attacks to increase preparedness as a majority of respondents work in companies where this is already implemented. "


Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining

ciber
2024-07-26 https://thehackernews.com/2024/07/ongoing-cyberattack-targets-exposed.html
Cybersecurity researchers are sounding the alarm over an ongoing campaign that"s leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of Selenium (3.141.59 and prior), is believed to be underway since at least April 2023. "Unbeknownst to most "

Autosummary: "Unbeknownst to most users, Selenium WebDriver API enables full interaction with the machine itself, including reading and downloading files, and running remote commands," Wiz researchers Avigayil Mechtinger, Gili Tikochinski, and Dor Laska said. "


Offensive AI: The Sine Qua Non of Cybersecurity

ciber
2024-07-26 https://thehackernews.com/2024/07/offensive-ai-sine-qua-non-of.html
"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, which read "I"m the Creeper: catch me if you can." was the output of a program named "

Autosummary: Plato"s adage, "Necessity is the mother of invention," is an apt characterization of cybersecurity today, where new AI-driven threats drive the innovation of more advanced security controls.While unconfirmed, it is believed that Ray Thomlinson, famously known for inventing email, developed Reaper, a program designed to remove Creeper from Infected Machines. "


Why Multivendor Cybersecurity Stacks Are Increasingly Obsolete

ciber
2024-07-25 https://www.bleepingcomputer.com/news/security/why-multivendor-cybersecurity-stacks-are-increasingly-obsolete/
Multivendor tech stacks are costly and complex to integrate and manage. Learn more from Cynet about how an All-in-One approach reduces costs for MSPs and SMEs, while offering increased security. [...] "

Autosummary: Activating All-in-One advantages By consolidating tools, automating tasks, and enhancing efficiency, the All-in-One approach to cybersecurity empowers MSPs to maximize their margins.Cynet’s All-in-One Cybersecurity Platform, on the other hand, a purpose-built unified full suite of security capabilities on a single, simple platform. "


Cybersecurity jobs available right now: July 24, 2024

ciber
2024-07-24 https://www.helpnetsecurity.com/2024/07/24/cybersecurity-jobs-available-right-now-july-24-2024/

Applied Cryptographer Quantstamp | EMEA | Remote – View job details As an Applied Cryptographer, you will research about various cryptographic protocols and have knowledge of cryptographic primitives or concepts, like elliptic curve cryptography, hash functions, and PCPs. You should have experience with at least one major language, like Rust, Python, Java, or C; the exact language is not too important. You should be familiar with versioning software (specifically, GitHub), testing, and a familiarity with … More

The post Cybersecurity jobs available right now: July 24, 2024 appeared first on Help Net Security.

"

Autosummary: Director of Information Security, Cyber Risk and Compliance S&P Global | Italy | On-site – View job details As a Director of Information Security, Cyber Risk and Compliance, you will become familiar with the Cyber Risk and Compliance team activities and Market Intelligence regarding SOC reporting, relevant regulatory requirements, control frameworks, internal and external audit processes, customer interactions including security questions and audits, and overall company and divisional cyber security processes and controls. Digital Forensics and Incident Response Analyst Accenture | Philippines | On-site – View job details As a Digital Forensics and Incident Response Analyst, you will perform incident response to cybersecurity incidents, including but not limited to APT & Nation State attacks, Ransomware infections and Malware outbreaks, Insider Threats, BEC, DDOS, Security and Data breach, etc. Senior CyberSecurity Architect Hexagon Geosystems | European Economic Area | Remote – View job details As a Senior CyberSecurity Architect, you will plan, organize, test, and document the implementation of new security systems and tools; define the success criteria and security requirements, and develop reference architecture, functional and non-functional requirements for proof-of-concept efforts and projects. (Senior) Information Security Officer Oetker Digital | Germany | Hybrid – View job details As a (Senior) Information Security Officer, you will develop, implement, and monitor a strategic, comprehensive company information security and IT risk management program, based on the Oetker Group-wide security directive. "


Cybersecurity ROI: Top metrics and KPIs

industry ciber
2024-07-24 https://www.helpnetsecurity.com/2024/07/24/karthik-swarnam-armorcode-cybersecurity-roi/

In this Help Net Security interview, Karthik Swarnam, Chief Security and Trust Officer at ArmorCode, discusses key metrics and KPIs to measure cybersecurity ROI. Swarnam shares strategies for enhancing ROI through proactive measures and effective communication with executive leadership. What are the primary metrics and KPIs used to measure the ROI of cybersecurity investments? Today, cybersecurity investments are evaluated not just for cost avoidance but for a much broader range of benefits. These metrics include: … More

The post Cybersecurity ROI: Top metrics and KPIs appeared first on Help Net Security.

"

Autosummary: To improve cybersecurity ROI, security professionals should: Establish clear metrics: Define and measure key metrics across various domains such as identity & access management, risk remediation, software development, data loss prevention, and messaging security. Define and measure key metrics across various domains such as identity & access management, risk remediation, software development, data loss prevention, and messaging security.In this Help Net Security interview, Karthik Swarnam, Chief Security and Trust Officer at ArmorCode, discusses key metrics and KPIs to measure cybersecurity ROI. Tool rationalization: By leveraging a governance layer, organizations can eliminate redundant security tools, optimizing their security investments.Traditional metrics for this measurement include the number of detected incidents, Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), and patch management (average time to deploy fixes). "


SocGholish Malware Exploits BOINC Project for Covert Cyberattacks

exploits ciber
2024-07-22 https://thehackernews.com/2024/07/socgholish-malware-exploits-boinc.html
The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC. BOINC, short for Berkeley Open Infrastructure Network Computing Client, is an open-source "volunteer computing" platform maintained by the University of California with an aim to carry out "large-scale "

Autosummary: These malicious installations are designed to connect to an actor-controlled domain ("rosettahome[.]cn" or "rosettahome[.]top"), essentially acting as a command-and-control (C2) server to collect host data, transmit payloads, and push further commands. "


End-user cybersecurity errors that can cost you millions

ciber
2024-07-22 https://www.bleepingcomputer.com/news/security/end-user-cybersecurity-errors-that-can-cost-you-millions/
An innocent mistake can lead to a corporate nightmare. Learn from Specops Software about five of the most frequent cybersecurity blunders that can let attackers breach a network. [...] "

Autosummary: Cybercriminals could gain access to corporate data, cloud applications, and storage, opening up a Pandora"s box of security risks, including data breaches, intellectual property theft, and reputational damage.Reusing passwords You can have an effective password policy in place, but if your employees are reusing their passwords on less-secure personal devices, websites, and applications, then they’re still leaving the door wide open for cybercriminals. To prevent these mix-ups, consider requiring encryption for sensitive emails, implementing pop-up reminders for double-checking addresses, and deploying data loss prevention solutions that act as a safety net. "


MSPs & MSSPs: How to Increase Engagement with Your Cybersecurity Clients Through vCISO Reporting

ciber
2024-07-22 https://thehackernews.com/2024/07/msps-mssps-how-to-increase-engagement.html
As a vCISO, you are responsible for your client"s cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, “Your First 100 Days as a vCISO – 5 Steps to Success”, which covers all the phases entailed in launching a successful vCISO engagement, along with recommended "

Autosummary: vCISO Reporting Benefits Drilling down into the aforementioned purpose, vCISO reporting provides multiple benefits for both the vCISO and the client: For the vCISO - Ensuring the vCISO is aligned with client expectations Ensuring the client understands their security and compliance posture Creating a shared vision between the vCISO and the client Build consensus on an improvement path (rather than solely pushing recommendations one-sidedly) Anchoring initiatives into business outcomes Driving retention and sales For the client - Controlling their security destiny Designing their security journey based on business outcomes and allowing them to own the risk associated with their decisions and actions Simplified decision-making Noise reduction Bandwidth and scale Getting easy buttons and resources for tactical execution Ensuring they perceive the high ROI being provided for their vCISO investment 4 Essential Sections of a vCISO Report To uncover all the benefits listed above, it is recommended to create a report that covers four sections: Section 1: General Recap - The summary, top-level metrics and any "hot stove" items.Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success", which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples. A roadmap review, holding a business-led discussion, recommendations and mapping the RCT (Resource, Commitment, Time) for the next steps.Section 3: Strategic Review - A roadmap review, holding a business-led discussion, recommendations and mapping the RCT (Resource, Commitment, Time) for the next steps. "


Greece’s Land Registry agency breached in wave of 400 cyberattacks

ciber
2024-07-22 https://www.bleepingcomputer.com/news/security/greeces-land-registry-agency-breached-in-wave-of-400-cyberattacks/
The Land Registry agency in Greece has announced that it suffered a limited-scope data breach following a wave of 400 cyberattacks targeting its IT infrastructure over the last week. [...] "

Autosummary: "


Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

exploits ciber
2024-07-20 https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html
Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve distributing a ZIP archive file named "crowdstrike-hotfix.zip," "

Autosummary: "


The complexities of cybersecurity update processes

ciber
2024-07-19 https://www.welivesecurity.com/en/cybersecurity/complexities-cybersecurity-update-processes/
If a software update process fails, it can lead to catastrophic consequences, as seen today with widespread blue screens of death blamed on a bad update by CrowdStrike "

Autosummary: If a software update process fails, it can lead to catastrophic consequences, as seen today with widespread blue screens of death blamed on a bad update by CrowdStrike Cybersecurity is often about speed; a threat actor creates a malicious attack technique or code, cybersecurity companies react to the new threat and if necessary, adjust and adopt methods to detect the threat. "


ARRL finally confirms ransomware gang stole data in cyberattack

exploits ransomware ciber
2024-07-11 https://www.bleepingcomputer.com/news/security/arrl-finally-confirms-ransomware-gang-stole-data-in-cyberattack/
The American Radio Relay League (ARRL) finally confirmed that some of its employees" data was stolen in a May ransomware attack initially described as a "serious incident." [...] "

Autosummary: "


Understanding IoT security risks and how to mitigate them | Cybersecurity podcast

industry ciber
2024-07-10 https://www.welivesecurity.com/en/videos/understanding-iot-security-risks-mitigate-cybersecurity-podcast/
As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds? "

Autosummary: "


Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella

ciber
2024-07-09 https://www.helpnetsecurity.com/2024/07/09/microsoft-cybersecurity-dilemma/

Microsoft is suffering cybersecurity failures due to systemic problems with strategic leadership. The world is witnessing an alarming trend of cybersecurity issues with Microsoft products and services. Over the past several years, Microsoft has suffered several serious attacks with cloud and email environments being compromised. In some cases, customers were kept in the dark, giving attackers additional time to exploit victims and entrench themselves deeper to the detriment of those affected. Microsoft ignored foundational aspects … More

The post Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella appeared first on Help Net Security.

"

Autosummary: 4. Establish a formal process that includes external industry experts and advisors for additional review, insights, and recommendations in early design and architecture phases, version releases, and during events where cybersecurity may impact overall trust by customers.Position the new team to spearhead or contribute with authority in discussions with media, regulators, governments, and partners when articulating the overall security strategy, risk/benefit discussions, and holistic approach for cybersecurity to enhance the trust of customers.Technical cybersecurity architects, engineers, and developers play a key role in making sure a product is coded securely, but they are not inherently adept at understanding how such solutions will create problems across the ecosystem when misused, compromised, or manipulated.A strategic cybersecurity leadership team must be established to work closely with every product and service division to help them avoid cybersecurity pitfalls and innovate, to increase the overall competitive advantage value of security, privacy, safety, and trust in those products. Just weeks after Brad Smith, the Vice Chairman and President of Microsoft, spoke before Congress and offered assurances, came another embarrassment: Microsoft allowed some of its security certificates to expire for its Office products, and its customers received security alerts from anti-malware agents that blocked the activities for the expired certificates. "


Exploring the root causes of the cybersecurity skills gap

ciber
2024-07-09 https://www.helpnetsecurity.com/2024/07/09/koma-gandy-skillsoft-cybersecurity-skills-gap/

In this Help Net Security interview, Koma Gandy, VP of Leadership and Business at Skillsoft, addresses the critical aspects of the cybersecurity skills gap, the need for diverse talent and continuous upskilling in areas like AI and cloud computing. Gandy advocates training that combines technical expertise with essential power skills to meet evolving industry demands and secure future career opportunities in cybersecurity. What are the primary factors contributing to the cybersecurity skills gap? Are there … More

The post Exploring the root causes of the cybersecurity skills gap appeared first on Help Net Security.

"

Autosummary: As technologies change and new challenges arise, it’s paramount that organizations and talent take a holistic approach to skills, investing in power skills like interpersonal communication, problem solving, executive presence and creative thinking, along with technical skills and knowledge of how bad actors exploit threat vectors to proactively defend the organization against potential threats, and how to communicate incidents and responses in ways that different audiences can understand (e.g. C-suite, Board, etc.) An effective training program should be multi-modal, involving virtual, on-demand courses, as well as interactive, AI-driven, and instructor-led elements.In this Help Net Security interview, Koma Gandy, VP of Leadership and Business at Skillsoft, addresses the critical aspects of the cybersecurity skills gap, the need for diverse talent and continuous upskilling in areas like AI and cloud computing. "


Cybersecurity Agencies Warn of China-linked APT40"s Rapid Exploit Adaptation

exploits ciber
2024-07-09 https://thehackernews.com/2024/07/cybersecurity-agencies-warn-of-china.html
Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release. "APT 40 has previously targeted organizations in various countries, including "

Autosummary: " The adversarial collective, also known as Bronze Mohawk, Gingham Typhoon (formerly Gadolinium), ISLANDDREAMS, Kryptonite Panda, Leviathan, Red Ladon, TA423, and TEMP.Periscope, is known to be active since at least 2013, carrying out cyber attacks targeting entities in the Asia-Pacific region. "


Fujitsu confirms customer data exposed in March cyberattack

ciber
2024-07-09 https://www.bleepingcomputer.com/news/security/fujitsu-confirms-customer-data-exposed-in-march-cyberattack/
Fujitsu confirms that information related to some individuals and customers" business has been compromised during the data breach detected earlier this year. [...] "

Autosummary: "


5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy

ciber
2024-07-08 https://thehackernews.com/2024/07/5-key-questions-cisos-must-ask.html
Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore.  Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. And when the inevitable CISO/Board briefing rolls "

Autosummary: The Questions As a CISO, asking yourself these five key questions can help you bridge the board/executive communication gap, present a clear picture of cybersecurity posture, and gain the support needed to effectively manage risk: 1. The Numbers Speak Despite this clear and pressing need for communication, recent research by Heidrick and Struggles, leading executive search, and corporate culture consulting services, revealed a worrying disconnect between CISOs and CEOs.Recognizing your team"s successes boosts organizational morale, fosters a culture of security awareness, and highlights the value of cybersecurity investments.A company board deserves clear, concise information tied to business goals, not technical details about fixes or attack methods. "


Authy phone numbers accessed by cybercriminals, warns Twilio

ciber
2024-07-04 https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio
Authy users have been warned that their phone numbers have been obtained by cybercriminals that abused an unsecured API endpoint. "

Autosummary: “In late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.” "


Cybersecurity jobs available right now: July 3, 2024

ciber
2024-07-03 https://www.helpnetsecurity.com/2024/07/03/cybersecurity-jobs-available-right-now-july-3-2024/

CISO Atera | Israel | On-site – View job details The CISO will oversee our company’s information, cyber, and technology security and will have end to end full responsibility developing, implementing, and enforcing security policies, procedures, and protocols to protect critical data. Cyber Defense Specialist Explora Journeys | Italy | On-site – View job details As a Cyber Defense Specialist, you will operate and optimize security tooling/products, including security email gateway, firewall, IDS/IPS, web security … More

The post Cybersecurity jobs available right now: July 3, 2024 appeared first on Help Net Security.

"

Autosummary: Responsibilities include: managing the delivery of technical security assurance testing to our clients, from initial project scoping, test execution and reporting; Delivering cybersecurity testing services, such as but not limited to penetration testing services (including web App, Mobile App, and network), vulnerability assessments, phishing campaigns, and red teaming exercises; Undertaking security assessments of technical Infrastructure including, for example: M365, Google Cloud, Azure, AWS, backups, Networks.Do the Consulting for local PCT on IT related technical issues on security aspects of process automation systems (e.g. domains, network segmentation, ICS upgrade, time synchronization, license management, firewalls, patching, server hardening, SIEM, PAM, remote access, network monitoring, etc.). Cyber Defense Specialist Explora Journeys | Italy | On-site – View job details As a Cyber Defense Specialist, you will operate and optimize security tooling/products, including security email gateway, firewall, IDS/IPS, web security gateway, emergency detect and response, logging and auditing, event and incident management, privileged access management and authentication.Determine cyber threat resource requirements, availability, adequacy, and define gap between cyber threat emulation capability and the actual threat Senior Security Architect II Electronic Arts | Canada | Hybrid – View job details As a >Senior Security Architect II, you will lead complex design assessments on EA user generated experience (UGX) products hosted in the Cloud and running on PC, web, mobile, and consoles, identifying and driving the remediation of security and gameplay integrity issues.CISO Atera | Israel | On-site – View job details The CISO will oversee our company’s information, cyber, and technology security and will have end to end full responsibility developing, implementing, and enforcing security policies, procedures, and protocols to protect critical data. "


Companies spend more on cybersecurity but struggle to track expenses

ciber
2024-07-03 https://www.helpnetsecurity.com/2024/07/03/cybersecurity-budgets-approach/

Most companies do not know how effectively they are investing money to fight the cybersecurity threat, according to Optiv. Cybersecurity budgets are increasing and cyber incidents are rampant, and yet only a small percentage of respondents have a formal approach to determining cybersecurity budgets, which can lead to inefficiencies and missed opportunities to address critical security gaps. Lack of formal approach to cybersecurity budgets Based on an independent Ponemon Institute survey, the report reveals a … More

The post Companies spend more on cybersecurity but struggle to track expenses appeared first on Help Net Security.

"

Autosummary: More companies are leveraging AI in the form of use and prevention: 44% of respondents use AI/ML to prevent cyberattacks 35% purchased use-case specific tools 31% use existing tools 34% use automated processes and audits “Our independent research for Optiv reveals the positive steps organizations are taking to reduce risk, while also addressing the challenges they face in the evolving cyber threat landscape,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "


Israeli Entities Targeted by Cyberattack Using Donut and Sliver Frameworks

ciber
2024-07-03 https://thehackernews.com/2024/07/israeli-entities-targeted-by.html
Cybersecurity researchers have discovered an attack campaign that targets various Israeli entities with publicly-available frameworks like Donut and Sliver. The campaign, believed to be highly targeted in nature, "leverage target-specific infrastructure and custom WordPress websites as a payload delivery mechanism, but affect a variety of entities across unrelated verticals, and rely on "

Autosummary: "


Polish government investigates Russia-linked cyberattack on state news agency

government ciber
2024-07-03 https://securityaffairs.com/165139/intelligence/polish-government-investigating-russia-attack.html
The Polish government is investigating a potential connection between Russia and a cyberattack on the country’s state news agency. The Polish government is investigating a suspected link between Russia and the cyberattack on the country’s state news agency Polish Press Agency (PAP). “The Polish Press Agency (PAP) has been hit by a cyberattack; all pertinent […] "

Autosummary: Polish government investigates Russia-linked cyberattack on state news agency Pierluigi Paganini July 03, 2024 July 03, 2024 The Polish government is investigating a potential connection between Russia and a cyberattack on the country’s state news agency. "


Europol takes down 593 Cobalt Strike servers used by cybercriminals

ciber
2024-07-03 https://www.bleepingcomputer.com/news/security/europol-takes-down-593-cobalt-strike-servers-used-by-cybercriminals/
Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims" networks. [...] "

Autosummary: Private industry partners like BAE Systems Digital Intelligence, Trellix, Spamhaus, abuse.ch, and The Shadowserver Foundation also offered their support during this international law enforcement operation, providing help via their enhanced scanning, telemetry, and analytical capabilities to identify Cobalt Strike servers used in cybercriminal campaigns. "


TeamViewer links corporate cyberattack to Russian state hackers

government rusia-ucrania ciber
2024-06-28 https://www.bleepingcomputer.com/news/security/teamviewer-links-corporate-cyberattack-to-russian-state-hackers/
RMM software developer TeamViewer says a Russian state-sponsored hacking group known as Midnight Blizzard is believed to be behind a breach of their corporate network this week. [...] "

Autosummary: "Following best-practice architecture, we have a strong segregation of the Corporate IT, the production environment, and the TeamViewer connectivity platform in place," continues TeamViewer"s statement. TeamViewer says they believe their internal corporate network, not their production environment, was breached on Wednesday, June 26, using an employee"s credentials. "


A cyberattack shut down the University Hospital Centre Zagreb in Croatia

ciber
2024-06-28 https://securityaffairs.com/165007/hacking/cyberattack-shutdown-university-hospital-centre-zagreb.html
A cyber attack started targeting the University Hospital Centre Zagreb (KBC Zagreb) on Wednesday night, reported the Croatian Radiotelevision. A cyber attack began targeting the University Hospital Centre Zagreb (KBC Zagreb), the largest Croatian hospital, on Wednesday night, according to a report by Croatian Radiotelevision. The hospital has shut down its IT infrastructure in response […] "

Autosummary: The hospital did not reveal the type of attack that hit its systems, however, HelpnetSecurity reported that this week a series of DDoS attacks targeted the websites of several Croatian government and financial institutions, including the Ministry of Finance, the Tax Administration, the Croatian National Bank, the Economic Bank of Zagreb, and the Zagreb Stock Exchange. "


Largest Croatian hospital under cyberattack

ciber
2024-06-27 https://www.helpnetsecurity.com/2024/06/27/largest-croatian-hospital-under-cyberattack/

The University Hospital Centre Zagreb (KBC Zagreb) is under cyberattack that started on Wednesday night, the Croatian Radiotelevision has reported. Because of the attack, the hospital has shut down its information system and will be switching parts of it online once they are sure it’s safe to do so. All services are working, but the processing of patients is slower than usual, Milivoj Novak, Assistant Director at the hospital, has said in a press conference. … More

The post Largest Croatian hospital under cyberattack appeared first on Help Net Security.

"

Autosummary: DDoS on Croatian institutions It is currently unknown whether the cyberattack against the hospital involved the deployment of ransomware, and whether it’s connected to yesterday’s DDoS attacks on the websites of several Croatian government and financial institutions: the Ministry of Finance, the Tax Administration, the Croatian National Bank (HNB), the Economic Bank of Zagreb (PBZ), and the Zagreb Stock Exchange (ZSE). "


Cybersecurity jobs available right now: June 26, 2024

ciber
2024-06-26 https://www.helpnetsecurity.com/2024/06/26/cybersecurity-jobs-available-right-now-june-26-2024/

CISO Influx | Indonesia | Remote – View job details As a CISO, you will be responsible for protecting Influx from information security risks through the development, implementation, and maintenance of our security program (policies, procedures, and standards). Cloud Security Engineer Atom | United Kingdom | Remote – View job details As a Cloud Security Engineer, you’ll design, develop and deliver the security model of Atom bank’s cloud environment ensuring that infrastructure, applications, and processes … More

The post Cybersecurity jobs available right now: June 26, 2024 appeared first on Help Net Security.

"

Autosummary: Offensive Security Topic Leader – Offensive Security, Malware, Command and Control (C2) Kyndryl | Germany | On-site – View job details As an Offensive Security Topic Leader – Offensive Security, Malware, Command and Control (C2), you will develop, standardize, and maintain advanced Malware and C2 operations, alongside strategic Red Teaming exercises. Cloud Security Engineer Atom | United Kingdom | Remote – View job details As a Cloud Security Engineer, you’ll design, develop and deliver the security model of Atom bank’s cloud environment ensuring that infrastructure, applications, and processes remain inline with various security standards, legal, regulatory, and industry best practice frameworks. Cybersecurity Engineer – Cloud GM Financial | USA | On-site – View job details The Cybersecurity Engineer – Cloud will be responsible for developing, deploying, monitoring, tuning, evaluating, reporting, and maintaining systems and procedures; and to identify and mitigate threats to the corporate network, corporate assets and corporate users. Penetration Test North America Lead JPMorganChase | USA | On-site – View job details As a Penetration Test North America Lead, design and execute testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies, tools, and frameworks to ensure alignment with the firm’s strategy and compliance with regulatory requirements. "


CISOs’ new ally: Qualys CyberSecurity Asset Management 3.0

ciber
2024-06-25 https://www.helpnetsecurity.com/2024/06/25/kunal-modasiya-qualys-cybersecurity-asset-management-3-0/

In this Help Net Security interview, Kunal Modasiya, VP of Product Management and Growth at Qualys, explores the key features, significant advantages, and innovative technologies behind Qualys CyberSecurity Asset Management 3.0. Can you explain the key features of Qualys CyberSecurity Asset Management 3.0 and how it differs from previous versions? The modern attack surface continues to evolve, and it is becoming untenable for organizations today to rely on siloed point solutions for narrow asset discovery … More

The post CISOs’ new ally: Qualys CyberSecurity Asset Management 3.0 appeared first on Help Net Security.

"

Autosummary: This includes scanning and sensors for IT assets, patent-pending EASM technology, monitoring of multi-cloud environments, built-in network passive sensing, and third-party connectors to enrich the asset inventory. Now, end-of-support (EoS) software, missing security controls (such as having no endpoint detection and response (EDR) agents), risky open ports, and misconfigured or unauthorized software and services are all baked into the TruRisk Score to help cybersecurity teams automatically pinpoint the greatest risks.In this Help Net Security interview, Kunal Modasiya, VP of Product Management and Growth at Qualys, explores the key features, significant advantages, and innovative technologies behind Qualys CyberSecurity Asset Management 3.0. Gary Bowen, director of security operations at Brown & Brown Insurance noted, “The Qualys Cloud Agent passive sensor has proven to be a game-changer, providing us with unparalleled visibility and immediate insights across our hybrid IT and OT domains, all without the complexities of identifying optimal locations for network taps. "


Breaking down the numbers: Q2 2024 cybersecurity funding activity recap

ciber
2024-06-25 https://www.helpnetsecurity.com/2024/06/25/cybersecurity-funding-q2-2024/

We present a list of selected cybersecurity companies that received funding during the second quarter of 2024 (Q2 2024). Alethea April | $20 million Alethea closed a $20 million Series B funding round led by GV, with participation from Ballistic Ventures, who led Alethea’s Series A funding in 2022. Also participating in the round is Hakluyt Capital, which invests alongside leading venture capital funds, targeting companies with high growth potential and international ambitions. BforeAI April … More

The post Breaking down the numbers: Q2 2024 cybersecurity funding activity recap appeared first on Help Net Security.

"

Autosummary: StrikeReady April | $12 million StrikeReady has received $12 million in Series A funding, led by 33N Ventures, with participation from Hitachi Ventures, Monta Vista Capital, and industry luminaries Brian NeSmith, executive chairman and former CEO at Arctic Wolf, and Rod Beckstrom, former CEO of ICANN and Founding Director of the U.S. National Cybersecurity Center (now CISA). Transcend May | $40 million Transcend raised $40 million in Series B funding led by new investor StepStone Group, with participation from HighlandX and existing investors Accel, Index Ventures, 01 Advisors (01A), Script Capital, and South Park Commons. "


Four FIN9 hackers indicted for cyberattacks causing $71M in losses

ciber
2024-06-24 https://www.bleepingcomputer.com/news/security/four-fin9-hackers-indicted-for-cyberattacks-causing-71m-in-losses/
Four Vietnamese nationals linked to the international cybercrime group FIN9 have been indicted for their involvement in a series of computer intrusions that caused over $71 million in losses to companies in the U.S. [...] "

Autosummary: Once FIN9 established access to a target network, they stole confidential data, including financial information, account credentials, employee benefits, gift cards, and credit card information. "


Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed

ciber
2024-06-23 https://www.helpnetsecurity.com/2024/06/23/week-in-review-cdk-global-cyberattack-vcenter-server-critical-rce-fixed/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The rise of SaaS security teams In this Help Net Security interview, Hillary Baron, Senior Technical Director for Research at CSA, highlights that the recent surge in organizations establishing dedicated SaaS security teams is driven by significant data breaches involving widely used platforms. Enhancing security through collaboration with the open-source community In this Help Net Security interview, Alan DeKok, CEO … More

The post Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed appeared first on Help Net Security.

"

Autosummary: SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting SELKS is a free, open-source, turnkey solution for Suricata-based network intrusion detection and protection (IDS/IPS), network security monitoring (NSM), and threat hunting. Cilium: Open-source eBPF-based networking, security, observability Cilium is an open-source, cloud-native solution that leverages eBPF technology in the Linux kernel to provide, secure, and monitor network connectivity between workloads. "


Improving OT cybersecurity remains a work in progress

ciber
2024-06-20 https://www.helpnetsecurity.com/2024/06/20/ot-security-improvement-areas/

Organizations have made progress in the past 12 months related to advancing their OT security posture, but there are still critical areas for improvement as IT and OT network environments continue to converge, according to Fortinet. Cyberattacks that compromise OT systems are on the rise In 2023, 49% of respondents experienced an intrusion that impacted either OT systems only or both IT and OT systems. But this year, 73% of organizations are being impacted. The … More

The post Improving OT cybersecurity remains a work in progress appeared first on Help Net Security.

"

Autosummary: At the same time, there was an increase to move OT responsibility to other C-suite roles, including the CIO, CTO and COO, to upwards of 60% in the next 12 months, clearly showing concern for OT security and risk in 2024 and beyond. "


Most cybersecurity pros took time off due to mental health issues

ciber
2024-06-20 https://www.helpnetsecurity.com/2024/06/20/cybersecurity-stress-burnout-cost/

Cybersecurity and infosecurity professionals say that work-related stress, fatigue, and burnout are making them less productive, including taking extended sick leave – costing US enterprises almost $626 million in lost productivity every year, according to Hack The Box. Cybersecurity has an essential role to play for businesses, clearly demonstrated by the inclusion of CISOs on the board. With increased numbers of threats rising 600% since the pandemic, the proliferation of criminal groups, and the emergence … More

The post Most cybersecurity pros took time off due to mental health issues appeared first on Help Net Security.

"

Autosummary: 90% of CISOs say they are concerned about the impact of stress, fatigue, and burnout on their workforce’s well-being, whereas only 47% of CEOs seem to be equally concerned about their cybersecurity teams’ stress, fatigue, and burnout on increased errors.Cybersecurity and infosecurity professionals say that work-related stress, fatigue, and burnout are making them less productive, including taking extended sick leave – costing US enterprises almost $626 million in lost productivity every year, according to Hack The Box. "


CDK Global cyberattack cripples 15,000 US auto dealerships

ciber
2024-06-20 https://www.helpnetsecurity.com/2024/06/20/cdk-cyberattack/

CDK Global, a software-as-a-service (SaaS) provider for car dealers and auto equipment manufacturers, has suffered a cyberattack that has temporarily disrupted its customers’ operations. About CDK and its platform CDK’s platform is used by 15,000+ car dealerships across North America to manage their sales, customer relationships, financing, inventory, customer support, and other aspects of their day-to-day operations. The customers use locally installed apps to access the CDK platform, and round-the-clock access to the platform and … More

The post CDK Global cyberattack cripples 15,000 US auto dealerships appeared first on Help Net Security.

"

Autosummary: About CDK and its platform CDK’s platform is used by 15,000+ car dealerships across North America to manage their sales, customer relationships, financing, inventory, customer support, and other aspects of their day-to-day operations. "


Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024

ciber
2024-06-20 https://thehackernews.com/2024/06/tool-overload-why-msps-are-still.html
Highlights Complex Tool Landscape: Explore the wide array of cybersecurity tools used by MSPs, highlighting the common challenge of managing multiple systems that may overlap in functionality but lack integration.Top Cybersecurity Challenges: Discuss the main challenges MSPs face, including integration issues, limited visibility across systems, and the high cost and complexity of maintaining "

Autosummary: The Guardz unified cybersecurity platform encompasses email security, endpoint security, secure web browsing, phishing simulation, DLP, cyber insurance, and more to provide you with user-centric and automated threat detection and response, giving your clients peace of mind that their business is being secured from the inside out. Alert Fatigue: Too Many Tools, Too Much Noise Since MSPs rely on so many standalone cybersecurity tools to handle daily operations, they are tasked with an overwhelming number of alerts and large volumes of data that need to be ingested and analyzed. : Discuss the main challenges MSPs face, including integration issues, limited visibility across systems, and the high cost and complexity of maintaining diverse tools. "


CDK Global hacked again while recovering from first cyberattack

ciber
2024-06-20 https://www.bleepingcomputer.com/news/security/cdk-global-hacked-again-while-recovering-from-first-cyberattack/
Car dealership SaaS platform CDK Global suffered an additional breach Wednesday night as it was starting to restore systems shut down in an previous cyberattack. [...] "

Autosummary: CDK Global is a software-as-a-service platform that provides a full suite of applications to handle a car dealership"s operation, including sales, back office, financing, inventory, and service and support. "


Crown Equipment cyberattack confirmed, manufacturing disrupted for weeks

industry ciber
2024-06-20 https://www.helpnetsecurity.com/2024/06/20/crown-equipment-cyberattack/

Ohio-based Crown Equipment, which is among the largest industrial and forklift truck manufacturers in the world, has become a victim of a cyberattack “by an international cybercriminal organization,” the company has finally confirmed to its employees on Tuesday. The confirmation came nine days after the company’s network went down (on June 9) and eight days after its manufacturing plants came to a standstill (on June 10), as reported as reported by German security blogger Günter … More

The post Crown Equipment cyberattack confirmed, manufacturing disrupted for weeks appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity jobs available right now: June 19, 2024

ciber
2024-06-19 https://www.helpnetsecurity.com/2024/06/19/cybersecurity-jobs-available-right-now-june-19-2024/

Application Penetration Tester ShiftCode Analytics | USA | On-site – View job details As an Application Penetration Tester, you will perform Ethical Application Penetration Testing (EAPT) on web applications and APIs. Provide the vulnerability information in the predefined report format after performing the App Pentest using manual methodology and App Pentest tools such as Burp Suite and Web Inspect. Provide assistance to the developers in detailing the vulnerabilities reported along with the recommendations for remediation. … More

The post Cybersecurity jobs available right now: June 19, 2024 appeared first on Help Net Security.

"

Autosummary: Incident Response Analyst HackersEye | Israel | Hybrid – View job details As an Incident Response Analyst, you will investigate and respond to cybersecurity incidents, conduct threat hunting activities using various tools and techniques, prepare detailed incident reports and briefings for clients and internal stakeholders, collaborate with cross-functional teams to enhance security measures and protocols, and train junior staff and contribute to knowledge sharing within the team. Senior IAM Engineer Trade Republic | Germany | Remote – View job details As a Senior IAM Engineer, you will design, develop, test, implement, and integrate Identity and Access Management (IAM) systems and solutions. Cyber Sec Gov & Risk Analyst UNSW | Australia | On-site – View job details As a Cyber Sec Gov & Risk Analyst, you will maintain cyber security policies and standards, periodically review, update, and align them with the overall policy framework and manage exemptions. Information Technology Specialist (Information Security) U.S. Immigration and Customs Enforcement (ICE) | USA | Remote – View job details As an Information Technology Specialist (Information Security), you will implement high-level security requirements such as those relating from laws, regulations, and presidential directives. "


Find out which cybersecurity threats organizations fear the most

ciber
2024-06-19 https://www.helpnetsecurity.com/2024/06/19/cybersecurity-threats-statistics-2024/

This article compiles excerpts from various reports, presenting statistics and insights on cybersecurity threats faced by businesses and individuals alike. Cyber insurance isn’t the answer for ransom payments Veeam | 2024 Ransomware Trends Report | June 2024 Ransomware remains an ongoing threat for organizations and is the largest single cause of IT outages and downtime as 41% of data is compromised during a cyberattack. Alarmingly, 63% of organizations are at risk of reintroducing infections while … More

The post Find out which cybersecurity threats organizations fear the most appeared first on Help Net Security.

"

Autosummary: Proofpoint | 2024 Voice of the CISO | May 2024 In 2024, 70% of CISOs surveyed feel at risk of experiencing a material cyber attack in the next 12 months, compared to 68% in 2023 and 48% in 2022. "


CDK Global cyberattack impacts thousands of US car dealerships

ciber
2024-06-19 https://www.bleepingcomputer.com/news/security/cdk-global-cyberattack-impacts-thousands-of-us-car-dealerships/
Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut down its systems and leaving clients unable to operate their business normally. [...] "

Autosummary: CDK Global provides clients in the auto industry a SaaS platform that handles all aspects of a car dealership"s operation, including CRM, financing, payroll, support and service, inventory, and back office operations. These negotiations can take weeks, and if a ransom is not paid, the threat actors ultimately leak the corporate data, which usually includes the personal information of employees and, potentially, customers. "


Crown Equipment confirms a cyberattack disrupted manufacturing

industry ciber
2024-06-19 https://www.bleepingcomputer.com/news/security/crown-equipment-confirms-a-cyberattack-disrupted-manufacturing/
Forklift manufacturer Crown Equipment confirmed today that it suffered a cyberattack earlier this month that disrupted manufacturing at its plants. [...] "

Autosummary: With IT systems down, employees have been unable to clock in their hours, access service manuals, and, we are told, deliver machinery in some cases. "


How to create your cybersecurity “Google Maps”: A step-by-step guide for security teams

ciber
2024-06-18 https://www.helpnetsecurity.com/2024/06/18/mapping-security-process/

Cybersecurity isn’t just about firewalls and antivirus. It’s about understanding how your defenses, people, and processes work together. Just like Google Maps revolutionized navigation, process mapping can revolutionize how you understand and manage your security landscape. We used to wrestle with paper maps to navigate new places. This was dangerous and inconvenient. Reading a map while driving means you do neither well. Then came the seemingly magical turn-by-turn GPS systems from the likes of Garmin … More

The post How to create your cybersecurity “Google Maps”: A step-by-step guide for security teams appeared first on Help Net Security.

"

Autosummary: Mapping your never-ending security evolution Although it’s an amazing product, we all run into errors on Google Maps — stores or restaurants that are closed, distances that are slightly off, directions that tell you to turn left at an intersection with a “No Left Turn” sign. Link your map to your SIEM, ticketing system, chat, email and security orchestration tools, etc.Integrate with your tools: Link your map to your SIEM, ticketing system, chat, email and security orchestration tools, etc.The ideal tool lets you create dynamic, interactive process maps that can be updated in real-time and filtered on any critical attribute (role, condition, location, type of process) "


Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

exploits ciber
2024-06-18 https://thehackernews.com/2024/06/cybercriminals-exploit-free-software.html
Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive files containing trojanized copies of a Cisco Webex Meetings App (ptService.exe)," Trellix security "

Autosummary: Similarly, users who end up selecting the "Auto-fix" are displayed WebDAV-hosted files named "fix.msi" or "fix.vbs" in Windows Explorer by taking advantage of the "search-ms:" protocol handler. "


Scathing report on Medibank cyberattack highlights unenforced MFA

financial ciber
2024-06-18 https://www.bleepingcomputer.com/news/security/scathing-report-on-medibank-cyberattack-highlights-unenforced-mfa/
A scathing report by Australia"s Information Commissioner details how misconfigurations and missed alerts allowed a hacker to breach Medibank and steal data from over 9 million people. [...] "

Autosummary: This data included customers" names, dates of birth, addresses, phone numbers, email addresses, Medicare numbers, passport numbers, health-related information, and claims data (such as patient names, provider names, primary/secondary diagnosis and procedure codes, and treatment dates. "


(Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13

ciber
2024-06-17 https://www.malwarebytes.com/blog/podcast/2024/06/almost-everything-you-always-wanted-to-know-about-cybersecurity-but-were-too-afraid-to-ask-with-tjitske-de-vries-lock-and-code-s05e13
This week on the Lock and Code podcast, we speak with Tjitske de Vries to answer some of the most common cybersecurity questions we receive. "

Autosummary: Show notes and credits: Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 4.0 License http://creativecommons.org/licenses/by/4.0/ Outro Music: “Good God” by Wowa (unminus.com) Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it. "


GenAI keeps cybersecurity pros on high alert

ciber
2024-06-13 https://www.helpnetsecurity.com/2024/06/13/businesses-ai-threats/

“Businesses across every industry face unprecedented challenges posed by an increasing attack surface, zero-day vulnerabilities, cloud misconfigurations, and new emerging threats driven by AI,” said Andrei Florescu, president and GM of Bitdefender Business Solutions Group. “The findings of our recent survey underscore a now vital approach to cybersecurity that layers threat prevention, protection, detection, and response across all environments, including cloud infrastructure, services, and supply chains. The goal of effective cybersecurity is not only stopping … More

The post GenAI keeps cybersecurity pros on high alert appeared first on Help Net Security.

"

Autosummary: At 73.5%, UK respondents experienced the most data breaches or leaks Germany at 61%, and Singapore experienced the least at 33% (24% below the average). "


Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware

exploits ciber
2024-06-13 https://thehackernews.com/2024/06/cybercriminals-employ-phantomloader-to.html
The nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, according to findings from cybersecurity firm Intezer. "The loader is added to a legitimate DLL, usually EDR or AV products, by binary patching the file and employing self-modifying techniques to evade detection," security researchers Nicole Fishbein and Ryan Robinson said in "

Autosummary: "


Cybersecurity jobs available right now: June 12, 2024

ciber
2024-06-12 https://www.helpnetsecurity.com/2024/06/12/cybersecurity-jobs-available-right-now-june-12-2024/

Cloud Security Engineer Metacore | Germany | Hybrid – View job details As a Cloud Security Engineer, you will develop, implement, and maintain cloud security architecture, policies, and procedures. You will collaborate with game and infrastructure teams to identify, evaluate, and mitigate security risks, and integrate security into the company’s development lifecycle. Additionally, you will develop and further improve the security of cloud infrastructure, emphasizing automated, reusable, and architecturally sound solutions. Cloud Security Operations and … More

The post Cybersecurity jobs available right now: June 12, 2024 appeared first on Help Net Security.

"

Autosummary: CSOC Analyst Northrop Grumman | United Kingdom | Hybrid – View job details As a CSOC Analyst, you will perform analytical duties to include security monitoring, host and network based log analysis, correlation of network threat indicators and PCAP data, analytical triage, incident response (both intrusion and privacy related). Senior Penetration Tester Logisek | Greece | Remote – View job details As a Senior Penetration Tester, will conduct penetration testing, security assessments, and deliver clear and concise security reports to our clients in Greece, USA, Europe and Middle East. Vice President Information Security Influx | Indonesia | Remote – View job details Vice President Information Security will be responsible for protecting Influx from information security risks through the development, implementation, and maintenance of company’S security program (policies, procedures, and standards). "


Major cybersecurity upgrades announced to safeguard American healthcare

ciber
2024-06-12 https://www.helpnetsecurity.com/2024/06/12/american-healthcare-cybersecurity/

Recent cyberattacks targeting the nation’s healthcare system have demonstrated the vulnerability of hospitals and payment systems. Providers across the health system had to scramble for funding after one attack on a key payment system. And some hospitals had to redirect care after another. These disruptions can take too long to resolve before full access to needed health care services or payment systems is restored. Cyberattacks against the American healthcare system rose 128% from 2022 to … More

The post Major cybersecurity upgrades announced to safeguard American healthcare appeared first on Help Net Security.

"

Autosummary: As part of this initiative to improve security and resilience of rural hospital system, private sector partners have committed to the following: For independent Critical Access Hospitals and Rural Emergency Hospitals, Microsoft is extending its nonprofit program to provide grants and up to a 75% discount on security products optimized for smaller organizations. "


Microsoft launches cybersecurity program to tackle attacks, protect rural hospitals

ciber
2024-06-12 https://www.helpnetsecurity.com/2024/06/12/microsoft-launches-cybersecurity-program-to-tackle-attacks-protect-rural-hospitals/

Microsoft has unveiled a new cybersecurity program to support hospitals serving more than 60 million people living in rural America. In 2023, the healthcare sector reported more ransomware attacks than any other critical infrastructure sector and attacks involving ransomware against the healthcare sector were up nearly 130%. Cybersecurity attacks disrupt health care operations across the country and pose a direct threat to patient care and essential operations of hospitals. In rural communities these attacks can … More

The post Microsoft launches cybersecurity program to tackle attacks, protect rural hospitals appeared first on Help Net Security.

"

Autosummary: “Rural hospitals face a unique challenge in cybersecurity, balancing limited resources with the increasing sophistication of cyberthreats, which puts patient data and critical healthcare infrastructure at risk,” said Alan Morgan, CEO of NRHA. “Healthcare should be available no matter where you call home, and the rise in cyberattacks threatens the viability of rural hospitals and impact communities across the U.S.,” said Justin Spelhaug, corporate VP, Microsoft Philanthropies. "


Acronis XDR enhances EDR with comprehensive cybersecurity for MSPs

ciber
2024-06-12 https://www.helpnetsecurity.com/2024/06/12/acronis-xdr-enhances-edr-with-comprehensive-cybersecurity-for-msps/

Acronis has introduced Acronis Advanced Security + XDR the newest addition to the company’s security solution portfolio. Easy to deploy, manage, and maintain, Acronis XDR expands on the current endpoint detection and response (EDR) offering and delivers complete natively integrated, highly efficient cybersecurity with data protection, endpoint management, and automated recovery specifically built for managed service providers (MSPs). Cyberattacks have become increasingly sophisticated due to cybercriminals deploying AI and attack surfaces expanding, allowing businesses to … More

The post Acronis XDR enhances EDR with comprehensive cybersecurity for MSPs appeared first on Help Net Security.

"

Autosummary: Easy to deploy, manage, and maintain, Acronis XDR expands on the current endpoint detection and response (EDR) offering and delivers complete natively integrated, highly efficient cybersecurity with data protection, endpoint management, and automated recovery specifically built for managed service providers (MSPs). "


Preparing for a career in cybersecurity? Check out these statistics

industry ciber
2024-06-11 https://www.helpnetsecurity.com/2024/06/11/cybersecurity-jobs-skills-statistics-2024/

This article includes excerpts from various reports that provide statistics and insights on cybersecurity jobs, skills shortages, and workforce dynamics. Lack of skills and budget slow zero-trust implementation Entrust | 2024 State of Zero Trust & Encryption Study | May 2024 Despite 60% of organizations reporting significant senior leadership support for zero trust, a lack of skills and budget are still cited as the biggest roadblocks to implementing these frameworks, highlighting a discrepancy between support … More

The post Preparing for a career in cybersecurity? Check out these statistics appeared first on Help Net Security.

"

Autosummary: IDC | Enterprise Resilience: IT Skilling Strategies, 2024 | May 2024 IDC predicts that by 2026, more than 90% of organizations worldwide will feel the pain of the IT skills crisis, amounting to some $5.5 trillion in losses caused by product delays, impaired competitiveness, and loss of business. "


City of Cleveland shuts down IT systems after cyberattack

government ciber
2024-06-11 https://www.bleepingcomputer.com/news/security/city-of-cleveland-shuts-down-it-systems-after-cyberattack/
The City of Cleveland, Ohio, is currently dealing with a cyberattack that has forced it to take citizen-facing services offline, including the public offices and facilities at Erieview and the City Hall. [...] "

Autosummary: "


Cybersecurity pros change strategies to combat AI-powered threats

ciber
2024-06-10 https://www.helpnetsecurity.com/2024/06/10/ai-powered-cyber-threats-rise/

75% of security professionals had to change their cybersecurity strategy in the last year due to the rise in AI-powered cyber threats, with 73% expressing a greater focus on prevention capabilities, according to Deep Instinct. Additionally, 97% of respondents are concerned their organization will suffer a security incident due to adversarial AI. “The biggest challenge for SecOps teams is keeping pace with the rapidly evolving threat landscape being driven by AI. These never-before-seen threats are … More

The post Cybersecurity pros change strategies to combat AI-powered threats appeared first on Help Net Security.

"

Autosummary: The report, conducted by Sapio Research, surveyed 500 senior cybersecurity experts from companies with 1,000+ employees in the US operating in financial services, technology, manufacturing, retail, healthcare, public sector, or critical infrastructure. "


Compliance Scorecard enhances its CaaS platform to improve MSPs’ cybersecurity posture

ciber
2024-06-10 https://www.helpnetsecurity.com/2024/06/10/compliance-scorecard-msps-cybersecurity/

Compliance Scorecard has unveiled the latest version of its Compliance-as-a Service (CaaS) platform. The updated platform now includes advanced risk management tools, improved asset management capabilities, and new compliance reporting methods designed to help MSPs strengthen their cybersecurity service offerings and unlock new revenue opportunities. “The new features collectively enhance the ability of MSPs to manage risks proactively and maintain a strong security posture, ultimately enhancing their clients’ governance, risk, and compliance (GRC) strategies,” said … More

The post Compliance Scorecard enhances its CaaS platform to improve MSPs’ cybersecurity posture appeared first on Help Net Security.

"

Autosummary: “The new features collectively enhance the ability of MSPs to manage risks proactively and maintain a strong security posture, ultimately enhancing their clients’ governance, risk, and compliance (GRC) strategies,” said Tim Golden, CEO of Compliance Scorecard. "


Cybersecurity CPEs: Unraveling the What, Why & How

ciber
2024-06-10 https://thehackernews.com/2024/06/cybersecurity-cpes-unraveling-what-why.html
Staying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education (CPE) credits. CPEs are essentially units of measurement used to quantify the time and effort professionals spend on "

Autosummary: These courses delve deep into security topics like incident response, exposure management or cloud security, ensuring you gain valuable knowledge while racking up credits Industry Events - Conferences, workshops, and webinars hosted by security companies, industry associations, prominent cybersecurity vendors or even your own employer can be treasure troves for CPEs. CPEs are best understood in terms of other professions: just like medical, legal and even CPA certifications require continuing education to stay up-to-date on advancements and industry changes, cybersecurity professionals need CPEs to stay informed about the latest hacking tactics and defense strategies.Self- paced over 4-5 hours, it delves into the fundamentals of Exposure Management, and Gartner"s Continuous Threat Exposure Management (CTEM) framework, which is their recommended way to put Exposure Management into an actionable and repeatable plan. CPE credits are crucial for maintaining certifications issued by various cybersecurity credentialing organizations, such as (ISC)², ISACA, and CompTIA. "


WeLiveSecurity wins Best Cybersecurity Vendor Blog award!

ciber
2024-06-10 https://www.welivesecurity.com/en/cybersecurity/welivesecurity-wins-best-cybersecurity-vendor-blog/
The award is an excellent opportunity for us to thank our readers and to recognize the depth of talent of ESET’s security researchers and writers "

Autosummary: "


78% of SMBs fear cyberattacks could shut down their business

ciber
2024-06-06 https://www.helpnetsecurity.com/2024/06/06/smbs-cyberattack-frequency/

94% of SMBs have experienced at least one cyberattack, a dramatic rise from 64% in 2019, according to ConnectWise. This increase in cyberattacks is exacerbated by the fact that 76% of SMBs lack the in-house skills to properly address security issues, increasing demand for the expertise and services of MSPs. Rising cyberattack frequency on SMBs The growing wave of cyber incidents is eroding SMBs’ confidence in their ability to protect their businesses with a staggering … More

The post 78% of SMBs fear cyberattacks could shut down their business appeared first on Help Net Security.

"

Autosummary: Conducted between March and April 2024, this research includes insights from 700 IT decision makers and business decision makers, with representation in the US, Canada, UK, and Australia and New Zealand. "


Cybersecurity jobs available right now: June 5, 2024

ciber
2024-06-05 https://www.helpnetsecurity.com/2024/06/05/cybersecurity-jobs-available-right-now-june-5-2024/

Corporate Data Protection Manager GLS | Germany | Hybrid – View job details As a Corporate Data Protection Manager, you will develop the Corporate Data Protection Framework with a special focus on compliance with the EU General Data Protection Regulation. Develop projects and processes to strengthen data protection in the international GLS organization and guide the country data protection functions in their implementation. Design and implement data protection guidance, trainings and other awareness measures. Cyber … More

The post Cybersecurity jobs available right now: June 5, 2024 appeared first on Help Net Security.

"

Autosummary: Senior Cybersecurity Assurance Analyst-RedTeam Ops Emirates | UAE | On-site – View job details As a Senior Cybersecurity Assurance Analyst-RedTeam Ops, you will develop, implement, lead, and continuously improve the security verification and testing processes consisting of but not limited to risk assessments, compliance reviews, vulnerability assessments and penetration tests based on industry best practices and as defined by the assurance. Logging & Asset Management Specialist – USDS TikTok | Australia | On-site – View job details As a Logging and Analytics Platform Operations Specialist, you will be responsible for supporting the Logging and Analytics Platform Operations Lead and cross functional partners in deploying, integrating, and managing, technologies to support the security and protection of data in accordance with relevant geographical regulations, contractual commitments, and confidentiality requirements. SOC Engineer ZeroTrust | Indonesia | Hybrid – View job details The SOC Engineer will be responsible for performing day-to-day tasks such as monitoring, analyzing, and responding to security incidents, managing security tools and technologies, conducting security assessments, and implementing security measures. "


20 free cybersecurity tools you might have missed

ciber
2024-06-04 https://www.helpnetsecurity.com/2024/06/04/free-open-source-cybersecurity-tools/

Free, open-source cybersecurity tools have become indispensable to protecting individuals, organizations, and critical infrastructure from cyber threats. These tools are created through collaborative and transparent efforts, making them affordable and accessible alternatives to proprietary software. Here, you will find a curated list of free cybersecurity tools you should consider. Authelia: Open-source authentication and authorization server Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It … More

The post 20 free cybersecurity tools you might have missed appeared first on Help Net Security.

"

Autosummary: Protobom: Open-source software supply chain tool Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs), file data, and translate this data across standard industry SBOM formats. Mantis: Open-source framework that automates asset discovery, reconnaissance, scanning Mantis is an open-source command-line framework that automates asset discovery, reconnaissance, and scanning. "


Third-party vendors pose serious cybersecurity threat to national security

ciber
2024-06-04 https://www.helpnetsecurity.com/2024/06/04/third-party-vendors-threat-video/

In this Help Net Security video, Paul Prudhomme, Principal Security Analyst at SecurityScorecard, discusses the findings of the 2024 Redefining Resilience: Concentrated Cyber Risk in a Global Economy Research report. This research details a surge in adversaries exploiting third-party vulnerabilities and uncovers an extreme concentration of cyber risk in just 15 vendors, posing a serious threat to national security and global economies. Key findings include: 150 companies account for 90% of the technology products and … More

The post Third-party vendors pose serious cybersecurity threat to national security appeared first on Help Net Security.

"

Autosummary: "


Plainsea cybersecurity platform to launch at Infosecurity Europe

ciber
2024-06-04 https://www.helpnetsecurity.com/2024/06/04/plainsea-cybersecurity-platform-infosecurity-europe/

Plainsea is a cutting-edge platform set to shake up the cybersecurity scene with its European launch at Infosecurity Europe in 2024. As cyber threats continue to evolve at an alarming rate, the demand for efficient and intelligent cybersecurity solutions has never been higher. At the same time, the shortage of skilled cybersecurity experts is severe and continues to grow. That’s where Plainsea comes in. Designed with managed security service providers in mind, Plainsea offers a … More

The post Plainsea cybersecurity platform to launch at Infosecurity Europe appeared first on Help Net Security.

"

Autosummary: "


Cybercriminals attack banking customers in EU with V3B phishing kit – PhotoTAN and SmartID supported.

financial ciber
2024-06-04 https://securityaffairs.com/164130/cyber-crime/v3b-phishing-kit.html
Resecurity uncovered a cybercriminal group that is providing a sophisticated phishing kit, named V3B, to target banking customers in the EU. Resecurity has uncovered a new cybercriminal group providing Phishing-as-a-Service (PhaaS) platform that is equipping fraudsters with sophisticated kit (known as “V3B”) to target banking customers in the EU. “Currently, it is estimated that hundreds […] "

Autosummary: "


Q1 2024 – a brief overview of the main incidents in industrial cybersecurity

industry ciber
2024-06-03 https://ics-cert.kaspersky.com/publications/q1-2024-a-brief-overview-of-the-main-incidents-in-industrial-cybersecurity/
A total of 30 incidents were confirmed by victims. 37% of victims reported denial of operations or product shipment caused by the incident. Almost half of all incidents resulted in disruption of the victims’ public digital services. "

Autosummary: The victims belong to the following industries/sectors: manufacturing (including automotive, aerospace, pharmaceutical, food and beverages, clothing, cosmetics and many other sub-sectors), utility , energy , transportation and logistics , engineering ,and mining . Electronics Foxsemicon hit by ransomware Manufacturing, electronics | Denial of IT services, data leakage, personal data leakage | Ransomware On January 15, semiconductor equipment manufacturer Foxsemicon Integrated Technology, a subsidiary of Taiwanese electronics giant Foxconn, was the victim of a cyberattack. Pharmaceutical HAL Allergy hit by ransomware Manufacturing, pharmaceutical | Data leakage, denial of services, product delivery delay | Ransomware On February 19, Dutch pharmaceutical company HAL Allergy Group was hit by a ransomware attack, according to a statement on its website. Veolia hit by ransomware Water supply, utility | Denial of IT systems, denial of services, personal data leakage | Ransomware The North American municipal water division of Veolia, a French transnational utility company, experienced a ransomware incident that impacted certain software applications and systems. Varta hit by cyberattack Manufacturing, automotive | Denial of IT systems, denial of operations Varta, a German manufacturer of batteries for the automotive, industrial and consumer sectors, disclosed that its systems were affected by a cyberattack on February 12. Hewlett Packard hit by cyberattack Manufacturing, electronics | Data leakage | APT On January 19, Hewlett Packard Enterprise filed a Form 8-K with the US Securities and Exchange Commission (SEC), reporting unauthorized access to the company’s cloud-based email environment by a threat actor believed to be Midnight Blizzard (aka Dukes, CozyBear and NOBELIUM/APT29/BlueBravo).The group said it had stolen 110GB of data from Lush, allegedly including many personal documents such as passport scans, and company documents related to accounting, finance, tax, projects, and customers. EAS hit by ransomware Manufacturing, engineering | Data leakage, denial of operations | Ransomware Dutch mechanical engineering and manufacturing company EAS Europe was the victim of a ransomware attack on February 26, according to a notice on its website. Logistics and transportation GCA hit by cyberattack Transportation, logistics | Denial of IT services French transport and logistics company GCA (Groupe Charles André) suffered a cyberattack during the night of February 17-18, resulting in an interruption of its internet access and the disruption of its usual communications, according to a message sent to its customers. Muscatine Power and Water hit by ransomware Water supply, energy, utility | Denial of IT services, personal data leakage | Ransomware US utility company Muscatine Power and Water (MPW) discovered a cybersecurity incident impacting its corporate network environment. Automotive ThyssenKrupp hit by cyberattack Manufacturing, automotive | Denial of IT systems, denial of operations German steelmaker and automotive supplier ThyssenKrupp said in a statement that it suffered a cyberattack that affected its auto body manufacturing division, ThyssenKrupp Automotive Body Solutions.The forensic investigation revealed that some current and former customer data, such as address, social security number, driver’s license, etc., may have been compromised in the incident. Etesia hit by cyberattack Manufacturing | Denial of IT systems, services and operations French mower manufacturer Etesia was the victim of a cyberattack on February 2, according to local press reports, forcing 160 employees to work part-time. Radiant Logistics hit by cyberattack Transportation, logistics | Denial of services Radiant Logistics, an international freight company, isolated its Canadian operations following a cybersecurity incident. "


Europol identifies 8 cybercriminals tied to malware loader botnets

exploits ciber
2024-05-31 https://www.bleepingcomputer.com/news/legal/europol-identifies-8-cybercriminals-tied-to-malware-loader-botnets/
Europol and German law enforcement have revealed the identities of eight cybercriminals linked to the various malware droppers and loaders disrupted as part of the Operation Endgame law enforcement operation. [...] "

Autosummary: Oleg Vyacheslavovich Kucherov: Also known as "gabr," the 51-year-old Russian is implicated as a key member of the "Trickbot" group also known as "Wizard Spider," engaging in infecting computer systems, stealing data, and using ransomware to extort victims. "


Police seize over 100 malware loader servers, arrest four cybercriminals

exploits ciber
2024-05-30 https://www.bleepingcomputer.com/news/security/police-seize-over-100-malware-loader-servers-arrest-four-cybercriminals/
An international law enforcement operation codenamed "Operation Endgame" has seized over 100 servers worldwide used by multiple major malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. [...] "

Autosummary: The operation was supported by intelligence provided by experts from Bitdefender, Cryptolaemus, Sekoia, Shadowserver, Team Cymru, Prodaft, Proofpoint, NFIR, Computest, Northwave, Fox-IT, HaveIBeenPwned, Spamhaus, and DIVD. "


Police seize over 100 malware loader servers, arrest four cybercriminals

exploits ciber
2024-05-30 https://www.bleepingcomputer.com/news/security/police-seize-over-100-malware-loader-servers-arrest-four-cybercriminals-operation-endgame/
An international law enforcement operation codenamed "Operation Endgame" has seized over 100 servers worldwide used by multiple major malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. [...] "

Autosummary: The operation was supported by intelligence provided by experts from Bitdefender, Cryptolaemus, Sekoia, Shadowserver, Team Cymru, Prodaft, Proofpoint, NFIR, Computest, Northwave, Fox-IT, HaveIBeenPwned, Spamhaus, and DIVD. "


Avoiding the cybersecurity blame game

ciber
2024-05-29 https://www.helpnetsecurity.com/2024/05/29/processes-controls-company-policies/

Cyber risk management has many components. Those who do it well will conduct comprehensive risk assessments, enact well-documented and well-communicated processes and controls, and fully implemented monitoring and review requirements. Processes and controls typically comprise policies, which will include detailed explanations of the acceptable use of company technology. There will usually be examples of the types of activity that are specifically not allowed – such as using someone else’s login credentials or sharing your own. … More

The post Avoiding the cybersecurity blame game appeared first on Help Net Security.

"

Autosummary: Leaving aside that this is a terrible way of expressing the situation – implying, as it does, fault and blame – this number does not correlate well at all with another statistic that suggests 85% of security budgets go to technology, 12% goes to policies, and a miserly 3% goes on people.To make this “stick”, there will almost certainly be training – some on “the basics” and on specific systems, but also other related matters – perhaps the requirements of data protection legislation, for example.If we blame the designers of controls, processes and procedures… well, we are just shifting blame, which is still counterproductive.There will be a policy against using it, for sure – and, yes, there may also be some technical controls. "


Cybersecurity jobs available right now: May 29, 2024

ciber
2024-05-29 https://www.helpnetsecurity.com/2024/05/29/cybersecurity-jobs-available-right-now-may-29-2024/

Cloud Security Engineer – Secret Clearance Required Constellation West | USA | Remote – View job details As a Cloud Security Engineer, you will establish, execute, and sustain an ISSP A&A capability that ensures the security of all information technology assets, while also ensuring compliance with FISMA. Recognize, assess, and mitigate threats to FSIS’s cloud-based systems, ensuring that security measures are proportional to the threats identified. CSIRT Team Lead CAE | Canada | On-site – … More

The post Cybersecurity jobs available right now: May 29, 2024 appeared first on Help Net Security.

"

Autosummary: Penetration Tester (UK Shift) WTW | Philippines | Hybrid – View job details As a Penetration Tester, you will conduct comprehensive assessments of web applications and infrastructure to identify security vulnerabilities, such as cross-site scripting (XSS), SQL injection, authentication flaws, insecure configurations, poor host device and service configurations, and use these to penetrate deeper into the application/server. Sr. Security Software Engineer, Ai and Data Platforms Apple | USA | On-site – View job details As a Sr. Security Software Engineer, Ai and Data Platforms, you will be responsible for developing security capabilities, services, and tools leveraging both GenAI and traditional security techniques to proactively identify and remediate application security risks earlier in the software development lifecycle. Cyber Analyst, Digital Forensics Incident Response At-Bay | Canada | On-site – View job details As a Cybersecurity Analyst focused on Digital Forensics and Incident Response (DFIR), you will participate in incident recovery activities (e.g., restoration of data from backups, reimaging workstations and servers, rebuilding network infrastructure, etc.) "


US dismantles 911 S5 botnet used for cyberattacks, arrests admin

ciber
2024-05-29 https://www.bleepingcomputer.com/news/security/us-dismantles-911-s5-residential-proxy-botnet-used-for-cyberattacks-arrests-admin/
The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator. [...] "

Autosummary: " 911 S5 proxy service prices (BleepingComputer) According to an indictment unsealed on May 24, dozens of Wang"s assets and properties are now subject to forfeiture, "including a 2022 Ferrari F8 Spider S-A, a BMW i8, a BMW X7 M50d, a Rolls Royce, more than a dozen domestic and international bank accounts, over two dozen cryptocurrency wallets, several luxury wristwatches, 21 residential or investment properties (across Thailand, Singapore, the U.A.E., St. Kitts and Nevis, and the United States), and 20 domains. 911 S5 customers also used the illegitimate residential proxy service to submit tens of thousands of fraudulent applications for programs related to the Coronavirus Aid, Relief, and Economic Security (CARES) Act, 560,000 fraudulent unemployment insurance claims, and over 47,000 Economic Injury Disaster Loan (EIDL) applications, resulting in billions of dollars stolen from financial institutions, credit card issuers, and federal lending programs. "


Cybercriminals Abuse StackOverflow to Promote Malicious Python Package

ciber
2024-05-29 https://thehackernews.com/2024/05/cybercriminals-abuse-stackoverflow-to.html
Cybersecurity researchers have warned of a new malicious Python package that has been discovered in the Python Package Index (PyPI) repository to facilitate cryptocurrency theft as part of a broader campaign. The package in question is pytoileur, which has been downloaded 316 times as of writing. Interestingly, the package author, who goes by the name PhilipsPY, has uploaded a new version of the "

Autosummary: "


Cybercriminals pose as "helpful" Stack Overflow users to push malware

exploits ciber
2024-05-29 https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/
Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users" questions by promoting a malicious PyPi package that installs Windows information-stealing malware. [...] "

Autosummary: "We further noticed that a StackOverflow account "EstAYA G" created roughly 2 days ago is now exploiting the platform"s community members seeking debugging help [1, 2, 3] by directing them to install this malicious package as a "solution" to their issue even though the "solution" is unrelated to the questions posted by developers," explained Sharma in the Sonatype report. "


How to combat alert fatigue in cybersecurity

ciber
2024-05-28 https://www.helpnetsecurity.com/2024/05/28/ken-gramley-stamus-networks-alert-fatigue/

In this Help Net Security interview, Ken Gramley, CEO at Stamus Networks, discusses the primary causes of alert fatigue in cybersecurity and DevOps environments. Alert fatigue results from the overwhelming volume of event data generated by security tools, the prevalence of false positives, and the lack of clear event prioritization and actionable guidance. What are the primary causes of alert fatigue in cybersecurity and DevOps environments? Alert fatigue is the result of several related factors. … More

The post How to combat alert fatigue in cybersecurity appeared first on Help Net Security.

"

Autosummary: The three most important components of a modern security operations center (SOC) are the network detection and response (NDR) system, the endpoint detection and response (EDR) system, and the central analytics engine (usually a security information and event management (SIEM) system). I’ve already mentioned the importance of cybersecurity frameworks – these help organizations identify, protect, detect, respond to, and recover from cyberattacks. Lastly, the NDR and EDR must collect all relevant artifacts associated with a given security event, and if possible, correlate and organize them into an incident timeline to accelerate the investigation and allow defenders to eradicate the threat before it’s able to cause any damage. This additional information is proven to help SOC personnel more quickly assess the severity, sources, and causes of an incident, making these alerts much more actionable. "


Cybersecurity teams gear up for tougher challenges in 2024

ciber
2024-05-28 https://www.helpnetsecurity.com/2024/05/28/changing-threat-landscape-challenges-video/

In this Help Net Security video, Tom Gorup, VP of Security Services at Edgio, discusses the continually changing threat landscape. It is riddled with vulnerabilities that are frequently exploited and only intensify as geopolitics and state-sponsored activity increase. Key highlights from the Edgio Q1 2024 Attack Trends Report include: API sprawl – Researchers identified 1.7 million APIs in March alone–creating an uncharted network of ‘shadow’ and ‘zombie’ APIs that operate behind the scenes of many … More

The post Cybersecurity teams gear up for tougher challenges in 2024 appeared first on Help Net Security.

"

Autosummary: "


34% of organizations lack cloud cybersecurity skills

ciber
2024-05-28 https://www.helpnetsecurity.com/2024/05/28/cloud-visibility-challenges/

Incident response today is too time consuming and manual, leaving organizations vulnerable to damage due to their inability to efficiently investigate and respond to identified threats, according to Cado Security. The incident response challenge is further complicated as enterprises rapidly deploy cloud and container-based technologies and embrace a multi-cloud strategy. The report, which explores the critical role and challenges of incident response, reveals widespread shortcomings that leave organizations vulnerable to delays in resolving incidents and … More

The post 34% of organizations lack cloud cybersecurity skills appeared first on Help Net Security.

"

Autosummary: As organizations attempt to lean on existing tools, such as SOAR (Security Orchestration, Automation, and Response) platforms, to gain visibility into cloud-based threats, the report found that incident response automation is twice as effective when compared to SOAR for cloud investigations. "


Beyond the buzz: Understanding AI and its role in cybersecurity

ciber
2024-05-28 https://www.welivesecurity.com/en/cybersecurity/beyond-buzz-understanding-ai-role-cybersecurity/
A new white paper from ESET uncovers the risks and opportunities of artificial intelligence for cyber-defenders "

Autosummary: Since then, it has used AI in various forms to deliver: Differentiation between malicious and clean code samples Rapid triage, sorting and labelling of malware samples en masse A cloud reputation system, leveraging a model of continuous learning via training data Endpoint protection with high detection and low false-positive rates, thanks to a combination of neural networks, decision trees and other algorithms A powerful cloud sandbox tool powered by multilayered machine learning detection, unpacking and scanning, experimental detection, and deep behavior analysis New cloud- and endpoint protection powered by transformer AI models XDR that helps prioritize threats by correlating, triaging and grouping large volumes of events Why is AI used by security teams? On the other hand, as these capabilities become cheaper and more accessible, threat actors will also utilize the technology in social engineering, disinformation, scams and more. Here are a few examples of current and near-future uses of AI for good: Threat intelligence: LLM-powered GenAI assistants can make the complex simple, analyzing dense technical reports to summarize the key points and actionable takeaways in plain English for analysts. Today, security teams need effective AI-based tools more than ever, thanks to three main drivers: 1. "


Human error still perceived as the Achilles’ heel of cybersecurity

ciber
2024-05-27 https://www.helpnetsecurity.com/2024/05/27/cisos-cyber-attacks-defense-confidence/

While fears of cyber attacks continue to rise, CISOs demonstrate increasing confidence in their ability to defend against these threats, reflecting a significant shift in the cybersecurity landscape, according to Proofpoint. CISOs’ confidence is growing despite fear of cyber attacks 70% of surveyed CISOs feel at risk of a material cyber attack over the next 12 months, compared to 68% the year before, and 48% in 2022. CISOs today clearly remain on high alert, but … More

The post Human error still perceived as the Achilles’ heel of cybersecurity appeared first on Help Net Security.

"

Autosummary: In 2024, 53% of CISOs admitted to burnout compared to 60% last year, while 66% feel they face excessive expectations, a steady increase from 61% last year and 49% in 2022. CISOs’ confidence is growing despite fear of cyber attacks 70% of surveyed CISOs feel at risk of a material cyber attack over the next 12 months, compared to 68% the year before, and 48% in 2022. "


Illumio and Netskope join forces to strengthen enterprise resilience against cyberattacks

ciber
2024-05-24 https://www.helpnetsecurity.com/2024/05/24/illumio-netskope-partnership/

Illumio and Netskope announced a Zero Trust partnership that brings together the power of Zero Trust Segmentation (ZTS) and Zero Trust Network Access (ZTNA) to protect against breaches and build cyber resilience. The new partnership combines Illumio ZTS with Netskope ZTNA Next via the Netskope Cloud Exchange (CE) platform to enable network and security teams to create Zero Trust policies that consistently secure access at an organization’s perimeter and within its hybrid, multi-cloud infrastructure. In … More

The post Illumio and Netskope join forces to strengthen enterprise resilience against cyberattacks appeared first on Help Net Security.

"

Autosummary: Next, organizations gain a consistent, real-time view of user-to-application and application-to-application traffic, enabling them to better understand risk end-to-end. "


Cybersecurity jobs available right now: May 22, 2024

ciber
2024-05-22 https://www.helpnetsecurity.com/2024/05/22/cybersecurity-jobs-available-right-now-may-22-2024/

Associate Director, Cyber Security AstraZeneca | Sweden | On-site – View job details You will develop and implement security policies, procedures, and operating practices in this role. You will coordinate risk profile development and distribution to IT business-facing audiences and maintain compliance with all AstraZeneca Security Policy Framework requirements. You will support cyber risk assessments and make recommendations to IT leadership. Automotive Cyber Security Expert IDSafe | India | Hybrid – View job details In … More

The post Cybersecurity jobs available right now: May 22, 2024 appeared first on Help Net Security.

"

Autosummary: Cyber Security Consultant RINA | Italy | Hybrid – View job details As an IT Cyber Security Consultant, you will conduct penetration tests, engage in red teaming and OSINT, perform vulnerability assessments, craft reports, advise on security enhancements, present vulnerabilities to clients, analyze security configurations, develop hardening guidelines, support remediation strategies, and more. Biomedical Cybersecurity Specialist Queensland Health | Australia | Hybrid – View job details In this role, you’ll lead biomedical ICT and cybersecurity initiatives, provide training, design solutions, conduct risk assessments, manage security incidents, and ensure compliance. Senior Associate Cloud Data Engineer – Cybersecurity PwC | Argentina | On-site – View job details You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resilency, response, and technical implementation activities. "


Cybercriminals are targeting elections in India with influence campaigns

ciber
2024-05-22 https://securityaffairs.com/163529/cyber-crime/hacktivists-target-elections-india.html
Resecurity warns of a surge in malicious cyber activity targeting the election in India, orchestrated by several independent hacktivist groups Resecurity has identified a spike of malicious cyber activity targeting the election in India, which is supported by multiple independent hacktivist groups who arrange cyber-attacks and publication of stolen personal identifiable information (PII) belonging to […] "

Autosummary: Cybercriminals are targeting elections in India with influence campaigns Pierluigi Paganini May 22, 2024 May 22, 2024 Resecurity warns of a surge in malicious cyber activity targeting the election in India, orchestrated by several independent hacktivist groups Resecurity has identified a spike of malicious cyber activity targeting the election in India, which is supported by multiple independent hacktivist groups who arrange cyber-attacks and publication of stolen personal identifiable information (PII) belonging to Indian citizens on the Dark Web. India, with a population of over 1.4 billion and a GDP of over 3.417 trillion USD, has become a prime target for cyberattacks during its general elections scheduled between 19 April and 1 June 2024. "


Cybercriminals shift tactics to pressure more victims into paying ransoms

industry ciber
2024-05-20 https://www.helpnetsecurity.com/2024/05/20/ransomware-claims-frequency-grow/

Ransomware didn’t just grow in the US in 2023, it evolved, with the frequency of ransomware claims jumping 64% year-over-year, according to At-Bay. This was primarily driven by an explosion in “indirect” ransomware incidents which increased by more than 415% in 2023 than in 2022. Standing out among the biggest loss drivers were remote access tools, which accounted for 58% of ransomware attacks. Double leverage attacks – those using both data encryption and exfiltration – … More

The post Cybercriminals shift tactics to pressure more victims into paying ransoms appeared first on Help Net Security.

"

Autosummary: Ransomware didn’t just grow in the US in 2023, it evolved, with the frequency of ransomware claims jumping 64% year-over-year, according to At-Bay. "


American Radio Relay League cyberattack takes Logbook of the World offline

ciber
2024-05-19 https://www.bleepingcomputer.com/news/security/arrl-cyberattack-takes-logbook-of-the-world-offline/
The American Radio Relay League (ARRL) warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World. [...] "

Autosummary: "


The critical role of IT staffing in strengthening cybersecurity

ciber
2024-05-16 https://www.helpnetsecurity.com/2024/05/16/cybersecurity-it-staffing-role-video/

Many organizations lack adequate IT staffing to combat cyber threats. A comprehensive approach to cybersecurity requires more than technical solutions. It involves the right staff with the unique expertise necessary to recognize and prevent potential threats. This makes IT and cyber security staffing a critical component of defense against security breaches and cyber attacks – especially when a challenge demands immediate attention. In this Help Net Security video, Phani Dasari, CISO at HGS Digital, discusses … More

The post The critical role of IT staffing in strengthening cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks

exploits ransomware ciber
2024-05-16 https://thehackernews.com/2024/05/cybercriminals-exploiting-microsofts.html
The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware," the company said in a report published on May 15, 2024. The "

Autosummary: The campaign, believed to have commenced in mid-April 2024, has targeted a variety of industries and verticals, including manufacturing, construction, food & beverage, and transportation, Rapid7 said, indicating the opportunistic nature of the attacks. "


Cybersecurity jobs available right now: May 15, 2024

ciber
2024-05-15 https://www.helpnetsecurity.com/2024/05/15/cybersecurity-jobs-available-right-now-may-15-2024/

Associate / Pentester (Red Team) – Cybersecurity Audit Siemens | Germany | Hybrid – View job details As an Associate / Pentester (Red Team) – Cybersecurity Audit, you will be responsible for conducting cybersecurity assessments across the entire Siemens landscape, including products, services, IT-systems, factories, and software development centers. During this process you will perform ethical hacking activities, design attack scenarios for state-of-the-art technologies and highlight important observations to translate technical findings into management information … More

The post Cybersecurity jobs available right now: May 15, 2024 appeared first on Help Net Security.

"

Autosummary: Principal Cyber Security Architect Federal Reserve Bank of Boston | USA | On-site – View job details As a Principal Cyber Security Architect, you will develop code to automate security configuration management, build, test, and deploy cybersecurity relevant technical solutions, identify and address the root causes of issues, focusing on solving problem categories rather than individual instances. Senior Security Engineer Avrioc Technologies | UAE | On-site – View job details As a Senior Security Engineer, you will Oversee the design, implementation, and management of security infrastructure, ensuring the confidentiality, integrity, and availability of systems and data. Senior Cyber Security Solution Architect ST Engineering | Singapore | On-site – View job details As a Senior Cyber Security Solution Architect, you will design, develop, and implement secure cyber range, cyber exercise, and cyber training solutions with a consideration of SaaS model and web-based solution. "


Cybersecurity analysis exposes high-risk assets in power and healthcare sectors

ciber
2024-05-15 https://www.helpnetsecurity.com/2024/05/15/cps-assets-vulnerability-management-approaches/

Traditional approaches to vulnerability management result in a narrow focus of the enterprise attack surface area that overlooks a considerable amount of risk, according to Claroty. Organizations must take a holistic approach to exposure management To understand the scope of exposure and the associated risk facing cyber-physical systems (CPS) environments, Claroty’s research group Team82 analyzed data from over 20 million operational technology (OT), connected medical devices (IoMT), IoT, and IT assets in CPS environments. The … More

The post Cybersecurity analysis exposes high-risk assets in power and healthcare sectors appeared first on Help Net Security.

"

Autosummary: Researchers defined “high risk” as having a high likelihood and high impact of being exploited, based on a combination of risk factors such as end-of-life state, communication with insecure protocols, known vulnerabilities, weak or default passwords, PII or PHI data, consequence of failure, and several others. "


Securing the future through cybersecurity education

ciber
2024-05-13 https://www.helpnetsecurity.com/2024/05/13/cybersecurity-talent-shortage-education-video/

In this Help Net Security round-up, we present excerpts from previously recorded videos in which security experts talk about the cybersecurity talent shortage and the role STEM education can play in solving that problem. They also discuss actions needed to improve cybersecurity education. Complete videos Avani Desai, CEO at Schellman, talks about how teaching STEM subjects like cybersecurity is essential for addressing the staffing crisis and ensuring that organizations have the talent to protect themselves … More

The post Securing the future through cybersecurity education appeared first on Help Net Security.

"

Autosummary: "


Prison for cybersecurity expert selling private videos from inside 400,000 homes

ciber
2024-05-13 https://www.bitdefender.com/blog/hotforsecurity/prison-for-cybersecurity-expert-selling-private-videos-from-inside-400-000-homes/
A Korean cybersecurity expert has been sentenced to prison for illegally accessing and distributing private photos and videos from vulnerable "wallpad" cameras in 400,000 private households. Read more in my article on the Hot for Security blog. "

Autosummary: "


A cyberattack hit the US healthcare giant Ascension

ciber
2024-05-11 https://securityaffairs.com/162985/hacking/cyberattack-hit-ascension-healthcare.html
A cyberattack hit the US Healthcare giant Ascension and is causing disruption of the systems at hospitals in the country. Ascension is one of the largest private healthcare systems in the United States, ranking second in the United States by the number of hospitals as of 2019. The organization was hit by a ransomware attack that severely impacted operations at hospitals […] "

Autosummary: "


Cybercriminals are getting faster at exploiting vulnerabilities

exploits ciber
2024-05-10 https://www.helpnetsecurity.com/2024/05/10/new-vulnerabilities-number-growth/

Cybercriminals are targeting the ever-increasing number of new vulnerabilities resulting from the exponential growth in the number and variety of connected devices and an explosion in new applications and online services, according to Fortinet. It’s only natural that attacks looking to exploit those vulnerabilities would rise as well. The latest semiannual report is a snapshot of the active threat landscape and highlights trends from July to December of 2023, including analysis on the speed with … More

The post Cybercriminals are getting faster at exploiting vulnerabilities appeared first on Help Net Security.

"

Autosummary: Botnets showed incredible resiliency, taking on average 85 days for command and control (C2) communications to cease after first detection: While bot traffic remained steady relative to the first half of 2023, FortiGuard Labs continued to see the more prominent botnets of the last few years, such as Gh0st, Mirai, and ZeroAccess, but three new botnets emerged in the second half of 2023, including: AndroxGh0st, Prometei, and DarkGate. "


GenAI enables cybersecurity leaders to hire more entry-level talent

ciber
2024-05-10 https://www.helpnetsecurity.com/2024/05/10/genai-opportunities-for-organizations/

93% of security leaders said public GenAI was in use across their respective organizations, and 91% reported using GenAI specifically for cybersecurity operations, according to Splunk. A total of 1,650 security leaders participated in the global survey, with many reporting that cybersecurity has become easier to manage compared to past years. However, cybersecurity defenders now face a race against adversaries to harness GenAI. Organizations lack a clear GenAI policy According to the report, organizations have … More

The post GenAI enables cybersecurity leaders to hire more entry-level talent appeared first on Help Net Security.

"

Autosummary: “We are in an AI gold rush, with bad actors and security professionals both trying to seize the advantage,” said Patrick Coughlin, SVP, Global Technical Sales, Splunk. "


CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar)

ciber
2024-05-10 https://thehackernews.com/2024/05/censysgpt-ai-powered-threat-hunting-for.html
Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you"ll explore how AI tools are shaping the future of cybersecurity defenses. During the session, Censys Security Researcher Aidan Holland will "

Autosummary: Whether you"re a cybersecurity pro, an IT enthusiast, or simply intrigued by the future of cyber defense, this webinar is essential. "


In it to win it! WeLiveSecurity shortlisted for European Cybersecurity Blogger Awards

ciber
2024-05-10 https://www.welivesecurity.com/en/cybersecurity/welivesecurity-shortlisted-european-security-blogger-awards/
We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Cybersecurity Blogger Awards 2024 "

Autosummary: "


3 CIS resources to help you drive your cloud cybersecurity

ciber
2024-05-09 https://www.helpnetsecurity.com/2024/05/09/cloud-cybersecurity-cis-resources/

In the process of moving to the cloud, you need a security-first cloud migration strategy that considers both your security and compliance requirements upfront. In this article, we’ll discuss how you can use resources from the Center for Internet Security (CIS) to create such an approach. Security choices in the cloud To create a cloud security program, you have two main options to consider. As your first option, you can choose to manage the security … More

The post 3 CIS resources to help you drive your cloud cybersecurity appeared first on Help Net Security.

"

Autosummary: The CIS Critical Security Controls (CIS Controls) The CIS Controls consist of prescriptive, prioritized, and simplified security best practices that you can use to strengthen your cybersecurity posture across your environments, including in the cloud.The CIS Controls v8 Cloud Companion Guide provides context around how each Control applies not only to the cloud but also to individual service models, what your responsibility looks like for a Control within applicable service models, and what products, tools, and threat information (if any) you need to consider. CIS Build Kits and CIS-CAT The Benchmarks, including the Foundations Benchmarks and Cloud Service Category Benchmarks, are available in Word, Excel, and PDF formats. "


DocGo patient health data stolen in cyberattack

ciber
2024-05-09 https://www.malwarebytes.com/blog/news/2024/05/docgo-patient-health-data-stolen-in-cyberattack
Medical health care provider DocGo has disclosed a cyberincident where an attacker gained access to protected health information. "

Autosummary: Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts. "


British Columbia investigating cyberattacks on government networks

government ciber
2024-05-09 https://www.bleepingcomputer.com/news/security/british-columbia-investigating-cyberattacks-on-government-networks/
The Government of British Columbia is investigating multiple "cybersecurity incidents" that have impacted the Canadian province"s government networks. [...] "

Autosummary: "


How workforce reductions affect cybersecurity postures

ciber
2024-05-08 https://www.helpnetsecurity.com/2024/05/08/pentesting-cybersecurity-importance/

In its State of Pentesting Report, Cobalt reveals an industry struggling to balance the use of AI and protecting against it, while facing significant resource and staffing constraints. Pentesting plays a key role in addressing this challenge, equipping organizations with the ability to more frequently security test critical assets, expanded environments, and proliferating cloud applications. Cobalt analyzed 4,068 pentests, revealing a 21% increase in the number of findings per pentest engagement year-over-year, aligning with increases … More

The post How workforce reductions affect cybersecurity postures appeared first on Help Net Security.

"

Autosummary: Cobalt analyzed 4,068 pentests, revealing a 21% increase in the number of findings per pentest engagement year-over-year, aligning with increases in Common Vulnerabilities and Exposures (CVE) records. "


Cybersecurity jobs available right now: May 8, 2024

ciber
2024-05-08 https://www.helpnetsecurity.com/2024/05/08/cybersecurity-jobs-available-right-now-may-8-2024/

CISO Pinsent Masons | United Kingdom | Hybrid – View job details As a CISO, you will be responsible for the overall security posture of the organisation, ensuring the organisation’s information and technology assets are protected from internal and external threats. Cloud Security Architect Kyndryl | Israel | Hybrid – View job details As a Cloud Security Architect, you will conduct risk assessments and threat modeling to identify and prioritize risks to company’s business and … More

The post Cybersecurity jobs available right now: May 8, 2024 appeared first on Help Net Security.

"

Autosummary: Identity & Access Management Lead Invesco Asset Management | India | On-site – View job details Identity and Access Management Team Lead will be responsible for how we design, implement, and continually improve Identity Access Management, Privileged Access Management, Privileged Identity Management, and Identity Governance Administration used across external and internal facing applications, products, services and backend technologies. Cyber Security Engineer 4 Pacific Northwest National Laboratory | USA | On-site – View job details As Cyber Security Engineer 4, you will design, deploy, and operate systems, networks, applications, and tools that support cybersecurity and cyber defense. Senior Full-Stack Engineer – Security Mercury | USA | Remote – View job details As a Security Engineer at Mercury, you will address key security features within the product, such as developing passkey support, enhancing the security dashboard, refining user-facing audit logs, and implementing SAML. "


Ascension healthcare takes systems offline after cyberattack

ciber
2024-05-08 https://www.bleepingcomputer.com/news/security/ascension-healthcare-takes-systems-offline-after-cyberattack/
​Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a "cyber security event." [...] "

Autosummary: "On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event," Ascension said. "


DocGo discloses cyberattack after hackers steal patient health data

ciber
2024-05-07 https://www.bleepingcomputer.com/news/security/docgo-discloses-cyberattack-after-hackers-steal-patient-health-data/
Mobile medical care firm DocGo confirmed it suffered a cyberattack after threat actors breached its systems and stole patient health data. [...] "

Autosummary: "


How to inspire the next generation of scientists | Unlocked 403: Cybersecurity podcast

ciber
2024-05-07 https://www.welivesecurity.com/en/we-live-science/how-inspire-scientists-unlocked-403-cybersecurity-podcast/
As Starmus Earth draws near, we caught up with Dr. Garik Israelian to celebrate the fusion of science and creativity and venture where imagination flourishes and groundbreaking ideas take flight "

Autosummary: "


Strategies for preventing AI misuse in cybersecurity

ciber Linux
2024-05-06 https://www.helpnetsecurity.com/2024/05/06/pukar-hamal-securitypal-ai-tools-in-cybersecurity/

As organizations increasingly adopt AI, they face unique challenges in updating AI models to keep pace with evolving threats while ensuring seamless integration into existing cybersecurity frameworks. In this Help Net Security interview, Pukar Hamal, CEO at SecurityPal, discusses the integration of AI tools in cybersecurity. What are organizations’ main challenges when integrating AI into their cybersecurity infrastructures? Companies are like organisms: constantly changing every second. Given the dynamic nature of companies, keeping AI models … More

The post Strategies for preventing AI misuse in cybersecurity appeared first on Help Net Security.

"

Autosummary: Employing a layered security approach, including encryption, behavior monitoring, and automatic alerts for unusual activities, helps strengthen defenses. In this Help Net Security interview, Pukar Hamal, CEO at SecurityPal, discusses the integration of AI tools in cybersecurity. "


Get ahead in cybersecurity with $145 off a training course bundle

ciber
2024-05-06 https://www.bleepingcomputer.com/news/security/get-ahead-in-cybersecurity-with-145-off-a-training-course-bundle/
Cybersecurity is everyone"s concern, and for IT workers, a key skill on their resume. This five-course exam prep bundle helps you get more advanced credentials for $49.99, $145 off the $195 MSRP. [...] "

Autosummary: And the Certified Information Systems Security Professional (CISSP) course looks at what it takes to design, launch, and maintain advanced cybersecurity initiatives. "


China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices

ciber
2024-05-06 https://thehackernews.com/2024/05/china-linked-hackers-suspected-in.html
The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced around July 2023, with the first confirmed attack against an unnamed victim "

Autosummary: A majority of the infections have been detected in Nigeria, India, China, Iran, Indonesia, the U.K., Iraq, the U.S., Pakistan, and Ethiopia. "


It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs

financial ciber
2024-05-06 https://thehackernews.com/2024/05/it-costs-how-much-financial-pitfalls-of.html
Cybercriminals are vipers. They’re like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you"re a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into.  With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price? That’s the daunting question "

Autosummary: EDR solutions can detect, investigate, and mitigate potential threats across individual endpoints, such as computers, laptops, and mobile devices.Unfortunately, many SMBs end up learning one lesson the hard way: cyberattack recovery costs can be significantly higher than the initial investment required for an effective cybersecurity solution Many SMBs Aren"t Prepared for the Inevitable In our report, The State of Cybersecurity for Mid-Sized Businesses in 2023, we discovered that nearly 25% of SMBs have either suffered a cyberattack or didn"t even realize they had suffered one in the past 12 months.There"s More at Stake Than Just Money Today, it"s commonplace to find budgets being slashed, leaving cybersecurity staff overextended, overworked, or nonexistent. "


Most companies changed their cybersecurity strategy in the past year

ciber
2024-05-03 https://www.helpnetsecurity.com/2024/05/03/cybersecurity-business-strategy-perception/

Businesses worldwide have faced a rate of change in the threat environment evidenced by 95% of companies reporting cybersecurity strategy adjustments within just the past year, according to LogRhythm. Strategic shifts within organizations At the heart of these strategic shifts is the central role of leadership within organizations. The perception of cybersecurity has changed from a purely technical issue to a central pillar of business strategy and corporate governance, with 78% stating that the cybersecurity … More

The post Most companies changed their cybersecurity strategy in the past year appeared first on Help Net Security.

"

Autosummary: The research found that less than half of security teams are reporting on time to respond (49%), time to detect (48%), and time to recover (45%). "


What is cybersecurity mesh architecture (CSMA)?

ciber
2024-05-03 https://www.helpnetsecurity.com/2024/05/03/cybersecurity-mesh-architecture-csma/

Cybersecurity mesh architecture (CSMA) is a set of organizing principles used to create an effective security framework. Using a CSMA approach means designing a security architecture that is composable and scalable with easily extensible interfaces, a common data schema and well-defined interfaces and APIs for interoperability. A well-designed CSMA allows various security controls and solutions to work together more effectively. In turn, this allows security organizations to be better handle threat intelligence, incident response, security … More

The post What is cybersecurity mesh architecture (CSMA)? appeared first on Help Net Security.

"

Autosummary: The detection mesh web spans various components and layers of an organization’s IT environment, including endpoints and devices, APIs, infrastructure (cloud, on-prem, hybrid), applications and SaaS, networks, data flows and storage, and authentication and authorization systems. Process measurements can be constructed around known metrics (time-to-remediate, etc) or alternative metrics focused on process (adherence to security playbooks, time-spent out of compliance, time-to-triage).In turn, this allows security organizations to be better handle threat intelligence, incident response, security asset management, and other core functions of modern cybersecurity. "


BlackBerry CylanceMDR improves cybersecurity defensive strategy

ciber
2024-05-03 https://www.helpnetsecurity.com/2024/05/03/blackberry-cylancemdr/

BlackBerry introduced the new and expanded CylanceMDR, offering comprehensive Managed Detection & Response (MDR) protection powered by the Cylance AI platform and augmented with award-winning security operations center analysts for 24×7 threat coverage. CylanceMDR (formerly CylanceGUARD) now offers three new packages – Standard, Advanced, and On-Demand. Each package is designed to address the unique cybersecurity challenges businesses face today, from AI detection to expert support, providing a comprehensive solution for all. “CylanceMDR offers more than … More

The post BlackBerry CylanceMDR improves cybersecurity defensive strategy appeared first on Help Net Security.

"

Autosummary: CylanceMDR includes hands-on onboarding, alert triage, investigation, managed threat hunting, digital forensics, comprehensive incident response, and critical event management. "


NATO and EU condemn Russia"s cyberattacks against Germany, Czechia

ciber
2024-05-03 https://www.bleepingcomputer.com/news/security/nato-and-eu-condemn-russias-cyberattacks-against-germany-czechia/
​NATO and the European Union, with international partners, formally condemned a long-term cyber espionage campaign against European countries conducted by the Russian threat group APT28. [...] "

Autosummary: " According to NATO, these recent incidents include "sabotage, acts of violence, cyber and electronic interference, disinformation campaigns, and other hybrid operations" impacting Czechia, Estonia, Germany, Latvia, Lithuania, Poland, and the United Kingdom. "


Women rising in cybersecurity roles, but roadblocks remain

ciber
2024-05-02 https://www.helpnetsecurity.com/2024/05/02/women-in-cybersecurity-isc2/

The ISC2 study on women in cybersecurity, a comprehensive research effort that collected responses from 2,400 women, has revealed several significant findings. These include promising trends in women’s entry into the profession, their roles within teams, and their comparable achievements with men. However, the study also underscores the need for continued efforts to support and promote women in the cybersecurity workforce. Increased diversity With the average representation of women on cybersecurity teams at 23%, attracting … More

The post Women rising in cybersecurity roles, but roadblocks remain appeared first on Help Net Security.

"

Autosummary: Women want to work in a constantly evolving field (21%) and one where they can help people and society (16%) at higher rates than men (18% and 14%, respectively). "


Cybersecurity consultant arrested after allegedly extorting IT firm

ciber
2024-05-02 https://www.bleepingcomputer.com/news/legal/cybersecurity-consultant-arrested-after-allegedly-extorting-it-firm/
A former cybersecurity consultant was arrested for allegedly attempting to extort a publicly traded IT company by threatening to disclose confidential and proprietary data unless they paid him $1,500,000. [...] "

Autosummary: "


Trend Micro expands AI-powered cybersecurity platform

ciber
2024-05-02 https://www.helpnetsecurity.com/2024/05/02/trend-micro-platform-ai-powered-functionality/

Trend Micro launched significant additional AI-powered functionality in its platform to secure organizational use of AI and better manage the risks associated with mass adoption of new AI tools. “Great advancements in technology always come with new cyber risk. Like cloud and every other leap in technology we have secured, the promise of the AI era is only powerful if protected. Our latest platform updates deliver new efficiencies to security teams and provide critical guidelines … More

The post Trend Micro expands AI-powered cybersecurity platform appeared first on Help Net Security.

"

Autosummary: "


Making cybersecurity more appealing to women, closing the skills gap

ciber
2024-05-01 https://www.helpnetsecurity.com/2024/05/01/charly-davis-aspphire-cybersecurity-women/

In this Help Net Security interview, Charly Davis, CCO at Sapphire, provides insights into the current challenges and barriers women face in the cybersecurity industry. Davis emphasizes the need for proactive strategies to attract diverse talent, improve mentorship opportunities, and foster supportive organizational cultures in cybersecurity. Could you explain the current skills gap in cybersecurity and what makes it a critical issue for both private and public sectors? The widening cyber skills gap has been … More

The post Making cybersecurity more appealing to women, closing the skills gap appeared first on Help Net Security.

"

Autosummary: To achieve balance, a team with diverse backgrounds, religions, genders, skill sets, life experiences, and ages is needed.There are some strong examples out there, like Women in Cybersecurity, but I think women can be reluctant to join them because they don’t want to be different to their male counterparts and want to be part of an inclusive operating structure such as Tech Channel Ambassadors recently established to address this significant gap in the sector Personal mentorship can drive really positive change, and it’s certainly had a strong influence on my career. On some days, you may need to deal with nation-state actors with different geopolitical profiles, while on other days, you may encounter some young hacktivists.In this Help Net Security interview, Charly Davis, CCO at Sapphire, provides insights into the current challenges and barriers women face in the cybersecurity industry.One big contributor is rising demand – cyber threats are now very prominent on the business agenda, and we have multiple regulations like the GDPR, DORA, and NIS2 with a mandate for better security. "


Cybersecurity jobs available right now: May 1, 2024

ciber
2024-05-01 https://www.helpnetsecurity.com/2024/05/01/cybersecurity-jobs-available-right-now-may-1-2024/

Adversary Simulation Specialist LyondellBasell | Poland | On-site – View job details The Adversary Simulation Specialist will be responsible for testing and evaluating the security of a LyondellBasell’s networks, systems, and applications. This role involves conducting application assessments, vulnerability assessments, penetration testing, and ethical hacking to identify and exploit vulnerabilities to improve the organization’s security posture. Cloud Cyber Defense Engineer Deloitte | United Kingdom | Hybrid – View job details As a Cloud Cyber Defense … More

The post Cybersecurity jobs available right now: May 1, 2024 appeared first on Help Net Security.

"

Autosummary: Cyber Security Analyst Salt Security | Israel | On-site – View job details As a Cyber Security Analyst, you will monitor and analyze security events and alerts, perform triage of incoming alerts – assess the priority, determine risk, and respond, create tickets and escalate them to higher-level security analysts and developers. Threat Operations Security Engineer Thought Machine | United Kingdom | Hybrid – View job details As Threat Operations Security Engineer, you will develop, integrate, and operate highly available log collection, event monitoring, alert generation, and incident management tooling and services for security using Elastisearch on Kubernetes. "


Everyone"s an Expert: How to Empower Your Employees for Cybersecurity Success

ciber
2024-05-01 https://thehackernews.com/2024/05/everyones-expert-how-to-empower-your.html
There’s a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you’ve got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard, "

Autosummary: Huntress Security Awareness Training is an easy, effective, and enjoyable solution that helps: Minimize time-consuming maintenance and management tasks Improve knowledge retention through neuroscience-based learning principles Update you and your employees on the current threat landscape Establish a culture that values cybersecurity Inspire meaningful behavioral habits to improve security awareness Engage you and your employees in a creative, impactful manner Assure regulatory compliance Keep cyber criminals out of your organization Discover how a fully managed SAT can free up your time and resources, all while empowering your employees with smarter habits that better protect your organization from cyber threats.Your SAT should feature engaging videos, text, and short quizzes that showcase realistic cyber threats you and your employees are likely to encounter in the wild, such as: Phishing Social engineering Physical device security and more Measurable data …with easy-to-read reports on usage and success rates.These simulations should also be dispersed at unpredictable time intervals (i.e. morning, night, weekends, early in the month, later in the month, etc.), keeping learners on their toes and allowing them to put their security knowledge into practice.Remember, if the episodes are intentionally entertaining and whimsical, you"re more likely to find your employees conversing about inside jokes, recurring characters, and, of course, what they"ve learned.At their core, SAT programs are designed to help you: Educate your employees on recognizing cybersecurity risks such as phishing and ransomware Minimize your organization"s exposure to cyber threats Maintain regulatory compliance with cyber insurance stipulations These are all worthwhile goals in helping your organization thrive amidst ever-evolving cyber threats. For your own administrative needs, select a SAT that can sync regularly with your most popular platforms, such as Microsoft 365, Google, Okta, or Slack. "


eBook: Do you have what it takes to lead in cybersecurity?

ciber
2024-04-30 https://www.helpnetsecurity.com/2024/04/30/ebook-lead-in-cybersecurity/

Organizations worldwide need talented, experienced, and knowledgeable cybersecurity teams who understand the advantages and risks of emerging technologies. Aspiring leaders in the cybersecurity field need more than just job experience. They need a diverse and robust set of skills that can only be acquired through a combination of experience, learning, and dedication. Inside the eBook: Cybersecurity Needs More Skilled Professionals Technical and Non-Technical Skills for Leadership What Cybersecurity Leaders Have in Common How Certification Positions … More

The post eBook: Do you have what it takes to lead in cybersecurity? appeared first on Help Net Security.

"

Autosummary: "


AI is creating a new generation of cyberattacks

ciber
2024-04-29 https://www.helpnetsecurity.com/2024/04/29/offensive-ai-cyberattacks/

Most businesses see offensive AI fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven attacks, according to Netacea. Offensive AI in cyberattacks The research, “Cyber security in the age of offensive AI”, surveyed security leaders in the UK and US about their experience with AI as a tool in cybersecurity. It reveals that not only do most security leaders expect daily AI-driven attacks, 65% expect that offensive … More

The post AI is creating a new generation of cyberattacks appeared first on Help Net Security.

"

Autosummary: “The pressure is on security leaders to do more with less, and so the rise of the use of AI to enhance cyber attacks could not have come at a worse time,” said Andy Still, CTO, Netacea. "


Closing the cybersecurity skills gap with upskilling programs

ciber
2024-04-29 https://www.helpnetsecurity.com/2024/04/29/tech-skills-gap/

The list of skills technologists and organizations need to succeed grows with each new tech advancement, according to Pluralsight. But for many organizations, budgets and staff continue to shrink. This survey asked 1,400 executives and IT professionals how organizations can leverage technology to drive business value in a world where budgets and headcount are decreasing and technology is evolving at a rapid pace. Critical skills gaps in organizations The results were unanimous across markets and … More

The post Closing the cybersecurity skills gap with upskilling programs appeared first on Help Net Security.

"

Autosummary: Critical skills gaps in organizations The results were unanimous across markets and career levels: cybersecurity, cloud, and software development, which are considered the most imperative tech skills to learn, are the top areas where skills gaps persist. “While we know AI/ML skills are increasingly critical, we’ve also found that organizations have other, more immediate upskilling priorities,” said Aaron Rosenmund, Pluralsight’s Senior Director of Security & GenAI Skills. "


Anticipating and addressing cybersecurity challenges

ciber
2024-04-29 https://www.helpnetsecurity.com/2024/04/29/various-cybersecurity-challenges-organizations-face-video/

In this Help Net Security round-up, we present excerpts from previously recorded videos in which security experts talk about how increased adoption of cloud technology, remote work, and the proliferation of IoT devices present significant challenges for organizations. To tackle them, cybersecurity professionals are increasingly focusing on incident response, multicloud security, and IoT protection. They also discuss how AI is emerging as a valuable tool, but it presents its own set of problems, emphasizing the … More

The post Anticipating and addressing cybersecurity challenges appeared first on Help Net Security.

"

Autosummary: "


UK enacts IoT cybersecurity law

industry ciber
2024-04-29 https://www.helpnetsecurity.com/2024/04/29/uk-enacts-iot-cybersecurity-law/

The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy. “Most smart devices are manufactured outside the UK, but the PSTI act also applies to all organisations importing or retailing products for the UK market. Failure to comply with the act is a criminal offence, with fines up to £10 … More

The post UK enacts IoT cybersecurity law appeared first on Help Net Security.

"

Autosummary: About the legislation The PSTI Act covers internet- and network-connectable products, including “smart”: TVs, streaming devices, speakers Games consoles, smartphones, tablets Base stations and hubs Home automation and alarm systems “Wearables”: smart watches, fitness trackers, etc. "


Silobreaker empowers users with timely insight into key cybersecurity incident filings

ciber
2024-04-29 https://www.helpnetsecurity.com/2024/04/29/silobreaker-sec-8-k-incident-filings/

Silobreaker announced the addition of automatic collection, AI-enhanced analysis, and alerting on 8-K cybersecurity incident filings made to the US Securities and Exchange Commission (SEC). This enhancement to the Silobreaker platform empowers organizations to stay informed about critical cybersecurity incidents affecting US companies. SEC 8-K Item 1.05 mandates that publicly traded companies in the US must disclose ‘material cybersecurity incidents’ within 4 business days of the event. Although designed to enhance investor awareness, SEC 8-K … More

The post Silobreaker empowers users with timely insight into key cybersecurity incident filings appeared first on Help Net Security.

"

Autosummary: "


London Drugs pharmacy chain closes stores after cyberattack

ciber
2024-04-29 https://www.bleepingcomputer.com/news/security/london-drugs-pharmacy-chain-closes-stores-after-cyberattack/
​Canadian pharmacy chain London Drugs has closed all its retail stores to contain what it described as a "cybersecurity incident." [...] "

Autosummary: "


Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

exploits ciber
2024-04-27 https://thehackernews.com/2024/04/ukraine-targeted-in-cyberattack.html
Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting point, with "

Autosummary: "Sponsored by Russian military intelligence, APT44 is a dynamic and operationally mature threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations," Mandiant said, describing the advanced persistent threat (APT) as engaged in a multi-pronged effort to help Russia gain a wartime advantage since January 2022. "


Breaking down the numbers: Cybersecurity funding activity recap

ciber
2024-04-26 https://www.helpnetsecurity.com/2024/04/26/cybersecurity-funding-2024/

Here’s a list of interesting cybersecurity companies that received funding so far in 2024. Aim Security January | $10 million Aim Security raised $10 million in seed funding, led by YL Ventures, with participation from CCL (Cyber Club London), the founders of WIZ and angel investors from Google, Proofpoint and Palo Alto Networks. Aim Security was founded by cybersecurity veterans Matan Getz, CEO and Adir Gruss, CTO who pioneered the use and adoption of AI … More

The post Breaking down the numbers: Cybersecurity funding activity recap appeared first on Help Net Security.

"

Autosummary: Permit.io February | $8 million Permit.io raised $8 million in Series A funding, led by Scale Venture Partners, along with NFX, Verissimo Ventures, Roosh Ventures, Firestreak, 92712, and other existing investors, to ensure application developers never have to build permissions again. StrikeReady April | $12 million StrikeReady has received $12 million in Series A funding, led by 33N Ventures, with participation from Hitachi Ventures, Monta Vista Capital and industry luminaries Brian NeSmith, executive chairman and former CEO at Arctic Wolf; and Rod Beckstrom, former CEO of ICANN and Founding Director of U.S. National Cybersecurity Center (now CISA). Aim Security January | $10 million Aim Security raised $10 million in seed funding, led by YL Ventures, with participation from CCL (Cyber Club London), the founders of WIZ and angel investors from Google, Proofpoint and Palo Alto Networks. "


Overcoming GenAI challenges in healthcare cybersecurity

ciber
2024-04-25 https://www.helpnetsecurity.com/2024/04/25/asaf-mischari-team8-health-genai-healthcare-risks/

In this Help Net Security interview, Assaf Mischari, Managing Partner, Team8 Health, discusses the risks associated with GenAI healthcare innovations and their impact on patient privacy. What are the key cybersecurity challenges in healthcare in the context of GenAI, and how can they be effectively addressed? The healthcare industry faces many of the same challenges other industries face in the wake of emerging technologies with subtle differences that need to be considered and addressed. For … More

The post Overcoming GenAI challenges in healthcare cybersecurity appeared first on Help Net Security.

"

Autosummary: Historically, healthcare data has many built-in biases when it comes to race, ethnicity, and gender but bias in GenAI could result from bias in the training dataset, feature selection, data collection, labeling process, or even the model architecture itself.With predictive analytics, healthcare professionals can anticipate patient flow, staffing needs, and resource utilization, enabling proactive decision-making and resource allocation. "


25 cybersecurity AI stats you should know

ciber
2024-04-25 https://www.helpnetsecurity.com/2024/04/25/cybersecurity-ai-stats/

In this article, you will find excerpts from reports we recently covered, which offer stats and insights into the challenges and cybersecurity issues arising from the expansion of AI. Security pros are cautiously optimistic about AI Cloud Security Alliance and Google Cloud | The State of AI and Security Survey Report | April 2024 55% of organizations plan to adopt GenAI solutions within this year, signaling a substantial surge in GenAI integration. 48% of professionals … More

The post 25 cybersecurity AI stats you should know appeared first on Help Net Security.

"

Autosummary: Code42 | Annual Data Exposure Report 2024 | March 2024 Since 2021, there has been a 28% average increase in monthly insider-driven data exposure, loss, leak, and theft events. Accenture | Work, workforce, workers: Reinvented in the age of generative AI | January 2024 While 95% of workers see value in working with GenAI, 60% are also concerned about job loss, stress and burnout. "


Anatomy IT’s new Security Suite targets healthcare cybersecurity threats, improves incident response

ciber
2024-04-25 https://www.helpnetsecurity.com/2024/04/25/anatomy-it-security-suite-expansion/

Anatomy IT has announced the launch of an expanded end-to-end cybersecurity product suite designed to safeguard healthcare delivery organizations from evolving and growing IT system threats. A record 133 million individuals were affected by healthcare data breaches in 2023, according to Modern Healthcare, a number equivalent to nearly 40% of the U.S. population. Industry observers warn, however, that breaches caused by cyberattacks are likely to increase in 2024 and beyond. Costs associated with cybersecurity incidents … More

The post Anatomy IT’s new Security Suite targets healthcare cybersecurity threats, improves incident response appeared first on Help Net Security.

"

Autosummary: In light of recent events and given this growing threat to patient safety and provider organizations, Anatomy IT is drawing on its three decades of healthcare operational and cybersecurity experience, as well as feedback from its more than 1,000 clients, on this new, broader, forward-looking service offering. "


Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals

ciber
2024-04-25 https://www.welivesecurity.com/en/secure-coding/python-5-reasons-popular-cybersecurity-professionals/
Python’s versatility and short learning curve are just two factors that explain the language’s "grip" on cybersecurity "

Autosummary: Python’s versatility and short learning curve are just two factors that explain the language’s "grip" on cybersecurity The Python programming language, born from the creative genius of Guido van Rossum as far back as some 35 years ago, has evolved into a crucial tool for professionals working in various areas, including software development, data science, artificial intelligence and, notably, cybersecurity. Indeed, Python’s reputation precedes it, and this high-level, general-purpose programming language has become renowned, among other things, for its user-friendliness and a developer community of no fewer than 8.2 million people, as well as an extensive array of tools and libraries. "


Cybersecurity jobs available right now: April 24, 2024

ciber
2024-04-24 https://www.helpnetsecurity.com/2024/04/24/cybersecurity-jobs-available-right-now-april-24-2024/

Blockchain Security Researcher StarkWare | Israel | On-site – View job details The Security Researcher will be responsible for conducting in-depth research and analysis on the security of blockchain systems, protocols and the infrastructure that enables it. CISO Rajah & Tann Asia | Singapore | On-site – View job details CISO will lead and oversee firm’s information security program. This includes developing and implementing security policies and procedures, managing security technologies and overseeing security awareness … More

The post Cybersecurity jobs available right now: April 24, 2024 appeared first on Help Net Security.

"

Autosummary: Security Engineer Verisk | Poland | Hybrid – View job details As a Security Engineer, you will have a chance to advance your skills in security automation through the utilization of AI, implement and administer database security solutions, data loss prevention policies, response rules, monitor and review data-related activities for policy violations and investigation. Information Security Specialist Kitopi | Dubai | Hybrid – View job details As Information Security Specialist, you will assist in developing information security policies, procedures and necessary documents in compliance with applicable standards and regulations, conduct phishing and social engineering test campaigns, measure key performance indicators to ensure the effectiveness of information security controls. "


The relationship between cybersecurity and work tech innovation

ciber
2024-04-24 https://www.helpnetsecurity.com/2024/04/24/work-tech-innovation-cybersecurity-relationship-video/

As organizations navigate the complexities of hybrid work arrangements and the gradual return to the office, the cybersecurity threat landscape has become increasingly challenging, with issues such as the proliferation of personal devices, the expansion of remote access points, and the potential for security gaps between in-office and remote environments. Issues such as the proliferation of personal devices, the expansion of remote access points, and the potential for security gaps between in-office and remote environments … More

The post The relationship between cybersecurity and work tech innovation appeared first on Help Net Security.

"

Autosummary: "


10 colleges and universities shaping the future of cybersecurity education

ciber
2024-04-23 https://www.helpnetsecurity.com/2024/04/23/cybersecurity-colleges-universities/

Institutions featured on this list often provide undergraduate and graduate degrees, courses, as well as certificate programs tailored to meet the growing demand for cybersecurity professionals in various industries. Some notable colleges and universities renowned for their cybersecurity programs and courses include: Carnegie Mellon University (USA) Information Networking Institute (INI) The Information Networking Institute (INI) at Carnegie Mellon University (CMU) educates and develops engineers through technical, interdisciplinary master’s degree programs in information networking, security and … More

The post 10 colleges and universities shaping the future of cybersecurity education appeared first on Help Net Security.

"

Autosummary: Program: Master of Science in Cybersecurity Massachusetts Institute of Technology (USA) MIT Department of Electrical Engineering and Computer Science A joint venture between the Schwarzman College of Computing and the School of Engineering, EECS is grounded in three overlapping sub-units: electrical engineering (EE), computer science (CS), and artificial intelligence and decision-making (AI+D). "


Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery

ciber
2024-04-23 https://thehackernews.com/2024/04/unmasking-true-cost-of-cyberattacks.html
Cybersecurity breaches can be devastating for both individuals and businesses alike. While many people tend to focus on understanding how and why they were targeted by such breaches, there"s a larger, more pressing question: What is the true financial impact of a cyberattack? According to research by Cybersecurity Ventures, the global cost of cybercrime is projected to reach "

Autosummary: On a broader level, some countries, like the U.S., China, and the UK, have even started investing in their digital defenses, as they do with their military efforts.Moreover, the recovery process from a cyberattack often involves substantial investments in cybersecurity measures, legal fees, and compensations, further contributing to the overall financial impact.Businesses linked to essential services, like those in the finance, medical, and transportation industries, are particularly susceptible to cyberattacks because of their impact on everyday lives. "


US govt sanctions Iranians linked to government cyberattacks

government ciber
2024-04-23 https://www.bleepingcomputer.com/news/security/us-govt-sanctions-iranians-linked-to-government-cyberattacks/
The Treasury Department"s Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. [...] "

Autosummary: Rewards for Justice poster (State Department) ​Today, the Justice Department also unsealed indictments charging Kazemifar, Salmani, and Harooni for their involvement in a cyber campaign targeting U.S. government agencies, including the U.S. Departments of State and Treasury, and private entities, mainly cleared defense contractors, between 2016 and 2021. "


How to improve response to emerging cybersecurity threats

ciber
2024-04-22 https://www.helpnetsecurity.com/2024/04/22/cybersecurity-best-practices-video/

Cyber resilience is a top priority for global organizations, and understanding threats plays a crucial role in building and maintaining a layered security approach. This Help Net Security round-up presents excerpts from previously recorded videos featuring security experts discussing various cybersecurity aspects and best practices in different domains. Complete videos Robin Berthier, CEO at Network Perception, talks about strategy for cyber resilience. Deepak Goel, CTO at D2iQ, talks about best practices for Kubernetes security in … More

The post How to improve response to emerging cybersecurity threats appeared first on Help Net Security.

"

Autosummary: "


A French hospital was forced to reschedule procedures after cyberattack

ciber
2024-04-20 https://securityaffairs.com/162057/hacking/french-hospital-cyber-attack.html
A French hospital was forced to return to pen and paper and postpone medical treatments after a cyber attack. A cyber attack hit Hospital Simone Veil in Cannes (CHC-SV) on Tuesday, impacting medical procedures and forcing personnel to return to pen and paper. The Hospital Simone Veil in Cannes is a public hospital located in Cannes, France. The […] "

Autosummary: The hospital ensured continuity of operations in emergency care, internal medicine, surgery, obstetrics, geriatrics, pediatrics, psychiatry, home hospitalization, and rehabilitation.A French hospital was forced to reschedule procedures after cyberattack Pierluigi Paganini April 20, 2024 April 20, 2024 A French hospital was forced to return to pen and paper and postpone medical treatments after a cyber attack. "


Cybercriminals pose as LastPass staff to hack password vaults

ciber
2024-04-18 https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-lastpass-staff-to-hack-password-vaults/
LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft. [...] "

Autosummary: "


840-bed hospital in France postpones procedures after cyberattack

ciber
2024-04-18 https://www.bleepingcomputer.com/news/security/chc-sv-hospital-in-france-postpones-procedures-after-cyberattack/
The Hospital Simone Veil in Cannes (CHC-SV) has announced that it was targeted by a cyberattack on Tuesday morning, severely impacting its operations and forcing staff to go back to pen and paper. [...] "

Autosummary: " Emergency, medicine, surgery, obstetrics, geriatrics, pediatrics, psychiatry, home hospitalization, and rehabilitation units continue to operate. "


Frontier Communications shuts down systems after cyberattack

ciber
2024-04-18 https://www.bleepingcomputer.com/news/security/frontier-communications-shuts-down-systems-after-cyberattack/
​American telecom provider Frontier Communications is restoring systems after a cybercrime group breached some of its IT systems in a recent cyberattack. [...] "

Autosummary: According to an internal memo, a network outage took down Frontier"s wholesale sites on Tuesday morning at around 7:30 AM ET, as well as the following applications and platforms: Virtual Front Office (VFO) Local (LSR/ISP) Module Virtual Front Office (VFO) Access (ASR) Module Virtual Front Office (VFO) Trouble Administration (TA) "


Cybersecurity jobs available right now: April 17, 2024

ciber
2024-04-17 https://www.helpnetsecurity.com/2024/04/17/cybersecurity-jobs-available-right-now-april-17-2024/

Client Security Officer Unisys | USA | Remote – View job details The Client Security Officer (CSO) is part of Unisys account management team servicing its clients as cybersecurity representative alongside the Client Executive and the Client Delivery Executive. Cybersecurity Engineer Fujitsu | Singapore | Hybrid – View job details As a member of the Fujitsu Security Team, you will implement security solutions for customers to address cyber threats and potential vulnerabilities. This person will … More

The post Cybersecurity jobs available right now: April 17, 2024 appeared first on Help Net Security.

"

Autosummary: Manager, IT Security Operations Dalhousie University | Canada | On-site – View job details Reporting to the Associate Director of Engineering Services, the Manager, Security Operations is responsible for the projects and activities to address new and emerging requirements for security operations, including network security, application security, end user device security and Identity and Access management. "


AI set to enhance cybersecurity roles, not replace them

ciber
2024-04-16 https://www.helpnetsecurity.com/2024/04/16/caleb-sima-csa-security-pros-ai/

In this Help Net Security interview, Caleb Sima, Chair of CSA AI Security Alliance, discusses how AI empowers security pros, emphasizing its role in enhancing skills and productivity rather than replacing staff. AI is seen as empowering rather than replacing security pros. How do you foresee AI changing their roles in the future? While the future of AI replacing jobs remains uncertain, I am confident it’s not imminent. AI is a tool that can be … More

The post AI set to enhance cybersecurity roles, not replace them appeared first on Help Net Security.

"

Autosummary: In fact, a survey – State of AI and Security Survey Report – that CSA recently conducted with Google found that the majority of organizations plan to use AI to strengthen their teams, whether that means enhancing their skills and knowledge base (36%) or improving detection times (26%) and productivity (26%), rather than replacing staff altogether.That being the case, I’d caution companies, regardless of where they are on their AI journey, to understand that they will encounter challenges, whether from integrating this technology into current processes or ensuring that staff are properly trained in using this revolutionary technology, and that’s to be expected. "


Identity in the Shadows: Shedding Light on Cybersecurity"s Unseen Threats

ciber
2024-04-16 https://thehackernews.com/2024/04/identity-in-shadows-shedding-light-on.html
In today"s rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify their identity security measures. Our recent research report, The Identity Underground "

Autosummary: The report paints a vivid picture of the "hidden" identity security liabilities where attackers leverage Identity Threat Exposures (ITEs) such as forgotten user accounts and misconfigurations to breach organizations" defenses, with each ITE posing a significant threat to organizations" security posture. "


UnitedHealth: Change Healthcare cyberattack caused $872 million loss

ciber
2024-04-16 https://www.bleepingcomputer.com/news/security/unitedhealth-change-healthcare-cyberattack-caused-872-million-loss/
UnitedHealth Group reported an $872 million impact on its Q1 earnings due to the ransomware attack disrupting the U.S. healthcare system since February. [...] "

Autosummary: While first linked by the company to "nation-state" hackers, the attack was later linked to the BlackCat/ALPHV ransomware group who claimed they stole 6 TB of data during the breach, The ransomware gang shut down its operation and likely pulled an exit scam by stealing a $22 million ransom paid to Notchy, the affiliate who coordinated the attack. "


Expand your library with these cybersecurity books

ciber
2024-04-15 https://www.helpnetsecurity.com/2024/04/15/cybersecurity-books-video/

In this Help Net Security video round-up, authors discuss their cybersecurity books and provide an inside look at each title. Complete videos George Finney, CSO at Southern Methodist University, talks about his book – “Project Zero Trust: A Story about a Strategy for Aligning Security and the Business“. Eric Leblond, CTO at Stamus Networks, talks about The Security Analyst’s Guide to Suricata, a book he co-wrote with Peter Manev. Adam Shostack, the author of “Threat … More

The post Expand your library with these cybersecurity books appeared first on Help Net Security.

"

Autosummary: "


Why women struggle in the cybersecurity industry

industry ciber
2024-04-12 https://www.helpnetsecurity.com/2024/04/12/women-cybersecurity-workplace-experiences/

The workplace experiences of women in cybersecurity are dramatically worse than men across virtually every category, according to a WiCyS and Aleria survey. Previous studies have illustrated that the representation of women in cybersecurity is much lower than it should be, but can’t explain why or how we can improve matters. Women confront exclusion at higher rates Women encounter exclusion at twice the rate of men, signaling a pressing need for industry-wide cultural and procedural … More

The post Why women struggle in the cybersecurity industry appeared first on Help Net Security.

"

Autosummary: Top four categories of exclusion The top four categories of exclusion faced by women are respect, career and growth, access and participation and recognition, signaling critical intervention points. "


Cybersecurity jobs available right now: April 10, 2024

ciber
2024-04-10 https://www.helpnetsecurity.com/2024/04/10/cybersecurity-jobs-available-right-now-april-10-2024/

Application Security Engineer HCLTech | Mexico | Remote – View job details As an Application Security Engineer, you will work on the security engineering team and collaborate with other IT professionals to ensure that user data is protected. Cybersecurity Incident Response Specialist Amer Sports | Germany | Hybrid – View job details As an Incident Response Specialist, you’ll play an essential role in proactively preparing for, responding to, and recovering from cybersecurity incidents, ensuring the … More

The post Cybersecurity jobs available right now: April 10, 2024 appeared first on Help Net Security.

"

Autosummary: Cybersecurity Incident Response Specialist Amer Sports | Germany | Hybrid – View job details As an Incident Response Specialist, you’ll play an essential role in proactively preparing for, responding to, and recovering from cybersecurity incidents, ensuring the protection of Amer Sports’ digital assets, and maintaining business continuity. Security Architect ASSA ABLOY Group | Sweden | On-site – View job details The company are seeking a talented and self-motivated individual with expertise in process definition, implementation, monitoring, and improvement, crucial for enhancing ASSA ABLOY’s incident management capabilities. "


Upcoming report on the state of cybersecurity in Croatia

government ciber
2024-04-10 https://www.helpnetsecurity.com/2024/04/10/upcoming-report-on-the-state-of-cybersecurity-in-croatia/

Next week, Diverto is set to release a comprehensive report on Croatia’s cybersecurity landscape. This report will provide a detailed summary of the key events from 2023, offer targeted recommendations for managerial strategies, and highlight crucial regulations like NIS2 and DORA. If you’d like to learn more about the report and receive it once released, you can attend a live stream (in Croatian) on Tuesday, April 16. The event will include an expert panel: Ana … More

The post Upcoming report on the state of cybersecurity in Croatia appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity in the Evolving Threat Landscape

ciber
2024-04-10 https://securityaffairs.com/161661/uncategorized/cybersecurity-in-the-evolving-threat-landscape.html
As technology evolves and our dependence on digital systems increases, the cybersecurity threat landscape also rapidly changes, posing fresh challenges for organizations striving to protect their assets and data. The battle between cybersecurity defenders and malicious actors rages on in the vast digital expanse of today’s interconnected world. As technology advances and our reliance on […] "

Autosummary: Building upon the foundational principles of EDR and threat intelligence, XDR integrates data from multiple security controls, such as endpoints, networks, cloud environments, and applications, into one unified platform.As businesses in every sector embrace digital transformation initiatives, adopting cloud computing, Internet of Things (IoT) devices, automation, AI, and interconnected ecosystems, their attack surface widens exponentially.Cybersecurity in the Evolving Threat Landscape Pierluigi Paganini April 10, 2024 April 10, 2024 As technology evolves and our dependence on digital systems increases, the cybersecurity threat landscape also rapidly changes, posing fresh challenges for organizations striving to protect their assets and data. "


Targus discloses cyberattack after hackers detected on file servers

ciber
2024-04-09 https://www.bleepingcomputer.com/news/security/targus-discloses-cyberattack-after-hackers-detected-on-file-servers/
Laptop and tablet accessories maker Targus disclosed that it suffered a cyberattack disrupting operations after a threat actor gained access to the company"s file servers. [...] "

Autosummary: "


WiCyS: A champion for a more diverse cybersecurity workforce

ciber
2024-04-08 https://www.helpnetsecurity.com/2024/04/08/wicys-women-in-cybersecurity-workforce/

In this Help Net Security interview, Lynn Dohm, Executive Director at Women in CyberSecurity (WiCyS), talks about how the organization supports its members across different stages of their cybersecurity journey. WiCyS (pronounced Wee-Sis) is an organization dedicated to advancing the representation and success of women in cybersecurity, as well as fostering a more diverse workforce through various strategic initiatives. In light of existing cybersecurity workforce shortages, the organization’s role is becoming increasingly important. (Lynn Dohm’s … More

The post WiCyS: A champion for a more diverse cybersecurity workforce appeared first on Help Net Security.

"

Autosummary: Our flagship event, the WiCyS Conference, brings together women and allies offering attendees – both in-person and virtual – technical presentations, workshops, panels, lightning talks, networking socials, résumé reviews, mock interviews, professional headshots, a career fair, a capture-the-flag competition, and more.Members have access to hundreds of the resources and opportunities provided by their network, including professional development, career advancement, education, mentorship, and research. Our membership is open to professionals, students, educators, researchers, and allies who support the inclusion and advancement of women in cybersecurity. For veteran members, we provide conference Veteran Fellowship Awards, discounts on membership and conference fees, and opportunities to engage in the WiCyS Veterans’ Apprenticeship program, helping with the transition into cybersecurity. For career advancement, leadership training prepares women for senior roles, while recognition and awards highlight their achievements, inspiring others and contributing to a culture that values and promotes women’s contributions in cybersecurity. "


Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

financial ciber
2024-04-08 https://thehackernews.com/2024/04/cybercriminals-targeting-latin-america.html
A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs researcher Karla Agregado said. The email message, the company said, originates from an email "

Autosummary: The HTML file points containing a link ("facturasmex[.]cloud") that displays an error message saying "this account has been suspended," but when visited from an IP address geolocated to Mexico, loads a CAPTCHA verification page that uses Cloudflare Turnstile. "


Cyberattack on UK’s CVS Group disrupts veterinary operations

ciber
2024-04-08 https://www.bleepingcomputer.com/news/security/cyberattack-on-uks-cvs-group-disrupts-veterinary-operations/
UK veterinary services provider CVS Group has announced that it suffered a cyberattack that disrupted IT services at its practices across the country. [...] "

Autosummary: CVS Group operates 500 veterinary practices throughout the UK, Australia, the Netherlands, and the Republic of Ireland, including nine specialist referral hospitals, 39 dedicated out-of-hours sites, three laboratories, and seven pet crematoria. "


60% of small businesses are concerned about cybersecurity threats

ciber
2024-04-07 https://www.malwarebytes.com/blog/news/2024/04/60-of-small-businesses-are-concerned-about-cybersecurity-threats
In a recent US Chamber of Commerce poll, small businesses identified cybersecurity as their biggest concern. "

Autosummary: On the other hand, small businesses that are least likely to say they are prepared for cyber threats include businesses in the manufacturing sector (61%), female-owned businesses (68%), and businesses in average health (64%).” "


Cybercriminal adoption of browser fingerprinting

ciber
2024-04-05 https://www.helpnetsecurity.com/2024/04/05/browser-fingerprinting/

Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns. While browser fingerprinting has been used by legitimate organizations to uniquely identify web browsers for nearly 15 years, it is now also commonly exploited by cybercriminals: a recent study shows one in four phishing sites using some form of this technique. This article will explain what browser fingerprinting is, provide examples, and discuss … More

The post Cybercriminal adoption of browser fingerprinting appeared first on Help Net Security.

"

Autosummary: Numerous pieces of data can be collected as a part of fingerprinting, including: Time zone Language settings IP address Cookie settings Screen resolution Browser privacy User-agent string Browser fingerprinting is used by many legitimate providers to detect bots misusing their services and other suspicious activity, but phishing site authors have also realized its benefits and are using the technique to avoid automated systems that might flag their website as phishing. This fingerprint contains every property of the browser, including information on screen dimensions, operating system, GPU hardware, time zone, and many other data points. "


CISO Perspectives on Complying with Cybersecurity Regulations

ciber
2024-04-05 https://thehackernews.com/2024/04/ciso-perspectives-on-complying-with.html
Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance is a time-consuming, high-stakes process that demands strong organizational and "

Autosummary: "They map across certifications in a single pane of glass, so when an auditor comes in, we show them a screen that says, "Here"s the evidence."" In addition to tooling, many companies rely on third parties to conduct compliance assessments. How CISOs view cybersecurity compliance can vary greatly, depending on their company size, geography, sector, data sensitivity, and program maturity level.Meeting compliance requirements, on the other hand, could deliver business value, such as faster sales, stronger partnerships, or lower cyber insurance rates. Comply once, Apply to many Most organizations have numerous compliance bodies they must answer to, as well as cyber insurance providers, customers, and partners. "


Cyberattack disrupted services at Omni Hotels & Resorts

ciber
2024-04-05 https://securityaffairs.com/161504/cyber-crime/omni-hotels-resorts-cyberattack.html
US hotel chain Omni Hotels & Resorts suffered a cyber attack that forced the company to shut down its systems. A cyberattack hit Omni Hotels & Resorts disrupting its services and forcing the company to shut down its systems. The hotel chain did not share details about the attack, however, the effects reported in the […] "

Autosummary: As a result, certain systems were brought offline, most of which… — Omni Hotels & Resorts (@OmniHotels) April 4, 2024 The hotel chain did not share details about the attack, however, the effects reported in the notice suggest that the company may have been hit by a ransomware attack. "


Considerations for Operational Technology Cybersecurity

ciber
2024-04-04 https://thehackernews.com/2024/04/considerations-for-operational.html
Operational Technology (OT) refers to the hardware and software used to change, monitor, or control the enterprise"s physical devices, processes, and events. Unlike traditional Information Technology (IT) systems, OT systems directly impact the physical world. This unique characteristic of OT brings additional cybersecurity considerations not typically present in conventional IT security "

Autosummary: Therefore, OT cybersecurity measures that introduce latency, such as multi-factor authentication, just-in-time access request workflows, and session activity monitoring, may not be suitable for OT environments.For example, OWASP Top 10 addresses web application cybersecurity concerns such as injection, broken authentication, sensitive data exposure, and security misconfigurations, which are common vulnerabilities that can also be found in OT environments. The convergence of IT and OT Historically, IT and Operational Technology (OT) have operated in separate silos, each with its own set of protocols, standards, and cybersecurity measures.For example, Modbus, a widely used communication protocol in legacy OT systems, does not include authentication or encryption, making it vulnerable to attacks. "


Omni Hotels suffer prolonged IT outage due to cyberattack

ciber
2024-04-04 https://www.helpnetsecurity.com/2024/04/04/omni-hotels-suffer-prolonged-it-outage-due-to-cyberattack/

Texas-based Omni Hotels & Resorts has been responding to a cyberattack that started last Friday, which resulted in the unavailability of many of its IT systems. According to people staying at some of the 50 properties the company operates across Northern America, who took to Reddit to vent and discuss the problem, the outage affected reservation and check-in systems, room key cards, and payment systems. What is known about the Omni Hotels cyberattack? The disruption … More

The post Omni Hotels suffer prolonged IT outage due to cyberattack appeared first on Help Net Security.

"

Autosummary: The cyber attack disrupted hotel operations “It’s unlikely many hotel guests would have ever considered how connected and digitally-dependent their holiday destination was, but this is now a situation they are unlikely to forget,” William Wright, CEO of Closed Door Security, commented for Help Net Security. "


NIST awards $3.6 million to address the cybersecurity workforce gap

ciber
2024-04-04 https://www.helpnetsecurity.com/2024/04/04/nist-cooperative-agreements-3-6-million/

The US Department of Commerce’s National Institute of Standards and Technology (NIST) has awarded cooperative agreements totaling nearly $3.6 million aimed at building the workforce needed to safeguard enterprises from cybersecurity risks. The grants of roughly $200,000 each will go to 18 education and community organizations in 15 states that are working to address the nation’s shortage of skilled cybersecurity employees. The cooperative agreements will be overseen by NICE, a NIST-led partnership between government, academia … More

The post NIST awards $3.6 million to address the cybersecurity workforce gap appeared first on Help Net Security.

"

Autosummary: The award recipients, areas served, and amounts awarded are: Benedict College South Carolina and the surrounding Southeastern region $200,000 Board of Regents, Nevada System of Higher Education on behalf of University of Nevada, Las Vegas Las Vegas-Henderson-Paradise region $199,635 Bowling Green State University Ohio $199,376 CyberUp Greater St. Louis area $200,000 Cyber Bytes Foundation Stafford County, Virginia $189,042.35 Digital Promise Global East Alabama $198,852 Energy Sector Security Consortium Inc. Oregon and Southwest Washington $200,000 George Mason University District of Columbia; Alexandria, Virginia; and Fairfax, Virginia $199,901 Greater Phoenix Chamber Foundation Phoenix/Tucson $200,000 Kaua‘i Economic Development Board Hawai‘i $200,000 NPower Inc. New Jersey/New York $200,000 RTriad Enterprises Inc. North Carolina $200,000 San Diego Workforce Partnership San Diego County $199,820 Strategic Ohio Council for Higher Education (SOCHE) Cincinnati-Dayton region $200,000 Texas Tech University West Texas region $199,349 The University of South Florida Board of Trustees Florida $200,000 WeReach Gateway Cities of Massachusetts $199,998.70 Women’s Society of Cyberjutsu Las Vegas and the greater Nevada area $200,000 "


Hoya’s optics production and orders disrupted by cyberattack

industry ciber
2024-04-04 https://www.bleepingcomputer.com/news/security/hoyas-optics-production-and-orders-disrupted-by-cyberattack/
Hoya Corporation, one of the largest global manufacturers of optical products, says a "system failure" caused servers at some of its production plants and business divisions to go offline on Saturday. [...] "

Autosummary: "


Cybersecurity jobs available right now: April 3, 2024

ciber
2024-04-03 https://www.helpnetsecurity.com/2024/04/03/cybersecurity-jobs-available-right-now-april-3-2024/

Cyber Security Manager Charterhouse Middle East | UAE | On-site – View job details The Cyber Security Manager will identify and address potential security issues, define access privileges, implement control structures, and conduct periodic audits. In addition, you’ll also contribute to ongoing security improvements, stay abreast of industry trends, and collaborate with the team to ensure the highest level of information system security. Cyber Security Architect Eutelsat Group | Italy | Hybrid – View job … More

The post Cybersecurity jobs available right now: April 3, 2024 appeared first on Help Net Security.

"

Autosummary: Junior Security Consultant – Security Risk Management WSP in the Middle East | UAE | Hybrid – View job details WSP are seeking a junior security consultant who holds a bachelors degree in a security related field (such as public safety, international and civil security, homeland security, anti-terrorism, security and risk management) or Architecture or Landscaping or Engineering or Design or Master Planning to join their security risk management business. Security Engineer Jr Accenture | Mexico | On-site – View job details Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. "


Omni Hotels confirms cyberattack behind ongoing IT outage

ciber
2024-04-03 https://www.bleepingcomputer.com/news/security/omni-hotels-confirms-cyberattack-behind-ongoing-it-outage/
Omni Hotels & Resorts has confirmed a cyberattack caused a nationwide IT outage that is still affecting its locations. [...] "

Autosummary: The PoS malware was used to steal payment card information, including the cardholder"s name, credit/debit card number, security code, and expiration date, between December 23, 2015, and June 14, 2016, depending on the affected location. "


73% brace for cybersecurity impact on business in the next year or two

ciber
2024-04-02 https://www.helpnetsecurity.com/2024/04/02/cybersecurity-risks-readiness-level/

Only 3% of organizations across the globe have the ‘mature’ level of readiness needed to be resilient against modern cybersecurity risks, according to Cisco. The 2024 Cisco Cybersecurity Readiness Index highlights that readiness is down significantly from one year ago, when 15% of companies were ranked mature. Low cybersecurity risks readiness levels Companies today continue to be targeted with a variety of techniques that range from phishing and ransomware to supply chain and social engineering … More

The post 73% brace for cybersecurity impact on business in the next year or two appeared first on Help Net Security.

"

Autosummary: This raises significant concerns as 67% of organizations said they have deployed ten or more point solutions in their security stacks, while 25% said they have 30 or more.​ Talent shortages impact productivity 85% of companies said their employees access company platforms from unmanaged devices​, and 43% of those spend 20% of their time logged onto company networks from unmanaged devices. "


How to design and deliver an effective cybersecurity exercise

ciber
2024-04-01 https://www.helpnetsecurity.com/2024/04/01/cybersecurity-exercises/

Armed forces have always utilized war-gaming exercises for battlefield training to prepare for times of conflict. With today’s digital transformation, the same concept is being applied in the form of cybersecurity exercises – tests and simulations based on plausible cyber-attack scenarios and incident response. Cyber exercises press an organization’s ability to detect, investigate, and respond to threats in a timely and secure manner. Well-designed cybersecurity exercises help organizations proactively identify and address vulnerabilities in their … More

The post How to design and deliver an effective cybersecurity exercise appeared first on Help Net Security.

"

Autosummary: For example, a phishing exercise, which can be conducted at any time, has a low resourcing requirement; while red and blue team exercises require one to eight weeks to run, dedicated teams, and access to a live or a test environment. 6. Design a cybersecurity exercise During a cybersecurity exercise, many forms of cyber-attacks, ranging from simple to highly sophisticated, can be simulated.Phishing exercises test employees’ ability to detect fraudulent communications (email, text, phone, web), social engineering attempts, and their ability to respond to successful attacks.They include pieces of information for participants (e.g., indicators of compromise, a customer complaint, a help desk report, a piece of threat intelligence or a SOC alert), as well as key stages of the exercise. "


Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals

ciber
2024-04-01 https://thehackernews.com/2024/04/malicious-apps-caught-secretly-turning.html
Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN"s Satori Threat Intelligence team, which said the cluster of VPN apps came fitted with a Golang library that transformed the user"s device into a proxy node without their knowledge. "

Autosummary: "When a threat actor uses a residential proxy, the traffic from these attacks appears to be coming from different residential IP addresses instead of an IP of a data center or other parts of a threat actor"s infrastructure," security researchers said. "


Yacht retailer MarineMax discloses data breach after cyberattack

financial ciber
2024-04-01 https://www.bleepingcomputer.com/news/security/yacht-retailer-marinemax-discloses-data-breach-after-cyberattack/
MarineMax, self-described as one of the world"s largest recreational boat and yacht retailers, says attackers stole employee and customer data after breaching its systems in a March cyberattack. [...] "

Autosummary: The Rhysida ransomware-as-a-service (RaaS) operation emerged almost one year ago, in May 2023, and gained notoriety after breaching the British Library and the Chilean Army (Ejército de Chile). "


Advanced cybersecurity strategies boost shareholder returns

ciber
2024-03-29 https://www.helpnetsecurity.com/2024/03/29/cybersecurity-board-oversight/

Companies demonstrating advanced cybersecurity performance generate a shareholder return that is 372% higher than their peers with basic cybersecurity performance, according to a new report from Diligent and Bitsight. Boards under pressure to fortify cyber oversight The escalation in the frequency and severity of cyber incidents has positioned cyber risk as one of the foremost challenges confronting boards. With cyber threats becoming increasingly sophisticated and pervasive, boards are under pressure to effectively address cybersecurity risks … More

The post Advanced cybersecurity strategies boost shareholder returns appeared first on Help Net Security.

"

Autosummary: Specialized risk or audit committees enhance cybersecurity performance The median cybersecurity rating for companies with specialized risk committees is 730, compared to 720 for companies with just audit committees, indicating there is not a significant difference in the ability of the audit committee to oversee cyber risk compared to a specialized risk committee. "


Cybercriminals use cheap and simple infostealers to exfiltrate data

ciber
2024-03-28 https://www.helpnetsecurity.com/2024/03/28/identity-based-attacks-rise/

The rise in identity-based attacks can be attributed to a rapid increase in malware, according to SpyCloud. Researchers found that 61% of data breaches in 2023, involving over 343 million stolen credentials, were infostealer malware-related. Of these compromised identity records, one in four contained information about the user’s network or physical location, putting the individual’s identity, platforms they have access to, and physical well-being at risk. Infostealer malware exposes user information Taking a deeper look … More

The post Cybercriminals use cheap and simple infostealers to exfiltrate data appeared first on Help Net Security.

"

Autosummary: Mobile malware on the rise Researchers also recaptured nearly 200 different types of personally identifiable information (PII) in 2023, ranging from full names (3.16 billion) and phone numbers (2.14 billion) to dates of birth (920.25 million), social security and national ID numbers (171.61 million) and credit card numbers (36.97 million). Infostealer malware exposes user information Taking a deeper look into how stolen data empowers bad actors to perpetrate cybercrimes including account takeover, fraud, and ransomware, researchers analyzed the exposures of the average digital identity being traded in the criminal underground and found that the average identity appears in as many as nine breaches and is associated with 15 breach records. "


Sellafield nuclear waste dump faces prosecution over cybersecurity failures

ciber
2024-03-28 https://www.bitdefender.com/blog/hotforsecurity/sellafield-nuclear-waste-dump-faces-prosecution-over-cybersecurity-failures/
The UK"s Office for Nuclear Regulation (ONR) has started legal action against the controversial Sellafield nuclear waste facility due to years of alleged cybersecurity breaches. Read more in my article on the Hot for Security blog. "

Autosummary: The Guardian, which initially brought attention to the claims, said that it was still not known if the malware infection had been eradicated, and that the Sellafield site had been put in "special measures" due to its consistent cybersecurity breaches and failure to report incidents. "


Stopping a K-12 cyberattack (SolarMarker) with ThreatDown MDR

ciber
2024-03-28 https://www.malwarebytes.com/blog/business/2024/03/stopping-a-k-12-cyberattack-solarmarker-with-threatdown-mdr
How experts uncovered a years-long SolarMarker attack on a K-12 district "

Autosummary: The command line shows signs of the malicious script execution, with parameters indicative of a desire to hide the window (-WindowStyle Hidden), bypass execution policies (-Ep ByPass), and run encoded commands (-ComMand “sa43…).if ($payloadIndex -ge $decodeKey.Length) { $payloadIndex = $decodeKey.Length } } [System. "


Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world

ciber
2024-03-28 https://www.welivesecurity.com/en/cybercrime/cybercriminals-play-dirty-10-cyber-hits-sporting-world/
This rundown of 10 cyberattacks against the sports industry shows why every team needs to keep its eyes on the ball when it comes to cybersecurity "

Autosummary: This incident compromised servers storing sensitive data, including names, surnames, postal addresses, email addresses, telephone numbers, and even bank account details of subscribers and shareholders. The breach impacted a variety of victims, including parents of junior players, international players, professionals from 2016-2018, contacts of the KNVB Sports Medical Center, and individuals involved in the organization’s disciplinary matters from 1999-2020. The team acknowledged the attack, lamenting the exfiltration of 32 GB of sensitive data, including player information such as passports and identity documents, contracts, confidentiality agreements, and other legal documentation. This attack had severe implications for one of the NBA’s most prominent teams, with the attackers claiming responsibility for leaking over 500 GB of confidential information, including sensitive data such as player contracts, customer records, and financial details. The attack, variously attributed to Sandworm and Fancy Bear APT groups, primarily targeted the event’s official website, the servers of ski resorts hosting the Olympic contests, and two IT service providers who managed the event’s technical infrastructure. "


Cybersecurity jobs available right now: March 27, 2024

ciber
2024-03-27 https://www.helpnetsecurity.com/2024/03/27/cybersecurity-jobs-available-right-now-march-27-2024/

Cyber Product Owner UBS | Israel | On-site – View job details Your primary responsibilities will include owning and managing application security testing products, collaborating with the cyber hygiene operational team, and understanding their needs. You will also engage with the application development community to comprehend their requirements for application security testing. Cybersecurity Engineer AKUR8 | France | Hybrid – View job details AKUR8 seeks a cybersecurity engineer to help improve security posture and manage … More

The post Cybersecurity jobs available right now: March 27, 2024 appeared first on Help Net Security.

"

Autosummary: Cyber Security and Compliance Lead Carrier | Portugal | On-site – View job details The position serves as the process owner of all assurance activities related to the availability, integrity, and confidentiality of customers, business partners, employees, and business information in compliance with the organization’s information security policies. Cyber Security Assurance Analyst Stryker | Costa Rica | Hybrid – View job details You will be responsible for assessing, analyzing, and evaluating security controls, policies, and procedures to identify vulnerabilities and risks, as well as providing recommendations for remediation and continuous improvement. "


Cybersecurity essentials during M&A surge

ciber
2024-03-27 https://www.helpnetsecurity.com/2024/03/27/ma-success-methods-video/

The volume of mergers and acquisitions has surged significantly this quarter. Data from Dealogic shows a 130% increase in US M&A activity, totaling $288 billion. Worldwide M&A has also seen a substantial uptick, rising by 56% to $453 billion. Considering the rise in M&A transactions, cybersecurity considerations have become more pressing than ever. Integrating disparate IT systems and data repositories during mergers and acquisitions opens organizations up to potential vulnerabilities that pose significant risks to … More

The post Cybersecurity essentials during M&A surge appeared first on Help Net Security.

"

Autosummary: "


KuCoin charged with AML violations that let cybercriminals launder billions

ciber
2024-03-27 https://www.bleepingcomputer.com/news/cryptocurrency/kucoin-charged-with-aml-violations-that-let-cybercriminals-launder-billions/
The U.S. Department of Justice (DoJ) has charged global cryptocurrency exchange KuCoin and two of its founders for failing to adhere to anti-money laundering (AML) requirements, allowing threat actors to use the platform to launder money. [...] "

Autosummary: "


Reinforcement learning is the path forward for AI integration into cybersecurity

ciber
2024-03-26 https://www.helpnetsecurity.com/2024/03/26/ai-reinforcement-learning/

AI’s algorithms and machine learning can cull through immense volumes of data efficiently and in a relatively short amount of time. This is instrumental to helping network defenders sift through a never-ending supply of alerts and identify those that pose a possible threat (instead of false positives). Reinforcement learning underpins the benefit of AI to the cybersecurity ecosystem and is closest to how humans learn through experience and trial and error. Unlike supervised learning, reinforcement … More

The post Reinforcement learning is the path forward for AI integration into cybersecurity appeared first on Help Net Security.

"

Autosummary: Reinforcement learning use cases One use case of reinforcement learning is network monitoring, where an agent can detect network intrusions by observing traffic patterns and applying lessons learned to raise an alert. How reinforcement learning can help Alert fatigue for security operations center (SOC) analysts has become a legitimate business concern for chief information security officers, who are concerned about analyst burnout and employee turnover as a result. "


Strengthening critical infrastructure cybersecurity is a balancing act

ciber
2024-03-26 https://www.helpnetsecurity.com/2024/03/26/aaron-crow-morganfranklin-consulting-critical-infrastructure-cybersecurity/

In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks. How do current cybersecurity strategies address the critical infrastructure sectors’ unique needs and vulnerabilities? Some current cybersecurity strategies such as protocol isolation, network segmentation and visibility certainly help to address some of the ‘low-hanging fruit’ and visibility allows the sectors to have a good idea … More

The post Strengthening critical infrastructure cybersecurity is a balancing act appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks.These controls, such as regular patch management, access controls, and network segmentation, address common vulnerabilities and reduce the attack surface, making it harder for adversaries to exploit weaknesses within the technology ecosystem and have historically proven ROI. Additionally, these solutions integrate multi-factor authentication, user-to-asset access controls, user session analytics, and automatic video recording. "


20 essential open-source cybersecurity tools that save you time

ciber
2024-03-25 https://www.helpnetsecurity.com/2024/03/25/essential-open-source-cybersecurity-tools/

Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies. When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of them being saving time. Here are 20 essential open-source cybersecurity tools that are freely available and waiting for you to include them in your arsenal. Adalanche Adalanche provides immediate insights into the permissions of users … More

The post 20 essential open-source cybersecurity tools that save you time appeared first on Help Net Security.

"

Autosummary: Prowler Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. Lynis Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Mobile Security Framework (MobSF) MobSF is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. "


8 cybersecurity predictions shaping the future of cyber defense

ciber
2024-03-25 https://www.helpnetsecurity.com/2024/03/25/cybersecurity-leaders-strategic-planning/

Among Gartner’s top predictions are the collapse of the cybersecurity skills gap and the reduction of employee-driven cybersecurity incidents through the adoption of generative AI (GenAI). Two-thirds of global 100 organizations are expected to extend directors’ and officers’ insurance to cybersecurity leaders due to personal legal exposure. Furthermore, battling malinformation is projected to cost enterprises more than $500 billion. “As we start moving beyond what’s possible with GenAI, solid opportunities are emerging to help solve … More

The post 8 cybersecurity predictions shaping the future of cyber defense appeared first on Help Net Security.

"

Autosummary: The combination of AI, analytics, behavioral science, social media, Internet of Things and other technologies enable bad actors to create and spread highly effective, mass-customized malinformation (or misinformation). “To bridge the gap, cybersecurity functions must build minimum effective expertise in these teams, using a combination of technology and training to generate only as much competence as is required to make cyber risk informed decisions autonomously,” Gopal concluded. "


Cybercriminals use ChatGPT’s prompts as weapons

ciber
2024-03-25 https://www.helpnetsecurity.com/2024/03/25/chatgpt-cybersecurity-implications-video/

Developed by OpenAI, ChatGPT has garnered attention across industries for its ability to generate relevant responses to various queries. However, as the adoption of ChatGPT accelerates, so do discussions surrounding its ethical and security implications. Organizations grapple with questions about data privacy, content moderation, and potential misuse. In this round-up from Help Net Security, cybersecurity experts discuss various aspects of ChatGPT and its implications for cybersecurity. Complete videos Rodman Ramezanian, Global Cloud Threat Lead at … More

The post Cybercriminals use ChatGPT’s prompts as weapons appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity starts at home: Help your children stay safe online with open conversations

ciber
2024-03-25 https://www.welivesecurity.com/en/kids-online/cybersecurity-starts-home-children-open-conversations/
Struggle to know how to help children and teens stay safe in cyberspace? A good ol’ fashioned chat is enough to put them on the right track. "

Autosummary: Engage in open conversations to educate your children about the potential risks and equip them with strategies for navigating them safely: Teach kids how to critically evaluate online information and make conscious decisions on whether it’s real or fake Show them how to recognize and report cyberbullying Go through the tools they can use to protect their personal information such as two-factor authentication and a password manager and, if needed, help them set those up properly Chances are, younger children might be most interested in the games they can play on their devices. In today"s digital age, the internet plays a major role in young people’s lives, influencing how they further grow and develop into fully-fledged adults venturing out into the real world: From educational resources to social connections, discovering the latest viral dance trends, or watching how-to videos on how to cook pasta, the online world offers endless possibilities and resources. Cyberbullying, sexual predators, privacy invasions, malware, as well as phishing and other scams – all at least partly caused by ineffective or non-existent privacy and cybersecurity awareness and precautions – can detrimentally impact not only young people’s online safety, but their offline well-being too. 4. Stay ahead of emerging risks The digital landscape is constantly evolving, with new apps, trends, and online threats emerging regularly. "


N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks

ciber
2024-03-24 https://thehackernews.com/2024/03/n-korea-linked-kimsuky-shifts-to.html
The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging Compiled HTML Help (CHM) files as vectors to deliver malware for harvesting sensitive data. Kimsuky, active since at least 2012, is known to target entities located in South Korea as well as North America, Asia, and Europe. According "

Autosummary: "While originally designed for help documentation, CHM files have also been exploited for malicious purposes, such as distributing malware, because they can execute JavaScript when opened," the company said. "


Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr

financial ciber
2024-03-24 https://securityaffairs.com/161009/cyber-crime/cybercriminals-accelerate-scams-ramadan.html
During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams. During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams, coinciding with a surge in retail and online transactions. Middle Eastern enterprises, facing this heightened risk, are urged to bolster consumer protection and reinforce their […] "

Autosummary: "


Shadow AI is the latest cybersecurity threat you need to prepare for

ciber
2024-03-22 https://www.helpnetsecurity.com/2024/03/22/shadow-ai-risks/

Shadow IT – the use of software, hardware, systems and services that haven’t been approved by an organization’s IT/IT Sec departments – has been a problem for the last couple of decades, and a difficult area for IT leaders to manage effectively. Similarly to shadow IT, shadow AI refers to all the AI-enabled products and platforms being used within your organization that those departments don’t know about. While personal use of AI application can be … More

The post Shadow AI is the latest cybersecurity threat you need to prepare for appeared first on Help Net Security.

"

Autosummary: 2. Build an acceptable use policy Once your AI use has been classified, an acceptable use policy for your entire organization needs to be laid out to ensure all employees know exactly what they can and cannot do when interacting with the approved AI-enabled applications.Inputting data or content into these applications can put intellectual property at risk 2) As the number of AI-enabled applications increases, the chance of misuse also increases, with aspects like data governance and regulations such as GDPR being key considerations 3) There is reputational risk related to unchecked AI output. "


Regulatory measures boost cybersecurity industry

industry ciber
2024-03-20 https://www.helpnetsecurity.com/2024/03/20/regulatory-measures-cybersecurity-industry/

According to the UAE Cybersecurity Council, in 2023, the UAE repelled over 50,000 cyberattacks daily. These findings, highlighted in a report from Frost & Sullivan (F&S), show the exponential growth of the region’s cybersecurity landscape – and serve as a sobering reminder of the rising threats that accompany it. As the GCC (Gulf Cooperation Council) cybersecurity industry continues to grow—F&S estimates it will triple in value by 2030 to reach $13.4 billion—countries in the region … More

The post Regulatory measures boost cybersecurity industry appeared first on Help Net Security.

"

Autosummary: Building a cyber resilient posture Saudi Arabia, the UAE, and Bahrain have also established the National Cybersecurity Authority, the National Electronic Security Authority, and the National Cybersecurity Centre, respectively, to oversee ongoing industry efforts. "


U.S. EPA Forms Task Force to Protect Water Systems from Cyberattacks

ciber
2024-03-20 https://thehackernews.com/2024/03/us-epa-forms-task-force-to-protect.html
The U.S. Environmental Protection Agency (EPA) said it"s forming a new "Water Sector Cybersecurity Task Force" to devise methods to counter the threats faced by the water sector in the country. "In addition to considering the prevalent vulnerabilities of water systems to cyberattacks and the challenges experienced by some systems in adopting best practices, this Task Force in its deliberations "

Autosummary: "


Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

exploits ciber
2024-03-20 https://www.helpnetsecurity.com/2024/03/20/cve-2023-41724-cve-2023-46808/

Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly encourages” them to implement the patch immediately. About CVE-2023-41724 Ivanti Standalone Sentry is an appliance that acts as a gateway between devices and an organization’s ActiveSync-enabled email servers (e.g., Microsoft Exchange Server) or backend resource (e.g., … More

The post Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) appeared first on Help Net Security.

"

Autosummary: About CVE-2023-41724 Ivanti Standalone Sentry is an appliance that acts as a gateway between devices and an organization’s ActiveSync-enabled email servers (e.g., Microsoft Exchange Server) or backend resource (e.g., Microsoft Sharepoint server). "


Cybersecurity jobs available right now: March 19, 2024

ciber
2024-03-19 https://www.helpnetsecurity.com/2024/03/19/cybersecurity-jobs-available-right-now-march-19-2024/

Central Investigations & Cybersecurity Analyst Meta | USA | On-site – View job details The successful candidate will be able to assess and analyze large amounts of data to identify sources of potential threats and abuses, operate independently in a fast-paced environment, and collaborate with teams across the company. In addition to having a strong investigative and analytical background, Meta is seeking an investigator with experience making risk-based decisions and who is passionate about protecting … More

The post Cybersecurity jobs available right now: March 19, 2024 appeared first on Help Net Security.

"

Autosummary: Director of Cybersecurity Endeavor | USA | On-site – View job details This hands-on, director-level role requires a blend of technical expertise, leadership abilities, and an understanding of cybersecurity governance, documentation, and training. Senior DevSecOps and IT Manager TestGorilla | EU | Remote – View job details TestGorilla are looking for a Senior Engineer Manager to lead their small DevSecOps and IT team of experienced engineers, responsible for developing, designing, and maintaining cloud infrastructure, DevOps tools and guidelines, and security and IT measures. "


Outsmarting cybercriminal innovation with strategies for enterprise resilience

ciber
2024-03-19 https://www.helpnetsecurity.com/2024/03/19/pedro-cameirao-nokia-emerging-cybersecurity-trends/

In this Help Net Security interview, Pedro Cameirão, Head of Cyber Defense Center at Nokia, discusses emerging cybersecurity trends for 2024 and advises enterprises on preparation strategies. Cameirão will speak at GISEC Global 2024 in Dubai, a conference and exhibition bringing together some of the brightest minds in cybersecurity. What emerging cybersecurity trends should enterprises be aware of in 2024, and how should they prepare for these new threats? We observe that threat actors are … More

The post Outsmarting cybercriminal innovation with strategies for enterprise resilience appeared first on Help Net Security.

"

Autosummary: The rise of advanced persistent threats (APTs), phishing-as-a-service, ransomware-as-a-service models, and nation-state-sponsored cyber-attacks further compounds the complexity of the threat landscape.These may include thorough vetting processes for employees with sensitive roles, systematic implementing least privileged access, introducing privileged management systems, network segregation, data loss prevention (DLP), and security monitoring, among others. To reduce the risk from supply-chain attacks, enterprises must implement supplier and third-party evaluation programs assessing their compliancy to cybersecurity best-practices, regulations, and industry standards. "


Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In

ciber
2024-03-19 https://thehackernews.com/2024/03/crafting-and-communicating-your.html
In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information Security Officers (CISOs)—articulate the value and urgency of cybersecurity investments to their boards.& "

Autosummary: " "How does our cybersecurity spending compare to our competitors?" Instead, encouraging the board to ask strategic questions like, "What resources do we need to feel comfortable with our level of risk?" transforms the dialogue.For example, among major US corporations, 51% of Fortune 100 companies have at least one director with a background in information security, while this figure drops to only 17% for S&P 500 companies and further declines to just 9% for companies listed in the Russell 3000 Index, highlighting a significant variation in cybersecurity expertise at the board level across different sizes of businesses.Speak the Language of the Board: Perform a Business Impact Analysis and translate technical cybersecurity risks into business terms that resonate with the board, such as financial impact, regulatory compliance, and reputational damage.The surge in cyber threats, coupled with their capacity to disrupt business operations, erode customer trust, and incur significant financial losses, underscores the strategic value of robust cybersecurity measures.For C-suite executives and board members, staying ahead of these regulations and integrating their requirements into your company"s cybersecurity strategy is now an indispensable part of the job, emphasizing the need for a strategic, informed approach to cybersecurity governance. "


CalypsoAI Platform provides real-time LLM cybersecurity insights

ciber
2024-03-19 https://www.helpnetsecurity.com/2024/03/19/calypsoai-platform-provides-real-time-llm-cybersecurity-insights/

CalypsoAI has launched the CalypsoAI Platform, a SaaS-based security and enablement solution for generative AI applications within the enterprise. With the new model-agnostic SaaS platform, technology, innovation, and security leaders can harness the power of generative AI and large language models (LLMs) across their enterprise safely and securely. According to a recent Boston Consulting Group survey of more than 1,400 C-suite executives, 90% of leaders are still waiting for generative AI to move beyond the … More

The post CalypsoAI Platform provides real-time LLM cybersecurity insights appeared first on Help Net Security.

"

Autosummary: In addition, the Platform offers: Security and observability across all LLM usage : With new observability and visibility dashboards, users get a first-of-its-kind solution to scan, flag, alert, and protect systems against common vulnerabilities and internal and external risks in real time. : With new observability and visibility dashboards, users get a first-of-its-kind solution to scan, flag, alert, and protect systems against common vulnerabilities and internal and external risks in real time. "


APIs Drive the Majority of Internet Traffic and Cybercriminals are Taking Advantage

ciber
2024-03-19 https://thehackernews.com/2024/03/apis-drive-majority-of-internet-traffic.html
Application programming interfaces (APIs) are the connective tissue behind digital modernization, helping applications and databases exchange data more effectively. The State of API Security in 2024 Report from Imperva, a Thales company, found that the majority of internet traffic (71%) in 2023 was API calls. What’s more, a typical enterprise site saw an average of 1.5 billion API "

Autosummary: How to Protect Your APIs Imperva offers several recommendations to help organizations improve their API Security posture: Discover, classify, and inventory all APIs, endpoints, parameters, and payloads.When successful, these attacks can lock customers out of their accounts, provide criminals with sensitive data, contribute to revenue loss, and increase the risk of non-compliance. In their report, Imperva identified three common types of mismanaged API endpoints that create security risks for organizations: shadow, deprecated, and unauthenticated APIs. "


Upcoming webinar: How a leading architecture firm approaches cybersecurity

ciber
2024-03-19 https://www.malwarebytes.com/blog/business/2024/03/upcoming-webinar-how-a-leading-architecture-firm-approaches-cybersecurity
Learn how top-tier cybersecurity tactics are applied in real-world scenarios. "

Autosummary: "


Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware

exploits ciber Linux
2024-03-17 https://www.helpnetsecurity.com/2024/03/17/week-in-review-cybersecurity-job-openings-hackers-use-1-day-flaws-to-drop-custom-linux-malware/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Transitioning to memory-safe languages: Challenges and considerations In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. LastPass’ CIO vision for driving business strategy, innovation Recently, LastPass appointed Asad Siddiqui as its … More

The post Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware appeared first on Help Net Security.

"

Autosummary: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Transitioning to memory-safe languages: Challenges and considerations In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. Keyloggers, spyware, and stealers dominate SMB malware detections In 2023, 50% of malware detections for SMBs were keyloggers, spyware and stealers, malware that attackers use to steal data and credentials, according to Sophos. "


Human risk factors remain outside of cybersecurity pros’ control

ciber
2024-03-15 https://www.helpnetsecurity.com/2024/03/15/cybersecurity-human-risk-factors/

Cyber threats are growing at an unprecedented pace, and the year ahead is fraught with cybercrime and incidents anticipated ahead of the busy election year where over 50 countries head to the polls, according to Mimecast. With new threats like AI and deepfake technology, the stakes are higher than ever to execute a strong cyber defense. Human risk fuels majority of cyber breaches Many human risk factors in particular — which represent today’s biggest cybersecurity … More

The post Human risk factors remain outside of cybersecurity pros’ control appeared first on Help Net Security.

"

Autosummary: 74% of all cyber breaches are caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering. "


International Monetary Fund email accounts hacked in cyberattack

ciber
2024-03-15 https://www.bleepingcomputer.com/news/security/international-monetary-fund-email-accounts-hacked-in-cyberattack/
The International Monetary Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year. [...] "

Autosummary: This international financial institution, funded by 190 member countries, is also a major United Nations financial agency headquartered in Washington, D.C. According to a press release published today, the IMF detected the incident in February and is now conducting an investigation to assess the attack"s impact. "


Perception Point GPThreat Hunter allows cybersecurity experts to focus on in-depth investigations

ciber
2024-03-14 https://www.helpnetsecurity.com/2024/03/14/perception-point-gpthreat-hunter/

Perception Point launched its latest innovation, GPThreat Hunter, an addition to the company’s comprehensive security stack. Leveraging the capabilities of OpenAI’s GPT-4 model, GPThreat Hunterre presents a significant leap forward in Perception Point’s ability to autonomously resolve complex security cases with accuracy and speed. Building on the accuracy of its proprietary detection layers that already successfully prevent 99.95% of threats, along with a vast dataset derived from years of human incident response expertise, Perception Point … More

The post Perception Point GPThreat Hunter allows cybersecurity experts to focus on in-depth investigations appeared first on Help Net Security.

"

Autosummary: This development follows Perception Point’s continuous rollout of AI innovations, such as its release to combat advanced QR code phishing (AKA “Quishing”) threats, its GenAI Decoder, an LLM-based model for detecting social engineering attempts like BEC, impersonation and phishing, and more. "


Threat intelligence explained | Unlocked 403: A cybersecurity podcast

ciber
2024-03-14 https://www.welivesecurity.com/en/videos/threat-intelligence-explained-unlocked-403-cybersecurity-podcast/
We break down the fundamentals of threat intelligence and its role in anticipating and countering emerging threats "

Autosummary: "


Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub

exploits ciber
2024-03-13 https://thehackernews.com/2024/03/alert-cybercriminals-deploying-vcurms.html
A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-based downloader. “The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware,” Fortinet FortiGuard Labs researcher Yurren Wan said. An unusual aspect of the "

Autosummary: "


Demystifying a Common Cybersecurity Myth

ciber
2024-03-13 https://thehackernews.com/2024/03/demystifying-common-cybersecurity-myth.html
One of the most common misconceptions in file upload cybersecurity is that certain tools are “enough” on their own—this is simply not the case. In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today’s ever-evolving file upload security landscape, and a big part of that is understanding where the "

Autosummary: Our emulation-based approach can swiftly de-obfuscate and dissect even the most complex, state-of-the-art, and environment-aware malware in under 15 seconds.Our MetaDefender Platform layers in market-leading and globally trusted technologies to form an easy to deploy, integrated-by-design, defense-in-depth cybersecurity strategy for securing file uploads.In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today"s ever-evolving file upload security landscape, and a big part of that is understanding where the pitfalls are, and how to avoid them. "


How advances in AI are impacting business cybersecurity

ciber
2024-03-12 https://www.helpnetsecurity.com/2024/03/12/interactive-ai-business-security/

While ChatGPT and Bard have proven to be valuable tools for developers, marketers, and consumers, they also carry the risk of unintentionally exposing sensitive and confidential data. From a security point of view, it always pays to think one step ahead and about what might be coming next. One of the latest breakthroughs in AI technology is “interactive AI”. While generative AI tools can create fresh content, write code, perform calculations, and engage in human-like … More

The post How advances in AI are impacting business cybersecurity appeared first on Help Net Security.

"

Autosummary: While generative AI tools can create fresh content, write code, perform calculations, and engage in human-like conversations, interactive AI can be used for tasks like geolocation and navigation or speech-to-text applications, ushering in the next phase of chatbots and digital assistants.By identifying and understanding how data is stored, used, and moves across an organization and controlling who has access to that data, ensures security teams can quickly respond to threats such as unauthorized access to sensitive data. "


Cybersecurity jobs available right now: March 12, 2024

ciber
2024-03-12 https://www.helpnetsecurity.com/2024/03/12/cybersecurity-jobs-available-right-now-march-12-2024/

CISO / Head of Enterprise IT Stitch Fix | USA | Remote – View job details Reporting directly to the Chief Product and Technology Officer, you will oversee all aspects of information security, including cloud security, DevSecOps, security operations, and security strategy. You’ll also be responsible for all areas of the IT organization, including IT infrastructure, enterprise applications and insights, business systems, employee technology services, and IT analytics. CISO Ultra Maritime | USA | Remote … More

The post Cybersecurity jobs available right now: March 12, 2024 appeared first on Help Net Security.

"

Autosummary: CISO / Head of Enterprise IT Stitch Fix | USA | Remote – View job details Reporting directly to the Chief Product and Technology Officer, you will oversee all aspects of information security, including cloud security, DevSecOps, security operations, and security strategy. Junior-Regular Security Analyst Luxoft Poland | Poland | Hybrid – View job details As a Data Security Analyst, you will serve as an expert in detection, collaborating with the CTO, information security, and customer’s group SOC. "


Rubrik EPE secures enterprise data from cyberattacks

ciber
2024-03-12 https://www.helpnetsecurity.com/2024/03/12/rubrik-epe/

Artificial intelligence (AI), digital transformation, and the Internet of Things have caused a data explosion, leading organizations to grapple with a surging amount of fragmented data where it lives. Rubrik released Rubrik Enterprise Proactive Edition (EPE), a data security product suite that combines DSPM with recovery designed for complete cyber resilience, wherever data lives. Rubrik EPE allows organizations to secure mission-critical data for comprehensive protection, recovery, and resilience against tomorrow’s cyberattacks, whether in a cloud, … More

The post Rubrik EPE secures enterprise data from cyberattacks appeared first on Help Net Security.

"

Autosummary: Core capabilities include: Providing comprehensive visibility across a hybrid environment, from cloud and SaaS to data centers Monitoring data assets to identify sensitive data, protection levels, and user access policies Delivering insight into activities taken on those data sets Discovering misconfigurations for IT and security teams to correct, and thereby reduce inadvertent data exposure “Cyber threats have outpaced most companies’ ability to prevent them. "


Election cybersecurity: Protecting the ballot box and building trust in election integrity

ciber
2024-03-12 https://www.welivesecurity.com/en/critical-infrastructure/election-cybersecurity-protecting-ballot-box-building-trust-election-integrity/
What cyberthreats could wreak havoc on elections this year and how worried should we as voters be about the integrity of our voting systems? "

Autosummary: They include assertions that: election officials regularly update voter registration lists to ensure they’re as accurate and currant as possible various security measures exist to protect the integrity of mail-in ballots, including voter identity checks there are robust safeguards to protect against tampering, with ballots returned via drop box federal, state, and/or local election authorities rigorously test and certify voting machines and equipment for vulnerabilities signature matching, information checks and other measures are designed to protect against voter impersonation and ineligible voters casting a ballot There’s another reason to feel confident in the integrity of elections: in countries like the US, different types of voting machines and registration technologies exist. In 2024 there will be national or regional elections in the US, EU, UK, India, Taiwan, South Africa, Mexico and many other countries.Denial-of-Service (DoS): Distributed Denial-of-Service (DDoS) attacks could block voters from accessing key information that would help them to vote, such as the location of their closest polling station, or information on the main candidates. "


10 free cybersecurity guides you might have missed

ciber
2024-03-11 https://www.helpnetsecurity.com/2024/03/11/free-cybersecurity-guides/

This collection of free cybersecurity guides covers a broad range of topics, from resources for developing cybersecurity programs to specific guides for various sectors and organizations. Whether you work for a small business, a large corporation, or a specific industry, these guides provide insights into cybersecurity best practices, strategies to combat threats, and advice for using online services safely. Cybersecurity resource and reference guide This guide compiles U.S. and International resources for developing cybersecurity programs … More

The post 10 free cybersecurity guides you might have missed appeared first on Help Net Security.

"

Autosummary: Guide to Securing Remote Access Software Authored by CISA, NSA, FBI, MS-ISAC, and INCD, this guide offers insights into prevalent exploitations and their related tactics, techniques, and procedures (TTPs). "


Cynerio extends Healthcare Cybersecurity Platform to improve patient data protections

ciber
2024-03-11 https://www.helpnetsecurity.com/2024/03/11/cynerio-healthcare-cybersecurity-platform/

As data breaches continue to expose sensitive healthcare information, with over 118 million patients impacted in the United States in 2023, Cynerio has extended its commitment to enhancing cybersecurity in the healthcare sector. With a focus on addressing critical cybersecurity challenges, Cynerio epands its Healthcare Cybersecurity Platform to safeguard patient data and combat escalating cyber threats. The four primary areas of focus include: 1. Safeguarding healthcare information with patient data security: Cynerio’s Patient Data Security … More

The post Cynerio extends Healthcare Cybersecurity Platform to improve patient data protections appeared first on Help Net Security.

"

Autosummary: Stopping healthcare-focused cyber attacks with Network Detection + Response: In response to the escalating cyber threats targeting healthcare, Cynerio’s Network Detection + Response technology offers rapid deployment, day-one protections, validation of alerts, and response times measured in seconds. "


Researchers expose Microsoft SCCM misconfigs usable in cyberattacks

ciber
2024-03-11 https://www.bleepingcomputer.com/news/security/researchers-expose-microsoft-sccm-misconfigs-usable-in-cyberattacks/
Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft"s Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. [...] "

Autosummary: Attack matrix for Misconfiguration Manager techniques source: Duane Michael Depending on the environment, the techniques described could allow access to credentials (CRED), elevate privileges (ELEVATE), perform reconnaissance and discovery (RECON), or gain control of the MCM/SCCM hierarchy (TAKEOVER). "


Massive cyberattacks hit French government agencies

government ciber
2024-03-11 https://securityaffairs.com/160374/hacking/massive-cyberattacks-hit-french-government-agencies.html
A series of “intense” cyberattacks hit multiple French government agencies, revealed the prime minister’s office. “Several “intense” cyberattacks targeted multiple French government agencies since Sunday night, as disclosed by the prime minister’s office.” The French minister’s office did not provide details about the attacks, however, the French agencies were likely hit with distributed denial-of-service (DDoS) […] "

Autosummary: "


Securing the future: Addressing cybersecurity challenges in the education sector

ciber
2024-03-08 https://www.helpnetsecurity.com/2024/03/08/universities-current-threat-environment-video/

In this Help Net Security video, Kory Daniels, CISO at Trustwave, shines a light on the impact the current threat environment can have for both universities and students. Key findings from a recent Trustwave report include: – 1.8 million devices related to the education industry are being publicly exposed globally – Ransomware attacks remain the dominant source of breaches for the education sector – Threat actors are selling VPN access to universities on the dark … More

The post Securing the future: Addressing cybersecurity challenges in the education sector appeared first on Help Net Security.

"

Autosummary: "


78% of MSPs identify cybersecurity as prime IT challenge

ciber
2024-03-07 https://www.helpnetsecurity.com/2024/03/07/msps-cybersecurity-priority/

Cybersecurity remained a top priority and an area of growth for MSPs, with 73% saying it’s a top revenue driver for their business, according to Kaseya. Ongoing cyberattack threats impact MSPs The threat of cyberattacks continues to weigh on MSPs and their clients. The report found that a staggering 78% of respondents consider cybersecurity as a top IT challenge, compared to 67% the year prior, and highlighted the importance of businesses continuing to invest in … More

The post 78% of MSPs identify cybersecurity as prime IT challenge appeared first on Help Net Security.

"

Autosummary: “Cybersecurity remains a critical concern for MSPs, driven by two factors: the escalating threat landscape, and the persistent challenge proving high quality security services across all of their clients,” explained Mike Puglia, GM of Security Products at Kaseya. "


A cybercriminal is sentenced, will it make a difference?

ciber
2024-03-07 https://www.helpnetsecurity.com/2024/03/07/shinyhunters-group/

The darknet is home to many underground hacking forums in which cybercriminals convene, freely sharing stories, tactics, success stories and failures. Their unguarded discussions allow our team to peek into the politics and ethics behind recent adversary activities. The threat intelligence we gather is harnessed to continuously enhance protections for Cynet partners and customers. In this piece, we’ll probe a notorious ransomware gang, ShinyHunters, to shed light on cybercriminal incentives and the objectives they pursue, … More

The post A cybercriminal is sentenced, will it make a difference? appeared first on Help Net Security.

"

Autosummary: Its 700GB of stolen data included: Sensitive ABFRL employee and customer data (full name, email, birth date, physical address, gender, age, marital status, salary, religion, and more). The account data included email addresses, full names and birth dates, as well as hashed user passwords that other threat actors dehashed, or cracked, before sharing publicly. In this piece, we’ll probe a notorious ransomware gang, ShinyHunters, to shed light on cybercriminal incentives and the objectives they pursue, as well as the effects for victims — and steps your team can take to reduce risk. "


Canada"s anti-money laundering agency offline after cyberattack

financial ciber
2024-03-06 https://www.bleepingcomputer.com/news/security/canadas-anti-money-laundering-agency-offline-after-cyberattack/
The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has announced that a "cyber incident" forced it to take its corporate systems offline as a precaution. [...] "

Autosummary: Finally, the Memorial University of Newfoundland (MUN), the largest public university in Atlantic Canada, also suffered a cyberattack in January that affected classes, payment capabilities, and student portal access. "


Cybercriminals Using Novel DNS Hijacking Technique for Investment Scams

financial ciber
2024-03-05 https://thehackernews.com/2024/03/cybercriminals-using-novel-dns.html
A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds. “Savvy Seahorse is a DNS threat actor who convinces victims to create accounts on fake investment platforms, make deposits to a personal account, and then transfers those deposits to a bank in Russia,” Infoblox said in a report "

Autosummary: "


Hackers abuse QEMU to covertly tunnel network traffic in cyberattacks

ciber
2024-03-05 https://www.bleepingcomputer.com/news/security/hackers-abuse-qemu-to-covertly-tunnel-network-traffic-in-cyberattacks/
Malicious actors were detected abusing the open-source hypervisor platform QEMU as a tunneling tool in a cyberattack against a large company. [...] "

Autosummary: Other tunneling tools used in attacks include CloudFlare tunnels, Stowaway, ligolo, 3proxy, dog-tunnel, chisel, gs-netcat, plink, iox, and nps. "


New compensation trends in the cybersecurity sector

ciber
2024-03-04 https://www.helpnetsecurity.com/2024/03/04/compensation-trends-cybersecurity-sector/

For several years, cybersecurity leaders have grappled with talent shortages in crucial cyber roles. In the face of escalating financial requirements and expanding responsibilities, these leaders are under heightened pressure to achieve more with fewer resources, creating roles encompassing multiple security functions. Security roles are often multifunctional A new report illustrates that typical functional combinations within a role include architecture and engineering (A&E), application security (AppSec), and product security. IANS and Artico Search captured responses … More

The post New compensation trends in the cybersecurity sector appeared first on Help Net Security.

"

Autosummary: Gender diversity varies across domains, while the gender pay gap remains prevalent 20% self-identify as female, binary, or other. "


How Cybercriminals are Exploiting India"s UPI for Money Laundering Operations

financial exploits ciber
2024-03-04 https://thehackernews.com/2024/03/how-cybercriminals-are-exploiting.html
Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is a "key tool for onboarding and managing these money mules," CloudSEK researchers Sparsh Kulshrestha, Abhishek Mathew, and Santripti Bhujel said in a report. Details about the scam  "

Autosummary: The malicious application, called XHelper, is a "key tool for onboarding and managing these money mules," CloudSEK researchers Sparsh Kulshrestha, Abhishek Mathew, and Santripti Bhujel said in a report. "


Week in review: LockBit leak site is back online, NIST updates its Cybersecurity Framework

ransomware ciber
2024-03-03 https://www.helpnetsecurity.com/2024/03/03/week-in-review-lockbit-leak-site-is-back-online-nist-updates-its-cybersecurity-framework/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Overcoming the pressures of cybersecurity startup leadership In this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO’s leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. AI-driven DevOps: Revolutionizing software engineering practices In this Help Net Security interview, Itamar Friedman, … More

The post Week in review: LockBit leak site is back online, NIST updates its Cybersecurity Framework appeared first on Help Net Security.

"

Autosummary: Infosec products of the month: February 2024 Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, BackBox, Center for Internet Security, Cisco, CompliancePro Solutions, Cyberhaven, LOKKER, ManageEngine, Metomic, OPSWAT, Pindrop, ProcessUnity, Qualys, SentinelOne, Sumsub,Truffle Security, Vade Secure, and Varonis.Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Overcoming the pressures of cybersecurity startup leadership In this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO’s leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. "


Businesses foresee major impact from new SEC cybersecurity disclosure rules

ciber
2024-03-01 https://www.helpnetsecurity.com/2024/03/01/sec-cybersecurity-disclosure-impact-on-business/

While 98% of security professionals and executives have started working to comply with the new U.S. Securities and Exchange Commission (SEC) cybersecurity disclosure ruling, over one-third are still in the early phases of their efforts, according to AuditBoard. 81% of respondents say the new SEC cybersecurity disclosure ruling will substantially impact their business. 54% of those, however, report being highly confident in their organization’s ability to comply with the disclosure ruling. Companies prepare for SEC … More

The post Businesses foresee major impact from new SEC cybersecurity disclosure rules appeared first on Help Net Security.

"

Autosummary: Companies prepare for SEC cybersecurity rules implementation The SEC’s new cybersecurity rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure took effect on Dec. 15, 2023. "


Cybercriminals harness AI for new era of malware development

exploits ciber
2024-03-01 https://www.helpnetsecurity.com/2024/03/01/hi-tech-crime-trends-2023-2024/

The alliance between ransomware groups and initial access brokers (IABs) is still the powerful engine for cybercriminal industry, as evidenced by the 74% year-on-year increase in the number of companies that had their data uploaded on dedicated leak sites (DLS), according to Group-IB’s Hi-Tech Crime Trends 2023/2024 report. Global threat actors also demonstrated increased interest in Apple platforms, exemplified by the fivefold increase in underground sales related to macOS information stealers. The growing appetite of … More

The post Cybercriminals harness AI for new era of malware development appeared first on Help Net Security.

"

Autosummary: Financial services (6%), telecommunications (5%), manufacturing, IT and media (all 4%) were also heavily affected, Group-IB researchers found. In terms of affected industries, attacks as per ransomware DLS on manufacturing (580 instances) and real estate (429) companies rose year-on-year by 125% and 165%, respectively, and these key sectors were the two most targeted worldwide.The alliance between ransomware groups and initial access brokers (IABs) is still the powerful engine for cybercriminal industry, as evidenced by the 74% year-on-year increase in the number of companies that had their data uploaded on dedicated leak sites (DLS), according to Group-IB’s Hi-Tech Crime Trends 2023/2024 report.Group-IB experts have also noticed how, since mid-2023, four ChatGPT-style tools have been developed for the purpose of assisting cybercriminal activity: WolfGPT, DarkBARD, FraudGPT, and WormGPT – all with different functionalities. "


ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack

ciber
2024-02-29 https://www.helpnetsecurity.com/2024/02/29/alphv-blackcat-change-healthcare/

The ALPHV/BlackCat ransomware group has claimed responsibility for the cyberattack that targeted Optum, a subsidiary of UnitedHealth Group (UHG), causing disruption to the Change Healthcare platform and affecting pharmacy transactions across the US. ALPHV/BlackCat is back Last December, US law enforcement successfully shut down the ransomware group’s websites, and the FBI developed a decryption tool. Despite this setback, the group quickly recovered and resumed its activities. On Wednesday, the group published a statement on their … More

The post ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack appeared first on Help Net Security.

"

Autosummary: "


How to Prioritize Cybersecurity Spending: A Risk-Based Strategy for the Highest ROI

ciber
2024-02-29 https://thehackernews.com/2024/02/why-risk-based-approach-to.html
As an IT leader, staying on top of the latest cybersecurity developments is essential to keeping your organization safe. But with threats coming from all around — and hackers dreaming up new exploits every day — how do you create proactive, agile cybersecurity strategies? And what cybersecurity approach gives you the most bang for your buck, mitigating your risks and maximizing the value of your "

Autosummary: Let"s take a closer look at the trends that are impacting organizations today, including the growing reach of data breaches and the increase in cybersecurity spending, and explore how you can get the most out of your cybersecurity resources, effectively securing your digital assets and maintaining your organization"s integrity in the face of ever-evolving cyber threats. And data breaches can cause real, long-lasting impacts, as proven by some of the most infamous data breaches in history: eBay: Hackers stole login credentials for just a few eBay employees and then pulled off a massive data breach that stole the personal information and passwords of more than 145 million users. "


Pharmaceutical giant Cencora says data was stolen in a cyberattack

ciber
2024-02-28 https://www.bleepingcomputer.com/news/security/pharmaceutical-giant-cencora-says-data-was-stolen-in-a-cyberattack/
Pharmaceutical giant Cencora says they suffered a cyberattack where threat actors stole data from corporate IT systems. [...] "

Autosummary: "


How AI is reshaping the cybersecurity job landscape

ciber
2024-02-28 https://www.helpnetsecurity.com/2024/02/28/ai-cybersecurity-jobs-impact/

88% of cybersecurity professionals believe that AI will significantly impact their jobs, now or in the near future, and 35% have already witnessed its effects, according to ISC2’s AI study, AI Cyber 2024. Impact of AI on cybersecurity professionals While there is considerable positivity about the role of AI in dealing with cyberattacks, these findings also recognize the urgent demand from professionals for industry preparedness to mitigate cyber risks and safeguard the entire ecosystem. The … More

The post How AI is reshaping the cybersecurity job landscape appeared first on Help Net Security.

"

Autosummary: AI is everywhere, and while the cybersecurity industry was quick to adopt AI and ML as part of its latest generation of defensive and monitoring technologies, so too have the bad actors, who are leaning on the same technology to elevate the sophistication, speed, and accuracy of their own cybercrime activities. "


AI in cybersecurity presents a complex duality

ciber
2024-02-28 https://www.helpnetsecurity.com/2024/02/28/grc-solutions-need/

Companies more than ever view GRC (Governance, Risk, and Compliance) as a holistic process and are taking steps toward getting a complete view of their risk environment and compliance obligations, according to Hyperproof. Centralized GRC strategy gains momentum Centralizing strategy, unifying risk and compliance data, and revamping the approach to cybersecurity are becoming more popular strategic objectives among respondents, especially with the rise of AI technology dismantling barriers and fostering collaboration among various GRC functions. … More

The post AI in cybersecurity presents a complex duality appeared first on Help Net Security.

"

Autosummary: Only 19% of respondents manage IT risks in siloed departments, processes, or tools, a 31% decrease from 2023, and 18% of respondents have an integrated view of managing their unique set of risks, an increase of 80% year-over-year. "


Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28"s MooBot Threat

ciber
2024-02-28 https://thehackernews.com/2024/02/cybersecurity-agencies-warn-ubiquiti.html
In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet comprising infected routers was felled by law enforcement as part of an operation codenamed Dying Ember. The botnet, named MooBot, is said to have been used by a Russia-linked threat actor known as "

Autosummary: "


Overcoming the pressures of cybersecurity startup leadership

ciber
2024-02-27 https://www.helpnetsecurity.com/2024/02/27/kunal-agarwal-dope-security-cybersecurity-startup-leadership/

In this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO’s leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. Dope Security was recently featured in our 10 cybersecurity startups to watch in 2024 roundup. What is your leadership philosophy as a CEO, and how has it evolved since you started the company? I’m a big … More

The post Overcoming the pressures of cybersecurity startup leadership appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO’s leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. Last, relationships are everything – from raising money, hiring your team, building the product, and selling it. Overall, the venture is a different complexity because there’s always that external pressure, high burn rates, and time-to-live. "


Cybersecurity crisis in schools

ciber
2024-02-26 https://www.helpnetsecurity.com/2024/02/26/education-sector-cyberattacks/

Primary school systems handle sensitive data concerning minors, while higher education institutions must safeguard intellectual property data, making them prime targets for cyberattacks, according to Trustwave. These attacks not only threaten the safety and security of teachers and administrators but also put the privacy of students, staff, and other associated entities at risk. With millions of students now learning through technology in hybrid, remote, or in-class settings, device security is no longer optional. It’s crucial … More

The post Cybersecurity crisis in schools appeared first on Help Net Security.

"

Autosummary: The education sector, like many others, relies heavily on third-party vendors such as software-as-a service, hosting providers, storage, and IT services for various functions, including learning management systems, email, and communication and collaboration tools.Exposed systems & services: Publicly accessible network devices like servers, building management systems, access systems, and cameras lack proper security, increasing risk. "


Cybersecurity Training Not Sticking? How to Fix Risky Password Habits

ciber
2024-02-26 https://www.bleepingcomputer.com/news/security/cybersecurity-training-not-sticking-how-to-fix-risky-password-habits/
While security training can help create a culture of cybersecurity awareness, it can"t be relied upon to consistently change behavior. Learn more from Specops Software about the limitations of training and five ways you can increase password security. [...] "

Autosummary: Reinforce training with powerful password security Specops Password Policy with Breached Password Protection blocks weak passwords from being created and continuously scans your Active Directory passwords against a database of over four billion known compromised passwords. Enforce multi-factor authentication (MFA): MFA adds an extra layer of security by requiring users to provide additional verification, such as a fingerprint scan or a one-time password, in addition to their password. Block weak passwords: Setting up an effective password policy can block common passwords, keyboard walks, and even custom dictionaries specific to your organization"s industry. "


Steel giant ThyssenKrupp confirms cyberattack on automotive division

industry ciber
2024-02-26 https://www.bleepingcomputer.com/news/security/steel-giant-thyssenkrupp-confirms-cyberattack-on-automotive-division/
Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort. [...] "

Autosummary: "


Week in review: 10 cybersecurity startups to watch, admins urged to remove VMware vSphere plugin

ciber
2024-02-25 https://www.helpnetsecurity.com/2024/02/25/week-in-review-10-cybersecurity-startups-to-watch-admins-urged-to-remove-vmware-vsphere-plugin/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Inside the strategy of Salesforce’s new Chief Trust Officer In this Help Net Security interview, Arkin discusses a collaborative approach to building trust among customers, employees, and stakeholders, focusing on transparency, shared responsibility, and empowering others to integrate trusted and responsible technologies. How decentralized identity is shaping the future of data protection In this Help Net Security interview, Patrick Harding, … More

The post Week in review: 10 cybersecurity startups to watch, admins urged to remove VMware vSphere plugin appeared first on Help Net Security.

"

Autosummary: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Inside the strategy of Salesforce’s new Chief Trust Officer In this Help Net Security interview, Arkin discusses a collaborative approach to building trust among customers, employees, and stakeholders, focusing on transparency, shared responsibility, and empowering others to integrate trusted and responsible technologies. VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. "


2024 will be a volatile year for cybersecurity as ransomware groups evolve

exploits ransomware ciber
2024-02-23 https://www.helpnetsecurity.com/2024/02/23/ransomware-groups-tactics/

Hackers have significantly increased demands for ransomware, rising over 20% year-over-year to $600,000, according to Arctic Wolf. Organizations are failing to patch their networks And there are worrying signs that 2024 will be especially volatile, as ransomware groups expand their list of targets, and explore new pressure tactics in response to increasingly effective international law enforcement efforts and the growing momentum of refuse-to-pay initiatives. “By helping to end cyber risk for thousands of customers around … More

The post 2024 will be a volatile year for cybersecurity as ransomware groups evolve appeared first on Help Net Security.

"

Autosummary: With an uptick in cloud services, more endpoints, unmanaged/BYO devices, and business operations transitioning from analog to digital platforms, stopping ransomware attacks with effective prevention, detection, and response becomes more challenging by the day. "


Cybersecurity fears drive a return to on-premise infrastructure from cloud computing

ciber
2024-02-22 https://www.helpnetsecurity.com/2024/02/22/cloud-repatriation-projects-reasons/

42% of organizations surveyed in the US are considering or already have moved at least half of their cloud-based workloads back to on-premises infrastructures, a phenomenon known as cloud repatriation, according to Citrix. The survey showed that 94% of respondents had been involved with a cloud repatriation project in the last three years. The most common reasons for cloud repatriation projects Unexpected security issues (41%) and high project expectations (29%) were reported as the top … More

The post Cybersecurity fears drive a return to on-premise infrastructure from cloud computing appeared first on Help Net Security.

"

Autosummary: After reflecting on their experience, IT leaders found that the most common reasons for cloud repatriation projects were security concerns, unexpected costs, performance issues, compatibility problems, and service downtime. "


Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks

ciber
2024-02-22 https://thehackernews.com/2024/02/cybercriminals-weaponizing-open-source.html
A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig researcher Miguel Hernández said. "The worm automatically searches through known credential "

Autosummary: " When reached for comment, Joshua Rogers, the developer of SSH-Snake, told The Hacker News that the tool offers legitimate system owners a way to identify weaknesses in their infrastructure before attackers do, urging companies to use SSH-Snake to "discover the attack paths that exist – and fix them. "


10 cybersecurity startups to watch in 2024

ciber
2024-02-21 https://www.helpnetsecurity.com/2024/02/21/cybersecurity-startups-watch-2024/

At Help Net Security, we’ve been following the cybersecurity business landscape closely for the past 25 years. Through our Industry News section, we’ve been tracking the pulse of the cybersecurity world, bringing you product news from companies worldwide. Certain vendors have consistently managed to capture our attention. We decided to spotlight companies breaking new ground, attracting top talent, and leading innovation in key areas. We are focusing on those who are not just responding to … More

The post 10 cybersecurity startups to watch in 2024 appeared first on Help Net Security.

"

Autosummary: Funding In October 2023, Lakera raised $10 million in a funding round led by Redalpine Additional founders, like Inovia Capital and Fly Ventures, and industry expert angels, including the co-founders of Snyk and executives from Datadog, Hybris, and Palo Alto Networks, also participated. Israel, CEO: Shahar Ben-Hador Radiant Security, founded by experts from Imperva and Exabeam, provides an AI-driven co-pilot for Security Operations Centers, enhancing analyst efficiency, detecting more attacks, and significantly reducing response times.Cybersecurity leaders Michael Sutton, Thomas ‘Halvar Flake’ Dullien, Jamie Butler, Ryan Permeh, Bryson Bort, Pedram Amini, Chris Ueland, and David Mandel from Emerging Ventures also joined as investors. "


A closer look at Israeli cybersecurity funding and M&A activity in 2023

ciber
2024-02-21 https://www.helpnetsecurity.com/2024/02/21/israeli-cybersecurity-funding-2023-video/

Last year was challenging for the global market, and the market downturn greatly affected even the historically resilient cybersecurity ecosystem. In this Help Net Security video, Merav Ben Avi, Content Manager at YL Ventures, talks about how the Israeli cybersecurity industry, much like the global one, skyrocketed in 2021 with record-breaking capital and an exceptional number of new startups and unicorns. However, the market slowdown in 2022, economic instability in 2023, and geopolitical unrest in … More

The post A closer look at Israeli cybersecurity funding and M&A activity in 2023 appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity for Healthcare—Diagnosing the Threat Landscape and Prescribing Solutions for Recovery

ciber
2024-02-21 https://thehackernews.com/2024/02/cybersecurity-for-healthcarediagnosing.html
On Thanksgiving Day 2023, while many Americans were celebrating, hospitals across the U.S. were doing quite the opposite. Systems were failing. Ambulances were diverted. Care was impaired. Hospitals in three states were hit by a ransomware attack, and in that moment, the real-world repercussions came to light—it wasn’t just computer networks that were brought to a halt, but actual patient "

Autosummary: By coupling advanced technology with human-led analysis, a managed EDR performs critical cybersecurity tasks on your behalf, namely: Monitoring and collecting endpoint data Detecting and investigating threats Triaging alerts Providing actionable remediation steps, including one-click solutions Easy to deploy, Huntress Managed EDR is fully managed and monitored by a 24/7 Security Operations Center.Small- to mid-sized healthcare organizations have, unfortunately, become vulnerable targets from which cybercriminals can easily steal sensitive data, extort heavy ransoms, and, worst of all, diminish critical patient care. This entails creating layers to your defenses with solutions such as intrusion prevention, data encryption, threat detection, patch management, and more. Building a thorough defense infrastructure, however, requires sizable capital, resources, and expertise.However, this level of care demands more avenues to access data, specifically via tablets, laptops, and mobile devices.However, according to the report, The State of Cybersecurity for Mid-Sized Businesses in 2023, Huntress discovered over 60% of respondents didn"t have any dedicated cybersecurity experts on staff. "


US govt shares cyberattack defense tips for water utilities

ciber
2024-02-21 https://www.bleepingcomputer.com/news/security/us-govt-shares-cyberattack-defense-tips-for-water-utilities/
CISA, the FBI, and the Environmental Protection Agency (EPA) shared a list of defense measures U.S. water utilities should implement to better defend their systems against cyberattacks [...] "

Autosummary: "


SaaS Compliance through the NIST Cybersecurity Framework

ciber
2024-02-20 https://thehackernews.com/2024/02/saas-compliance-through-nist.html
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world"s most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a "

Autosummary: In addition to those mentioned here relating to access, password, and data leaks, which are fairly universal, configurations are used for key management, mobile security, operational resilience, phishing protection, SPAM protection, and more. Require Admin MFA To comply with NIST standards, all admin user accounts should be required to access the application using multi-factor authentication (MFA), such as a one-time password (OTP).Additionally, it would include terms like the user"s name, company products, partners, and other business terms. If your organization doesn"t have a password policy, consider following NIST guidelines: Don"t make mandatory password changes, as users tend to choose easy-to-remember passwords.NIST advocates for a strong and well-managed password policy, which is essential to protect sensitive user data, confidential business information, and proprietary assets stored within the cloud-based infrastructure. "


Cybersecurity sectors adjust as DDoS attacks reach new heights

ciber
2024-02-16 https://www.helpnetsecurity.com/2024/02/16/ddos-attacks-current-state-video/

In this Help Net Security video, Andrey Slastenov, Head of Security Department at Gcore, discusses the findings of their latest report that provide insights into the current state of the DDoS protection market and cybersecurity trends. Key highlights from Q3–Q4 2023: The maximum attack power rose from 800 Gbps (1H 2023) to 1.6 Tbps. UDP floods constitute 62% of DDoS attacks. TCP floods and ICMP attacks remain popular at 16% and 12% respectively and SYN, … More

The post Cybersecurity sectors adjust as DDoS attacks reach new heights appeared first on Help Net Security.

"

Autosummary: "


Why We Must Democratize Cybersecurity

ciber
2024-02-16 https://thehackernews.com/2024/02/why-we-must-democratize-cybersecurity.html
With breaches making the headlines on an almost weekly basis, the cybersecurity challenges we face are becoming visible not only to large enterprises, who have built security capabilities over the years, but also to small to medium businesses and the broader public. While this is creating greater awareness among smaller businesses of the need to improve their security posture, SMBs are often "

Autosummary: Over the coming months, NTTSH will be busy adding more integrations, including but not limited to Meraki, Bitdefender, Sophos, Zoom, MalwareBytes, OneLogin, OKTA, Zscaler, AWS, and many more! A similar geographic trend is visible in the telecommunications sector, where the USA, UK, and Australia account for roughly 52% of ransomware attacks, while in education, the USA, UK, and Canada account for approximately 83%.Some examples of integrations currently available include: Cloud: Azure Management Plane and Microsoft 365 (coming soon), Google Workspace (coming soon) Endpoint Detection and Response: Microsoft Defender for Endpoint, VMWare Carbon Black and Crowdstrike Falcon Insight Next-Generation Firewalls: Cisco Secure Firewall (ASA and Firepower Threat Defense), Fortinet Fortigate, and Palo Alto Networks NGFW.To provide a truly unique vantage point within NTTSH"s products and services, GTIC leverages proprietary intelligence capabilities and NTT"s position as the operator of one of the world"s top 5 tier 1 Internet backbones, providing unequaled visibility of Internet telemetry to gain an understanding of and insight into the various threat actors, exploit tools and malware – and the tactics, techniques, and procedures used by attackers. "


Nation-state actors are using AI services and LLMs for cyberattacks

government ciber
2024-02-15 https://securityaffairs.com/159147/apt/nation-state-actors-openai-ai-services-llms-cyberattacks.html
Microsoft and OpenAI warn that nation-state actors are using ChatGPT to automate some phases of their attack chains, including target reconnaissance and social engineering attacks. Multiple nation-state actors are exploiting artificial intelligence (AI) and large language models (LLMs), including OpenAI ChatGPT, to automate their attacks and increase their sophistication. According to a study conducted by […] "

Autosummary: The researchers observed the following APT groups using artificial intelligence (AI) and large language models (LLMs) in various phases of their attack chain: China-linked APT groups Charcoal Typhoon and Salmon Typhoon; Iran-linked APT group Crimson Sandstorm; North Korea-linked APT group Emerald Sleet; Russia-linked APT group Forest Blizzard.Nation-state actors are using AI services and LLMs for cyberattacks Pierluigi Paganini February 15, 2024 February 15, 2024 Microsoft and OpenAI warn that nation-state actors are using ChatGPT to automate some phases of their attack chains, including target reconnaissance and social engineering attacks. "


Battery maker Varta halts production after cyberattack

ciber
2024-02-15 https://www.helpnetsecurity.com/2024/02/15/varta-cyberattack/

German battery manufacturer Varta was forced to shut down its IT systems and stop production as a result of a cyberattack. The Varta cyberattack The cyberattack occurred on Monday night and affected five of the company’s production plants and the administration. According to the German news outlet Finanzen, of the company’s five production sites, three are located in Germany, one in Romania and one in Indonesia. “The IT systems and thus also production were proactively … More

The post Battery maker Varta halts production after cyberattack appeared first on Help Net Security.

"

Autosummary: "


A cyberattack halted operations at Varta production plants

ciber
2024-02-15 https://securityaffairs.com/159190/hacking/cyberattack-halted-varta-production-plants.html
On February 12, 2023, a cyber attack halted operations at five production plants of German battery manufacturer Varta. On February 13, German battery manufacturer Varta announced that a cyber attack forced the company to shut down IT systems. The attack disrupted operations at five production plants and the administration. VARTA AG is a leading global […] "

Autosummary: Pierluigi Paganini February 15, 2024 February 15, 2024 On February 12, 2023, a cyber attack halted operations at five production plants of German battery manufacturer Varta. "


All eyes on AI | Unlocked 403: A cybersecurity podcast

ciber
2024-02-15 https://www.welivesecurity.com/en/videos/ai-unlocked-403-cybersecurity-podcast/
Artificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack the basics and examine AI"s broader implications. "

Autosummary: "


Cybercriminals get productivity boost with AI

ciber
2024-02-14 https://www.helpnetsecurity.com/2024/02/14/ai-technology-cybersecurity-risks/

While AI technology has the potential to streamline and automate processes for beneficial outcomes, it also comes with an equal number of risks to data protection, cybersecurity, and other ethical concerns, according to iProov. Digital ecosystems continue to grow and multiply at record levels as organizations and governments seek to provide remote access and services to meet consumer and workforce demand. However, this growth’s unintended side effect is an ever-expanding attack surface that, coupled with … More

The post Cybercriminals get productivity boost with AI appeared first on Help Net Security.

"

Autosummary: However, in 2023, malicious actors exploited a loophole in some systems by using cyber tools, such as emulators, to conceal the existence of virtual cameras, making it harder for biometric solution providers to detect. "


Rise in cyberwarfare tactics fueled by geopolitical tensions

industry ciber
2024-02-14 https://www.helpnetsecurity.com/2024/02/14/matt-shelton-google-cloud-threat-actors-trends/

In this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies in 2024. How have cyber threats evolved over the last year, and what trends are we seeing regarding attack vectors and methodologies? To some extent, cybersecurity fatigue and complacency have left gaps where threat actors … More

The post Rise in cyberwarfare tactics fueled by geopolitical tensions appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies in 2024. Caveat, when talking about public-private partnerships – what is needed is real operational and ongoing public-private collaboration is essential for sharing information, developing best practices, and mitigating risks and is essential for building a more secure and resilient cyber ecosystem. To some extent, cybersecurity fatigue and complacency have left gaps where threat actors have exploited old vulnerabilities, including gaps in logging and patching, to get a stalwart beachhead into the network. "


Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

financial industry ciber
2024-02-14 https://thehackernews.com/2024/02/cybersecurity-tactics-finserv.html
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more "

Autosummary: Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, applications, networks, or devices) occurred in financial services, an increase of 31% compared with the prior year.2 On average, financial services businesses take an average of 233 days to detect and contain a data breach.3 43% of senior bank executives don"t believe their bank is adequately equipped to protect customer data, privacy, and assets in the event of a cyberattack.4 The average data breach cost in financial services is $5.72 million per incident.5 State-sponsored cyberattacks also pose a unique threat to the financial sector. Similarly, in recent times, there has been a concerning trend where major service providers catering to small-medium-sized banks, such as FIS, Fiserv, and Jack Henry, have become prime targets for cyber-attacks. To effectively navigate this landscape, community banks must develop a deep understanding of relevant regulations, such as the GBLA, PCI DSS, SOX, and more.Advanced Cloud Security Strategies Cloud computing, with its numerous benefits of scalability, flexibility, and cost-effectiveness, is increasingly being adopted by financial institutions.This involves creating a cohesive framework that combines advanced technology solutions, thorough policies and procedures, regular risk assessments, continuous monitoring, and proactive incident response planning.Additionally, outsourcing executive-level insights, such as a virtual Chief Information Security Officer (vCISO), can provide strategic guidance and governance to strengthen the bank"s overall cybersecurity posture. "


German battery maker Varta halts production after cyberattack

ciber
2024-02-14 https://www.bleepingcomputer.com/news/security/german-battery-maker-varta-halts-production-after-cyberattack/
Battery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants. [...] "

Autosummary: "


Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyberattacks

government ciber
2024-02-14 https://thehackernews.com/2024/02/microsoft-openai-warn-of-nation-state.html
Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations. The findings come from a report published by Microsoft in collaboration with OpenAI, both of which said they disrupted efforts made by five state-affiliated actors that used its "

Autosummary: "


How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity

ciber
2024-02-13 https://www.helpnetsecurity.com/2024/02/13/purple-teaming-effectiveness-video/

In this Help Net Security video, Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, discusses how purple teaming allows security teams to break down barriers between teams and increase operational effectiveness. It’s no longer about team red vs. team blue. It’s time to think about team purple. This security force blends offensive and defensive minds, blurring lines and boosting defenses. No more adversarial silos, just collaborative cycles and shared intel. Imagine red … More

The post How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity appeared first on Help Net Security.

"

Autosummary: "


The future of cybersecurity: Anticipating changes with data analytics and automation

industry ciber
2024-02-13 https://www.helpnetsecurity.com/2024/02/13/mick-baccio-splunk-data-analytics-automation-role/

In this Help Net Security interview, Mick Baccio, Staff Security Strategist at Splunk SURGe, discusses the future of cybersecurity, emphasizing the importance of data analytics and automation in addressing evolving threats. He points out the changes in threat tactics, the significance of automation in reducing human error, challenges in implementing data analytics, and envisions a future where AI-assistants transform cybersecurity operations. How have cybersecurity threats evolved in recent years, and what role do data analytics … More

The post The future of cybersecurity: Anticipating changes with data analytics and automation appeared first on Help Net Security.

"

Autosummary: The landscape of cyber threats continues to further evolve, and recent high-profile data breaches (MoveIT, accelion, goanywhere, etc.) underscore the gravity of the shift. For instance, complex multi-step incident response workflows, such as quarantining a host, blocking an indicator, and searching for additional compromised assets, can be automated to minimize the likelihood of costly oversights or missed steps.In this Help Net Security interview, Mick Baccio, Staff Security Strategist at Splunk SURGe, discusses the future of cybersecurity, emphasizing the importance of data analytics and automation in addressing evolving threats. "


Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

ciber
2024-02-13 https://thehackernews.com/2024/02/midnight-blizzard-and-cloudflare.html
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and "

Autosummary: A SaaS Security Posture Management (SSPM) platform like AppOmni can help with detecting and alerting on: Initial Access: Out-of-the-box rules to detect credential compromise, including password spraying, brute force attacks, and unenforced MFA policies Out-of-the-box rules to detect credential compromise, including password spraying, brute force attacks, and unenforced MFA policies Persistence : Scan and identify OAuth permissions and detect OAuth hijacking : Recreation of illustration by Amitai Cohen Cloudflare-Atlassian Breach On Thanksgiving Day, November 23, 2023, Cloudflare"s Atlassian systems were also compromised by a nation-state attack. "


Prudential Financial breached in data theft cyberattack

financial ciber
2024-02-13 https://www.bleepingcomputer.com/news/security/prudential-financial-breached-in-data-theft-cyberattack/
Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. [...] "

Autosummary: "


2024 cybersecurity outlook: A wave of global threats on the horizon

ciber
2024-02-12 https://www.helpnetsecurity.com/2024/02/12/cybersecurity-predictions-challenges-2024-video/

2024 is expected to witness a surge in cyberattacks driven by global events and the widespread accessibility of advanced technologies. In this Help Net Security round-up, we present segments from previously recorded videos where cybersecurity experts discuss predictions for 2024, providing a comprehensive perspective on the challenges and opportunities awaiting organizations. Complete videos Dara Gibson, Senior Cyber Insurance Manager at Optiv, discusses cyber insurance and what we should expect to see in 2024. Fei Huang, … More

The post 2024 cybersecurity outlook: A wave of global threats on the horizon appeared first on Help Net Security.

"

Autosummary: "


Integrating cybersecurity into vehicle design and manufacturing

industry ciber
2024-02-12 https://www.helpnetsecurity.com/2024/02/12/yaron-edan-ree-automotive-electric-vehicles-cybersecurity/

In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles. Edan highlights the challenges of technological advancements and outlines strategies for automakers to address cyber threats effectively. Additionally, he emphasizes the importance of consumer awareness in ensuring vehicle security. Can you describe the state of cybersecurity in the automotive industry, especially in the context of electric and connected … More

The post Integrating cybersecurity into vehicle design and manufacturing appeared first on Help Net Security.

"

Autosummary: Now that our vehicles are becoming increasingly connected to the internet can go through Over-the-Air (OTA) updates, use remote management, contain Advanced Driver Assistance Systems (ADAS), and employ AI, the potential avenues for cyberattacks have expanded for threat actors to exploit in a significant way. Once an automaker is compliant with certain regulatory rules, they will then ask the regulatory bodies to come to conduct an onsite visit, where they conduct an audit for months at a time, trying to hack each layer they can and look for any areas of weakness, to identify what needs to be patched up.In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles. Implement strong network security measures, including firewalls, detection systems, and encryption, to monitor your network traffic for any anomalies regularly. "


Week in review: 10 must-read cybersecurity books, AnyDesk hack, Patch Tuesday forecast

ciber
2024-02-11 https://www.helpnetsecurity.com/2024/02/11/week-in-review-10-must-read-cybersecurity-books-anydesk-hack-patch-tuesday-forecast/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How CISOs navigate policies and access across enterprises In this Help Net Security interview, Marco Eggerling, Global CISO at Check Point, discusses the challenge of balancing data protection with diverse policies, devices, and access controls in a distributed enterprise. Enhancing adversary simulations: Learn the business to attack the business In this Help Net Security interview, Jamieson O’Reilly, Founder of DVULN, … More

The post Week in review: 10 must-read cybersecurity books, AnyDesk hack, Patch Tuesday forecast appeared first on Help Net Security.

"

Autosummary: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How CISOs navigate policies and access across enterprises In this Help Net Security interview, Marco Eggerling, Global CISO at Check Point, discusses the challenge of balancing data protection with diverse policies, devices, and access controls in a distributed enterprise. Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. "


Cybersecurity teams recognized as key enablers of business goals

ciber
2024-02-09 https://www.helpnetsecurity.com/2024/02/09/cybersecurity-teams-trust-levels/

97% of office workers across the UK and US trust their cybersecurity team’s ability to prevent or minimize damage from cyberattacks, according to CybSafe. The study examining attitudes towards cybersecurity teams within organizations has uncovered that despite minor issues around communication and processes, there are high levels of trust and appreciation amongst employees. It indicates how cybersecurity teams and professionals are increasingly viewed as a vital strategic function enabling both individuals and business success. The … More

The post Cybersecurity teams recognized as key enablers of business goals appeared first on Help Net Security.

"

Autosummary: Positive impact of security teams on business goals When it comes to the impact of security teams on business success, 74% believe security teams enable business goals as well as personal work objectives (77%), with just 7% of respondents stating their cybersecurity team has had an overall negative impact on their working experience.Interestingly, the research suggests that while, ultimately, security teams are responsible for the maintenance of a positive security culture, workers feel a sense of responsibility for protecting their employer’s data. "


Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity

ciber
2024-02-09 https://thehackernews.com/2024/02/wazuh-in-cloud-era-navigating.html
Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However, adopting cloud technologies into your infrastructure presents various cybersecurity risks and "

Autosummary: The rise of cloud computing Cloud computing deploys services, including servers, storage, software, databases, networking, and intelligence over the Internet "the cloud" to offer flexible resources, faster innovation, and cost efficiencies.We will also delve into how Wazuh, a cybersecurity solution supporting cloud platforms like Amazon Web Services (AWS), Microsoft Azure, Github, and Google Cloud Platform (GCP), can help address these challenges effectively. Challenges of cloud computing While cloud computing offers numerous benefits, such as cost savings, increased efficiency, and seamless collaboration, it also introduces unique cybersecurity challenges.Wazuh systematically examines monitored endpoints, verifying adherence to PCI-DSS, HIPAA, NIST, TSC, CIS, and other applicable regulations.It offers flexibility in integrating with various cloud solution providers, including Amazon Web Services, Microsoft Azure, and Google Cloud, while delivering comprehensive visibility and robust security capabilities. "


Cybersecurity teams hesitate to use automation in TDIR workflows

ciber
2024-02-07 https://www.helpnetsecurity.com/2024/02/07/tdir-improvements-in-security-operations/

Despite reported threat detection, investigation, and response (TDIR) improvements in security operations, more than half of organizations still experienced significant security incidents in the last year, according to Exabeam. North America experienced the highest rate of security incidents (66%), closely followed by Western Europe (65%), then Asia Pacific and Japan (APJ) (34%). Gap between self-reported security measures and reality The findings reveal a significant gap between self-reported security measures and reality. Despite 57% of interviewed … More

The post Cybersecurity teams hesitate to use automation in TDIR workflows appeared first on Help Net Security.

"

Autosummary: Despite 57% of interviewed organizations reporting significant security incidents, over 70% of organizations reported better performance on cybersecurity key performance indicators (KPIs), such as mean time to detect, investigate, respond, and remediate in 2023 as compared to 2022, and 90% believe they have good or excellent ability to detect cyberthreats. "


Cybersecurity in the automotive industry: Ensuring compliance with UNECE regulations

industry ciber
2024-02-07 https://ics-cert.kaspersky.com/publications/cybersecurity-in-the-automotive-industry-ensuring-compliance-with-unece-regulations/
What UN Regulations 155 and 156 require from vehicle manufacturers in reality, and how to ensure compliance with requirements and prepare for certification if necessary "

Autosummary: The table below presents a list of vehicle categories covered by the requirements of UN Regulations 155 and 156: Vehicle category Category description Applicable requirements L6 Four-wheeled vehicles with a mass not exceeding 350 kg, engine displacement of 50 cc or less, and maximum design speed of 45 km/h UN 155, if the vehicle complies with Level 3 automation or higher L7 Four-wheeled vehicles with a mass not exceeding 400 kg and maximum continuous rated power of no more than 15 kW UN 155, if the vehicle complies with Level 3 automation or higher M Vehicles with four or more wheels, designed to carry passengers UN 155 and UN 156 N Vehicles with four or more wheels, designed to carry cargo UN 155 and UN 156 O Trailers with at least one ECU UN 155 and UN 156 R Agricultural trailers UN 156 S Interchangeable towed agricultural and logging equipment UN 156 T Any motorized, wheeled, or tracked agricultural equipment with at least two wheeled axles, capable of moving faster than 6 km/h UN 156 Starting in July 2024, UN Regulations 155 and 156 will become mandatory not only for new types of vehicles, but also for all new vehicles produced. The automotive industry has a geographically and hierarchically distributed and functionally complex supply chain that includes: the vehicle manufacturer itself (OEM – Original Equipment Manufacturer); suppliers of individual vehicle systems and modules (Tier 1 suppliers), such as the gearbox, infotainment module, or engine control unit; their suppliers that make the individual components of the systems and modules, for example, microcircuits, sensors, controllers, operating systems, bearings, actuators, etc.The broad range of functions (engine control, fuel system control, passenger safety, autopilot, infotainment system), architectures of communication interfaces used by individual components (CAN, LIN, Ethernet, Wi-Fi), communication links with external services and entities (Bluetooth, Wi-Fi, LTE) create a huge cyberattack surface in vehicles. Risks for the manufacturer’s ICT infrastructure A vehicle manufacturer is an industrial organization whose structure combines the ordinary ICT infrastructure of a back office, i.e., auxiliary and supporting business units (accounting department, legal department, logistical support for the office, etc.), with the infrastructure of the development unit, the production segment, and the servers of the supporting infrastructure. The consequences of a successful attack on a vehicle may include the theft or modification of data (personal data, payment information, and other user data), installation of malicious code/firmware, disruption or manipulation of individual vehicle functions, theft of the vehicle, physical damage to the vehicle, and injury or death of drivers, passengers, and pedestrians. Relevant cybersecurity risks In the automotive industry, cybersecurity requirements apply at least to the following objects: the product itself – that is, the vehicle and its components; supporting infrastructure – for example, servers for updating the firmware of electronic control units (ECU); the manufacturer’s ICT infrastructure, whose security is important for the development, manufacture, and subsequent support of products; supply chain of a vehicle’s individual electronic components and systems. Production phase According to ISO 21434, when the production phase begins, it is necessary to analyze all production operations and develop a production control plan that includes: a description of the steps to implement the cybersecurity requirements for the production, operation and maintenance and decommissioning phases (the standard combines these phases into a single post-development phase); a list of equipment and tools for the production phase; security controls to prevent unauthorized changes in production; procedures for evaluating the completeness of implementation and validating the security requirements for the production, operation and maintenance and decommissioning phases. To maintain the cybersecurity of the vehicle, it is necessary to: monitor information about discovered vulnerabilities and changes in the threat landscape; establish security monitoring of the supporting infrastructure and incident response processes; establish monitoring of information about compromised suppliers and processes for responding to incidents involving supply chains and trusted (authorized) partners; rapidly respond to vulnerabilities, threats and incidents, including developing and installing patches, notifying users, and reassessing risks. The following are examples of attacks on supporting infrastructure: uploading and installing a fake update; uploading fake backup copies of data or configurations; sending illegitimate commands from an adversary’s C&C server to a vehicle; attack on the servers of supporting infrastructure (for example, network management servers for charging stations) and the subsequent leaking of personal data and payment information; changes made while servicing a vehicle at an auto repair shop that result in a breach of security (configuration changes, deployment of a rootkit, etc.).To obtain them, a vehicle manufacturer must demonstrate that the organizational processes listed above comply with the following requirements as part of cybersecurity management and update management: threat assessment and risk analysis (TARA); continuous monitoring, incident detection and response; vulnerability management; component supply chain management and service management; security update management; notification of supervisory bodies regarding the results of cybersecurity monitoring, including any cyberattacks. Risks of attacks on supporting infrastructure can be minimized by implementing a proper network topology and segmentation, secure protocols for authentication, authorization, and data encryption, antivirus protection, procedures for controlling access to the system, vulnerability management, and incident monitoring and response. An acceptable option for implementing cybersecurity practices could be the following sequence of steps: establish a cybersecurity management system, i.e., develop and implement basic cybersecurity procedures and policies within the organization; develop a cybersecurity plan that defines the list of protective measures and stages for their implementation; secure the company’s ICT infrastructure by minimizing the risk of attacks on development departments and production sites; secure supporting infrastructure and external services by minimizing the risk of an attack on a vehicle under development or in use; ensure that the project lifecycle meets relevant cybersecurity requirements, from design and secure development to vehicle decommissioning and the recycling of individual components. Risk management for the manufacturer’s ICT infrastructure When it comes to risk management for the ICT infrastructure, it should be kept in mind that the vehicle manufacturer needs to view the ICT infrastructure as the starting point of complex attacks whose ultimate target is the vehicle, supporting infrastructure, and the data of passengers and vehicle owners (individuals as well as legal entities).According to ISO 26262, the lifecycle of a vehicle project is divided into 5 phases (we will use this division, because the phases defined in ISO 26262 are more detailed than those in ISO 21434): concept phase; product development phase; production phase; operation and maintenance phase; end of cybersecurity support and decommissioning phase. Some functionality (monitoring, secure downloading and installation of updates, user/owner change scenarios, etc.) is implemented in the vehicle, and some is implemented in supporting infrastructure.Three phases are identified in the project lifecycle: the concept phase, the development phase (which includes cybersecurity development and validation) and the post-development phase (which includes production, operation, and maintenance, as well as the end of cybersecurity support and decommissioning). Requirements of UNECE and international standards UN Regulations 155 and 156 contain top-level requirements that can be divided into two categories: process-oriented requirements, which have to do with security management at the level of the organization, and project-oriented requirements, which have to do with ensuring the security of everything being produced – whether the vehicles themselves or individual systems and components. "


The toothbrush DDoS attack: How misinformation spreads in the cybersecurity world

ciber
2024-02-07 https://grahamcluley.com/the-toothbrush-ddos-attack-how-misinformation-spreads-in-the-cybersecurity-world/
No, three million smart toothbrushes didn"t launch a DDoS attack against a Swiss company. "

Autosummary: None of this has stopped numerous newspapers and websites around the world from repeating the “Beware, your electric toothbrush may have been hacked” headlines, because… …well, because it makes such a good story.Here are a few headlines from the last 24 hours or so, about a supposed smart toothbrush botnet launching a distributed denial-of-service (DDoS) attack: And there were many more… The reports were inspired by a report last week in the Swiss newspaper Aargauer Zeitung. "


Exploring NIST Cybersecurity Framework 2.0

ciber
2024-02-06 https://www.helpnetsecurity.com/2024/02/06/nist-cybersecurity-framework-2-0-video/

In this Help Net Security video, Dan Erel, VP of Security at SeeMetrics, discusses NIST Cybersecurity Framework (CSF) 2.0. NIST CSF is based on existing standards, guidelines, and practices for organizations to manage and reduce cybersecurity risk better. It was designed to foster risk and cybersecurity management communications amongst internal and external organizational stakeholders. Read more: 10 cybersecurity frameworks you need to know about

The post Exploring NIST Cybersecurity Framework 2.0 appeared first on Help Net Security.

"

Autosummary: "


10 must-read cybersecurity books for 2024

ciber
2024-02-06 https://www.helpnetsecurity.com/2024/02/06/cybersecurity-books-2024/

Our list of cybersecurity books has been curated to steer your professional growth in 2024. This selection aims to provide comprehensive information security insights and knowledge, ensuring you stay ahead in your career learning journey throughout the year. Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup Author: Ross Haleliuk Cyber for Builders provides an overview of the cybersecurity industry from entrepreneurial lenses, breaks down the role of various industry players, from investors … More

The post 10 must-read cybersecurity books for 2024 appeared first on Help Net Security.

"

Autosummary: Author: Cesar Bravo, Desilda Toska You’ll learn the most intriguing psychological principles exploited by attackers, including influence, manipulation, rapport, persuasion, and empathy, and gain insights into how attackers leverage technology to enhance their attacks using fake logins, email impersonation, fake updates, and executing attacks through social media.Moreover, the book is packed with mental models, notes, and advice to help early-stage cybersecurity founders get their ideas off the ground and solve problems young companies face around problem discovery, hiring, building products, and fundraising. "


Criminal IP ASM: A new cybersecurity listing on Microsoft Azure

ciber
2024-02-06 https://www.bleepingcomputer.com/news/security/criminal-ip-asm-a-new-cybersecurity-listing-on-microsoft-azure/
AI SPERA, a leader in Cyber Threat Intelligence (CTI)-based solutions, today announced that Criminal IP ASM (Attack Surface Management) is now available on the Microsoft Azure Marketplace. [...] "

Autosummary: The search engine, catering to a diverse user base, is available in English, French, Arabic, Korean, and Japanese, and is utilized across 160 countries worldwide. "


How cybersecurity strategies adapt to evolving threats

ciber
2024-02-05 https://www.helpnetsecurity.com/2024/02/05/cybersecurity-strategies-challenges-video/

Cybersecurity strategies are essential components of modern organizations, designed to protect digital assets, sensitive information, and overall business continuity from potential cyber threats. As technology advances, the complexity and frequency of cyber attacks continue to grow, making it imperative for businesses to develop robust and adaptive cybersecurity strategies. In this round-up from Help Net Security, cybersecurity experts address various aspects of cybersecurity strategies and challenges. Complete videos Keith Neilson, Technical Evangelist at CloudSphere, illustrates how … More

The post How cybersecurity strategies adapt to evolving threats appeared first on Help Net Security.

"

Autosummary: "


Clorox counts the cost of cyberattack

ciber
2024-02-05 https://www.malwarebytes.com/blog/news/2024/02/clorox-counts-the-cost-of-cyberattack
Clorox has reported losses of $49 million following a cyberattack in mid-2023. "

Autosummary: Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.When an organization refuses to pay, the attacking ransomware group will typically publish the organization’s details, along with its data, on their leak site, which are our main source of information about who did what to who.Despite a business continuity plan, the incident resulted in wide-scale disruptions to the company’s operations throughout the quarter, which ended September 30, 2023. "


A cyberattack impacted operations at Lurie Children’s Hospital

ciber
2024-02-04 https://securityaffairs.com/158609/cyber-crime/lurie-childrens-hospital-cyberattack.html
A cyber attack forced Lurie Children’s Hospital in Chicago to take IT systems offline with a severe impact on its operations. The Lurie Children’s Hospital in Chicago took IT systems offline after a cyberattack. The security incident severely impacted normal operations also causing the delay of medical care. Lurie Children’s Hospital is one of the […] "

Autosummary: Lurie Children’s Hospital offers a wide range of specialized medical services, including pediatric surgery, oncology, cardiology, neurology, and neonatology. "


Clorox estimates the costs of the August cyberattack will exceed $49 Million

ciber
2024-02-03 https://securityaffairs.com/158575/security/clorox-attack-costs-exceed-49m.html
Cleaning products giant Clorox estimates the economic impact of the cyber attack that hit the company in August 2023 at $49 million. The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various household and professional cleaning, health, and personal care products. The cleaning product giant announced in mid-August […] "

Autosummary: Clorox estimates the costs of the August cyberattack will exceed $49 Million Pierluigi Paganini February 03, 2024 February 03, 2024 Cleaning products giant Clorox estimates the economic impact of the cyber attack that hit the company in August 2023 at $49 million. "


Clorox says cyberattack caused $49 million in expenses

ciber
2024-02-03 https://www.bleepingcomputer.com/news/security/clorox-says-cyberattack-caused-49-million-in-expenses/
Clorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident. [...] "

Autosummary: "


EU adopts first cybersecurity certification scheme for safer tech

ciber
2024-02-02 https://www.helpnetsecurity.com/2024/02/02/enisa-eucc-cybersecurity-certification-scheme/

The European Commission adopted the implementing regulation concerning the EU cybersecurity certification scheme on Common Criteria (EUCC). The outcome aligns with the candidate cybersecurity certification scheme on EUCC that ENISA drafted in response to a request issued by the European Commission. In drafting the candidate scheme, ENISA was supported by an Ad-hoc working group (AHWG) composed of area experts from across the industry and EU Member States National Cybersecurity Certification Authorities (NCCAs). ENISA is grateful … More

The post EU adopts first cybersecurity certification scheme for safer tech appeared first on Help Net Security.

"

Autosummary: Voluntary-based, the new EUCC scheme allows ICT suppliers who wish to showcase proof of assurance to go through an EU commonly understood assessment process to certify ICT products such as technological components (chips, smartcards), hardware and software. EU Agency for Cybersecurity Executive Director Juhan Lepassaar underscored that “The adoption of the first cybersecurity certification scheme marks a milestone towards a trusted EU digital single market, and it is a piece of the puzzle of the EU cybersecurity certification framework that is currently in the making.” "


Cloudzy Elevates Cybersecurity: Integrating Insights from Recorded Future to Revolutionize Cloud Security

ciber
2024-02-02 https://thehackernews.com/2024/02/cloudzy-elevates-cybersecurity.html
Cloudzy, a prominent cloud infrastructure provider, proudly announces a significant enhancement in its cybersecurity landscape. This breakthrough has been achieved through a recent consultation with Recorded Future, a leader in providing real-time threat intelligence and cybersecurity analytics. This initiative, coupled with an overhaul of Cloudzy"s cybersecurity strategies, represents a major "

Autosummary: This sophisticated intelligence, allows us to act promptly against threats like Ransomware, APT(Advanced Persistent Threats), C2 (Command and Control) servers, malware, and more Upon thorough evaluation of these reports and confirmation that the implicated accounts are indeed conducting illegal activities and are not victims, Cloudzy systematically bans these accounts. "


Lurie Children"s Hospital took systems offline after cyberattack

ciber
2024-02-02 https://www.bleepingcomputer.com/news/security/lurie-childrens-hospital-took-systems-offline-after-cyberattack/
Lurie Children"s Hospital in Chicago was forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances. [...] "

Autosummary: "As Illinois" leading provider for pediatric care, our overarching priority is to continue providing safe, quality care to our patients and the communities we serve," continues the hospital"s announcement. "


Unpacking the challenges of AI cybersecurity

ciber
2024-02-01 https://www.helpnetsecurity.com/2024/02/01/ai-cybersecurity-challenges-video/

As organizations handle increasing amounts of data daily, AI offers advanced capabilities that would be harder to achieve with traditional methods. In this Help Net Security video, Tyler Young, CISO at BigID, explores AI’s challenges, triumphs, and future in cybersecurity.

The post Unpacking the challenges of AI cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Qualys enhances CyberSecurity Asset Management to discover risky unmanaged devices

ciber
2024-02-01 https://www.helpnetsecurity.com/2024/02/01/qualys-cloud-agent-passive-sensor/

Qualys is expanding Qualys CyberSecurity Asset Management (CSAM) to identify unmanaged and untrusted devices in real-time. Leveraging the Qualys Cloud Agent to continuously monitor the network, this passive discovery method complements scans, agents, and API-based discovery to build a comprehensive asset inventory, calculate the TruRisk of every asset, and eliminate risk based on business impact. 69% of organizations said they experienced at least one cyberattack resulting from an exploit of an unknown or unmanaged asset … More

The post Qualys enhances CyberSecurity Asset Management to discover risky unmanaged devices appeared first on Help Net Security.

"

Autosummary: In navigating intricate enterprise landscapes, real-time visibility of the entire infrastructure is difficult, and at times, appears impossible,” said Gary Bowen, director of Security Operations, Brown & Brown Insurance. "


Proactive cybersecurity: A strategic approach to cost efficiency and crisis management

ciber
2024-01-31 https://www.helpnetsecurity.com/2024/01/31/stephanie-hagopian-cdw-proactive-cybersecurity-strategy/

In this Help Net Security interview, Stephanie Hagopian, VP of Security at CDW, discusses offensive strategies in the face of complex cyberattacks and the role of the zero-trust model. The conversation also covers the essential steps for a reactive cybersecurity strategy post-attack, emphasizing transparency and preparedness. Furthermore, we examine the benefits of adopting a proactive cybersecurity approach, particularly in terms of cost efficiency and crisis management, and explore the impact of offensive security testing on … More

The post Proactive cybersecurity: A strategic approach to cost efficiency and crisis management appeared first on Help Net Security.

"

Autosummary: In turn, in the case of a cyberattack, companies can save organizations millions of dollars in preventing unplanned downtime, reputational costs and regulatory fines, among other costs. Furthermore, we examine the benefits of adopting a proactive cybersecurity approach, particularly in terms of cost efficiency and crisis management, and explore the impact of offensive security testing on compliance and zero-day response. "


Cybercriminals replace familiar tactics to exfiltrate sensitive data

industry ciber
2024-01-31 https://www.helpnetsecurity.com/2024/01/31/ransomware-attacks-changing-tactics/

Ransomware attacks are increasing again as cybercriminals’ motivation shifts to data exfiltration, according to Delinea. The familiar tactics of crippling a company and holding it hostage have been replaced by new strategies that use stealth to exfiltrate private and sensitive data. Cybercriminals then frequently threaten to sell it to the highest bidder on the darknet or leverage it to reap a handsome cyber insurance payment. Ransomware on the rise Although not back at the levels … More

The post Cybercriminals replace familiar tactics to exfiltrate sensitive data appeared first on Help Net Security.

"

Autosummary: Changing tactics in ransomware attacks As their main goals changed, cybercriminals modified their tactics and moved away from using email as a preferred attack vector (down from 52% to 37%), targeting cloud (44%) and compromised applications (39%) instead. "


The SEC Won"t Let CISOs Be: Understanding New SaaS Cybersecurity Rules

ciber
2024-01-31 https://thehackernews.com/2024/01/the-sec-wont-let-cisos-be-understanding.html
The SEC isn’t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps connected to them.  The new cybersecurity mandates make no distinction between data exposed in a breach that was stored on-premise, in the "

Autosummary: Is The New "Follow The Money" As the SEC is tasked with protecting investors and maintaining "fair, orderly, and efficient markets," regulating registrants" SaaS and SaaS-to-SaaS connections falls within the agency"s purview.Applicable public companies, known as "registrants," are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps connected to them.With SSPM, you can monitor configurations and permissions across all SaaS apps, along with understanding the permissions and reach of SaaS-to-SaaS connections, including connected AI tools. "


Ransomware recap 2023 highlights cybersecurity crisis

exploits ciber
2024-01-30 https://www.helpnetsecurity.com/2024/01/30/2023-ransomware-environment-video/

In this Help Net Security video, Yochai Corem, CEO of Cyberint, explores the ransomware environment’s development, effects, and emerging patterns throughout the previous year. 2023 marked a historic high for ransomware groups, with a 55.5% increase in attacks, reaching 4,368 victims globally, according to Cyberint. Key findings from their report include: The MOVEit campaign was the most successful campaign of 2023, emphasizing the impact of supply chain attacks. LockBit 3.0 led as the most active … More

The post Ransomware recap 2023 highlights cybersecurity crisis appeared first on Help Net Security.

"

Autosummary: "


How SMBs can lower their risk of cyberattacks and data breaches

financial ciber
2024-01-30 https://www.bleepingcomputer.com/news/security/how-smbs-can-lower-their-risk-of-cyberattacks-and-data-breaches/
SMBs are attractive targets for cybercriminals as they typically have fewer resources like IT support, and lack robust security procedures, like employee cybersecurity training. Learn more from Specops Software on how SMBs can protect themselves from cyberattacks. [...] "

Autosummary: According to the framework, SMBs can mitigate risks by: Controlling who can access your network and data Having formal policies for use Encrypting sensitive data, both at rest and in transit Using network firewalls with integrated security Monitoring for unauthorized access Backing up data regularly Creating plans for responding and recovering from attacks These best practices can help reduce unauthorized access. In 2023, we’ve seen multiple breaches of SMBs that turned into large-scale attacks on major companies, including AT&T, Chic-fil-A, and 1Password. End-user awareness training 88% of data breaches can be traced back to human error, according to a joint study between a Stanford University researcher and Tessian. "


Top 3 Cybersecurity Trends for SME Business Leaders

ciber
2024-01-29 https://grahamcluley.com/feed-sponsor-cynet/
Graham Cluley Security News is sponsored this week by the folks at Cynet. Thanks to the team there for their support. As Cynet’s COO, my team and I get to work closely with risk management executives at small-to-medium enterprises (SMEs) around the world. In this piece, I’ll distill insights from our collaboration into three salient … Continue reading "Top 3 Cybersecurity Trends for SME Business Leaders" "

Autosummary: As a result, executives across industries must recognize security as an organizational enabler, not a narrow niche for technical specialists, and build it into the fabric of their operations. In 2024, business leaders can expect to a significant increase in activity from a third flavor of adversary: ideologically motivated threat actors, often referred to as “hacktivists” or “cyberterrorists” depending on one’s opinion of their targets.For companies with 1,000-5,000 employees, the average cost of a data breach reached $4.87 million in 2023 – a year-over-year increase of nearly 20%, according to IBM.Once they have established a foothold, they may employ keyloggers to capture your every keystroke, steal browser cookies to access your online accounts, or even target specific applications like email clients and instant messaging platforms. For guidance to boost employee awareness, pg. 5 of the 2024 SME security plan checklist identifies the key components of a holistic security training program. "


Prioritizing cybercrime intelligence for effective decision-making in cybersecurity

ciber
2024-01-29 https://www.helpnetsecurity.com/2024/01/29/alon-gal-hudson-rock-cybercrime-intelligence/

In this Help Net Security interview, Alon Gal, CTO at Hudson Rock, discusses integrating cybercrime intelligence into existing security infrastructures. Our discussion will cover a range of essential aspects, from the importance of continuous adaptation in cybersecurity strategies to practical advice for CISOs on enhancing threat detection and response capabilities. We’ll also explore the challenges of balancing intelligence gathering with privacy and legal considerations and look at strategies for prioritizing intelligence inputs in decision-making. What … More

The post Prioritizing cybercrime intelligence for effective decision-making in cybersecurity appeared first on Help Net Security.

"

Autosummary: To have a balance between gathering cybercrime intelligence and respecting privacy and adhering to legal considerations, organizations need to follow strict legal compliance, including data protection laws. This poses a significant risk to organizations, and it is crucial to monitor whether the organization has infected the computers of employees, customers, and partners. "


Cybercriminals embrace smarter strategies, less effort

ciber
2024-01-29 https://www.helpnetsecurity.com/2024/01/29/supply-chain-disruption/

2024 is shaping up to be a record-breaking year for data breaches, according to Experian. Despite 2023 being labeled as a ‘successful’ year for malicious actors, the upcoming months may bring forth developments that could further disrupt the cybersecurity landscape. Supply chain vulnerabilities amplified There’s no question third-party data breaches have made headlines. With increased data collection, storage, and movement, there are plenty of partners down the supply chain that could be targeted. We predict … More

The post Cybercriminals embrace smarter strategies, less effort appeared first on Help Net Security.

"

Autosummary: “Cybercriminals are continually working smarter, not harder,” said Michael Bruemmer, VP, Global Data Breach Resolution at Experian. "


Be the Royal Family’s Cybersecurity Manager, and get a cut-price honey dipper!

ciber
2024-01-29 https://grahamcluley.com/be-the-royal-familys-cybersecurity-manager-and-get-a-cut-price-honey-dipper/
Fancy a high-profile cybersecurity job? Here"s one for you. Role: Cyber Security Manager. Location: Buckingham Palace. "

Autosummary: Evaluating, reviewing, and advising on best practice, drawing on external expertise, including the National Cyber Security Centre (NCSC). "


Keenan warns 1.5 million people of data breach after summer cyberattack

financial ciber
2024-01-29 https://www.bleepingcomputer.com/news/security/keenan-warns-15-million-people-of-data-breach-after-summer-cyberattack/
Keenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack. [...] "

Autosummary: "


Role of Wazuh in building a robust cybersecurity architecture

ciber
2024-01-26 https://www.bleepingcomputer.com/news/security/role-of-wazuh-in-building-a-robust-cybersecurity-architecture/
Leveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits. Learn more from Wazuh about the benefits of open source solutions. [...] "

Autosummary: Wazuh plays a significant role in implementing a cyber security architecture, providing a platform for security information and event management, active response, compliance monitoring, and more. Leveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits, such as cost-effectiveness, flexibility, community support, and transparency. "


AI expected to increase volume, impact of cyberattacks

ciber
2024-01-25 https://www.helpnetsecurity.com/2024/01/25/ai-increase-cyberattacks/

All types of cyber threat actor are already using artificial intelligence (AI) to varying degrees, UK National Cyber Security Centre’s analysts say, and predict that AI “will almost certainly increase the volume and heighten the impact of cyberattacks over the next two years.” AI lowers the barrier for less skilled hackers, making it easier for them to gather information and pull off successful compromise of devices and accounts, they also noted. “This enhanced access will … More

The post AI expected to increase volume, impact of cyberattacks appeared first on Help Net Security.

"

Autosummary: AI is upskilling less-skilled hackers Although AI is used by all types of cyber threat actors, it will particularly benefit less-skilled ones, as it will enhance their ability to carry out social engineering attacks and create convincing phishing emails. "


Assessing and mitigating supply chain cybersecurity risks

ciber
2024-01-25 https://www.welivesecurity.com/en/business-security/assessing-mitigating-cybersecurity-risks-supply-chain/
Blindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk management "

Autosummary: Whatever the specific supply chain risk type, the end result could be the same: financial and reputational damage and the risk of law suits, operational outages, lost sales and angry customers.As such, it serves as a foundational document outlining expectations, standards, and procedures that suppliers must adhere to in order to ensure the security of the overall supply chain.They may impact traditional suppliers such as professional services firms (e.g., lawyers, accountants), or vendors of business software. In the US last year, there were 40% more supply chain attacks than malware-based attacks, according to one report.In a more recent case, popular file transfer software MOVEit was compromised by a zero-day vulnerability and data stolen from hundreds of corporate users, impacting millions of their customers. "


Prioritizing CIS Controls for effective cybersecurity across organizations

ciber
2024-01-24 https://www.helpnetsecurity.com/2024/01/24/randy-marchany-virginia-tech-cis-controls-implementation/

In this Help Net Security interview, Randy Marchany, CISO at Virginia Tech, discusses the challenges and strategies associated with implementing CIS Controls in organizations of varying sizes. Marchany explores the importance of securing top-level management support, breaking down data silos, and setting realistic timelines for project completion. The discussion also highlights the prioritization of key controls for inventory management, the use of metrics to measure implementation effectiveness and the adaptation of CIS Controls for different … More

The post Prioritizing CIS Controls for effective cybersecurity across organizations appeared first on Help Net Security.

"

Autosummary: NIST 800-53a Rev 5 Moderate/Low, NIST 800-171, PCI 4.0, Australian Signal Directorate’s Essential Eight, UK NCSC Cyber Essentials v.2.2, CMMC 2.0, HIPAA, NERC-CIP, COBIT 5, SWIFT are among the standards that can map to the CIS Controls. While the CIS doesn’t recommend any particular order to implementing the controls, I would recommend starting with controls 1-3, which determine your hardware, software, and most importantly, your sensitive data inventories.The implementation team(s) need to a) determine what data is needed to implement a particular control, b) find the unit within the organization that has control access to this data, and c) get this information from these units. "


10 USA cybersecurity conferences you should visit in 2024

ciber
2024-01-24 https://www.helpnetsecurity.com/2024/01/24/10-usa-cybersecurity-conferences-you-should-visit-in-2024/

Security BSides Security BSides offers attendees an opportunity to engage and present their ideas actively. Characterized by its intensity, these events are filled with discussions, demonstrations, and interactive participation. BSides are happening all over the USA. To find an event near you, visit their website. AI for Automotive Cybersecurity USA 19 – 21 March, 2024 | Ann Arbor This event features industry professionals from automotive cybersecurity, artificial intelligence, machine learning, quantum computing, R&D, LLM, and … More

The post 10 USA cybersecurity conferences you should visit in 2024 appeared first on Help Net Security.

"

Autosummary: 9 – 12 April, 2024 | Las Vegas At ISC West, you will have the chance to network and connect with thousands of security and public safety professionals, learn from the SIA Education@ISC program, plus explore the latest technologies in cybersecurity, access control, alarms and monitoring, and video surveillance while discovering emerging trends in connected IoT, smart home, and more. "


Stellar Cyber partners with Proofpoint to speed detection of email-driven cyberattacks

ciber
2024-01-24 https://www.helpnetsecurity.com/2024/01/24/stellar-cyber-proofpoint-partnership/

Stellar Cyber announced a new partnership with Proofpoint, a cybersecurity and compliance company. Through this alliance, Proofpoint and Stellar Cyber customers benefit from an out-of-the-box integration enabling swift email investigations and real-time response actions to email-driven attacks. Proofpoint Targeted Attack Protection monitors emails to identify suspicious emails and potentially malicious attachments and URLs. Once identified, the findings are shared with Stellar Cyber automatically. Stellar Cyber’s Open XDR platform ingests, normalizes, and analyzes Proofpoint findings and … More

The post Stellar Cyber partners with Proofpoint to speed detection of email-driven cyberattacks appeared first on Help Net Security.

"

Autosummary: "


Global fintech firm EquiLend offline after recent cyberattack

ciber
2024-01-24 https://www.bleepingcomputer.com/news/security/global-fintech-firm-equilend-offline-after-recent-cyberattack/
New York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in a Monday cyberattack. [...] "

Autosummary: EquiLend was founded in 2001 by a consortium of ten global banks and broker-dealers, including Bank of America Merrill Lynch, BlackRock, Credit Suisse, Goldman Sachs, JP Morgan, Morgan Stanley, National Bank of Canada, Northern Trust, State Street, and UBS. "


Top cybersecurity concerns for the upcoming elections

ciber
2024-01-23 https://www.helpnetsecurity.com/2024/01/23/2024-election-cybersecurity-video/

In this Help Net Security video, Adam Marrè, CISO at Arctic Wolf, explains how state and local governments must focus on cybersecurity as the 2024 election approaches in the United States. State and local IT and cybersecurity teams usually have few staff members and are overwhelmed with daily tasks. This workload becomes even heavier during election years with extra responsibilities. The recent Arctic Wolf 2024 Election Security Survey found that: Nearly half of respondents expect … More

The post Top cybersecurity concerns for the upcoming elections appeared first on Help Net Security.

"

Autosummary: "


Why cyberattacks mustn’t be kept secret

ciber
2024-01-23 https://www.helpnetsecurity.com/2024/01/23/cybersecurity-transparency/

No company is immune to cyberattacks, but when the inevitable happens, too many companies still try to maintain a wall of silence. In fact, over half of security professionals admit their organizations maintain a culture of security through obscurity, with over one-third admitting they are completely secretive about their cybersecurity activities. While many organizations may fear reputational or monetary damage from proactively sharing findings from vulnerabilities and incidents, I’ve found the contrary to be true: … More

The post Why cyberattacks mustn’t be kept secret appeared first on Help Net Security.

"

Autosummary: The benefits of cyber transparency For individual organizations, transparency and accountability can be a significant differentiator that dictates conversations with customers, the C-Suite, the media, and other key stakeholders.Doing so builds a culture focused on openness, collaboration, and growth that strengthens the people, processes, and technology used to build more robust cybersecurity defenses overall.For maximum effectiveness, there are several best practices to keep in mind: Refrain from finger-pointing When vulnerabilities are discovered, many organizations quickly start looking for someone to blame. "


With hackers poisoning water systems, US agencies issue incident response guide to boost cybersecurity

ciber
2024-01-22 https://www.tripwire.com/state-of-security/us-agencies-issue-cybersecurity-guide-response-cybercriminals-targeting-water
US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). Read more in my article on the Tripwire State of Security blog. "

Autosummary: The guidance issued by the FBI, CISA, and EPA focuses on the four stages of incident response: Preparation: WWS Sector organizations should have an incident response plan in place, implement available services and resources to raise their cyber baseline, and engage with the WWS Sector cyber community. "


Resecurity and Cybercrime Atlas join forces to disrupt cybercriminal operations

ciber
2024-01-22 https://www.helpnetsecurity.com/2024/01/22/resecurity-cybercrime-atlas-partnership/

In an era where cybercrime poses a pervasive threat to individuals, corporations, and governments worldwide, Resecurity and Cybercrime Atlas have forged a partnership aimed at disrupting the global cybercriminal ecosystem. The Cybercrime Atlas is hosted by the World Economic Forum’s Centre for Cybersecurity and uses open-source research to create new insights into the cybercriminal ecosystem. The Cybercrime Atlas community is made up of organizations who have a key role in identifying and disrupting cybercriminal operations. … More

The post Resecurity and Cybercrime Atlas join forces to disrupt cybercriminal operations appeared first on Help Net Security.

"

Autosummary: This collaborative effort aims to establish an action-oriented, global repository of cybercriminal intelligence, fostering cooperation between cybercrime investigators, law enforcement agencies, and businesses on a national and international scale. "


Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web

ciber
2024-01-22 https://securityaffairs.com/157870/data-breach/resecurity-massive-thailand-data-leak.html
Resecurity researchers warn of massive leak of stolen Thai personally identifiable information (PII) on the dark web by cybercriminals. Resecurity has detected a noticeable increase in data leaks from consumer-focused platforms in Thailand, confirming that threat actors are actively targeting the personal data of citizens now at the beginning of 2024. Thailand is swiftly becoming […] "

Autosummary: "


loanDepot cyberattack causes data breach for 16.6 million people

financial ciber
2024-01-22 https://www.bleepingcomputer.com/news/security/loandepot-cyberattack-causes-data-breach-for-166-million-people/
Mortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier this month. [...] "

Autosummary: "


Week in review: 10 cybersecurity frameworks you need to know, exploited Chrome zero-day fixed

exploits ciber
2024-01-21 https://www.helpnetsecurity.com/2024/01/21/week-in-review-10-cybersecurity-frameworks-you-need-to-know-exploited-chrome-zero-day-fixed/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Key elements for a successful cyber risk management strategy In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. CISOs’ crucial role in aligning security goals with enterprise expectations In this Help Net Security interview, Chris Mixter, … More

The post Week in review: 10 cybersecurity frameworks you need to know, exploited Chrome zero-day fixed appeared first on Help Net Security.

"

Autosummary: Ransomware negotiation: When cybersecurity meets crisis management In this Help Net Security interview, Tim Morris, Chief Security Advisor at Tanium, discusses ransomware negotiation, how it typically unfolds, and how organizations should have a playbook that clearly outlines what to do, when to do it, who is notified, who will inform the board, who will talk to the press, etc. Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082) A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities Catalog (KEV). "


Court charges dev with hacking after cybersecurity issue disclosure

ciber
2024-01-20 https://www.bleepingcomputer.com/news/security/court-charges-dev-with-hacking-after-cybersecurity-issue-disclosure/
A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorized access to external computer systems and spying on data. [...] "

Autosummary: According to the original report by Heise, the programmer, operating as a freelance IT service provider, was initially tasked by a client to resolve excessive log generation issues with the merchandise management software they were using. "


U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

exploits ciber
2024-01-19 https://thehackernews.com/2024/01/us-cybersecurity-agency-warns-of.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it"s being actively exploited in the wild. The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass "

Autosummary: "


Kansas State University suffered a serious cybersecurity incident

government ciber
2024-01-19 https://securityaffairs.com/157729/security/kansas-state-university-cyber-attack.html
Kansas State University (K-State) suffered a cybersecurity incident that has disrupted part of its network and services. Kansas State University (K-State) suffered a cybersecurity incident that impacted a portion of its network and services. On January, 16, 2023, the University K-State announced it was experiencing a disruption to certain network systems, including VPN, K-State Today […] "

Autosummary: On January, 16, 2023, the University K-State announced it was experiencing a disruption to certain network systems, including VPN, K-State Today emails, and videos on Canvas, or Mediasite. "


The power of AI in cybersecurity

ciber
2024-01-18 https://www.helpnetsecurity.com/2024/01/18/cybersecurity-ai/

The widespread adoption of artificial intelligence (AI), particularly generative AI (GenAI), has revolutionized organizational landscapes and transformed both the cyber threat landscape and cybersecurity. AI as a powerful cybersecurity tool As organizations handle increasing amounts of data daily, AI offers advanced capabilities that would be harder to achieve with traditional methods. According to the “best practices” report recently published by Spain’s National Cryptology Centre (NCC), when applied to cybersecurity, AI can: Advance threat detection and … More

The post The power of AI in cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Ransomware negotiation: When cybersecurity meets crisis management

exploits ciber
2024-01-18 https://www.helpnetsecurity.com/2024/01/18/tim-morris-tanium-ransomware-negotiation/

In this Help Net Security interview, Tim Morris, Chief Security Advisor at Tanium, discusses ransomware negotiation, how it typically unfolds, and how organizations should have a playbook that clearly outlines what to do, when to do it, who is notified, who will inform the board, who will talk to the press, etc. Additionally, he discusses ransomware gangs, the role of cyber insurance, and how governments and regulatory bodies are responding to the ransomware threat In … More

The post Ransomware negotiation: When cybersecurity meets crisis management appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Tim Morris, Chief Security Advisor at Tanium, discusses ransomware negotiation, how it typically unfolds, and how organizations should have a playbook that clearly outlines what to do, when to do it, who is notified, who will inform the board, who will talk to the press, etc. Additionally, he discusses ransomware gangs, the role of cyber insurance, and how governments and regulatory bodies are responding to the ransomware threat In light of the increasing sophistication of ransomware attacks, can you discuss the dynamics of negotiating with ransomware gangs? "


ESET launches MDR service to improve cybersecurity for SMBs

ciber
2024-01-18 https://www.helpnetsecurity.com/2024/01/18/eset-mdr/

ESET launched ESET MDR, an innovative solution aimed at addressing the evolving cybersecurity challenges faced by SMBs. This launch marks a significant stride in expanding ESET’s security services portfolio with another MDR solution. In a rapidly changing threat landscape, organizations seek MDR service providers to enhance their security postures, reduce false positives and fortify their threat detection, investigation, and response capabilities. The ESET MDR service for SMBs is designed specifically to meet these needs and … More

The post ESET launches MDR service to improve cybersecurity for SMBs appeared first on Help Net Security.

"

Autosummary: In a rapidly changing threat landscape, organizations seek MDR service providers to enhance their security postures, reduce false positives and fortify their threat detection, investigation, and response capabilities. "


Kansas State University cyberattack disrupts IT network and services

government ciber
2024-01-18 https://www.bleepingcomputer.com/news/security/kansas-state-university-cyberattack-disrupts-it-network-and-services/
Kansas State University (K-State) announced it is managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services on Canvas and Mediasite. [...] "

Autosummary: Impacted systems were taken offline upon detection of the attack, resulting in the unavailability of VPN, emails, Canvas and Mediasite videos, printing, shared drives, and mailing list management services (Listservs). "


Cybersecurity spend to soar in 2024: How companies can maximize their investment

ciber
2024-01-18 https://www.malwarebytes.com/blog/business/2024/01/cybersecurity-spend-to-soar-in-2024-how-companies-can-maximize-their-investment
"Spend smarter, not harder" is the mantra for cybersecurity in 2024. "

Autosummary: Every additional security tool a company buys requires its own set of configurations, updates, and management protocols, ultimately translating to longer response times, inefficient workflows, and an inability to have a unified view of the threat landscape.That’s good, but for $5, you can upgrade to a complete meal—burger, fries, drink, maybe even a vintage Furby. "


The right strategy for effective cybersecurity awareness

ciber
2024-01-17 https://www.helpnetsecurity.com/2024/01/17/employees-cybersecurity-awareness-training/

Employees play a significant role in safeguarding organizational assets. With a constantly evolving threat landscape, cybersecurity awareness training is an essential component in creating a good security culture. Why cybersecurity awareness training? 81% of organizations were hit by malware, phishing, and password attacks in 2022, mostly targeting users. But even though employees go through cybersecurity awareness training, half of organizationd’ leaders believe their employees still lack cybersecurity knowledge. This might be due to ineffective and … More

The post The right strategy for effective cybersecurity awareness appeared first on Help Net Security.

"

Autosummary: The European Union Agency for Cybersecurity (ENISA) has outlined the following essential objectives of an organization’s cyber awareness program: Raising cybersecurity awareness Promoting cybersecurity education and culture Being prepared for incidents Boosting comprehension of cybersecurity threats and landscape Improving cybersecurity culture and hygiene Testing policies and procedures Ensuring effective cybersecurity awareness training First of all, employees must be educated about the various threats they may encounter when in their work environment. "


Wazuh: Building robust cybersecurity architecture with open source tools

ciber
2024-01-17 https://www.bleepingcomputer.com/news/security/wazuh-building-robust-cybersecurity-architecture-with-open-source-tools/
Open source solutions allow organizations to customize and adapt their cybersecurity infrastructure to their specific needs. Learn more from @wazuh on building open source cybersecurity infrastructure. [...] "

Autosummary: By providing a platform for security information and event management, log analysis, intrusion detection, vulnerability detection, active response, file integrity monitoring, compliance monitoring, and more. For example, an anti-virus solution for endpoint security, web application firewall for application security, network firewall for network security, and SIEM solution for monitoring and compliance. Leveraging open source tools and solutions to build a cybersecurity architecture offers organizations several advantages, such as cost-effectiveness, flexibility, community support, and transparency.Some key areas to consider when implementing a security architecture include: Endpoint protection Cloud security Network security Application security Identity and access management Monitoring and compliance Vulnerability management Physical security.Wazuh provides out-of-the-box support for compliance frameworks like PCI DSS, HIPAA, GDPR, NIST SP 800-53, and TSC.Wazuh provides out-of-the-box support for compliance frameworks like PCI DSS, HIPAA, GDPR, NIST SP 800-53, and TSC. "


10 cybersecurity frameworks you need to know about

ciber
2024-01-16 https://www.helpnetsecurity.com/2024/01/16/cybersecurity-frameworks/

As cyber threats grow more sophisticated, understanding and implementing robust cybersecurity frameworks is crucial for organizations of all sizes. This article lists the most essential cybersecurity frameworks developed to guide businesses and governments in safeguarding their digital assets. From the comprehensive guidelines of the NIST Cybersecurity Framework to the sector-specific standards of the ISO/IEC 27001, these frameworks provide a structured and strategic approach to managing cybersecurity risks. CIS Critical Security Controls The CIS Critical Security … More

The post 10 cybersecurity frameworks you need to know about appeared first on Help Net Security.

"

Autosummary: Secure Controls Framework (SCF) The Secure Controls Framework (SCF) centers on internal controls, encompassing cybersecurity and data privacy-related policies, standards, procedures, technologies, and their related processes. CIS Critical Security Controls The CIS Critical Security Controls (CIS Controls) offer a straightforward, prioritized, and prescriptive collection of best practices for enhancing cybersecurity posture. "


The Dual Role AI Plays in Cybersecurity: How to Stay Ahead

ciber
2024-01-16 https://www.bleepingcomputer.com/news/security/the-dual-role-ai-plays-in-cybersecurity-how-to-stay-ahead/
AI presents significant advantages for organizations, but it"s also being exploited to amplify and intensify cyberattacks. Learn more from Outpost24 about how hackers are harnessing the power of AI. [...] "

Autosummary: How hackers are harnessing the power of AI Hackers are leveraging AI tools to augment their cybercrimes, enhancing the success, scale, and scope of their attacks in various ways, including: Improving social engineering tactics: Hackers are using AI to enhance the quality of their social engineering content.By leveraging AI, they can generate grammatically accurate and error-free web content, text messages, phishing emails, and even highly convincing voicemails. "


New Findings Challenge Attribution in Denmark"s Energy Sector Cyberattacks

industry ciber
2024-01-14 https://thehackernews.com/2024/01/new-findings-challenge-attribution-in.html
The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout show. The intrusions, which targeted around 22 Danish energy organizations in May 2023, occurred in two distinct waves, one which exploited a security flaw in Zyxel firewall (CVE-2023-28771) and a "

Autosummary: "


Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO

ciber
2024-01-12 https://thehackernews.com/2024/01/applying-tyson-principle-to.html
Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a necessity. In this context, Mike Tyson"s famous adage, "Everyone has a plan until they get punched in "

Autosummary: Advanced BAS platforms provide practical recommendations, such as prevention signatures and detection rules that can be directly incorporated into security controls - including IPS, NGFW, WAF, EDR, SIEM, SOAR, and other security solutions - to strengthen your security posture immediately.As new malware variants, TTPs, exploit techniques, APT campaigns, and other emerging threats come to light, they are incorporated into the BAS tool"s threat intelligence library.Establish a cadence - whether daily, weekly, monthly, or in real-time following significant IT or threat landscape changes - to remain a step ahead of adversaries who continuously refine their tactics. "


Embracing offensive cybersecurity tactics for defense against dynamic threats

industry ciber
2024-01-11 https://www.helpnetsecurity.com/2024/01/11/alexander-hagenah-offensive-cybersecurity-measures/

In this Help Net Security, Alexander Hagenah, Head of Cyber Controls at SIX, discusses the critical steps in creating effective offensive security operations and their impact on organizational security strategies. What are the critical steps in creating effective offensive security operations, and how do they impact an organization’s security strategy? The art of war in cybersecurity, much like Sun Tzu’s teachings, hinges on knowing the enemy. But it’s not just about knowing – it’s about … More

The post Embracing offensive cybersecurity tactics for defense against dynamic threats appeared first on Help Net Security.

"

Autosummary: In this Help Net Security, Alexander Hagenah, Head of Cyber Controls at SIX, discusses the critical steps in creating effective offensive security operations and their impact on organizational security strategies. While it’s challenging to match their resources, focusing on agility, smart intelligence gathering, and collaborative defense strategies can provide effective countermeasures.By pooling resources, knowledge, and intelligence, a coalition approach facilitates a more comprehensive and effective response to cyber threats. "


X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

ciber
2024-01-11 https://securityaffairs.com/157296/cyber-crime/mandiant-x-account-hacked-2.html
The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. The X account of the Google-owned firm Mandiant has over 120,000 followers. Once […] "

Autosummary: “The wide availability and low cost of many drainers, combined with a relatively high potential for profit, likely makes them attractive operations for many financially motivated actors.” concludes the report that includes YARA Rule for the detection of the CLINKSINK drainer activity “Given the increase in cryptocurrency values and the low barrier to entry for draining operations, we anticipate that financially motivated threat actors of varying levels of sophistication will continue to conduct drainer operations for the foreseeable future.”X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected Pierluigi Paganini January 11, 2024 January 11, 2024 The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. "


The power of basics in 2024’s cybersecurity strategies

industry ciber
2024-01-10 https://www.helpnetsecurity.com/2024/01/10/cyber-defense-basics-video/

In this Help Net Security video, Nick Carroll, Cyber Incident Response Manager at Raytheon, discusses how while organizations will be challenged to strengthen their defenses faster than cyber threats are evolving, this ‘come from behind’ rush to keep pace with attackers can often lead to the harmful practice of organizations skipping the foundational basics of cyber defense and failing to establish a general sense of cyber awareness within the business.

The post The power of basics in 2024’s cybersecurity strategies appeared first on Help Net Security.

"

Autosummary: "


Silex Technology AMC Protect improves cybersecurity for critical devices

ciber
2024-01-09 https://www.helpnetsecurity.com/2024/01/09/silex-technology-amc-protect/

Silex Technology announced their new protection service product offering called AMC Protect, a robust software management service designed to monitor and remedy vulnerabilities. AMC Protect targets customers utilizing Silex’s embedded wireless LAN modules or purchasing Silex’s OEM products. “We have developed a cybersecurity-focused service product for customers leveraging custom firmware and software,” said Clay Fazio, VP of Product Management at Silex Technology. “While many industries are being plagued by vulnerabilities and cybersecurity attacks, the AMC … More

The post Silex Technology AMC Protect improves cybersecurity for critical devices appeared first on Help Net Security.

"

Autosummary: "


Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals

ciber
2024-01-08 https://thehackernews.com/2024/01/syrian-hackers-distributing-stealthy-c.html
Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that’s equipped to bypass security software and stealthily launch hidden applications. “The developers operate on multiple hacker forums and social media platforms, showcasing an active and sophisticated presence,” cybersecurity firm Cyfirma said in a report "

Autosummary: "


Week in review: 15 open-source cybersecurity tools, Patch Tuesday forecast

ciber
2024-01-07 https://www.helpnetsecurity.com/2024/01/07/week-in-review-15-open-source-cybersecurity-tools-patch-tuesday-forecast/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Wi-Fi 7’s mission-critical role in enterprise, industrial networking In this Help Net Security interview, Tiago Rodrigues, CEO at Wireless Broadband Alliance, discusses the transformative world of Wi-Fi 7, exploring its features and the impact it promises to have on our digital landscape. Cybersecurity challenges emerge in the wake of API expansion In this Help Net Security interview, Vedran Cindric, CEO … More

The post Week in review: 15 open-source cybersecurity tools, Patch Tuesday forecast appeared first on Help Net Security.

"

Autosummary: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Wi-Fi 7’s mission-critical role in enterprise, industrial networking In this Help Net Security interview, Tiago Rodrigues, CEO at Wireless Broadband Alliance, discusses the transformative world of Wi-Fi 7, exploring its features and the impact it promises to have on our digital landscape. "


Mortgage firm loanDepot cyberattack impacts IT systems, payment portal

ciber
2024-01-07 https://www.bleepingcomputer.com/news/security/mortgage-firm-loandepot-cyberattack-impacts-it-systems-payment-portal/
U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. [...] "

Autosummary: "If you are seeking to make a payment, you may do so through our contact center by speaking with an agent at 866-258-6572 from 7 am CT to 7 pm CT Monday through Friday, and 8 am CT to 5 pm CT on Saturday," advises loanDepot"s servicing portal. "


Memorial University recovers from cyberattack, delays semester start

ciber
2024-01-05 https://www.bleepingcomputer.com/news/security/memorial-university-recovers-from-cyberattack-delays-semester-start/
The Memorial University of Newfoundland (MUN) continues to deal with the effects of a cyberattack that occurred in late December and postponed the start of classes in one campus. [...] "

Autosummary: "To support the incredible team of Grenfell Campus IT professionals in their efforts, additional information technology (IT) personnel have arrived at Grenfell to assist with on-campus needs, while IT staff in St. John"s are also working with their colleagues to support the needs at Grenfell Campus" - Memorial University of Newfoundland In an update yesterday, the university announced that internet and WiFi for resident students are still not operational. "


Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony Anscombe

ciber
2024-01-05 https://www.welivesecurity.com/en/videos/cybersecurity-trends-challenges-watch-out-for-2024/
What are some of the key cybersecurity trends that people and organizations should have on their radars this year? "

Autosummary: "


15 open-source cybersecurity tools you’ll wish you’d known earlier

ciber
2024-01-04 https://www.helpnetsecurity.com/2024/01/04/open-source-cybersecurity-tools/

Open-source tools represent a dynamic force in the technological landscape, embodying innovation, collaboration, and accessibility. These tools, developed with transparency and community-driven principles, allow users to scrutinize, modify, and adapt solutions according to their unique needs. In cybersecurity, open-source tools are invaluable assets, empowering organizations to fortify their defenses against evolving threats. In this article, you will find a list of open-source cybersecurity tools that you should definitely check out. Nemesis: Open-source offensive data enrichment … More

The post 15 open-source cybersecurity tools you’ll wish you’d known earlier appeared first on Help Net Security.

"

Autosummary: Nemesis: Open-source offensive data enrichment and analytic pipeline Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data (i.e., data collected during penetration tests and red team engagements).​​ SessionProbe: Open-source multi-threaded pentesting tool SessionProbe is a multi-threaded pentesting tool designed to evaluate user privileges in web applications. "


Consumers prepared to ditch brands after cybersecurity issues

ciber
2024-01-04 https://www.helpnetsecurity.com/2024/01/04/consumers-cybersecurity-issue/

In 2023, businesses have been hit with 800,000 cyberattacks, over 60,000 of which were DDoS attacks and 4,000 falling victim to ransomware, according to Vercara. The research found that consumers hold nuanced perceptions regarding cybersecurity incidents and are often less aware of the role they play in maintaining cyber hygiene within a business. These findings underscore brand trust’s important role in the digital landscape – with an overwhelming 75% of consumers expressing their readiness to … More

The post Consumers prepared to ditch brands after cybersecurity issues appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity firm Mandiant has its Twitter account hacked to promote cryptocurrency scam

financial ciber
2024-01-04 https://grahamcluley.com/cybersecurity-firm-mandiant-has-its-twitter-account-hacked-to-promote-cryptocurrency-scam/
Google-owned cybersecurity company Mandiant has found itself in the awkward position of having to wrestle back control of its Twitter account, after it was hijacked by scammers yesterday. "

Autosummary: The official Mandiant account, which is followed by over 100,000 people, was seized by scammers promoting links to a phony website which claimed to offer free $PHNTM cryptocurrency tokens (but which was actually aiming to drain punters’ wallets. "


Cybersecurity challenges emerge in the wake of API expansion

ciber
2024-01-03 https://www.helpnetsecurity.com/2024/01/03/vedran-cindric-treblle-building-apis/

In this Help Net Security interview, Vedran Cindric, CEO at Treblle, discusses the exponential growth of AI-related APIs, citing a 96% increase in 2023. He sheds light on the integral role APIs play in powering AI interactions, revealing the invisible threads that connect users to AI-based chatbots and tools. As the technological landscape increasingly integrates AI, Cindric anticipates a profound impact on the evolution of APIs, emphasizing the growing importance of API security, authentication, and … More

The post Cybersecurity challenges emerge in the wake of API expansion appeared first on Help Net Security.

"

Autosummary: As the technological landscape increasingly integrates AI, Cindric anticipates a profound impact on the evolution of APIs, emphasizing the growing importance of API security, authentication, and the challenges posed by zombie endpoints.In this Help Net Security interview, Vedran Cindric, CEO at Treblle, discusses the exponential growth of AI-related APIs, citing a 96% increase in 2023.You might not see or understand it, but at the end of the day, all those questions, image lookups, or jokes are API requests. "


Emerging cybersecurity trends and expectations for 2024

ciber
2024-01-03 https://www.helpnetsecurity.com/2024/01/03/2024-cyber-attacks-video/

In this Help Net Security video, John Dwyer, Head of Research at IBM X-Force, discusses how 2024 is poised to be an incredibly impactful year for cyber attacks, driven by world events and access to advanced technologies like AI.

The post Emerging cybersecurity trends and expectations for 2024 appeared first on Help Net Security.

"

Autosummary: "


Facts and misconceptions about cybersecurity budgets

ciber
2024-01-03 https://www.helpnetsecurity.com/2024/01/03/cybersecurity-budgets-facts/

Managing and allocating budgets for cybersecurity and IT has become an increasingly critical aspect of organizational strategy. Organizations recognize the need to invest significantly in cybersecurity to safeguard sensitive data, protect against ransomware attacks, and ensure the integrity of their IT infrastructure. A well-structured cybersecurity budget is crucial for staying ahead of emerging threats and minimizing potential risks. In this article, you will find excerpts from cybersecurity budget surveys we covered in 2023. These findings … More

The post Facts and misconceptions about cybersecurity budgets appeared first on Help Net Security.

"

Autosummary: This year, 20% of CISOs did not receive a raise, double that of a year ago, while the share of CISOs with bigger retention bonuses and equity packages also declined to 12% (from 21%) and to 8% (from 24%), respectively. "


Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

ciber
2024-01-03 https://securityaffairs.com/156863/cyber-crime/artificial-intelligence-tool-for-invoice-fraud.html
Crooks created a new tool that uses Artificial Intelligence (AI) for creating fraudulent invoices used for wire fraud and BEC. Resecurity has uncovered a cybercriminal faction known as “GXC Team“, who specializes in crafting tools for online banking theft, ecommerce deception, and internet scams. Around November 11th, 2023, the group’s leader, operating under the alias […] "

Autosummary: Presently, the tools crafted by the “GXC Team” are capable of targeting over 300 entities, including top financial institutions, government services, postal services, cryptocurrency platforms, payment networks, and major international online marketplaces including AMEX, Amazon, Binance, Coinbase, Office 365 (Microsoft), PayPal, ING, Santander, Deutsche Bank, Postbank, DKB AG (Das kann Bank), BBBank eG (formerly Badische Beamtenbank) and multiple Spain-based banks specifically including ABANCA, Banca March, Banco de Sabadell, Grupo Caja Rural, Unicaja Banco SA, Caixa Enginyers, Banco Mediolanum, Laboral Kutxa, Eurocaja Dynamic, BBVA, and Santander.It’s noteworthy that most of the victim accounts identified were predominantly from the U.K. and various EU countries, including but not limited to Spain, France, Poland, Italy, Germany, Switzerland, among others.Around November 11th, 2023, the group’s leader, operating under the alias “googleXcoder“, made multiple announcements on the Dark Web. "


Key cybersecurity skills gap statistics you should be aware of

industry ciber
2024-01-02 https://www.helpnetsecurity.com/2024/01/02/cybersecurity-skills-gap-statistics/

As the sophistication and frequency of cyber threats continue to escalate, the demand for skilled cybersecurity professionals has never been bigger. The skills gap is not merely a statistical discrepancy; it represents a substantial vulnerability in the defense mechanisms of businesses and institutions. From the shortage of experts in critical areas such as penetration testing and threat analysis to the broader issues of workforce diversity and continuous skill development, the problems contributing to this gap … More

The post Key cybersecurity skills gap statistics you should be aware of appeared first on Help Net Security.

"

Autosummary: Soft skills continue to challenge the cybersecurity sector When looking at soft skills, communication (58%), critical thinking (54%), problem-solving (49%), teamwork (45%), and attention to detail (36%) come in as the top five skills employers are seeking in cybersecurity job candidates. "


Cybercriminals set their sights on crypto markets

ciber
2024-01-02 https://www.helpnetsecurity.com/2024/01/02/cryptocurrency-cyber-threats-video/

The cryptocurrency market has grown significantly, attracting both enthusiasts and investors. However, the rise of cryptocurrencies has also brought forth an unprecedented need for cybersecurity measures. Cybersecurity in the context of cryptocurrencies involves safeguarding not only the blockchain networks but also the digital wallets, exchanges, and trading platforms that facilitate the transfer of these assets. In this Help Net Security round-up, we present segments from previously recorded videos in which cybersecurity experts discuss the increasing … More

The post Cybercriminals set their sights on crypto markets appeared first on Help Net Security.

"

Autosummary: "


Online museum collections down after cyberattack on service provider

ciber Telcos
2024-01-02 https://www.bleepingcomputer.com/news/security/online-museum-collections-down-after-cyberattack-on-service-provider/
Museum software solutions provider Gallery Systems has disclosed that its ongoing IT outages were caused by a ransomware attack last week. [...] "

Autosummary: "


Top 2023 Security Affairs cybersecurity stories

ciber
2024-01-01 https://securityaffairs.com/156722/breaking-news/top-2023-security-affairs-stories.html
These are the Top 2023 Security Affairs cybersecurity stories … enjoy it. CYBERCRIMINALS LAUNCHED “LEAKSMAS” EVENT IN THE DARK WEB EXPOSING MASSIVE VOLUMES OF LEAKED PII AND COMPROMISED DATA Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. 1.7 TB OF DATA STOLEN FROM DIGITAL INTELLIGENCE FIRM CELLEBRITE LEAKED ONLINE […] "

Autosummary: "


The biggest cybersecurity and cyberattack stories of 2023

ciber
2024-01-01 https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2023/
2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. [...] "

Autosummary: Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, and Muddled Libra, is adept at social engineering and relies on phishing, multi-factor authentication (MFA) bombing (targeted MFA fatigue), and SIM swapping to gain initial network access on large organizations. Just hours after the attack, victims began reporting in the BleepingComputer"s forum that files with vmxf, .vmx, .vmdk, .vmsd, and .nvram, all files associated with VMware ESXi virtual machines, were encrypted. MGM Resorts International suffered a massive attack that impacted numerous systems, including its main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines.2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. "Since we neither can nor wish to meet the financial demands of the criminal hackers for a ransom, CloudNordic"s IT team and external experts have been working intensively to assess the damage and determine what could be recovered," reads CloudNordic"s statement (machine translated) "Sadly, it has been impossible to recover more data, and the majority of our customers have consequently lost all their data with us. MOVEit Transfer is a managed file transfer (MFT) solution developed by Ipswitch, a subsidiary of US-based Progress Software Corporation, that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads. "


Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks

financial ciber
2023-12-30 https://thehackernews.com/2023/12/beware-scam-as-service-aiding.html
Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. "These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu, "

Autosummary: "These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu, Dikla Barda, and Roman Zaikin said. "


Unveiling the true cost of healthcare cybersecurity incidents

ciber
2023-12-28 https://www.helpnetsecurity.com/2023/12/28/cost-healthcare-cyber-incidents/

As healthcare organizations increasingly rely on interconnected systems, electronic health records, and telemedicine, the industry becomes a prime target for malicious actors seeking to exploit vulnerabilities. The consequences of a cybersecurity breach in healthcare are not only measured in compromised data but also in jeopardized patient safety and trust. In this article, you will find excerpts from cybersecurity-focused surveys conducted in the healthcare sector we covered in 2023. By utilizing this data, your security team … More

The post Unveiling the true cost of healthcare cybersecurity incidents appeared first on Help Net Security.

"

Autosummary: "


5 pivotal cybersecurity trends for 2024

ciber
2023-12-28 https://www.helpnetsecurity.com/2023/12/28/2024-cyberattacks-trends/

In 2023, cyberattacks surged both in terms of frequency and sophistication. The proliferation of cutting-edge hacking tools and technologies – now more accessible than ever thanks to advances in generative AI – created an environment conducive for cyber threats to flourish, forcing organizations to adopt proactive measures to keep their digital assets secure. Heading into 2024, the attack surface is set to expand even further, with threats likely to grow more and more elusive. Considering … More

The post 5 pivotal cybersecurity trends for 2024 appeared first on Help Net Security.

"

Autosummary: Deepfakes and multi-modal ML models: The evolution of deception Staying in the AI realm, multi-modal machine learning models have granted attackers the capacity to generate convincing audio, images, and videos to trick unsuspecting employees. Just this past summer, threat actors used a malicious open-source program known as TeamsPhisher to send phishing lures to unsuspecting users via Microsoft Teams to perpetrate subsequent cyber-strikes, including ransomware attacks. "


Eagers Automotive halts trading in response to cyberattack

industry ciber
2023-12-28 https://www.bleepingcomputer.com/news/security/eagers-automotive-halts-trading-in-response-to-cyberattack/
Eagers Automotive has announced it suffered a cyberattack and was forced to halt trading on the stock exchange as it evaluates the impact of the incident. [...] "

Autosummary: Eagers Automotive is the largest operator of car dealerships in Australia and New Zealand, with over 300 selling points for brands such as Toyota, BMW, Nissan, Mercedes-Benz, Audi, Ford, VW, and Honda. "


Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

ciber
2023-12-28 https://securityaffairs.com/156560/deep-web/leaksmas-dark-web-data-leak.html
Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Over 50 million records containing PII of consumers from around the world have been leaked. The actual damage resulting […] "

Autosummary: "


A cyberattack hit Australian healthcare provider St Vincent’s Health Australia

ciber
2023-12-27 https://securityaffairs.com/156445/data-breach/st-vincents-health-australia-cyberattack.html
St Vincent’s Health Australia, the largest Australian healthcare provider, suffered a data breach after a cyber attack. St Vincent’s Health Australia is the largest non-profit healthcare provider in the country, The healthcare system was hit by a cyberattack that resulted in a data breach. St Vincent’s Health Australia reported the incident to local authorities and […] "

Autosummary: In the last couple of years, multiple prominent Australian organizations have been victims of cyberattacks, including Medibank, Energy One, Crown Resorts, Latitude Financial, Nissan Australia, DP World Australia, EnergyAustralia, and Optus. "


Panasonic discloses data breach after December 2022 cyberattack

financial ciber
2023-12-27 https://www.bleepingcomputer.com/news/security/panasonic-discloses-data-breach-after-december-2022-cyberattack/
Panasonic Avionics Corporation, a leading supplier of in-flight communications and entertainment systems, disclosed a data breach affecting an undisclosed number of individuals after its corporate network was breached more than one year ago, in December 2022. [...] "

Autosummary: "


Ohio Lottery hit by cyberattack claimed by DragonForce ransomware

exploits ransomware ciber
2023-12-27 https://www.bleepingcomputer.com/news/security/ohio-lottery-hit-by-cyberattack-claimed-by-dragonforce-ransomware/
The Ohio Lottery was forced to shut down some key systems after a cyberattack affected an undisclosed number of internal applications on Christmas Eve. [...] "

Autosummary: Not much is known about the DragonForce ransomware gang, and while they are a new operation, their tactics, negotiation style, and data leak site indicate an experienced extortion group. "


Integris Health patients get extortion emails after cyberattack

ciber
2023-12-26 https://www.bleepingcomputer.com/news/security/integris-health-patients-get-extortion-emails-after-cyberattack/
Integris Health patients in Oklahoma are receiving blackmail emails stating that their data was stolen in a cyberattack on the healthcare network, and if they did not pay an extortion demand, the data would be sold to other threat actors. [...] "

Autosummary: Tor dark web site selling personal data of patients Source: BleepingComputer The website contains data added between October 19th and December 24th, 2023, allowing visitors to pay $50 to delete the data record or $3 to view it. "


11 GenAI cybersecurity surveys you should read

ciber
2023-12-22 https://www.helpnetsecurity.com/2023/12/22/genai-cybersecurity-surveys/

Generative AI stands at the forefront of technological innovation, reshaping industries and unlocking new possibilities across various domains. However, as the integration of these technologies continues, a vigilant approach to ethical considerations and regulatory compliance is essential to ensure that the benefits of generative AI in cybersecurity are realized responsibly and sustainably. In this article, you will find excerpts from generative AI surveys we covered in 2023. These findings can help with future cybersecurity strategies. … More

The post 11 GenAI cybersecurity surveys you should read appeared first on Help Net Security.

"

Autosummary: Only a fraction of risk leaders are prepared for GenAI threats Companies’ top generative AI concerns include data privacy and cyber issues (65%), employees making decisions based on inaccurate information (60%), employee misuse and ethical risks (55%), and copyright and intellectual property risks (34%). "


New insights into the global industrial cybersecurity landscape

industry ciber
2023-12-22 https://www.helpnetsecurity.com/2023/12/22/critical-infrastructure-security-professionals-video/

In this Help Net Security video, William Noto, VP and Industry Principal for Claroty, discusses their recent global survey of 1,100 IT and OT security professionals who work in critical infrastructure sectors. When it comes to ransomware attacks, the impact on OT environments is catching up to the impact on IT environments, according to Claroty. Of the 75% of respondents whose organizations were targeted by ransomware attacks in the past year, 69% paid the ransom, … More

The post New insights into the global industrial cybersecurity landscape appeared first on Help Net Security.

"

Autosummary: "


Nissan Australia cyberattack claimed by Akira ransomware gang

exploits ransomware ciber
2023-12-22 https://www.bleepingcomputer.com/news/security/nissan-australia-cyberattack-claimed-by-akira-ransomware-gang/
Today, the Akira ransomware gang claimed that it breached the network of Nissan Australia, the Australian division of Japanese car maker Nissan. [...] "

Autosummary: "You will find docs with personal information of their employees in the archives and much other interested stuff like NDAs, projects, information about clients and partners etc." Akira surfaced in March 2023 and drew attention after quickly amassing a large number of victims from various industry sectors. "


86% of cyberattacks are delivered over encrypted channels

ciber
2023-12-21 https://www.helpnetsecurity.com/2023/12/21/malware-encrypted-threats/

Threats over HTTPS grew by 24% from 2022, underscoring the sophisticated nature of cybercriminal tactics that target encrypted channels, according to Zscaler. For the second year in a row, manufacturing was the industry most commonly targeted, with education and government organizations seeing the highest year-over-year increase in attacks. Additionally, malware, which includes malicious web content and malware payloads, continued to dominate over other types of encrypted attacks, with ad spyware sites and cross-site scripting accounting … More

The post 86% of cyberattacks are delivered over encrypted channels appeared first on Help Net Security.

"

Autosummary: In total, 86% of all cyber threats, including malware, ransomware, and phishing attacks, are delivered over encrypted channels. "


How executives adapt to rising cybersecurity concerns in mobile networks

ciber
2023-12-21 https://www.helpnetsecurity.com/2023/12/21/mobile-networks-concerns-video/

In this Help Net Security video, Rowland Corr, VP & Head of Government Relations at Enea, discusses the implications of burner phones and the crisis of confidence in network operators as they struggle to protect consumers from sophisticated (usually state-sponsored) cyber threats.

The post How executives adapt to rising cybersecurity concerns in mobile networks appeared first on Help Net Security.

"

Autosummary: "


Title insurance giant First American offline after cyberattack

ciber
2023-12-21 https://www.bleepingcomputer.com/news/security/title-insurance-giant-first-american-offline-after-cyberattack/
First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack. [...] "

Autosummary: Title insurance providers under attack Fidelity National Financial, another American title insurance provider, issued a similar disclosure last month, saying that its network was impacted by a "cybersecurity incident. "


First American takes IT systems offline after cyberattack

ciber
2023-12-21 https://www.bleepingcomputer.com/news/security/first-american-takes-it-systems-offline-after-cyberattack/
First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack. [...] "

Autosummary: Title insurance providers under attack Fidelity National Financial, another American title insurance provider, issued a similar disclosure last month, saying that its network was impacted by a "cybersecurity incident. "


AI’s efficacy is constrained in cybersecurity, but limitless in cybercrime

ciber
2023-12-20 https://www.helpnetsecurity.com/2023/12/20/ai-security-solutions/

Bringing artificial intelligence into the cybersecurity field has created a vicious cycle. Cyber professionals now employ AI to enhance their tools and boost their detection and protection capabilities, but cybercriminals are also harnessing AI for their attacks. Security teams then use more AI in response to the AI-driven threats, and threat actors augment their AI to keep up, and the cycle continues. Despite its great potential, AI is significantly limited when employed in cybersecurity. There … More

The post AI’s efficacy is constrained in cybersecurity, but limitless in cybercrime appeared first on Help Net Security.

"

Autosummary: For example, AI-aided SIEM may accurately point out anomalies for security personnel to evaluate; however, an inside threat actor can prevent the proper handling of the security issues spotted by the system, rendering the use of AI in this case practically futile.Using AI to fight cyber threats will always be challenging due to various factors, including the need to establish trust, the caution needed when using data for machine learning training, and the importance of human decision-making.It’s good that humans can dismiss AI judgment or decisions, but this also means that human-targeted threats, like social engineering attacks, remain potent. "


Supply chain emerges as major vector in escalating automotive cyberattacks

industry ciber
2023-12-20 https://www.helpnetsecurity.com/2023/12/20/automotive-cyberattacks-video/

In this Help Net Security video, Jay Yaneza, Cybersecurity Architect at VicOne, discusses how, in the first half of the year, cyberattacks on the automotive sector caused losses exceeding $11 billion. These attacks mainly targeted automotive suppliers, not OEMs, showing an increasing trend in supply chain vulnerabilities. Over 90% of the attacks focused on entities other than OEMs.

The post Supply chain emerges as major vector in escalating automotive cyberattacks appeared first on Help Net Security.

"

Autosummary: "


BMW dealer at risk of takeover by cybercriminals

ciber
2023-12-20 https://securityaffairs.com/156182/breaking-news/bmw-dealer-at-risk-of-takeover-by-cybercriminals.html
By neglecting to set a password, a BMW dealer in India has jeopardized the entire network of car dealerships in the country and put its clients at risk. The Cybernews research team has discovered that the Bengaluru branch of BMW Kun Exclusive, a BMW dealership in India, has exposed sensitive data to the public. The […] "

Autosummary: List of dealerships with leaked credentials: BMW Bird Automotive BMW EVM Autokraft BMW Infinity Cars BMW Krishna Automobiles BMW Munich Motors BMW Navnit Motors BMW Speed Motorwagen BMW Titanium Autos BMW Varsha Autohaus BMW Bavaria Motors BMW Eminent Cars BMW Sanghi Classic BMW OSL Prestige BMW Gallops Autohaus BMW Enterprise BMW Apart from being left accessible to the public, the fact that credentials were saved in plain text already shows weak cybersecurity practices. If you want to learn more about how BMW Kun Exclusive can mitigate the risks take a look at the original post at: https://cybernews.com/security/bmw-india-data-leak/ About the author: Paulina Okunytė, Journalist at Cybernews Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, BMW dealer) "


BMW dealer at risk of takeover by cybercriminals

ciber
2023-12-20 https://securityaffairs.com/156182/data-breach/bmw-dealer-at-risk-of-takeover-by-cybercriminals.html
By neglecting to set a password, a BMW dealer in India has jeopardized the entire network of car dealerships in the country and put its clients at risk. The Cybernews research team has discovered that the Bengaluru branch of BMW Kun Exclusive, a BMW dealership in India, has exposed sensitive data to the public. The […] "

Autosummary: List of dealerships with leaked credentials: BMW Bird Automotive BMW EVM Autokraft BMW Infinity Cars BMW Krishna Automobiles BMW Munich Motors BMW Navnit Motors BMW Speed Motorwagen BMW Titanium Autos BMW Varsha Autohaus BMW Bavaria Motors BMW Eminent Cars BMW Sanghi Classic BMW OSL Prestige BMW Gallops Autohaus BMW Enterprise BMW Apart from being left accessible to the public, the fact that credentials were saved in plain text already shows weak cybersecurity practices. If you want to learn more about how BMW Kun Exclusive can mitigate the risks take a look at the original post at: https://cybernews.com/security/bmw-india-data-leak/ About the author: Paulina Okunytė, Journalist at Cybernews Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, BMW dealer) "


Stellar Cyber integrates with SentinelOne for enhanced cybersecurity across environments

ciber
2023-12-20 https://www.helpnetsecurity.com/2023/12/20/stellar-cyber-sentinelone-integration/

Stellar Cyber unveiled its integration with SentinelOne to help organizations protect their on-premises, cloud, hybrid, and IT/OT environments by making use of the latest advancements in cybersecurity technologies. Together, Stellar Cyber and SentinelOne deliver a security operations solution that automates the identification of advanced threats by correlating threat signals from various data sources, providing security analysts with the contextualized threat information they need to mitigate threats. By combining SentinelOne and Stellar Cyber, customers can be … More

The post Stellar Cyber integrates with SentinelOne for enhanced cybersecurity across environments appeared first on Help Net Security.

"

Autosummary: "


ConnectSecure announces improved cybersecurity scanning platform for MSPs

ciber
2023-12-20 https://www.helpnetsecurity.com/2023/12/20/connectsecure-cybersecurity-scanning-platform/

ConnectSecure announced it will launch the much-anticipated Version 4.0 of its flagship cybersecurity scanning platform by the end of the year. This release marks a significant leap in the technology, offering efficiency and security management for MSPs globally. Revolutionizing cybersecurity with global GRC view The cornerstone of Version 4.0 is its innovative shift to a global Governance-Risk-and-Compliance (GRC)-centric view. This groundbreaking feature provides MSPs with a comprehensive, real-time overview of all client assets, both networked … More

The post ConnectSecure announces improved cybersecurity scanning platform for MSPs appeared first on Help Net Security.

"

Autosummary: Version 4.0: Packed with new features ConnectSecure’s latest version includes an array of new functionalities designed to streamline MSP operations, such as: Multi-perspective views including global, company, and asset-category Enhanced problem and solution views for driving operational efficiencies Timeline views for detailed asset history, crucial for compliance and audits Fully customizable reports with versatile data export options A robust new Dashboard Engine Significantly improved scalability Advanced bandwidth optimization through smart compression and incremental sync Exclusive, top-tier support entirely based in the US from the Tampa headquarters/li> Strategic pricing for future-ready cybersecurity With the significant new platform functionality, ConnectSecure is revising its pricing tiers for 2024. "


Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season

financial ciber
2023-12-19 https://securityaffairs.com/156119/cyber-crime/smishing-uae-federal-authority-sms.html
Smishing Triad: Researchers warn crooks impersonating UAE Federal Authority for Identity and citizenship ahead of the Holiday Season Resecurity, Inc. (USA) has identified a new fraudulent campaign by the Smishing Triad gang in which they are impersonating the United Arab Emirates Federal Authority for Identity and Citizenship. This campaign involves malicious SMS/iMessage texts that pretend […] "

Autosummary: "


Interpol operation arrests 3,500 cybercriminals, seizes $300 million

ciber
2023-12-19 https://www.bleepingcomputer.com/news/security/interpol-operation-arrests-3-500-cybercriminals-seizes-300-million/
An international law enforcement operation codenamed "Operation HAECHI IV" has led to the arrest of 3,500 suspects of various lower-tier cybercrimes and seized $300 million in illicit proceeds. [...] "

Autosummary: "


MongoDB warns customers about data breach after cyberattack

financial ciber
2023-12-18 https://www.malwarebytes.com/blog/news/2023/12/mongodb-warns-customers-about-data-breach-after-cyberattack
MongoDB has warned customers about a data breach that leaked information about their customers. The incident is under investigation. "

Autosummary: The targeted system contained customer names, phone numbers, and email addresses among other customer account metadata, including system logs for one customer. "


MongoDB investigates a cyberattack, customer data exposed

ciber
2023-12-17 https://securityaffairs.com/156008/hacking/mongodb-investigate-cyberattack.html
MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information. MongoDB on Saturday disclosed it is investigating a cyber attack against certain corporate systems. MongoDB is a US company that developed the popular open-source NoSQL database management system. The cyber attack was discovered on December 13, 2023, and […] "

Autosummary: MongoDB investigates a cyberattack, customer data exposed Pierluigi Paganini December 17, 2023 December 17, 2023 MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information. "


MongoDB says customer data was exposed in a cyberattack

ciber
2023-12-16 https://www.bleepingcomputer.com/news/security/mongodb-says-customer-data-was-exposed-in-a-cyberattack/
MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week. [...] "

Autosummary: "


Staying ahead in 2024 with top cybersecurity predictions

ciber
2023-12-14 https://www.helpnetsecurity.com/2023/12/14/2024-cybersecurity-landscape-video/

What will 2024 hold for the cybersecurity landscape? In this Help Net Security video, Steve Cobb, CISO at SecurityScorecard, offers his take on what professionals can expect next year.

The post Staying ahead in 2024 with top cybersecurity predictions appeared first on Help Net Security.

"

Autosummary: "


ThreatNG open-source datasets aim to improve cybersecurity practices

ciber
2023-12-13 https://www.helpnetsecurity.com/2023/12/13/threatng-open-source-datasets/

The ThreatNG Governance and Compliance Dataset is an open-source initiative that aims to democratize access to critical data, fostering transparency, collaboration, and improvement of cybersecurity practices globally. Datasets for organizational insight The open-source datasets offered by ThreatNG provide an understanding of organizational practices, promoting informed decision-making and accountability within the corporate landscape. These datasets include: ESG (Environmental, Social, Governance) filings – A dataset highlighting a company’s dedication to sustainability, ethical behavior, and good governance, offering … More

The post ThreatNG open-source datasets aim to improve cybersecurity practices appeared first on Help Net Security.

"

Autosummary: How you can use the datasets Eric Gonzales, founder of ThreatNG, told Help Net Security what they experienced with their security service provider customers/partners, along with how they have used the ethics and governance documents: Develop compliant incident response plans These documents provide frameworks for developing incident response plans that comply with the customer’s ethical and governance requirements. "


Which cybersecurity controls are organizations struggling with?

ciber
2023-12-13 https://www.helpnetsecurity.com/2023/12/13/organizations-cybersecurity-controls/

How are organizations performing across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework? A recent analysis by Bitsight and Google reveals some good and some bad results – and room for improvement. What is MVSP? Minimum Viable Secure Product (MVSP) is a baseline security checklist for B2B software and business process outsourcing suppliers, consisting of 25 controls across four key areas – Business, Application Design, Application Implementation, and Operational. For the “Cybersecurity Control … More

The post Which cybersecurity controls are organizations struggling with? appeared first on Help Net Security.

"

Autosummary: Eight MVSP controls that are important for vulnerability management – External Testing, Self-assessment, Vulnerability Prevention, Encryption, HTTPS-only, Security Headers, Dependency Patching, Time to Fix Vulnerabilities – have either high 2023 Fail rates, low Pass rates, or both, across all industries. "


Balancing AI advantages and risks in cybersecurity strategies

ciber
2023-12-12 https://www.helpnetsecurity.com/2023/12/12/matt-holland-field-effect-ai-cyber-threats/

In this Help Net Security interview, Matt Holland, CEO of Field Effect, discusses achieving a balance for businesses between the advantages of using AI in their cybersecurity strategies and the risks posed by AI-enhanced cyber threats. Holland also explores how education, awareness, and implemented measures prepare organizations for these evolving challenges. Furthermore, he underscores that relying solely on AI-driven solutions without human expertise leads to disaster. There’s a lot of buzz around AI supercharging cyberattacks. … More

The post Balancing AI advantages and risks in cybersecurity strategies appeared first on Help Net Security.

"

Autosummary: That’s not to say there’s no reason to be concerned, though—AI and LLMs could be used to create even more sophisticated social engineering campaigns—think deepfakes, audio messages, recordings, and even well-crafted emails that would be much harder to discern from the real thing.Instead, look for a trusted partner that can help manage your protection, and invest in a holistic solution that can evaluate your cyber risk and proactively detect security events across your entire IT environment—including endpoints, networks, and any cloud or SaaS infrastructure you rely on. "


Ukraine"s largest mobile carrier Kyivstar down following cyberattack

ciber Telcos
2023-12-12 https://www.bleepingcomputer.com/news/security/ukraines-largest-mobile-carrier-kyivstar-down-following-cyberattack/
Kyivstar, Ukraine"s largest telecommunications service provider serving over 25 million mobile and home internet subscribers, has suffered a cyberattack impacting mobile and data services. [...] "

Autosummary: The official website is offline, but the company informed subscribers via its social media channels that it was targeted by hackers this morning, causing a technical failure that impacts mobile communications and internet access. "


Cybercriminals continue targeting open remote access products

ransomware ciber
2023-12-11 https://www.helpnetsecurity.com/2023/12/11/remote-access-malicious-actions/

Cybercriminals still prefer targeting open remote access products, or like to leverage legitimate remote access tools to hide their malicious actions, according to WatchGuard. “Threat actors continue using different tools and methods in their attack campaigns, making it critical for organizations to keep abreast of the latest tactics to fortify their security strategy,” said Corey Nachreiner, chief security officer at WatchGuard. “Modern security platforms that include firewalls and endpoint protection software can deliver enhanced protection … More

The post Cybercriminals continue targeting open remote access products appeared first on Help Net Security.

"

Autosummary: Still, script-based attacks remain the largest attack vector, accounting for 56% of total attacks, and scripting languages like PowerShell are often used in living-off-the-land attacks.For instance, in researching the top phishing domains, the Threat Lab observed a tech support scam that would result in a victim downloading a pre-configured, unauthorised version of TeamViewer, which would allow an attacker full remote access to their computer. "


Adapting cybersecurity for the quantum computing era

ciber
2023-12-11 https://www.helpnetsecurity.com/2023/12/11/quantum-computing-data-security-implications-video/

Researchers are exploring promising quantum computing applications across various domains, from cryptography and optimization problems to drug discovery and artificial intelligence. The race to harness the power of quantum bits has sparked a wave of innovation and collaboration, bringing together experts from physics, computer science, and engineering to unlock the full potential of this groundbreaking technology. Quantum computers, with their ability to perform complex calculations at speeds unattainable by classical counterparts, possess the potential to … More

The post Adapting cybersecurity for the quantum computing era appeared first on Help Net Security.

"

Autosummary: "


See me talking about “Future-proofing enterprise cybersecurity for AI, vulnerabilities, and business risks”

ciber
2023-12-07 https://grahamcluley.com/webinar-future-proofing-enterprise-cybersecurity-for-ai-vulnerabilities-and-business-risks/
Using real-life examples of organisations who have been hacked, I"ll be discussing with experts from Skybox Security the importance of adopting a resilient strategy for dealing with vulnerabilities inside your organisation. "

Autosummary: "


Smashing Security podcast #351: Nuclear cybersecurity, Marketplace scams, and face up to porn

financial ciber
2023-12-07 https://grahamcluley.com/smashing-security-podcast-351/
Hacking fears are raised at Western Europe"s most hazardous building, why porn sites might soon be scanning your face, and our guest narrowly avoids a Facebook Marketplace scammer. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis. "

Autosummary: Hosts: Graham Cluley – @gcluley Carole Theriault – @caroletheriault Guest: Dinah Davis – @dinah_davis Episode links: Sponsored by: Push Security – Monitor and secure your entire identity attack surface, including non-SSO identities. "


Navy contractor Austal USA confirms cyberattack after data leak

ciber
2023-12-06 https://www.bleepingcomputer.com/news/security/navy-contractor-austal-usa-confirms-cyberattack-after-data-leak/
Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) confirmed that it suffered a cyberattack and is currently investigating the impact of the incident. [...] "

Autosummary: Hunters International threaten to publish more data stolen from Austal’s systems in the following days, including compliance documents, recruiting information, finance details, certifications, and engineering data. "


Nissan is investigating cyberattack and potential data breach

financial ciber
2023-12-06 https://www.bleepingcomputer.com/news/security/nissan-is-investigating-cyberattack-and-potential-data-breach/
Japanese car maker Nissan is investigating a cyberattack that targeted its systems in Australia and New Zealand, which may have let hackers access personal information. [...] "

Autosummary: "


Resecurity and ICS Technologies join forces to improve cybersecurity in Iraq

industry ciber
2023-12-05 https://www.helpnetsecurity.com/2023/12/05/resecurity-ics-technologies-iraq-partnership/

Resecurity and ICS Technologies IRAQ, a well-established ICT System Integration Company with HQ in Baghdad, Iraq, have joined forces to fortify cybersecurity, fraud prevention and risk intelligence measures nationwide. This strategic partnership is poised to bring intelligence-driven defensive solutions to Iraq, helping consumers and organizations safeguard their digital assets and combat the evolving threat landscape. Resecurity, headquartered in the United States, is renowned for its innovative cybersecurity products and threat intelligence services. Under the visionary … More

The post Resecurity and ICS Technologies join forces to improve cybersecurity in Iraq appeared first on Help Net Security.

"

Autosummary: Key highlights of the partnership: Advanced cybersecurity solutions: Resecurity, known for its advanced threat intelligence, threat hunting, incident response, and digital risk management solutions, will provide Iraq-based organizations with state-of-the-art cybersecurity tools to protect against a wide range of cyber threats. "


HTC Global Services confirms cyberattack after data leaked online

ciber
2023-12-05 https://www.bleepingcomputer.com/news/security/htc-global-services-confirms-cyberattack-after-data-leaked-online/
IT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware gang began leaking screenshots of stolen data. [...] "

Autosummary: According to Beaumont, one of HTC"s business units, CareTech, operated a vulnerable Citrix Netscaler device, which was exploited for initial access to the company"s network. "


2024 cybersecurity outlook: The rise of AI voice chatbots and prompt engineering innovations

ciber
2023-12-04 https://www.helpnetsecurity.com/2023/12/04/2024-cybersecurity-outlook/

In their 2024 cybersecurity outlook, WatchGuard researchers forecast headline-stealing hacks involving LLMs, AI-based voice chatbots, modern VR/MR headsets, and more in the coming year. Companies and individuals are experimenting with LLMs to increase operational efficiency. But threat actors are learning how to exploit LLMs for their own malicious purposes as well. During 2024, the WatchGuard Threat Lab predicts that a smart prompt engineer ‒ whether a criminal attacker or researcher ‒ will crack the code … More

The post 2024 cybersecurity outlook: The rise of AI voice chatbots and prompt engineering innovations appeared first on Help Net Security.

"

Autosummary: AI-based vishing takes off in 2024 With approximately 3.4 million open cybersecurity jobs, and fierce competition for the talent that is available, more small- to midsized- companies will turn to trusted managed service and security service providers, known as MSPs and MSSPs, to protect them in 2024. "


Maximizing cybersecurity on a budget

ciber
2023-12-04 https://www.helpnetsecurity.com/2023/12/04/cybersecurity-budget-components-video/

A cybersecurity budget is an allocation of resources, both financial and otherwise, dedicated to protecting an organization’s digital assets from cyber threats. This includes funds for security software, hardware, training, and personnel. A well-structured cybersecurity budget ensures that an organization is adequately prepared to detect, prevent, and respond to potential cyberattacks, thereby minimizing the risk of data breaches and other security incidents. In this Help Net Security round-up, we present segments from previously recorded videos … More

The post Maximizing cybersecurity on a budget appeared first on Help Net Security.

"

Autosummary: "


Capital Health Hospitals hit by cyberattack causing IT outages

ciber
2023-11-30 https://www.bleepingcomputer.com/news/security/capital-health-hospitals-hit-by-cyberattack-causing-it-outages/
Capital Health hospitals and physician offices across New Jersey are experiencing IT outages after a cyberattack hit the non-profit organization"s network earlier this week. [...] "

Autosummary: The healthcare system manages two hospitals (the Regional Medical Center in Trenton and Capital Health Medical Center in Hopewell), an outpatient facility in Hamilton, and dozens of New Jersey primary and specialty care practices. "


Staples confirms cyberattack behind service outages, delivery issues

ciber
2023-11-30 https://www.bleepingcomputer.com/news/security/staples-confirms-cyberattack-behind-service-outages-delivery-issues/
American office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach"s impact and protect customer data. [...] "

Autosummary: The disclosure comes after multiple Reddit reports posted online since Monday reported various Staples internal operation problems, including an inability to access Zendesk, VPN employee portals, print email, use phone lines, and more. "


Not all cybercriminals are evil geniuses

ciber
2023-11-30 https://grahamcluley.com/not-all-cybercriminals-are-evil-geniuses/
I thought some of you might enjoy this. Here’s a video of a recent after-dinner talk I gave, exploring (in a hopefully fun way!) whether cybercriminals are quite as smart as we sometimes think they are. Are malicious hackers geniuses? Are they all evil? Be sure to subscribe to my YouTube channel if you would … Continue reading "Not all cybercriminals are evil geniuses" "

Autosummary: "


Japanese Space Agency JAXA hacked in summer cyberattack

ciber
2023-11-29 https://www.bleepingcomputer.com/news/security/japanese-space-agency-jaxa-hacked-in-summer-cyberattack/
The Japan Aerospace Exploration Agency (JAXA) was hacked in a cyberattack over the summer, potentially compromising sensitive space-related technology and data. [...] "

Autosummary: "


Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine

exploits ransomware ciber
2023-11-28 https://thehackernews.com/2023/11/key-cybercriminals-behind-notorious.html
A coordinated law enforcement operation has led to the arrest of key individuals in Ukraine who are alleged to be a part of several ransomware schemes. "On 21 November, 30 properties were searched in the regions of Kyiv, Cherkasy, Rivne, and Vinnytsia, resulting in the arrest of the 32-year-old ringleader," Europol said in a statement today. "Four of the ringleader"s most active accomplices were "

Autosummary: "


DP World confirms data stolen in cyberattack, no ransomware used

exploits ransomware ciber
2023-11-28 https://www.bleepingcomputer.com/news/security/dp-world-confirms-data-stolen-in-cyberattack-no-ransomware-used/
International logistics giant DP World has confirmed that data was stolen during a cyber attack that disrupted its operations in Australia earlier this month. However, no ransomware payloads or encryption was used in the attack. [...] "

Autosummary: The Australian Cyber Security Coordinator, the Australian Cyber Security Center, the Australian Federal Police, the Department of Home Affairs, and the Office of the Australian Information Commissioner have all been informed of the situation and are working closely with DP World to lessen the impact for those who had their data stolen. "


‘Tis the season to be wary: 12 steps to ruin a cybercriminal"s day

ciber
2023-11-27 https://www.welivesecurity.com/en/scams/tis-season-wary-ruin-cybercriminals-day/
The holiday shopping season may be the time to splurge, but it’s a also favorite time of year for cybercriminals to target shoppers with phony deals, phishing scams and other threats "

Autosummary: However, clicking on the link provided in the email or text, supposedly to claim your gift card, may result in malware installation, the compromise of your personal data, or receiving a stolen card.Put simply, your money and/or your personal information, including logins to relevant accounts, which can then be sold on to others to commit identity fraud.If you haven’t heard of one before, do some research on it first – try Googling the name plus “scam” or “fraud,” and check out customer reviews, to assess its reputation.The holiday shopping season may be the time to splurge, but it’s a also favorite time of year for cybercriminals to target shoppers with phony deals, phishing scams and other threats The holiday shopping season is in full swing. Never click on pop-up ads, even if they’re offering tremendous shopping bargains, as the ads are often malicious. "


Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel

ciber
2023-11-24 https://thehackernews.com/2023/11/hamas-linked-cyberattacks-using-rust.html
Cybersecurity researchers have shed light on a Rust version of a cross-platform backdoor called SysJoker, which is assessed to have been used by a Hamas-affiliated threat actor to target Israel amid the ongoing war in the region. “Among the most prominent changes is the shift to Rust language, which indicates the malware code was entirely rewritten, while still maintaining similar "

Autosummary: "In addition, the threat actor moved to using OneDrive instead of Google Drive to store dynamic C2 (command-and-control server) URLs." SysJoker was publicly documented by Intezer in January 2022, describing it as a backdoor capable of gathering system information and establishing contact with an attacker-controlled server by accessing a text file hosted on Google Drive that contains a hard-coded URL. "


Cyberattack on IT provider CTS impacts dozens of UK law firms

ciber
2023-11-24 https://www.bleepingcomputer.com/news/security/cyberattack-on-it-provider-cts-impacts-dozens-of-uk-law-firms/
A cyberattack on CTS, a leading managed service provider (MSP) for law firms and other organizations in the UK legal sector, is behind a major outage impacting numerous law firms and home buyers in the country since Wednesday. [...] "

Autosummary: O"Neil Patient, one of CTS" clients, told Property Industry Eye that the outage "is impacting a number of organisations across the sector, as our provider is a specialist in secure legal systems for many law firms and barrister"s chambers. "


Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale

financial ciber
2023-11-24 https://thehackernews.com/2023/11/cybercriminals-using-telekopye-telegram.html
More details have emerged about a malicious Telegram bot called Telekopye that"s used by threat actors to pull off large-scale phishing scams. "Telekopye can craft phishing websites, emails, SMS messages, and more," ESET security researcher Radek Jizba said in a new analysis. The threat actors behind the operation – codenamed Neanderthals – are known to run the criminal enterprise as a "

Autosummary: " Choosing a Mammoth for a buyer scam is a deliberate process that takes into account the victim"s gender, age, experience in online marketplaces, rating, reviews, number of completed trades, and the type of items they are selling, indicating a preparatory stage that involves extensive market research. "


Cybercriminals turn to ready-made bots for quick attacks

ciber
2023-11-23 https://www.helpnetsecurity.com/2023/11/23/bot-attacks-h1-2023/

Bots and human fraud farms were responsible for billions of attacks in the H1 of 2023 and into Q3, according to Arkose Labs. These attacks comprised 73% of all website and app traffic measured. In other words, almost three-quarters of traffic to digital properties is malicious. Researchers assessed the attacks across three primary attack vectors: basic bots, intelligent bots, and human fraud farms. Fraudsters use these vectors to launch attack types such as SMS toll … More

The post Cybercriminals turn to ready-made bots for quick attacks appeared first on Help Net Security.

"

Autosummary: Bad actors were attempting to drain account balances through ATO attacks, while online fake accounts were most likely the preferred methods to launder illicit proceeds gained from real-world crimes like human trafficking, drug dealing, or weapon sales.Fraudsters use these vectors to launch attack types such as SMS toll fraud, web scraping, card testing, credential stuffing, and more. "


6 Steps to Accelerate Cybersecurity Incident Response

ciber
2023-11-23 https://thehackernews.com/2023/11/6-steps-to-accelerate-cybersecurity.html
Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That’s why it’s essential that these teams not only have the right tools but also understand how to effectively "

Autosummary: Leveraging a templated incident response plan to establish roles and responsibilities for all participants — security leaders, operations managers, help desk teams, identity and access managers, as well as audit, compliance, communications, and executives — can ensure efficient coordination. Bonus step: Investigation Goal: Determine who, what, when, where, why, how. During the identification phase, you will document all indicators of compromise (IOCs) gathered from alerts, such as compromised hosts and users, malicious files and process, new registry keys, and more.This isn"t always possible, however, so you may need to take measures like patching, changing passwords, killing specific services, and more. With the containment phase complete, you can move to eradication, which can be handled through either disk cleaning, restoring to a clean backup, or full disk reimaging. Now that the incident is comfortably behind you, it"s time to reflect on each major IR step and answer key questions, there are plenty of questions and aspects that should be asked and reviewed, below are a few examples: Identification: How long did it take to detect the incident after the initial compromise occurred? Short-term: This includes steps you might take in the moment, like shutting down systems, disconnecting devices from the network, and actively observing the threat actor"s activities. Also, using an endpoint detection and response (EDR) platform or extended detection and response (XDR) tool with centralized control will let you quickly take defensive actions like isolating machines, disconnecting them from the network, and executing counteracting commands at scale. "


Why boards must prioritize cybersecurity expertise

ciber
2023-11-22 https://www.helpnetsecurity.com/2023/11/22/board-members-cybersecurity-decisions-video/

In this Help Net Security video, Graeme Payne, US Advisory Service Leader at Kudelski Security, discusses how, with the incredible number of complex threats facing modern businesses, board members must take an increased role in cybersecurity decisions – or face the consequences.

The post Why boards must prioritize cybersecurity expertise appeared first on Help Net Security.

"

Autosummary: "


Organizations rethink cybersecurity investments to meet NIS Directive requirements

ciber
2023-11-22 https://www.helpnetsecurity.com/2023/11/22/nis-directive-requirements-investments/

Despite a 25% increase of the cost of major cyber incidents in 2022 compared to 2021, the new report on cybersecurity investment from ENISA reveals a slight increase of 0,4% of IT budget dedicated to cybersecurity by EU operators in scope of the NIS Directive. Organizations face information security recruitment challenges However, if organizations are inclined to allocate more budget to cybersecurity, 47% of the total of organizations surveyed do not plan to hire information … More

The post Organizations rethink cybersecurity investments to meet NIS Directive requirements appeared first on Help Net Security.

"

Autosummary: OES provide essential services in strategic sectors of energy (electricity, oil and gas), transport (air, rail, water and road), banking, financial market infrastructures, health, drinking water supply and distribution, and digital infrastructure (Internet exchange points, domain name system service providers, top-level domain name registries). Organizations face information security recruitment challenges However, if organizations are inclined to allocate more budget to cybersecurity, 47% of the total of organizations surveyed do not plan to hire information security Full Time Equivalents (FTEs) in the next two years. "


CISA offers cybersecurity services to non-federal orgs in critical infrastructure sector

ciber
2023-11-22 https://www.helpnetsecurity.com/2023/11/22/critical-infrastructure-cybersecurity-services/

The Cybersecurity and Infrastructure Security Agency (CISA) has announced a pilot program that aims to offer cybersecurity services to critical infrastructure entities as they have become a common target in cyberattacks. “In alignment with CISA’s ‘Target Rich, Resource Poor’ strategy, our teams are working with critical infrastructure entities in the healthcare, water, and K-12 education sectors in our first phase of deployment. This year, we plan to deliver services to up to 100 entities,” said … More

The post CISA offers cybersecurity services to non-federal orgs in critical infrastructure sector appeared first on Help Net Security.

"

Autosummary: "


Kansas courts confirm data theft, ransom demand after cyberattack

ciber
2023-11-22 https://www.bleepingcomputer.com/news/security/kansas-courts-confirm-data-theft-ransom-demand-after-cyberattack/
The Kansas Judicial Branch has published an update on a cybersecurity incident it suffered last month, confirming that hackers stole sensitive files containing confidential information from its systems. [...] "

Autosummary: In mid-October 2023, the Kansas courts authority disclosed a "security incident" that impacted the availability of multiple systems, including the eFiling system attorney"s use for document submission, electronic payment systems, and the case management systems used by district and appellate courts. "


Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals

exploits ransomware ciber
2023-11-21 https://thehackernews.com/2023/11/play-ransomware-goes-commercial-now.html
The ransomware strain known as Play is now being offered to other threat actors "as a service," new evidence unearthed by Adlumin has revealed. "The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following step-by-step instructions from playbooks delivered with it," the "

Autosummary: "


Outsmarting cybercriminals is becoming a hard thing to do

ciber
2023-11-20 https://www.helpnetsecurity.com/2023/11/20/cybercriminals-techniques-video/

Cybercriminals have evolved into organized and highly adaptive networks, collaborating globally to exploit weaknesses in cybersecurity defenses. Their motivations range from financial gain and information theft to political espionage and ideological warfare. Cybercriminals, now more than ever, are exploiting vulnerabilities in cybersecurity defenses and constantly shaping their strategies in response to technological advancements. In this Help Net Security round-up, we present segments from previously recorded videos in which cybersecurity experts discuss the tactics and techniques … More

The post Outsmarting cybercriminals is becoming a hard thing to do appeared first on Help Net Security.

"

Autosummary: "


9 Black Friday cybersecurity deals you don’t want to miss

ciber
2023-11-20 https://www.helpnetsecurity.com/2023/11/20/black-friday-cybersecurity-deals/

PortDroid PortDroid is a trusted app for all network analysis tasks. Designed with network administrators, penetration testers, and technology enthusiasts in mind, this app brings a collection of essential networking tools right at your fingertips. Deal: 50% off Promo code: CYBER_2023 7ASecurity 7ASecurity offers IT security training courses including Android, iOS, Node.js, Electron, Secure Development, and security awareness. Deal: 50% off on any course Promo code: BFCM50 LetsDefend LetsDefend helps you build a blue team … More

The post 9 Black Friday cybersecurity deals you don’t want to miss appeared first on Help Net Security.

"

Autosummary: "


Resecurity partners with University of Jeddah to improve cybersecurity education

ciber
2023-11-20 https://www.helpnetsecurity.com/2023/11/20/resecurity-university-of-jeddah-partnership/

Resecurity announced a strategic partnership with University of Jeddah, one of the leaders in higher education in the Kingdom of Saudi Arabia, to further strengthen the country’s cybersecurity talent pipeline and facilitate capacity building programs for academia. This landmark partnership aims to enhance cybersecurity education by delivering cutting-edge training programs and fostering collaboration in key areas of expertise. Recognizing the evolving landscape of cybersecurity threats, Resecurity and the University of Jeddah aim to equip students … More

The post Resecurity partners with University of Jeddah to improve cybersecurity education appeared first on Help Net Security.

"

Autosummary: "


Rhysida ransomware gang claims British Library cyberattack

exploits ransomware ciber
2023-11-20 https://www.bleepingcomputer.com/news/security/rhysida-ransomware-gang-claims-british-library-cyberattack/
The Rhysida ransomware gang has claimed responsibility for a cyberattack on the British Library in October, which has caused a major ongoing IT outage. [...] "

Autosummary: "Threat actors leveraging Rhysida ransomware are known to impact "targets of opportunity," including victims in the education, healthcare, manufacturing, information technology, and government sectors," the two agencies said. "


Cybersecurity firm executive pleads guilty to hacking hospitals

ciber
2023-11-20 https://www.bleepingcomputer.com/news/security/cybersecurity-firm-executive-pleads-guilty-to-hacking-hospitals/
The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center (GMC), in June 2021 to boost his company"s business. [...] "

Autosummary: "


Transforming cybersecurity from reactive to proactive with attack path analysis

ciber
2023-11-17 https://www.helpnetsecurity.com/2023/11/17/attack-path-analysis-video/

An attack path is important to prioritize potential risks in cloud environments. The attack path offers the ability to look at cloud environments from the attacker’s perspective. With today’s general awareness and concerted effort toward cybersecurity, cybercriminals rarely find a single gaping loophole or a silver bullet through which an entire enterprise system is compromised. Instead, they often capitalize on a series of vulnerabilities that successively lead them to discover an exploitable path to confidential … More

The post Transforming cybersecurity from reactive to proactive with attack path analysis appeared first on Help Net Security.

"

Autosummary: "


U.S. Cybersecurity Agencies Warn of Scattered Spider"s Gen Z Cybercrime Ecosystem

ciber
2023-11-17 https://thehackernews.com/2023/11/us-cybersecurity-agencies-warn-of.html
U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that"s known to employ sophisticated phishing tactics to infiltrate targets. "Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their "

Autosummary: "


Alarm system cyberattack leaves those in need struggling to call for help

ciber
2023-11-16 https://www.malwarebytes.com/blog/news/2023/11/alarm-system-cyberattack-leaves-those-in-need-struggling-to-call-for-help
An alarm system company that allows people to call for help at the touch of a button has suffered a cyberattack, causing serious disruption. "

Autosummary: Now you can enable Emergency SOS In Safety & emergency, toggle the Use Emergency SOS and set the Use Emergency SOS slider to enabled Confirm the setting and select what information you want to share. The alarm button systems are used in situations where people that require care are not constantly surrounded by caregivers, like care homes that provide independent living, elderly who live at home but need the ability to call for help, and people with a heightened risk of falling. "


Long Beach, California turns off IT systems after cyberattack

ciber
2023-11-16 https://www.bleepingcomputer.com/news/security/long-beach-california-turns-off-it-systems-after-cyberattack/
The City of Long Beach in California is warning that they suffered a cyberattack on Tuesday that has led them to shut down portions of their IT network to prevent the attack"s spread. [...] "

Autosummary: Emsisoft threat analyst Brett Callow, who tracks attacks on local government in the United States, told BleepingComputer that if this turns out to be ransomware, it would be the 80th local government to suffer a ransomware attack in 2023. "


Organizations should prepare for the inevitability of cyberattacks on their infrastructure

ciber
2023-11-15 https://www.helpnetsecurity.com/2023/11/15/attack-surface-complexity/

Organizations reliance on technology has contributed to the fact that their attack surface has grown in size and complexity, according to Armis. Global organizations are facing an unprecedented level of cyber risk due to blind spots in their environment and that security teams are being overwhelmed with significant amounts of threat intelligence data lacking actionable insights. As a result, 61% of organizations confirmed they had been breached at least once over the last 12 months, … More

The post Organizations should prepare for the inevitability of cyberattacks on their infrastructure appeared first on Help Net Security.

"

Autosummary: “Armis continues to warn about the evolving threat landscape and the impact of malicious cyberattacks targeting global organizations, national governments, state and local entities and society overall,” said Curtis Simpson, CISO, Armis. "


Resecurity enhances cybersecurity in the Middle East

ciber
2023-11-15 https://www.helpnetsecurity.com/2023/11/15/resecurity-idp-solution-middle-east/

In a significant stride towards fortifying the cybersecurity landscape in the Middle East, Resecurity introduced its Digital Identity Protection (IDP) solution. This strategic move aligns with Resecurity’s commitment to creating a safer digital society and empowering individuals and businesses in the region to counteract cyber threats effectively. Resecurity’s advanced Digital Identity Protection Recognizing the escalating cyber threats in the Middle East, Resecurity’s IDP solution is poised to play a pivotal role in safeguarding the digital … More

The post Resecurity enhances cybersecurity in the Middle East appeared first on Help Net Security.

"

Autosummary: "


PJ&A says cyberattack exposed data of nearly 9 million patients

ciber
2023-11-15 https://www.bleepingcomputer.com/news/security/pj-and-a-says-cyberattack-exposed-data-of-nearly-9-million-patients/
PJ&A (Perry Johnson & Associates) is warning that a cyberattack in March 2023 exposed the personal information of almost nine million patients. [...] "

Autosummary: "


10 corporate cybersecurity blogs worth your time

ciber
2023-11-14 https://www.helpnetsecurity.com/2023/11/14/corporate-cybersecurity-blogs/

In this article, we’ve curated a list of insightful corporate cybersecurity blogs that provide analysis and actionable advice to help you keep your company’s digital assets secure. This list is not meant to be exhaustive since thousands of companies have infosec blogs, so presented here are the ones that we read regularly. AWS Security Amazon Web Services (AWS) is a broadly adopted cloud, offering over 200 featured services from data centers globally. AT&T Cybersecurity AT&T … More

The post 10 corporate cybersecurity blogs worth your time appeared first on Help Net Security.

"

Autosummary: "


6clicks helps organizations manage and report on material cybersecurity events

ciber
2023-11-14 https://www.helpnetsecurity.com/2023/11/14/6clicks-grc-platform/

6clicks announced that it has added SEC Form 8-K content required for event tracking to its incident management module in its GRC platform to help organizations meet new SEC disclosure requirements for qualified cybersecurity events. The new content support empowers organizations to gather relevant incident details and provide a centralized, single source of truth while enabling tracking through the required steps when a qualifying event occurs. Using these details, the platform makes it easy to … More

The post 6clicks helps organizations manage and report on material cybersecurity events appeared first on Help Net Security.

"

Autosummary: The new SEC reporting requirements are now included for filings including Forms 8-K, 10-K, and 20-F. Companies must provide details of cybersecurity events and disclose an incident’s nature, scope, and timing, as well as its material impact or reasonably likely material impact on the company. "


The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy

ransomware ciber
2023-11-14 https://thehackernews.com/2023/11/the-importance-of-continuous-security.html
In 2023, the global average cost of a data breach reached $4.45 million. Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. In a world where the frequency and cost of data breaches are skyrocketing, organizations are coming face-to-face with a harsh reality: traditional cybersecurity "

Autosummary: Ongoing discovery, monitoring, and analysis of your external exposure, including domains, websites, hosts, services, etc. : Ongoing discovery, monitoring, and analysis of your external exposure, including domains, websites, hosts, services, etc.It proactively scouts for vulnerabilities, irregularities, misconfigurations, and potential threats, ensuring swift detection and response. "


Danish energy sector hit by a wave of coordinated cyberattacks

industry ciber
2023-11-14 https://www.helpnetsecurity.com/2023/11/14/danish-energy-sector-cyberattack/

The Danish energy sector has suffered what is believed to be the most extensive cyberattack in Danish history, according to SektorCERT. Danish energy sector under attack SektorCERT, an organization owned and funded by Danish critical infrastructure (CI) companies, uses a network of 270 sensors implemented across the country and these organizations to monitor internet traffic and detect possible cyberattacks. From this vantage point, in May 2023, they detected three waves of attacks targeting companies in … More

The post Danish energy sector hit by a wave of coordinated cyberattacks appeared first on Help Net Security.

"

Autosummary: Danish energy sector under attack SektorCERT, an organization owned and funded by Danish critical infrastructure (CI) companies, uses a network of 270 sensors implemented across the country and these organizations to monitor internet traffic and detect possible cyberattacks. "


Level up! These games will make learning about cybersecurity fun

ciber
2023-11-14 https://www.welivesecurity.com/en/we-live-progress/level-up-games-make-learning-cybersecurity-fun/
Discover six games that will provide valuable knowledge while turning learning about digital security into an enjoyable and rewarding adventure "

Autosummary: The experience is divided into four adventures that introduce fundamental cybersecurity concepts in a simple and intuitive manner Google Interland Its primary goal is to empower participants, especially young ones, to avoid online traps, recognize safe behavior on social media platforms, manage passwords effectively, recognize bullies and predators, and understand responsible data sharing. OverTheWire Popular games include Bandit, Narnia, and Natasha, each focusing on specific aspects of cybersecurity, such as vulnerability scanning, network traffic analysis, and password cracking. "


Kubernetes adoption creates new cybersecurity challenges

ciber
2023-11-13 https://www.helpnetsecurity.com/2023/11/13/cloud-native-environments-risks/

To maintain a competitive edge, modern organizations are evolving toward highly scalable, flexible and resilient applications – leading to the widespread adoption of cloud native technologies like Kubernetes, according to Venafi. Security challenges in cloud native environments In fact, 84% of security and IT leaders believe that Kubernetes will soon be the main platform used to develop all applications. However, amid the rush to transition to these modern environments, many development teams are putting security … More

The post Kubernetes adoption creates new cybersecurity challenges appeared first on Help Net Security.

"

Autosummary: However, the actual implementation of security tools, governance, and policies are split among development, security, and platform teams, with a slight majority going to the development teams (41%). "


The real cost of healthcare cybersecurity breaches

ciber
2023-11-13 https://www.helpnetsecurity.com/2023/11/13/taylor-lehmann-google-healthcare-cybersecurity-breaches/

With each step towards digitalization, from cloud computing to electronic records, the healthcare sector faces mounting risks that threaten not just the privacy but the very wellbeing of patients. In this Help Net Security interview, Taylor Lehmann, Director, Office of the CISO, Google Cloud, discusses the critical conversation surrounding the ethical and legal responsibilities that healthcare providers must navigate in the wake of a data breach. He explores the severe implications of cyber threats that … More

The post The real cost of healthcare cybersecurity breaches appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Taylor Lehmann, Director, Office of the CISO, Google Cloud, discusses the critical conversation surrounding the ethical and legal responsibilities that healthcare providers must navigate in the wake of a data breach.In June, St. Margaret’s Health, the only hospital in the small, rural community of Spring Valley, Illinois, permanently closed its doors, in part because of the insurmountable costs to restore hospital services following a 2021 ransomware attack.To put an end to the growing, existential threat that healthcare faces, it will take creativity, innovation, partnership, and a willingness to change the current state of IT security and risk management in healthcare.Many new laws and regulations are being proposed to address some of the concerns voiced by the healthcare security community, including those that seek to increase the amount of security threat intelligence that is being shared, drive adoption of new security models like zero trust, improve the security of supply chains for software and data, and others.Lawsuits from breach victims seeking damages for medical identity theft, financial losses, potential loss of life, and emotional distress can also have a substantial legal, financial, and reputational impact. "


Network Perception integrates technology with Claroty to boost OT cybersecurity for organizations

ciber
2023-11-13 https://www.helpnetsecurity.com/2023/11/13/network-perception-claroty-integration/

Network Perception announced a technology integration with Claroty to provide OT network auditors with a comprehensive, independent audit platform to track and verify system changes and enhance network visibility. The combined technology enables auditors to establish an accurate baseline view of network architecture and cybersecurity posture. This information can then be used to set up continuous monitoring that enables immediate response and adaptation to disruptions. Network assessment automation is fundamental to cyber resiliency best practices, … More

The post Network Perception integrates technology with Claroty to boost OT cybersecurity for organizations appeared first on Help Net Security.

"

Autosummary: "


DP World cyberattack blocks thousands of containers in ports

ciber
2023-11-13 https://www.bleepingcomputer.com/news/security/dp-world-cyberattack-blocks-thousands-of-containers-in-ports/
A cyberattack on international logistics firm DP World Australia has severely disrupted the regular freight movement in multiple large Australian ports. [...] "

Autosummary: Error. "


How to withstand the onslaught of cybersecurity threats

ciber
2023-11-10 https://www.helpnetsecurity.com/2023/11/10/protecting-it-assets/

“We brought a shovel to fight an avalanche.” That’s the sentiment shared by many business leaders, especially CISOs, CIOs and IT leaders as they face the current cybersecurity threat landscape. Like an avalanche, it’s constantly shifting and changing, moving quickly and unpredictably. With the prevalence of remote and hybrid work models, leaders are having an even harder time protecting all their IT assets. That’s because – to extend this metaphor – the IT assets that … More

The post How to withstand the onslaught of cybersecurity threats appeared first on Help Net Security.

"

Autosummary: How to identify the right cybersecurity tools for 2023 and beyond The right cybersecurity platform is scalable, user-friendly, easy to deploy and manage, and highly secure. One of the best, if not only, ways to achieve this is to adopt a dynamic, scalable solution that is fully integrated with your UEM solution and has been built with security in mind from the ground up. Why you should consolidate your cybersecurity platform Another key cybersecurity trend for 2023 and beyond, according to Gartner: cybersecurity platform consolidation. "


Most cybersecurity investments aren’t used to their full advantage

ciber
2023-11-09 https://www.helpnetsecurity.com/2023/11/09/it-infrastructure-security-budgets/

While organizations are slashing budgets across other departments, IT and security budgets are growing to address evolving IT infrastructure and rising threats from new tactics such as AI-based attacks, according to Axonius. Budget growth in IT and security In fact, 74% of IT and security decision makers said their organization’s IT or security budget increased compared to the year prior, and 63% said their organization’s IT or security team headcount increased. However, for those that … More

The post Most cybersecurity investments aren’t used to their full advantage appeared first on Help Net Security.

"

Autosummary: Budget growth in IT and security In fact, 74% of IT and security decision makers said their organization’s IT or security budget increased compared to the year prior, and 63% said their organization’s IT or security team headcount increased. "


The roadblocks to preventive cybersecurity success

ciber
2023-11-06 https://www.helpnetsecurity.com/2023/11/06/preventive-cybersecurity-practice/

In the last two years, the average organization’s cybersecurity program was prepared to defend preventively, or block, just 57% of the cyberattacks it encountered, according to Tenable. This means 43% of attacks launched against them are successful and must be remediated after the fact. 58% of respondents say they focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. The study finds that this is largely due to … More

The post The roadblocks to preventive cybersecurity success appeared first on Help Net Security.

"

Autosummary: In order, the highest perceived risks come from the use of public cloud (30%), multi-cloud and/or hybrid cloud (23%), private cloud infrastructure (12%) and cloud container management tools (9%). "


Iranian Hackers Launches Destructive Cyberattacks on Israeli Tech and Education Sectors

ciber
2023-11-06 https://thehackernews.com/2023/11/iranian-hackers-launches-destructive.html
Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware. The intrusions, which took place as recently as October, have been attributed to an Iranian nation-state hacking crew it tracks under the name Agonizing Serpens, which is also known as Agrius, "

Autosummary: A lateral movement phase is followed by data exfiltration using a mix of public and custom tools like Sqlextractor, WinSCP, and PuTTY, and finally deliver the wiper malware - MultiLayer , a .NET malware that enumerates files for either deletion or corrupting them with random data to resist recovery efforts and render the system unusable by wiping the boot sector. "


How cybercriminals adapt and thrive amidst changing consumer trends

ciber
2023-11-03 https://www.helpnetsecurity.com/2023/11/03/cybercriminals-modify-tactics-video/

The email threat landscape is experiencing a profound transformation, adapting to new challenges and exploiting emerging vulnerabilities with speed and sophistication. In this Help Net Security video, Usman Choudhary, CPTO at VIPRE Security Group, discusses how cybercriminals modify their tactics to align with shifting consumer behaviors while taking advantage of technological advancements to carry out their activities and elude capture.

The post How cybercriminals adapt and thrive amidst changing consumer trends appeared first on Help Net Security.

"

Autosummary: "


Healthcare’s road to redefining cybersecurity with modern solutions

ciber
2023-11-03 https://www.helpnetsecurity.com/2023/11/03/healthcare-ransomware-data-encryption/

The rate of data encryption following a ransomware attack in healthcare was the highest in the last three years, according to Sophos. Ransomware attacks continue to grow in sophistication Among those organizations surveyed, cybercriminals successfully encrypted data in nearly 75% of ransomware attacks. This is the highest rate of encryption in the past three years and a significant increase from the 61% of healthcare organizations that reported having their data encrypted last year. In addition, … More

The post Healthcare’s road to redefining cybersecurity with modern solutions appeared first on Help Net Security.

"

Autosummary: What’s more, this number is declining, which suggests the sector is actively losing ground against cyberattackers and is increasingly unable to detect and stop an attack in progress,” said Chester Wisniewski, director, field CTO, Sophos.All organizations, especially those in healthcare, need to modernize their defensive approach to cybercrime, moving from being solely preventative to actively monitoring and investigating alerts 24/7 and securing outside help in the form of services like managed detection and response (MDR),” concluded Wisniewski. "


Predictive AI in Cybersecurity: Outcomes Demonstrate All AI is Not Created Equally

ciber
2023-11-03 https://thehackernews.com/2023/11/predictive-ai-in-cybersecurity-outcomes.html
Here is what matters most when it comes to artificial intelligence (AI) in cybersecurity: Outcomes.  As the threat landscape evolves and generative AI is added to the toolsets available to defenders and attackers alike, evaluating the relative effectiveness of various AI-based security offerings is increasingly important — and difficult. Asking the right questions can help you spot solutions "

Autosummary: This approach, which combines unsupervised, supervised, and active learning in both cloud and local environments, has been refined by analyzing extensive data over time, resulting in a highly effective model capable of accurately predicting and anticipating new threats.In contrast, BlackBerry Cylance"s model has demonstrated a strong temporal predictive advantage, maintaining high detection rates without frequent model updates, as illustrated in the chart showing the TPA over months for the fourth-generation Cylance model. "


Cybersecurity workforce shortages: 67% report people deficits

ciber
2023-11-02 https://www.helpnetsecurity.com/2023/11/02/cybersecurity-workforce-shortages-isc2/

The global cybersecurity workforce has reached 5.5 million people, an 8.7% increase from 2022, representing 440,000 new jobs, according to ISC2. While this is the highest workforce ever recorded, the report shows that demand is still outpacing the supply. The cybersecurity workforce gap has reached a record high, with 4 million professionals needed to safeguard digital assets adequately. The research also finds new challenges impacting professionals in the field, including economic uncertainty, artificial intelligence, fragmented … More

The post Cybersecurity workforce shortages: 67% report people deficits appeared first on Help Net Security.

"

Autosummary: 47% of respondents experienced cutbacks, which included budget cuts, layoffs and hiring and promotion freezes 35% faced cuts to cybersecurity training programs, vital for skills development and workforce growth Two-thirds of respondents say that cutbacks have negatively impacted their productivity, team morale and increased their workload 57% said their response to threats has been inhibited by cutbacks, and 52% have seen an increase in insider risk-related incidents 31% of professionals believe that cutbacks will continue into 2024, and 70% expect those cutbacks to include layoffs Uncovering effective hiring, retention and team-building practices 47% of respondents have no or minimal knowledge of artificial intelligence (AI) 47% see cloud computing security as the most sought-after skill for career advancement 45% of respondents foresee AI as their top challenge over the next two years “While we celebrate the record number of new cybersecurity professionals entering the field, the pressing reality is that we must double this workforce to adequately protect organizations and their critical assets,” said ISC2 CEO Clar Rosso. "


6 steps to accelerate cybersecurity incident response

ciber
2023-11-02 https://www.helpnetsecurity.com/2023/11/02/accelerate-cybersecurity-incident-response/

Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That’s why it’s essential that these teams not only have the right tools but also understand how to effectively respond to an incident. Resources like an incident response template can be customized … More

The post 6 steps to accelerate cybersecurity incident response appeared first on Help Net Security.

"

Autosummary: Bonus step: Investigation Goal: Determine who, what, when, where, why, how At this stage it is worth noting another important aspect of IR: investigation.Leveraging a templated incident response plan to establish roles and responsibilities for all participants — security leaders, operations managers, help desk teams, identity and access managers, as well as audit, compliance, communications, and executives — can ensure efficient coordination. During the identification phase, you will document all indicators of compromise (IOCs) gathered from alerts, such as compromised hosts and users, malicious files and process, new registry keys, and more.This isn’t always possible, however, so you may need to take measures like patching, changing passwords, killing specific services, and more. Now that the incident is comfortably behind you, it’s time to reflect on each major IR step and answer key questions, there are plenty of questions and aspects that should be asked and reviewed, below are a few examples: Identification: How long did it take to detect the incident after the initial compromise occurred? With the containment phase complete, you can move to eradication, which can be handled through either disk cleaning, restoring to a clean backup, or full disk reimaging. Short-term : This includes steps you might take in the moment, like shutting down systems, disconnecting devices from the network, and actively observing the threat actor’s activities. Also, using an endpoint detection and response (EDR) platform or extended detection and response (XDR) tool with centralized control will let you quickly take defensive actions like isolating machines, disconnecting them from the network, and executing counteracting commands at scale. "


Cybersecurity habits and behaviors executives need to be aware of

ciber
2023-11-02 https://www.helpnetsecurity.com/2023/11/02/poor-executive-cybersecurity/

Top executives — the employee group most targeted by threat actors — are frequently provided unfettered access to valuable data sources and networked assets, according to Ivanti. Executives access unauthorized work data While 96% of leaders say they are at least moderately supportive and invested in their organization’s cybersecurity mandate, the reality is that 49% of CXOs have requested to bypass one or more security measures in the past year. Although security leaders are aware … More

The post Cybersecurity habits and behaviors executives need to be aware of appeared first on Help Net Security.

"

Autosummary: The report outlines steps businesses and security professionals can leverage to close the executive conduct gap including conducting audits, prioritizing remediation for the most common risks, conducting gamified security training sessions, and implementing “white glove” security programs. "


Boeing confirmed its services division suffered a cyberattack

ciber
2023-11-02 https://securityaffairs.com/153431/cyber-crime/boeing-confirms-lockbit-cyber-attack.html

Boeing confirmed it is facing a cyber incident that hit its global services division, the company pointed out that flight safety isn’t affected. The Boeing Company, commonly known as Boeing, is one of the world’s largest aerospace manufacturers and defense contractors.  In 2022, Boeing recorded $66.61 billion in sales, the aerospace giant has 156,000 (2022). Last week, the […]

The post Boeing confirmed its services division suffered a cyberattack appeared first on Security Affairs.

"

Autosummary: “Boeing, the 60 billion Company, together with its subsidiaries, designs, develops, manufactures, sells, services, and supports commercial jetliners, military aircraft, satellites, missile defense, human space flight, and launch systems and services worldwide.” "


Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems

ciber
2023-11-02 https://www.bleepingcomputer.com/news/security/mortgage-giant-mr-cooper-hit-by-cyberattack-impacting-it-systems/
U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal. [...] "

Autosummary: "On October 31, 2023, Mr. Cooper determined that the company had experienced a cybersecurity incident in which an unauthorized third party gained access to certain technology systems," reads a notice of cyber security incident on Mr. Cooper’s website. "


Boeing confirms cyberattack amid LockBit ransomware claims

exploits ransomware ciber
2023-11-02 https://www.bleepingcomputer.com/news/security/boeing-confirms-cyberattack-amid-lockbit-ransomware-claims/
Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed that they breached the company"s network and stole data. [...] "

Autosummary: Boeing page on LockBit data leak site (BleepingComputer) The LockBit ransomware-as-a-service (RaaS) operation surfaced in September 2019, with notable victims including the Continental automotive giant, the UK Royal Mail, the Italian Internal Revenue Service, and the City of Oakland. "


Ace Hardware says 1,202 devices were hit during cyberattack

ciber
2023-11-02 https://www.bleepingcomputer.com/news/security/ace-hardware-says-1-202-devices-were-hit-during-cyberattack/
Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to restore 196 servers. [...] "

Autosummary: "As a result of this incident, many of our key operating systems, including ACENET, our Warehouse Management Systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, Ace Rewards and the Care Center"s phone system have been interrupted or suspended. The company stated that it has engaged with a group of IT experts to help them restore the impacted systems, but because they deal with "a fast-moving, dynamic situation," details on the process and system status cannot be conveyed with accuracy. "


SolarWinds and its CISO accused of misleading investors before major cyberattack

ciber
2023-11-01 https://www.malwarebytes.com/blog/news/2023/11/solarwinds-and-its-ciso-accused-of-misleading-investors-before-major-cyberattack
The SEC has announced charges against SolarWinds and its CISO for fraud and internal control failures related to the company"s cybersecurity. "

Autosummary: "


British Library suffers major outage due to cyberattack

ciber
2023-11-01 https://securityaffairs.com/153309/hacking/british-library-cyber-attack.html

Last weekend, the British Library suffered a cyberattack that caused a major IT outage, impacting many of its services. The British Library is facing a major outage that impacts the website and many of its services following a cyber attack that took place on October 28. The British Library is the national library of the […]

The post British Library suffers major outage due to cyberattack appeared first on Security Affairs.

"

Autosummary: Attacco che segue quello subìto, il 28 Ottobre, dalla @torontolibrary 🇨🇦 pic.twitter.com/GpBUoZgoRG — Claudio (@sonoclaudio) October 31, 2023 Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, British Library) "


Dragos and Rockwell Automation strengthen ICS/OT cybersecurity threat detection for organizations

industry ciber
2023-10-31 https://www.helpnetsecurity.com/2023/10/31/dragos-rockwell-automation-partnership/

Dragos announced the expansion of its combined capabilities in partnership with Rockwell Automation. With this expansion, Rockwell will be making the Dragos Platform available to organizations for enhanced ICS/OT cybersecurity threat detection, providing global deployment services and support capabilities to help customers operationalize their security investment. The threat detection capabilities build on the previous global agreement between Dragos and Rockwell for the OT Incident Response Retainer (IRR) program that helps industrial organizations prepare for, respond … More

The post Dragos and Rockwell Automation strengthen ICS/OT cybersecurity threat detection for organizations appeared first on Help Net Security.

"

Autosummary: "


British Library knocked offline by weekend cyberattack

ciber
2023-10-31 https://www.bleepingcomputer.com/news/security/british-library-knocked-offline-by-weekend-cyberattack/
The British Library has been hit by a major IT outage affecting its website and many of its services following a "cyber incident" that impacted its systems on Saturday, October 28. [...] "

Autosummary: "


Closing the gender gap: 7 ways to attract more women into cybersecurity

ciber
2023-10-31 https://www.welivesecurity.com/en/we-live-progress/closing-gender-gap-7-ways-attract-more-women-cybersecurity/
Global Diversity Awareness Month is a timely occasion to reflect on the steps required to remove the obstacles to women"s participation in the security industry, as well as to consider the value of inclusion and diversity in the security workforce. "

Autosummary: Several reasons stand out: security has a reputation of being a male-dominated, jargon-heavy and elitist sector which is hard to break into without the right qualifications, discrimination: 30% of female security professionals say they feel discriminated against at work, a perception that jobs don’t offer sufficient flexible working options, employers failing to encourage new mothers back into the workplace, a bias from employers towards screening applicants by qualifications/certifications rather than experience or transferable skills, which may mean that new mothers returning from a break who may be looking for a career change are ruled out, a perception that security is just about technical skills, when there are varied roles that require creativity, flexibility, good communication, problem solving and other skills relatively low numbers of girls studying STEM subjects at school/university a vicious circle in that the security sector lacks female mentors and role models to encourage the next generation into the industry Are things improving?Women, for example, hold just a quarter of security roles worldwide, as gender diversity in security remains a stubborn challenge and, unsurprisingly, as such mirrors the reality in computer sciences.As we wrap up October, which is also Global Diversity Awareness Month, this is an opportune moment to reflect on the actions needed to break down the biases and barriers that are hindering the participation of women in security, as well as to consider the value of inclusion in the security workforce. It’s probably no surprise then that gender, racial and ethnic diversity also remains lacking, and that’s despite the fact that a diverse and inclusive workforce is known to foster innovation and growth, not to mention its contribution to a more equitable society. "


IoT’s convenience comes with cybersecurity challenges

industry ciber
2023-10-30 https://www.helpnetsecurity.com/2023/10/30/iot-cybersecurity-concerns-video/

The rapid proliferation of Internet of Things (IoT) devices has ushered in a new era of connectivity and convenience, transforming the way we live and work. However, this interconnectivity has also given rise to a host of cybersecurity challenges and vulnerabilities. Protecting the vast and diverse array of IoT devices, from smart home appliances to industrial sensors, has become an imperative in safeguarding data, privacy, and critical infrastructure. In this Help Net Security round-up, we … More

The post IoT’s convenience comes with cybersecurity challenges appeared first on Help Net Security.

"

Autosummary: "


Toronto Public Library services down following weekend cyberattack

ciber
2023-10-30 https://www.bleepingcomputer.com/news/security/toronto-public-library-services-down-following-weekend-cyberattack/
The Toronto Public Library (TPL) is warning that many of its online services are offline after suffering a cyberattack over the weekend, on Saturday, October 28. [...] "

Autosummary: "


20 scary cybersecurity facts and figures for a haunting Halloween

ciber
2023-10-30 https://www.welivesecurity.com/en/cybersecurity/20-scary-cybersecurity-facts-figures-haunting-halloween/
Cybersecurity Awareness Month draws to a close and Halloween is just around the corner, so here is a bunch of spine-tingling figures about some very real tricks and threats lurking online "

Autosummary: "


Octo Tempest cybercriminal group is "a growing concern"—Microsoft

ciber
2023-10-27 https://www.malwarebytes.com/blog/news/2023/10/ransomware-affiliate-octo-tempest-is-a-growing-concern-for-organizations-across-multiple-industries

Categories: News

Categories: Ransomware

Tags: ALPHV

Tags: Octo Tempest

Tags: RaaS

Tags: LOTL

Tags: social engineering

Tags: SIM swapping

A group of cybercriminals known for advanced social engineering attacks has joined one of the biggest ransomware groups as an affiliate.

(Read more...)

The post Octo Tempest cybercriminal group is "a growing concern"—Microsoft appeared first on Malwarebytes Labs.

"

Autosummary: Microsoft reports that in doing so, Octo Tempest progressively broadened the number of industries it targeted for extortion, including natural resources, gaming, hospitality, consumer products, retail, managed service providers, manufacturing, law, technology, and financial services.Once you"ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again. Since then the group has expanded its range of activities to include targeting organizations providing cable telecommunications, email, and tech services, and partnering with the ALPHV/BlackCat ransomware group. "


OT cyber attacks proliferating despite growing cybersecurity spend

ciber
2023-10-26 https://www.helpnetsecurity.com/2023/10/26/cyber-physical-systems-cps/

The sharp increase in attacks on operational technology (OT) systems can be primarily attributed to two key factors: the escalating global threats posed by nation-state actors and the active involvement of profit-driven cybercriminals (often sponsored by the former). The lack of success on the defense side can be attributed to several factors: the complexity of OT environments, the convergence of information technology (IT) and OT, insider attacks, supply chain vulnerabilities, and others. Despite increased cybersecurity … More

The post OT cyber attacks proliferating despite growing cybersecurity spend appeared first on Help Net Security.

"

Autosummary: The advent of cyber physical systems With the convergence of IT, OT, IoT (Internet of Things), and IIoT (Industrial Internet of Things), cyber physical systems (CPS) emerged. Since cyber-attacks and human errors can come from the outside, inside, supply chain, and other contracted third parties, a network-based anomaly detection solution would not cover all the bases. "


Strategies to overcome cybersecurity misconceptions

ciber
2023-10-25 https://www.helpnetsecurity.com/2023/10/25/cybersecurity-misconceptions-video/

Many CISOs may believe their cybersecurity defenses are robust enough to repel any attack, but there are critical misconceptions they may be harboring. In this Help Net Security video, Kevin Kirkwood, Deputy CISO at LogRhythm, stresses that one of the most significant pitfalls is the assumption that their defenses are “good enough.” He believes this complacency can lead to a dangerous sense of security, leaving organizations vulnerable to evolving ransomware threats. The reality is that … More

The post Strategies to overcome cybersecurity misconceptions appeared first on Help Net Security.

"

Autosummary: "


Cyberattack hits 5 hospitals

ciber
2023-10-25 https://www.malwarebytes.com/blog/news/2023/10/cyberattack-on-service-provider-impacts-operations-in-5-hospitals

Categories: News

Tags: Transform

Tags: service provider

Tags: 5 hospitals

Tags: Canada

Tags: cyberattack

A cyberattack on shared service provider TransForm has impacted operations in five Canadian hospitals.

(Read more...)

The post Cyberattack hits 5 hospitals appeared first on Malwarebytes Labs.

"

Autosummary: The five affected hospitals, Bluewater Health, Chatham Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital, have had to reschedule appointments with their patients due to the attack. "


Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

ciber
2023-10-24 https://securityaffairs.com/152946/cyber-crime/spanish-police-dismantled-cybercriminal-group.html

The Spanish police have arrested 34 members of the cybercriminal group that is accused of having stolen data of over four million individuals. The Spanish police have arrested 34 members of a cybercriminal group that is suspected to have stolen data of over four million individuals. The authorities conducted 16 searches in Madrid, Málaga, Huelva, […]

The post Spain police dismantled a cybercriminal group who stole the data of 4 million individuals appeared first on Security Affairs.

"

Autosummary: "


Semperis and Veritas defend enterprises against cyberattacks on Microsoft AD systems

ciber
2023-10-24 https://www.helpnetsecurity.com/2023/10/24/semperis-veritas/

Semperis announced a global relationship with Veritas Technologies to protect enterprises’ most critical assets and identity systems from cyberattacks. The powerful combination of Semperis Active Directory Forest Recovery (ADFR) and Veritas NetBackup provides enterprises with a comprehensive solution to guard against, and recover from, cyberattacks on Microsoft Active Directory (AD) systems. Microsoft AD, the primary identity system and backbone of IT operations for 90 percent of organizations, is a common target for ransomware operators and … More

The post Semperis and Veritas defend enterprises against cyberattacks on Microsoft AD systems appeared first on Help Net Security.

"

Autosummary: The joint solution delivers protection and recovery for AD environments, including: A blueprint for inventorying, classifying, and monitoring data with Veritas 360 Defense to protect it from cyberattacks Anomaly detection and virus scanning through Veritas NetBackup to ensure data is virus-free before recovery Fast, automated, malware-free recovery of the entire AD forest to any virtual or physical hardware with Semperis ADFR in the event of an attack that compromises AD Post-breach forensics with Semperis ADFR to help incident response teams eliminate backdoors, attack paths, and other vulnerabilities remaining in the environment “Veritas and Semperis are industry leaders in data protection and AD security and recovery, respectively,” added Mar-Elia. "


34 Cybercriminals Arrested in Spain for Multi-Million Dollar Online Scams

financial ciber
2023-10-24 https://thehackernews.com/2023/10/34-cybercriminals-arrested-in-spain-for.html
Spanish law enforcement officials have announced the arrest of 34 members of a criminal group that carried out various online scams, netting the gang about €3 million ($3.2 million) in illegal profits. Authorities conducted searches across 16 locations Madrid, Malaga, Huelva, Alicante, and Murcia, seizing two simulated firearms, a katana sword, a baseball bat, €80,000 in cash, four high-end "

Autosummary: "


Veeam and Sophos partner to help organizations detect cybersecurity threats

ciber
2023-10-24 https://www.helpnetsecurity.com/2023/10/24/veeam-software-sophos-partnership/

Veeam Software announced a strategic partnership with Sophos. Through the partnership, Veeam Data Platform will integrate with Sophos Managed Detection and Response (MDR), adding a critical layer of human-led threat detection and response to advance the security of business-critical backups against ransomware attackers who attempt to manipulate, delete or change the customers backup environment as a tactic in their overall attack chain to increase pressure on victims to pay the ransom. With persistent cyberattackers constantly … More

The post Veeam and Sophos partner to help organizations detect cybersecurity threats appeared first on Help Net Security.

"

Autosummary: Should a threat be identified, such as an attacker attempting to tamper with backups, Veeam sends an alert to Sophos MDR—a fully-managed threat hunting, detection and response service that provides a dedicated 24/7 security team that rapidly identifies and neutralizes complex attacks, including ransomware, network breaches, hands-on keyboard adversaries, and more. "


Cyberattack on health services provider impacts 5 Canadian hospitals

ciber
2023-10-24 https://www.bleepingcomputer.com/news/security/cyberattack-on-health-services-provider-impacts-5-canadian-hospitals/
A cyberattack on shared service provider TransForm has impacted operations in five hospitals in Ontario, Canada, impacting patient care and causing appointments to be rescheduled. [...] "

Autosummary: TransForm is a not-for-profit, shared service organization founded by five hospitals in Erie St. Clair, Ontario, to manage their IT, supply chain, and accounts payable. "


Spanish police make 34 arrests, dismantling cybercriminal gang that stole 4 million people’s data

ciber
2023-10-24 https://www.bitdefender.com/blog/hotforsecurity/spanish-police-make-34-arrests-dismantling-cybercriminal-gang-that-stole-4-million-peoples-data/
Spanish police have arrested 34 suspected members of a criminal gang that are alleged to have run a variety of scams to steal data from over four million people. Law enforcement agents across the country took part in 16 searches that not only seized electronic equipment and computer databases, four expensive vehicles, and $80,000 Euros but also confiscated a baseball bat, a katana, and two firearms. Read more in my article on the Hot for Security blog. "

Autosummary: "


Cyberattacks put healthcare organizations on high alert

ciber
2023-10-23 https://www.helpnetsecurity.com/2023/10/23/healthcare-cybersecurity-vulnerabilities-video/

Healthcare organizations have become prime targets for cybercriminals due to the immense value of their data, including patient records, sensitive medical information, and financial data. The importance of protecting this invaluable information, alongside ensuring the seamless operation of medical devices and essential systems, has never been more critical. In this Help Net Security round-up, we present segments from previously recorded videos in which security experts discuss the vulnerabilities and gaps in healthcare cybersecurity. Complete videos … More

The post Cyberattacks put healthcare organizations on high alert appeared first on Help Net Security.

"

Autosummary: "


Spain arrests 34 cybercriminals who stole data of 4 million people

ciber
2023-10-23 https://www.bleepingcomputer.com/news/security/spain-arrests-34-cybercriminals-who-stole-data-of-4-million-people/
The Spanish National Police have dismantled a cybercriminal organization that carried out a variety of computer scams to steal and monetize the data of over four million people. [...] "

Autosummary: "


Centific and Prove Identity partner to bridge cybersecurity and fraud protection gap

ciber
2023-10-23 https://www.helpnetsecurity.com/2023/10/23/centific-prove-identity/

Centific and Prove Identity have partnered to bridge the gap between cybersecurity and fraud protection. This initiative will redefine the digital security landscape by offering a holistic solution for ensuring data privacy, identity verification, and digital fraud protection that protects businesses and their customers while also enhancing customer experiences. This joint effort by Centific and Prove Identity aims to provide a one-stop-shop for businesses looking to enhance digital security while providing safe and seamless customer … More

The post Centific and Prove Identity partner to bridge cybersecurity and fraud protection gap appeared first on Help Net Security.

"

Autosummary: "


University of Michigan employee, student data stolen in cyberattack

ciber
2023-10-23 https://www.bleepingcomputer.com/news/security/university-of-michigan-employee-student-data-stolen-in-cyberattack/
The University of Michigan says in a statement today that they suffered a data breach after hackers broke into its network in August and accessed systems with information belonging to students, applicants, alumni, donors, employees, patients, and research study participants. [...] "

Autosummary: "


Week in review: Cybersecurity cheat sheets, widely exploited Cisco zero-day, KeePass-themed malvertising

exploits ciber
2023-10-22 https://www.helpnetsecurity.com/2023/10/22/week-in-review-cybersecurity-cheat-sheets-widely-exploited-cisco-zero-day-keepass-themed-malvertising/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: North Korean hackers are targeting software developers and impersonating IT workers State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. The collaborative power of CISOs, CTOs and CIOs for a secure future In this Help Net Security interview, Phil Venables, CISO at … More

The post Week in review: Cybersecurity cheat sheets, widely exploited Cisco zero-day, KeePass-themed malvertising appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Admiral James A. Winnefeld, advisor to Acalvio Technologies, compares the strategies of traditional and cyber warfare, discusses the difficulty of determining the attack’s nature, addresses ethical dilemmas, and promotes collaboration and cooperation with allies, partners, and, in some cases, even adversaries. New infosec products of the week: October 20, 2023 Here’s a look at the most interesting products from the past week, featuring releases from Arcitecta, AuditBoard, BackBox, Prevalent, and Thales.Net Security interview, Phil Venables, CISO at Google Cloud, discusses the results of a recent Google report on board collaboration with the C-suite — particularly the CIO, CTO, and CISO to stay current with trends and prioritize security, rather than treating it as an afterthought. "


American Family Insurance confirms cyberattack is behind IT outages

ciber
2023-10-21 https://www.bleepingcomputer.com/news/security/american-family-insurance-confirms-cyberattack-is-behind-it-outages/
Insurance giant American Family Insurance has confirmed it suffered a cyberattack and shut down portions of its IT systems after customers reported website outages all week. [...] "

Autosummary: If you have any information regarding the American Family Insurance cyberattack, you can contact us confidentially via Signal at 646-961-3731 IT systems shut down after cyberattack Since this past weekend, American Family Insurance has suffered IT outages impacting the company"s phone service, building connectivity, and online services. "


The real impact of the cybersecurity poverty line on small organizations

ciber
2023-10-20 https://www.helpnetsecurity.com/2023/10/20/brent-deterding-afni-cybersecurity-poverty-line/

The financial constraints many smaller organizations face often cast shadows on their ability to fortify defenses. In this Help Net Security interview, Brent Deterding, CISO at Afni, delves into the realities and myths surrounding the cybersecurity poverty line, exploring the role of budget, knowledge, and leadership. Challenging popular notions and offering actionable insights, Deterding reveals how organizations can rise above financial limitations to safeguard their digital assets effectively. An organization’s modest budget restricts it from … More

The post The real impact of the cybersecurity poverty line on small organizations appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Brent Deterding, CISO at Afni, delves into the realities and myths surrounding the cybersecurity poverty line, exploring the role of budget, knowledge, and leadership.That said, I don’t believe people, processes, or technology are limiting factors because significant risk reduction is simple (technology), easy (people/process), and cheap. "


Kwik Trip finally confirms cyberattack was behind ongoing outage

ciber
2023-10-20 https://www.bleepingcomputer.com/news/security/kwik-trip-finally-confirms-cyberattack-was-behind-ongoing-outage/
Two weeks into an ongoing IT outage, Kwik Trip finally confirmed that it"s investigating a cyberattack impacting the convenience store chain"s internal network since October 9. [...] "

Autosummary: With a workforce exceeding 35,000 employees, Kwik Trip also manages stores under various banners, including Tobacco Outlet Plus, Tobacco Outlet Plus Grocery, Hearty Platter, Kwik Spirits, and Stop-N-Go. "


ABS Consulting and Dragos boost OT cybersecurity partnership for federal and commercial sectors

ciber
2023-10-20 https://www.helpnetsecurity.com/2023/10/20/abs-consulting-dragos/

ABS Consulting and Dragos have expanded their strategic partnership to provide operational technology (OT) cybersecurity solutions, services and training to federal and commercial organizations. This strategic partnership will build on the companies’ existing work together, further integrating Dragos’ OT cybersecurity technology with ABS Consulting’s OT risk management expertise to address the market-wide demand for a comprehensive, well-resourced approach to cyber defense. “As cyber attacks on critical industries become more frequent and severe, securing the facilities … More

The post ABS Consulting and Dragos boost OT cybersecurity partnership for federal and commercial sectors appeared first on Help Net Security.

"

Autosummary: "


Business resilience becomes primary force behind cybersecurity investments

ciber
2023-10-19 https://www.helpnetsecurity.com/2023/10/19/business-resilience-investments/

Over 80% of northern European organizations emphasize that the need to ensure business resilience is the top driver for their cybersecurity investments, according to Nixu. The report reveals both encouraging progress and increasing concerns. Alarmingly, 50% of organizations reach only a poor or deficient level in cybersecurity. “The prominence of business resilience as a driver for cybersecurity investments highlights the increasing awareness of the need to protect operations and ensure continuity. Overall, the Nixu report … More

The post Business resilience becomes primary force behind cybersecurity investments appeared first on Help Net Security.

"

Autosummary: Through better security monitoring, organizations are able to detect early indications of attacks, and with more sophisticated response capabilities, organizations can limit the impact of any incident,” says Jan Mickos, Nixu’s SVP and Service Area Lead of Managed Services. To solve the serious issues of managing competences and ensuring resilience, the report recommends consistent cybersecurity management, investing in risk management, and complementing internal operations with an external service delivery capabilities partner. "


Reinforcing cybersecurity: The network’s role to prevent, detect, and respond to attacks

ciber
2023-10-19 https://www.helpnetsecurity.com/2023/10/19/dns-issue/

It’s always DNS. That’s what the famous internet meme popular among sysadmins says anyway. It’s funny because while clearly, every network issue doesn’t resolve to some funky DNS issue, too many network admins have banged their heads against their keyboard for hours only to find out that the culprit was indeed some DNS issue. Yes, it might not always be DNS, but when it comes to cyberattacks, it is too often the network. Example: In … More

The post Reinforcing cybersecurity: The network’s role to prevent, detect, and respond to attacks appeared first on Help Net Security.

"

Autosummary: But to give you an idea of how to use the framework, I’ll give you a few questions to ask your network team to determine your level of organization maturity in each area: Prevent: Does our network monitoring include only IP, port, and protocol tracking? I sum up the organization network security triad as such: Prevent : Reduce the likelihood of a full-blown attack before it happens : Reduce the likelihood of a full-blown attack before it happens Detect : Mitigate attacks faster when they do occur :Prevent, detect, respond I believe the key to better network security can be summed up with the triad of Prevent, Detect, and Respond. "


2024 cybersecurity predictions: GenAI edition

ciber
2023-10-19 https://www.helpnetsecurity.com/2023/10/19/genai-2024-cybersecurity-predictions/

Unless you have lived under a rock for the past year, you know that generative artificial intelligence applications, such as ChatGPT, have penetrated many aspects of our online lives. From generating marketing content, creating images for advertisements and blogs, or even writing malicious code, we are all interacting with the results of generative AI in some ways daily. So, when I was thinking about writing about 2024 predictions, I thought, why not give Gen AI … More

The post 2024 cybersecurity predictions: GenAI edition appeared first on Help Net Security.

"

Autosummary: While eliminating the potential of an attack is unrealistic, ensuring proper network segmentation, adopting new automation capabilities regarding security analytics, and (yes, again) proper cybersecurity training for everyone, including contractors, can go a long way.The fact of the matter, though, is that no one knows what the new year has to offer, aside from the fact that attackers will continue to attack, defenders will continue to defend, and vendors and service providers will be here to help.AI-powered attacks may include more convincing phishing attempts, automated malware creation, evasion of security measures, and personalized social engineering attacks, making it harder for traditional defense mechanisms to detect and prevent them. While that attack was a wake-up call for many organizations to be more vigilant regarding their network segmentation, third-party access, and more, only some have taken the appropriate steps to ensure they are protected from a similar attack. "


10 essential cybersecurity cheat sheets available for free

ciber
2023-10-18 https://www.helpnetsecurity.com/2023/10/18/cybersecurity-cheat-sheets/

Cheat sheets are concise, to-the-point references tailored for instant insights. This article provides a curated list of 10 essential cybersecurity cheat sheets, all free to download. Whether you’re seeking a quick refresher or a beginner trying to make sense of it all, these resources will help. The ABCs of cybersecurity terms Whether you are looking to start a career in cybersecurity or actively wanting to protect your personal information, you will need to know and … More

The post 10 essential cybersecurity cheat sheets available for free appeared first on Help Net Security.

"

Autosummary: This cheat sheet outlines tips and tools for analyzing malicious documents, such as Microsoft Office, RTF, and PDF files. "


Plastic surgeries warned by the FBI that they are being targeted by cybercriminals

ciber
2023-10-18 https://www.tripwire.com/state-of-security/plastic-surgeries-warned-fbi-they-are-being-targeted-cybercriminals
Plastic surgeries have been warned that they are being targeted by cybercriminals plotting to steal sensitive data - ncluding patients" medical records and photographs - that will be later used for extortion. Read more in my article on the Tripwire State of Security blog. "

Autosummary: With the information that has been stolen and collated, criminals contact plastic surgeons and their patients via social media, email, text messages, and demand payment with the promise that if a ransom is paid the stolen sensitive data will not be published. "


Cyberattacks on healthcare organizations affect patient care

ciber
2023-10-17 https://www.helpnetsecurity.com/2023/10/17/healthcare-organizations-cyberattacks/

88% of organizations experienced an average of 40 attacks in the past 12 months, according to a survey conducted by the Proofpoint and Ponemon Institute. Supply chain attacks: Leading patient care risk The average total cost of a cyberattack experienced by healthcare organizations was $4.99 million, a 13% increase from the previous year. Among the organizations that suffered the four most common types of attacks—cloud compromise, ransomware, supply chain, and BEC — an average of … More

The post Cyberattacks on healthcare organizations affect patient care appeared first on Help Net Security.

"

Autosummary: Error. "


CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks

ciber Telcos
2023-10-17 https://thehackernews.com/2023/10/cert-ua-reports-11-ukrainian-telecom.html
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that threat actors "interfered" with at least 11 telecommunication service providers in the country between May and September 2023. The agency is tracking the activity under the name UAC-0165, stating the intrusions led to service interruptions for customers. The starting point of the attacks is a reconnaissance phase in "

Autosummary: "


Fighting off cyberattacks? Make sure user credentials aren’t compromised

ciber
2023-10-17 https://www.bleepingcomputer.com/news/security/fighting-off-cyberattacks-make-sure-user-credentials-arent-compromised/
Login credential theft presents one of the biggest and most enduring cybersecurity problems. This article by Specops SOftware looks at the motivations driving credential theft and the tactics bad actors are likely to use. [...] "

Autosummary: Most people — 51% admit to reusing the same login credentials across multiple sites, so if bad actors can successfully access one set of credentials, they can likely access multiple bank accounts, credit cards, emails, and more. So, for example, if your end-user decides to use their ultra-secure 20-character Hulu password as their password to log into corporate email account, your security is at risk. Motives for Credential Theft The dark web is filled with cybercriminals interested in selling stolen data to the highest bidder — things like social security numbers, sensitive corporate data, passwords, or credit card information. "


KwikTrip all but says IT outage was caused by a cyberattack

ciber
2023-10-17 https://www.bleepingcomputer.com/news/security/kwiktrip-all-but-says-it-outage-was-caused-by-a-cyberattack/
Kwik Trip has released another statement on an ongoing outage, all but confirming it suffered a cyberattack that has led to IT system disruptions. [...] "

Autosummary: Kwik Trip is a US chain of over 800 convenience stores and gas stations in Michigan, Minnesota, and Wisconsin, also operating under the name Kwik Star in Illinois, Iowa, and South Dakota. "


New PEAPOD Cyberattack Campaign Targeting Women Political Leaders

ciber
2023-10-13 https://thehackernews.com/2023/10/new-peapod-cyberattack-campaign.html
European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the name Void Rabisu, which is also known as Storm-0978, Tropical Scorpius, and UNC2596, and is also "

Autosummary: "Void Rabisu is one of the clearest examples where we see a mix of the typical tactics, techniques, and procedures (TTPs) used by cybercriminal threat actors and TTPs used by nation-state-sponsored threat actors motivated primarily by espionage goals," Trend Micro said. "


Simpson Manufacturing shuts down IT systems after cyberattack

industry ciber
2023-10-11 https://www.bleepingcomputer.com/news/security/simpson-manufacturing-shuts-down-it-systems-after-cyberattack/
Simpson Manufacturing disclosed via a SEC 8-K filing a cybersecurity incident that has caused disruptions in its operations, which are expected to continue. [...] "

Autosummary: "On October 10, 2023, Simpson Manufacturing Co., Inc. experienced disruptions in its Information Technology (IT) infrastructure and applications resulting from a cybersecurity incident," reads the statement. "


6 steps to getting the board on board with your cybersecurity program

ciber
2023-10-11 https://www.welivesecurity.com/en/business-security/6-steps-getting-board-on-board-cybersecurity-program/
How CISOs and their peers can better engage with boards to get long-term buy-in for strategic initiatives "

Autosummary: In Europe, EU security agency ENISA warned in 2022 of a surge in zero-day exploits, ransomware-as-a-service, hackers-for-hire, supply chain attacks and social engineering. In fact, according to one study, only two-fifths (39%) of security decision makers believe their company leadership truly understands the role cybersecurity plays in business success.Thus, they can create that security-by-design culture that every organization should aspire to, and in so doing prove to sceptical boards that security should be embedded into every part of the business. "


Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms

financial ciber
2023-10-09 https://thehackernews.com/2023/10/cybercriminals-using-evilproxy-phishing.html
Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Menlo Security said the activity started in July 2023, primarily singling out banking and financial services, insurance, property management and "

Autosummary: " In the latest set of attacks documented by Menlo Security, victims are sent phishing emails with a deceptive link pointing to Indeed, which, in turn, redirects the individual to an EvilProxy page to harvest the credentials entered. "


Revealed! The top 10 cybersecurity misconfigurations, as determined by CISA and the NSA

ciber
2023-10-06 https://www.tripwire.com/state-of-security/revealed-top-10-cybersecurity-misconfigurations-determined-cisa-and-nsa
A joint advisory from the United States"s National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) has shone a light on the top ten most common cybersecurity misconfigurations found in large private and public organisations. Read more in my article on the Tripwire State of Security blog. "

Autosummary: Improper separation of user/administrator privilege Insufficient internal network monitoring Lack of network segmentation Poor patch management Bypass of system access controls Weak or misconfigured multifactor authentication (MFA) methods Insufficient access control lists (ACLs) on network shares and services Poor credential hygiene Unrestricted code execution There"s no doubt that problems like these are present in many organisations, both private and public sector. "


Soft skills continue to challenge the cybersecurity sector

ransomware ciber
2023-10-05 https://www.helpnetsecurity.com/2023/10/05/soft-skills-cybersecurity-sector/

New cybersecurity findings pinpoint areas where cybersecurity experts are lacking, with interpersonal skills, cloud computing, and security measures standing out as the most prominent skill deficiencies in cybersecurity specialists, according to a new ISACA report. 59 percent of cybersecurity leaders say their teams are understaffed. 50 percent of respondents indicated job openings for nonentry-level roles, compared to 21 percent with job openings for entry-level positions. Cybersecurity talent retention struggles persist Strides have been made in … More

The post Soft skills continue to challenge the cybersecurity sector appeared first on Help Net Security.

"

Autosummary: DevSecOps (36 percent) When looking at soft skills, communication (58 percent), critical thinking (54 percent), problem-solving (49 percent), teamwork (45 percent), and attention to detail (36 percent) come in as the top five skills employers are seeking in cybersecurity job candidates. "


Lyca Mobile investigates customer data leak after cyberattack

ciber
2023-10-05 https://www.bleepingcomputer.com/news/security/lyca-mobile-investigates-customer-data-leak-after-cyberattack/
Lyca Mobile has released a statement about an unexpected disruption on its network caused by a cyberattack that may have also compromised customer data. [...] "

Autosummary: The British company provides mobile telecommunications and voice IP (VoIP) services in 60 countries, including the United States, the U.K., Germany, Australia, France, Italy, and the Netherlands. "


NSA and CISA reveal top 10 cybersecurity misconfigurations

ciber
2023-10-05 https://www.bleepingcomputer.com/news/security/nsa-and-cisa-reveal-top-10-cybersecurity-misconfigurations/
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations. [...] "

Autosummary: Mitigations that would have this effect include: eliminating default credentials and hardening configurations, deactivating unused services and implementing stringent access controls, ensuring regular updates and automating the patching process, giving priority to patching known vulnerabilities that have been exploited, and reducing, restricting, auditing, and closely monitoring administrative accounts and privileges. "


Cybersecurity preparedness pays big dividends for businesses

ciber
2023-10-04 https://www.helpnetsecurity.com/2023/10/04/businesses-cybersecurity-preparedness/

Businesses are taking cybersecurity more seriously by boosting resources and preparedness, according to GetApp. US businesses on the whole are gaining ground against cybercriminals after several years of increasingly severe threats, but the Las Vegas cyberattacks are a stark reminder of the cost of a breach. GetApp’s report reveals that the ransomware rate remains alarmingly high at 37%, despite meaningful improvements over the last year. While there is still work to be done, increased investments … More

The post Cybersecurity preparedness pays big dividends for businesses appeared first on Help Net Security.

"

Autosummary: Phishing effectiveness has cooled from last year’s critical high: 80% of businesses report receiving phishing emails this year (from 89% in 2022), and 61% say their employees clicked on a malicious link (from 81% in 2022). "


Evolving conversations: Cybersecurity as a business risk

ciber
2023-10-03 https://www.helpnetsecurity.com/2023/10/03/ciso-board-relationship/

Board members often lack technical expertise and may not fully grasp cyber risks. On the other hand, CISOs are more accustomed to interfacing with IT staff. This is understandable; the board is responsible for guiding high-level decision-making. They rarely become involved with the details, leaving implementation plans and technical audits for the CISO to handle. The solution is effectively integrating the CISO into the C-suite and forming a collaborative relationship with the board. By using … More

The post Evolving conversations: Cybersecurity as a business risk appeared first on Help Net Security.

"

Autosummary: By tying security programs to concrete goals across risk, CX, growth, compliance, and resilience, organizations can shift perspectives and unlock additional resources. Armed with the right information, it is up to the CISO to bring the board members to the same page when it comes to securing their organizations, being prepared for worst case-scenario, while also translating cybersecurity measures as drivers towards meeting business outcomes and maximizing the organization’s impact. Making cybersecurity part of the business growth strategy Cybersecurity has evolved as threats have evolved, with new tools at attackers’ disposal such as FraudGPT, EvilGPT, and WormGPT. "


Playing your part in building a safer digital world: Why cybersecurity matters

ciber
2023-10-03 https://www.welivesecurity.com/en/cybersecurity/playing-your-part-building-safer-digital-world-why-cybersecurity-matters/
In an increasingly complex and interconnected digital landscape, personal cybersecurity empowers you to protect your data, privacy and digital well-being "

Autosummary: It could include: Loss of access to your devices/machines (if they become compromised with malware) Loss of access to your social media accounts Financial loss due to stolen card details or scams which trick you into sending money/buying fraudulently advertised items Psychological distress from suffering a breach or scam Time and money spent trying to reclaim fraudulently obtained funds The administrative burden of regaining access and resetting account passwords across multiple accounts Physical danger, if smart home security cameras and child monitors are hijacked The scale of some cybercrime categories is astonishing.We trust others to guard our most sensitive data: Even if we secure our devices and online accounts, what happens to the personal and financial information we entrust with our insurer, healthcare organization, bank, cloud storage provider or other business?Deployed primarily in phishing messages, the end goal is usually to trick the victim into handing over their logins, personal information or card details, or getting them to click a link which could download malware to your machine or device.TVs, refrigerators, security cameras, speakers – you name the appliance and you can usually buy a version which is connected to the internet and sports a computer chip for processing data. "


Eclypsium’s threat detection capabilities defend network infrastructure from cybercriminals

ciber
2023-10-02 https://www.helpnetsecurity.com/2023/10/02/eclypsium-threat-detection/

Eclypsium launches new threat detection capabilities for network appliances to its Eclypsium supply chain security platform. Over the past summer, ransomware groups including Akira, CACTUS, FIN8, and LockBit have been observed attacking network appliances from a number of vendors, looking to evade endpoint security and maintain persistence within target environments. In addition, state-sponsored adversaries continue to target network devices, with the NSA and CISA recently issuing an advisory about the BlackTech group targeting network routers … More

The post Eclypsium’s threat detection capabilities defend network infrastructure from cybercriminals appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity budgets show moderate growth

ciber
2023-09-29 https://www.helpnetsecurity.com/2023/09/29/cybersecurity-budgets-growth/

Despite the economic uncertainty and inflation, security budgets generally continued to rise but at a lower rate than prior years, according to new research from IANS and Artico Search. Security budgets increase by 6% in 2023 Respondents reported an average security budget increase of 6%, a significant decrease from the 17% increase in the previous budget cycle and marks a 65% reduction in growth. Across industries, the decline was most prominent in technology firms, which … More

The post Cybersecurity budgets show moderate growth appeared first on Help Net Security.

"

Autosummary: Compared to publicly listed companies, not-for-profit organizations, and other forms of private enterprises, VC-backed firms have an outsized security budget percentage, averaging nearly 30%, which is more than 2x the overall percentage. "


Nexusflow raises $10.6 million to improve generative AI in cybersecurity

ciber
2023-09-29 https://www.helpnetsecurity.com/2023/09/29/nexusflow-seed-round-10-6-million/

Nexusflow announced that it has raised a $10.6 million seed round led by Point72 Ventures, with participation from Fusion Fund and several AI luminaries in Silicon Valley. Nexusflow was founded by AI experts Professor Jiantao Jiao and Professor Kurt Keutzer from the Berkeley AI Research (BAIR) Lab, along with industry AI leader Jian Zhang. Jian Zhang received his Ph.D. from the Stanford AI Lab and served as the former Machine Learning Director at SambaNova Systems, … More

The post Nexusflow raises $10.6 million to improve generative AI in cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar

exploits ciber
2023-09-29 https://thehackernews.com/2023/09/cybercriminals-using-new-asmcrypt.html
Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.," Kaspersky said in an analysis published this week. DoubleFinger was first "

Autosummary: Thus, when a file is uploaded, the website returns a malicious binary that masquerades as a PDF with a double extension ".pdf.exe" that, upon execution, harvests sensitive information from infected hosts. "


The hidden costs of neglecting cybersecurity for small businesses

ciber
2023-09-28 https://www.helpnetsecurity.com/2023/09/28/raffaele-mautone-judy-security-small-businesses-cybersecurity-solutions/

In this Help Net Security interview, Raffaele Mautone, CEO of Judy Security, talks about the cybersecurity problems that small businesses face and the need for prioritization to save businesses from potential fines and damage to their brand reputation. He also discusses trends and steps small businesses can take to protect themselves, even with an insufficient cybersecurity budget. One of the primary reasons small business owners cite for not investing in cybersecurity is the expense involved. … More

The post The hidden costs of neglecting cybersecurity for small businesses appeared first on Help Net Security.

"

Autosummary: Additionally, employees should be well-versed in proper data handling, including encryption and secure file sharing practices, and should be educated on device security, including keeping devices updated with security patches and using secure networks.In this Help Net Security interview, Raffaele Mautone, CEO of Judy Security, talks about the cybersecurity problems that small businesses face and the need for prioritization to save businesses from potential fines and damage to their brand reputation. "


SeeMetrics releases customizable Cybersecurity Performance Boards

industry ciber
2023-09-27 https://www.helpnetsecurity.com/2023/09/27/seemetrics-cybersecurity-performance-boards/

SeeMetrics launched its latest innovation: Customizable Cybersecurity Performance Boards. This product launch marks a significant milestone as it allows security leaders to communicate their desired narrative to different stakeholders and in the context that matters most to them. This customization comes in two essential dimensions: Security leaders can now instantaneously create their own Cybersecurity Performance Boards, selecting from a library of ready-to-use metrics that align with their specific needs and goals. Secondly, the customization extends … More

The post SeeMetrics releases customizable Cybersecurity Performance Boards appeared first on Help Net Security.

"

Autosummary: Secondly, the customization extends to the metrics level as well, allowing leaders to set thresholds, filter business units, timeframes, asset types, geographic considerations and more in a dynamic way. "


5 of the top programming languages for cybersecurity

ciber
2023-09-27 https://www.welivesecurity.com/en/secure-coding/5-top-programming-languages-cybersecurity/
While far from all roles in security explicitly demand coding skills, it’s challenging to envision a career in this field that wouldn’t derive substantial advantages from at least a basic understanding of fundamental coding principles "

Autosummary: Conclusion Obviously there are other programming languages that are widely used in cybersecurity, such as C and C++, Java, Bash, Go, and Ruby, but those will be topics for future blogposts. "


MITRE ATT&CK project leader on why the framework remains vital for cybersecurity pros

ciber
2023-09-26 https://www.helpnetsecurity.com/2023/09/26/adam-pennington-mitre-attck-framework/

MITRE ATT&CK, a common language for cybersecurity professionals to communicate with each other and better understand real-world adversary behaviors, celebrates its 10th anniversary this fall. In this Help Net Security interview, project leader Adam Pennington discusses the framework, how defenders can best use it, and what’s next. What were the main drivers behind the creation of the MITRE ATT&CK framework back in 2013? The framework was born out of an internal exercise performed at MITRE’s … More

The post MITRE ATT&CK project leader on why the framework remains vital for cybersecurity pros appeared first on Help Net Security.

"

Autosummary: In the last five years, we’ve expanded the core framework with ATT&CK for industrial control systems, mobile, Linux, various cloud platforms (Office 365, Azure, etc.), network devices (computer switches and routers), and more. Additionally, we monitor social media, public reports from various government entities, and updates from incident response firms.In 2018, we amassed enough interest to launch ATT&CKcon (the fourth iteration of the user conference will run Oct. 24-25 at MITRE’s McLean, Va., headquarters). "


Cybersecurity skills employers are desperate to find in 2023

ciber
2023-09-26 https://www.helpnetsecurity.com/2023/09/26/sought-after-cybersecurity-skills-2023-video/

The surge in digital economic growth and our increasing dependence on it make cybersecurity a critical profession. In this Help Net Security video, Aaron Rosenmund, Director of Security Research and Curriculum, Pluralsight, discusses the most sought-after cybersecurity skills in today’s competitive labor market. Download: Ultimate guide to Certified in Cybersecurity

The post Cybersecurity skills employers are desperate to find in 2023 appeared first on Help Net Security.

"

Autosummary: "


Stratascale acquires Vector0 to strengthen its cybersecurity services

ciber
2023-09-26 https://www.helpnetsecurity.com/2023/09/26/stratascale-vector0-acquisition/

Stratascale, an SHI company, announced the acquisition of Vector0, an Attack Surface Management (ASM) provider. Through the acquisition, Stratascale professionals and their customers gain visibility of attack vectors and points of vulnerability, enhancing Stratascale’s ability to deliver proactive cybersecurity services. “Vector0 enables us to offer a comprehensive and proactive approach to Attack Surface Validation (ASV), giving organizations the tools they need to secure their digital initiatives effectively,” said David Olzak, Senior Vice President at Stratascale. … More

The post Stratascale acquires Vector0 to strengthen its cybersecurity services appeared first on Help Net Security.

"

Autosummary: "


Essential Guide to Cybersecurity Compliance

ciber
2023-09-26 https://thehackernews.com/2023/09/essential-guide-to-cybersecurity.html
SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance. What is cybersecurity compliance? "

Autosummary: Intruder provides actionable, audit ready reports, so you can easily show your security posture to auditors, stakeholders and customers PCI DSS The PCI DSS (Data Security Standard) was developed by the PCI Security Standards Council and the major card brands (American Express, Mastercard and Visa) to regulate anyone that stores, processes, and/or transmits cardholder data. ISO 27001 ISO produces a set of voluntary standards for a variety of industries – ISO 27001 is the standard for best practice in an ISMS (information security management system) to manage the security of financial information, intellectual property, personnel information, and other third-party information. Security basics like risk assessments, encrypted data storage, vulnerability management and incident response plans are fairly common across standards, but what systems and operations must be secured, and how, are specific to each standard. Compliance doesn"t have to mean complexity Compliance can seem like a labour-intensive and expensive exercise, but it can pale in comparison to the cost of fixing a breach, paying settlements to customers, losing your reputation, or paying fines. SOC 2 SaaS and born-in-the-cloud businesses that provide digital services and systems will be most familiar with SOC 2 as it covers the storage, handling and transmission of digital data, although certification is becoming increasingly popular with all service providers. "


Sony investigates cyberattack as hackers fight over who"s responsible

ciber
2023-09-26 https://www.bleepingcomputer.com/news/security/sony-investigates-cyberattack-as-hackers-fight-over-whos-responsible/
Sony says that it is investigating allegations of a cyberattack this week as different hackers have stepped up to claim responsibility for the purported hack. Thus far, over 3.14 GB of uncompressed data, allegedly belonging to Sony, has been dumped on hacker forums. [...] "

Autosummary: The threat actor states that the dump contains: "A lot of credentials for internal systems," and files related to: SonarQube Creators Cloud Sony"s certificates A device emulator for generating licenses qasop security Incident response policies and more. "


Webinar: Bridging digital transformation & cybersecurity

ciber
2023-09-26 https://www.malwarebytes.com/blog/business/2023/09/webinar-bridging-digital-transformation-cybersecurity

Categories: Business

How can organizations stay secure amidst the ceaseless tide of change?

(Read more...)

The post Webinar: Bridging digital transformation & cybersecurity appeared first on Malwarebytes Labs.

"

Autosummary: Meet the Experts Marcin Kleczynski , CEO of Malwarebytes, teams up with , CEO of Malwarebytes, teams up with Chris Brock, Drummond"s Chief Information Officer. "


Hands-on threat simulations: empower cybersecurity teams to confidently combat threats

ciber
2023-09-25 https://www.helpnetsecurity.com/2023/09/25/cybersecurity-teams-skills/

Security processes are increasingly automated which has led some businesses to deprioritize developing their security teams’ defense skills. While antivirus and non-human generated threat detections efficiently identify vulnerabilities, they cannot detect every single threat. With the rising number of cyber-attacks, organizations must make sure they are ready to defend themselves. That means equipping cybersecurity teams with sufficient skills to identify and effectively stop an attack in its tracks. Worryingly, only 17% of tech workers are … More

The post Hands-on threat simulations: empower cybersecurity teams to confidently combat threats appeared first on Help Net Security.

"

Autosummary: One group poses as the opposing force, or in this case, cyber criminals, while testing the ability of the defenders to detect and protect against such attacks.Hands-on threat simulations will arm cybersecurity experts with the skills and confidence necessary to react to a cyber-attack calmly and efficiently, whilst protecting the company’s sensitive data and avoiding costly damages.This allows them to quickly check the efficacy of their monitoring tools, as well as their people and processes, on an ongoing basis, that is accurate to current threats. "


Balancing cybersecurity with convenience and progress

ciber
2023-09-25 https://www.helpnetsecurity.com/2023/09/25/cybersecurity-progress/

Changing approaches to cybersecurity have led to slow but steady progress in defense and protection. Still, competing interests create a growing challenge for cybersecurity decision makers and practitioners, according to CompTIA. The state of cybersecurity Most business and technology professionals feel that cybersecurity is improving, both generally and within their organizations. They also acknowledge that the stakes have grown dramatically, with the number of cybercriminals and threats skyrocketing. At the same time, companies are capturing … More

The post Balancing cybersecurity with convenience and progress appeared first on Help Net Security.

"

Autosummary: Threat focus areas for organizations include malware, cited by 40% of U.S. respondents, ransomware (33%), firmware hacking (31%), IoT-based attacks (31%), hardware-based attacks (31%) and phishing (30%). Monitoring network traffic and detecting malware (53%) Analyzing user behavior patterns (50%) Automating response to cybersecurity incidents (48%) Automating configuration of cybersecurity infrastructure (45%) "


Week in review: 18 free Microsoft Azure cybersecurity resources, K8 vulnerability allows RCE

exploits ciber
2023-09-24 https://www.helpnetsecurity.com/2023/09/24/week-in-review-18-free-microsoft-azure-cybersecurity-resources-k8-vulnerability-allows-rce/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: LLM Guard: Open-source toolkit for securing Large Language Models LLM Guard is a toolkit designed to fortify the security of Large Language Models (LLMs). It is designed for easy integration and deployment in production environments. Industrial cybersecurity giant Dragos rakes in new funding, sets sights on global expansion The Dragos Platform is technology built for practitioners by practitioners that arms … More

The post Week in review: 18 free Microsoft Azure cybersecurity resources, K8 vulnerability allows RCE appeared first on Help Net Security.

"

Autosummary: Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993) exploited “against versions of iOS before iOS 16.7.” New infosec products of the week: September 22, 2023 Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Dig Security, Laiyer.ai, Viavi Solutions, and Wing Security. "


SMEs overestimate their cybersecurity preparedness

ciber
2023-09-22 https://www.helpnetsecurity.com/2023/09/22/smes-cyber-threats/

57% of SMEs have fallen victim to at least one cybersecurity breach, among whom 31% reported that their business experienced a breach within the past 12 months alone, according to Guardz. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Businesses neglect employee cybersecurity training Meanwhile, 29% of small and medium-sized businesses reported currently having no … More

The post SMEs overestimate their cybersecurity preparedness appeared first on Help Net Security.

"

Autosummary: However, 44% of respondents believe that their current antivirus solution fully protects their business, employees, and data, and 25% of businesses admit to not regularly training their employees on cybersecurity best practices or never have. "


Information of Air Canada employees exposed in recent cyberattack

ciber
2023-09-22 https://securityaffairs.com/151202/data-breach/air-canada-data-breach-2.html

Air Canada, the flag carrier and largest airline of Canada, announced that the personal information of some employees was exposed as a result of a recent cyberattack. Air Canada, the flag carrier and largest airline of Canada, announced that threat actors had access to the personal information of some employees during a recent cyberattack. “An […]

The post Information of Air Canada employees exposed in recent cyberattack appeared first on Security Affairs.

"

Autosummary: Information of Air Canada employees exposed in recent cyberattack Pierluigi Paganini September 22, 2023 September 22, 2023 Air Canada, the flag carrier and largest airline of Canada, announced that the personal information of some employees was exposed as a result of a recent cyberattack. "


Government of Bermuda links cyberattack to Russian hackers

government rusia-ucrania ciber
2023-09-22 https://www.bleepingcomputer.com/news/security/government-of-bermuda-links-cyberattack-to-russian-hackers/
The Government of British Overseas Territory Bermuda has linked a cyberattack affecting all its departments" IT systems since Thursday to hackers based out of Russia. [...] "

Autosummary: "


How companies can take control of their cybersecurity

ciber
2023-09-21 https://www.helpnetsecurity.com/2023/09/21/baya-lonqueux-reciproc-it-cybersecurity-risk-management/

In this Help Net Security interview, Baya Lonqueux, CEO at Reciproc-IT, discusses the evolving cybersecurity landscape and the essential skillsets needed for teams working in this field. The interview highlights the shift from technical expertise to a focus on organizational and governance skills for managing business cybersecurity risks. Lonqueux also addresses the proactive measures required to mitigate cybersecurity risks, emphasizing the importance of identifying security needs, ensuring compliance, and simulating risks for prioritized actions. Even … More

The post How companies can take control of their cybersecurity appeared first on Help Net Security.

"

Autosummary: Lonqueux also addresses the proactive measures required to mitigate cybersecurity risks, emphasizing the importance of identifying security needs, ensuring compliance, and simulating risks for prioritized actions.Companies, for their part, need to target their protection strategy, securing what is sensitive, isolating critical assets to avoid massive surveillance protections that encourage error. "


Regulatory pressure complicates cybersecurity for industrial equipment manufacturers

industry ciber
2023-09-21 https://www.helpnetsecurity.com/2023/09/21/industrial-equipment-manufacturers-security/

50% of companies lack a dedicated security function for control systems and devices within their organizational structure, according to Cybellum. Security incidents involving industrial organizations have seen a sharp rise in recent years, with notable cases highlighting the vulnerabilities in our interconnected world. IT-OT convergence, as well as the trend towards remote maintenance, amplify potential risks even further. As industrial devices become increasingly software-driven machines reliant on an insecure software supply chain, and with regulatory … More

The post Regulatory pressure complicates cybersecurity for industrial equipment manufacturers appeared first on Help Net Security.

"

Autosummary: "


18 free Microsoft Azure cybersecurity resources you should check out

ciber
2023-09-20 https://www.helpnetsecurity.com/2023/09/20/free-microsoft-azure-cybersecurity-resources/

Far exceeding a traditional public cloud platform, Azure is a comprehensive suite of over 200 products and cloud services engineered to solve current challenges and pave the way for the future. Whether you’re looking to build, run, or manage applications, Azure’s extensive offerings span multiple clouds, on-premises setups, and even the edge, allowing you the flexibility to use the tools and frameworks you’re most comfortable with. Here’s a list of free Azure cybersecurity resources that … More

The post 18 free Microsoft Azure cybersecurity resources you should check out appeared first on Help Net Security.

"

Autosummary: By the end of this module you will be able to: Implement and manage a user risk policy Implement and manage sign-in risk policies Implement and manage MFA registration policy Monitor, investigate, and remediate elevated risky users 33 min Explore how to use built-in Azure roles, managed identities, and RBAC-policy to control access to Azure resources.By the end of this module, you are able to: Design security operations capabilities in hybrid and multi-cloud environments Design centralized logging and auditing Design SIEM solutions Design a solution for detection and response that includes XDR Design a solution for SOAR Design security workflows Design and evaluate threat detection with the MITRE ATT&CK framework More resources:By the end of this module, you’re able to: Evaluate security posture by using Microsoft Cloud Security Benchmark, Microsoft Defender for Cloud, and Secure Scores Design integrated security posture management and workload protection solutions in hybrid and multicloud environments Design cloud workload protection solutions that use Microsoft Defender for Cloud 42 min Securing Azure AI Services can help prevent data loss and privacy violations for user data that may be a part of the solution.By the end of this module, you will be able to: Define what a key vault is and how it protects certificates and secrets Deploy and configure Azure Key Vault Secure access and administration of your key vault Store keys and secrets in your key vault Explore key security considers like key rotation and backup / recovery 45 min Learn how Azure Storage provides multilayered security to protect your data. "


Rising OT/ICS cybersecurity incidents reveal alarming trend

industry ciber
2023-09-20 https://www.helpnetsecurity.com/2023/09/20/ot-ics-cybersecurity-incidents/

60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time), according to Rockwell Automation. This corroborates other industry research showing OT/ICS (Industrial Control Systems) cybersecurity incidents are increasing in volume and frequency, and are targeting critical infrastructure, such as energy producers. Insiders unintentionally aid threat actors “Energy, critical manufacturing, water treatment and nuclear facilities are among the types of critical infrastructure … More

The post Rising OT/ICS cybersecurity incidents reveal alarming trend appeared first on Help Net Security.

"

Autosummary: Insiders unintentionally aid threat actors “Energy, critical manufacturing, water treatment and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents,” said Mark Cristiano, commercial director of Global Cybersecurity Services at Rockwell Automation. "


What a mess! Clorox warns of “material impact” to its financial results following cyberattack

financial ciber
2023-09-20 https://www.bitdefender.com/blog/hotforsecurity/what-a-mess-clorox-warns-of-material-impact-to-its-financial-results-following-cyberattack/
Clorox, the household cleaning product manufacturer, has admitted that its financial results for the first quarter could see a "material impact" after hackers attacked its systems. Read more in my article on the Hot for Security blog. "

Autosummary: "


NightDragon and CyberKnight strengthen cybersecurity in the Middle East, Turkey and Africa

ciber
2023-09-19 https://www.helpnetsecurity.com/2023/09/19/nightdragon-cyberknight/

NightDragon announced a new strategic partnership with CyberKnight to continue the international expansion capabilities of its portfolio companies and bring the latest CSSP innovations to customers in the Middle East, Turkey, Africa (META) and other regions. CyberKnight has rapidly grown into the largest pure-play cybersecurity VAD in the Middle East in just under four years. Through its strategic partner channel, it helps more than 500 enterprise and government customers implement leading solutions to simplify breach … More

The post NightDragon and CyberKnight strengthen cybersecurity in the Middle East, Turkey and Africa appeared first on Help Net Security.

"

Autosummary: Through its strategic partner channel, it helps more than 500 enterprise and government customers implement leading solutions to simplify breach detection, prevention, and incident response, as well as implement regulatory compliance, zero trust practices, critical infrastructure protection, artificial intelligence (AI), threat intelligence, and more. "


Industrial cybersecurity giant Dragos rakes in new funding, sets sights on global expansion

industry ciber
2023-09-18 https://www.helpnetsecurity.com/2023/09/18/darren-sankbeil-dragos-ics-ot-environments-cybersecurity/

Today, Dragos revealed that it has secured a $74 million Series D extension funding round, spearheaded by the strategic operating and investment firm WestCap. The funding extension comes when global governments and infrastructure providers increasingly acknowledge the critical role of industrial cybersecurity, necessitating enhanced focus on their ICS/OT settings. In an interview with Help Net Security, Darren Sankbeil, CFO of Dragos, discusses the significance of this investment for the firm amid the rising urgency to … More

The post Industrial cybersecurity giant Dragos rakes in new funding, sets sights on global expansion appeared first on Help Net Security.

"

Autosummary: In addition to our historically strong presence in the Electric, Oil & Gas, Water, and Federal Government sectors, we are seeing the Manufacturing, Food and Beverage, and Technology sectors increase in prominence as a percentage of our business. The Dragos Platform is technology built for practitioners by practitioners that arms industrial cybersecurity teams with the most up-to-date defensive tools, codified by our experts on the front lines every day hunting, combatting, and responding to advanced ICS threats.We launched the Dragos Global Partner Program this year, the only channel program to comprise OT cybersecurity technology, services, and threat intelligence as well as training. "


German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals

ciber
2023-09-18 https://securityaffairs.com/150999/hacking/liquefied-natural-gas-lng-terminals-cyber-attacks.html

The head of Germany’s foreign intelligence service warns of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. Bruno Kahl, the President of the Bundesnachrichtendienst intelligence service since 2016, warned of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. After the Russian invasion of Ukraine, the German government […]

The post German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals appeared first on Security Affairs.

"

Autosummary: "


10 tips to ace your cybersecurity job interview

ciber
2023-09-18 https://www.welivesecurity.com/en/we-live-progress/10-tips-ace-cybersecurity-job-interview/
Once you’ve made it past the initial screening process and secured that all-important interview, it’s time to seal the deal. These 10 tips will put you on the right track. "

Autosummary: What to expect Nailing the interview will likely require a combination of technical knowledge, problem-solving skills, and the ability to effectively communicate your expertise.An interview with someone senior in the company, possibly even a C-level executive, will come last, and is the time to prove you’re the right cultural fit and that you’re hungry for the role. 10 top tips for interview success ) Do your research This might sound obvious, but the first step is to understand the company you’re applying to join.You may want to tailor your preparation to the specific role you"re applying for, whether it"s a security analyst, penetration tester, or security engineer. "


Week in review: 17 free AWS cybersecurity courses, exploited Chrome zero-day

exploits ciber
2023-09-17 https://www.helpnetsecurity.com/2023/09/17/week-in-review-17-free-aws-cybersecurity-courses-exploited-chrome-zero-day/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The blueprint for a highly effective EASM solution In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that organizations can derive from implementing external attack surface management (EASM) solutions, the essential capabilities an EASM solution should possess, and how it deals with uncovering hidden systems. How should SMBs navigate the phishing minefield? In this Help … More

The post Week in review: 17 free AWS cybersecurity courses, exploited Chrome zero-day appeared first on Help Net Security.

"

Autosummary: Bruschetta-Board: Multi-protocol Swiss Army knife for hardware hackers Bruschetta-Board is a device for all hardware hackers looking for a fairly-priced all-in-one debugger and programmer that supports UART, JTAG, I2C & SPI protocols and allows to interact with different targets’ voltages (i.e., 1.8, 2.5, 3.3 and 5 Volts!).Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The blueprint for a highly effective EASM solution In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that organizations can derive from implementing external attack surface management (EASM) solutions, the essential capabilities an EASM solution should possess, and how it deals with uncovering hidden systems. "


Cybersecurity risks dampen corporate enthusiasm for tech investments

ciber
2023-09-15 https://www.helpnetsecurity.com/2023/09/15/cybersecurity-risks-innovative-tech-investments/

64% of IT leaders believe that cybersecurity concerns are negatively impacting their organization’s willingness to invest in innovative tech, according to a report by HPE Aruba Networking. This is perhaps unsurprising as 91% either consider emerging tech a danger or admit to having already experienced a breach because of it. But this comes at a time when IT leaders must be empowered to embrace innovation such as generative AI to accelerate business-critical transformation – something … More

The post Cybersecurity risks dampen corporate enthusiasm for tech investments appeared first on Help Net Security.

"

Autosummary: And IT leaders are investing accordingly – organizations are starting to press ahead with network-based security solutions including, Security Service Edge (SSE) or similar edge-to-cloud security (89%), policy-based network access control (88%), and Secure Access Service Edge (SASE) security (87%). "


Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

financial exploits ransomware ciber
2023-09-15 https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html
The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this "

Autosummary: "Because the ads look so legitimate, there is little doubt people will click on them and visit unsafe sites," Jérôme Segura, director of threat intelligence at Malwarebytes, said. "


How Cyberattacks Are Transforming Warfare

ciber
2023-09-13 https://thehackernews.com/2023/09/how-cyberattacks-are-transforming.html
There is a new battlefield. It is global and challenging to defend. What began with a high-profile incident back in 2007, when Estonia was hit by hackers targeting its government and commercial sector, has evolved into cyber warfare that is being waged constantly worldwide. Today, cyberattacks have become the norm, transforming how we think about war and international conflict as a whole.  From "

Autosummary: The Cyber Invasion of Ukraine On August 31, 2023, Five Eyes Agency — an intelligence alliance network composed of agencies from Australia, Canada, New Zealand, the United Kingdom, and the United States — issued a new report revealing that Russian state-sponsored hackers were using the infamous Chisel malware to target the Android devices of Ukrainian military personnel to collect and extract data.The list of countries that have accused China of cyberwarfare is lengthy and includes Australia, Canada, India, Japan, Taiwan, the Vatican, and the US." A New Digital World Order As complex as cyberwarfare can be, and as significant as its impacts are, the unfortunate truth is that for governments that are rich in resources, cyberwarfare is an increasingly easy-to-access weapon that they can leverage for their own interests. As Beijing"s geopolitical interest in Taiwan and the South China Sea increases, along with a display of military force, cyberattacks that include espionage, cyber theft, and the unethical transfer of technologies and knowledge are expected to escalate. "


Major cyberattack leaves MGM Resorts reeling

ciber
2023-09-12 https://www.malwarebytes.com/blog/personal/2023/09/major-cyberattack-leaves-mgm-resorts-reeling

Categories: News

Categories: Personal

Tags: MGM resorts

Tags: hotel

Tags: casino

Tags: attack

Tags: cyber

Tags: shutdown

MGM resorts has suffered a major cyberattack leading to shutdowns across the US.

(Read more...)

The post Major cyberattack leaves MGM Resorts reeling appeared first on Malwarebytes Labs.

"

Autosummary: Source: https://t.co/etNWW0S49y pic.twitter.com/ZgYkv1fD58 — Joe Tidy (@joetidy) September 12, 2023 Some systems are slowly coming back to life, but there’s no estimate for when full functionality will be restored.Meanwhile, BBC reporter Joe Tidy reports that slot machines and casino floors were left empty, and that physical room keys had to be distributed. "


MGM Resorts shuts down IT systems and slot machines go quiet following “cybersecurity incident”

ciber
2023-09-12 https://www.bitdefender.com/blog/hotforsecurity/mgm-resorts-shuts-down-it-systems-and-slot-machines-go-quiet-following-cybersecurity-incident/
Hotel and casino giant MGM Resorts has revealed that it is investigating a "cybersecurity incident" that has resulted in its website being taken offline, an outage of online booking systems, and even problems with slot machines. Read more in my article on the Hot for Security blog. "

Autosummary: "


Square: Last week’s outage was caused by DNS issue, not a cyberattack

ciber
2023-09-11 https://www.bleepingcomputer.com/news/technology/square-last-weeks-outage-was-caused-by-dns-issue-not-a-cyberattack/
Payment processing firm Square says a widespread outage that took down a large part of the company"s infrastructure last week was caused by a DNS issue. [...] "

Autosummary: "The outage impacted an important part of our infrastructure, known as a Domain Name System, or DNS," the company said today. "


MGM Resorts shuts down IT systems after cyberattack

ciber
2023-09-11 https://www.bleepingcomputer.com/news/security/mgm-resorts-shuts-down-it-systems-after-cyberattack/
MGM Resorts International disclosed today that it is dealing with a cybersecurity issue that impacted some of its systems, including its main website and online reservations. [...] "

Autosummary: The company confirmed the breach in 2020, after an archive with stolen data - including guests" names, dates of birth, email addresses, phone numbers, and physical addresses, was shared freely on a hacker forum. "


Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows

ciber
2023-09-11 https://thehackernews.com/2023/09/cybercriminals-using-powershell-to.html
A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz. "In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions of Nishang"s "

Autosummary: "


Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks

ciber
2023-09-09 https://thehackernews.com/2023/09/cybercriminals-weaponizing-legitimate.html
A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts and uses "

Autosummary: Cisco"s analysis of the DNS request data sent to the attacker"s infrastructure shows that the victimology footprint spans France and Switzerland, followed by sporadic infections in the U.S., Canada, Algeria, Sweden, Germany, Tunisia, Madagascar, Singapore, and Vietnam. "


North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

exploits ciber
2023-09-08 https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html
Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines. The findings come from Google’s Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like X (formerly Twitter) and Mastodon to forge "

Autosummary: "North Korean cyber threat actors pursue cyber operations aiming to (1) collect intelligence on the activities of the state"s perceived adversaries: South Korea, the United States, and Japan, (2) collect intelligence on other countries" military capabilities to improve their own, and (3) collect cryptocurrency funds for the state," Microsoft said. "


Cybersecurity pros battle discontent amid skills shortage

ciber
2023-09-07 https://www.helpnetsecurity.com/2023/09/07/cybersecurity-pros-discontent-skills-shortage/

The cybersecurity skills crisis continues in a multi-year freefall that has impacted 71% of organizations and left two-thirds of cybersecurity professionals stating that the job has become more difficult over the past two years—while 60% of organizations continue to deflect responsibility, according to a new report from ESG and ISSA. A career in cybersecurity is becoming more difficult in an increasingly challenging environment 66% of respondents believe that working as a cybersecurity professional has become … More

The post Cybersecurity pros battle discontent amid skills shortage appeared first on Help Net Security.

"

Autosummary: The global cybersecurity skills shortage continues unabated 71% of organizations report that the cybersecurity skills shortage has impacted them—a dramatic increase from 57% in the last study, leading to an increased workload for the cybersecurity team (61%), unfilled open job requisitions (49%), and high burnout among staff (43%), according to respondents. "


How cybercriminals use look-alike domains to impersonate brands

ciber
2023-09-07 https://www.helpnetsecurity.com/2023/09/07/cybercriminals-use-look-alike-domains-impersonate-brands-video/

Cybercriminals create hundreds of thousands of counterfeit domains that mimic well-known brands for financial gain. These fake domains serve multiple malicious purposes, such as sending phishing emails, hosting fraudulent websites, rerouting web traffic, and distributing malware. In this Help Net Security video, Eric George, Director of Solution Engineering at Fortra, discusses why brands should take domain impersonation threats seriously and how security teams can counteract this issue.

The post How cybercriminals use look-alike domains to impersonate brands appeared first on Help Net Security.

"

Autosummary: "


Mirai Botnet Variant "Pandora" Hijacks Android TVs for Cyberattacks

ciber
2023-09-07 https://thehackernews.com/2023/09/mirai-botnet-variant-pandora-hijacks.html
A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service (DDoS) attacks. Doctor Web said the compromises are likely to occur either during malicious firmware updates or when applications for viewing pirated video content are installed. "It is likely that this "

Autosummary: "


Ukraine"s CERT Thwarts APT28"s Cyberattack on Critical Energy Infrastructure

industry ciber
2023-09-06 https://thehackernews.com/2023/09/ukraines-cert-thwarts-apt28s.html
The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates the infection chain. “Visiting the link will download a ZIP archive containing three JPG images ( "

Autosummary: "Visiting the link will download a ZIP archive containing three JPG images (decoys) and a BAT file "weblinks.cmd" to the victim"s computer," CERT-UA said, attributing it to the Russian threat actor known as APT28 (aka BlueDelta, Fancy Bear, Forest Blizzard, or FROZENLAKE). "


Cybercriminals target MS SQL servers to deliver ransomware

exploits ransomware ciber
2023-09-06 https://www.helpnetsecurity.com/2023/09/06/ms-sql-cyberattack/

A cyberattack campaign is targeting exposed Microsoft SQL (MS SQL) databases, aiming to deliver ransomware and Cobalt Strike payloads. The attack campaign The attackers target exposed MS SQL servers by brute-forcing access credentials. After having successfully authenticated, they start enumerating the database. A (too often) enabled xp_cmdshell function also allows attackers to run shell commands on the host and launch several payloads. Attackers then: Create new users on the victim host Make registry changes to … More

The post Cybercriminals target MS SQL servers to deliver ransomware appeared first on Help Net Security.

"

Autosummary: MS SQL servers under attack Trustwave has recently deployed honeypot servers mimicking nine popular database systems – MS SQL Server, MySQL, Redis, MongoDB, PostgreSQL, Oracle DB, IBM DB2, Cassandra, and Couchbase – in key regions of the world, and quickly discovered that attack activity on MS SQL honeypots accounted for 93% of the total. "


How SMEs can use Wazuh to improve cybersecurity

ciber
2023-09-06 https://www.bleepingcomputer.com/news/security/how-smes-can-use-wazuh-to-improve-cybersecurity/
Cybersecurity has become a crucial concern for all businesses in today"s digital era. Learn from Wazuh on how small and medium-sized enterprises can use its open-source solution to improve their cybersecurity. [...] "

Autosummary: Wazuh is a free and open source security monitoring solution that provides unified XDR and SIEM capabilities for incident response, threat detection, file integrity monitoring, and compliance management. SMEs can easily extend their security capabilities by integrating Wazuh with other security technologies, such as security orchestrators, threat intelligence feeds, and incident management platforms. Enhanced threat detection and simplified incident response As a comprehensive SIEM and XDR solution, Wazuh provides advanced threat detection capabilities that empower organizations to monitor, detect and respond to potential threats to endpoints and data. "


University of Michigan requires password resets after cyberattack

ciber
2023-09-06 https://www.bleepingcomputer.com/news/security/university-of-michigan-requires-password-resets-after-cyberattack/
The University of Michigan (UMICH) warned staff and students on Tuesday that they"re required to reset their account passwords after a recent cyberattack. [...] "

Autosummary: "Everyone on the Ann Arbor, Flint, Dearborn, and Michigan Medicine campuses must change their passwords by Tuesday, September 12," the university"s ITS Service Center (ITS) also warns. "


6 free resources for getting started in cybersecurity

ciber
2023-09-05 https://www.helpnetsecurity.com/2023/09/05/free-resources-getting-started-in-cybersecurity/

Cybersecurity is not just a career field on the rise – it’s a calling that’s increasingly vital to the infrastructure of our world. But stepping into the universe of threat vectors and intrusion detection systems might sound like a journey for the tech elite. The reality, however, is far more inclusive. Multiple avenues and entry points into the field cater to diverse skills and experiences. Jobs in cybersecurity aren’t merely tech-centric roles but multidimensional positions … More

The post 6 free resources for getting started in cybersecurity appeared first on Help Net Security.

"

Autosummary: The NICE Framework is comprised of the following components: Categories (7) – A high-level grouping of common cybersecurity functions Specialty Areas (33) – Distinct areas of cybersecurity work Work Roles (52) – The most detailed groupings of cybersecurity work comprised of specific knowledge, skills, and abilities (KSAs) required to perform tasks in a Work Role W3Schools introductory course in cybersecurity This free course serves as a primer for the many different domains of cybersecurity. "


Key Cybersecurity Tools That Can Mitigate the Cost of a Breach

ciber
2023-09-05 https://thehackernews.com/2023/09/key-cybersecurity-tools-that-can.html
IBM"s 2023 installment of their annual "Cost of a Breach" report has thrown up some interesting trends. Of course, breaches being costly is no longer news at this stage! What’s interesting is the difference in how organizations respond to threats and which technologies are helping reduce the costs associated with every IT team’s nightmare scenario.  The average cost of a breach rose once again "

Autosummary: They also ranked among the top four costliest incident types ($4.76 million and $4.62 million) along with malicious insiders (at 6% but costing an average of $4.9 million) and business email compromise (at 9% with an average cost of $4.67 million). Our 2023 Cost of a Breach takeaway The takeaway of IBM"s 2023 Cost of a Breach report is clear: organizations with an understanding of where their vulnerabilities lie, accurate views of their attack surface, an effective incident response plan, and tools for dealing with compromised credentials will suffer fewer breaches.Additionally, 39% of breaches spanned multiple cloud environments (including public and private clouds), leading to a higher-than-average breach cost of $4.75 million. "


Coffee Meets Bagel says recent outage caused by destructive cyberattack

ciber
2023-09-05 https://www.bleepingcomputer.com/news/security/coffee-meets-bagel-says-recent-outage-caused-by-destructive-cyberattack/
The Coffee Meets Bagel dating platform confirms last week"s outage was caused by hackers breaching the company"s systems and deleting company data. [...] "

Autosummary: " At this time, Coffee Meets Bagel has not confirmed if the attack was ransomware that encrypted data, effectively making it unusable, or if the threat actors purposely deleted data to bring down the service. "


Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising

ciber
2023-09-04 https://thehackernews.com/2023/09/vietnamese-cybercriminals-targeting.html
Malicious actors associated with the Vietnamese cybercrime ecosystem are leveraging advertising-as-a-vector on social media platforms such as Meta-owned Facebook to distribute malware. “Threat actors have long used fraudulent ads as a vector to target victims with scams, malvertising, and more,” WithSecure researcher Mohammad Kazem Hassan Nejad said. “And with businesses now leveraging the reach "

Autosummary: "The Vietnamese-centric element of these threats and high degree of overlaps in terms of capabilities, infrastructure, and victimology suggests active working relationships between various threat actors, shared tooling and TTPs across these threat groups, or a fractured and service-oriented Vietnamese cybercriminal ecosystem (akin to ransomware-as-a-service model) centered around social media platforms such as Facebook," WithSecure said. An element that"s common to these groups is the abuse of URL shortener services, Telegram for command-and-control (C2), and legitimate cloud services like Trello, Discord, Dropbox, iCloud, OneDrive, and Mediafire to host the malicious payloads. "


Chinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S.

financial ciber
2023-09-04 https://thehackernews.com/2023/09/chinese-speaking-cybercriminals-launch.html
A new large-scale smishing campaign is targeting the U.S. by sending iMessages from compromised Apple iCloud accounts with an aim to conduct identity theft and financial fraud. “The Chinese-speaking threat actors behind this campaign are operating a package-tracking text scam sent via iMessage to collect personally identifying information (PII) and payment credentials from victims, in the "

Autosummary: These kits impersonate popular postal and delivery services in the U.S, the U.K, Poland, Sweden, Italy, Indonesia, Malaysia, Japan, and other countries. "


Championing cybersecurity regulatory affairs with Nidhi Gani

ciber
2023-09-03 https://www.helpnetsecurity.com/2023/09/03/nidhi-gani-cybersecurity-regulatory-affairs/

Nidhi Gani is a seasoned regulatory affairs professional with over a decade of experience in cybersecurity, medical devices, and digital health. She’s worked with devices ranging from heart and lung machines to rehabilitation devices. Nidhi works at Embecta as a Regulatory Affairs Software and Cybersecurity and is a Cybersecurity Fellow at the Archimedes Center for Health Care and Medical Device Cybersecurity at Northeastern University. She joined the Left to Our Own Devices podcast to share … More

The post Championing cybersecurity regulatory affairs with Nidhi Gani appeared first on Help Net Security.

"

Autosummary: Looking beyond the United States to how other countries are working on their own measures, Nidhi said: “I think most countries and continents are following suit and producing their own cybersecurity regulations and AI SMD regulations because technology has been moving forward after the pandemic, or rather, it has accelerated the growth by at least a decade, and the regulators are catching up and they’re doing a good job.” Regulatory Affairs as a strategic partner In the earlier years of her career, before the FDA’s Pre-Market guidelines for cybersecurity, the cooperation between teams and regulatory affairs professionals was challenging. Nidhi leans on the strength of Product Security Management Systems, where vulnerabilities, risks, and other security-related challenges can be discovered and managed. "


Week in review: 11 search engines for cybersecurity research, PoC for RCE in Juniper firewall released

ciber
2023-09-03 https://www.helpnetsecurity.com/2023/09/03/week-in-review-11-search-engines-for-cybersecurity-research-poc-for-rce-in-juniper-firewall-released/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Adapting authentication to a cloud-centric landscape In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies. What makes a good ASM solution stand out In this Help Net Security … More

The post Week in review: 11 search engines for cybersecurity research, PoC for RCE in Juniper firewall released appeared first on Help Net Security.

"

Autosummary: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Adapting authentication to a cloud-centric landscape In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies. What true diversity in the cybersecurity industry looks like In this Help Net Security video, Larry Whiteside, Jr., CISO at RegScale and President of Cyversity, discusses how, now more than ever, the cybersecurity industry needs the diversity of thought to address the increasingly complex and technology-driven challenges organizations face. "


Cybercriminals use research contests to create new attack methods

ciber
2023-09-01 https://www.helpnetsecurity.com/2023/09/01/cybercriminal-forums-contests/

Adversary-sponsored research contests on cybercriminal forums focus on new methods of attack and evasion, according to Sophos. The contests mirror legitimate security conference ‘Call For Papers’ and provide the winners considerable financial rewards and recognition from peers and also potential jobs. As outlined in Sophos X-Ops latest report these contests are designed to drive innovation, and when analyzed, the entries provide invaluable insight into how cybercriminals attempt to overcome security obstacles. The evolution of criminal … More

The post Cybercriminals use research contests to create new attack methods appeared first on Help Net Security.

"

Autosummary: Latest trends in cyber competitions Sophos X-Ops explored two prominent annual contests: one run by the Russian-language cybercrime forum Exploit, offering a total prize fund of $80,000 to the winner of its contest in 2021, and another run on the XSS forum, with a prize pool of $40,000 in 2022. "


Numbers Don"t Lie: Exposing the Harsh Truths of Cyberattacks in New Report

ciber
2023-08-31 https://thehackernews.com/2023/08/numbers-dont-lie-exposing-harsh-truths.html
How often do cyberattacks happen? How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat Research and Intelligence Team recently analyzed 90 days of real-world data to answer these questions. Full results are in the latest BlackBerry Global Threat Intelligence Report, but read on for a teaser of several interesting cyber attack statistics. "

Autosummary: 90 Days of Cyberattacks Based on analysis of cyberattacks detected and blocked during the 90-day window, the BlackBerry Threat Research and Intelligence Team recorded the following statistics: Total number of malware-based attacks: 1,578,733 Number of unique attacks (using previously undetected malware): 200,454 attacks (using previously undetected malware): Average number of cyberattacks per day: 17,280 Average number of cyberattacks per hour: 720 Average number of attacks per minute: 12 Average number of new malware variants per minute: 1.5 The latest report also analyzes changes in the velocity of cyberattacks detected during this period. The most-targeted industries during the study period included: Financial institutions Healthcare services and equipment, including hospitals, clinics, and medical devices Food and staples retailers, including supermarkets, drugstores, and companies that sell food products to other businesses The report found these vertical industries accounted for 60% of the overall number of attacks. "


Japan’s cybersecurity agency admits it was hacked for months

ciber
2023-08-30 https://www.bitdefender.com/blog/hotforsecurity/japans-cybersecurity-agency-admits-it-was-hacked-for-months/
Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), the agency responsible for the nation"s defences against cyber attacks, has itself been hacked. Read more in my article on the Hot for Security blog. "

Autosummary: Error. "


Is the cybersecurity community’s obsession with compliance counter-productive?

ciber
2023-08-29 https://www.helpnetsecurity.com/2023/08/29/compliance-standards/

Does anyone think the chances of surviving a plane crash increase if our tray tables are locked and our carry-on bags are completely stowed under our seats? That we’ll be OK if the plane hits a mountain if we have our seat belts buckled securely across our waists? Not even the flight attendants, who will be responsible for throwing us off the plane if we don’t comply, really believe those rituals make us safer. And … More

The post Is the cybersecurity community’s obsession with compliance counter-productive? appeared first on Help Net Security.

"

Autosummary: To wit: Manager Information Security and Compliance, Manager, Security and Compliance Advisory, Senior Manager Internal Controls and Compliance, Sr. Manager – IT Security & Compliance (among others). Premera Blue Cross (HIPAA) CareFirst BCBS (HIPAA) SolarWinds (NIST CSF) This is, of course, not an exhaustive list. "


11 search engines for cybersecurity research you can use right now

ciber
2023-08-29 https://www.helpnetsecurity.com/2023/08/29/search-engines-cybersecurity-research/

Staying ahead in cybersecurity requires constant learning and adaptation. If you’re interested in cybersecurity research, explore the resources outlined below. DNSdumpster DNSdumpster is a free domain research tool that can discover hosts related to a domain. Finding visible hosts from the attackers’ perspective is an important part of the security assessment process. Exploit Database Exploit Database is a CVE-compliant archive of public exploits and corresponding vulnerable software developed for use by penetration testers and vulnerability … More

The post 11 search engines for cybersecurity research you can use right now appeared first on Help Net Security.

"

Autosummary: Intelligence X Intelligence X differentiates itself from other search engines: The search works with selectors, i.e. specific search terms such as email addresses, domains, URLs, IPs, CIDRs, Bitcoin addresses, IPFS hashes, etc. Netlas Netlas offers a collection of internet intelligence apps that provide accurate technical information on IP addresses, domain names, websites, web applications, IoT devices, and other online assets. "


University of Michigan shuts down network after cyberattack

ciber
2023-08-29 https://www.bleepingcomputer.com/news/security/university-of-michigan-shuts-down-network-after-cyberattack/
The University of Michigan has taken all of its systems and services offline to deal with a cybersecurity incident, causing a widespread impact on online services the night before classes started. [...] "

Autosummary: Zoom, Adobe Cloud, Dropbox, Slack, Google, Canvas, and Adobe Cloud services have been restored and can be accessed from outside networks, although their availability is unstable due to overload. "


LogRhythm and Cimcor collaborate to enhance cyberattack protection for organizations

ciber
2023-08-29 https://www.helpnetsecurity.com/2023/08/29/logrhythm-cimcor/

LogRhythm and Cimcor have joined forces to help organizations around the globe increase visibility and protect against modern cyberattacks. This partnership leverages LogRhythm’s comprehensive security information and event management (SIEM) platform and Cimcor’s file integrity monitoring (FIM) solution, CimTrak. LogRhythm’s integration with CimTrak allows LogRhythm to ingest integrity data that can identify zero-day attacks, ransomware activity, and configuration vulnerabilities. These issues can then be addressed either manually or automatically by reverting to any of the … More

The post LogRhythm and Cimcor collaborate to enhance cyberattack protection for organizations appeared first on Help Net Security.

"

Autosummary: CimTrak works across multiple operating systems and device types, managing files, directories, configurations, users, groups, policies, active directories, database schemas, cloud configurations, hypervisors, containers, network devices, ports, and more. "


What true diversity in the cybersecurity industry looks like

industry ciber
2023-08-28 https://www.helpnetsecurity.com/2023/08/28/diversity-cybersecurity-industry-video/

In this Help Net Security video, Larry Whiteside, Jr., CISO at RegScale and President of Cyversity, discusses how, now more than ever, the cybersecurity industry needs the diversity of thought to address the increasingly complex and technology-driven challenges organizations face.

The post What true diversity in the cybersecurity industry looks like appeared first on Help Net Security.

"

Autosummary: "


Cyberattacks Targeting E-commerce Applications

ciber
2023-08-28 https://thehackernews.com/2023/08/cyberattacks-targeting-e-commerce.html
Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing and ongoing monitoring are necessary to fully protect web applications, identifying weaknesses so they can be "

Autosummary: 8 Areas of Vulnerability Testing Web Application-Based Vulnerability Assessment API-Based Vulnerability Assessment Network-Based Vulnerability Assessment Host-Based Vulnerability Assessment Physical Vulnerability Assessment Wireless Network Vulnerability Assessment Cloud-Based Vulnerability Assessment Social Engineering Vulnerability Assessment The 6 Phases of Vulnerability Assessment Methodology Determine critical and high-risk assets Perform a vulnerability assessment Conduct vulnerability analysis and risk assessment Remediate any vulnerability - E.G., applying security patches or fixing configuration issues. The Importance of E-commerce Application Security Testing E-commerce application security testing is essential to protect the personal and financial information of everyone linked to the application, including customers, dealers, and vendors. The 2023 Honda E-commerce Platform Attack Honda"s power equipment, lawn, garden, and marine products commerce platform contained an API flaw that enabled anyone to request a password reset for any account. In this article, we will discuss the recent Honda e-commerce platform attack, how it happened, and its impact on the business and its clients. "


Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege

exploits ciber
2023-08-28 https://thehackernews.com/2023/08/experts-uncover-how-cybercriminals.html
Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. "An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens," Secureworks Counter Threat Unit ( "

Autosummary: "


Cybersecurity insurance is missing the risk

ciber
2023-08-25 https://www.helpnetsecurity.com/2023/08/25/cyber-insurance-industry/

Cybersecurity insurance is a rapidly growing market, swelling from approximately $13B in 2022 to an estimated $84B in 2030 (26% CAGR), but insurers are struggling with quantifying the potential risks of offering this type of insurance. The traditional actuary models do not apply well to an environment where highly motivated, creative, and intelligent attackers are dynamically pursuing actions that cause insurable events. Accurate estimation of losses is key to determining customer premiums. But even after … More

The post Cybersecurity insurance is missing the risk appeared first on Help Net Security.

"

Autosummary: At maximum, they want a 70% loss ratio to cover their payouts and expenses and, according to the National Association of Insurance Commissioners Report on the Cyber Insurance Market in 2021, nearly half of the top 20 insurers, representing 83% of the market, failed to achieve the desired loss ratio.As part of that continuous exercise, there are opportunities to apply best practices to the insurance model to identify the most relevant aspects that include defensive postures (technology, behaviors, and processes) and understanding the relevant threat actors (targets, capabilities, and methods) to determine the residual risks. "


Unrealistic expectations exacerbate the cybersecurity talent shortage

ciber
2023-08-25 https://www.helpnetsecurity.com/2023/08/25/cybersecurity-talent-shortage-expectations/

Consumers believe today’s cybersecurity talent shortage is in large part due to limited exposure to the profession and a lack of cybersecurity education and training at a younger age within school systems, according to ThreatX. 90% of consumers polled say they have concerns about the future of cybersecurity if more isn’t done at an earlier stage to expose students to the field, and 62% agree that if they or their child had more established education … More

The post Unrealistic expectations exacerbate the cybersecurity talent shortage appeared first on Help Net Security.

"

Autosummary: “With more than 3.4 million cybersecurity jobs still open worldwide, the cybersecurity industry is in desperate need of professionals, but at the same time, it’s still hard to get into the industry – both due to the unrealistic expectations of practitioners hiring today, but also in part due to limited exposure early on showcasing what’s available in this field, as our survey results have found,” said Gene Fay, CEO at ThreatX. “To close the cybersecurity talent gap, security vendors and education systems will need to partner to create more opportunities from mentorship and learning in schools, to considering more diverse candidates who might not meet today’s rigid degree requirements,” Fay continued. "


How the downmarket impacted enterprise cybersecurity budgets

ciber
2023-08-23 https://www.helpnetsecurity.com/2023/08/23/enterprise-cybersecurity-budgets-video/

Belts have tightened, and that ROI and cost reduction are now driving CISO decision-making more than ever. In this Help Net Security video, Sara Behar, Content Manager at YL Ventures, discusses how enterprise cybersecurity budgets have been impacted by the downmarket and how vendors can adapt.

The post How the downmarket impacted enterprise cybersecurity budgets appeared first on Help Net Security.

"

Autosummary: "


Anticipating the next wave of IoT cybersecurity challenges

industry ciber
2023-08-23 https://www.helpnetsecurity.com/2023/08/23/roland-atoui-red-alert-labs-interconnected-iot-environment/

In this Help Net Security interview, Roland Atoui, Managing Director at Red Alert Labs, discusses the intricacies of transitioning from isolated IoT setups to interconnected environments, examining the broadening attack surface and the nuanced complexities this evolution imposes. Atoui also delves into the urgency for standardization, the threat of cascade failures, and the blurred lines of accountability among stakeholders. Given the transition from siloed IoT devices to interconnected IoT environments, what are the main challenges … More

The post Anticipating the next wave of IoT cybersecurity challenges appeared first on Help Net Security.

"

Autosummary: This layered scrutiny reinforces the collective resilience of the entire IoT environement, addressing the multifaceted challenges of interoperability, security, and installation, and ultimately setting a benchmark in cybersecurity excellence.In this Help Net Security interview, Roland Atoui, Managing Director at Red Alert Labs, discusses the intricacies of transitioning from isolated IoT setups to interconnected environments, examining the broadening attack surface and the nuanced complexities this evolution imposes. A comprehensive understanding of the interaction between hardware, software, and human actors helps in creating a coherent, unified security strategy. "


Cybercriminals turn to AI to bypass modern email security measures

ciber
2023-08-23 https://www.helpnetsecurity.com/2023/08/23/ai-enabled-email-threats/

Cybercriminals employ artificial intelligence (AI) to create complex email threats like phishing and business email compromise (BEC) attacks, while modern email security systems use AI to counter these attacks, according to Perception Point and Osterman Research. AI’s role in email security The new study reveals a substantial shift in the perception of AI’s role in email security. Cybercriminals have shown rapid adoption of AI tools to their favor with 91.1% of organizations reporting that they … More

The post Cybercriminals turn to AI to bypass modern email security measures appeared first on Help Net Security.

"

Autosummary: AI-powered security is not just for email: Buyers of AI-enabled email security want the ability to better protect other communication and collaboration apps, such as Microsoft Teams, SharePoint, OneDrive, Zoom, and Slack, Salesforce, and more, with AI. "


Lapsus$ teen hackers convicted of high-profile cyberattacks

ciber
2023-08-23 https://www.bleepingcomputer.com/news/security/lapsus-teen-hackers-convicted-of-high-profile-cyberattacks/
A London jury has found that an 18-year-old member of the Lapsus$ data extortion gang helped hack multiple high-profile companies, stole data from them, and demanded a ransom threatening to leak the information. [...] "

Autosummary: High-profile organizations impacted by Lapsus$ also include Microsoft, Cisco, Okta, Nvidia, T-Mobile, Samsung, Vodafone, Ubisoft, 2K, and Globant. "


CISOs Tout SaaS Cybersecurity Confidence, But 79% Admit to SaaS Incidents, New Report Finds

ciber
2023-08-22 https://thehackernews.com/2023/08/cisos-tout-saas-cybersecurity.html
A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cybersecurity. Over 600 IT, cybersecurity, and business leaders at "

Autosummary: Lack of SaaS Compliance Monitoring Presents Further Risk to Organizations Operating in Advanced Economies Global Compliance Requirements Image courtesy of AppOmni Maintaining compliance with regional and international regulations such as GDPR, HIPAA, CCPA, APPI, and industry-specific standards also proved challenging for the research study participants.With a cohort based in North America (U.S.), Europe (UK, France, and Germany), and APAC (Japan and Australia), abiding by legislation that carries stiff fines and consequences for noncompliance should be a top cybersecurity priority." SaaS Cybersecurity Incidents in the Last 12 Months (June 2023) Image courtesy of AppOmni The SaaS Footprint, and its Corresponding Risk, is Grossly Underestimated Critical operations in both SMBs and the enterprise increasingly rely on cloud and SaaS infrastructure. Misreading the SaaS Cyber Threat Model While SaaS-to-SaaS (sometimes called third-party integrations or third-party apps) connections are a boon to productivity, they"re a bane to security. A properly resourced SaaS cybersecurity program will reduce the risk of SaaS-related data breaches, scale SaaS cybersecurity as organizational usage grows, automate compliance and risk reporting, and realize cost savings and operational efficiencies across the SaaS estate.For example: When asked to rate the SaaS cybersecurity maturity level of their organizations, 71% noted that their organizations" SaaS cybersecurity maturity has achieved either a mid-high level (43%) or the highest level (28%). "


14 Suspected Cybercriminals Arrested Across Africa in Coordinated Crackdown

ciber
2023-08-18 https://thehackernews.com/2023/08/14-suspected-cybercriminals-arrested.html
A coordinated law enforcement operation across 25 African countries has led to the arrest of 14 suspected cybercriminals, INTERPOL announced Friday. The exercise, conducted in partnership with AFRIPOL, enabled investigators to identify 20,674 cyber networks that were linked to financial losses of more than $40 million. "The four-month Africa Cyber Surge II operation was launched in April 2023 "

Autosummary: "


Interpol arrests 14 suspected cybercriminals for stealing $40 million

ciber
2023-08-18 https://www.bleepingcomputer.com/news/security/interpol-arrests-14-suspected-cybercriminals-for-stealing-40-million/
An international law enforcement operation led by Interpol has led to the arrest of 14 suspected cybercriminals in an operation codenamed "Africa Cyber Surge II," launched in April 2023. [...] "

Autosummary: Specifically, Interpol"s and its partners" investigation, whose findings served as the guidance for "Africa Cyber Surge II" include the following: 3,786 malicious command and control servers 14,134 victim IPs linked to data stealer cases 1,415 phishing links and domains 939 scam IPs Over 400 other malicious URLs, IPs, and botnets Group-IB, one of Interpol"s partners in collecting intelligence from cybercrime originating from African regions, today stated that it provided the law enforcement authorities with over a thousand indicators related to malicious infrastructure in the continent. "


Cleaning Products manufacturer Clorox Company took some systems offline after a cyberattack

industry ciber
2023-08-17 https://securityaffairs.com/149585/cyber-crime/clorox-company-cyber-attack.html

Cleaning products manufacturer Clorox Company announced that it has taken some systems offline in response to a cyberattack. The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various household and professional cleaning, health, and personal care products. The cleaning product giant announced it was the victim of […]

The post Cleaning Products manufacturer Clorox Company took some systems offline after a cyberattack appeared first on Security Affairs.

"

Autosummary: "


Alarming lack of cybersecurity practices on world’s most popular websites

ciber
2023-08-17 https://securityaffairs.com/149607/security/alarming-lack-cybersecurity-popular-websites.html

The world’s most popular websites lack basic cybersecurity hygiene, an investigation by Cybernews shows. Do you happen to love exploring DIY ideas on Pinterest? Scrolling through IMDB to pick the next movie to watch? Or simply scrolling through Facebook to see what your friends and enemies have been up to? The Cybernews research team has […]

The post Alarming lack of cybersecurity practices on world’s most popular websites appeared first on Security Affairs.

"

Autosummary: Why does any of this matter Give a look at the original post at: Original post at: https://cybernews.com/security/most-popular-websites-cyber-hygiene/ About the author: Jurgita Lapienytė, Chief Editor at CyberNews Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, popular websites) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On As per our researchers, the most common attacks include: Phishing Cross-site scripting (XSS) Man-in-the-middle (MITM) attacks that usually occur on free public wifi or other open networks “Security headers are important security layers. "


SEC cybersecurity rules shape the future of incident management

ciber
2023-08-16 https://www.helpnetsecurity.com/2023/08/16/sec-cybersecurity-rules-video/

The SEC adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules requiring foreign private issuers to make comparable disclosures. In this Help Net Security video, Doug Barbin, President and National Managing Principal at Schellman, shares his perspective on what this means for enterprises moving forward. To accomplish the requirements of the … More

The post SEC cybersecurity rules shape the future of incident management appeared first on Help Net Security.

"

Autosummary: "


Passwordless is more than a buzzword among cybersecurity pros

ciber
2023-08-16 https://www.helpnetsecurity.com/2023/08/16/passwords-evolving-passwordless/

Password security remains highly relevant even as cybersecurity strategies move toward a passwordless future. Of the 100 Black Hat USA 2023 attendees Delinea polled, 54% said passwordless is a viable concept, while 79% agreed that passwords are evolving or becoming obsolete. When asked how they protect their passwords, most attendees surveyed indicated they use an additional authentication method to secure their credentials and identity. 73% use some form of multi-factor authentication (MFA), 57% specifically indicated … More

The post Passwordless is more than a buzzword among cybersecurity pros appeared first on Help Net Security.

"

Autosummary: "


Stellar Cyber and OCI partner to offer expanded cybersecurity capabilities

ciber
2023-08-16 https://www.helpnetsecurity.com/2023/08/16/stellar-cyber-oci/

Stellar Cyber has unveiled that the Stellar Cyber Open XDR platform is available on Oracle Cloud Infrastructure (OCI) to help users manage their security operations. Joint customers of Oracle and Stellar Cyber can expect to reduce cyber risk and improve security analyst efficiency and effectiveness. “We find that OCI is a user-friendly platform, which correlates directly to our commitment to making security operations simpler,” said Andrew Homer, VP of Strategic Alliances for Stellar Cyber. “We … More

The post Stellar Cyber and OCI partner to offer expanded cybersecurity capabilities appeared first on Help Net Security.

"

Autosummary: "


Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn

financial ciber
2023-08-15 https://thehackernews.com/2023/08/cybercriminals-abusing-cloudflare-r2.html
Threat actors" use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. "The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said. Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and "

Autosummary: "


PCMag ranks Malwarebytes #1 cybersecurity vendor

exploits ciber
2023-08-15 https://www.malwarebytes.com/blog/business/2023/08/pcmag-ranks-malwarebytes-1-cybersecurity-vendor

Categories: Business

PCMag readers named Malwarebytes the #1 most-recommended security software vendor in its list of Best Tech Brands for 2023. 

(Read more...)

The post PCMag ranks Malwarebytes #1 cybersecurity vendor appeared first on Malwarebytes Labs.

"

Autosummary: Award-winning EDR Solution Malwarebytes EDR has been recognized for having the Best Support, being Easiest to Do Business With, having the Easiest Admin, being the Easiest to Use, Most Implementable, and the Easiest to Set Up.- Dennis Davis, IT Systems Manager, Drummond Try Malwarebytes for Business today Most of all, we appreciate the trust and support of our customers in making Malwarebytes the #1 cybersecurity solution for IT teams and MSPs. "


How manufacturers can navigate cybersecurity regulations amid NIST 2.0

industry ciber
2023-08-14 https://www.helpnetsecurity.com/2023/08/14/cybersecurity-regulations-nist-2-0-video/

The National Institute of Standards and Technology (NIST) released a discussion draft for possible Cybersecurity Framework (CSF) changes earlier this year. The proposed changes aim to help increase the CSF’s clarity and bring the updated version closer to national and international cybersecurity standards and practices. In this Help Net Security video, Ahmik Hindman, Sr. Network & Security Solution Consultant at Rockwell Automation, discusses the evolving cybersecurity landscape and what the new cybersecurity framework could mean … More

The post How manufacturers can navigate cybersecurity regulations amid NIST 2.0 appeared first on Help Net Security.

"

Autosummary: "


Week in review: 8 free cybersecurity docus, vulnerable Intel Core processors, Black Hat USA 2023

ciber
2023-08-13 https://www.helpnetsecurity.com/2023/08/13/week-in-review-8-free-cybersecurity-docus-vulnerable-intel-core-processors-black-hat-usa-2023/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Zoom CISO Michael Adams discusses cybersecurity threats, solutions, and the future In this Help Net Security interview, we delve into the world of cybersecurity with Michael Adams, the CISO at Zoom. Adams analyzes how organizations grapple with the effects of workforce shortages and remote work complications, offering insights into best practices for safeguarding products and services in this challenging era. … More

The post Week in review: 8 free cybersecurity docus, vulnerable Intel Core processors, Black Hat USA 2023 appeared first on Help Net Security.

"

Autosummary: New infosec products of the week: August 11, 2023 Here’s a look at the most interesting products from the past week, featuring releases from Adaptive Shield, LastPass, NetSPI, Solvo, ThreatConnect, and Vicarius Downfall attacks can gather passwords, encryption keys from Intel processors A variety of Intel Core processors and the devices using them are vulnerable to “Downfall”, a new class of attacks made possible by CVE-2022-40982, which enables attackers to access and steal sensitive data such as passwords, encryption keys, and private data from other users on the same personal or cloud computer. "


Cybersecurity as a global, multi-sector activity with Mihoko Matsubara

ciber
2023-08-11 https://www.helpnetsecurity.com/2023/08/11/mihoko-matsubara-cybersecurity-activity-podcast/

Like many leaders in the cybersecurity space, the professional journey of Mihoko Matsubara did not necessarily begin with securing devices or technology. However, once she discovered it, she was hooked. Discussing her career path with the Left to Our Own Devices podcast and how it opened her eyes to a world of security, Mihoko explained how she went from curiosity to university in Washington, D.C., became a Senior Security Analyst at Hitachi, then VP Public … More

The post Cybersecurity as a global, multi-sector activity with Mihoko Matsubara appeared first on Help Net Security.

"

Autosummary: Discussing her career path with the Left to Our Own Devices podcast and how it opened her eyes to a world of security, Mihoko explained how she went from curiosity to university in Washington, D.C., became a Senior Security Analyst at Hitachi, then VP Public Sector Chief Security Officer at Palo Alto, and to her current position as the Chief Cybersecurity Strategist at NTT Japan.Everybody, including the central government, local government, big companies, academia saw it as a wakeup call,” said Mihoko. "


Will AI kill cybersecurity jobs?

ciber
2023-08-10 https://www.helpnetsecurity.com/2023/08/10/cybersecurity-jobs-demand/

Some ten years ago, the authors of The Second Machine Age wrote that “computers and other digital advances are doing for mental power—the ability to use our brains to understand and shape our environments—what the steam engine and its descendants did for muscle power.” Many physical jobs were lost to machines, and according to the authors computers and IT technology were going to do the same to jobs that require cognitive skills. Should cybersecurity practitioners … More

The post Will AI kill cybersecurity jobs? appeared first on Help Net Security.

"

Autosummary: In 1980, senior management of Wells Fargo predicted that due to growth in electronic transactions, the number of bank branches will shrink dramatically, whilst the remaining branches would have “few, if any, support staff members”; and by 1984 more than 40% of US households owned ATM cards.And indeed, according to the AI in Medical Imaging Market report, during the period of 2021–2030, the global market for AI in medical imaging is expected to grow at a CAGR of 36.87%, from an estimated $1.24 billion in 2021 to an estimated $20.9 billion. "


Learning from past healthcare breaches to fortify future cybersecurity strategies

ciber
2023-08-10 https://www.helpnetsecurity.com/2023/08/10/shenny-sheth-healthcare-cyber-risks/

In the face of rising cyber threats, the healthcare sector has become a hotbed for cyberattacks. Given the gravity of this situation, we sat down with Shenny Sheth, Deputy CISO at Centura Health, who sheds light on the contributing factors making healthcare organizations vulnerable, the role of legacy IT systems, common network monitoring mistakes, patterns in data breaches, and the financial implications of these attacks. This conversation also delves into the complexities of partnerships and … More

The post Learning from past healthcare breaches to fortify future cybersecurity strategies appeared first on Help Net Security.

"

Autosummary: As Centura Health does, US-based organizations could stave from non-compliance with laws, regulations or ethical standards, including conflict of interest, resulting in censure from regulators, litigations, and/or adverse impacts by adopting proper compliance framework, such as The HITRUST Common Security Framework (HITRUST CSF) that provides structure for practices, accountabilities and sufficiently resourced cybersecurity program to serves to data confidentiality and privacy obligations.In light with that learning, healthcare organizations must: (1) Embrace plans to shift away from unsupported (or end-of-life) software in service of critical infrastructure and national critical functions (NCF), and (2) move to password-less, multi-factor, multi-device vouching services to deter malicious Initial Access or Remote Code Execution (RCE) to prevent entry into the critical infrastructure and NCF space. "


Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

financial ciber
2023-08-10 https://thehackernews.com/2023/08/cybercriminals-increasingly-using.html
Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of organizations "

Autosummary: EvilProxy was first documented by Resecurity in September 2022, detailing its ability to compromise user accounts associated with Apple iCloud, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex, among others. "


Lookout SAIL improves efficiency for cybersecurity professionals

ciber
2023-08-10 https://www.helpnetsecurity.com/2023/08/10/lookout-sail/

Lookout launched Lookout SAIL, a new generative artificial intelligence (gen AI) assistant that will reshape the way cybersecurity professionals interact with Lookout Mobile Endpoint Security and Lookout Cloud Security solutions and conduct cybersecurity analysis and data protection. In the rapidly evolving landscape of cybersecurity, companies are engaged in an ongoing battle against cyber criminals who are constantly innovating new tactics. As cyber threats become increasingly sophisticated, every organization faces challenges such as a growing skills … More

The post Lookout SAIL improves efficiency for cybersecurity professionals appeared first on Help Net Security.

"

Autosummary: It’s the start of a journey that fundamentally transforms how people interact with systems and information, touching everything from onboarding to training, as well as cybersecurity tasks like administration, policy creation, incident response, and threat hunting,” said Aaron Cockerill, Chief Strategy Officer, Lookout. "


Why cybersecurity is a blue-collar job

ciber
2023-08-09 https://www.helpnetsecurity.com/2023/08/09/cybersecurity-talent-pool/

Cybersecurity has witnessed exponential growth in recent years, fueled by the increasing sophistication of cyber threats. As the demand for skilled professionals continues to surge, traditional approaches to education and job requirements are being challenged. In this article, I will explore the paradigm shift in the cybersecurity industry toward embracing practical expertise and hands-on experience over a formal college degree. I will examine the reasons behind this shift and its benefits for aspiring cybersecurity professionals … More

The post Why cybersecurity is a blue-collar job appeared first on Help Net Security.

"

Autosummary: Not to say they ever were, but the days of expecting candidates to possess a wide range of skills, such as network security experience, system security administration, application design, and forensics are no longer realistic. By shifting our focus toward practical skills and hands-on experience, we can recognize the accessibility of coding, engineering, and cybersecurity training beyond the confines of traditional college degrees. "


Using creative recruitment strategies to tackle the cybersecurity skills shortage

ciber
2023-08-09 https://www.helpnetsecurity.com/2023/08/09/jon-check-cybersecurity-career-talent/

With the increasing complexity of cyber threats and the global shortage of cybersecurity experts, organizations are looking for creative approaches to recruiting and retaining top talent. In this Help Net Security interview, Jon Check, Executive Director of Cybersecurity Protection Solutions at Raytheon, sheds light on the significance of internships and apprenticeships in nurturing the next generation of cyber defenders. How do internships and apprenticeships contribute to bridging the theoretical and practical divide in the cybersecurity … More

The post Using creative recruitment strategies to tackle the cybersecurity skills shortage appeared first on Help Net Security.

"

Autosummary: This can include cyber competitions that enable students to gain hands-on experience, test their skills, network, and connect with mentors, laying a critical foundation to prepare themselves for a career in cyber (i.e., National Collegiate Cyber Defense Competition and US Cyber Games). Leaders must first reframe their mindset around what makes a qualified cyber defender, beyond checking specific boxes (i.e., specific degrees from prestigious colleges) and extending it to focus on soft skills, including critical thinking, problem-solving, and public speaking. "


Cloudflare Tunnel increasingly abused by cybercriminals

ciber
2023-08-09 https://www.malwarebytes.com/blog/news/2023/08/cloudflare-tunnel-increasingly-abused-by-cybercriminals

Categories: News

Tags: Cloudflare Tunnel

Tags: cloudflared

Tags: rdp

Tags: hxxps

Tags: smb

Tags: ssh

Researchers have found that cybercriminals are shifting to Cloudflare Tunnel to hide and anonymize their nefarious activities.

(Read more...)

The post Cloudflare Tunnel increasingly abused by cybercriminals appeared first on Malwarebytes Labs.

"

Autosummary: Cloudflare Tunnel, also known by its executable name, Cloudflared, reaches out to the Cloudflare Edge Servers by creating an outbound connection over HTTPS(HTTP2/QUIC), where the tunnel’s controller makes services or private networks accessible via Cloudflare console configuration changes.It’s used to allow external sources to directly access important services, including SSH (Secure Shell), RDP (Remote Desktop Protocol), SMB (server Message Block), and others.Once you"ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again. "


XDR Alliance unveils open-source API specifications to improve cybersecurity for customers

ciber
2023-08-08 https://www.helpnetsecurity.com/2023/08/08/xdr-alliance-api-specifications/

The XDR Alliance released a new set of open-source API specifications that help leading cybersecurity vendors collaborate and integrate their technology solutions. As a result, end user customer organizations worldwide can rationalize their disparate and previously siloed cybersecurity solutions, enabling them to more easily operationalize broader coverage for threat detection, investigation, and response (TDIR) use cases. Customers can extract more value from their existing technology tools and avoid proprietary approaches from portfolio vendors. On average, … More

The post XDR Alliance unveils open-source API specifications to improve cybersecurity for customers appeared first on Help Net Security.

"

Autosummary: The APIs have been developed in collaboration with member organizations earning domain expertise across endpoint, network, cloud, identity, email security, security analytics, security log management, SIEM, and more to provide the most in-depth security coverage for organizations. “In cybersecurity, the network is a key source of truth, shining a light on all traffic: malicious, mundane, and everything in between,” said Phil Shigo, VP, Business Development, ExtraHop. "


Zoom CISO Michael Adams discusses cybersecurity threats, solutions, and the future

ciber
2023-08-07 https://www.helpnetsecurity.com/2023/08/07/michael-adams-zoom-ciso-cybersecurity/

In this Help Net Security interview, we delve into the world of cybersecurity with Michael Adams, the CISO at Zoom. Adams analyzes how organizations grapple with the effects of workforce shortages and remote work complications, offering insights into best practices for safeguarding products and services in this challenging era. As a result of the Great Resignation, many organizations are dealing with workforce shortages and the challenges of remote work. Can you elaborate on how these … More

The post Zoom CISO Michael Adams discusses cybersecurity threats, solutions, and the future appeared first on Help Net Security.

"

Autosummary: As with any emerging threat vector, organizations need to have solid defenses in place, including anti-phishing software, MFA, and endpoint detection. For companies seeking to address a workforce shortage, it’s crucial to invest in automated threat detection systems, adopt flexible yet secure technologies, and encourage continuous learning among existing staff. "


Budget constraints threaten cybersecurity in government bodies

government ciber
2023-08-07 https://www.helpnetsecurity.com/2023/08/07/government-services-cyberattacks/

Government organizations are attractive targets for threat actors whose motivations may be geopolitical, financial, or disruption, according to BlackBerry. Because threat actors may include private individuals, small groups, or state-sponsored APT groups (which use APT tactics), government organizations must defend against a wide range of threats. Governments and public services under cyberattacks With limited resources and often immature cyber defense programs, these publicly funded organizations are struggling against the double-pronged threat of attacks from both … More

The post Budget constraints threaten cybersecurity in government bodies appeared first on Help Net Security.

"

Autosummary: "


8 free cybersecurity documentaries you can watch right now

ciber
2023-08-07 https://www.helpnetsecurity.com/2023/08/07/free-cybersecurity-documentaries/

The line between physical and digital safety continues to blur, making cybersecurity a universal concern. The intricacies of cybersecurity can often feel esoteric, leaving many outside the industry feeling daunted. However, with increasing resources becoming available, getting a handle on cybersecurity is more attainable than ever before. Here’s a list of eight free cybersecurity documentaries that shine a light on cybercrime and the digital defense industry. A hacker shares his biggest fears (2021) A white … More

The post 8 free cybersecurity documentaries you can watch right now appeared first on Help Net Security.

"

Autosummary: Look behind the cheerful veneer of social media, communication apps, and platforms that have made our lives easier and more connected, and you’ll find criminals using the same apps and platforms to run illicit and dangerous activities. "


The direct impact of cyberattacks on patient safety and care delivery

ciber
2023-08-04 https://www.helpnetsecurity.com/2023/08/04/omar-sangurima-healthcare-organizations-cybersecurity-challenges/

As the healthcare industry continues its rapid transformation through the adoption of digital technologies, it is also confronted with an ever-expanding range of cybersecurity threats. In this Help Net Security interview, Dr. Omar Sangurima, Principal Technical Program Manager at Memorial Sloan Kettering Cancer Center, discusses the impact of cyberattacks on patient safety and care delivery, emphasizing how disruptions to critical healthcare services can harm patients and even lead to life-threatening situations. Can you discuss the … More

The post The direct impact of cyberattacks on patient safety and care delivery appeared first on Help Net Security.

"

Autosummary: For example, when a healthcare organization is hit with a cyberattack, the attackers may gain access to sensitive patient data, including personal information, medical histories, and even financial information. In this Help Net Security interview, Dr. Omar Sangurima, Principal Technical Program Manager at Memorial Sloan Kettering Cancer Center, discusses the impact of cyberattacks on patient safety and care delivery, emphasizing how disruptions to critical healthcare services can harm patients and even lead to life-threatening situations. In a word, visibility, or lack thereof, leads to a lack of control over the organization’s security environment, making it challenging to identify and respond to threats in a timely manner.However, these are sadly exceedingly rare, and what we are left with in most cases are instances where there was absolutely something an organization could have done to mitigate a breach, or at the very least, lessen the impact when one occurred. "


Major Cybersecurity Agencies Collaborate to Unveil 2022"s Most Exploited Vulnerabilities

exploits ciber
2023-08-04 https://thehackernews.com/2023/08/major-cybersecurity-agencies.html
A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022. "In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems," cybersecurity and intelligence agencies from the Five "

Autosummary: "


A cyberattack impacted operations of multiple hospitals in several US states

government ciber
2023-08-04 https://securityaffairs.com/149181/hacking/cyberattack-impacted-multiple-us-hospitals.html

A cyberattack has disrupted the computer systems of multiple hospitals in several states, with a severe impact on their operations. Some emergency rooms in multiple hospitals in several states were forced to close and ambulances were diverted due to a cyberattack against their networks. The cyberattack hit hospitals operated by Prospect Medical Holdings, which are […]

The post A cyberattack impacted operations of multiple hospitals in several US states appeared first on Security Affairs.

"

Autosummary: Officials confirmed that a malware infected some systems of the hospital’s IT infrastructure Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Hospitals) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "


Google’s AI Red Team: Advancing cybersecurity on the AI frontier

ciber
2023-08-03 https://www.helpnetsecurity.com/2023/08/03/daniel-fabian-google-ai-red-team/

With the rise of ML, traditional red teams tasked with probing and exposing security vulnerabilities found themselves facing a new set of challenges that required a deep and comprehensive understanding of machine learning. Google’s recent announcement about the formation of a dedicated AI Red Ream has raised curiosity and interest within the tech community. In this Help Net Security interview, Daniel Fabian, Head of Google Red Teams, shares insights into the significance of his team, … More

The post Google’s AI Red Team: Advancing cybersecurity on the AI frontier appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Daniel Fabian, Head of Google Red Teams, shares insights into the significance of his team, the challenges they face, and the impact they are making in securing AI-driven technologies. At the beginning of an exercise, the AI red team sets up a scenario, describing who the simulated attacker is, what their capabilities are, and what goals they would like to achieve. "


Microsoft Flags Growing Cybersecurity Concerns for Major Sporting Events

ciber
2023-08-03 https://thehackernews.com/2023/08/microsoft-flags-growing-cybersecurity.html
Microsoft is warning of the threat malicious cyber actors pose to stadium operations, warning that the cyber risk surface of live sporting events is "rapidly expanding." "Information on athletic performance, competitive advantage, and personal information is a lucrative target," the company said in a Cyber Signals report shared with The Hacker News. "Sports teams, major league and global "

Autosummary: "


Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers

government ciber
2023-08-02 https://thehackernews.com/2023/08/iranian-company-cloudzy-accused-of.html
Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. "Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S. sanctions – under the direction of someone  going by the name Hassan Nozari," Halcyon said in a "

Autosummary: "


The gap in users’ identity security knowledge gives cybercriminals an opening

ciber
2023-08-01 https://www.helpnetsecurity.com/2023/08/01/identity-security-knowledge/

With exponential growth in the number of human and machine actors on the network and more sophisticated technology in more places, identity in this new era is rapidly becoming a super-human problem, according to RSA. Paradoxically, even in this world where AI can dynamically assess risks and automate responses to threats, humans will have an even more important and strategic role in cybersecurity and identity security. The report found significant gaps in respondents’ knowledge concerning … More

The post The gap in users’ identity security knowledge gives cybercriminals an opening appeared first on Help Net Security.

"

Autosummary: “The RSA’s report reveals why identity is one of the most susceptible ways for cybercriminals to breach an organization—users simply don’t understand identity’s full cybersecurity role, the risks that identity poses, or the ways to use identity to build safer organizations,” said RSA CEO Rohit Ghai. "


Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan

financial exploits ciber
2023-08-01 https://thehackernews.com/2023/08/cybercriminals-renting-wikiloader-to.html
Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware called Ursnif (aka Gozi). "It is a sophisticated downloader with the objective of installing a second malware payload," Proofpoint said in a technical report. "The malware uses multiple mechanisms to evade "

Autosummary: "


Cybercriminals train AI chatbots for phishing, malware attacks

financial exploits ciber
2023-08-01 https://www.bleepingcomputer.com/news/security/cybercriminals-train-ai-chatbots-for-phishing-malware-attacks/
In the wake of WormGPT, a ChatGPT clone trained on malware-focused data, a new generative artificial intelligence hacking tool called FraudGPT has emerged, and at least another one is under development that is allegedly based on Google"s AI experiment, Bard. [...] "

Autosummary: FraudGPT promoted on hacker forum (SlashNext) Next-gen cybercrime chatbots An investigation from researchers at cybersecurity company SlashNext, reveals that CanadianKingpin12 is actively training new chatbots using unrestricted data sets sourced from the dark web or basing them on sophisticated large language models developed for fighting cybercrime. "


Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches

financial exploits ciber
2023-07-28 https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html
Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw that occurs when an "

Autosummary: The study found that "Valid Accounts were the most common successful attack technique, responsible for 54% of successful attempts," followed by spear-phishing links (33.8%), spear-phishing attachments (3.3%), external remote services (2.9%), and drive-by compromises (1.9%). "


Cryptojacking soars as cyberattacks increase, diversify

ciber
2023-07-27 https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/

Digital threat actors are adopting evolving tactical behaviors, opting for different types of malicious attacks compared to previous years, according to SonicWall. Overall intrusion attempts were up, led by the highest year on record for global cryptojacking volume recorded by SonicWall, as threat actors shifted away from traditional ransomware attacks in favor of a stealthier means of malicious activities. The data suggests increased law enforcement activity, heavy sanctions and victims’ refusal to pay ransom demands … More

The post Cryptojacking soars as cyberattacks increase, diversify appeared first on Help Net Security.

"

Autosummary: Despite the decline in global ransomware attempts (-41%), a variety of other attacks have trended up globally, including cryptojacking (+399%), IoT malware (+37%) and encrypted threats (+22%). SonicWall identified a total of 172,146 never-before-seen malware variants in the first half of 2023, which is down (-36%) year-over-year, suggesting bad actors are spending less time on research and development, and more time on volume-based attacks – utilising open-source tools that may be less likely to be intercepted. "


SEC requires firms to report cyberattacks within 4 days, but not everyone may like it

ciber
2023-07-27 https://www.tripwire.com/state-of-security/sec-requires-reporting-cyberattacks-within-4-days-not-everyone-may-it
New rules requiring publicly-listed firms to disclose serious cybersecurity incidents within four days have been adopted by the US Securities and Exchange Commission (SEC). The tough new rules, although undoubtedly well-intentioned, are likely to leave some firms angry that they being "micromanaged" and - it is argued - could even assist attackers. Read more in my article on the Tripwire State of Security blog. "

Autosummary: From December 2023, listed firms are required to report details about "material" cyberattacks describing "the incident"s nature, scope, and timing, as well as its material impact or reasonably likely material impact on the registrant. "


Heart monitor manufacturer hit by cyberattack, takes systems offline

industry ciber
2023-07-27 https://www.bitdefender.com/blog/hotforsecurity/heart-monitor-manufacturer-hit-by-cyberattack-takes-systems-offline/
CardioComm, a Canadian company which provides heart-monitoring technology to hospitals and consumers, has revealed that it has been forced to take its systems offline following a cyberattack. Read more in my article on the Hot for Security blog. "

Autosummary: Error. "


Overcoming the cybersecurity talent shortage with upskilling initiatives

ciber
2023-07-26 https://www.helpnetsecurity.com/2023/07/26/lindsey-polley-de-lopez-cybersecurity-upskilling-initiatives/

In this Help Net Security interview, Dr. Lindsey Polley de Lopez, Director of Cyber & Space Intelligence at MACH37, proposes strategies for companies, educational institutions, and governments on how to address the ongoing shortage of cybersecurity talent through the introduction of upskilling initiatives. She also discusses creating a more diverse and inclusive talent pool capable of addressing complex problems in unconventional ways due to differing experiences. We hear a lot about the need for upskilling … More

The post Overcoming the cybersecurity talent shortage with upskilling initiatives appeared first on Help Net Security.

"

Autosummary: And for government employees, federal contractors, and US military service members, check out the Department of Homeland Security’s (DHS) FedVTE Program (which offers free online courses on topics like on topics such as ethical hacking and surveillance, risk management and malware analysis), as well as the USO & Skillsoft Partnership (which offers active duty members, spouses, and veterans unlimited access to a library of training and certification tools; sign-up via the USO Pathfinder Transition Program).At the federal level, the Cybersecurity and Infrastructure Security Agency’s (CISA) has a “Cybersecurity Workforce Training Guide” that helps early-career professionals plan a career pathway in cybersecurity, as well as a Cybersecurity Education and Training Assistance Program (CETAP) that helps teachers bring cybersecurity education into K–12 classrooms by providing worksheets, lesson plans, and notes that cover foundational concepts. When looking at the commercial sector, there are far too many initiatives to list, but a few key ones to be aware of include Microsoft’s national upskilling campaign (which includes free curriculum for community colleges – as well as free training for their professors – and Microsoft’s Cybersecurity Scholarship Program), the new Cyber Million Program launched this month by Accenture and Immersive Labs (which aims to fill 1 million entry-level cybersecurity jobs by offering free online courses), and free cybersecurity courses provided through Palo Alto Network’s Beacon platform.There are many efforts worldwide, including WOMCY (a nonprofit focused on growing opportunity for women in cybersecurity in Latin America), Women4Cyber (a foundation working to promote and support the participation of women in cybersecurity in Europe), Women in Cyber Mentorship Program (a program under the United Nations International When it comes to the consequences of the cybersecurity labor shortage, how does it impact company growth? "


SEC now requires companies to disclose cyberattacks in 4 days

ciber
2023-07-26 https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/
The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they"re material incidents. [...] "

Autosummary: "I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. "


SEC adopts new cybersecurity incident disclosure rules for companies

ciber
2023-07-26 https://www.helpnetsecurity.com/2023/07/26/sec-cybersecurity-incident-disclosure-rules/

The Securities and Exchange Commission (SEC) today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules requiring foreign private issuers to make comparable disclosures. “Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” said SEC … More

The post SEC adopts new cybersecurity incident disclosure rules for companies appeared first on Help Net Security.

"

Autosummary: The new rules also add Regulation S-K Item 106, which will require registrants to describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats, as well as the material effects or reasonably likely material effects of risks from cybersecurity threats and previous cybersecurity incidents. "


Following claims by two ransomware groups, Yamaha confirms cyberattack

exploits ransomware ciber
2023-07-26 https://www.bitdefender.com/blog/hotforsecurity/following-claims-by-two-ransomware-groups-yamaha-confirms-cyberattack/
Yamaha Corporation, the world"s largest producer of musical equipment, has confirmed that has suffered a "cybersecurity incident" during which hackers gained unauthorised access to its systems, and stole data. Read more in my article on the Hot for Security blog. "

Autosummary: Error. "


Panorays unveils cybersecurity enhancements for supply chains

ciber
2023-07-25 https://www.helpnetsecurity.com/2023/07/25/panorays-supply-chain-discovery/

Panorays announced two capabilities – Supply Chain Discovery and Risk Insights and Response Portal. These new additions empower organizations to gain comprehensive visibility into their digital supply chains and effectively manage potential cybersecurity risks posed by third, fourth, and Nth party vendors. To address the growing risks of digital supply chains, originating from vendors beyond immediate third parties, Panorays is releasing its Supply Chain Discovery solution. This tool automates the identification of a company’s digital … More

The post Panorays unveils cybersecurity enhancements for supply chains appeared first on Help Net Security.

"

Autosummary: "


How MDR Helps Solve the Cybersecurity Talent Gap

ciber
2023-07-25 https://thehackernews.com/2023/07/how-mdr-helps-solve-cybersecurity.html
How do you overcome today"s talent gap in cybersecurity? This is a crucial issue — particularly when you find executive leadership or the board asking pointed questions about your security team"s ability to defend the organization against new and current threats. This is why many security leaders find themselves turning to managed security services like MDR (managed detection and response), "

Autosummary: BlackBerry MDR The defining characteristics of the BlackBerry® MDR service, CylanceGUARD®, are best expressed in terms of its people, process, and technology.He manages people, strategy, roadmaps, and go-to-market for P&L business, delivering new technologies and user experiences across enterprise and consumer products.Additionally, he built and developed product management, marketing, and business operations teams, overseeing 3 to 15 direct staff and indirectly influencing over 30 to 400+ R&D staff. "


Bridging the cybersecurity skills gap through cyber range training

ciber
2023-07-24 https://www.helpnetsecurity.com/2023/07/24/debbie-gordon-cyber-range-training/

In this Help Net Security interview, Debbie Gordon, CEO of Cloud Range explains the concept of a cyber range, its crucial role in preparing for real-world cyber threats, and the importance of realism in cyber training scenarios. Gordon also discusses how cyber ranges facilitate the identification of vulnerabilities and provides advice on maximizing the benefits of cyber range training. Finally, she talks about the resources needed for a robust cyber range environment and the future … More

The post Bridging the cybersecurity skills gap through cyber range training appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Debbie Gordon, CEO of Cloud Range explains the concept of a cyber range, its crucial role in preparing for real-world cyber threats, and the importance of realism in cyber training scenarios. Alternatively, most organizations are opting for a cyber range-as-a-service platform which will take care of all the management and facilitation for you, including range customization, scenario development, and administration.A quality platform can be customized to use different SIEMs, firewalls, EDRs, IDSs, and more, so the team is using the same tools they use every day.Furthermore, scenarios should map to the NICE Framework, adjusting as necessary for each organization, to guarantee that everyone thoroughly understands the knowledge, skills, and abilities (or competencies) required for their role.That’s why CISOs, VPs, and security leaders are prioritizing finding individuals with forward-thinking abilities such as problem-solving, leadership, and agility. "


CISOs are making cybersecurity a business problem

ciber
2023-07-21 https://www.helpnetsecurity.com/2023/07/21/enterprises-growing-cybersecurity-threats/

U.S. enterprises are responding to growing cybersecurity threats by working to make the best use of tools and services to ensure business resilience, according to ISG. Enterprises face growing cybersecurity threats The report for the U.S. finds that the U.S. security landscape changed significantly in 2022, with breaches declining in number but increasing in size and the federal government tightening compliance rules. Many organizations began to improve visibility and risk management to better protect themselves … More

The post CISOs are making cybersecurity a business problem appeared first on Help Net Security.

"

Autosummary: "


Why data travel is healthcare’s next big cybersecurity challenge

ciber
2023-07-20 https://www.helpnetsecurity.com/2023/07/20/healthcare-data-travel-cybersecurity-challenge/

Do you know where your patients’ data lives once it’s in the cloud? Unfortunately, for many healthcare organizations, the answer is no – or, at least, it’s not a definitive yes. Knowing how (or where) data is used, shared or stored is essential to ensuring organizational security and patient privacy. Yet, as digital transformation makes data more “liquid”, it’s becoming a larger challenge. Here’s why data travel is the next big cybersecurity challenge — and … More

The post Why data travel is healthcare’s next big cybersecurity challenge appeared first on Help Net Security.

"

Autosummary: Strategies for managing data travel Here are a few of the most important strategies organizations can utilize to effectively manage and monitor data travel: Data mapping : To gain a comprehensive view of how data moves within and outside your organization, data mapping is key. : Encrypting your data, whether it’s in transit or at rest, provides an additional layer of security, ensuring that even if data falls into the wrong hands, it remains unreadable without the correct decryption key. "


Cybersecurity measures SMBs should implement

ciber
2023-07-19 https://www.helpnetsecurity.com/2023/07/19/smbs-cybersecurity-controls/

Small and medium-sized businesses (SMBs) are targeted by cyberattackers as much as large companies, the 2023 Verizon Data Breach Investigations Report (DBIR) has revealed; here are some cybersecurity controls they should prioritize. Company size does not matter to cyber attackers SMBs often underestimate their appeal as a potential target. They assume they are “little fish” not worth the attackers’ effort and that their data holds little value. But that’s not true: their systems store sensitive … More

The post Cybersecurity measures SMBs should implement appeared first on Help Net Security.

"

Autosummary: Once essential cyber hygiene is achieved with those and after a company begins moving closer to the larger end of the SMB scale and has more resources available, it’s time to add other security controls: Incident response management – Establish and sustain an incident response program for prompt attack response – Establish and sustain an incident response program for prompt attack response Application software security – Identify and address vulnerabilities in internally developed, hosted, or acquired software to prevent potential harm to the company – Identify and address vulnerabilities in internally developed, hosted, or acquired software to prevent potential harm to the company Penetration testing – Test the efficacy and resilience of enterprise assets and implemented controls by simulating attackers’ actions “Now that you’ve already looked at the Controls and prioritized them, you know what you’re most likely to be hit with and you’re working your way through to the end—your ducks are almost all in a row. "


U.S. Cyber Trust Mark labeling program raises the bar for smart devices’ cybersecurity

ciber
2023-07-19 https://www.helpnetsecurity.com/2023/07/19/u-s-cyber-trust-mark/

The Biden-Harris Administration has announced a cybersecurity certification and labeling program to help Americans more easily choose smart devices that are safer and less vulnerable to cyberattacks. The new “U.S. Cyber Trust Mark” program proposed by FCC Chairwoman Jessica Rosenworcel would raise the bar for cybersecurity across common devices, including smart refrigerators, smart microwaves, smart televisions, smart climate control systems, smart fitness trackers, and more. Several major electronics, appliance, and consumer product manufacturers, retailers, and … More

The post U.S. Cyber Trust Mark labeling program raises the bar for smart devices’ cybersecurity appeared first on Help Net Security.

"

Autosummary: Participants in this announcement include: Amazon, Best Buy, Carnegie Mellon University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, Infineon, the Information Technology Industry Council, IoXT, KeySight, LG Electronics U.S.A., Logitech, OpenPolicy, Qorvo, Qualcomm, Samsung Electronics, UL Solutions, Yale and August U.S. "


Healthcare organizations in the crosshairs of cyberattackers

ciber
2023-07-18 https://www.helpnetsecurity.com/2023/07/18/healthcare-organizations-cyber-threats/

In an era where cyber threats continue to evolve, healthcare organizations are increasingly targeted by malicious actors employing multiple attack vectors, according to Trustwave. In its new research, Trustwave SpiderLabs has documented the attack flow utilized by threat groups, shedding light on their tactics, techniques, and procedures. From phishing emails to exploiting known vulnerabilities and compromising third-party vendors, these persistent threats pose significant risks to the healthcare industry. Healthcare industry bears heavier financial burden While … More

The post Healthcare organizations in the crosshairs of cyberattackers appeared first on Help Net Security.

"

Autosummary: Threat actors and threat tactics Threat actors: LockBit 3.0 ALPHV/BlackCat Clop DMA Locker Royal Babuk Magniber Black Basta RansomHouse Threat tactics: “Protecting the supply chain and maintaining business continuity are critical considerations across most industries, but healthcare cyber leaders encounter distinct challenges in safeguarding patient well-being, maintaining quality of care, and enabling healthcare professionals to leverage cutting-edge digital technologies to perform at the highest level,” said Trustwave CISO Kory Daniels. "


Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

exploits ciber
2023-07-18 https://thehackernews.com/2023/07/cybercriminals-exploiting-woocommerce.html
Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an "

Autosummary: "Large-scale attacks against the vulnerability, assigned CVE-2023-28121, began on Thursday, July 14, 2023 and continued over the weekend, peaking at 1.3 million attacks against 157,000 sites on Saturday, July 16, 2023," Wordfence security researcher Ram Gall said in a Monday post. "


Seed Group and Resecurity collaborate to reshape Middle East’s cybersecurity landscape

ciber
2023-07-18 https://www.helpnetsecurity.com/2023/07/18/seed-group-resecurity/

Aiming to protect the digital ecosystem in the UAE and the Mena region, Seed Group, has announced a strategic partnership with Resecurity. With this strategic partnership, Seed Group and Resecurity are set to reshape the cybersecurity landscape in the Middle East, empowering organisations with advanced tools and techniques to proactively combat emerging threats in an increasingly digital world. The collaboration between Seed Group and Resecurity aims to equip regional businesses with the latest cybersecurity solutions, … More

The post Seed Group and Resecurity collaborate to reshape Middle East’s cybersecurity landscape appeared first on Help Net Security.

"

Autosummary: "


Go Beyond the Headlines for Deeper Dives into the Cybercriminal Underground

ciber
2023-07-18 https://thehackernews.com/2023/07/go-beyond-headlines-for-deeper-dives.html
Discover stories about threat actors’ latest tactics, techniques, and procedures from Cybersixgill’s threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web. Stolen ChatGPT "

Autosummary: What should companies do to protect employees and critical assets from the unintended risks posed by ChatGPT? Click here to read more Pro-Russian hacktivists attack Microsoft platforms, threaten European banking system A highly active pro-Russian hacktivist group knocked offline multiple Microsoft platforms, demanding US$1M dollars to halt the attacks, echoing the collective"s strategy in a recent Distributed-Denial-of-Service (DDoS) incident targeting Scandinavian Airlines.Ultimately, threat actors could leverage CVE-2023-20887 to access networks and inject malicious commands into Aria Operations for Networks, which could lead to data theft, data corruption, or even complete system compromise. "


Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware

exploits ransomware ciber
2023-07-18 https://www.bleepingcomputer.com/news/security/cybersecurity-firm-sophos-impersonated-by-new-sophosencrypt-ransomware/
Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation. [...] "

Autosummary: Files encrypted by the SophosEncrypt Source: BleepingComputer In each folder that a file is encrypted, the ransomware will create a ransom note named information.hta, which is automatically launched when the encryption is finished. "


Growing a 15,000 strong automotive cybersecurity group with John Heldreth

industry ciber
2023-07-17 https://www.helpnetsecurity.com/2023/07/17/automotive-cybersecurity-john-heldreth/

The furry in which the automotive community pried, prodded, and eventually outsmarted existing functions that are software-driven is nothing short of horrifying. While it seemed like automotive cybersecurity would never outpace these modern laptop-wielding gearheads, John Heldreth, Head of Car Security Operations at Volkswagen AG, had a different idea. Instead of trying to find solutions in a siloed manner, the automotive industry should have a place to collaborate, network, and take action against the rise … More

The post Growing a 15,000 strong automotive cybersecurity group with John Heldreth appeared first on Help Net Security.

"

Autosummary: “For me this means bringing all of those different systems together into a centralized place where you can organize, identify by time or by product, by asset, and so on, so that you can understand the full picture,” said John. While it seemed like automotive cybersecurity would never outpace these modern laptop-wielding gearheads, John Heldreth, Head of Car Security Operations at Volkswagen AG, had a different idea.“What we’re trying to do, of course, is to reduce any risk to our customers,” said John.Instead of trying to find solutions in a siloed manner, the automotive industry should have a place to collaborate, network, and take action against the rise in cyber threats targeted at their vehicles. "


Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware

exploits ciber
2023-07-17 https://thehackernews.com/2023/07/cybercriminals-exploit-microsoft-word.html
Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems. "LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher Cara Lin said. "It primarily targets Windows systems and aims to gather sensitive information from "

Autosummary: "LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher Cara Lin said. "


Week in review: Malware delivery via Microsoft Teams, law firms under cyberattack, CVSS 4.0 is out

exploits ciber
2023-07-16 https://www.helpnetsecurity.com/2023/07/16/week-in-review-malware-delivery-via-microsoft-teams-law-firms-under-cyberattack-cvss-4-0-is-out/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: CISO perspective on why boards don’t fully grasp cyber attack risks In this Help Net Security interview, David Christensen, CISO of PlanSource, proposes strategies to understand and acknowledge the broader organizational and strategic implications of cybersecurity risk management, strategy, and governance. How Google Cloud’s AML AI redefines the fight against money laundering In this Help Net Security interview, Anna Knizhnik, … More

The post Week in review: Malware delivery via Microsoft Teams, law firms under cyberattack, CVSS 4.0 is out appeared first on Help Net Security.

"

Autosummary: How Google Cloud’s AML AI redefines the fight against money laundering In this Help Net Security interview, Anna Knizhnik, Director, Product Management, Cloud AI, Financial Services, at Google Cloud, explains how Google Cloud’s AML AI outperforms current systems, lowers operational costs, enhances governance, and improves the customer experience by reducing false positives and minimizing compliance verification checks. "


WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks

ciber
2023-07-15 https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html
With generative artificial intelligence (AI) becoming all the rage these days, it"s perhaps not surprising that the technology has been repurposed by malicious actors to their own advantage, enabling avenues for accelerated cybercrime. According to findings from SlashNext, a new generative AI cybercrime tool called WormGPT has been advertised on underground forums as a way for adversaries to "

Autosummary: Join Today Making matters worse, threat actors are promoting "jailbreaks" for ChatGPT, engineering specialized prompts and inputs that are designed to manipulate the tool into generating output that could involve disclosing sensitive information, producing inappropriate content, and executing harmful code. "


White House publishes National Cybersecurity Strategy Implementation Plan

ciber
2023-07-13 https://www.helpnetsecurity.com/2023/07/13/national-cybersecurity-strategy-implementation-plan-published/

The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace: Ensuring that the biggest, most capable, and best-positioned entities – in the public and private sectors – assume a greater share of the burden for mitigating cyber risk Increasing incentives to favor long-term investments into cybersecurity Today, the Administration is announcing a roadmap to realize this vision. It is taking … More

The post White House publishes National Cybersecurity Strategy Implementation Plan appeared first on Help Net Security.

"

Autosummary: A complementary initiative, led by CISA, will include offering resources such as training, cybersecurity services, technical assessments, pre-attack planning, and incident response to high-risk targets of ransomware, like hospitals and schools, to make them less likely to be affected and to reduce the scale and duration of impacts if they are attacked.The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace: Ensuring that the biggest, most capable, and best-positioned entities – in the public and private sectors – assume a greater share of the burden for mitigating cyber risk Increasing incentives to favor long-term investments into cybersecurity Today, the Administration is announcing a roadmap to realize this vision. "


Cyberattacks through Browser Extensions – the Importance of MFA

ciber
2023-07-13 https://www.bleepingcomputer.com/news/security/cyberattacks-through-browser-extensions-the-importance-of-mfa/
More and more attacks are occurring via browser extensions or user-profile installations of tools. Learn more about these attacks from Specops Software and what you can do to protect yourself. [...] "

Autosummary: Multiple identify services such as SMS, Email, Fingerprint Readers, Trusted Network Locations, Manager Verification, Dua, Okta, Symantec VIP, Microsoft & Google Authenticator, Google, Facebook, Twitter, Twitter, and more. Mitigating Attacks with Specops uReset Using tools like Specops uReset, which leverages multiple weighted factors to ensure that only the correct user can reset a password, provides a secure and fast method for a helpdesk to quickly take control of a bad situation. "


Cybersecurity pro charged with $9 million cryptocurrency exchange hack

ciber
2023-07-13 https://www.bitdefender.com/blog/hotforsecurity/cybersecurity-pro-charged-with-9-million-cryptocurrency-exchange-hack/
A computer security engineer has been charged in connection with a multi-million dollar hack of a cryptocurrency exchange. Read more in my article on the Hot for Security blog. "

Autosummary: Error. "


Free entry-level cybersecurity training and certification exam

ciber
2023-07-12 https://www.helpnetsecurity.com/2023/07/12/certified-in-cybersecurity-guide/

The Ultimate Guide to Certified in Cybersecurity (CC) covers everything you need to know about the entry-level credential recognized by organizations worldwide. Inside, learn how CC starts you on your path to advanced cybersecurity certification and how to access free Official (ISC)² Online Self-Paced Training and one free CC exam. As cyberthreats continue to escalate worldwide, the need for security experts is at an all-time high. Yet talent is scarce. Research shows the cybersecurity workforce … More

The post Free entry-level cybersecurity training and certification exam appeared first on Help Net Security.

"

Autosummary: "


DirectDefense partners with SCADAfence to strengthen industrial cybersecurity

industry ciber
2023-07-12 https://www.helpnetsecurity.com/2023/07/12/directdefense-scadafence/

DirectDefense announced its partnership with SCADAfence to enhance industrial cybersecurity and safeguard OT Networks in the era of IIoT. The SCADAfence Platform enables critical infrastructure and manufacturing organizations with complex Operational Technology (OT) networks to embrace the benefits of the Industrial Internet of Things (IIoT) by reducing cyber risks and mitigating operational threats. With the rise of the IIoT, OT devices are becoming more interconnected, allowing for enhanced automation and remote monitoring. While these technologies … More

The post DirectDefense partners with SCADAfence to strengthen industrial cybersecurity appeared first on Help Net Security.

"

Autosummary: By leveraging advanced algorithms, machine learning, and AI, it automatically discovers assets, detects anomalies, and identifies security risks that can compromise the availability and reliability of OT networks. "


Cybersecurity best practices while working in the summer

ciber
2023-07-11 https://www.helpnetsecurity.com/2023/07/11/cybersecurity-best-practices-while-working-in-the-summer-video/

IT teams need help to monitor and enforce BYOD policies during summer months when more employees often travel or work remotely. In this Help Net Security video, Jeremy Ventura, Director, Security Strategy & Field CISO at ThreatX, discusses how employees increasingly rely on personal devices to access corporate data during the summer, which could open the door to cyber criminals seeking to penetrate corporate networks.

The post Cybersecurity best practices while working in the summer appeared first on Help Net Security.

"

Autosummary: "


Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud

ciber
2023-07-11 https://securityaffairs.com/148341/cyber-crime/antidetect-tooling-mobile-fraud.html

Resecurity identified the emergence of adversarial mobile Android-based Antidetect Tooling for Mobile OS-Based Fraud. Resecurity has identified the emergence of adversarial mobile Android-based tools (called “mobile anti-detects”), like Enclave and McFly, as a new frontier in fraud tradecraft evolution. These tools are used by criminals involved in online-banking theft to impersonate compromised account holders and […]

The post Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud appeared first on Security Affairs.

"

Autosummary: This report from Resecurity includes a comprehensive list of the top PC-based antidetect kits, such as AntBrowser, Lalicat, Aezakmi, ClonBrowser, MultiLogin, Sphere, GoLogin, Incognition, VMMask, Dolphin{anty}, VMLogin, IndigoBrowser, SessionBox, Octo Browser, MoreLogin, Undetectable, LinkenSphere, and Kameleo. "


Law firms under cyberattack

ciber
2023-07-10 https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/

In April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised. The attack was claimed by the Russian-linked ALPHV/Blackcat ransomware group “Earlier this month, the group published 1.1TB of the data it claimed to have stolen, later established to be 3.6TB worth of data,” Guardian Australia reported. Throughout January and February of 2023, eSentire, deflected 10 … More

The post Law firms under cyberattack appeared first on Help Net Security.

"

Autosummary: Password attacks are also frequent among law firms, primarily attributed to security vulnerabilities such as password reuse, weak passwords, excessive permissions, open access, and the absence of multi-factor authentication (MFA). As the UK National Cyber Security Centre (NCSC) noted in a recent report focusing on cyber threats to the legal sector, law firms handle sensitive client information that cybercriminals may find useful, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. "


Honeywell acquires SCADAfence to strengthen its OT cybersecurity portfolio

industry ciber
2023-07-10 https://www.helpnetsecurity.com/2023/07/10/honeywell-scadafence/

Honeywell has agreed to acquire SCADAfence, a provider of OT and IoT cybersecurity solutions for monitoring large-scale networks. SCADAfence brings proven capabilities in asset discovery, threat detection and security governance which are key to industrial and buildings management cybersecurity programs. The OT cybersecurity industry is expected to grow to greater than $10 billion in the next several years. Particularly in the industrial sector, cyberattacks focused on OT systems can be a significant source of unplanned … More

The post Honeywell acquires SCADAfence to strengthen its OT cybersecurity portfolio appeared first on Help Net Security.

"

Autosummary: “SCADAfence is an ideal complement to Honeywell’s OT cybersecurity portfolio and, when combined with the Honeywell Forge Cybersecurity+ suite, it enables us to provide an end-to-end solution with applicability to asset, site and enterprise across key Honeywell sectors,” said Dehoff. "


JumpCloud Resets API Keys Amid Ongoing Cybersecurity Incident

ciber
2023-07-07 https://thehackernews.com/2023/07/jumpcloud-resets-api-keys-amid-ongoing.html
JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients. As part of its damage control efforts, JumpCloud has reset the application programming interface (API) keys of all customers affected by this event, aiming to protect their valuable data. The company has informed the concerned "

Autosummary: This API key reset will, however, disrupt certain functionalities like AD import, HRIS integrations, JumpCloud PowerShell modules, JumpCloud Slack apps, Directory Insights Serverless apps, ADMU, third-party zero-touch MDM packages, Command Triggers, Okta SCIM integration, Azure AD SCIM integration, Workato, Aquera, Tray, and more. "


Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks

exploits ciber
2023-07-07 https://thehackernews.com/2023/07/cybersecurity-agencies-sound-alarm-on.html
Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems. These sophisticated attacks exploit a critical vulnerability (CVE-2022-31199) in the widely used Netwrix Auditor server and its associated agents. This "

Autosummary: The tool can create scheduled tasks and inject payloads into msiexec[.]exe and svchost[.]exe, which are command processes that enable FlawedGrace to establish a command and control (C2) connection to 92.118.36[.]199, for example, as well as load dynamic link libraries (DLLs) to accomplish privilege escalation," the advisory says.Importantly, the Netwrix Auditor software is employed by more than 13,000 organizations worldwide, including notable firms such as Airbus, Allianz, the UK NHS, and Virgin. "


How to cultivate a culture of continuous cybersecurity improvement

ransomware ciber
2023-07-06 https://www.helpnetsecurity.com/2023/07/06/cybersecurity-improvement/

Regulatory compliance and cybersecurity improvement are not two sides of the same coin: they are distinct pillars that demand specialized attention. Achieving compliance does not create an impenetrable fortress against threats, it merely creates a baseline defense. So, how can organizations transition from a reactive, “tick-box” mindset to a proactive culture of continuous cyber improvement? This question is central to increasing cyber resilience. For those navigating the patchwork of regulatory environments, a deeper understanding of … More

The post How to cultivate a culture of continuous cybersecurity improvement appeared first on Help Net Security.

"

Autosummary: CISOs must manage a blend of real-time activities, like monitoring network traffic, threat hunting, and vulnerability detection, with periodic activities, such as pen testing, risk assessments, and audits. On the other hand, periodic security practices, such as penetration testing, provide an opportunity to stress-test the system and uncover potential weaknesses. The urgency of real-time vulnerability management To build a culture of cyber improvement, businesses must foster an effective vulnerability management strategy that relies on incessantly evaluating exposure to potential threats and taking proactive steps to mitigate them. "


Cybercriminals can break voice authentication with 99% success rate

ciber
2023-07-06 https://www.helpnetsecurity.com/2023/07/06/voice-authentication-insecurity/

Computer scientists at the University of Waterloo have discovered a method of attack that can successfully bypass voice authentication security systems with up to a 99% success rate after only six tries. Experts expose flaws in voiceprint technology Voice authentication – which allows companies to verify the identity of their clients via a supposedly unique “voiceprint” – has increasingly been used in remote banking, call centers and other security-critical scenarios. “When enrolling in voice authentication, … More

The post Cybercriminals can break voice authentication with 99% success rate appeared first on Help Net Security.

"

Autosummary: Kassis’ supervisor, computer science professor Urs Hengartner added, “By demonstrating the insecurity of voice authentication, we hope that companies relying on voice authentication as their only authentication factor will consider deploying additional or stronger authentication measures.” "


ISACA joins ECSO to strengthen cybersecurity and digital skills in Europe

ciber
2023-07-06 https://www.helpnetsecurity.com/2023/07/06/isaca-ecso/

ISACA is joining the European Cyber Security Organisation (ECSO). The membership will work to accelerate ECSO and ISACA’s shared commitment to advancing cybersecurity, fostering collaboration and driving digital trust across Europe. ISACA’s membership brings numerous benefits and opportunities for organisations and professionals across Europe. Through collaborating with ECSO, ISACA will share its expertise, resources, and training initiatives to develop the European cybersecurity ecosystem and enhance cybersecurity practices throughout the region. ISACA’s membership in ECSO will … More

The post ISACA joins ECSO to strengthen cybersecurity and digital skills in Europe appeared first on Help Net Security.

"

Autosummary: "


Week in review: 5 free online cybersecurity courses, 8Base ransomware group leaks data

exploits ransomware ciber
2023-07-02 https://www.helpnetsecurity.com/2023/07/02/week-in-review-5-free-online-cybersecurity-courses-8base-ransomware-group-leaks-data/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unlocking internet’s secrets via monitoring, data collection, and analysis In this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring, collecting, and analyzing internet data to gain a profound understanding of the internet. Preparing health systems for cyber risks and insurance coverage In this Help Net Security interview, Dennis Fridrich, VP of Cybersecurity at TRIMEDX, … More

The post Week in review: 5 free online cybersecurity courses, 8Base ransomware group leaks data appeared first on Help Net Security.

"

Autosummary: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unlocking internet’s secrets via monitoring, data collection, and analysis In this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring, collecting, and analyzing internet data to gain a profound understanding of the internet. "


Employees worry less about cybersecurity best practices in the summer

ciber
2023-06-30 https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/

IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months when more employees are often traveling or working remotely, according to ThreatX. With more endpoints and applications in use, and often personal rather than corporate issued, the risk to corporate data may increase. Given APIs are the driving force behind these connections, the study reinforces the need for prioritizing API and application security. ThreatX surveyed 2,000 consumers across … More

The post Employees worry less about cybersecurity best practices in the summer appeared first on Help Net Security.

"

Autosummary: Factors such as increased remote work and travel, and even employees’ children using parents’ devices to browse the internet and play games, all can potentially expose corporate data through attacked APIs,” said Jeremy Ventura, Director, Security Strategy & Field CISO at ThreatX. “To avoid this, it’s important organizations strengthen the visibility and security by tracking, monitoring, and uncovering vulnerable API and applications,” Ventura added. "


Cybercriminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign

ciber
2023-06-30 https://thehackernews.com/2023/06/cybercriminals-hijacking-vulnerable-ssh.html
An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network. "This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a peer-to-peer (P2P) proxy network, such as Peer2Profit or Honeygain," Akamai researcher Allen West said in a Thursday "

Autosummary: "


Index Engines CyberSense 8.3 identifies malicious changes indicative of cyberattack

ciber
2023-06-27 https://www.helpnetsecurity.com/2023/06/27/index-engines-cybersense-8-3/

Index Engines announced CyberSense 8.3, which features several user experience updates highlighted by additional metrics after a ransomware attack is detected, a new setup wizard and system configuration interface. CyberSense scans backup data and snapshots to validate their integrity and identify malicious changes indicative of cyberattack. When an attack occurs, CyberSense provides forensic reporting to diagnose and recover to normal business operations. CyberSense’s user interface displays rich details on every attack, including the nature of … More

The post Index Engines CyberSense 8.3 identifies malicious changes indicative of cyberattack appeared first on Help Net Security.

"

Autosummary: "


5 free online cybersecurity courses you should check out

ciber
2023-06-26 https://www.helpnetsecurity.com/2023/06/26/free-online-cybersecurity-courses/

Cryptography In this course, you’ll learn how to protect information to ensure its integrity, confidentiality, authenticity, and non-repudiation. You will develop a basic understanding of cryptographic concepts and how to apply them, implement secure protocols, key management concepts, critical administration and validation, and Public Key Infrastructure. Networks and Communications Security In this course, you will learn about the network structure, data transmission methods, transport formats, and the security measures used to maintain integrity, availability, authentication, … More

The post 5 free online cybersecurity courses you should check out appeared first on Help Net Security.

"

Autosummary: Networks and Communications Security In this course, you will learn about the network structure, data transmission methods, transport formats, and the security measures used to maintain integrity, availability, authentication, and confidentiality of the information being transmitted.Cryptography In this course, you’ll learn how to protect information to ensure its integrity, confidentiality, authenticity, and non-repudiation. "


Exploring the persistent threat of cyberattacks on healthcare

ciber
2023-06-26 https://www.helpnetsecurity.com/2023/06/26/healthcare-institutions-cyberattacks/

In this Help Net Security interview, Brett Harris, Cybersecurity Officer for the Americas at Siemens Healthineers, discusses the long-term impacts of cyberattacks on healthcare institutions and what healthcare providers can do to protect patients’ personal data and medical devices. Can you explain how the various hospital information systems (EHR, e-prescribing systems, practice management support systems, etc.) might be vulnerable to cyberattacks? Anything connected to a network is potentially vulnerable to cyberattacks, but the risk varies … More

The post Exploring the persistent threat of cyberattacks on healthcare appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Brett Harris, Cybersecurity Officer for the Americas at Siemens Healthineers, discusses the long-term impacts of cyberattacks on healthcare institutions and what healthcare providers can do to protect patients’ personal data and medical devices. Can you explain how the various hospital information systems (EHR, e-prescribing systems, practice management support systems, etc.) might be vulnerable to cyberattacks? "


Suncor Energy cyberattack impacts Petro-Canada gas stations

industry ciber
2023-06-26 https://www.bleepingcomputer.com/news/security/suncor-energy-cyberattack-impacts-petro-canada-gas-stations/
Petro-Canada gas stations across Canada are impacted by technical problems preventing customers from paying with credit card or rewards points as its parent company, Suncor Energy, discloses they suffered a cyberattack. [...] "

Autosummary: "At this time, we are not aware of any evidence that customer, supplier, or employee data has been compromised or misused as a result of this situation," reads the Suncord press release. "


U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog

exploits ciber
2023-06-24 https://thehackernews.com/2023/06/us-cybersecurity-agency-adds-6-flaws-to.html
The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two flaws in VMware (CVE-2023-20867 and CVE-2023-20887), and one shortcoming impacting Zyxel "

Autosummary: "


University of Manchester confirms data theft in recent cyberattack

ciber
2023-06-23 https://www.bleepingcomputer.com/news/security/university-of-manchester-confirms-data-theft-in-recent-cyberattack/
The University of Manchester finally confirmed that attackers behind a cyberattack disclosed in early June had stolen data belonging to alumni and current students. [...] "

Autosummary: "We have stolen 7TB of data, including confidential personal information from students and staff, research data, medical data, police reports, drug test results, databases, HR documents, finance documents, and more. "


vCISO Directory helps SMBs manage their cybersecurity

ciber
2023-06-22 https://www.helpnetsecurity.com/2023/06/22/vciso-directory-cynomi/

The industry’s first-ever directory of virtual CISO (vCISO) service providers has gone live. This list of vCISO providers means that SMBs can tap the expertise of qualified cybersecurity professionals to protect their digital assets and ensure compliance. To help organizations shore up their cyberdefenses, MSPs, MSSPs, and consultancies have developed vCISO services. They enable businesses to avail themselves of the expertise and skills of a professional CISO to improve their cybersecurity posture, while only paying … More

The post vCISO Directory helps SMBs manage their cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Increased spending doesn’t translate to improved cybersecurity posture

ciber
2023-06-22 https://www.helpnetsecurity.com/2023/06/22/average-cybersecurity-budget-increase/

Security teams are stretched, with not enough people, skills or budget to cope with all their priorities, according to Panaseer. Average cybersecurity budgets increase in 2023 The survey of over 400 cybersecurity decision makers and practitioners across the US and UK identified nearly one-third have concerns around a lack of security skills and lack of security training budget, and over one-quarter are worried about low security team headcount and low overall security budget. Yet adoption … More

The post Increased spending doesn’t translate to improved cybersecurity posture appeared first on Help Net Security.

"

Autosummary: Average cybersecurity budgets increase in 2023 The survey of over 400 cybersecurity decision makers and practitioners across the US and UK identified nearly one-third have concerns around a lack of security skills and lack of security training budget, and over one-quarter are worried about low security team headcount and low overall security budget. "


Exploring the role of AI in cybersecurity

ciber
2023-06-19 https://www.helpnetsecurity.com/2023/06/19/ai-cybersecurity-role-video/

In this Help Net Security round-up, we present parts of previously recorded videos from experts in the field that discuss about how AI technologies will impact the cybersecurity industry in the next few years. AI is a powerful tool in cybersecurity, adapting to emerging threats by analyzing data and improving detection. However, ethical considerations, privacy, and adversarial attacks must be addressed to maintain trust. AI will continue to play a vital role in safeguarding digital … More

The post Exploring the role of AI in cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Three cybersecurity actions that make a difference

ciber
2023-06-19 https://www.helpnetsecurity.com/2023/06/19/cybersecurity-programs-improvement/

Organizations that closely align their cybersecurity programs to business objectives are 18% more likely to achieve target revenue growth and market share and improve customer satisfaction, as well as 26% more likely to lower the cost of cybersecurity breaches/incidents, on average, according to Accenture. Driving successful outcomes The report identifies a group of companies that are leading the way in their cybersecurity efforts. These companies — which Accenture calls “cyber transformers” and account for 30% … More

The post Three cybersecurity actions that make a difference appeared first on Help Net Security.

"

Autosummary: Cyber transformers integrate a cyber risk-based framework into their enterprise risk management program; have their cybersecurity operations and executive leadership agree on the priority of assets and operations to be protected; and consider cybersecurity risk to a great extent when evaluating overall enterprise risk (65% vs. 11%). "


Recent Teams, Office outages were caused by cyberattacks: Microsoft

ciber
2023-06-19 https://www.computerworld.com/article/3700148/recent-teams-office-outages-were-caused-by-cyberattacks-microsoft.html#tk.rss_security

Microsoft has confirmed that recent outages to its popular services, including Outlook, Teams, OneDrive, and cloud computing platform Azure, were caused by a DDoS attack by a threat actor that the company tracks as Storm-1359.

Also known as Anonymous Sudan, Storm-1359 was first detected in January, targeting organizations and government agencies with DDoS attacks and efforts to exfiltrate data. The threat actor was initially assumed to be a “hacktivist” group protesting a controversial outfit at the Melbourne Fashion Week but has since been linked to the Russian state, according to several media reports.

To read this article in full, please click here

"

Autosummary: Different types of layer 7 DDoS attacks Storm-1359 was observed launching several types of layer 7 DDoS attack traffic, including HTTP(S) flood attack, Cache bypass, and Slowloris. "


Week in review: Fortinet patches pre-auth RCE, Switzerland under cyberattack

ciber
2023-06-18 https://www.helpnetsecurity.com/2023/06/18/week-in-review-fortinet-patches-pre-auth-rce-switzerland-under-cyberattack/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Building a culture of security awareness in healthcare begins with leadership In this Help Net Security interview, Ken Briggs, General Counsel at Salucro, discusses how fostering a culture of security awareness has become paramount for healthcare organizations. Building a hyper-connected future with 6G networks In this Help Net Security interview, Shamik Mishra, Capgemini‘s CTO of Connectivity, delves into the emerging … More

The post Week in review: Fortinet patches pre-auth RCE, Switzerland under cyberattack appeared first on Help Net Security.

"

Autosummary: Building a hyper-connected future with 6G networks In this Help Net Security interview, Shamik Mishra, Capgemini‘s CTO of Connectivity, delves into the emerging themes and technologies shaping 6G, its performance metrics compared to 5G, the role of advanced AI algorithms, the impact of higher frequencies, and the geopolitical race for 6G leadership. New infosec products of the week: June 16, 2023 Here’s a look at the most interesting products from the past week, featuring releases from NETSCOUT, Okta, Quantinuum, Seceon, and Zilla Security. "


Cybercriminals return to business as usual in a post-pandemic world

ciber
2023-06-16 https://www.helpnetsecurity.com/2023/06/16/post-pandemic-threat-landscape/

After two years of pandemic-induced disruption, 2022 was a return to business as usual for the world’s cybercriminals, according to Proofpoint. As COVID-19 medical and economic programs began to wind down, attackers had to find new ways to make a living by honing their social engineering skills, commoditising once-sophisticated attack techniques, and creatively searching for new opportunities in unexpected places. Creativity among threat actors From scaling brute-force and targeted attacks on cloud tenants to the … More

The post Cybercriminals return to business as usual in a post-pandemic world appeared first on Help Net Security.

"

Autosummary: “With Microsoft 365 forming a large percentage of the typical organization’s attack surface, broad abuse of that platform, from Office macros to OneNote documents, continues to shape the broad outlines of the threat landscape,” said Ryan Kalember, EVP, cybersecurity strategy, Proofpoint. "


Cybersecurity culture improves despite the dark clouds of the past year

ciber
2023-06-16 https://www.helpnetsecurity.com/2023/06/16/material-cyber-breaches/

Despite a hardening economic climate, heightened global tensions and the onset of new technology making cybercrime easier, 76% of the CISOs, suggested that no material breaches had occurred and 60% said that no material cybersecurity incident had occurred in the past 12 months, according to ClubCISO and Telstra Purple. This apparent success of security teams is particularly interesting given that CISOs on average rated their organization’s overall security posture lower than they did over the … More

The post Cybersecurity culture improves despite the dark clouds of the past year appeared first on Help Net Security.

"

Autosummary: Digging into the cultural improvements in more detail, proactive ‘report it’ no-blame policies (41%), simulated phishing (38%) and tailored training (37%) remain as the other key drivers of security culture. "


Activities in the Cybercrime Underground Require a New Approach to Cybersecurity

ciber
2023-06-16 https://thehackernews.com/2023/06/activities-in-cybercrime-underground.html
As Threat Actors Continuously Adapt their TTPs in Today’s Threat Landscape, So Must You Earlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground. The research stems from an analysis of Cybersixgill"s collected intelligence items throughout 2022, gathered from the deep, dark and clear web. The report examines the continuous "

Autosummary: E-commerce security improvements – Since 2021, e-commerce sites have been using more robust security measures, such as two-factor authentication (2FA), address verification systems, and secure payment systems adhering to PCI DSS, making it harder for cybercriminal threat actors to steal credit card data from consumers.The significant decline in credit card fraud is due mainly to the following: Improvements in authentication and fraud prevention – Banks and financial institutions are using advanced authentication and "passwordless" methods that make it harder to compromise a card, such as biometric authentication (e.g., fingerprints and face recognition), as well as PINs, EMV chips, and multi-factor authentication (MFA).As cryptocurrency has gained broader adoption for legitimate purposes, it"s also become a target for threat actors, presenting new opportunities for "crypto-jacking," digital wallet takeovers, crypto-mining, and siphoning digital assets from crypto exchanges. "


How cybercriminals target energy companies

industry ciber
2023-06-15 https://www.helpnetsecurity.com/2023/06/15/how-cybercriminals-target-energy-companies-video/

In this Help Net Security video, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber, discusses how cybercriminals employ specialized strategies when targeting energy companies. This is primarily due to the sensitive and valuable information these organizations hold and their critical role in infrastructure, making them particularly attractive for economic and geopolitical disruption. Energy companies are routinely discussed on dark web forums, with threat actors frequently auctioning initial access via remote software, VPNs, and stolen … More

The post How cybercriminals target energy companies appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity agencies published a joint LockBit ransomware advisory

exploits ransomware ciber
2023-06-15 https://securityaffairs.com/147482/cyber-crime/lockbit-ransomware-advisory.html

The LockBit ransomware group successfully extorted roughly $91 million from approximately 1,700 U.S. organizations since 2020. According to a joint advisory published by cybersecurity agencies, the LockBit ransomware group has successfully extorted roughly $91 million in about 1,700 attacks against U.S. organizations since 2020. The advisory was published by Cybersecurity and Infrastructure Security Agency (CISA), […]

The post Cybersecurity agencies published a joint LockBit ransomware advisory appeared first on Security Affairs.

"

Autosummary: The advisory was published by Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the following international agencies: Australian Cyber Security Centre (ACSC) Canadian Centre for Cyber Security (CCCS) United Kingdom’s National Cyber Security Centre (NCSC-UK) National Cybersecurity Agency of France (ANSSI) "


IT providers become go-to for cybersecurity advice

ciber
2023-06-14 https://www.helpnetsecurity.com/2023/06/14/security-trusted-partners/

61% of SMBs have been hit by a successful cyberattack in the last year, according to BlackFog. The research study, which examined the business impact of cybersecurity for organizations in the US and UK, also revealed the growing importance of engaging with trusted partners to meet their security challenges. Businesses are also falling victim to repeat attacks, with 87% of IT decision makers stating they had experienced two or more successful attacks in the past … More

The post IT providers become go-to for cybersecurity advice appeared first on Help Net Security.

"

Autosummary: In fact, 26% rated providers and partners as the most highly trusted compared with colleagues in their company (21%), analysts (16%) and peers within other organizations (10%). "


Switzerland under cyberattack

ciber
2023-06-14 https://www.helpnetsecurity.com/2023/06/14/swiss-government-ddos/

Swiss government websites are under DDoS attacks, but several ransomware gangs have also turned their sights on Swiss government organizations, cantonal governments, cities and companies in the last few months. Government sites under DDoS attacks “Several Federal Administration websites are/were inaccessible on Monday 12 June 2023, due to a DDoS attack on its systems,” the Swiss National Cyber Security Centre (NCSC) said on Monday. “The Swiss government’s portal www.admin.ch remains accessible.” But the attackers did … More

The post Switzerland under cyberattack appeared first on Help Net Security.

"

Autosummary: According to Netzwoche, some 100 customers were affected by the outage, among them the municipality of Rüegsau, cinema chain Pathé, the industrial group Insys, the tool manufacturer PB Swiss Tools, the electrical engineering company Boess, and the Rugenbräu brewery. According to Swiss news outlet Le Temps, some of the Xplain data leaked by Play includes contracts, technical specifications, identifiers to access certain services, etc., from IT projects the company carried out with the Federal Office of Police (Fedpol) and several cantonal police forces. "


Talking cybersecurity on “Learning Curve”

ciber
2023-06-14 https://grahamcluley.com/talking-cybersecurity-on-learning-curve/
Earlier this year I was invited by Vodafone to appear on an episode of "Learning Curve", a series for founders, business leaders and - indeed - those who wish to be a business leader. You won"t be surprised to hear that the topic I was being asked about was cybersecurity "

Autosummary: "


Quantum Origin Onboard strengthens device security against cyberattacks

ciber
2023-06-14 https://www.helpnetsecurity.com/2023/06/14/quantinuum-quantum-origin-onboard/

Quantinuum launched Quantum Origin Onboard, an innovation in cryptographic key generation that provides quantum computing hardened cyber protection for a wide range of connected devices by maximizing the strength of keys generated within the devices themselves. The risk of cyberattacks compromising organizations continues to grow. As cybercriminals uncover new techniques to exploit connected systems and their data, even the cryptographic foundations of cybersecurity measures remain vulnerable to advanced threats. Cryptographic keys created using current typical … More

The post Quantum Origin Onboard strengthens device security against cyberattacks appeared first on Help Net Security.

"

Autosummary: “While quantum computing has the potential to render current encryption algorithms obsolete, posing a significant challenge to businesses and individuals alike, already today sophisticated attackers can take advantage of vulnerable encryption keys,” said Dr. Rajeeb Hazra, CEO of Quantinuum. "


Dragos Partner Program helps users strengthen OT cybersecurity

ciber
2023-06-13 https://www.helpnetsecurity.com/2023/06/13/dragos-partner-program/

Dragos launched the Dragos Global Partner Program to comprise OT cybersecurity technology, services, and threat intelligence. The Dragos Partner Program extends even further by offering training that prepares partners as experts who can offer their customers assessment services based on Dragos’s proven assessment methodology; resell the Dragos Platform including asset discovery, threat detection, and vulnerability management; and manage deployment for customers. The Dragos Partner Program enables channel partners to offer their customers the full range … More

The post Dragos Partner Program helps users strengthen OT cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Google grants $12 million to bolster NYC’s cybersecurity ecosystem

ciber
2023-06-13 https://www.helpnetsecurity.com/2023/06/13/google-cyber-research-program/

Google has announced the Google Cyber NYC Institutional Research Program, allocating $12 million to stimulate the cybersecurity ecosystem and establish New York City as the global leader in cybersecurity. The $12 million will go towards research conducted at four of the city’s leading institutions of higher education. It will also be used to expand educational opportunities for students seeking advanced degrees in cybersecurity. As part of this commitment, The City University of New York, Columbia … More

The post Google grants $12 million to bolster NYC’s cybersecurity ecosystem appeared first on Help Net Security.

"

Autosummary: “We believe NYC will be the epicenter for next-generation research, students, and startups in cyber, trust, and safety, and we applaud Google for its leadership and unwavering support for Cornell University,” Morrisett added. "


St. Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure

ciber
2023-06-13 https://securityaffairs.com/147430/cyber-crime/st-margarets-health-closes-cyberattack.html

St. Margaret’s Health in Illinois is partly closing operations at its hospitals due to a 2021 ransomware attack that impacted its payment system. In February 2021a ransomware attack hit the St. Margaret’s Health in Illinois and forced the organization to shutdown of IT infrastructure at the Spring Valley hospital to contain the threat. The cyber […]

The post St. Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure appeared first on Security Affairs.

"

Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, hospital) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "


Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable

exploits ciber
2023-06-12 https://thehackernews.com/2023/06/cybercriminals-using-powerful-batcloak.html
A fully undetectable (FUD) malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection. The samples grant "threat actors the ability to load numerous malware families and exploits with ease through highly obfuscated batch files," Trend Micro researchers said. About 79.6% of the total 784 artifacts "

Autosummary: What"s more, ScrubCrypt is designed to be interoperable with various well-known malware families like Amadey, AsyncRAT, DarkCrystal RAT, Pure Miner, Quasar RAT, RedLine Stealer, Remcos RAT, SmokeLoader, VenomRAT, and Warzone RAT. "


Week in review: 9 free cybersecurity whitepapers, Patch Tuesday forecast

ciber
2023-06-11 https://www.helpnetsecurity.com/2023/06/11/week-in-review-9-free-cybersecurity-whitepapers-patch-tuesday-forecast/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cl0p announces rules for extortion negotiation after MOVEit hack The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 to get in contact with them – or they will post their name on their dedicated leak page. 0mega ransomware gang changes tactics … More

The post Week in review: 9 free cybersecurity whitepapers, Patch Tuesday forecast appeared first on Help Net Security.

"

Autosummary: Introducing the book: Creating a Small Business Cybersecurity Program, Second Edition In this Help Net Security video interview, Alan Watkins, CIS Controls Ambassador, CIS, talks about his new book – Creating a Small Business Cybersecurity Program, Second Edition. New infosec products of the week: June 9, 2023 Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Datadog, Enveedo, Lacework, and NinjaOne. "


Employee cybersecurity awareness takes center stage in defense strategies

ciber
2023-06-09 https://www.helpnetsecurity.com/2023/06/09/employees-cybersecurity-knowledge/

As cyberattacks intensify, more and more organizations recognize the need to have a strong security culture for all employees, according to Fortinet. Employee cybersecurity awareness The most recent report from Fortinet’s FortiGuard Labs found that ransomware threats remain at peak levels with no evidence of slowing down globally. At the same time, Fortinet found that 84% of organizations experienced one or more breaches in 2022. The latest research from Fortinet reveals that more than 90% … More

The post Employee cybersecurity awareness takes center stage in defense strategies appeared first on Help Net Security.

"

Autosummary: Lack of cybersecurity knowledge among employees 81% of organizations faced malware, phishing, and password attacks last year which mainly were targeted at users. "


Introducing the book: Creating a Small Business Cybersecurity Program, Second Edition

ciber
2023-06-09 https://www.helpnetsecurity.com/2023/06/09/book-creating-a-small-business-cybersecurity-program-second-edition-video/

In this Help Net Security video interview, Alan Watkins, CIS Controls Ambassador, CIS, talks about his new book – Creating a Small Business Cybersecurity Program, Second Edition. This book provides guidance and essential steps small businesses with 25-50 employees should implement, from creating governance documents to policies and procedures. Watkins devotes four chapters to the CIS Controls and CIS Safeguards in Implementation Group 1 (IG1) and discusses risk management using the CIS Risk Assessment Method … More

The post Introducing the book: Creating a Small Business Cybersecurity Program, Second Edition appeared first on Help Net Security.

"

Autosummary: "


University of Manchester says hackers ‘likely’ stole data in cyberattack

ciber
2023-06-09 https://www.bleepingcomputer.com/news/security/university-of-manchester-says-hackers-likely-stole-data-in-cyberattack/
The University of Manchester warns staff and students that they suffered a cyberattack where threat actors likely stole data from the University"s network. [...] "

Autosummary: The University says they informed all relevant authorities, including the Information Commissioner"s Office, the National Cyber Security Centre (NCSC), and the National Crime Agency, about the security and data breach. "


Top factors driving enterprise demand for new cybersecurity technology

ciber
2023-06-08 https://www.helpnetsecurity.com/2023/06/08/cybersecurity-vendors-strategies/

Despite prevailing economic headwinds, the market for cybersecurity products and services remains buoyant, according to CCgroup. The study found that 78% of enterprises in the U.S. and 58% in the UK have increased cybersecurity investment in the last year, while 81% of enterprises are looking to work with new vendors in the next 12 months. The top three solutions for investment are endpoint security, application security and fraud prevention. However, despite searching for new suppliers, … More

The post Top factors driving enterprise demand for new cybersecurity technology appeared first on Help Net Security.

"

Autosummary: Long-form content is crucial to cybersecurity vendors’ content strategies Long-form copy – written either by vendors or industry analysts – proved to be the most popular, with blogs emerging as the winner in both markets (92% in the U.S. and 93% in the UK), followed by industry analyst reports (88% overall) and case studies (87% overall). "


20 cybersecurity projects on GitHub you should check out

ciber
2023-06-08 https://www.helpnetsecurity.com/2023/06/08/github-cybersecurity-projects/

Open-source GitHub cybersecurity projects, developed and maintained by dedicated contributors, provide valuable tools, frameworks, and resources to enhance security practices. From vulnerability scanning and network monitoring to encryption and incident response, the following collection encompasses a diverse range of projects that can aid individuals and organizations in safeguarding their digital assets. ATT&CK Navigator The ATT&CK Navigator allows users to navigate and annotate ATT&CK matrices, similar to using Excel. It provides a way to visualize defensive … More

The post 20 cybersecurity projects on GitHub you should check out appeared first on Help Net Security.

"

Autosummary: Identification of system vulnerabilities Provides information on the servers that are affected Automated vulnerability detection Regular vulnerability reporting using methods like CRON Wazuh Wazuh is a free and open-source platform that offers threat prevention, detection, and response capabilities. Vuls Vuls is a vulnerability scanner designed for Linux, FreeBSD, Container, WordPress, Programming language libraries, and Network devices. It offers the following features: Clear overview of running processes and resource usage Detailed system information and graphs Views and edits services Other features useful for debugging and analyzing software Tink Tink is an open-source cryptography library developed by Google’s cryptographers and security engineers. It has many advanced features: a completely custom binary template and pattern language to decode and highlight structures in the data, a graphical node-based data processor to pre-process values before they’re displayed, a disassembler, diffing support, bookmarks and much much more.It is designed to provide an initial and rapid assessment of malware samples, URLs, IP addresses, domains, malware families, IOCs, and hashes. The generated output is consolidated into a single CSV timeline, facilitating analysis in popular tools such as LibreOffice, Timeline Explorer, Elastic Stack, Timesketch, and others. "


Why cybersecurity needs a conference like mWISE

ciber
2023-06-08 https://www.bleepingcomputer.com/news/security/why-cybersecurity-needs-a-conference-like-mwise/
Mandiant"s mWISE #cybersecurity conference runs from Sept 18-20, 2023 in Washington, D.C. Organizers are asking the public for keynote topic and speaker ideas, and if you register now, you can save 45% off the standard price. [...] "

Autosummary: Their advice: Think government officials, intelligence experts, and “brain candy”—i.e., whatever challenges thinking, inspires creativity, and/or nurtures mental health.At mWISE, which runs from September 18–20, 2023 in Washington, D.C., frontline security experts from both the public and private sectors will experience a level of collaboration that doesn’t happen elsewhere. "


Embracing realistic simulations in cybersecurity training programs

ciber
2023-06-07 https://www.helpnetsecurity.com/2023/06/07/embracing-realistic-simulations-cybersecurity-training-programs-video/

In this Help Net Security video, Ed Adams, CEO of Security Innovation, discusses the shifts in cybersecurity training. 60% of companies now include realistic simulations in their cybersecurity training programs compared to 36% in 2020. According to Security Innovation research, organizations increasingly embrace realistic simulations in training programs. Respondents ranked this feature as highly effective and delivering the most significant ROI compared with other cybersecurity training program components.

The post Embracing realistic simulations in cybersecurity training programs appeared first on Help Net Security.

"

Autosummary: "


Immersive Labs and Accenture join forces to address the cybersecurity talent deficit

ciber
2023-06-07 https://www.helpnetsecurity.com/2023/06/07/immersive-labs-accenture/

Immersive Labs and Accenture are working together to launch the Cyber Million program that aims to solve the cybersecurity talent deficit by increasing access to one million entry-level cybersecurity operations jobs over the next decade. The beta version of the program will be powered by the Immersive Labs platform with Accenture Security serving as the first foundational partner. The program is now available to other organizations seeking to make cybersecurity operations roles available on the … More

The post Immersive Labs and Accenture join forces to address the cybersecurity talent deficit appeared first on Help Net Security.

"

Autosummary: “Cybersecurity talent is everywhere, and it can be developed if those eager to learn are given the opportunity, whether or not they come from a technical background,” said Robert Boyce, Global Lead of Cyber Resilience, Accenture. "


Cyclops Ransomware Gang Offers Go-Based Info Stealer to Cybercriminals

exploits ransomware ciber
2023-06-06 https://thehackernews.com/2023/06/cyclops-ransomware-gang-offers-go-based.html
Threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware that"s designed to capture sensitive data from infected hosts. "The threat actor behind this [ransomware-as-a-service] promotes its offering on forums," Uptycs said in a new report. "There it requests a share of profits from those engaging in malicious activities using its malware." "

Autosummary: "


Katie Boswell on AI security and women’s rise in cybersecurity

ciber
2023-06-05 https://www.helpnetsecurity.com/2023/06/05/katie-boswell-ai-security-podcast/

Katie Boswell spent years on the front lines securing the most critical national infrastructure in energy and life sciences. Yet, earlier in her career, she was told that senior leadership was not for her if she planned on becoming a mother. Despite early gender-based criticism she persevered and now, her experience puts her in the ideal position to discuss reinforcing the security and resiliency of systems and infrastructure. She spoke with the Left to Our … More

The post Katie Boswell on AI security and women’s rise in cybersecurity appeared first on Help Net Security.

"

Autosummary: Emphasizing the need for businesses that are new to AI to define specific frameworks to their needs, industry, ecosystem, and available tools, Katie continued, “NIST, for instance, has an AI risk management framework. As the EU begins demanding greater transparency into AI models, we plan to see a demand for more in-depth SBOM management to identify vulnerabilities between components, product lines, and business units– as well as understand how specific models are trained. Security professionals must collaborate with data scientists to better understand the diverging security concerns, privacy identity, access management, and information protection. "


9 free cybersecurity whitepapers you should read

ciber
2023-06-05 https://www.helpnetsecurity.com/2023/06/05/free-cybersecurity-whitepapers-you-should-read/

In today’s rapidly evolving digital landscape, organizations face constant cyber threats that can compromise their sensitive data, disrupt operations, and damage their reputation. Staying informed about the latest cyberattacks and understanding effective protection methods is crucial. This list of free cybersecurity whitepapers that don’t require registration covers a wide range of common cyber risks (ransomware, DDoS attacks, social network account hijacking). It explores the possible risks that could originate from new technologies such as generative … More

The post 9 free cybersecurity whitepapers you should read appeared first on Help Net Security.

"

Autosummary: These attacks deplete network, application, or system resources, leading to issues such as network slowdowns, application crashes, and server failures. This whitepaper from Offensive Security concentrates on optimal methods for nurturing internal cybersecurity talent within your technical teams, such as IT, information security, DevOps, or engineering. "


Brazilian Cybercriminals Using LOLBaS and CMD Scripts to Drain Bank Accounts

financial latam ciber
2023-06-05 https://thehackernews.com/2023/06/brazilian-cybercriminals-using-lolbas.html
An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal. "This threat actor employs tactics such as LOLBaS (living-off-the-land binaries and scripts), along with CMD-based scripts to carry out its malicious activities," the BlackBerry Research and Intelligence Team said in a report "

Autosummary: "This threat actor employs tactics such as LOLBaS (living-off-the-land binaries and scripts), along with CMD-based scripts to carry out its malicious activities," the BlackBerry Research and Intelligence Team said in a report published last week. "


Idaho Hospitals hit by a cyberattack that impacted their operations

ciber
2023-06-05 https://securityaffairs.com/147089/cyber-crime/idaho-hospitals-cyber-attacks.html

Last week two eastern Idaho hospitals and their clinics were hit by a cyberattack that temporarily impacted their operations. Last week the Idaho Falls Community Hospital was hit by a cyber attack that impacted its operations. Officials at the hospital confirmed that some clinics closed due to the cyber attack and some ambulances have been […]

The post Idaho Hospitals hit by a cyberattack that impacted their operations appeared first on Security Affairs.

"

Autosummary: "


5 unusual cybersecurity tips that actually work

ciber
2023-06-05 https://www.malwarebytes.com/blog/personal/2023/06/5-unusual-cybersecurity-tips-that-actually-work

Categories: Personal

It’s time to shake off that special feeling, start lying, forget everything you’ve been told about passwords, spin up a million email addresses, and start throwing away computers for fun.

(Read more...)

The post 5 unusual cybersecurity tips that actually work appeared first on Malwarebytes Labs.

"

Autosummary: Posted: June 5, 2023 by It’s time to shake off that special feeling, start lying, forget everything you’ve been told about passwords, spin up a million email addresses, and start throwing away computers for fun.Stop thinking you"re special Everyone is a star in their own story, so when we unexpectedly get a message from a lonely young Russian lady who"s recently moved to our town, a Nigerian Prince promises us riches, "Keanu Reeves" follows us on Instagram, or we stumble upon the crypto-opportunity of a lifetime, our exceptionalism can kick in. So, you’re on top of your software updates, you use a password manager, you’ve enabled two-factor authentication wherever you can, you’ve got BrowserGuard installed, and you’re running Malwarebytes Premium. "


Cloud Security Tops Concerns for Cybersecurity Leaders: EC-Council"s Certified CISO Hall of Fame Report 2023

government ciber
2023-06-03 https://thehackernews.com/2023/06/cloud-security-tops-concerns-for.html
A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by the EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in cybersecurity education and training, released its Certified Chief Information Security Officer Hall of Fame "

Autosummary: Additional challenges identified in the report include third-party/vendor security management, network security, application security, endpoint security, rapid IT changes, business growth and expansion of hybrid work models, and an inadequate focus on cyber risk management. A truly global organization with a driving belief in bringing diversity, equity and inclusion to the modern cybersecurity workforce, EC-Council maintains 11 offices in the U.S., the UK, India, Malaysia, Singapore, and Indonesia. "


How defense contractors can move from cybersecurity to cyber resilience

ciber
2023-06-02 https://www.helpnetsecurity.com/2023/06/02/defense-contractors-effectiveness-cybersecurity/

As the world’s most powerful military and economic power, the United States also holds another, less impressive distinction: Cyber threat actors target the US more than any other country in the world. In 2022 alone, the FBI received more than 800,000 cybercrime-related complaints, with losses totaling over $10 billion, according to the agency’s latest Internet Crime Complaint Center (IC3) report — a leap of $3.4 billion from the previous year. As cybercriminals grow in sophistication, … More

The post How defense contractors can move from cybersecurity to cyber resilience appeared first on Help Net Security.

"

Autosummary: In 2022 alone, the FBI received more than 800,000 cybercrime-related complaints, with losses totaling over $10 billion, according to the agency’s latest Internet Crime Complaint Center (IC3) report — a leap of $3.4 billion from the previous year.According to the World Economic Forum’s 2023 Global Cybersecurity Outlook, 86% of business leaders and an even higher percentage of cyber leaders, 93%, believe a catastrophic cyber event is likely in the next two years due to global geopolitical instability. "


Introducing the book: Cybersecurity First Principles

ciber
2023-06-02 https://www.helpnetsecurity.com/2023/06/02/introducing-the-book-cybersecurity-first-principles/

In this Help Net Security video interview, Rick Howard, CSO of N2K, Chief Analyst, and Senior Fellow at the Cyberwire, discusses his book – Cybersecurity First Principles: A Reboot of Strategy and Tactics. In the book, Howard challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to return to first principles. He lays out the arguments for the absolute cybersecurity first principle and then … More

The post Introducing the book: Cybersecurity First Principles appeared first on Help Net Security.

"

Autosummary: "


Cybercriminals use legitimate websites to obfuscate malicious payloads

ciber
2023-06-02 https://www.helpnetsecurity.com/2023/06/02/evolving-attack-methodologies/

According to Egress, the evolving attack methodologies currently used by cybercriminals are designed to get through traditional perimeter security. “The evolution of phishing emails continues to pose a major threat to organizations, emphasizing the need to enhance defenses to prevent attacks,” said Jack Chapman, VP of Threat Intelligence, Egress. “Although traditional signature-based detection can filter out phishing emails with known malicious payloads (attachments and links), cybercriminals are constantly refining their attack methods to bypass existing … More

The post Cybercriminals use legitimate websites to obfuscate malicious payloads appeared first on Help Net Security.

"

Autosummary: Amongst the sites leveraged by hackers and detected by Egress Defend, YouTube, Amazon AWS, Google Docs, Firebase Storage, and DocuSign emerged as the top 10 most frequently used, with a 121% rise in this method observed between January 1 and April 30, 2023, compared to September to December 2022. "


Galvanick raises $10 million for its industrial cybersecurity platform

industry ciber
2023-06-02 https://www.helpnetsecurity.com/2023/06/02/galvanick-seed-round/

Galvanick announced its $10 million seed round. Major investors included MaC Venture Capital, Founders Fund, Village Global, Countdown Capital, Hanover Technology Investment Management, Shrug Capital, 8090 Industries, and over 25 angel investors specializing in cybersecurity, manufacturing, finance, and defense. Galvanick plans to use the capital to make additional core hires, and expand use of its initial product – a Extended Detection & Response (XDR) platform – to additional advanced manufacturing and critical infrastructure facilities. Galvanick … More

The post Galvanick raises $10 million for its industrial cybersecurity platform appeared first on Help Net Security.

"

Autosummary: Major investors included MaC Venture Capital, Founders Fund, Village Global, Countdown Capital, Hanover Technology Investment Management, Shrug Capital, 8090 Industries, and over 25 angel investors specializing in cybersecurity, manufacturing, finance, and defense. "


Why organizations should adopt a cloud cybersecurity framework

ciber
2023-06-01 https://www.helpnetsecurity.com/2023/06/01/cloud-cybersecurity-framework/

The cloud is the future of enterprise architecture. It’s economical (to a degree), it’s scalable, it’s flexible and – best of all – it’s someone else’s responsibility. Again, to a point. That’s because the cloud comes with its own set of security and governance challenges. 1. Controlling the sprawl An average employee uses about 36 cloud-based services daily, while enterprises store about 60% of their data on the cloud. Controlling this sudden, often unintended explosion … More

The post Why organizations should adopt a cloud cybersecurity framework appeared first on Help Net Security.

"

Autosummary: Every CSP will implement security differently and every cloud model (software-as-a-service, infrastructure-as-a-service, platform-as-a-service, etc.) will have varying degrees of security control ownership, which is why it might be difficult for them to meet all security requirements. There are a number of different cloud cybersecurity control frameworks available, including the Cloud Controls Matrix (CCM) proposed by the Cloud Security Alliance, the Information Security Forum’s Standard of Good Practice (SOGP), the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and the ISO/IEC 27002.They help organizations maintain a record of cloud services, their usage, security controls and capabilities across on-premises, off-premises, private and public cloud. "


Navigating cybersecurity in the age of remote work

ciber
2023-06-01 https://www.helpnetsecurity.com/2023/06/01/jay-chaudhry-zscaler-cybersecurity-remote-work/

In this Help Net Security interview, Jay Chaudhry, CEO at Zscaler, talks about connecting and securing remote employees and their devices to access organizational resources from any location. He discusses the potential risks of remote VPN access, the increasing reliance on personal devices, and transitioning to a cloud-first model. We’ll examine the impact of the shifting role of data centers on network strategies, the implementation of a zero-trust security framework, and how 5G networks might … More

The post Navigating cybersecurity in the age of remote work appeared first on Help Net Security.

"

Autosummary: In today’s hybrid world, your data is often sitting in public clouds like Azure and AWS, in SaaS applications, in data centers, factories, and on your endpoints. We’ll examine the impact of the shifting role of data centers on network strategies, the implementation of a zero-trust security framework, and how 5G networks might further decentralize workplaces How should CISOs manage the security concerns of employees working remotely and using personal devices to access organizational resources? This works well for employees, but if someone steals an employee’s VPN login credentials, they can get on the corporate network, move laterally to find high-value assets and launch a ransomware attack or exfiltrate data. "


Fighting ransomware: Perspectives from cybersecurity professionals

exploits ransomware ciber
2023-06-01 https://www.helpnetsecurity.com/2023/06/01/ransomware-experts-round-up-video/

Ransomware has become an ever-present threat to individuals, businesses, and even entire nations. In this Help Net Security round-up, we present parts of previously recorded videos from experts in the field that shed light on the pressing ransomware issues. Complete videos David Mahdi, Chief Strategy Officer & CISO Advisory at Sectigo, talks about how ransomware isn’t solely a malware problem, bad actors want access to your data, so it really is a data security and … More

The post Fighting ransomware: Perspectives from cybersecurity professionals appeared first on Help Net Security.

"

Autosummary: "


Secureworks strengthens industrial cybersecurity with two new offerings

industry ciber
2023-06-01 https://www.helpnetsecurity.com/2023/06/01/secureworks-taegis-managedxdr/

Secureworks has launched two new offerings to unify the way industrial organizations prevent, detect, and respond to threats across the OT and IT landscapes. The convergence of OT and IT in the industrial sector brings technological and economic benefits, but also increases risk. The more OT systems are digitally connected, the larger the overall attack surface becomes, making OT an increasingly attractive target for threat actors. This, combined with a global cybersecurity talent shortage numbering … More

The post Secureworks strengthens industrial cybersecurity with two new offerings appeared first on Help Net Security.

"

Autosummary: The solution includes: 24×7 threat monitoring with unlimited access to security experts in 90 seconds or less, collaborative design of OT and IT response processes, customizable rules and playbooks, quarterly expert security reviews, monthly threat hunting, onboarding support, and access to proactive services (including incident response planning and adversarial testing).Their risks include unplanned shutdowns, financial losses, and harm to human populations that rely on critical services,” said Kyle Falkenhagen, CPO, Secureworks. "


US hospital forced to divert ambulances after cyberattack

ciber
2023-06-01 https://www.malwarebytes.com/blog/news/2023/06/us-hospital-forced-to-divert-ambulances-after-cyberattack

Categories: News

Categories: Ransomware

Tags: Idaho

Tags: hospital

Tags: cyberattack

Tags: virus

Tags: ransomware

The Idaho Falls Community Hospital fell victim to a cyberattack on Monday and had to divert ambulances to nearby hospitals and close some of its clinics.

(Read more...)

The post US hospital forced to divert ambulances after cyberattack appeared first on Malwarebytes Labs.

"

Autosummary: Once you"ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files. While the exact nature of the cyberattack is unknown at this point and the hospital calls it a “virus”, it is more likely that it is dealing with a ransomware attack. "


Managing mental health in cybersecurity

ciber
2023-05-31 https://www.helpnetsecurity.com/2023/05/31/managing-mental-health-in-cybersecurity-video/

In this Help Net Security video, Jason Lewkowicz, Chief Services Officer at Optiv, discusses mental health in cybersecurity, which needs more attention. There is a confluence of factors – from the cybersecurity talent shortage and reductions in force to volatile financial markets and stagnant budgets – forcing cybersecurity professionals at all levels to work beyond their standard capacity on any given day, leading to emotional stress and burnout. Add a cyber incident to the mix, … More

The post Managing mental health in cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Organizations are placing OT cybersecurity responsibility on CISOs

ciber
2023-05-31 https://www.helpnetsecurity.com/2023/05/31/ot-cybersecurity-responsibility/

Protecting operational technology (OT) systems is now more critical than ever as more organizations connect their OT environments to the internet, according to Fortinet. Although IT/OT convergence has many benefits, it is being hampered and handicapped by advanced and destructive cyberthreats. The spillover of these attacks is increasingly targeted at OT environments. “Fortinet’s report shows that while OT organizations have improved their overall cybersecurity posture, they also have continued opportunity for improvement. Networking and IT … More

The post Organizations are placing OT cybersecurity responsibility on CISOs appeared first on Help Net Security.

"

Autosummary: Intrusions from malware (56%) and phishing (49%) were once again the most common type of incidents reported, and nearly one-third of respondents reported being victims of a ransomware attack in the last year (32%, unchanged from 2022). In 2023, the number of respondents who consider their organization’s OT security posture as “highly mature” fell to 13% from 21% the year before, suggesting growing awareness among OT professionals and more effective tools for self-assessing their organizations’ cybersecurity capabilities. "


ConnectSecure enhances its cybersecurity platform with deep attack surface scanning and EPSS

ciber
2023-05-31 https://www.helpnetsecurity.com/2023/05/31/connectsecure-cybersecurity-platform/

ConnectSecure is adding deep attack surface scanning and the Exploit Prediction Scoring System (EPSS) to its cybersecurity platform for managed service providers (MSPs) that protect small and midsize businesses. The new capabilities will be fully integrated into the ConnectSecure platform, giving MSPs complete visibility into network, device, and application weaknesses that can be exploited by bad actors. While ConnectSecure regularly enhances its cybersecurity platform in response to its MSP partner community feedback, attack surface scanning … More

The post ConnectSecure enhances its cybersecurity platform with deep attack surface scanning and EPSS appeared first on Help Net Security.

"

Autosummary: Specifically, ConnectSecure’s attack surface scanner will scan and identify: Open ports Targeted IP addresses Compromised emails Weak or compromised usernames Suspicious subdomains EPSS provides a dynamic, real-time score that rates software vulnerabilities based on real-world activity to determine the probability they will be exploited. "


Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining

ciber
2023-05-31 https://thehackernews.com/2023/05/cybercriminals-targeting-apache-nifi.html
A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center (ISC), which detected a spike in HTTP requests for “/nifi” on May 19, 2023. “Persistence is achieved via timed processors or entries to cron,” said Dr. "

Autosummary: " A honeypot setup allowed the ISC to determine that the initial foothold is weaponized to drop a shell script that removes the "/var/log/syslog" file, disables the firewall, and terminates competing crypto-mining tools, before downloading and launching the Kinsing malware from a remote server. "


CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security

ciber
2023-05-30 https://thehackernews.com/2023/05/captcha-breaking-services-with-human.html
Cybersecurity researchers are warning about CAPTCHA-breaking services that are being offered for sale to bypass systems designed to distinguish legitimate users from bot traffic. "Because cybercriminals are keen on breaking CAPTCHAs accurately, several services that are primarily geared toward this market demand have been created," Trend Micro said in a report published last week. "These "

Autosummary: "CAPTCHAs are common tools used to prevent spam and bot abuse, but the increasing use of CAPTCHA-breaking services has made CAPTCHAs less effective," Costoya said. "


Company size doesn’t matter when it comes to cyberattacks

ciber
2023-05-29 https://www.helpnetsecurity.com/2023/05/29/larger-organizations-cyberattacks/

65% of organizations in the enterprise sector suffered a cyberattack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to Netwrix. Larger organizations are a more frequent target for cyberattacks The most common security incidents are also the same: phishing, ransomware and user account compromise. However, larger organizations are a more frequent target for ransomware or other malware attacks: 48% of enterprises experienced this type of … More

The post Company size doesn’t matter when it comes to cyberattacks appeared first on Help Net Security.

"

Autosummary: "


AceCryptor: Cybercriminals" Powerful Weapon, Detected in 240K+ Attacks

ciber
2023-05-29 https://thehackernews.com/2023/05/acecryptor-cybercriminals-powerful.html
A crypter (alternatively spelled cryptor) malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016. Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per month. Some of the prominent malware families contained within AceCryptor are SmokeLoader, RedLine "

Autosummary: The countries with the most detections include Peru, Egypt, Thailand, Indonesia, Turkey, Brazil, Mexico, South Africa, Poland, and India. "


Cybercriminals masquerading as MFA vendors

ciber
2023-05-26 https://www.helpnetsecurity.com/2023/05/26/emerging-email-based-threats/

Cybercriminals are increasingly posing as multi-factor authentication vendors and small businesses are becoming more popular targets, according to VIPRE. Attachment-based malspam is on the rise Financial institutions (48%) are still the most targeted sector by a wide margin. Insider attacks now take on average 85 days to contain – up from 77 days the previous year. The most common phishing links are compromised websites (52%), newly registered domains (39%), and subdomain cybersquatting (9%). The report … More

The post Cybercriminals masquerading as MFA vendors appeared first on Help Net Security.

"

Autosummary: Emerging email-based threats To combat emerging email-based threats, VIPRE’s report highlights four recommendations that will enable businesses and their employees to fortify themselves against opportunistic email attacks: Cybercriminals are posing as MFA vendors. "


BlackByte ransomware claims City of Augusta cyberattack

exploits government ransomware ciber
2023-05-26 https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-claims-city-of-augusta-cyberattack/
The city of Augusta in Georgia, U.S., has confirmed that the most recent IT system outage was caused by unauthorized access to its network. [...] "

Autosummary: The leaked documents seen by BleepingComputer contain payroll information, contact details, personally identifiable information (PII), physical addresses, contracts, city budget allocation data, and other types of details. "


The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals

ciber
2023-05-25 https://www.helpnetsecurity.com/2023/05/25/cisa-cybersecurity-performance-goals/

The widespread adoption of remote and hybrid working practices in recent years has brought numerous benefits to various industries, but has also introduced new cyber threats, particularly in the critical infrastructure sector. These threats extend not only to IT networks but also to operational technology (OT) and cyber-physical systems, which can directly influence crucial physical processes. In response to these risks, the US government reinforced critical infrastructure security by introducing Cross-Sector Cybersecurity Performance Goals (CPGs) … More

The post The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals appeared first on Help Net Security.

"

Autosummary: CPG 1.0 Identify: Scoping out the vulnerabilities in the OT environment CISA’s first CPG is “Identify”, which includes identifying the vulnerabilities in the IT and OT assets inventory, establishing supply chain incident reporting and vulnerability disclosure program, validating the effectiveness of third-party security controls across your IT and OT networks, establishing OT security leadership, and mitigating known vulnerabilities. Addressing all these aspects of account security can be a chore for most organizations, but they can turn to unified secure remote access (SRA) solutions that can extend multiple account-level security controls to OT remote users via enforcement of multi-factor authentication (MFA), least privilege policies, and role-based access. "


Realistic simulations are transforming cybersecurity training

ciber
2023-05-25 https://www.helpnetsecurity.com/2023/05/25/cybersecurity-training-programs-simulations/

To achieve a diverse and well-trained cybersecurity workforce, organizations recognize the value of a quality training program supported by the pursuit of cybersecurity certifications, according to Security Innovation and Ponemon Institute. The report revealed a growing embrace of realistic simulations in training programs, with respondents ranking this feature as highly effective and delivering the greatest ROI compared with other cybersecurity training program components. Positive shifts in cybersecurity training programs The report found positive shifts in … More

The post Realistic simulations are transforming cybersecurity training appeared first on Help Net Security.

"

Autosummary: Many companies have implemented accountability measures by making training requirements mandatory – 45% of companies do not allow learners to waive cybersecurity training requirements compared with only 20% in 2020 – while 53% now report results to C-level executives in their organization, up from 31% in 2020. "


Navigating the quantum leap in cybersecurity

ciber
2023-05-24 https://www.helpnetsecurity.com/2023/05/24/atsushi-yamada-isara-pqc-quantum-leap-cybersecurity/

In this Help Net Security interview, we sit down with Dr. Atsushi Yamada, the newly appointed CEO of ISARA, a security solutions company specializing in creating quantum-safe cryptography. With over two decades of experience in cryptography and cybersecurity, Dr. Yamada discusses his vision for ISARA and shares his insights on the critical role of post-quantum computing (PQC) in fortifying our digital landscape. Dr. Yamada, you’ve been with ISARA since 2015 and have been appointed CEO. … More

The post Navigating the quantum leap in cybersecurity appeared first on Help Net Security.

"

Autosummary: Our world-class software development kit and PKI solutions, supported by our highly experienced team of engineers and quantum experts, also allow organizations to do proof-of-concept testing of post-quantum cryptographic algorithms, to see how quantum-safe algorithms fit into their systems. The Quantum Computing Cybersecurity Preparedness Act requires federal agencies to maintain an inventory of the cryptographic assets they have in use, assess their quantum vulnerabilities, perform proof-of-concept testing of post-quantum cryptographic algorithms, and then prioritize the migration of those assets. ISARA has been a leader in the cryptographic space since the beginning, and we plan to keep doing so by evolving our product and service offerings, working in collaboration with partners, keeping our focus, and executing on our strategic vision. "


IT employee piggybacked on cyberattack for personal gain

ciber
2023-05-24 https://www.helpnetsecurity.com/2023/05/24/it-employee-blackmailing-company/

A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorized access to a computer with intent to commit other offences, after pleading guilty during a hearing at Reading Crown Court, England. IT employee blackmailing his own company The man was employed as an IT Security Analyst when, on February 27, 2018, the company suffered a cyber security incident that resulted in the attacker gaining unauthorized access to … More

The post IT employee piggybacked on cyberattack for personal gain appeared first on Help Net Security.

"

Autosummary: IT employee blackmailing his own company The man was employed as an IT Security Analyst when, on February 27, 2018, the company suffered a cyber security incident that resulted in the attacker gaining unauthorized access to part of the company’s computer systems. "


Honeywell launches Cyber Insights to identify cybersecurity threats in OT environments

ciber
2023-05-24 https://www.helpnetsecurity.com/2023/05/24/honeywell-cyber-insights/

Honeywell released its operational technology (OT) cybersecurity solution, Honeywell Forge Cybersecurity+ | Cyber Insights, to assist customers in improving the availability, reliability and safety of their industrial control systems and operations. Cyber Insights is designed to integrate information from multiple OT data sources in order to provide a customer with actionable insights into their facility’s cybersecurity vulnerabilities and threats, allowing the customer to manage their compliance strategy, thereby helping reduce their overall cybersecurity risks. Companies … More

The post Honeywell launches Cyber Insights to identify cybersecurity threats in OT environments appeared first on Help Net Security.

"

Autosummary: "


Appdome’s Build-to-Test streamlines mobile app cybersecurity testing

ciber
2023-05-24 https://www.helpnetsecurity.com/2023/05/24/appdome-build-to-test/

Appdome has released Build-to-Test which enables mobile developers to streamline the testing of cybersecurity features in mobile apps. The new capability allows Appdome-protected mobile apps to recognize when automated mobile app testing suites are in use and securely completed without interruption by a vendor, logging all security events for the developer to track and monitor. In continuous integration, continuous delivery (CI/CD) pipelines, mobile app quality assurance is done via automated testing services so the functionality … More

The post Appdome’s Build-to-Test streamlines mobile app cybersecurity testing appeared first on Help Net Security.

"

Autosummary: "


China Bans U.S. Chip Giant Micron, Citing "Serious Cybersecurity Problems"

ciber
2023-05-23 https://thehackernews.com/2023/05/china-bans-us-chip-giant-micron-citing.html
China has banned U.S. chip maker Micron from selling its products to Chinese companies working on key infrastructure projects, citing national security risks. The development comes nearly two months after the country"s cybersecurity authority initiated a probe in late March 2023 to assess potential network security risks. "The purpose of this network security review of Micron"s products is to "

Autosummary: "


Cuba ransomware claims cyberattack on Philadelphia Inquirer

exploits ransomware ciber
2023-05-23 https://www.bleepingcomputer.com/news/security/cuba-ransomware-claims-cyberattack-on-philadelphia-inquirer/
The Cuba ransomware gang has claimed responsibility for this month"s cyberattack on The Philadelphia Inquirer, which temporarily disrupted the newspaper"s distribution and disrupted some business operations. [...] "

Autosummary: The stolen data, now publicly released on Cuba"s extortion portal, includes financial documents, correspondence with bank employees, account movements, balance sheets, tax documents, compensation, and source code. "


Conceal and White Rock Cybersecurity partner to isolate browsing sessions

ciber
2023-05-23 https://www.helpnetsecurity.com/2023/05/23/conceal-white-rock-cybersecurity/

Conceal has announced a new strategic partnership with White Rock Cybersecurity. “White Rock Cybersecurity is committed to delivering innovative, scalable, and manageable solutions in information technology,” said James Range, CEO of White Rock Cybersecurity. “With the inclusion of Conceal’s Zero Trust isolation technology in our offerings, we are significantly boosting the defense capabilities of our customers against both existing and emerging cyber threats at the edge,” Range added. ConcealBrowse, Conceal’s flagship product, is a browser … More

The post Conceal and White Rock Cybersecurity partner to isolate browsing sessions appeared first on Help Net Security.

"

Autosummary: "


Delinea Cloud Suite updates reduce the risk of lateral movement in cybersecurity breaches

ciber
2023-05-23 https://www.helpnetsecurity.com/2023/05/23/delinea-cloud-suite-updates/

Delinea announced the latest version of Cloud Suite, part of its Server PAM solution, which provides privileged access to and authorization for servers. Delinea Cloud Suite updates include more granular support for just-in-time (JIT) and just-enough privilege access automation, and improved identity assurance through enforced human interaction when prompted for multi-factor authentication (MFA) at server log-in or privilege elevation. A 30-day study conducted by VMware revealed that almost 45% of intrusions also included a lateral … More

The post Delinea Cloud Suite updates reduce the risk of lateral movement in cybersecurity breaches appeared first on Help Net Security.

"

Autosummary: "


What flying a plane can teach you about cybersecurity

ciber
2023-05-22 https://www.helpnetsecurity.com/2023/05/22/what-flying-a-plane-can-teach-you-about-cybersecurity/

Before taking on the role as GM of IAI’s cyber division, Esti Peshin was a member of Israel’s parliament, wielding both legislation and regulation to strengthen the country’s renowned high-tech ecosystem. Despite her commitments, Esti shared with the Left to Our Own Devices podcast how she finds time to pilot aircraft as a source of inspiration. Where cyber security and aviation are headed Laying out the terrain of the aviation landscape “The commercial aviation ecosystem … More

The post What flying a plane can teach you about cybersecurity appeared first on Help Net Security.

"

Autosummary: Capacity buildup – Training, awareness, ensuring that the people involved, who are usually the weakest link, are aware of cyber best practices. Cyber attacks against airlines and airports are already becoming commonplace, causing disruption to the commercial aviation ecosystem and creating huge delays in flying, severe economic consequences, and negative media coverage.Now, some of us speak about AGI, artificial general intelligence, mimicking the activities or the behaviors of human beings, but AGI is not quite there in terms of technology. "


Indonesian Cybercriminals Exploit AWS for Profitable Crypto Mining Operations

exploits ciber
2023-05-22 https://thehackernews.com/2023/05/indonesian-cybercriminals-exploit-aws.html
A financially motivated threat actor of Indonesian origin has been observed leveraging Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances to carry out illicit crypto mining operations. Cloud security company"s Permiso P0 Labs, which first detected the group in November 2021, has assigned it the moniker GUI-vil (pronounced Goo-ee-vil). "The group displays a preference for Graphical "

Autosummary: "The group displays a preference for Graphical User Interface (GUI) tools, specifically S3 Browser (version 9.5.5) for their initial operations," the company said in a report shared with The Hacker News. "


ChatGPT: Cybersecurity friend or foe?

ciber
2023-05-22 https://www.malwarebytes.com/blog/business/2023/05/chatgpt-cybersecurity-friend-or-foe

Categories: Business

There are a lot of benefits to ChatGPT, but many in the security community have concerns about it. Malwarebytes" CEO Marcin Kleczynski takes a deep dive into the topic.

(Read more...)

The post ChatGPT: Cybersecurity friend or foe? appeared first on Malwarebytes Labs.

"

Autosummary: Unlike other chatbots, which are typically only able to produce canned replies on a few subjects, ChatGPT can mimic the style of celebrity CEOs, craft business pitches, compose music and song lyrics, answer test questions, simulate an entire chat room, write computer code, and much more.After further investigation, OpenAI discovered the vulnerability had exposed some user payment and personal data, including first and last names, email addresses, payment addresses, the last four digits of credit card numbers, and card expiration dates.According to the NIST AI Risk Management Framework published in January, an AI system can only be deemed trustworthy if it adheres to the following six criteria: Valid and reliable Safe Secure and resilient Accountable and transparent Explainable and interpretable Fair with harmful biases managed However, risks can emerge from socio-technical tensions and ambiguity related to how an AI program is used, its interactions with other systems, who operates it, and the context in which it is deployed. Both privacy and security concerns have prompted major banks, including Bank of America, JPMorgan Chase, Goldman Sachs, and Wells Fargo, to restrict or all-out ban ChatGPT and other generative AI models until they can be further vetted. Upon its launch in November 2022, tech enthusiasts quickly jumped at the shiny new disruptor, and for good reason: ChatGPT has the potential to democratize AI, personalize and simplify digital research, and assist in both creative problem-solving and tackling “busywork.” One of our researchers recently embarked on an experiment to get ChatGPT to write ransomware, and despite the chatbot’s initial protests that it couldn’t “engage in activities that violate ethical or legal standards, including those related to cybercrime or ransomware,” with a little coaxing, ChatGPT eventually complied. Because of its meteoric rise into public consciousness and rapid adoption, the generative AI chatbot has been the subject of continuing, complex conversations about its impact on the cybersecurity industry, threat landscape, and humanity as a whole. Assists engineers Malware analysts and reverse engineers could also benefit from ChatGPT’s assistance on traditionally challenging tasks, such as writing proof-of-concept code, comparing language- or platform-specific conventions, and analyzing malware samples.To bring disparate security efforts together, the AI community will need to adopt a similar modus operandi to traditional software, which benefits from an entire ecosystem of government, academia, and enterprise that has developed over more than 20 years.The AI tool’s phishing skills begin and end with writing emails because, again, it lacks the coding talent to produce other elements like credential harvesters, infected macros, or obfuscated code. "


New ZIP domains sparks debate among cybersecurity experts

ciber
2023-05-16 https://www.bleepingcomputer.com/news/security/new-zip-domains-sparks-debate-among-cybersecurity-experts/
Cybersecurity researchers and IT admins have raised concerns over Google"s new ZIP and MOV Internet domains, warning that threat actors could use them for phishing attacks and malware delivery. [...] "

Autosummary: domains that are associated with common ZIP archives, such as update.zip, financialstatement.zip, setup.zip, attachment.zip, officeupdate.zip, and backup.zip, to display information about the risks of ZIP domains, to RickRoll you, or to share harmless information. The new domains are .dad, .esq, .prof, .phd, .nexus, .foo, and for the topic of our article, the .zip and .mov domain TLDs. However, these domains could be perceived as risky as the TLDs are also extensions of files commonly shared in forum posts, messages, and online discussions, which will now be automatically converted into URLs by some online platforms or applications. "


New ZIP domains spark debate among cybersecurity experts

ciber
2023-05-16 https://www.bleepingcomputer.com/news/security/new-zip-domains-spark-debate-among-cybersecurity-experts/
Cybersecurity researchers and IT admins have raised concerns over Google"s new ZIP and MOV Internet domains, warning that threat actors could use them for phishing attacks and malware delivery. [...] "

Autosummary: domains that are associated with common ZIP archives, such as update.zip, financialstatement.zip, setup.zip, attachment.zip, officeupdate.zip, and backup.zip, to display information about the risks of ZIP domains, to RickRoll you, or to share harmless information. The new domains are .dad, .esq, .prof, .phd, .nexus, .foo, and for the topic of our article, the .zip and .mov domain TLDs. However, these domains could be perceived as risky as the TLDs are also extensions of files commonly shared in forum posts, messages, and online discussions, which will now be automatically converted into URLs by some online platforms or applications. "


Expel’s UK cybersecurity landscape report sheds light on the challenges facing organisations

ciber
2023-05-16 https://grahamcluley.com/feed-sponsor-expel/
Graham Cluley Security News is sponsored this week by the folks at Expel. Thanks to the great team there for their support! Expel wanted to find out what cybersecurity issues were most important to organisations in the United Kingdom, so it surveyed 500 IT decision-makers (ITDMs) to get a better sense for the state of … Continue reading "Expel’s UK cybersecurity landscape report sheds light on the challenges facing organisations" "

Autosummary: "


Lacroix Group shut down three facilities after a ‘targeted cyberattack’

ciber
2023-05-16 https://securityaffairs.com/146335/cyber-crime/lacroix-group-ransomware-attack.html

French electronics manufacturer Lacroix Group shut down three plants after a cyber attack, experts believe it was the victim of a ransomware attack. The French electronics manufacturer Lacroix Group shut down three facilities in France, Germany, and Tunisia in response to a cyber attack. The group designs and manufactures electronic equipment for its customers in […]

The post Lacroix Group shut down three facilities after a ‘targeted cyberattack’ appeared first on Security Affairs.

"

Autosummary: Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, ransomware) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "


Philadelphia Inquirer operations disrupted after cyberattack

ciber
2023-05-15 https://www.bleepingcomputer.com/news/security/philadelphia-inquirer-operations-disrupted-after-cyberattack/
The Philadelphia Inquirer daily newspaper is working on restoring systems impacted by what was described as a cyberattack that hit its network over the weekend. [...] "

Autosummary: News Corporation, a mass media and publishing giant that owns New York Post, The Wall Street Journal, Dow Jones, MarketWatch, Fox News, Barron"s, The Sun, and the News UK, also disclosed in February 2023 that Chinese-linked attackers had access to its network between February 2020 and January 2022. "


New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages

financial ciber
2023-05-13 https://thehackernews.com/2023/05/new-phishing-as-service-platform-lets.html
A new phishing-as-a-service (PhaaS or PaaS) platform named Greatness has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks. "Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates with an attachment and link builder that creates "

Autosummary: " Campaigns involving Greatness have mainly manufacturing, health care, and technology entities located in the U.S., the U.K., Australia, South Africa, and Canada, with a spike in activity detected in December 2022 and March 2023. "


Cybersecurity firm Dragos discloses cybersecurity incident, extortion attempt

ciber
2023-05-10 https://www.bleepingcomputer.com/news/security/cybersecurity-firm-dragos-discloses-cybersecurity-incident-extortion-attempt/
Industrial cybersecurity company Dragos today disclosed what it describes as a "cybersecurity event" after a known cybercrime gang attempted to breach its defenses and infiltrate the internal network to encrypt devices. [...] "

Autosummary: During the 16 hours they had access to the employee"s account, the threat actors failed to also access multiple Dragos systems—including its messaging, IT helpdesk, financial, request for proposal (RFP), employee recognition, and marketing systems—due to role-based access control (RBAC) rules. "


Food distribution giant Sysco warns of data breach after cyberattack

financial ciber
2023-05-09 https://www.bleepingcomputer.com/news/security/food-distribution-giant-sysco-warns-of-data-breach-after-cyberattack/
Sysco, a leading global food distribution company, has confirmed that its network was breached earlier this year by attackers who stole sensitive information, including business, customer, and employee data. [...] "

Autosummary: Error. "


Western Digital notifies customers of data breach after March cyberattack

financial ciber
2023-05-08 https://securityaffairs.com/145922/data-breach/western-digital-data-breach.html

Western Digital is notifying its customers of a data breach that exposed their sensitive personal information, the incident took place in March. In March 2022, Western Digital was hit by a ransomware attack and in response to the incident, it shut down several of its services. The company disclosed that an unauthorized party gained access […]

The post Western Digital notifies customers of data breach after March cyberattack appeared first on Security Affairs.

"

Autosummary: Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, ransomware) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On “Western Digital is currently experiencing a service outage impacting the following products: My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixpand Wireless Charger.” reads the status page of the company on April 2, 2023. "


Western Digital says hackers stole customer data in March cyberattack

ciber
2023-05-07 https://www.bleepingcomputer.com/news/security/western-digital-says-hackers-stole-customer-data-in-march-cyberattack/
Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack. [...] "

Autosummary: "


New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks

exploits ciber
2023-05-06 https://thehackernews.com/2023/05/new-vulnerability-in-popular-wordpress.html
Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites. The plugin, which is available both as a free and pro "

Autosummary: "This vulnerability allows any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by tricking a privileged user to visit the crafted URL path," Patchstack researcher Rafie Muhammad said. "


N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks

ciber
2023-05-05 https://thehackernews.com/2023/05/n-korean-kimsuky-hackers-using-new.html
The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. "[ReconShark] is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading to document downloads, and the execution of malicious macros," SentinelOne researchers Tom Hegel "

Autosummary: Active since at least 2012, the prolific threat actor has been linked to targeted attacks on non-governmental organizations (NGOs), think tanks, diplomatic agencies, military organizations, economic groups, and research entities across North America, Asia, and Europe. "


How AI is reshaping the cybersecurity landscape

ciber
2023-05-04 https://www.helpnetsecurity.com/2023/05/04/ai-cybersecurity-landscape-video/

The success of ChatGPT, a text-generation chatbot, has sparked widespread interest in generative AI among millions of people worldwide. According to Jumio’s research, 67% of consumers globally are aware of generative AI technologies, and in certain markets, such as Singapore, 45% have utilized an application that employs such technologies. In this Help Net Security video, Leonid Belkind, CTO at Torq, talks about how AI will impact the cybersecurity industry in the next few years. Are … More

The post How AI is reshaping the cybersecurity landscape appeared first on Help Net Security.

"

Autosummary: "


Why the Things You Don"t Know about the Dark Web May Be Your Biggest Cybersecurity Threat

ciber
2023-05-04 https://thehackernews.com/2023/05/why-things-you-dont-know-about-dark-web.html
IT and cybersecurity teams are so inundated with security notifications and alerts within their own systems, it’s difficult to monitor external malicious environments – which only makes them that much more threatening.  In March, a high-profile data breach hit national headlines when personally identifiable information connected to hundreds of lawmakers and staff was leaked on the dark web. The "

Autosummary: Meanwhile, as malicious software like "Info Stealer" gains more traction among cybercriminals, the dark web is still full of stories, tactics, and tips for using traditional cybercrime tools like ransomware, Trojan, Spyware, adware, and more. For example, in today"s world of hybrid and remote working environments, an organization"s security tools are not able to secure devices like laptops, phones and tablets used outside of a business" security boundaries. Why the dark web is a threat to your organization For cybersecurity and IT teams, one of the most threatening aspects of the dark web is that you simply don"t know what you don"t know. "


Keysight launches cybersecurity partnership program for MSSPs

ciber
2023-05-03 https://www.helpnetsecurity.com/2023/05/03/keysight-cybersecurity-partnership-program-mssps/

Keysight Technologies has launched a new cybersecurity partnership program for managed security service providers (MSSP) to improve the security posture of organizations using the breach and attack simulation (BAS) capabilities of Keysight Threat Simulator. Cyberattacks are on the rise and so is the cost of a data breach. IBM and the Ponemon Institute estimate that the cost of data breaches has reached an all-time high globally, averaging $4.35 million in 2022 per incident. With the … More

The post Keysight launches cybersecurity partnership program for MSSPs appeared first on Help Net Security.

"

Autosummary: "


FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

ciber
2023-05-02 https://securityaffairs.com/145668/cyber-crime/crypto-exchanges-seizure.html

A joint operation conducted by the FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminal groups for money laundering. The Cyber ​​Police Department together with the Main Investigative Department of the National Police, the Office of the Prosecutor General of Ukraine and in cooperation with the FBI conducted an international operation that seized […]

The post FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals appeared first on Security Affairs.

"

Autosummary: The crypto exchanges seized by law enforcement are: 24xbtc.com 100btc.pro pridechange.com 101crypta.com uxbtc.com trust-exchange.org bitcoin24.exchange paybtc.pro owl.gold Law enforcement published the following seizure banner on the seized services: “Domain names offered by organizations which were engaged in cryptocurrency conversions and provided assistance to cyber-criminals were seized, and related servers were shut down. "


Cybercriminals use proxies to legitimize fraudulent requests

ciber
2023-05-01 https://www.helpnetsecurity.com/2023/05/01/malicious-bot-attacks/

Bot attacks were previously seen as relatively inconsequential type of online fraud, and that mentality has persisted even as threat actors have gained the ability to cause significant damage to revenue and brand reputation, according to HUMAN. Bad bot traffic Bad bot traffic overall increased even as people spent less time online. Legitimate human traffic dropped 28% YoY, but bad bot traffic increased 102% YoY — meaning that the percentage of bad bots out of … More

The post Cybercriminals use proxies to legitimize fraudulent requests appeared first on Help Net Security.

"

Autosummary: Carding attacks rose 134% YoY, account takeover attacks rose 108% YoY, and scraping rose 107% YoY. Certain industries experienced more bot attacks than others. "


Hackers leak images to taunt Western Digital"s cyberattack response

ciber
2023-05-01 https://www.bleepingcomputer.com/news/security/hackers-leak-images-to-taunt-western-digitals-cyberattack-response/
The ALPHV ransomware operation, aka BlackCat, has published screenshots of internal emails and video conferences stolen from Western Digital, indicating they likely had continued access to the company"s systems even as the company responded to the breach. [...] "

Autosummary: In response, the company shut down its cloud services for two weeks, including My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi, and SanDisk Ixpand Wireless Charger, together with linked mobile, desktop, and web apps. "


German IT provider Bitmarck hit by cyberattack

ciber
2023-05-01 https://securityaffairs.com/145568/hacking/bitmarck-cyberattack.html

Bitmarck, one of the largest IT service providers for social insurance carriers in Germany, announced yesterday that it has suffered a cyber attack. The German IT service provider Bitmarck announced on April 30 it had taken all its systems offline due to a cyberattack. The incident impacted statutory health insurance companies that have their IT operated […]

The post German IT provider Bitmarck hit by cyberattack appeared first on Security Affairs.

"

Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Bitmarck) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "


Cybersecurity leaders introduced open-source information sharing to help OT community

ciber
2023-04-26 https://www.helpnetsecurity.com/2023/04/26/ethos-open-source-platform/

A group of OT cybersecurity leaders and critical infrastructure defenders introduced their plans for ETHOS (Emerging THreat Open Sharing), an open-source, vendor-agnostic technology platform for sharing anonymous early warning threat information across industries with peers and governments. Founding ETHOS community members include 1898 & Co., ABS Group, Claroty, Dragos, Forescout, NetRise, Network Perception, Nozomi Networks, Schneider Electric, Tenable, and Waterfall Security Solutions. ETHOS will give critical industries a vendor-neutral option for information sharing to combat … More

The post Cybersecurity leaders introduced open-source information sharing to help OT community appeared first on Help Net Security.

"

Autosummary: Founding ETHOS community members include 1898 & Co., ABS Group, Claroty, Dragos, Forescout, NetRise, Network Perception, Nozomi Networks, Schneider Electric, Tenable, and Waterfall Security Solutions.To remain highly vigilant against potential attacks and adversaries, ETHOS provides collective defense through vendor-agnostic information-sharing from both public and private sources that enables improved metrics like time-to-detection and time-to-respond,” said Matt Morris, Managing Director for Security & Risk Consulting at 1898 & Co. “ETHOS is answering the call to protect the nation’s critical infrastructure by tearing down barriers and closing the gap on how we can rapidly respond to new and emerging threats impacting the safety and security of industrial operations. "


Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks

ciber
2023-04-26 https://thehackernews.com/2023/04/chinese-hackers-using-pingpull-linux.html
The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That"s according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal. Alloy Taurus is the constellation-themed moniker assigned to a "

Autosummary: The Linux flavor of the malware boasts of similar functionalities as its Windows counterpart, allowing it to carry out file operations and run arbitrary commands by transmitting from the C2 server a single upper case character between A and K, and M. "Upon execution, this sample is configured to communicate with the domain yrhsywu2009.zapto[.]org over port 8443 for C2," Unit 42 said. "


SentinelOne unveils cybersecurity AI platform

ciber
2023-04-25 https://www.helpnetsecurity.com/2023/04/25/sentinelone-ai-platform/

Cybercriminals around the world are using generative artificial intelligence (AI) to execute malicious attacks that can take down companies and governments. SentinelOne plans to use the same technologies to defeat them. The company has unveiled a threat-hunting platform that integrates multiple layers of AI technology to deliver security capabilities and real-time, autonomous response to attacks across the entire enterprise. The news was announced during RSA Conference 2023, the premier cybersecurity event being held at the … More

The post SentinelOne unveils cybersecurity AI platform appeared first on Help Net Security.

"

Autosummary: An intelligent, action-oriented approach Built on the security data lake, the SentinelOne threat-hunting platform aggregates and correlates information from device and log telemetry across endpoint, cloud, network and user data, and not only delivers insights, but recommends response actions that can be immediately executed – from mitigation and investigation to endpoint, cloud and user management. "


Accenture and Google Cloud expand collaboration to accelerate cybersecurity resilience

ciber
2023-04-25 https://www.helpnetsecurity.com/2023/04/26/accenture-google-cloud-partnership/

Accenture and Google Cloud announced an expansion of their global partnership to help businesses better protect critical assets and strengthen security against persistent cyber threats. Together, they are providing the technology, trusted infrastructure, and security expertise organizations need to build resilient security programs and maintain confidence in their readiness. The two companies have partnered since 2018 to help the world’s largest organizations fundamentally improve their businesses by harnessing Google Cloud’s leading technology in data analytics, … More

The post Accenture and Google Cloud expand collaboration to accelerate cybersecurity resilience appeared first on Help Net Security.

"

Autosummary: Security-specific generative AI from Google Cloud : Accenture will be the first company to utilize the Google Cloud Security AI Workbench, an industry-first extensible platform powered by a specialized, security large language model (LLM), Sec-PaLM, that leverages Google’s visibility into the threat landscape and Mandiant’s frontline intelligence on vulnerabilities, malware, threat indicators, and more. : Accenture will be the first company to utilize the Google Cloud Security AI Workbench, an industry-first extensible platform powered by a specialized, security large language model (LLM), Sec-PaLM, that leverages Google’s visibility into the threat landscape and Mandiant’s frontline intelligence on vulnerabilities, malware, threat indicators, and more. "


Resecurity to showcase innovative cybersecurity solutions at RSA Conference 2023

ciber
2023-04-24 https://www.helpnetsecurity.com/2023/04/24/resecurity-solutions-rsa-conference-2023/

Resecurity is excited to announce its participation at RSA Conference 2023, the cybersecurity event that brings together industry leaders and professionals to share knowledge and insights on the latest trends, threats, and solutions. The event will take place from April 24-27, 2023, at the Moscone Center in San Francisco, California. This year’s theme “Stronger Together” resonates with Resecurity’s mission to provide cybersecurity solutions that empower organizations to detect, prevent, and respond to sophisticated cyber threats. … More

The post Resecurity to showcase innovative cybersecurity solutions at RSA Conference 2023 appeared first on Help Net Security.

"

Autosummary: "


National Cybersecurity Alliance launches HBCU Scholarship Program

ciber
2023-04-24 https://www.helpnetsecurity.com/2023/04/25/national-cybersecurity-alliance-hbcu-scholarship-program/

The National Cybersecurity Alliance (NCA) launched their Historically Black Colleges and Universities Scholarship Program. Established in partnership with One In Tech, an ISACA Foundation, the initiative will provide support to individuals who are currently underrepresented in the industry by ensuring equitable access and advancements within the cybersecurity and tech careers. The new program will build off of NCA’s recently launched HBCU Career Program “See Yourself In Cyber” that aims to equip students with the necessary … More

The post National Cybersecurity Alliance launches HBCU Scholarship Program appeared first on Help Net Security.

"

Autosummary: "


Week in review: 5 free online cybersecurity resources for SMBs, AI tools might fuel BEC attacks

ciber
2023-04-23 https://www.helpnetsecurity.com/2023/04/23/week-in-review-5-free-online-cybersecurity-resources-for-smbs-ai-tools-might-fuel-bec-attacks/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Balancing cybersecurity with business priorities: Advice for Boards In this Help Net Security interview, Alicja Cade, Director, Financial Services, Office of the CISO, Google Cloud, offers insights on how asking the right questions can help improve cyber performance and readiness, advance responsible AI practices, and balance the need for cybersecurity with other business priorities. Wargaming an effective data breach playbook … More

The post Week in review: 5 free online cybersecurity resources for SMBs, AI tools might fuel BEC attacks appeared first on Help Net Security.

"

Autosummary: New infosec products of the week: April 21, 2023 Here’s a look at the most interesting products from the past week, featuring releases from Armorblox, Cofense, D3 Security, Sotero, Venafi, Veracode, Versa Networks, and Zyxel Networks. "


Onapsis updates its platform to strenghten ERP cybersecurity

ciber
2023-04-22 https://www.helpnetsecurity.com/2023/04/22/onapsis-platform-update/

Onapsis has unveiled a series of new product updates for the Onapsis Platform. Enriched with the threat intelligence, the Onapsis Platform further simplifies business application security for CISOs and CIOs alike with a new Security Advisor, new updates to its Comply product line, and critical enhancements that streamline code security from application development to production. “As the only cybersecurity and compliance solution endorsed by SAP, Onapsis is proud to lead the charge in helping organizations … More

The post Onapsis updates its platform to strenghten ERP cybersecurity appeared first on Help Net Security.

"

Autosummary: The Security Advisor leverages the accumulated “best security practices” to: Identify gaps in visibility and areas for improvement Highlight areas of unaddressed risk Track effectiveness of response over time Benchmark an organization against others and chart progress Provide personalized guidance and insights based on a client’s unique landscape Help security and business leaders better communicate security progress to their leadership and the board. "


How companies are struggling to build and run effective cybersecurity programs

ciber
2023-04-20 https://www.helpnetsecurity.com/2023/04/20/build-run-effective-cybersecurity-programs-video/

A recent Code42 report reveals a rapidly growing number of inside risk incidents and a concerning lack of training and technology, further exacerbated by increasing workforce turnover and cloud adoption. In this Help Net Security video, Joe Payne, President at CEO at Code42, discusses how data loss from insiders is not a new problem but has become more complex.

The post How companies are struggling to build and run effective cybersecurity programs appeared first on Help Net Security.

"

Autosummary: "


Outdated cybersecurity practices leave door open for criminals

ciber
2023-04-20 https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/

Organizations experienced a significant increase in ransomware – from an average of four attacks over five years in 2021 versus four attacks over the course of one year in 2022, according to ExtraHop. Of those who fell victim, 83% admitted to paying the ransom at least once. As organizations increasingly find themselves under attack, the data discovered they are drowning in cybersecurity debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and … More

The post Outdated cybersecurity practices leave door open for criminals appeared first on Help Net Security.

"

Autosummary: "


Capita confirms hackers stole data in recent cyberattack

ciber
2023-04-20 https://www.bleepingcomputer.com/news/security/capita-confirms-hackers-stole-data-in-recent-cyberattack/
London-based professional outsourcing giant Capita has published an update on the cyber-incident that impacted it at the start of the month, now admitting that hackers exfiltrated data from its systems. [...] "

Autosummary: According to the latest update, the initial unauthorized access to Capita"s systems occurred on March 22, 2023, and remained uninterrupted until the firm realized the breach on March 31, 2022. "


Daggerfly Cyberattack Campaign Hits African Telecom Services Providers

ciber
2023-04-20 https://thehackernews.com/2023/04/daggerfly-cyberattack-campaign-hits.html
Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The intrusions have been pinned on a hacking crew tracked by Symantec as Daggerfly, and which is also tracked by the broader cybersecurity community as Bronze Highland and Evasive Panda. The campaign makes use of "previously unseen plugins from "

Autosummary: The threat actor subsequently moves to set up persistence on the victim system by creating a local account and deploys the MgBot modular framework, which comes with a wide range of plugins to harvest browser data, log keystrokes, capture screenshots, record audio, and enumerate the Active Directory service. "


5 free online cybersecurity resources for small businesses

ciber
2023-04-19 https://www.helpnetsecurity.com/2023/04/19/small-business-free-cybersecurity/

As cyberattacks increase in frequency and sophistication, small and medium-sized businesses (SMBs) become more vulnerable to cyber threats. Unlike larger enterprises, SMBs often lack the financial and technical resources to secure their networks and data against malicious actors effectively. With limited budgets and IT staff, many small companies are forced to make difficult decisions about where to allocate their resources. Fortunately, several free online cybersecurity resources can help small businesses protect themselves from cyber attacks. … More

The post 5 free online cybersecurity resources for small businesses appeared first on Help Net Security.

"

Autosummary: Cyber Readiness Program The Cyber Readiness Program is a free resource that helps small and medium-sized enterprises become cyber-ready, improving their resilience to cyber threats. "


Tight budgets and burnout push enterprises to outsource cybersecurity

ciber
2023-04-19 https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/

With cybersecurity teams struggling to manage the remediation process and monitor for vulnerabilities, organizations are at a higher risk for security breaches, according to Cobalt. As enterprises prioritize efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps. The report identifies how macroeconomic shifts are affecting organizations’ security standards across the U.S. and EMEA, revealing how security teams can extract more value from their … More

The post Tight budgets and burnout push enterprises to outsource cybersecurity appeared first on Help Net Security.

"

Autosummary: Other vulnerabilities spanned across Cross-Site Scripting (12%), Sensitive Data Exposure (10%), Broken Access Control (10%) and Authentication & Sessions (9%). "


Balancing cybersecurity with business priorities: Advice for Boards

ciber
2023-04-18 https://www.helpnetsecurity.com/2023/04/18/alicja-cade-google-cybersecurity-business-priorities/

In today’s rapidly evolving technological landscape, it’s more important than ever for Boards and executives to stay informed about the latest advancements and potential risks in technology and digital capability. In this Help Net Security interview, Alicja Cade, Director, Financial Services, Office of the CISO, Google Cloud, offers insights on how asking the right questions can help improve cyber performance and readiness, advance responsible AI practices, and balance the need for cybersecurity with other business … More

The post Balancing cybersecurity with business priorities: Advice for Boards appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Alicja Cade, Director, Financial Services, Office of the CISO, Google Cloud, offers insights on how asking the right questions can help improve cyber performance and readiness, advance responsible AI practices, and balance the need for cybersecurity with other business priorities. To maximize the benefits of AI technologies and minimize risks, we recommend that Boards work with the CISO to take a three-pronged approach to secure, scale, and evolve – deploy secure AI systems, leverage the power of AI to achieve better cybersecurity outcomes at scale, and stay informed on developments in this space to anticipate threats. To better balance the scale, Boards must encourage deeper collaboration between the C-Suite – especially the Chief Information Security Officer, Chief Information Officer, Chief Technology Officer, and Chief Compliance Officer as well as business leaders – to build better security into all products and services versus security being an add-on. "


KOTRA and KISIA will showcase 10 Korean cybersecurity companies at RSA Conference 2023

ciber
2023-04-18 https://www.helpnetsecurity.com/2023/04/18/korean-cybersecurity-companies-rsa-conference/

Korea Trade-Investment Promotion Agency (KOTRA) will host 10 Korean cybersecurity companies as Korea Pavilion with Korea Information Security Industry Association (KISIA) at RSA Conference 2023. KOTRA and KISIA will feature companies from across a range of fields including network security, cloud security, identity and access management and more. Additionally, KOTRA and KISIA will hold a networking event with including Korean cybersecurity companies, local investors, and invited Korea Pavilion attendees from RSAC 2023 on the last … More

The post KOTRA and KISIA will showcase 10 Korean cybersecurity companies at RSA Conference 2023 appeared first on Help Net Security.

"

Autosummary: "


Microsoft: Iranian hackers behind retaliatory cyberattacks on US orgs

ciber
2023-04-18 https://www.bleepingcomputer.com/news/security/microsoft-iranian-hackers-behind-retaliatory-cyberattacks-on-us-orgs/
Microsoft has discovered that an Iranian hacking group known as "Mint Sandstorm" is conducting cyberattacks on US critical infrastructure in what is believed to be retaliation for recent attacks on Iran"s infrastructure. [...] "

Autosummary: " Microsoft recommends using attack surface reduction rules to block executables that do not meet specific criteria: Block executable files from running unless they meet a prevalence, age, or trusted list criterion Block Office applications from creating executable content Block process creations originating from PSExec and WMI commands As the threat actors heavily rely on vulnerabilities for initial access to corporate networks, Microsoft recommends that organizations apply security updates as soon as possible. "


Russia accuses NATO of launching 5,000 cyberattacks since 2022

ciber
2023-04-14 https://www.bleepingcomputer.com/news/security/russia-accuses-nato-of-launching-5-000-cyberattacks-since-2022/
The Federal Security Service of the Russian Federation (FSB) has accused the United States and other NATO countries of launching over 5,000 cyberattacks against critical infrastructure in the country since the beginning of 2022. [...] "

Autosummary: " The FSB claims that despite many of the attacks being presented as activities by the "IT Army of Ukraine," it was able to discern the involvement of pro-west hacker groups such as "Anonymous," "Sailens," "Goast clan," "Ji-En-Ji," "SquadZOZ," and others. "


Safety first: 5 cybersecurity tips for freelance bloggers

ciber
2023-04-14 https://www.welivesecurity.com/2023/04/14/safety-first-5-cybersecurity-tips-bloggers/

The much-dreaded writer’s block isn’t the only threat that may derail your progress. Are you doing enough to keep your blog (and your livelihood) safe from online dangers?

The post Safety first: 5 cybersecurity tips for freelance bloggers appeared first on WeLiveSecurity

"

Autosummary: Keep your CMS and plugins updated When Ghost, Drupal, WordPress, Joomla, or another CMS tells you of the availability of a new version, act on it. 1. Use secure login credentials Surprisingly, password security in today’s age is still lax, as people even now tend to use the same weak passwords that can be hacked in mere seconds; therefore, a healthy attitude toward passwords is a must.Said data might include emails for your newsletter, credit card numbers for purchases (or subscriptions, Patreon, etc.), and passwords. "


A cyberattack on the Cornwall Community Hospital in Ontario is causing treatment delays

financial ciber
2023-04-14 https://securityaffairs.com/144811/cyber-crime/cyberattack-cornwall-community-hospital-ontario.html

The Cornwall Community Hospital in Ontario, Canada, is under a cyber attack that is causing delays to scheduled and non-urgent care. A cyberattack on the Cornwall Community Hospital in Ontario, Canada, is causing delays to scheduled and non-urgent care. The cyber attack was discovered on Tuesday, April 11, 2023, it is investigating the incident with […]

The post A cyberattack on the Cornwall Community Hospital in Ontario is causing treatment delays appeared first on Security Affairs.

"

Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Heathcare) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "


Wazuh 4.4 combats breaches, ransomware, and cyberattacks all from a single agent

exploits ransomware ciber
2023-04-13 https://www.helpnetsecurity.com/2023/04/13/wazuh-4-4/

Wazuh launched Wazuh 4.4, the latest version of its open source security platform. The latest version adds multiple new features, including IPv6 support for the enrollment process and agent-manager connection, and support for Azure integration within Linux agents. Today’s leading enterprises require world-class protection of workloads across on-premises, virtualized, containerized, and cloud-based environments. Wazuh 4.4 enhances the comprehensive and customizable solution with greater flexibility to combat breaches, ransomware, and cyberattacks all from a single agent. … More

The post Wazuh 4.4 combats breaches, ransomware, and cyberattacks all from a single agent appeared first on Help Net Security.

"

Autosummary: "


The new weakest link in the cybersecurity chain

ciber
2023-04-13 https://www.helpnetsecurity.com/2023/04/13/securing-attack-surface/

It used to be that people were the greatest cybersecurity vulnerability, but this is no longer true. The rise of the internet made people more connected than ever. Attackers capitalized on that fact and targeted employees directly to gain access to an organization. Leveraging highly automated methods (such as phishing that redirects users to compromised websites), attackers must only fool one employee to start a catastrophic attack against the entire organization. These methods are extremely … More

The post The new weakest link in the cybersecurity chain appeared first on Help Net Security.

"

Autosummary: These exposed systems are highly heterogeneous, including everything from database servers, core business applications, and workstations to embedded systems like cameras, IoT devices, and even building control systems; all scattered across the world wherever the company has a presence.Attackers have come to realize that such unmonitored systems present the same opportunity of access employees once did – namely, an attack surface that can be found and exploited using highly automated, low-cost methods.Thus, the employees-are-our-weakest-link mantra became an unquestioned industry dictum, embraced by both defenders and attackers. "


Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management

exploits ciber
2023-04-13 https://thehackernews.com/2023/04/google-launches-new-cybersecurity.html
Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. "While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they"re known and fixed, which is the real story," the company said in an announcement. "Those risks span everything from "

Autosummary: "


Data-backed insights for future-proof cybersecurity strategies

ciber
2023-04-12 https://www.helpnetsecurity.com/2023/04/12/2023-qualys-trurisk-threat-research-report/

The Qualys Threat Research Unit (TRU) has been hard at work detecting vulnerabilities worldwide, and its latest report is set to shake up the industry. In this Help Net Security interview, Travis Smith, VP of the Qualys TRU, talks about the 2023 Qualys TruRisk Threat Research Report, which provides security teams with data-backed insights to help them better understand how adversaries exploit vulnerabilities and render attacks. What are the most dangerous cyber threats to look … More

The post Data-backed insights for future-proof cybersecurity strategies appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Travis Smith, VP of the Qualys TRU, talks about the 2023 Qualys TruRisk Threat Research Report, which provides security teams with data-backed insights to help them better understand how adversaries exploit vulnerabilities and render attacks. All organizations must tighten processes across the various platforms – dev, testing, staging, and production. While the 2023 TruRisk Research report conducted an in-depth review of the top 163 vulnerabilities, there were an additional 500 vulnerabilities released prior to 2022 that were weaponized or exploited for the first time in 2022. Over the last few years, threat actors have shifted tactics to mature into extortion-ware, whereby they exfiltrate and encrypt data. "


What are the cybersecurity concerns of SMBs by sector?

ciber
2023-04-12 https://www.welivesecurity.com/2023/04/12/what-are-cybersecurity-concerns-smbs-sector/

Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured

The post What are the cybersecurity concerns of SMBs by sector? appeared first on WeLiveSecurity

"

Autosummary: With a majority of SMBs in technology and telecoms (69%), manufacturing and industrial (67%), and financial services (74%) preferring to outsource their security needs, a question that remains elusive from this survey is: Which specific business types in these verticals are prioritizing continuing in-house management, and what are their specific reasons? Retail, wholesale, and distribution Four in five (80%) retail, wholesale, and distribution SMBs have moderate or high confidence in their in-house cybersecurity expertise, the most of any sector.A total of 32% of SMBs surveyed reported use of endpoint detection and response (EDR), extended detection and response (XDR), or managed detection and response (MDR) and 33% plan to leverage the technology in the next 12 months. "


How to transform cybersecurity learning and make content more engaging

ciber
2023-04-11 https://www.helpnetsecurity.com/2023/04/11/transform-cybersecurity-learning-video/

While applications like Slack and Teams have transformed how we collaborate and communicate, cybersecurity training has not kept pace with these advancements. Most security training is still being delivered through web-based learning management systems, according to CybSafe. Often, important security information gets lost in the noise. Only half of the workers interviewed paid attention to emailed content. Furthermore, 20% of employees said they could not remember or find relevant cybersecurity information. In this Help Net … More

The post How to transform cybersecurity learning and make content more engaging appeared first on Help Net Security.

"

Autosummary: "


Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security

ciber
2023-04-11 https://thehackernews.com/2023/04/cybercriminals-turn-to-android-loaders.html
Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses. "The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on messages "

Autosummary: "The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on messages posted on online forums between 2019 and 2023. "


Cybercriminals charge $5K to add Android malware to Google Play

exploits ciber
2023-04-11 https://www.bleepingcomputer.com/news/security/cybercriminals-charge-5k-to-add-android-malware-to-google-play/
Malware developers have created a thriving market promising to add malicious Android apps to Google Play for $2,000 to $20,000, depending on the type of malicious behavior cyber criminals request. [...] "

Autosummary: Selling the source code of a loader for $20,000 (Kaspersky) To promote these loaders, the sellers publish videos showcasing their features, user-friendly interface, granular targeting filters, and more. "


Cybercriminals use simple trick to obtain personal data

ciber
2023-04-10 https://www.helpnetsecurity.com/2023/04/10/simple-trick-disclose-personal-data/

People reveal more personal information when you ask them the same questions a second time – according to new research from the University of East Anglia. A new study reveals how simple repetition can make people over-disclose, and potentially put themselves at risk of identity theft and cybercrime. The research team say that understanding why people disclose personal data could help inform measures to address the problem. People over-disclose personal data From subscribing to online … More

The post Cybercriminals use simple trick to obtain personal data appeared first on Help Net Security.

"

Autosummary: The price of privacy The research team asked 27 study participants for a range of personal information online including their height, weight and phone number as well as their opinions on topics including immigration, abortion, and politics. "


Top 10 Cybersecurity Trends for 2023: From Zero Trust to Cyber Insurance

ciber
2023-04-10 https://thehackernews.com/2023/04/top-10-cybersecurity-trends-for-2023.html
As technology advances, cyberattacks are becoming more sophisticated. With the increasing use of technology in our daily lives, cybercrime is on the rise, as evidenced by the fact that cyberattacks caused 92% of all data breaches in the first quarter of 2022. Staying current with cybersecurity trends and laws is crucial to combat these threats, which can significantly impact business development "

Autosummary: Gcore is an international leader in public cloud and edge computing, content delivery, hosting, and security solutions, with protection servers based on high-performance Intel® Xeon® Scalable processors.A successful data breach can cost millions of dollars, and the amount depends directly on the type of attack and its duration, as well as the loss of reputation, customer loyalty, and the customers themselves. 2 — Cloud security According to more data by Statista, cloud security is the fastest-growing segment in the IT security market, with a projected growth of nearly 27% from 2022 to 2023. "


SD Worx shuts down UK payroll, HR services after cyberattack

ciber
2023-04-10 https://www.bleepingcomputer.com/news/security/sd-worx-shuts-down-uk-payroll-hr-services-after-cyberattack/
Belgian HR and payroll giant SD Worx has suffered a cyberattack causing them to shut down all IT systems for its UK and Ireland services. [...] "

Autosummary: According to the company"s general conditions agreement, this data may include tax information, government ID numbers, addresses, full names, birth dates, phone numbers, bank account numbers, employee evaluations, and more. "


SD Worx shuts down UK and Ireland services after cyberattack

ciber
2023-04-10 https://securityaffairs.com/144629/hacking/sd-worx-suffered-cyberattack.html

Belgian HR giant SD Worx was forced to shut down its IT infrastructure for its UK and Ireland services after a cyber attack. HR and payroll management firm SD Worx shut down its IT systems for its UK and Ireland services after a cyber attack. The company employs more than 7,000 HR professionals and serves over […]

The post SD Worx shuts down UK and Ireland services after cyberattack appeared first on Security Affairs.

"

Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, SD Worx) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "


Outcome-based cybersecurity paves way for organizational goals

ciber
2023-04-07 https://www.helpnetsecurity.com/2023/04/07/outcome-based-cybersecurity-approach/

Organizations follow a reactive approach to cybersecurity which is stifling their progress in demonstrating value and aligning with business outcomes, according to WithSecure. 83% of respondents surveyed in the study were interested in, planning to adopt, or expanding their adoption of outcome-based security solutions and services. Reactive cybersecurity approach prevails in most organizations However, the study also found that most organizations currently approach cybersecurity on a reactive basis. 60% of survey respondents said they react … More

The post Outcome-based cybersecurity paves way for organizational goals appeared first on Help Net Security.

"

Autosummary: The most common outcomes that respondents wanted security to support included risk management, with 44% of survey respondents wanting to reduce risk to meet their top cybersecurity goals; customer experience, with 40% of respondents wanting security to improve customer experience; and revenue growth, which was highlighted by 34% of respondents. "


Microsoft Takes Legal Action to Disrupt Cybercriminals" Illegal Use of Cobalt Strike Tool

ciber
2023-04-07 https://thehackernews.com/2023/04/microsoft-takes-legal-action-to-disrupt.html
Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center (Health-ISAC) to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware. To that end, the tech giant"s Digital Crimes Unit (DCU) revealed that it secured a court order in the U.S. to "remove illegal, legacy copies of Cobalt Strike so they can no longer be used by "

Autosummary: "


Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike

ciber
2023-04-07 https://securityaffairs.com/144537/hacking/microsoft-vs-cracked-copies-cobalt-strike.html

Microsoft announced it has taken legal action to disrupt the illegal use of copies of the post-exploitation tool Cobalt Strike by cybercriminals. Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named ‘Beacon’ on the victim machine. The Beacon includes a wealth of functionality for the attacker, including, but […]

The post Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike appeared first on Security Affairs.

"

Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Phishing) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "


Resecurity uncovers STYX, new cybercriminal platform focused on financial fraud

financial ciber
2023-04-06 https://www.helpnetsecurity.com/2023/04/06/resecurity-uncovers-styx-cybercriminal-platform/

Resecurity has recently identified the STYX Innovation Marketplace, a new cybercriminal e-commerce platform with a specialized focus on financial fraud and money laundering. STYX launched at the beginning of 2023. This platform is specifically designed to facilitate financial crime, providing cybercriminals with a range of services, including stolen financial data, credit card information, forged documents, money laundering services, victim reconnaissance ‘lookups’, and more. This discovery illustrates the post- pandemic menace of cyber-enabled financial crime and … More

The post Resecurity uncovers STYX, new cybercriminal platform focused on financial fraud appeared first on Help Net Security.

"

Autosummary: This platform is specifically designed to facilitate financial crime, providing cybercriminals with a range of services, including stolen financial data, credit card information, forged documents, money laundering services, victim reconnaissance ‘lookups’, and more. Beyond institutional cybersecurity, FIs must also evolve their anti-money- laundering (AML), KYC, fraud prevention, and cyber units beyond yesterday’s divisional silos. "


A fireside chat with four CISOs about how they secure their cybersecurity firms from attack

ciber
2023-04-06 https://grahamcluley.com/a-fireside-chat-with-four-cisos-about-how-they-secure-their-cybersecurity-firms-from-attack/
On Tuesday 11 April, I"ll be joined by the CISOs of security firms Wiz, Rubrik, Noname, and Abnormal, for a friendly chat about how they protect their organisations from the huge number of threats targeting them. I hope to see some of you there! "

Autosummary: "


A whirlwind adventure: Malwarebytes" 15-year journey in business cybersecurity

exploits ciber
2023-04-06 https://www.malwarebytes.com/blog/business/2023/04/a-whirlwind-adventure-malwarebytes-15-year-journey-in-business-cybersecurity

Categories: Business

It"s time to buckle up and embark on a whimsical journey through the twists and turns of Malwarebytes" evolution.

(Read more...)

The post A whirlwind adventure: Malwarebytes" 15-year journey in business cybersecurity appeared first on Malwarebytes Labs.

"

Autosummary: Act III: The Plot Thickens (June 2014 - 2016) In 2014, Malwarebytes launched the Anti-Malware Remediation Tool, a sleek, portable solution for businesses to eliminate malware with minimal fuss. In 2018, we expanded our portfolio with Endpoint Protection for Mac, Endpoint Detection and Response (EDR) for Windows endpoints, EDR Ransomware Rollback, and EDR Endpoint Isolation. Act VIII: The Mobile Frontier (2023 and beyond) As we set our sights on the future, 2023 marked our foray into Mobile Protection for iOS, Android, and Chromebook platforms. "


How AI is transforming cybersecurity for better and worse

ciber
2023-04-05 https://www.helpnetsecurity.com/2023/04/05/ai-transforming-cybersecurity-video/

Many sectors view AI and machine learning with mixed emotions, but for the cybersecurity industry, they present a double-edged sword. On the one hand, AI provides powerful tools for cybersecurity professionals, such as automated security processing and threat detection. On the other hand, cybercriminals have access to the same technology, making it a constant cat-and-mouse game between attackers and defenders. In this Help Net Security video, Matt Aldridge, Principal Solutions Consultant at OpenText Cyber Security, … More

The post How AI is transforming cybersecurity for better and worse appeared first on Help Net Security.

"

Autosummary: "


Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks

ciber
2023-04-05 https://thehackernews.com/2023/04/google-tag-warns-of-north-korean-linked.html
A North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S. Google"s Threat Analysis Group (TAG) is tracking the cluster under the name ARCHIPELAGO, which it said is a subset of another threat group tracked by Mandiant under the name APT43. The tech giant "

Autosummary: "


Streamlining cybersecurity decision-making for analysts and CISOs

ciber
2023-04-04 https://www.helpnetsecurity.com/2023/04/04/giorgos-georgopoulos-elemendar-cybersecurity-decision-making/

Using structured, machine-readable data in defensive systems can present a significant challenge. In this Help Net Security interview, Giorgos Georgopoulos, CEO at Elemendar, discusses these challenges and how Elemendar’s application can help cyber analysts and CISOs. Giorgos highlights the company’s customizable technology, which can be tailored to meet the unique needs of different organizations, as well as the security measures that Elemendar takes to protect the data processed by their AI technology. What are some … More

The post Streamlining cybersecurity decision-making for analysts and CISOs appeared first on Help Net Security.

"

Autosummary: That’s because, to use CTI as structured, machine-readable data in a defensive system, you need to translate it from a human-readable form into a machine-readable one: the greatest benefit from cyber threat intelligence comes with higher-level information that is expressed in human-readable forms, because a human wrote it in the first place. Yes, Elemendar’s technology can be customized to meet the specific needs of different organizations at three stages: when integrating the data sources for the application to process, when processing the data inside the application, and when integrating the outputs into an organization’s cyber defense workflows. "


Guardz launches dedicated cybersecurity platform for MSPs and IT professionals

ciber
2023-04-04 https://www.helpnetsecurity.com/2023/04/04/guardz-msp-solution/

Guardz has launched its dedicated cybersecurity platform for MSPs and IT professionals that empowers MSPs to protect their clients with automated remediation plans, to improve their reporting for existing clients and better obtain new ones, and to cut operational and licensing costs up to 75%, ultimately boosting revenue. Cybersecurity attacks aimed at small and mid-size businesses are on the rise, yet only 14% of these companies are prepared to defend themselves. Many either cannot afford … More

The post Guardz launches dedicated cybersecurity platform for MSPs and IT professionals appeared first on Help Net Security.

"

Autosummary: These include contracting with multiple vendors, creating an affordable bundled cyber solution for their customers, mastering and deploying a variety of technologies for each client, and demonstrating the risk, exposure, and financial impact to new clients, all while delivering ongoing threat detection and remediation across multiple attack vectors. "


How can organizations bridge the gap between DR and cybersecurity?

ciber
2023-04-04 https://www.helpnetsecurity.com/2023/04/04/dr-cybersecurity-teams-integration/

Breaking down the silos between disaster recovery (DR) and cybersecurity has become increasingly important to ensure maximum business resiliency against outages, data breaches, and ransomware attacks. Yet, many organizations still operate these functions separately, leading to slower response times, budgeting challenges, duplicated resource allocations, and an overall weaker security and business continuity posture. Why must DR and cybersecurity teams collaborate? Encouraging collaboration between your disaster recovery and cybersecurity teams can offer several benefits for your … More

The post How can organizations bridge the gap between DR and cybersecurity? appeared first on Help Net Security.

"

Autosummary: By having integrated tools such as security automation platforms, security incident & event management (SIEM), endpoint detection & response (EDR), data loss prevention (DLP), organizations can dramatically reduce the time it takes for them to detect anomalies or malicious activity on their network as well as speed up incident response times when needed.Yet, many organizations still operate these functions separately, leading to slower response times, budgeting challenges, duplicated resource allocations, and an overall weaker security and business continuity posture. "


Trace3 acquires Set Solutions to boost cybersecurity capabilities

ciber
2023-04-04 https://www.helpnetsecurity.com/2023/04/05/trace3-set-solutions/

Trace3’s acquisition of Set Solutions is a continuation of the company’s strategic expansion plan. The investment allows the combined companies to deepen cybersecurity capabilities to drive success for commercial and enterprise clients. Set Solutions has a longstanding history of alleviating challenges that technology leaders encounter in the ongoing evolution of the cyber threat landscape. Trace3’s security portfolio is strengthened by Set Solutions’ specialized expertise in cybersecurity and focus on mature and emerging technology-based solutions. This … More

The post Trace3 acquires Set Solutions to boost cybersecurity capabilities appeared first on Help Net Security.

"

Autosummary: "


Capita cyberattack disrupted access to its Microsoft Office 365 apps

ciber
2023-04-03 https://www.bleepingcomputer.com/news/security/capita-cyberattack-disrupted-access-to-its-microsoft-office-365-apps/
British outsourcing services provider Capita announced today that a cyberattack on Friday prevented access to its internal Microsoft Office 365 applications. [...] "

Autosummary: The issue was limited to parts of the Capita network, and there is no evidence of customer, supplier, or colleague data having been compromised” - Capita Capita says that the disruption only affected some services provided to individual clients, while most of its customer base didn’t experience any adverse impacts. "


LogRhythm releases new cybersecurity capabilities to improve operational efficiency

ciber
2023-04-03 https://www.helpnetsecurity.com/2023/04/03/logrhythm-cybersecurity-capabilities/

For a fourth consecutive quarter, LogRhythm releases new cybersecurity capabilities that makes it easier for security teams to reduce noise, prioritize work and quickly secure their environments. Analysts gain a simplified experience to focus on detecting, investigating, and responding to threats. In its continued commitment to customer satisfaction, LogRhythm also announces the Unlimited Upgrades Service by the Professional Services team which assists customers in upgrading to every quarterly SIEM release with ease. “LogRhythm is proud … More

The post LogRhythm releases new cybersecurity capabilities to improve operational efficiency appeared first on Help Net Security.

"

Autosummary: "


China to probe Micron over cybersecurity, in chip war’s latest battle

ciber
2023-04-03 https://www.computerworld.com/article/3692435/china-to-probe-micron-over-cybersecurity-in-chip-war-s-latest-battle.html#tk.rss_security

The Chinese government is instituting a cybersecurity review of US-based memory chip maker Micron’s products being sold in the country, in the latest move in the ongoing semiconductor trade dispute that pits China against the US and its allies.

The rupture between China and the West over semiconductors is causing chip supply chain disruptions that threaten many of the fastest-growing parts of the technology sector – mainly AI and cloud technology. The chip war is also putting global enterprises in the crosshairs, as auto manufacturing and a host of other sectors are increasingly dependent on the availability of advanced silicon for growth.

To read this article in full, please click here

"

Autosummary: China states concern over national security A brief Chinese government statement issued on March 31 said that the review of Micron is being undertaken “in order to ensure the security of the key information infrastructure supply chain, prevent network security risks caused by hidden product problems, and maintain national security,” according to a machine translation of the announcement. "


Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

rusia-ucrania ciber
2023-04-02 https://securityaffairs.com/144340/apt/ntc-vulkan-sandworm-cyberwarfare-arsenal.html

Files leaked by Russian IT contractor NTC Vulkan show that Russia-linked Sandworm APT requested it to develop offensive tools. Documents leaked from Russian IT contractor NTC Vulkan show it was likely involved in the development of offensive tools. The documents demonstrate that it also developed hacking tools for the Russia-linked APT group Sandworm. The Sandworm group […]

The post Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal appeared first on Security Affairs.

"

Autosummary: In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine, including AwfulShred, CaddyWiper, HermeticWiper, Industroyer2, IsaacWiper, WhisperGate, Prestige, RansomBoggs, and ZeroWipe. "


Scan and diagnose your SME’s cybersecurity with expert recommendations from ENISA

ciber
2023-03-30 https://www.helpnetsecurity.com/2023/03/30/enisa-scan-diagnose-sme-cybersecurity/

The release of a cybersecurity maturity assessment tool by the European Union Agency for Cybersecurity (ENISA) aims to provide Small and Medium Enterprises (SMEs) with a valuable resource for enhancing their security posture. As a significant driver for innovation and growth in the EU, SMEs constantly face cybersecurity challenges. This is why it is essential to support them in addressing these challenges and identifying improvements. The cybersecurity maturity assessment tool designed by ENISA supports those … More

The post Scan and diagnose your SME’s cybersecurity with expert recommendations from ENISA appeared first on Help Net Security.

"

Autosummary: "


How cybersecurity decision-makers perceive cyber resilience

ciber
2023-03-29 https://www.helpnetsecurity.com/2023/03/29/how-cybersecurity-decision-makers-perceive-cyber-resilience-video/

In an economic climate putting immense pressure on business leaders to prove ROI and team efficiency – a new report from Immersive Labs looks into the lack of confidence cyber leaders have in their team’s preparation and abilities to combat cyber incidents. In this Help Net Security video, Max Vetter, VP of Cyber at Immersive Labs, discusses the growing pressure on cybersecurity teams to prove their readiness for new and emerging threats.

The post How cybersecurity decision-makers perceive cyber resilience appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity firms warn of 3CX desktop app supply chain attack

ciber
2023-03-29 https://www.bleepingcomputer.com/news/security/cybersecurity-firms-warn-of-3cx-desktop-app-supply-chain-attack/
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company"s customers in an ongoing supply chain attack. [...] "

Autosummary: The company"s customer list includes a long list of high-profile companies and organizations like American Express, Coca-Cola, McDonald"s, BMW, Honda, AirFrance, NHS, Toyota, Mercedes-Benz, IKEA, and HollidayInn. "


Spera raises $10 million to equip cybersecurity teams with the visibility and risk contextualization

ciber
2023-03-29 https://www.helpnetsecurity.com/2023/03/30/spera-funding/

Spera has revealed $10 million in seed funding led by YL Ventures, with participation from notable security and go-to-market leaders, prominent angel investors and serial entrepreneurs from leading enterprises including Google, Palo Alto Networks, Akamai, Zendesk, Zscaler and others. Founded by cybersecurity veterans Dor Fledel, CEO and Ariel Kadyshevitch, CTO, Spera is the Identity Security Posture Management solution delivering end-to-end identity attack surface management, risk reduction and identity threat prevention, detection and response. According to … More

The post Spera raises $10 million to equip cybersecurity teams with the visibility and risk contextualization appeared first on Help Net Security.

"

Autosummary: Founded by cybersecurity veterans Dor Fledel, CEO and Ariel Kadyshevitch, CTO, Spera is the Identity Security Posture Management solution delivering end-to-end identity attack surface management, risk reduction and identity threat prevention, detection and response. "


Right-Hand Cybersecurity raises $5 million to expand its global operations

ciber
2023-03-29 https://www.helpnetsecurity.com/2023/03/30/right-hand-cybersecurity-funding/

Right-Hand Cybersecurity has unveiled its successful $5M Series A led by former PayPal executive Jack Selby and his firm AZ-VC. With the successful close of its Series A round, Right-Hand will expand its operations across the US and Asia-Pacific while investing heavily in its Human Risk Management platform that integrates with other commonly adopted and relied upon security solutions. Right-Hand takes a human-centered approach to cybersecurity that improves employee behaviors in real-time that are otherwise … More

The post Right-Hand Cybersecurity raises $5 million to expand its global operations appeared first on Help Net Security.

"

Autosummary: Right-Hand’s Human Risk Management platform aggregates employee security behaviors and alerts in real-time from its existing platform, and other market Endpoint Detection & Response (EDR), Email Security and Identity and Access Management (IAM) technologies, and assigns different behaviors a risk score that can be easily interpreted among key stakeholders to gain visibility into employee risk in plain business terms. "


Pakistan-Origin SideCopy Linked to New Cyberattack on India"s Ministry of Defence

ciber
2023-03-28 https://thehackernews.com/2023/03/pakistan-origin-sidecopy-linked-to-new.html
An advanced persistent threat (APT) group that has a track record of targeting India and Afghanistan has been linked to a new phishing campaign that delivers Action RAT. According to Cyble, which attributed the operation to SideCopy, the activity cluster is designed to target the Defence Research and Development Organization (DRDO), the research and development wing of India"s Ministry of "

Autosummary: The malware, in addition to gathering information about the victim machine, is capable of running commands sent from a command-and-control (C2) server, including harvesting files and dropping follow-on malware. "


Fake DDoS services set up to trap cybercriminals

ciber
2023-03-28 https://www.malwarebytes.com/blog/news/2023/03/fake-ddos-services-set-up-to-trap-cybercriminals

Categories: News

Tags: NCA

Tags: national crime agency

Tags: DDoS

Tags: distributed denial of service

Tags: booter

Tags: underground

The British National Crime Agency has been setting up fake DDoS services to teach people a lesson in what not to do online.

(Read more...)

The post Fake DDoS services set up to trap cybercriminals appeared first on Malwarebytes Labs.

"

Autosummary: Parents, teachers, and children of all ages can see what the risks are, how someone could get into trouble, and why it"s better to put digital talents to use in favour of something more productive.All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks. "


The era of passive cybersecurity awareness training is over

ciber
2023-03-27 https://www.helpnetsecurity.com/2023/03/27/low-cybersecurity-awareness/

Despite increased emphasis on cybersecurity from authorities and high-profile breaches, critical gaps in vulnerability management within organizations are being overlooked by executive leadership teams, according to Action1. These gaps leave organizations vulnerable to cyber threats. Key findings Low cybersecurity awareness among employees According to the survey, the time required to combat low cybersecurity awareness among employees has increased over the past year. This worrying trend makes organizations more vulnerable to phishing and other cyber-attacks. Breaches … More

The post The era of passive cybersecurity awareness training is over appeared first on Help Net Security.

"

Autosummary: Take cybersecurity awareness to the next level Modern social engineering attacks often use a combination of communication channels such as email, phone calls, SMS, and messengers. "


UK police reveal they are running fake DDoS-for-hire sites to collect details on cybercriminals

ciber
2023-03-27 https://www.bitdefender.com/blog/hotforsecurity/uk-police-reveal-they-are-running-fake-ddos-for-hire-sites-to-collect-details-on-cybercriminals/
There"s bad news if you"re someone who is keen to launch a Distributed Denial-of-Service (DDoS) attack to boot a website off the internet, but don"t have the know-how to do it yourself. Rather than hiring the help of cybercriminals to bombard a site with unwanted traffic or kick rivals out of a video game, you might be actually handing your details straight over to the police. Read more in my article on the Hot for Security blog. "

Autosummary: "


U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

ciber
2023-03-25 https://thehackernews.com/2023/03/uk-national-crime-agency-sets-up-fake.html
In what"s a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to "

Autosummary: "


NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites

ciber
2023-03-25 https://securityaffairs.com/144011/cyber-crime/nca-fake-ddos-for-hire-sites.html

The U.K. National Crime Agency (NCA) revealed that it has set up a number of fake DDoS-for-hire sites to infiltrate the online criminal underground. The UK National Crime Agency announced it has infiltrated the online criminal marketplace by setting up several sites purporting to offer DDoS-for-hire services. DDoS-for-hire or ‘booter’ services allows registered users to […]

The post NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites appeared first on Security Affairs.

"

Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, DDoS-for-hire) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "


Why organizations shouldn’t fold to cybercriminal requests

ciber
2023-03-24 https://www.helpnetsecurity.com/2023/03/24/cybercriminal-requests-video/

Organizations worldwide pay ransomware fees instead of implementing solutions to protect themselves. The ransom is just the tip of the iceberg regarding the damage a ransomware attack can wreak. In this Help Net Security video, Gerasim Hovhannisyan, CEO at EasyDMARC, discusses how domain authentication tools such as DKIM, SPF, and DMARC can help mitigate risk and limit the number of phishing attacks, identifying fraudulent messages before they even hit the receiver’s inbox and making organizations … More

The post Why organizations shouldn’t fold to cybercriminal requests appeared first on Help Net Security.

"

Autosummary: "


UK creates fake DDoS-for-hire sites to identify cybercriminals

ciber
2023-03-24 https://www.bleepingcomputer.com/news/security/uk-creates-fake-ddos-for-hire-sites-to-identify-cybercriminals/
The U.K."s National Crime Agency (NCA) revealed today that they created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize these platforms to attack organizations. [...] "

Autosummary: "Going forward, people who wish to use these services can"t be sure who is actually behind them, so why take the risk?" In December 2022, the U.S. Department of Justice and the FBI announced the seizure of 48 domains that sold "booter" services in the context of "Operation PowerOFF. "


A closer look at TSA’s new cybersecurity requirements for aviation

ciber
2023-03-23 https://www.helpnetsecurity.com/2023/03/23/aviation-industry-cybersecurity-requirements/

The Transportation Security Administration (TSA) recently issued new cybersecurity requirements for the aviation industry, which follows last year’s announcement for railroad operators. Both announcements are part of the Department of Homeland Security’s effort to improve the nation’s cybersecurity resiliency and align with the National Cybersecurity Strategy released by the White House earlier this month. While the strategy is not perfect, it draws attention to the importance of zero trust within our nation’s critical infrastructure. Just … More

The post A closer look at TSA’s new cybersecurity requirements for aviation appeared first on Help Net Security.

"

Autosummary: Within the TSA emergency amendment are four actions that TSA-regulated aviation entities must take to mitigate cybersecurity threats: Network segmentation Creation of access control measures Implementation of continuous monitoring and detection, and Reduction of risk of exploited unpatched systems By constantly verifying and monitoring user and device activity, aviation organizations can achieve a higher level of security and better manage their cyber risk. "


Cyber threats to EU transport sector sends urgent call for enhanced cybersecurity

ciber
2023-03-23 https://www.helpnetsecurity.com/2023/03/23/transport-sector-cyber-threats/

Between January 2021 and October 2022, the EU Agency for Cybersecurity (ENISA) analyzed and mapped the cyber threats faced by the transport sector, identifying prime threats, analyzing incidents, assessing threat actors, analyzing their motivations, and introducing major trends for each sub-sector, thereby providing new insights. EU Agency for Cybersecurity Executive Director, Juhan Lepassaar, stated that “Transport is a key sector of our economy that we depend on in both our personal and professional lives. Understanding … More

The post Cyber threats to EU transport sector sends urgent call for enhanced cybersecurity appeared first on Help Net Security.

"

Autosummary: Attacks by hacktivists are on the rise Ransomware attacks Data related threats Malware Denial-of-service (DoS), distributed denial-of-service (DDoS) and ransom denial-of-service (RDoS) attacks Phishing / spear phishing Supply-chain attacks Ransomware attacks have become the most prominent threat against the sector in 2022, with attacks having almost doubled, rising from 13% in 2021 to 25% in 2022. "


Vumetric PTaaS platform simplifies cybersecurity assessments for organizations

ciber
2023-03-23 https://www.helpnetsecurity.com/2023/03/23/vumetric-ptaas-platform/

Vumetric Cybersecurity has launched its Penetration Testing as-a-Service (PTaaS) platform, designed to simplify and modernize cybersecurity assessments for organizations of all sizes. The Vumetric PTaaS platform revolutionizes the penetration testing process by providing self-service capabilities that allow organizations to schedule and manage assessments on-demand. The platform’s interactive reporting provides a comprehensive view of identified risks and prioritized remediation strategies. Stakeholders can easily access results, track improvements over time, and analyze project results without additional effort, … More

The post Vumetric PTaaS platform simplifies cybersecurity assessments for organizations appeared first on Help Net Security.

"

Autosummary: "


2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks

ciber
2023-03-23 https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html
In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate security budgets have risen significantly because of the growing sophistication of attacks and the number of cybersecurity solutions introduced into the market. With this rise in threats, budgets, and solutions, how prepared are industries "

Autosummary: Finding #2: Tech Companies Score Average Among sectors, energy and financial industries came out on top for overall cybersecurity maturity level, while healthcare, retail, and government agencies were among the lowest. "


Bridging the cybersecurity readiness gap in a hybrid world

ciber
2023-03-22 https://www.helpnetsecurity.com/2023/03/22/cybersecurity-readiness-gap/

A mere 15% of organizations globally have the ‘mature’ level of readiness needed to be resilient against today’s modern cybersecurity risks, according to a Cisco report. Organizations have moved from an operating model that was largely static – where people operated from single devices from one location, connecting to a static network – to a hybrid world in which they increasingly operate from multiple devices in multiple locations, connect to multiple networks, access applications in … More

The post Bridging the cybersecurity readiness gap in a hybrid world appeared first on Help Net Security.

"

Autosummary: Organizations have moved from an operating model that was largely static – where people operated from single devices from one location, connecting to a static network – to a hybrid world in which they increasingly operate from multiple devices in multiple locations, connect to multiple networks, access applications in the cloud and on the go, and generate an enormous amount of data. "


These 15 European startups are set to take the cybersecurity world by storm

ciber
2023-03-22 https://www.helpnetsecurity.com/2023/03/22/european-cybersecurity-google-startups/

Google has announced the startups chosen for its Cybersecurity Startups Growth Academy. The 15 selected startups are from eight countries and were chosen from over 120 applicants. They have made significant contributions, from securing health applications to protecting educators and safeguarding the clean water supply chain. The selected companies will receive mentoring sessions from Google experts, including former VirusTotal and Mandiant startups. Additionally, they will have opportunities to network with other cybersecurity entrepreneurs at events … More

The post These 15 European startups are set to take the cybersecurity world by storm appeared first on Help Net Security.

"

Autosummary: That’s according to new research we’ve released in partnership with Kantar — “Europe’s SMEs in the Digital Decade 2030” — which also finds that attackers targeting unprepared companies can get more data in less time than ever before, due to the smallest cybersecurity lapses,” Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, wrote in a blog post. (Luxembourg): Company serving 15,000 organizations worldwide — “including F500 companies, the defense industry, universities” — which builds an open-source, enterprise password manager. "


Eurotech introduces cybersecurity-certified edge AI solutions

ciber
2023-03-21 https://www.helpnetsecurity.com/2023/03/21/eurotech-edge-servers/

Eurotech announced its newest edge servers with scalable, cybersecurity certified – AI capabilities. Cyber-threats have become endemic and severely expose states and businesses of all sizes to the risk of loss of data, interruption of services, and direct or indirect monetary impact. Recent surveys have reported that most enterprises face cyber-attacks repeatedly, breaches often originate from a compromised business partner, and the related costs are passed on to customers. “That is why, after establishing ourselves … More

The post Eurotech introduces cybersecurity-certified edge AI solutions appeared first on Help Net Security.

"

Autosummary: Automotive version available ReliaCOR 40-12 Compact ruggedized fanless edge server Ready for AWS and Azure certification 12th gen Intel Core low power Up to 3TB SSD storage, 2x Mini PCIe expansion slots IoT connectivity ready: WiFi/GNSS/BT, 4G/5G cellular Selection criteria: when workload consolidation is required at the edge in a compact form factor and industrial environmental conditions ReliaCOR 54-12 Ruggedized edge AI server 12th gen Intel Core high performance Up to 3TB SSD storage, 2x Mini PCIe + 3x PCIe expansion slots Up to 2x NVIDIA latest gen GPU IoT connectivity ready: WiFi/GNSS/BT, 4G/5G cellular Selection criteria: when workload consolidation meets AI and machine vision at the edge in industrial environmental conditions, and requires scalability to accommodate evolving use cases On all Eurotech’s ReliaCOR products, unauthorized accesses and data manipulations are prevented by a layered secure architecture. "


How to best allocate IT and cybersecurity budgets in 2023

ciber
2023-03-20 https://www.helpnetsecurity.com/2023/03/20/how-to-allocate-it-cybersecurity-budgets-video/

Despite the economic uncertainty, 57% of organizations plan to increase their cybersecurity budgets in 2023, according to a survey from Arctic Wolf. This highlights a powerful trend: critical needs like security must be addressed even with IT budgets tightening. As 48% of organizations rank ransomware and targeted threats as their number one concern for 2023, how can they allocate that increased cybersecurity budget effectively? In this Help Net Security video, Ian McShane, VP of Strategy … More

The post How to best allocate IT and cybersecurity budgets in 2023 appeared first on Help Net Security.

"

Autosummary: "


Most mid-sized businesses lack cybersecurity experts, incident response plans

ciber
2023-03-20 https://www.helpnetsecurity.com/2023/03/20/mid-sized-businesses-cybersecurity-challenges/

99% of all businesses across the United States and Canada are mid-sized businesses facing cybersecurity challenges, according to a Huntress report. Aimed to gain insights into organizational structure, resources and cybersecurity strategies, the results contextualize challenges across core functions including gaps in toolkits, planning, staffing, security awareness training and difficulty to secure cybersecurity insurance. Mid-sized businesses cybersecurity challenges 49% of mid-sized businesses plan to budget more for cyber security in 2023 In the last twelve … More

The post Most mid-sized businesses lack cybersecurity experts, incident response plans appeared first on Help Net Security.

"

Autosummary: Mid-sized businesses cybersecurity challenges 49% of mid-sized businesses plan to budget more for cyber security in 2023 In the last twelve months, 24% of mid-sized businesses have suffered a cyber attack or are unsure if they have suffered a cyber attack 61% of mid-sized businesses do not have dedicated cybersecurity experts in their organization 47% of mid-sized businesses do not currently have an incident response plan 27% of mid-sized businesses reported having no cyber insurance coverage “In some regards, this research tells a virtual ‘Tale of Two Cities’ for mid-size and smaller businesses. "


How ChatGPT is changing the cybersecurity game

ciber
2023-03-17 https://www.helpnetsecurity.com/2023/03/17/chatgpt-cybersecurity-potential/

The cybersecurity industry can leverage GPT-3 potential as a co-pilot to help defeat attackers, according to Sophos. The latest report details projects developed by Sophos X-Ops using GPT-3’s large language models to simplify the search for malicious activity in datasets from security software, more accurately filter spam, and speed up analysis of “living off the land” binary (LOLBin) attacks. “Since OpenAI unveiled ChatGPT back in November, the security community has largely focused on the potential … More

The post How ChatGPT is changing the cybersecurity game appeared first on Help Net Security.

"

Autosummary: Perhaps, but, at Sophos, we’ve long seen AI as an ally rather than an enemy for defenders, making it a cornerstone technology for Sophos, and GPT-3 is no different. "


Latitude cyberattack leads to data theft at two service providers

ciber Telcos
2023-03-16 https://www.bleepingcomputer.com/news/security/latitude-cyberattack-leads-to-data-theft-at-two-service-providers/
Latitude Financial Services (Latitude) has published a notice on its website today informing that it has suffered a ransomware attack that resulted in the theft of some customer data. [...] "

Autosummary: "


Exfiltration malware takes center stage in cybersecurity concerns

exploits ciber
2023-03-15 https://www.helpnetsecurity.com/2023/03/15/malware-exfiltrate-data/

While massive public data breaches rightfully raise alarms, the spike in malware designed to exfiltrate data directly from devices and browsers is a key contributor to continued user exposure, according to SpyCloud. The 2023 report identified over 22 million unique devices infected by malware last year. Of the 721.5 million exposed credentials recovered by SpyCloud, roughly 50% came from botnets, tools commonly used to deploy highly accurate information-stealing malware. These infostealers enable cybercriminals to work … More

The post Exfiltration malware takes center stage in cybersecurity concerns appeared first on Help Net Security.

"

Autosummary: Cybercriminals can easily access critical business applications Cybercriminals have doubled down and exploited the economic downturn, growing hybrid workforce, ghost accounts from terminated employees, and increased outsourcing, which elevates third-party exposure. "


ChatGPT may be a bigger cybersecurity risk than an actual benefit

ciber
2023-03-15 https://www.bleepingcomputer.com/news/security/chatgpt-may-be-a-bigger-cybersecurity-risk-than-an-actual-benefit/
ChatGPT made a splash with its believable AI-generated responses. However, it can help threat actors create convincing personas to steal credentials in phishing attacks. [...] "

Autosummary: Detecting AI-generated content Source: Specops You can use this tool to help identify AI generated text: https://gptzero.me/. Social Engineering on the rise with ChatGPT From fake support requests, to caller ID spoofing, and now even scripting with ChatGTP. The user can be verified with a one-time code sent to the mobile number associated with their Active Directory account, or even with existing authentication services, like Duo Security, Okta, PingID, and Symantec VIP. Furthermore, since the ChatGPT model is open-source, an enterprising individual could create a dataset of existing company-generated emails to create a tool that quickly and easily produces phishing emails. "


H2 2022 – brief overview of main incidents in industrial cybersecurity

industry ciber
2023-03-15 https://ics-cert.kaspersky.com/publications/h2-2022-brief-overview-of-main-incidentsin-industrial-cybersecurity/
In this overview, we discuss cybercriminal and hacktivist attacks on industrial organizations. "

Autosummary: Hive Ransomware The Cybersecurity and Infrastructure Security Agency (CISA), together with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS), published a joint alert about the Hive ransomware group, which targeted a wide range of businesses and infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health. The ALPHV ransomware gang, aka BlackCat, claimed responsibility for the cyberattack against Creos and added it to its extortion site on Saturday, threatening to publish 180,000 stolen files totaling 150 GB in size, including contracts, agreements, passports, bills, and emails. On December 29, the LockBit ransomware gang took responsibility for the attack against the port, claiming to have stolen financial reports, audits, budgets, contracts, ship logs and other information about cargo and crews.The data leaked includes bank account details, dates of birth, next-of-kin information, national insurance numbers and tax information, health and well-being information, disciplinary and grievance related documents, etc.The attackers used known vulnerabilities (CVE-2022-24521, CVE-2020-1472), phishing, PowerShell scripts, KerberCache tool, compromised credentials and RDP to gain access, then used the Hancitor loader to drop their ransomware.From 2019 through at least June 2022, actors have used this malware to target a wide range of businesses and critical infrastructure organizations, including defense contractors, educational institutions, manufacturers, technology companies, and especially organizations in the healthcare and medical industries.According to the company’s statement, data that was unlawfully accessed potentially included personal information (including names, emails, addresses, taxpayer identification numbers, and banking information of affected individuals and businesses). U-blox U-blox, a Swiss company that creates wireless semiconductors and modules for consumer, automotive and industrial markets, said on October 28 that it had been targeted by a ransomware attack, which was detected and contained on October 24. Tata Power On October 14, the largest Indian energy company, Tata Power Company Limited, confirmed that it was targeted by a cyberattack, which affected its IT infrastructure. EPM In December, Empresas Públicas de Medellín (EPM), a Colombian energy provider, was hit with a ransomware attack, which disrupted the company’s operations and took down online services.The hackers uploaded a sample of the stolen files, including employment contracts, supplier contracts, files on various employees, documents detailing executive compensation packages, and more.Information stolen by the attackers may have included employee names, addresses, dates of birth, direct deposit information, ethnicity, and Social Security numbers. Elbit Systems Elbit Systems of America, a subsidiary of Israeli defense contractor Elbit Systems, confirmed a data breach, several months after a ransomware gang claimed to have hacked the company’s systems. The RansomEXX ransomware gang took responsibility for the “malicious cyberactivity” and for stealing 29.9GB of files pertaining to non-disclosure agreements, passports, IDs, contracts, and supply agreements. The company didn’t name the attacker, but BleepingComputer, which saw a ransom note on one of Semikron systems, reported that LV Ransomware might be behind the attack and that they claim to have stolen two terabytes of company data. Eurocell Eurocell, a UK-based PVC-U manufacturer, was hit by a cyberattack, which led to critical personal details of employees being leaked.The main targets of Cuba ransomware attacks are financial services, government, healthcare and public health, critical manufacturing, and information technology. "


H2 2022 – brief overview of main incidents in industrial cybersecurity

industry ciber
2023-03-15 https://ics-cert.kaspersky.com/publications/h2-2022-brief-overview-of-main-incidents-in-industrial-cybersecurity/
In this overview, we discuss cybercriminal and hacktivist attacks on industrial organizations. "

Autosummary: Hive Ransomware The Cybersecurity and Infrastructure Security Agency (CISA), together with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS), published a joint alert about the Hive ransomware group, which targeted a wide range of businesses and infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health. The ALPHV ransomware gang, aka BlackCat, claimed responsibility for the cyberattack against Creos and added it to its extortion site on Saturday, threatening to publish 180,000 stolen files totaling 150 GB in size, including contracts, agreements, passports, bills, and emails. On December 29, the LockBit ransomware gang took responsibility for the attack against the port, claiming to have stolen financial reports, audits, budgets, contracts, ship logs and other information about cargo and crews.The data leaked includes bank account details, dates of birth, next-of-kin information, national insurance numbers and tax information, health and well-being information, disciplinary and grievance related documents, etc.The attackers used known vulnerabilities (CVE-2022-24521, CVE-2020-1472), phishing, PowerShell scripts, KerberCache tool, compromised credentials and RDP to gain access, then used the Hancitor loader to drop their ransomware.From 2019 through at least June 2022, actors have used this malware to target a wide range of businesses and critical infrastructure organizations, including defense contractors, educational institutions, manufacturers, technology companies, and especially organizations in the healthcare and medical industries.According to the company’s statement, data that was unlawfully accessed potentially included personal information (including names, emails, addresses, taxpayer identification numbers, and banking information of affected individuals and businesses). U-blox U-blox, a Swiss company that creates wireless semiconductors and modules for consumer, automotive and industrial markets, said on October 28 that it had been targeted by a ransomware attack, which was detected and contained on October 24. Tata Power On October 14, the largest Indian energy company, Tata Power Company Limited, confirmed that it was targeted by a cyberattack, which affected its IT infrastructure. EPM In December, Empresas Públicas de Medellín (EPM), a Colombian energy provider, was hit with a ransomware attack, which disrupted the company’s operations and took down online services.The hackers uploaded a sample of the stolen files, including employment contracts, supplier contracts, files on various employees, documents detailing executive compensation packages, and more.Information stolen by the attackers may have included employee names, addresses, dates of birth, direct deposit information, ethnicity, and Social Security numbers. Elbit Systems Elbit Systems of America, a subsidiary of Israeli defense contractor Elbit Systems, confirmed a data breach, several months after a ransomware gang claimed to have hacked the company’s systems. The RansomEXX ransomware gang took responsibility for the “malicious cyberactivity” and for stealing 29.9GB of files pertaining to non-disclosure agreements, passports, IDs, contracts, and supply agreements. The company didn’t name the attacker, but BleepingComputer, which saw a ransom note on one of Semikron systems, reported that LV Ransomware might be behind the attack and that they claim to have stolen two terabytes of company data. Eurocell Eurocell, a UK-based PVC-U manufacturer, was hit by a cyberattack, which led to critical personal details of employees being leaked.The main targets of Cuba ransomware attacks are financial services, government, healthcare and public health, critical manufacturing, and information technology. "


<a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a" hreflang="en">#StopRansomware: LockBit 3.0</a>

exploits ransomware ciber
2023-03-15 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a

SUMMARY

Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

Actions to take today to mitigate cyber threats from ransomware:

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this joint CSA to disseminate known LockBit 3.0 ransomware IOCs and TTPs identified through FBI investigations as recently as March 2023.

The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit. Since January 2020, LockBit has functioned as an affiliate-based ransomware variant; affiliates deploying the LockBit RaaS use many varying TTPs and attack a wide range of businesses and critical infrastructure organizations, which can make effective computer network defense and mitigation challenging.

The FBI, CISA, and the MS-ISAC encourage organizations to implement the recommendations in the mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents.

Download the PDF versio "

Autosummary: xml version="1.0" encoding="utf-8"?> <NTServices clsid="{2CFB484A-4E96-4b5d-A0B6-093D2F91E6AE}"> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="SQLPBDMS" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="SQLPBDMS" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="SQLPBENGINE" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="SQLPBENGINE" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="MSSQLFDLauncher" image="4" changed="%s" uid="%s" userContext="0" removePolicy="0" disabled="0"> <Properties startupType="DISABLED" serviceName="MSSQLFDLauncher" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="SQLSERVERAGENT" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="SQLSERVERAGENT" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="MSSQLServerOLAPService" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="MSSQLServerOLAPService" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="SSASTELEMETRY" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="SSASTELEMETRY" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="SQLBrowser" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="SQLBrowser" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="SQL Server Distributed Replay Client" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="SQL Server Distributed Replay Client" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="SQL Server Distributed Replay Controller" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="SQL Server Distributed Replay Controller" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="MsDtsServer150" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="MsDtsServer150" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="SSISTELEMETRY150" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="SSISTELEMETRY150" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="SSISScaleOutMaster150" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="SSISScaleOutMaster150" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="SSISScaleOutWorker150" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="SSISScaleOutWorker150" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="MSSQLLaunchpad" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="MSSQLLaunchpad" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="SQLWriter" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="SQLWriter" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="SQLTELEMETRY" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="SQLTELEMETRY" serviceAction="STOP" timeout="30"/> </NTService> <NTService clsid="{AB6F0B67-341F-4e51-92F9-005FBFBA1A43}" name="MSSQLSERVER" image="4" changed="%s" uid="%s" disabled="0"> <Properties startupType="DISABLED" serviceName="MSSQLSERVER" serviceAction="STOP" timeout="60"/> </NTService>Connection: Keep-Alive LIWy=RJ51lB5GM&a4OuN=<Lockbit ID>&LoSyE3=8SZ1hdlhzld4&DHnd99T=rTx9xGlInO6X0zWW&2D6=Bokz&T1guL=MtRZsFCRMKyBmfmqI& 6SF3g=JPDt9lfJIQ&wQadZP=<Base64 encrypted data> Xni=AboZOXwUw&2rQnM4=94L&0b=ZfKv7c&NO1d=M2kJlyus&AgbDTb=xwSpba&8sr=EndL4n0HVZjxPR& m4ZhTTH=sBVnPY&xZDiygN=cU1pAwKEztU&=5q55aFIAfTVQWTEm&4sXwVWcyhy=l68FrIdBESIvfCkvYl Example of information found in encrypted data { "bot_version":"X", "bot_id":"X", "bot_company":"X", "host_hostname":"X", "host_user":"X", "host_os":"X", "host_domain":"X", "host_arch":"X", "host_lang":"X", "disks_info":[ { "disk_name":"X", "disk_size":"XXXX", "free_size":"XXXXX" } User Agent Strings Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edge/91.0.864.37 <NetworkShareSettings clsid="{520870D8-A6E7-47e8-A8D8-E6A4E76EAEC2}"> <NetShare clsid="{2888C5E7-94FC-4739-90AA-2C1536D68BC0}" image="2" name="%%ComputerName%%_D" changed="%s" uid="%s"> <Properties action="U" name="%%ComputerName%%_D" path="D:" comment="" allRegular="0" allHidden="0" allAdminDrive="0" limitUsers="NO_CHANGE" abe="NO_CHANGE"/> Services.xml stops and disables services on the Active Directory (AD) hosts. RESOURCES REPORTING The FBI is seeking any information that can be legally shared, including: Boundary logs showing communication to and from foreign IP addresses Sample ransom note Communications with LockBit 3.0 actors Bitcoin wallet information Decryptor files Benign sample of an encrypted file The FBI, CISA, and MS-ISAC do not encourage paying ransom, as payment does not guarantee victim files will be recovered. Registry Artifacts LockBit 3.0 Icon Registry Key Value Data HKCR\. <Malware Extension> (Default) <Malware Extension> HKCR\<Malware Extension>\DefaultIcon (Default) C:\ProgramData\<Mal ware Extension>.ico LockBit 3.0 Wallpaper Registry Key Value Data HKCU\Control Panel\Desktop\WallPaper (Default) C:\ProgramData\<Mal ware Extension>.bmp Disable Privacy Settings Experience Registry Key Value Data SOFTWARE\Policies\Microsoft\Win dows\OOBE DisablePrivacyE xperience 0 Enable Automatic Logon Registry Key Value Data SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon AutoAdminLogon 1 DefaultUserName <username> Force GPUpdate Powershell Command powershell Get-ADComputer -filter * -Searchbase "%s" | Foreach-Object { Invoke- GPUpdate -computer $_.name -force -RandomDelayInMinutes 0} Services Killed vss sql svc$ memtas mepocs msexchange sophos veeam backup GxVss GxBlr GxFWD GxCVD GxCIMgr Processes Killed sql oracle ocssd dbsnmp synctime agntsvc isqlplussvc xfssvccon mydesktopservice ocautoupds encsvc firefox tbirdconfig mydesktopqos ocomm dbeng50 sqbcoreservice excel infopath msaccess mspu onenote outlook powerpnt steam thebat thunderbird visio winword wordpad notepad LockBit 3.0 Ransom Note ~~~ LockBit 3.0 the world"s fastest and most stable ransomware from 2019~~~ >>>>>Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by the FBI, CISA, or the MS-ISAC.[TA0002] Enabling automatic logon for persistence and privilege escalation [T1547] Deleting log files, files in the recycle bin folder, and shadow copies residing on disk [T1485], [T1490] LockBit 3.0 attempts to spread across a victim network by using a preconfigured list of credentials hardcoded at compilation time or a compromised local account with elevated privileges [T1078]. EXFILTRATION LockBit 3.0 affiliates use Stealbit, a custom exfiltration tool used previously with LockBit 2.0 [TA0010]; rclone, an open-source command line cloud storage manager [T1567.002]; and publicly available file sharing services, such as MEGA [T1567.002], to exfiltrate sensitive company data files prior to encryption.LockBit 3.0 performs functions such as: Enumerating system information such as hostname, host configuration, domain information, local drive configuration, remote shares, and mounted external storage devices [T1082] Terminating processes and services [T1489] Launching commands VALIDATE SECURITY CONTROLS In addition to applying mitigations, the FBI, CISA, and the MS-ISAC recommend exercising, testing, and validating your organization"s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. Mutual Exclusion Object (Mutex) Created When executed, LockBit 3.0 will create the mutex, Global\<MD4 hash of machine GUID>, and check to see if this mutex has already been created to avoid running more than one instance of the ransomware. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers [CPG 7.3] in a physically separate, segmented, and secure location (e.g., hard drive, storage device, the cloud). The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this joint CSA to disseminate known LockBit 3.0 ransomware IOCs and TTPs identified through FBI investigations as recently as March 2023. The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit.State, local, tribal, and territorial (SLTT) government entities can also report to the MS-ISAC (SOC@cisecurity.org or 866-787-4722).[CPG 7.3] in a physically separate, segmented, and secure location (e.g., hard drive, storage device, the cloud). "


Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities

exploits government ciber
2023-03-14 https://thehackernews.com/2023/03/fortinet-fortios-flaw-exploited-in.html
Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers Guillaume Lovet and Alex Kong said in an "

Autosummary: The disclosure comes days after Fortinet released patches to address 15 security flaws, including CVE-2022-41328 and a critical heap-based buffer underflow issue impacting FortiOS and FortiProxy (CVE-2023-25610, CVSS score: 9.3). "


Cybercriminals exploit SVB collapse to steal money and data

financial exploits ciber
2023-03-14 https://www.bleepingcomputer.com/news/security/cybercriminals-exploit-svb-collapse-to-steal-money-and-data/
The collapse of the Silicon Valley Bank (SVB) on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it"s becoming an excellent opportunity. [...] "

Autosummary: Claim about an SVB-themed BEC attempt (Mastodon) Cyber-intelligence firm Cyble published a similar report today exploring developing SVB-themed threats, warning about these additional domains: svbdebt[.]com svbclaims[.]net svb-usdc[.]com svb-usdc[.]net svbi[.]io banksvb[.]com svbank[.]com svblogin[.]com Many of these sites were registered on the day of the bank"s collapse, March 10, 2023, and are already hosting cryptocurrency scams. "


Understanding password behavior key to developing stronger cybersecurity protocols

ciber
2023-03-13 https://www.helpnetsecurity.com/2023/03/13/understanding-password-behavior/

Passwords are still the weakest link in an organization’s network, as proven by the analysis of over 800 million breached passwords, according to Specops Software. The study found 88% of passwords used in successful attacks consisted of 12 characters or less, with the most common being 8 characters (24%). The most common base terms used in passwords were: ‘password’, ‘admin’, ‘welcome’ and ‘p@ssw0rd’. Passwords containing only lowercase letters were the most common character combination found, … More

The post Understanding password behavior key to developing stronger cybersecurity protocols appeared first on Help Net Security.

"

Autosummary: Strong password policy enforcement In Nvidia’s data breach in 2022, where thousands of employee passwords were leaked, many employees had used passwords such as ‘Nvidia’, ‘qwerty’ and ‘nvidia3d’. "


TSA issues additional cybersecurity rules for the aviation sector

ciber
2023-03-13 https://www.helpnetsecurity.com/2023/03/13/tsa-cybersecurity-aviation/

The Transportation Security Administration (TSA) issued a new cybersecurity amendment to the security programs of certain TSA-regulated (airport and aircraft) operators in the aviation sector, following similar measures announced in October 2022 for passenger and freight railroad carriers. This is part of the Department of Homeland Security’s efforts to increase the cybersecurity resilience of U.S. critical infrastructure and follows extensive collaboration with aviation partners. “Protecting our nation’s transportation system is our highest priority and TSA … More

The post TSA issues additional cybersecurity rules for the aviation sector appeared first on Help Net Security.

"

Autosummary: "


<a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a" hreflang="en">Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server</a>

exploits government ciber
2023-03-13 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a

SUMMARY

From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a .NET deserialization vulnerability (CVE-2019-18935) in Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server. Successful exploitation of this vulnerability allows for remote code execution. According to Progress Software, Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to this exploit.[1]

Actions to take today to mitigate malicious cyber activity:

  • Implement a patch management solution to ensure compliance with the latest security patches.
  • Validate output from patch management and vulnerability scanning against running services to check for discrepancies and account for all services.
  • Limit service accounts to the minimum permissions necessary to run services.

CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) to provide IT infrastructure defenders with tactics, techniques, and procedures (TTPs), IOCs, and methods to detect and protect against similar exploitation.

Download the PDF version of this report:

Autosummary: rule CISA_10424018_01 { meta: Author = "CISA Code & Media Analysis" Incident = "10424018" Date = "2023-02-07" Last_Modified = "20230216_1500" Actor = "n/a" Family = "n/a" Capabilities = "n/a" Malware_Type = "n/a" Tool_Type = "n/a" Description = "Detects open-source exploit samples" SHA256 = "n/a" strings: $s0 = { 3D 20 7B 20 22 63 6D 22 2C 20 22 64 2E 65 22 2C } $s1 = { 20 22 78 22 2C 20 22 65 22 20 7D 3B } $s2 = { 52 65 76 65 72 73 65 53 68 65 6C 6C 28 29 } $s3 = { 54 65 6C 65 72 69 6B 20 55 49 } $s4 = { 66 69 6C 65 6E 61 6D 65 5F 6C 6F 63 61 6C } $s5 = { 66 69 6C 65 6E 61 6D 65 5F 72 65 6D 6F 74 65 } $s6 = { 41 55 43 69 70 68 65 72 2E 65 6E 63 72 79 70 74 } $s7 = { 31 32 31 66 61 65 37 38 31 36 35 62 61 33 64 34 } $s8 = { 43 6F 6E 6E 65 63 74 53 74 61 67 69 6E 67 53 65 72 76 65 72 28 29 } $s9 = { 53 74 61 67 69 6E 67 53 65 72 76 65 72 53 6F 63 6B 65 74 } $s10 = { 2A 62 75 66 66 65 72 20 3D 20 28 75 6E 73 69 67 6E 65 } $s11 = { 28 2A 29 28 29 29 62 75 66 66 65 72 3B 0A 20 20 20 20 66 75 6E 63 28 29 3B } $s12 = { 75 70 6C 6F 61 64 28 70 61 79 6C 6F 61 64 28 54 65 6D 70 54 61 72 67 65 74 } $s13 = { 36 32 36 31 36 66 33 37 37 35 36 66 32 66 } condition: ($s0 and $s1 and $s2) or ($s3 and $s4 and $s5 and $s6 and $s7) or ($s8 and $s9 and $s10 and $s11) or ($s12 and $s13) } Log Collection, Retention, and Analysis CISA, FBI, and MS-ISAC recommend that organizations utilize a centralized log collection and monitoring capability, as well as implement or increase logging and forensic data retention.Application Crash {"EventData":{"Data":"0, APPCRASH, Not available, 0, w3wp.exe, 8.5.9600.16384, 5215df96, 1664175639.65719.dll, 0.0.0.0, 63314d94, c00000fd, 00000000000016f8, C:\\Windows\\Temp\\WERE3F6.tmp.appcompat.txt C:\\Windows\\Temp\\WERE639.tmp.All of the analyzed samples have network parameters, including host name, domain name, Domain Name System (DNS) server Internet Protocol (IP) address and machine name, Network Basic Input/Output System (NetBIOS) ID, adapter information, IP address, subnet, gateway IP, and Dynamic Host Configuration Protocol (DHCP) server [T1016].|1664175639.65719.dll |c:\windows\system32\inetsrv\w3wp.exe |C:\Windows\Temp\1664175639.65719.dll Application Error {"EventData":{"Data":"w3wp.exe, 8.5.9600.16384, 5215df96, 1664175639.65719.dll, 0.0.0.0, 63314d94, c00000fd, 00000000000016f8, 1708, 01d8d0a5f84af443, c:\\windows\\system32\\inetsrv\\w3wp.exe, C:\\Windows\\Temp\\1664175639.65719.dll, eed89eeb-3d68-11ed-817c-005056990ed7","Binary":""}} 1001 w3wp.exe CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) to provide IT infrastructure defenders with tactics, techniques, and procedures (TTPs), IOCs, and methods to detect and protect against similar exploitation.These descriptions are sourced directly from Microsoft.[6] Table 5: Four Fields Searched in IIS Logs General Name Field Name Description Method cs-method Requested action; for example, a GET method URI Stem cs-uri-stem Universal Resource Identifier (URI), or target, of the action URI Query cs-uri-query The query, if any, that the client was trying to perform; A URI query is necessary only for dynamic pages.TA1’s malware gathers network parameters, including host name, domain name, DNS servers, NetBIOS ID, adapter information, IP address, subnet, gateway IP, and DHCP server.Web.UI.WebResource.axd, [*redacted*], False, [*redacted*], 15, [*redacted*], False, at Telerik.For example, file 1596835329.5015914.png , which decodes to August 7, 2020, 21:22:09 UTC, first appeared on October 13, 2022, but the file system shows a creation date of August 7, 2020.WERInternalMetadata.xml C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_w3wp.exe_d538da447d49df5862c37684118d0c25c2eff_9e3fd63b_cab_0c3ee656\\memory.hdmp C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_w3wp.exe_d538da447d49df5862c37684118d0c25c2eff_9e3fd63b_cab_0c3ee656\\triagedump.dmp, C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_w3wp.exe_d538da447d49df5862c37684118d0c25c2eff_9e3fd63b_cab_0c3ee656, 0, eed89eeb-3d68-11ed-817c-005056990ed7, 4","Binary":""}} The EventID field maps to Windows EventIDs for an easy filter. VALIDATE SECURITY CONTROLS In addition to applying mitigations, CISA, FBI, and MS-ISAC recommend exercising, testing, and validating your organization"s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory.Proof-of-Concept Exploit for CVE-2019-18935 [6] Microsoft: Configure Logging in IIS [7] GitHub: CVE-2019-18935 ACKNOWLEDGEMENTS Google’s Threat Analysis Group (TAG) contributed to this CSA. Other Best Practice Mitigation Recommendations Implement phishing-resistant multifactor authentication (MFA) for as many services possible—particularly for webmail, virtual private networks (VPNs), accounts that access critical systems, and privileged accounts that manage backups. In addition to CVE-2019-18935, this version (2013.2.717) of Telerik UI for ASP.NET AJAX contains the following known vulnerabilities: CVE-2017-11357, CVE-2017-11317, and CVE-2017-9248.Example Regex: \d{10}\.\d{1,8}\.dll These numbers can be copied and translated from digits into readable language with the month, day, year, hour, minute, and seconds displayed.As presented by Bishop Fox and proven during authoring organizations’ investigation of IIS server logs, an exception does not mean that the exploit failed, but more likely that it executed successfully.[3] Figure 1: Threat Actor Assembly Installer If a Werfault crash report was written, Windows event application logs may contain evidence of this— even if the DLLs have been removed from the system as part of a cleanup effort by the threat actors.Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a .NET deserialization vulnerability (CVE-2019-18935) in Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server. Overview CISA and authoring organizations assess that, beginning as late as November 2022, threat actors successfully exploited a .NET deserialization vulnerability (CVE-2019-18935) in an instance of Telerik UI for ASP.NET AJAX Q2 2013 SP1 (version 2013.2.717) running on an FCEB agency’s Microsoft IIS server. Log Type: Windows Event Application Logs Location: -%SystemDrive%\Windows\System32\winevt\logs\Application.evtx Kroll Artifact Parser and Extractor (KAPE), a forensic artifact collector and parser, was used to extract the Windows event logs from a backup image of the compromised IIS server.[CPG 3.1, 3.2] Evaluate user permissions and maintain separate user accounts for all actions and activities not associated with the administrator role, e.g., for business email, web browsing, etc. "


The cybersecurity landscape in the era of economic instability

ciber
2023-03-10 https://www.helpnetsecurity.com/2023/03/10/cybersecurity-landscape-economic-instability-video/

Economic uncertainty is squeezing organizations globally. Gartner predicts nearly half of cybersecurity leaders will change jobs by 2025. These findings are alarming but undoubtedly unsurprising in today’s IT landscape. In this Help Net Security video, Denis Dorval, VP of International at JumpCloud, discusses how the responsibility of cybersecurity can no longer be placed on the shoulders of IT admins alone. Experts have long been advising that cybersecurity must be an organization-wide priority built into the … More

The post The cybersecurity landscape in the era of economic instability appeared first on Help Net Security.

"

Autosummary: "


TSA tells US aviation industry to boost its cybersecurity

industry ciber
2023-03-09 https://www.tripwire.com/state-of-security/tsa-tells-us-aviation-industry-boost-its-cybersecurity
The US Transportation and Security Administration (TSA) has issued new requirements for airport and aircraft operators who, they say, are facing a "persistent cybersecurity threat." Read more in my article on the Tripwire State of Security blog. "

Autosummary: "


Three crucial moments when founding a cybersecurity startup

ciber
2023-03-08 https://www.helpnetsecurity.com/2023/03/08/building-perfect-cybersecurity-startup/

With 10% of startups failing in the first year, making wise and future-proof decisions for your new cybersecurity venture is essential. Building the perfect cybersecurity startup As society adapts to an increasingly digital world, opportunities for cybercrime and attacks are also mounting. Consequently, more and more cybersecurity businesses are popping up, and the market is becoming more saturated with each quarter that passes. While there’s no blueprint for building the perfect cybersecurity startup, there are … More

The post Three crucial moments when founding a cybersecurity startup appeared first on Help Net Security.

"

Autosummary: It’s never too early to start networking It’s no secret that networking offers invaluable opportunities, from practicing communication and sales skills to meeting potential customers, suppliers, partners, and investors. Certified Information Security Auditor (CISA) CompTIA Security+ These three certifications are often regarded as the industry standard, so depending on the type of cybersecurity startup you have, you’ll likely want to broaden your expertise by earning those. "


How STEM education can solve talent shortages, improve cybersecurity

ciber
2023-03-08 https://www.helpnetsecurity.com/2023/03/08/stem-education-solve-talent-shortages-improve-cybersecurity-video/

In this Help Net Security video, Avani Desai, CEO at Schellman, talks about how teaching STEM subjects like cybersecurity is essential for addressing the staffing crisis and ensuring that organizations have the talent to protect themselves from cyber threats in the years to come. In addition, teaching STEM subjects like cybersecurity can help promote diversity and inclusion in the tech industry. By providing opportunities for underrepresented groups to learn about cybersecurity and pursue careers in … More

The post How STEM education can solve talent shortages, improve cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Palo Alto Networks enhances cybersecurity capabilities with AI-powered ITDR module

ciber
2023-03-07 https://www.helpnetsecurity.com/2023/03/07/palo-alto-networks-cortex-xsiam/

Palo Alto Networks released new Identity Threat Detection and Response (ITDR) module for Cortex XSIAM, enabling customers to ingest user identity and behavior data and deploy AI technology to detect identity-driven attacks within seconds. The module further strengthens XSIAM’s ability to consolidate multiple security operations capabilities into a unified, AI-driven security operations center (SOC) platform. Identity-driven attacks, which target user credentials to access confidential data and systems, are one of the most common methods cyber … More

The post Palo Alto Networks enhances cybersecurity capabilities with AI-powered ITDR module appeared first on Help Net Security.

"

Autosummary: Cortex XSIAM already natively integrates security information and event management (SIEM), endpoint detection and response (EDR), network detection and response (NDR), security, orchestration and response (SOAR), Threat Intelligence Management (TIM) and Attack Surface management (ASM) capabilities, replacing the need for multiple point solutions. "


6 cybersecurity and privacy Firefox add-ons you need to know about

ciber
2023-03-06 https://www.helpnetsecurity.com/2023/03/06/cybersecurity-privacy-firefox-add-ons/

In today’s digital age, cybersecurity and privacy have become major concerns for internet users. With the increase in cyber attacks and data breaches, it is vital to protect your online privacy and security. One way to do this is by using add-ons for your web browser that can help enhance your security and privacy. Firefox is one of the most popular web browsers, and it offers a variety of add-ons that can help you stay … More

The post 6 cybersecurity and privacy Firefox add-ons you need to know about appeared first on Help Net Security.

"

Autosummary: Temporary Containers With Temporary Containers, you can open disposable containers that isolate attached data and are deleted after usage: Fully automatic, based on navigation-target, for certain websites, with configured mouse clicks on links or just by using the toolbar icon. "


National Cybersecurity Strategy Document: What you need to know

ciber
2023-03-06 https://www.malwarebytes.com/blog/news/2023/03/national-cybersecurity-strategy-document-what-you-need-to-know

Categories: News

Tags: whitehouse

Tags: biden

Tags: national cybersecurity document

Tags: federal

Tags: government

Tags: data

Tags: privacy

Tags: security

The US Government has been working on the National Cybersecurity Strategy Document 2023 for some time now, and it’s finally been released.

(Read more...)

The post National Cybersecurity Strategy Document: What you need to know appeared first on Malwarebytes Labs.

"

Autosummary: As per the WSJ, the five primary areas for action are: Defending critical infrastructure Disruption and dismantling of criminal gangs Shape market forces Investing in a resilient future Forge international partnerships One large part of this new strategy is that organisations potentially most well equipped to fend off attacks must step up and do more: The most capable and best positioned actors in cyberspace must be better stewards of the digital ecosystem...we must ask more [across both the public and private sectors] of the most capable and best positioned actors to make our digital ecosystem more secure and resilient. Update Federal response plans You can expect better processes should you need to contact Federal authorities after a cyber incident, with the aim of creating a “unified, coordinated, whole of government response” with organisations able to quickly and easily find out who to contact, and when. "


8 cybersecurity tips to keep you safe when travelling

ciber
2023-03-06 https://www.malwarebytes.com/blog/news/2023/03/9-cybersecurity-tips-to-keep-you-safe-when-travelling

Categories: Awareness

Categories: News

Tags: travel

Tags: safe

Tags: devices

Tags: VPN

Tags: backups

Tags: connections

Tags: updates

Here are some cybersecurity tips to keep you safe while you travel.

(Read more...)

The post 8 cybersecurity tips to keep you safe when travelling appeared first on Malwarebytes Labs.

"

Autosummary: Avoid sites where you need to login, sites with sensitive info (banking, healthcare, etc.), and especially stay away from making purchases over an unsecured connection.Check if there are updates for your operating system (Windows, Android, iOS, or whatever you’re using), banking apps, and anything else which is privacy sensitive and you use on a daily basis. "


Viasat strengthens network security posture for enterprises with Trusted Cybersecurity Services

ciber
2023-03-04 https://www.helpnetsecurity.com/2023/03/04/viasat-trusted-cybersecurity-services/

The Trusted Cybersecurity Services (TCS) solution, a hosted intrusion detection service that utilizes classified government threat intelligence to identify and address existing, potential, and emerging cyber threats on an organization’s network, has been introduced by Viasat. The service leverages cyber threat intelligence provided by the U.S. Department of Homeland Security (DHS) through the Cybersecurity and Infrastructure Agency (CISA) Enhanced Cybersecurity Services (ECS) program to help protect U.S.-based organizations from malicious cyber threats. Viasat is the … More

The post Viasat strengthens network security posture for enterprises with Trusted Cybersecurity Services appeared first on Help Net Security.

"

Autosummary: "


The role of human insight in AI-based cybersecurity

ciber
2023-03-03 https://www.helpnetsecurity.com/2023/03/03/ai-human-insights-cybersecurity/

To unleash the power of AI, it’s essential to integrate some human input. The technical term is Reinforcement Learning from Human Feedback (RLHF): a machine-learning technique that uses human feedback to train and improve the accuracy of an AI model. ChatGPT, the most notable example of AI and RLHF working together, took the most innovative AI-based language model available (GPT-3 developed by OpenAI) and paired it with RLHF to optimize it for human interaction. The … More

The post The role of human insight in AI-based cybersecurity appeared first on Help Net Security.

"

Autosummary: If AI-based cybersecurity tools leveraged RLHF, they would be immensely powerful, intuitive, and effective and could improve detection and response times to even the most sophisticated threats.By combining AI and RLHF, teams can better identify potential threats, resulting in up to a 90% reduction in the amount of time needed to identify and react to phishing scams, while also significantly reducing the organization’s risk posture. "


U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware"s Deadly Capabilities

exploits ransomware ciber
2023-03-03 https://thehackernews.com/2023/03/us-cybersecurity-agency-raises-alarm.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory about Royal ransomware, which emerged in the threat landscape last year. "After gaining access to victims" networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems," CISA said. The custom ransomware "

Autosummary: Ransom demands made by Royal vary from $1 million to $11 million, with attacks targeting a variety of critical sectors, including communications, education, healthcare, and manufacturing. "


Retailer WH Smith discloses data breach after a cyberattack

financial ciber
2023-03-03 https://securityaffairs.com/142918/data-breach/wh-smith-data-breach.html

Retailer WH Smith disclosed a data breach following a cyber attack, threat actors had access to access company data. Retailer WH Smith revealed that threat actors have breached its infrastructure and had access to the data of about 12,500 current and former employees. The company immediately launched an investigation into the incident with the help […]

The post Retailer WH Smith discloses data breach after a cyberattack appeared first on Security Affairs.

"

Autosummary: "


Uncovering the most pressing cybersecurity concerns for SMBs

ciber
2023-03-02 https://www.helpnetsecurity.com/2023/03/02/pressing-cybersecurity-concerns-smbs-video/

In this Help Net Security video interview, James Edgar, CISO at Fleetcor, discusses what consequences SMBs are most concerned about when it comes to cyberattacks, what technology SMBs are most interested in, and much more.

The post Uncovering the most pressing cybersecurity concerns for SMBs appeared first on Help Net Security.

"

Autosummary: "


British retail chain WH Smith says data stolen in cyberattack

ciber
2023-03-02 https://www.bleepingcomputer.com/news/security/british-retail-chain-wh-smith-says-data-stolen-in-cyberattack/
British retailer WH Smith has suffered a data breach that exposed information belonging to current and former employees. [...] "

Autosummary: Customer data is safe “WH Smith PLC has been the target of a cyber security incident which has resulted in illegal access to some company data, including current and former employee data,” reads the company"s cybersecurity notice filed with London’s Stock Exchange. "


US government puts cybersecurity at forefront with newly announced National Strategy

government ciber
2023-03-02 https://www.helpnetsecurity.com/2023/03/02/us-government-puts-cybersecurity-at-forefront-with-newly-announced-national-strategy/

The National Cybersecurity Strategy was unveiled today by the Biden-Harris Administration. The Strategy recognizes that government must use all tools of national power in a coordinated manner to protect national security, public safety, and economic prosperity. The United States will make its digital ecosystem: Defensible, where cyber defense is overwhelmingly easier, cheaper, and more effective Resilient, where cyber incidents and errors have little widespread or lasting impact. The Administration has already taken steps to secure … More

The post US government puts cybersecurity at forefront with newly announced National Strategy appeared first on Help Net Security.

"

Autosummary: "


White House releases new U.S. national cybersecurity strategy

ciber
2023-03-02 https://www.bleepingcomputer.com/news/security/white-house-releases-new-us-national-cybersecurity-strategy/
The Biden-Harris administration today released its national cybersecurity strategy that focuses on shifting the burden of defending the country"s cyberspace towards software vendors and service providers. [...] "

Autosummary: "Russia remains a persistent cyber threat as it refines its cyber espionage, attack, influence, and disinformation capabilities to coerce sovereign countries, harbor transnational criminal actors, weaken U.S. alliances and partnerships, and subvert the rules-based international system. "


Covert cyberattacks on the rise as attackers shift tactics for maximum impact

industry ciber
2023-03-01 https://www.helpnetsecurity.com/2023/03/01/shifting-attack-strategies/

2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall. “The past year reinforced the need for cybersecurity in every industry and every facet of business, as threat actors targeted anything and everything, from education to retail to finance,” said SonicWall President and CEO Bob VanKirk. “While organizations face an increasing number of … More

The post Covert cyberattacks on the rise as attackers shift tactics for maximum impact appeared first on Help Net Security.

"

Autosummary: "


Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware

exploits ciber
2023-03-01 https://thehackernews.com/2023/03/cybercriminals-targeting-law-firms-with.html
Six different law firms were targeted in January and February 2023 as part of two disparate threat campaigns distributing GootLoader and FakeUpdates (aka SocGholish) malware strains. GootLoader, active since late 2020, is a first-stage downloader that"s capable of delivering a wide range of secondary payloads such as Cobalt Strike and ransomware. It notably employs search engine optimization ( "

Autosummary: " "This has been largely thanks to GootLoader, SocGholish, SolarMarker, and recent campaigns leveraging Google Ads to float top search results." "


TikTok answers three big cybersecurity fears about the app

ciber
2023-02-28 https://www.bbc.co.uk/news/technology-64797355?at_medium=RSS&at_campaign=KARANGA
Calls in the US for a ban on TikTok have reignited the global debate about its cybersecurity risks. "

Autosummary: Image source, Getty Images Image caption, The Chinese version of TikTok, called Douyin, shares the same format and basic engineering code At the start of TikTok"s ascendancy, there were high-profile cases of censorship on the app: a user in the US had her account suspended for discussing Beijing"s treatment of Muslims in Xinjiang; after a fierce public backlash, TikTok apologised and reinstated the account. Image source, Getty Images Image caption, Shanghai tech giant ByteDance owns TikTok and its sister app Douyin Article seven of China"s National Intelligence Law states that all Chinese organisations and citizens should "support, assist and co-operate" with Chinese intelligence efforts. In November 2022, Christopher Wray, director of the Federal Bureau of Investigation (FBI), told US lawmakers: "The Chinese government could… control the recommendation algorithm, which could be used for influence operations. "


Stay one step ahead: Cybersecurity best practices to prevent breaches

ciber
2023-02-27 https://www.helpnetsecurity.com/2023/02/27/cybersecurity-best-practices-to-prevent-breaches-video/

In this Help Net Security video, Caroline Wong, Chief Strategy Officer at Cobalt, offers valuable insight into what leaders can do to instill stronger cybersecurity practices from the bottom up and prevent breaches.

The post Stay one step ahead: Cybersecurity best practices to prevent breaches appeared first on Help Net Security.

"

Autosummary: "


Week in review: ChatGPT and cybersecurity, hidden vulnerabilities in Docker containers

ciber
2023-02-26 https://www.helpnetsecurity.com/2023/02/26/week-in-review-chatgpt-and-cybersecurity-hidden-vulnerabilities-in-docker-containers/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google Protected Computing: Ensuring privacy and safety of data regardless of location In this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, talks about Protected Computing, the impact of data protection regulations, and privacy in general. Users looking for ChatGPT apps get malware instead The massive popularity of OpenAI’s chatbot ChatGPT has … More

The post Week in review: ChatGPT and cybersecurity, hidden vulnerabilities in Docker containers appeared first on Help Net Security.

"

Autosummary: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google Protected Computing: Ensuring privacy and safety of data regardless of location In this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, talks about Protected Computing, the impact of data protection regulations, and privacy in general. "


Dish Network goes offline after likely cyberattack, employees cut off

ciber
2023-02-25 https://www.bleepingcomputer.com/news/security/dish-network-goes-offline-after-likely-cyberattack-employees-cut-off/
American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. [...] "

Autosummary: Dish Network website, phones, apps offline Dish Network websites and apps including Dish.com, DishWireless.com, and Dish Anywhere are facing a prolonged outage with customers unable to get to their accounts or stream TV online: Dish.com website offline amid "internal system issue" (BleepingComputer) BleepingComputer also observed the Dish Anywhere Android app experiencing connection issues: Dish Anywhere app unreachable (BleepingComputer) Customers have also reported experiencing problems when attempting to pay their bills or calling customer service centers." Employees report it"s a cyberattack A source in touch with a Dish Network employee told BleepingComputer that the network "has been hit" (by a cyber attack) with employees seeing "blank icons" on their Desktop—something that typically occurs after a ransomware infection encrypts the victim"s files. "


Employees bypass cybersecurity guidance to achieve business objectives

ciber
2023-02-24 https://www.helpnetsecurity.com/2023/02/24/bypass-cybersecurity-guidance/

By 2025, nearly half of cybersecurity leaders will change jobs, 25% for different roles entirely due to multiple work-related stressors, according to Gartner. “Cybersecurity professionals are facing unsustainable levels of stress,” said Deepti Gopal, Director Analyst, Gartner. “CISOs are on the defense, with the only possible outcomes that they don’t get hacked or they do. The psychological impact of this directly affects decision quality and the performance of cybersecurity leaders and their teams,” Gopal added. … More

The post Employees bypass cybersecurity guidance to achieve business objectives appeared first on Help Net Security.

"

Autosummary: “Friction that slows down employees and leads to insecure behavior is a significant driver of insider risk,” said Paul Furtado, VP Analyst, Gartner. "


How to Use AI in Cybersecurity and Avoid Being Trapped

ciber
2023-02-24 https://thehackernews.com/2023/02/how-to-use-ai-in-cybersecurity-and.html
The use of AI in cybersecurity is growing rapidly and is having a significant impact on threat detection, incident response, fraud detection, and vulnerability management. According to a report by Juniper Research, the use of AI for fraud detection and prevention is expected to save businesses $11 billion annually by 2023. But how to integrate AI into business cybersecurity infrastructure "

Autosummary: Its AI algorithms analyze and classify web content in real-time, which allows web filtering software to quickly identify and block websites that contain harmful content, such as malware, phishing scams, and inappropriate material. However, deploying AI in business cybersecurity can be a complex and challenging process, and there are many potential pitfalls to avoid to ensure that AI is effectively integrated into your cybersecurity strategy. "


CISA Sounds Alarm on Cybersecurity Threats Amid Russia"s Invasion Anniversary

ciber
2023-02-24 https://thehackernews.com/2023/02/cisa-sounds-alarm-on-cybersecurity.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations and individuals to increase their cyber vigilance, as Russia"s military invasion of Ukraine officially enters one year. "CISA assesses that the United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord on February 24, "

Autosummary: "


UK won the Military Cyberwarfare exercise Defence Cyber Marvel 2 (DCM2)

ciber
2023-02-24 https://securityaffairs.com/142669/cyber-warfare-2/uk-won-defence-cyber-marvel-2-dcm2.html

Defence Cyber Marvel 2 (DCM2) is the largest Western Europe-led cyber exercise that took place in Tallinn with 34 teams from 11 countries. The Defence Cyber Marvel 2 (DCM2) is the largest training exercise organised by the Army Cyber Association to allow personnel from across the Armed Forces to build their skills within the cyber […]

The post UK won the Military Cyberwarfare exercise Defence Cyber Marvel 2 (DCM2) appeared first on Security Affairs.

"

Autosummary: 34 teams from 11 countries, including India, Italy, Ghana, Japan, US, Ukraine, Kenya, and Oman, have taken part in a live-fire cyber battle that lasted seven days. "


<a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a" hreflang="en">CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks</a>

ciber
2023-02-24 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
"

Autosummary: On Workstation 1, the team leveraged a modified SharpHound collector, ldapsearch , and command-line tool, dsquery , to query and scrape AD information, including AD users [T1087.002], computers [T1018], groups [T1069.002], access control lists (ACLs), organizational units (OU), and group policy objects (GPOs) [T1615]. As a long-term effort, CISA recommends organizations prioritize implementing a more modern, Zero Trust network architecture that: Leverages secure cloud services for key enterprise security capabilities (e.g., identity and access management, endpoint detection and response, policy enforcement).[T1136.001] Account Manipulation [T1098 ] Intrusion Detection or Prevention Systems Endpoint Protection Platform Web Proxy Logs Detect and identify source IP and source process of malicious traffic Investigate destination IP address Triage compromised host Develop response plan None Local Admin User Account Creation (server) Create a local administrator account on a target server system. Figure 1: Red Team Cyber Threat Activity: Initial Access and Lateral Movement While traversing the network, the team varied their lateral movement techniques to evade detection and because the organization had non-uniform firewalls between the sites and within the sites (within the sites, firewalls were configured by subnet). Lateral Movement, Credential Access, and Persistence The red team moved laterally [TA0008] from Workstation 2 to the Site 1 SharePoint server and had SYSTEM level access to the Site 1 SharePoint server, which had Unconstrained Delegation enabled.The user employed a KeePass password manager that the team was able to use to obtain passwords for other internal websites, a kernel-based virtual machine (KVM) server, virtual private network (VPN) endpoints, firewalls, and another KeePass database with credentials. The team then used the TGT to harvest advanced encryption standard (AES)-256 hashes via DCSync [T1003.006] for the krbtgt account and several privileged accounts—including domain admins, workstation admins, and a system center configuration management (SCCM) service account (SCCM Account 1).Intrusion Detection or Prevention Systems Endpoint Protection Platform Web Proxy Logs Detect and identify source IP and source process of malicious traffic Investigate destination IP address Triage compromised host Develop response plan None Trigger Host-Based Protection—Domain Controller Upload and execute a well-known (e.g., with a signature) malicious file to a target DC system to generate host-based alerts.Platform Detect target hosts and ports Identify associated scanning process Analyze scanning host once detected Develop response plan None Comprehensive Active Directory and Host Enumeration Perform AD enumeration by querying all domain objects from the DC; and enumerating trust relationships within the AD Forest, user accounts, and current session information from every domain computer (Workstation and Server). Post-Exploitation Activity: Gaining Access to SBSs With persistent, deep access established across the organization’s networks and subnetworks, the red team began post-exploitation activities and attempted to access SBSs. Plan for Potential Access to SBS 1 Conducting open-source research [1591.001], the team identified that SBS 1 and 2 assets and associated management/upkeep staff were located at Sites 5 and 6, respectively.Phishing Lateral movement reuse Generation and use of the golden ticket Anomalous LDAP traffic Anomalous internal share enumeration Unconstrained Delegation server compromise DCSync Anomalous account usage during lateral movement Anomalous outbound network traffic Anomalous outbound SSH connections to the team’s cloud servers from workstations Most of the red team’s Phase II actions failed to provoke a response from the people, processes, and technology defending the organization’s network.Specifically, the team used the Sharepoint server’s machine NTLM hash and DFSCoerce ’s python script ( DFSCoerce.py ) to prompt DC authentication to the server, and they captured the incoming DC TGT using Rubeus [T1550.002], [T1557.001].While in the MDM MySQL database, Elevating the selected MDM user’s account privileges to administrator privileges, and Modifying the user’s account by adding Create Policy and Delete Policy permissions [T1098], [T1548].Windows Service [T1543.003] Windows Event Logs Detect account compromise Analyze compromised host Develop response plan None Domain Admin Lateral Movement—Workstation to Domain Controller Use a previously compromised domain admin account to upload and execute a payload via SMB and Windows Service Creation, respectively, on a target DC. Introduction CISA has authority to, upon request, provide analyses, expertise, and other technical assistance to critical infrastructure owners and operators and provide operational and timely technical assistance to Federal and non-Federal entities with respect to cybersecurity risks.The meeting invite took them to a red team-controlled domain [T1566.002] with a button, which, when clicked, downloaded a “malicious” ISO file [T1204].The organization failed to detect lateral movement, persistence, and C2 activity via their intrusion detection or prevention systems, endpoint protection platform, web proxy logs, and Windows event logs.The organization failed to detect lateral movement, persistence, and C2 activity via their intrusion detection or prevention systems, endpoint protection platform, web proxy logs, and Windows event logs. CISA is releasing this Cybersecurity Advisory (CSA) detailing the red team’s tactics, techniques, and procedures (TTPs) and key findings to provide network defenders of critical infrastructure organizations proactive steps to reduce the threat of similar activity from malicious cyber actors.Using the same methodology as described by the steps in the Plan for Potential Access to SBS 1 section above, the team gained interactive root access to two Site 6 SBS 2-connected workstations: a software engineering workstation (Workstation 5) and a user administrator workstation (Workstation 6).One user triggered the red team’s payload, which led to installation of a persistent beacon on the user’s workstation (Workstation 2), giving the team persistent access to Workstation 2.This technique, which also leverages CDNs, allows the beacon to appear to connect to third-party domains, such as nytimes.com, when it is actually connecting to the team’s redirect server.If NTLM must be enabled, enable Extended Protection for Authentication (EPA) to prevent some NTLM-relay attacks, and implement SMB signing to prevent certain adversary-in-the-middle and pass-the-hash attacks CPG 3.4]. Phase II: Red Team Measurable Events Activity The red team executed 13 measurable events designed to provoke a response from the people, processes, and technology defending the organization’s network. The team gained root access to workstations connected to MDM 1—specifically, the team accessed Workstation 4—by: Selecting an MDM user from the plaintext credentials in PowerShell scripts on MDM 1.The team gained persistent access to the organization’s network, moved laterally across the organization’s multiple geographically separated sites, and eventually gained access to systems adjacent to the organization’s sensitive business systems (SBSs). However, the team assesses that by using Secure Shell (SSH) session socket files (see below), they could have accessed any hosts available to the users whose workstations were compromised. REFERENCES [1] Bleeping Computer: New DFSCoerce NTLM Relay attack allows Windows domain takeover APPENDIX: MITRE ATT&CK TACTICS AND TECHNIQUES See Table 3 for all referenced red team tactics and techniques in this advisory. Attempts to Access SBS 2 Conducting open-source research, the team identified an organizational branch [T1591] that likely had access to SBS 2.Consider using red team tools, such as SharpHound, for AD enumeration to identify users with excessive privileges and misconfigured hosts (e.g., with Unconstrained Delegation enabled).However, a multifactor authentication (MFA) prompt prevented the team from achieving access to one SBS, and Phase I ended before the team could implement a seemingly viable plan to achieve access to a second SBS. Table 1: Measurable Events Measurable Event Description MITRE ATT&CK Technique(s) Expected Detection Points Expected Network Defender Reactions Reported Reactions Internal Port Scan Launch scan from inside the network from a previously gained workstation to enumerate ports on target workstation, server, and domain controller system(s). Despite having a mature cyber posture, the organization did not detect the red team’s activity throughout the assessment, including when the team attempted to trigger a security response. "


<a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a" hreflang="en">#StopRansomware: Royal Ransomware</a>

exploits ransomware ciber
2023-02-24 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
"

Autosummary: REFERENCES [1] Royal Rumble: Analysis of Royal Ransomware (cybereason.com) [2] DEV-0569 finds new ways to deliver Royal ransomware, various payloads - Microsoft Security Blog [3] 2023-01: ACSC Ransomware Profile - Royal | Cyber.gov.au ACKNOWLEDGEMENTS Recorded Future, Coveware, Digital Asset Redemption, Q6, and RedSense contributed to this CSA.November 2022 68.83.169[.]91 November 2022 81.184.181[.]215 November 2022 82.12.196[.]197 November 2022 98.143.70[.]147 November 2022 140.82.48[.]158 December 2022 147.135.36[.]162 December 2022 147.135.11[.]223 December 2022 152.89.247[.]50 December 2022 172.64.80[.]1 December 2022 179.43.167[.]10 December 2022 185.7.214[.]218 December 2022 193.149.176[.]157 December 2022 193.235.146[.]104 December 2022 209.141.36[.]116 December 2022 45.61.136[.]47 December 2022 45.8.158[.]104 December 2022 5.181.234[.]58 December 2022 5.188.86[.]195 December 2022 77.73.133[.]84 December 2022 89.108.65[.]136 December 2022 94.232.41[.]105 December 2022 47.87.229[.]39 January 2023 Malicious Domain Last Observed ciborkumari[.]xyz October 2022 sombrat[.]com October 2022 gororama[.]com November 2022 Additional details requested include: a targeted company Point of Contact, status and scope of infection, estimated loss, operational impact, transaction IDs, date of infection, date detected, initial attack vector, host and network based indicators.Batch files create a new admin user [T1078.002], force a group policy update, set pertinent registry keys to auto-extract [T1119] and execute the ransomware, monitor the encryption process, and delete files upon completion—including Application, System, and Security event logs [T1070.001].Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA or the FBI. REPORTING FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, a sample ransom note, communications with Royal actors, Bitcoin wallet information, decryptor files, and/or a benign sample of an encrypted file.According to open-source reporting, victims have unknowingly installed malware that delivers Royal ransomware after receiving phishing emails containing malicious PDF documents [T1566.001], and malvertising [T1566.002].[2] According to third-party reporting, Royal actors most commonly (in 66.7% of incidents) gain initial access to victim networks via successful phishing emails [T1566]. Encryption Before starting the encryption process, Royal actors: Use Windows Restart Manager to determine whether targeted files are currently in use or blocked by other applications [T1486].[1] Use Windows Volume Shadow Copy service ( vssadmin.exe ) to delete shadow copies to prevent system recovery.[1] FBI has found numerous batch ( .bat ) files on impacted systems which are typically transferred as an encrypted 7zip file.[CPG 7.3] in a physically separate, segmented, and secure location (i.e., hard drive, storage device, the cloud).[CPG 7.3] in a physically separate, segmented, and secure location (i.e., hard drive, storage device, the cloud).134.35.9[.]209 November 2022 139.195.43[.]166 November 2022 139.60.161[.]213 November 2022 148.213.109[.]165 November 2022 163.182.177[.]80 November 2022 181.141.3[.]126 November 2022 181.164.194[.]228 November 2022 185.143.223[.]69 November 2022 186.64.67[.]6 November 2022 186.86.212[.]138 November 2022 190.193.180[.]228 November 2022 196.70.77[.]11 November 2022 197.11.134[.]255 November 2022 197.158.89[.]85 November 2022 197.204.247[.]7 November 2022 197.207.181[.]147 "


DarkLight partners with Resecurity to improve enterprise cybersecurity posture

ciber
2023-02-23 https://www.helpnetsecurity.com/2023/02/23/darklight-resecurity/

DarkLight and Resecurity partnership will give DarkLight access to Resecurity’s threat intelligence solution called Context, which identifies indications of cyber intrusions and data breaches for clients. This will give DarkLight the ability to provide comprehensive risk assessments tailored to each client’s unique business context. DarkLight’s knowledge driven AI platform, Cyio, was originally developed at the Pacific Northwest National Laboratory (one of the Department of Energy’s national labs) to support an NSA effort. Clients can analyze … More

The post DarkLight partners with Resecurity to improve enterprise cybersecurity posture appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity layoffs in 2023: What to expect?

ciber
2023-02-23 https://www.helpnetsecurity.com/2023/02/23/cybersecurity-layoffs-2023/

The economic downturn predicted for 2023 will lead to layoffs but cybersecurity workers will be least affected, says the latest (ISC)² report. Also, as soon as things get better, they will likely be the first ones to get (re)hired. Execs have realized the importance of cybersecurity There have been massive layoffs by tech and other companies in the last few months. In December 2022, (ISC)² polled 1,000 C-suite executives from Germany, Japan, Singapore, the UK … More

The post Cybersecurity layoffs in 2023: What to expect? appeared first on Help Net Security.

"

Autosummary: And when executives evaluate who will be laid off, job performance will be the most important factor (50%), followed by expertise/skill set (49%), skill redundancy (43%), diversity/team composition (37%), and salary (30%). "


Are your IoT devices at risk? Cybersecurity concerns for 2023

industry ciber
2023-02-22 https://www.helpnetsecurity.com/2023/02/22/iot-devices-cybersecurity-risk-2023-video/

In this Help Net Security video, J.R. Cunningham, CSO at Nuspire, discusses IoT cybersecurity concerns for 2023. With homes becoming increasingly connected and reliant on smart technology, the potential for cybercriminals to exploit vulnerabilities and wreak havoc is higher than ever before. Although we have new and emerging standards for how connected things talk to each other, such as the Matter standard that IoT companies have agreed to adopt, this could be the year we … More

The post Are your IoT devices at risk? Cybersecurity concerns for 2023 appeared first on Help Net Security.

"

Autosummary: "


U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

ciber
2023-02-22 https://thehackernews.com/2023/02/us-cybersecurity-agency-cisa-adds-three.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986 (CVSS score: 9.8) - IBM Aspera Faspex Code Execution Vulnerability CVE-2022-41223 (CVSS score: 6.8) - Mitel MiVoice Connect Code Injection "

Autosummary: "


ChatGPT is bringing advancements and challenges for cybersecurity

ciber
2023-02-21 https://www.helpnetsecurity.com/2023/02/21/chatgpt-cybersecurity-challenges/

Understanding why ChatGPT is garnering so much attention takes a bit of background. Up until recently, AI models have been quite “dumb”: they could only respond to specific tasks when trained on a large dataset providing context on what to find. But, over the last five years, research breakthroughs have taken AI to a whole new level, enabling computers to better understand the meaning behind words and phrases. Leveraging these mechanics and 5 large language … More

The post ChatGPT is bringing advancements and challenges for cybersecurity appeared first on Help Net Security.

"

Autosummary: In theory, ChatGPT and similar AI models should help close the cybersecurity talent shortage by making individual security professionals significantly more effective – so much so, in fact, that with AI, one person will be able to accomplish the same output as multiple individuals before. Ready or not, here it comes Whether we like it or not, ChatGPT and next-generation AI models are here to stay, which presents us with a choice: we can be afraid of the change and what’s to come, or we can adapt to it and ensure we embrace it holistically by implementing both an offensive and defensive strategy. "


What can we learn from the latest Coinbase cyberattack?

ciber
2023-02-21 https://www.helpnetsecurity.com/2023/02/21/coinbase-cyberattack/

Cryptocurrency exchange Coinbase has fended off a cyberattack that might have been mounted by the same attackers that targeted Twillio, Cloudflare and many other companies last year. Leveraging smishing and vishing, the attackers tried to trick Coinbase employees into sharing login credentials and installing remote desktop applications, and were only partly successful: the company’s incident response team quickly reacted to “unusual activity” alerts and, in the end, the attackers were unable to access customer information … More

The post What can we learn from the latest Coinbase cyberattack? appeared first on Help Net Security.

"

Autosummary: Attempted access to company assets from a third party VPN provider Phone calls or text messages from services like Google Voice, Skype, Vonage (formerly Nexmo), etc. “As a network defender you should expect to see login attempts to corporate applications from VPN services (e.g. Mullvad), using stolen credentials, cookies, or other session tokens. "


Cybersecurity takes a leap forward with AI tools and techniques

ciber
2023-02-20 https://www.helpnetsecurity.com/2023/02/20/cybersecurity-ai-tools-techniques/

Scientists have taken a key step toward harnessing a form of artificial intelligence known as deep reinforcement learning, or DRL, to protect computer networks. Autonomus cyber defense framework When faced with sophisticated cyberattacks in a rigorous simulation setting, deep reinforcement learning was effective at stopping adversaries from reaching their goals up to 95 percent of the time. The outcome offers promise for a role for autonomous AI in proactive cyber defense. Scientists from the Department … More

The post Cybersecurity takes a leap forward with AI tools and techniques appeared first on Help Net Security.

"

Autosummary: DRL: Decisions in a broad attack space “An effective AI agent for cybersecurity needs to sense, perceive, act and adapt, based on the information it can gather and on the results of decisions that it enacts,” said Samrat Chatterjee, a data scientist who presented the team’s work. The stages of the attack included tactics of reconnaissance, execution, persistence, defense evasion, command and control, collection and exfiltration (when data is transferred out of the system). “Our goal is to create an autonomous defense agent that can learn the most likely next step of an adversary, plan for it, and then respond in the best way to protect the system,” Chatterjee said. "


Coinbase cyberattack targeted employees with fake SMS alert

ciber
2023-02-20 https://www.bleepingcomputer.com/news/security/coinbase-cyberattack-targeted-employees-with-fake-sms-alert/
Coinbase cryptocurrency exchange platform has disclosed that an unknown threat actor stole the login credentials of one of its employees in an attempt to gain remote access to the company"s systems. [...] "

Autosummary: Any downloads or attempted downloads of specific remote desktop viewers, including AnyDesk (anydesk dot com) and ISL Online (islonline[.]com) Any attempts to access the organization from a third-party VPN provider, specifically Mullvad VPN Incoming phone calls/text messages from specific providers, including Google Voice, Skype, Vonage/Nexmo, and Bandwidth Any unexpected attempts to install specific browser extensions, including EditThisCookie Employees of companies that manage digital assets and have a strong online presence are bound to be targeted by social engineering actors at some point. "


SANS Institute unveils new cybersecurity training for IT administrators

ciber
2023-02-20 https://www.helpnetsecurity.com/2023/02/20/sans-security-essentials-for-it-administrators/

SANS Security Awareness, a division of the SANS Institute, launched its new short-form technical training modules, “Security Essentials for IT Administrators.” This series provides a comprehensive review of cybersecurity principles, specifically targeting those with a foundational understanding of IT systems and/or network administration to keep them up-to-date and knowledgeable in the constantly evolving cybersecurity landscape. Relevant training for this audience is essential in the overall security posture of an organization as more IT professionals, such … More

The post SANS Institute unveils new cybersecurity training for IT administrators appeared first on Help Net Security.

"

Autosummary: "


GoDaddy says it"s a victim of multi-year cyberattack campaign

ciber
2023-02-20 https://www.malwarebytes.com/blog/news/2023/02/godaddy-says-its-a-victim-of-multi-year-cyberattack-campaign

Categories: News

Tags: GoDaddy

Tags: GoDaddy breach

Hosting and domain name company GoDaddy says it believes a sophisticated threat actor group has been subjecting the company to a multi-year attack campaign.

(Read more...)

The post GoDaddy says it"s a victim of multi-year cyberattack campaign appeared first on Malwarebytes Labs.

"

Autosummary: " Make sure your hosting account is secure If you are using GoDaddy or other hosting services, now is a good time to review your credentials and ensure your account is as locked up as possible.Posted: February 20, 2023 by Hosting and domain name company GoDaddy says it believes a "sophisticated threat actor group" has been subjecting the company to a multi-year attack campaign. "


Week in review: Microsoft, Apple patch exploited zero-days, tips for getting hired in cybersecurity

exploits ciber
2023-02-19 https://www.helpnetsecurity.com/2023/02/19/week-in-review-microsoft-apple-patch-exploited-zero-days-tips-for-getting-hired-in-cybersecurity/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Combining identity and security strategies to mitigate risks The Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, announced Jeff Reich as the organization’s new Executive Director. Can we predict cyber attacks? Bfore.AI says they can In this Help Net Security interview, Luigi … More

The post Week in review: Microsoft, Apple patch exploited zero-days, tips for getting hired in cybersecurity appeared first on Help Net Security.

"

Autosummary: In this role, Bhagwat will lead the evolution, growth, and expansion of the Entrust Digital Security portfolio, which includes solutions for data encryption, public and private certificate authorities, identity and access management, digital signing, and security policy management. New infosec products of the week: February 17, 2023 Here’s a look at the most interesting products from the past week, featuring releases from CyberSaint, DigiCert, Finite State, FireMon, and Veeam Software. "


FBI is investigating a cybersecurity incident on its network

ciber
2023-02-17 https://www.bleepingcomputer.com/news/security/fbi-is-investigating-a-cybersecurity-incident-on-its-network/
The U.S. Federal Bureau of Investigation (FBI) is reportedly investigating malicious cyber activity on the agency"s network. [...] "

Autosummary: "


⚡Top Cybersecurity News Stories This Week — Cybersecurity Newsletter

ciber
2023-02-17 https://thehackernews.com/2023/02/top-cybersecurity-news-stories-this.html
Hey 👋 there, cyber friends! Welcome to this week"s cybersecurity newsletter, where we aim to keep you informed and empowered in the ever-changing world of cyber threats. In today"s edition, we will cover some interesting developments in the cybersecurity landscape and share some insightful analysis of each to help you protect yourself against potential attacks. 1. Apple 📱 Devices Hacked with "

Autosummary: If not, it"s time to do so, as the tech giant just released security updates for iOS, iPadOS, macOS, and Safari. So keep those firewalls up, keep those updates coming, and let"s continue to stay curious, stay vigilant, and stay safe in the ever-changing digital landscape.Most of these compromised hosts are located in France, Germany, the Netherlands, the U.K., and Ukraine. Ransomware attacks like ESXiArgs can be devastating for organizations, causing data loss, financial losses, and reputational damage. "


Veeam Data Platform improves business resiliency in the case of disaster or cyberattacks

ciber
2023-02-16 https://www.helpnetsecurity.com/2023/02/16/veeam-data-platform/

Veeam Software has released the Veeam Data Platform, a single platform delivering more advanced data security, recovery and hybrid cloud capabilities. The Veeam Data Platform, which includes Veeam Backup & Replication (VBR) v12, provides secure backup and recovery that keeps business running. It brings together the latest features offered from Veeam into a single solution that is offered in three enterprise-grade editions for protecting Cloud, Virtual, Physical, SaaS and Kubernetes applications across complex and expanding … More

The post Veeam Data Platform improves business resiliency in the case of disaster or cyberattacks appeared first on Help Net Security.

"

Autosummary: Ensure backups can always be restored after a cyberattack with comprehensive, enterprise-grade immutability options from trusted vendors, including on-premises object, block and file storage, hardened repositories and deduplicating storage appliances, cloud object storage and tape.Trusted immutability for every workload: Ensure backups can always be restored after a cyberattack with comprehensive, enterprise-grade immutability options from trusted vendors, including on-premises object, block and file storage, hardened repositories and deduplicating storage appliances, cloud object storage and tape. New functionality that advances enterprise-grade recovery capabilities ensures confidence in the face of disaster or cyber-attacks across the hybrid cloud, including: Direct-to-object storage backups: Take full advantage of the unlimited scalability of on-premises and cloud object storage without sacrificing performance. "


Russian cybersecurity firm owner convicted of $90 million SEC earning reports hack

rusia-ucrania ciber
2023-02-16 https://www.tripwire.com/state-of-security/cybercriminal-convicted-90-million-sec-earning-reports-hack
The owner of a Russian penetration-testing company has been found guilty of being part of an elaborate scheme that netted $90 million after stealing SEC earning reports. For nearly three years, 42-year-old Vladislav Klyushin - the owner of Moscow-based cybersecurity firm M-13 - and his co-conspirators had hacked into two US-based filing agents used by publicly-traded American companies to file earning reports to the Securities and Exchange Commission. Read more in my article on the Tripwire State of Security blog. "

Autosummary: "


Scandinavian Airlines says cyberattack caused passenger data leak

ciber
2023-02-16 https://www.bleepingcomputer.com/news/security/scandinavian-airlines-says-cyberattack-caused-passenger-data-leak/
Scandinavian Airlines (SAS) has posted a notice warning passengers that a recent multi-hour outage of its website and mobile app was caused by a cyberattack that also exposed customer data. [...] "

Autosummary: Anonymous Sudan Telegram (BleepingComputer) The threat actors state they attacked SAS due to an event that took place in front of the Turkish embassy in Stockholm, Sweden, on January 21, 2023, where a far-right nationalist group burnt a copy of the Holy Quran in protest to Turkey"s objections over Sweden"s NATO membership bid. "


<a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-040a" hreflang="en">#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities</a>

exploits ransomware ciber
2023-02-16 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-040a
"

Autosummary: Vulnerable Technologies and Versions Sonicwall Sma 200 Firmware 10.2.0.8-37Sv Sonicwall Sma 200 Firmware 10.2.1.1-19Sv Sonicwall Sma 200 Firmware 10.2.1.2-24Sv Sonicwall Sma 210 Firmware 10.2.0.8-37Sv Sonicwall Sma 210 Firmware 10.2.1.1-19Sv Sonicwall Sma 210 Firmware 10.2.1.2-24Sv Sonicwall Sma 410 Firmware 10.2.0.8-37Sv Sonicwall Sma 410 Firmware 10.2.1.1-19Sv Sonicwall Sma 410 Firmware 10.2.1.2-24Sv Sonicwall Sma 400 Firmware 10.2.0.8-37Sv Sonicwall Sma 400 Firmware 10.2.1.1-19Sv Sonicwall Sma 400 Firmware 10.2.1.2-24Sv Sonicwall Sma 500V Firmware 10.2.0.8-37Sv Sonicwall Sma 500V Firmware 10.2.1.1-19Sv Sonicwall Sma 500V Firmware 10.2.1.2-24Sv See https://nvd.nist.gov/vuln/detail/CVE-2021-20038 for more information.Recommended Mitigations Apply all appropriate vendor updates Upgrade to: SMA 100 Series - (SMA 200, 210, 400, 410, 500v (ESX, Hyper-V, KVM, AWS, Azure): SonicWall SMA100 build versions 10.2.0.9-41sv or later SonicWall SMA100 build versions 10.2.1.3-27sv or later System administrators should refer to the SonicWall Security Advisories in the reference section to determine affected applications/systems and appropriate fix actions.Actors have also been observed using or possessing publically available tools for encryption, such as BitLocker, Deadbolt, ech0raix, GonnaCry, Hidden Tear, Jigsaw, LockBit 2.0, My Little Ransomware, NxRansomware, Ryuk, and YourRansom [T1486].Actors have also been observed using or possessing publically available tools for encryption, such as BitLocker, Deadbolt, ech0raix, GonnaCry, Hidden Tear, Jigsaw, LockBit 2.0, My Little Ransomware, NxRansomware, Ryuk, and YourRansom [T1486]. The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Department of Health and Human Services (HHS), the Republic of Korea (ROK) National Intelligence Service (NIS), and the ROK Defense Security Agency (DSA) (hereafter referred to as the “authoring agencies”) are issuing this joint Cybersecurity Advisory (CSA) to highlight ongoing ransomware activity against Healthcare and Public Health Sector organizations and other critical infrastructure sector entities.Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes. RESOURCES Stairwell provided a YARA rule to identify Maui ransomware, and a Proof of Concept public RSA key extractor at the following link: https://www.stairwell.com/news/threat-research-report-maui-ransomware/ REQUEST FOR INFORMATION The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, bitcoin wallet information, the decryptor file, and/or benign samples of encrypted files. Appendix A: CVE Details CVE-2021-44228 CVSS 3.0: 10 (Critical) Vulnerability Description Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. SHA256 Hash 99fc54786a72f32fd44c7391c2171ca31e72ca52725c68e2dde94d04c286fccd* F8fc2445a9814ca8cf48a979bff7f182d6538f4d1ff438cf259268e8b4b76f86* Bea866b327a2dc2aa104b7ad7307008919c06620771ec3715a059e675d9f40af* 6e20b73a6057f8ff75c49e1b7aef08abfcfe4e418e2c1307791036f081335c2d f4d10b08d7dacd8fe33a6b54a0416eecdaed92c69c933c4a5d3700b8f5100fad 541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219 2d978df8df0cf33830aba16c6322198e5889c67d49b40b1cb1eb236bd366826d 414ed95d14964477bebf86dced0306714c497cde14dede67b0c1425ce451d3d7 Df0c7bb88e3c67d849d78d13cee30671b39b300e0cda5550280350775d5762d8 MD5 Hash a2c2099d503fcc29478205f5aef0283b 9c516e5b95a7e4169ecbd133ed4d205f d6a7b5db62bf7815a10a17cdf7ddbd4b c6949a99c60ef29d20ac8a9a3fb58ce5 4b20641c759ed563757cdd95c651ee53 25ee4001eb4e91f7ea0bc5d07f2a9744 29b6b54e10a96e6c40e1f0236b01b2e8 18126be163eb7df2194bb902c359ba8e eaf6896b361121b2c315a35be837576d e4ee611533a28648a350f2dab85bb72a e268cb7ab778564e88d757db4152b9fa * from Microsoft blog post on h0lygh0st CONTACT INFORMATION NSA Client Requirements / General Cybersecurity Inquiries: CybersecurityReports@nsa.gov Defense Industrial Base Inquiries and Cybersecurity Services: DIB_Defense@cyber.nsa.gov To report incidents and anomalous activity related to information found in this Joint Cybersecurity Advisory, contact CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870 or your local FBI field office at www.fbi.gov/contact-us/field. Appendix B: Indicators of Compromise (IOCs) The IOC section includes hashes and IP addresses for the Maui and H0lyGh0st ransomware variants—as well as custom malware implants assumedly developed by DPRK cyber actors, such as remote access trojans (RATs), loaders, and other tools—that enable subsequent deployment of ransomware. The authoring agencies urge HPH organizations to: Limit access to data by authenticating and encrypting connections (e.g., using public key infrastructure certificates in virtual private network (VPN) and transport layer security (TLS) connections) with network services, Internet of Things (IoT) medical devices, and the electronic health record system "


<a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-039a" hreflang="en">ESXiArgs Ransomware Virtual Machine Recovery Guidance</a>

exploits ransomware ciber
2023-02-16 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-039a
"

Autosummary: The full list of file extensions encrypted by the malware is: vmdk , vmx , vmxf , vmsd , vmsn , vswp , vmss , nvram , vmem . See the joint CSA from the cybersecurity authorities of Australia, Canada, New Zealand, the United Kingdom, and the United States on Technical Approaches to Uncovering and Remediating Malicious Activity for additional guidance on hunting or investigating a network, and for common mistakes in incident handling. Organizations should also collect and review artifacts, such as running processes/services, unusual authentications, and recent network connections.CISA and FBI encourage all organizations managing VMware ESXi servers to: The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.”Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. "


Get hired in cybersecurity: Expert tips for job seekers

ciber
2023-02-14 https://www.helpnetsecurity.com/2023/02/14/get-hired-in-cybersecurity-expert-tips-for-job-seekers/

The dire shortage of information security experts has left organizations struggling to keep up with the growing demand for their skills. Still, getting a job in cybersecurity tends to take time and effort. In this Help Net Security interview, Joseph Cooper, Cybersecurity Recruiter at Aspiron Search, offers practical advice for job seekers and talks about how the cybersecurity profession continues to expand. 1. Despite a significant cybersecurity skills gap, getting an entry-level job is difficult. … More

The post Get hired in cybersecurity: Expert tips for job seekers appeared first on Help Net Security.

"

Autosummary: My biggest piece of advice here would be to get close to a niche industry-specific recruiter like myself, I would welcome anyone to reach out for interview preparation, recruiters have a ton of valuable insight into the market, recruiting processes, and interview questions.We typically break cybersecurity into 16 category specialisms, so when you identify which area you would like to work in, for example, security testing or security operations, you can move on to my second piece of advice – here are the 16 specialisms.Try and keep your resume to 2 pages, if you have had a long career with multiple roles the reality is recruiters and hiring managers do not care about your first job out of school, they are focused very much on your last 3 roles, what your experience was, what you achieved and how you can add value in your next role. In this Help Net Security interview, Joseph Cooper, Cybersecurity Recruiter at Aspiron Search, offers practical advice for job seekers and talks about how the cybersecurity profession continues to expand. "


Cybercriminals exploit fear and urgency to trick consumers

exploits ciber
2023-02-13 https://www.helpnetsecurity.com/2023/02/13/cybercriminals-exploit-fear-urgency-trick-consumers/

Cybercriminals remained active in spying and information stealing, with lottery-themed adware campaigns used as a tactic to obtain people’s contact details, according to Avast. Threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, increased during Q4 of 2022. Threat researchers also discovered zero-day exploits in Google Chrome and Windows. These vulnerabilities have since been patched. “At the end of 2022, we have seen an increase in human-centered … More

The post Cybercriminals exploit fear and urgency to trick consumers appeared first on Help Net Security.

"

Autosummary: There was also a 57% increase in people and businesses protected against AgentTesla, a strain of malware that often spreads through phishing emails to businesses and designed to steal credentials, as well as a 37% increase in RedLine stealer, which often spreads in cracked games and services, stealing information from browsers and cryptowallets.Fraudulent invoices often look legitimate, and people need to verify whether an order really was made, the service received, and whether the sender is truly who they pretend to be ,” said Kroustek. "


Chinese Tonto Team Hackers" Second Attempt to Target Cybersecurity Firm Group-IB Fails

ciber
2023-02-13 https://thehackernews.com/2023/02/chinese-tonto-team-hackers-second.html
The advanced persistent threat (APT) actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It"s also the second attack aimed at Group-IB, the first of which took place in March 2021. Tonto Team, "

Autosummary: Tonto Team, also called Bronze Huntley, Cactus Pete, Earth Akhlut, Karma Panda, and UAC-0018, is a suspected Chinese hacking group that has been linked to attacks targeting a wide range of organizations in Asia and Eastern Europe. "


French law to report cyberincidents within 3 days to become effective soon

ciber
2023-02-13 https://www.malwarebytes.com/blog/news/2023/02/french-law-to-report-cyberincidents-within-3-days-to-become-effective-soon

Categories: News

Tags: France

Tags: law

Tags: 72 hours

Tags: cyberincident

Tags: insurance

A French law has been announced that requires victims of a cyberincident to report within 72 hours after discovery. We have heard similar proposals that may come through

(Read more...)

The post French law to report cyberincidents within 3 days to become effective soon appeared first on Malwarebytes Labs.

"

Autosummary: Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.As Mark continued to explain: “Failure to report can cause serious problems: In 2017, one of the early "big game" ransomware gangs, SamSam, was widely reported to be targeting government and healthcare institutions, because it seemed to attack them much more often. On January 24, 2023 France passed a law (Article L12-10-1 of the Insurance Code) that victims of cybercrime are required to report the incident within 72 hours after discovery, if they want to be eligible for compensation by the insurance for losses and damages caused by the attack. "


Confident cybersecurity means fewer headaches for SMBs

ciber
2023-02-13 https://www.welivesecurity.com/2023/02/13/confident-cybersecurity-fewer-headaches-smbs/

Small and medium-sized businesses have good reason to be concerned about the loss of data and financial impacts

The post Confident cybersecurity means fewer headaches for SMBs appeared first on WeLiveSecurity

"

Autosummary: “Keeping up,” for some, means how to, practically speaking, face concerns about malware, web-based attacks, ransomware, third-party security issues, and critical or high-severity software vulnerabilities. With less than a third of respondents VERY confident in any area of cybersecurity, including IT team cybersecurity knowledge (32%), the speed with which they can identify, isolate and respond to a threat (30%), access to third-party experts (29%), their reported sentiments beg the question of which businesses are confident enough to keep security in-house. "


3 Overlooked Cybersecurity Breaches

ciber
2023-02-10 https://thehackernews.com/2023/02/3-overlooked-cybersecurity-breaches.html
Here are three of the worst breaches, attacker tactics and techniques of 2022, and the security controls that can provide effective, enterprise security protection for them. #1: 2 RaaS Attacks in 13 Months Ransomware as a service is a type of attack in which the ransomware software and infrastructure are leased out to the attackers. These ransomware services can be purchased on the dark web from "

Autosummary: Visibility relies on three pillars: Actionable information - that can be used to mitigate attacks Reliable information - that minimizes the number of false positives Timely information - to ensure mitigation happens before the attack has an impact Once an organization has complete visibility to the activity on their network they can contextualize the data, decide whether the activity witnessed should be allowed, denied, monitored, restricted (or any other action) and then have the ability to enforce this decision. Here"s Watch Out for in the Coming Months According to ongoing security research conducted by Cato Networks Security Team, they have identified two additional vulnerabilities and exploit attempts that they recommend including in your upcoming security plans: 1. Log4j While Log4j made its debut as early as December of 2021, the noise its making hasn"t died down.Breaches are never just a phishing problem, or a credentials problem, or a vulnerable system problem - they are always a combination of multiple compromises performed by the threat actor," said Etay Maor, Sr. Director of Security Strategy at Cato Networks.The underlying technologies to implement a multiple choke point approach are full network visibility via a cloud-native backbone, and a single pass security stack that"s based on ZTNA." said Etay Maor, Sr. Director of Security Strategy at Cato Networks. "


ChatGPT integration for Logpoint SOAR allows users to explore its potential in cybersecurity

ciber
2023-02-09 https://www.helpnetsecurity.com/2023/02/09/logpoint-chatgpt-integration/

Logpoint has released a ChatGPT integration for Logpoint SOAR in a lab setting. It allows the users to experiment with the potential of the AI-driven chatbot and discover how the technology could apply in cybersecurity operations. “We’re excited to enable our customers to explore the possibilities of using technologies such as ChatGPT to reduce part of their workload,” says Edy Almer, Logpoint Product Manager for Threat Detection and Incident Response. “Staying up to date with … More

The post ChatGPT integration for Logpoint SOAR allows users to explore its potential in cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Opscura raises $9.4 million to address industrial cybersecurity challenges

industry ciber
2023-02-09 https://www.helpnetsecurity.com/2023/02/09/opscura-funding/

Opscura has received $9.4M in Series A funding as it scales to engage further U.S. partners and customers seeking to protect and connect their critical operations. Founded in Spain as Enigmedia, the new global entity Opscura is also launching a new brand, global management team, and product upgrades in addition to the capital infusion led by Anzu Partners, with investments from Dreamit and Mundi Ventures. Opscura’s technology adds a layer to the industrial cybersecurity ecosystem … More

The post Opscura raises $9.4 million to address industrial cybersecurity challenges appeared first on Help Net Security.

"

Autosummary: Customers across various industries, including renewable energy, transportation, manufacturing, government, and chemical also rely on Opscura to solve industrial cybersecurity, compliance, and digital transformation challenges. "


Inadequate cybersecurity investments leave rail industry at risk

industry ciber
2023-02-09 https://www.helpnetsecurity.com/2023/02/09/rail-industry-cybersecurity-spending/

The popular notion might view the rail industry as a laggard compared to auto or high-tech manufacturing when embracing Industry 4.0. Yet railways are increasingly dependent on sophisticated connected systems to enhance efficiency and customer satisfaction. Rail industry needs to work closely with cybersecurity vendors With the advent of connected online systems and the convergence of Operational Technology (OT) and Information Technology (IT) systems, network and data-sharing security between IT and OT systems is proceeding … More

The post Inadequate cybersecurity investments leave rail industry at risk appeared first on Help Net Security.

"

Autosummary: Rail industry needs to work closely with cybersecurity vendors With the advent of connected online systems and the convergence of Operational Technology (OT) and Information Technology (IT) systems, network and data-sharing security between IT and OT systems is proceeding to become an integral component of safety, providing new market opportunities in the rail, freight, and transit sector. "


Cybercriminals exploit volatile job market for targeted email attacks

exploits ciber
2023-02-09 https://www.helpnetsecurity.com/2023/02/09/cybercriminals-exploit-job-market-targeted-email-attacks/

Between July–December 2022, the median open rate for text-based business email compromise (BEC) attacks was nearly 28%, according to Abnormal Security. Business email and supply chain compromise as attack strategies Additionally, of the malicious emails that were read, an average of 15% were replied to. And while less than one percent of recipients engaged with more than one attack, 36% of replies were initiated by employees who had previously engaged with an earlier attack. When … More

The post Cybercriminals exploit volatile job market for targeted email attacks appeared first on Help Net Security.

"

Autosummary: Employees: Greatest asset or biggest cybersecurity liability Additional findings from the report include: Only 2.1% of known attacks are reported to the security team by employees, and 84% of employee reports to phishing mailboxes are either safe emails or graymail. "


Largest Canadian bookstore Indigo shuts down site after cyberattack

ciber
2023-02-09 https://www.bleepingcomputer.com/news/security/largest-canadian-bookstore-indigo-shuts-down-site-after-cyberattack/
Indigo Books & Music, the largest bookstore chain in Canada, has been struck by a cyberattack yesterday, causing the company to make the website unavailable to customers and to only accept cash payments. [...] "

Autosummary: "


How to scale cybersecurity for your business

ciber
2023-02-07 https://www.helpnetsecurity.com/2023/02/07/how-to-scale-cybersecurity-for-your-business/

All businesses seek profitable growth. The issue is that growth adds complexity. Organizations need new systems and more employees to support this larger footprint, thus expanding the number of potential points of failure. This means more financial and reputation risks going forward – especially as organizations grow their digital presence. To balance out these unintended consequences of growth, organizations need to have a cybersecurity strategy and the necessary tools to implement it. Many already realize … More

The post How to scale cybersecurity for your business appeared first on Help Net Security.

"

Autosummary: “You also have to ‘prove’ to multiple parties that you have ‘done the right thing’ from their perspective, like PCI, ISO, the legal system, regulators, insurance companies, etc. Dispense with ad hoc responses to security incidents – Many organizations are choosing to scale their cybersecurity in response to trends such as remote work, cloud migration, and/or new data privacy regulations – that is, developments that aren’t going away anytime soon. The benefits of cybersecurity scaling Sean Atkinson, CISO at CIS, explained that cybersecurity scaling helps organizations prevent profitable growth from spiraling out of control. "


LockBit ransomware gang claims Royal Mail cyberattack

exploits ransomware ciber
2023-02-07 https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-claims-royal-mail-cyberattack/
The LockBit ransomware operation has claimed the cyberattack on UK"s leading mail delivery service Royal Mail that forced the company to halt its international shipping services due to "severe service disruption." [...] "

Autosummary: Royal Mail entry on LockBit"s data leak site (BleepingComputer) Attack described as a "cyber incident" Royal Mail first detected the attack on January 10 and hired outside forensic experts to help with the investigation. "


Italian National Cybersecurity Agency (ACN) warns of massive ransomware campaign targeting VMware ESXi servers

exploits ransomware ciber
2023-02-06 https://securityaffairs.com/141865/cyber-crime/acn-ransomware-campaign-targets-vmware-esxi.html

The Italian National Cybersecurity Agency (ACN) warns of an ongoing massive ransomware campaign targeting VMware ESXi servers. The Italian National Cybersecurity Agency (ACN) warns of an ongoing massive ransomware campaign targeting VMware ESXi servers worldwide, including Italian systems. The attackers are attempting to exploit the CVE-2021–21974 vulnerability. According to the ACN, most of the attacks […]

The post Italian National Cybersecurity Agency (ACN) warns of massive ransomware campaign targeting VMware ESXi servers appeared first on Security Affairs.

"

Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, CVE-2021–21974) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share OnThe vulnerability affects the following systems: ESXi 7.x versions earlier than ESXi70U1c-17325551 ESXi versions 6.7.x earlier than ESXi670-202102401-SG ESXi versions 6.5.x earlier than ESXi650-202102101-SG The virtualization giant addressed the CVE-2021-21974 bug in February 2021. "


U2opia licenses ORNL technologies for cybersecurity monitoring in real time

ciber
2023-02-06 https://www.helpnetsecurity.com/2023/02/07/u2opia-ornl-technologies/

U2opia licensed two technologies from the Department of Energy’s Oak Ridge National Laboratory that offer a new method for advanced cybersecurity monitoring in real time. “Identifying and quickly responding to attempted cybersecurity attacks is an urgent need across government and industry,” said Susan Hubbard, deputy for science and technology at ORNL. “ORNL’s leadership in cyber resilience has led to the development of two powerful tools that will enable a more secure cyber environment.” The licensing … More

The post U2opia licenses ORNL technologies for cybersecurity monitoring in real time appeared first on Help Net Security.

"

Autosummary: Over the last 23 years, Smith’s information technology solutions company, GCS, based near New Orleans in Harvey, Louisiana, has successfully executed multiple assignments on behalf of the U.S. Navy, Army and Air Force; the Department of Agriculture; the Department of Homeland Security, or DHS; and NASA. "


Week in review: Rail transport cybersecurity, “verified” OAuth apps used to infiltrate organizations

ciber
2023-02-05 https://www.helpnetsecurity.com/2023/02/05/week-in-review-rail-transport-cybersecurity-verified-oauth-apps-used-to-infiltrate-organizations/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Mounting cybersecurity pressure is creating headaches in railway boardrooms In this Help Net Security interview, Dimitri van Zantvliet is the Cybersecurity Director/CISO of Dutch Railways, and co-chair to the Dutch and European Rail ISAC, talks about cyber attacks on railway systems, build a practical cybersecurity approach, as well as cyber legislation. Critical OpenEMR vulnerabilities may allow attackers to access patients’ … More

The post Week in review: Rail transport cybersecurity, “verified” OAuth apps used to infiltrate organizations appeared first on Help Net Security.

"

Autosummary: Photos: Cybertech Tel Aviv 2023, part 2 Here are a few photos from the event, featured vendors include: DarkOwl, ThriveDX, Minerva Labs, Astrix Security, Ox Security, Waterfall Security, Cynet, Cyber 2.0, Acronis, CyberArk, Israel Aerospace Industries, SafeBreach, Silverfort, CYREBRO Video walkthrough: Cybertech Tel Aviv 2023 The vendors featured in this video are: BeyondTrust, Chainalysis, Check Point, Cisco, Commvault, Cyber 2.0, CyberArk, Cyberbit, Cynet, CYREBRO, Dart, Delinea, Deloitte, Dig, HCLSoftware, Hudson Rock, IBM, Imperva, Israel Aerospace Industries, KELA, Minerva Labs, Orca Security, Ox Security, Pentera, Resec, Rockwell Automation, SafeBreach, Semperis, Snyk, Sonatype, Synopsys, Tenable, ThetaRay, ThriveDX, Waterfall Security Solutions, Wing Security, and XM Cyber. Photos: Cybertech Tel Aviv 2023 Here are a few photos from the event, featured vendors include: Orca, Wise Elite Cyber Solutions, XM Cyber, Check Point, Semperis, CyCube, Mazebolt, IBM Security, bfore.ai, Delinea, Wing Security. "


Tallahassee Memorial HealthCare, Florida, has taken IT systems offline after cyberattack

ciber
2023-02-04 https://securityaffairs.com/141792/hacking/tallahassee-memorial-healthcare-cyberattack.html

The Tallahassee Memorial HealthCare (TMH) hospital in Florida was forced to take offline its systems after a cyberattack. The Tallahassee Memorial HealthCare (TMH) hospital has taken its IT systems offline and suspended non-emergency procedures after a cyberattack. The attack took place on Thursday, the cyberattack hit some of the systems at the hospital. The Tallahassee […]

The post Tallahassee Memorial HealthCare, Florida, has taken IT systems offline after cyberattack appeared first on Security Affairs.

"

Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, ransomware) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "


Florida hospital takes IT systems offline after cyberattack

ciber
2023-02-03 https://www.bleepingcomputer.com/news/security/florida-hospital-takes-it-systems-offline-after-cyberattack/
Tallahassee Memorial HealthCare (TMH) has taken its IT systems offline and suspended non-emergency procedures following a late Thursday cyberattack. [...] "

Autosummary: Throughout last year, the federal government has warned about ransomware operations known for actively targeting healthcare organizations across the U.S. For instance, the U.S. Department of Health and Human Services (HHS) warned of the Royal. "


Cybersecurity budgets are going up. So why aren"t breaches going down?

ciber
2023-02-02 https://thehackernews.com/2023/02/cybersecurity-budgets-are-going-up-so.html
Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it’s no wonder that cybersecurity is top of mind for leaders across all industries and regions. However, despite growing attention and budgets for cybersecurity in recent years, attacks have only become "

Autosummary: Actionable - there must be actions the organization can take to defeat the threat - there must be actions the organization can take to defeat the threat Cost Effective - the cost of the threat must be greater than the cost of remediation This new framework brings a must-needed shift from looking at cybersecurity as strictly a technical problem, to a new mindset where cybersecurity is viewed as a business challenge that must be addressed in an efficient and cost-effective manner. Impactful threat intelligence must have 4 properties: Accurate - the intelligence must be true and accurate - the intelligence must be true and accurate Relevant - the intelligence must be relevant to the organization - the intelligence must be relevant to the organization "


Cybersecurity and privacy tips you can teach your 5+-year-old

ciber
2023-02-02 https://www.malwarebytes.com/blog/news/2023/02/cybersecurity-and-privacy-tips-you-can-teach-your-5-year-old

Categories: Personal

Tags: cybersecurity 101

Tags: online privacy 101

Are you smarter than a five-year-old? When it comes to online security and privacy, you should be.

(Read more...)

The post Cybersecurity and privacy tips you can teach your 5+-year-old appeared first on Malwarebytes Labs.

"

Autosummary: This gives you, the parent or guardian, the opportunity to review the app to see if it"s any good for them (Remember, dubious apps can still end up in these stores.). Though it"s hardly news that more and more children are being introduced to mobile computing devices like tablets, smartphones, and laptops at an early age, you may be surprised at what that age is. Kiddo doesn"t have a single social media account, but we"re already instilling in her the value of information related to her and, consequently, us. "


70% of CIOs anticipate their involvement in cybersecurity to increase

ciber
2023-02-01 https://www.helpnetsecurity.com/2023/02/01/cio-cybersecurity/

77% of CIOs say their role has been elevated due to the state of the economy and they expect this visibility within the organization to continue, according to Foundry. “The CIO role is constantly evolving, and economic conditions have put a new level of pressure on these executives,” said Holly McWalter, Marketing & Research Specialist, Foundry. “This year’s research showcases how this pressure trickles down to important decisions regarding priorities and budget, and provides insight … More

The post 70% of CIOs anticipate their involvement in cybersecurity to increase appeared first on Help Net Security.

"

Autosummary: When asked how the state of the economy has impacted the way their organization is prioritizing business initiatives, the following have increased in priority – increasing operational efficiency (58%), increasing cybersecurity protections (58%), transforming existing business processes (54%), improving profitability (54%), and improving the customer experience (49%). "


ThreatSpike Red makes offensive cybersecurity accessible to more organizations

ciber
2023-02-01 https://www.helpnetsecurity.com/2023/02/01/threatspike-red/

ThreatSpike Red helps organisations of all sizes to close the cybersecurity gap by providing continuous unlimited testing and scanning of applications and websites to identify vulnerabilities. The new managed service is giving customers full visibility over cost, and makes advanced offensive cybersecurity accessible to more organizations large and small. Compared to conventional pentesting conducted once or twice per year, ThreatSpike Red enables customers to undertake continuous cybersecurity evaluation, achieving greater depth through red team exercises … More

The post ThreatSpike Red makes offensive cybersecurity accessible to more organizations appeared first on Help Net Security.

"

Autosummary: Adam Blake, CEO of ThreatSpike, explains, “In today’s challenging digital environment offensive cybersecurity shouldn’t be just a point-in-time activity, but the high cost of traditional pentesting services means most organisations can only afford to test infrequently, if at all. "


Experts Warn of "Ice Breaker" Cyberattacks Targeting Gaming and Gambling Industry

industry ciber
2023-02-01 https://thehackernews.com/2023/02/experts-warn-of-ice-breaker.html
A new attack campaign has targeted the gaming and gambling sectors since at least September 2022, just months prior to the ICE London 2023 gaming industry trade fair event that"s scheduled next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice Breaker, stating the intrusions employ clever social engineering tactics to deploy a JavaScript "

Autosummary: "


Take a tour of the Edgescan Cybersecurity Platform

ciber
2023-02-01 https://grahamcluley.com/feed-sponsor-edgescan-2/
Graham Cluley Security News is sponsored this week by the folks at Edgescan. Thanks to the great team there for their support! Edgescan simplifies Vulnerability Management (VM) by delivering a single full-stack SaaS solution integrated with world-class security professionals. Edgescan helps enterprise companies consolidate managing multiple point scanning tools for each layer of the attack … Continue reading "Take a tour of the Edgescan Cybersecurity Platform" "

Autosummary: "


3 ways to stop cybersecurity concerns from hindering utility infrastructure modernization efforts

ciber
2023-01-31 https://www.helpnetsecurity.com/2023/01/31/cybersecurity-concerns-utility-infrastructure-modernization-efforts/

Utility infrastructure is in dire need of modernization. In many parts of the world, the infrastructure delivering power and water to consumers is not ready to withstand natural disasters and rising energy demands. Integrating real-time data analytics into the decision-making process is one way to kick start modernization efforts, yet nearly one in five utilities are not making use of the tools they have due to security and data privacy concerns, according to Itron’s 2022 … More

The post 3 ways to stop cybersecurity concerns from hindering utility infrastructure modernization efforts appeared first on Help Net Security.

"

Autosummary: Standard defenses—multi-factor authentication, role-based access controls, internal audit processes, spam filters, preventing Microsoft Office macros, endpoint detection and response, data loss prevention solutions, etc.—go a long way to making it easier for employees to make the right decisions and tougher for bad actors to get in.Other security considerations include aging OT, which can be challenging to update and to protect, the lack of control over third-party technologies and IoT devices such as smart home devices and solar panels, and finally, the biggest threat of all: human error.Integrating real-time data analytics into the decision-making process is one way to kick start modernization efforts, yet nearly one in five utilities are not making use of the tools they have due to security and data privacy concerns, according to Itron’s 2022 Resourcefulness Report. "


Is President Biden’s National Cybersecurity Strategy a good idea?

ciber
2023-01-31 https://www.helpnetsecurity.com/2023/01/31/president-biden-national-cybersecurity-strategy-video/

In this Help Net Security video, Kurtis Minder, CEO of GroupSense, discusses President Biden’s National Cybersecurity Strategy, designed to take the nation’s cybersecurity posture to the next level. While the strategy promises to make it much easier for government agencies to launch offensive cyberattacks on adversaries, it betrays why the U.S. has fallen behind modern cyber threats. It’s important to remember that the U.S. started serious offensive cyber operations with Stuxnet in 2010. Since then, … More

The post Is President Biden’s National Cybersecurity Strategy a good idea? appeared first on Help Net Security.

"

Autosummary: "


Budget constraints force cybersecurity teams to do more with less

ciber
2023-01-31 https://www.helpnetsecurity.com/2023/01/31/cybersecurity-budget-constraints/

49% of organizations have sufficient budget to fully meet their current cybersecurity needs, and 11% can, at best, protect only their most critical assets, according to a survey by the Neustar International Security Council. Despite the rapidly changing threat landscape, 35% of information technology and security professionals responding to the survey said their organization’s cybersecurity budget would remain the same or decrease in 2023, and 44% of these individuals believe their business will be more … More

The post Budget constraints force cybersecurity teams to do more with less appeared first on Help Net Security.

"

Autosummary: "


Mounting pressure is creating a ticking time bomb for railway cybersecurity

ciber
2023-01-30 https://www.helpnetsecurity.com/2023/01/30/dimitri-van-zantvliet-railway-cybersecurity/

The expansion of potential cyber threats has increased due to the integration of connected devices, the Internet of Things (IoT), and the convergence of IT and OT in railway operations. In this Help Net Security interview, Dimitri van Zantvliet is the Cybersecurity Director/CISO of Dutch Railways, and co-chair to the Dutch and European Rail ISAC, talks about cyber attacks on railway systems, build a practical cybersecurity approach, as well as cyber legislation. The railroad industry … More

The post Mounting pressure is creating a ticking time bomb for railway cybersecurity appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Dimitri van Zantvliet is the Cybersecurity Director/CISO of Dutch Railways, and co-chair to the Dutch and European Rail ISAC, talks about cyber attacks on railway systems, build a practical cybersecurity approach, as well as cyber legislation. Develop a security strategy: Based on the results of your risk assessment, develop a comprehensive security strategy that includes an Information Security Management System (ISMS), policies, procedures, and controls to protect against identified threats.It depends a bit on the Purdue level this asset is working in, but some of the ways to address this issue include: Network segmentation: logically isolate them from the rest of the network, so that if an attacker does manage to compromise the system, they will not be able to move laterally to other parts of the network. In general, I believe that requiring institutions, groups, and companies whose service interruptions might jeopardize the economy or public security to report cyber incidents is a positive step towards improving the security of our critical infrastructure. "


Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached

industry ciber
2023-01-29 https://www.helpnetsecurity.com/2023/01/29/week-in-review-chatgpt-cybersecurity-critical-rce-vulnerabilities-found-in-git-riot-games-breached/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: BSidesZG 2023: Strengthening the infosec community in Croatia’s capital In March 2023, Zagreb will be added to the (already long) list of cities where information security professionals and enthusiasts can share their knowledge with peers at a Security BSides conference. We’ve talked with BSidesZG organizer Ante Jurjevic to find out what’s in store for those who attend. How to tackle … More

The post Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached appeared first on Help Net Security.

"

Autosummary: Critical VMware vRealize Log Insight flaws patched (CVE-2022-31706, CVE-2022-31704) VMware has fixed two critical (CVE-2022-31706, CVE-2022-31704) and two important (CVE-2022-31710, CVE-2022-31711) security vulnerabilities in VMware vRealize Log Insight, its multi-cloud solution for centralized log management, operational visibility and intelligent analytics. Why most IoT cybersecurity strategies give zero hope for zero trust In this Help Net Security video, Denny LeCompte, CEO at Portnox, discusses how IoT has been difficult to profile accurately and why zero trust strategies fail when applied to IoT. Understanding your attack surface makes it easier to prioritize technologies and systems Organizations need to strike the balance of carrying out enough due diligence before patching, and then patching as quickly as possible to defend themselves against emerging threats. "


Iron Bow acquires GuardSight to enhance its cybersecurity solutions

ciber
2023-01-27 https://www.helpnetsecurity.com/2023/01/27/iron-bow-guardsight/

Iron Bow Technologies acquired GuardSight, a cybersecurity operations as a service (SECOPS), and managed detection and response (MDR) company that serves businesses and organizations across the U.S. The acquisition of GuardSight will enhance Iron Bow’s existing cybersecurity solutions portfolio, combining its public-sector cybersecurity engineering capabilities with GuardSight’s private-sector SECOPS and MDR capabilities. With GuardSight, Iron Bow will provide a more holistic cybersecurity offering that enables government agencies, private enterprises, and organizations to modernize their cybersecurity … More

The post Iron Bow acquires GuardSight to enhance its cybersecurity solutions appeared first on Help Net Security.

"

Autosummary: "


How businesses can bolster their cybersecurity defenses with open source

ciber
2023-01-26 https://www.helpnetsecurity.com/2023/01/26/how-businesses-can-bolster-their-cybersecurity-defenses-with-open-source/

Open-source software enables better security for both large and small organizations. It is the foundation of today’s society and is found throughout a modern application stack, from the operating system to networking functions. It’s estimated that around 90% of organizations use open source in some way, according to GitHub’s 2022 Octoverse report. Open-source software can be examined by everyone, both attackers and defenders. But this does not necessarily give attackers the upper hand. Rather, it … More

The post How businesses can bolster their cybersecurity defenses with open source appeared first on Help Net Security.

"

Autosummary: The development of open-source security This year has seen moves by governments and Big Tech companies to ensure the security of open-source software, with the OpenSSF (Open Source Security Foundation) announcing initiatives to improve the security of open source software, including a $30 million fund with a 10-point plan to boost the security of open source software. Alongside open source, businesses should adopt further best practice measures for secure software, such as code reviews, scanning for vulnerabilities, visibility into the system and knowing the attack surface – just a few ways that code, packages, and systems can be evaluated for security. "


ChatGPT is a bigger threat to cybersecurity than most realize

ciber
2023-01-26 https://www.helpnetsecurity.com/2023/01/26/chatgpt-cybersecurity-threat/

A language-generating AI model called ChatGPT, available for free, has taken the internet by storm. While AI has the potential to help IT and security teams become more efficient, it also enables threat actors to develop malware. In this interview with Help Net Security, Daniel Spicer, Chief Security Officer for Ivanti, talks about what this technology means for cybersecurity. What are some reasons for concern regarding the application of AI to cybersecurity? The tech industry … More

The post ChatGPT is a bigger threat to cybersecurity than most realize appeared first on Help Net Security.

"

Autosummary: Currently, the value of generative AI, like ChatGPT and DALL-E, is lopsided in favor of threat actors. In this interview with Help Net Security, Daniel Spicer, Chief Security Officer for Ivanti, talks about what this technology means for cybersecurity. On the flip side, AI has the potential to help IT and security teams become more efficient and effective, enabling automated and/or semi-automated vulnerability detection and remediation as well as risk-based prioritization. That’s alarming, because it expands not only the volume of potential threats and number of potential threat actors, but also makes it more likely that people who have little to no idea what they’re doing will be out there joining the fray. "


How to tackle the cybersecurity skills shortage in the EU

ciber
2023-01-25 https://www.helpnetsecurity.com/2023/01/25/cybersecurity-skills-shortage-eu/

The cybersecurity skills shortage is a global problem, but each region – including Europe or, more specifically, the EU – has distinct problems it has to tackle to solve it. In this Help Net Security Dritan Saliovski, Director – Nordic Head of Cyber M&A, Transaction Advisory Services at Aon, offers some pointers, as well as advice to organizations on how to attract and retain the best cybersecurity talent. The cybersecurity skills shortage is still a … More

The post How to tackle the cybersecurity skills shortage in the EU appeared first on Help Net Security.

"

Autosummary: Studies and surveys, such as Glassdoor, Deloitte and Gallup, have found that a positive work-life balance, opportunities for growth and development, a positive company culture, and a clear mission and values that align with the employee’s personal values are important factors in attracting and retaining top talent. In conclusion, addressing the cybersecurity skills shortage requires a multi-pronged approach that includes targeted training and education programs, incentives to attract and retain talent, building a diverse and inclusive workforce, investing in new technologies, and opening the door for entry-level candidates. To mitigate this issue, organizations must take a multi-pronged approach, including targeted training and education programs, incentives to attract and retain talent in the cybersecurity field, building a diverse and inclusive workforce, and investing in technologies that automate certain tasks. Another effective approach is the training programs provided by the big four consulting firms, such as Deloitte, EY, KPMG, and PwC. These firms are known for their rigorous and comprehensive training programs, which provide opportunities for entry-level candidates to join the firm through internships and entry-level positions. Additionally, organizations can open the door to entry-level candidates by creating and promoting internship, apprenticeship, and entry-level positions, which provide opportunities for individuals to gain the necessary skills and experience to advance in the cybersecurity field. Aiming for 7-8 hours of sleep Regular physical activity Building and maintaining positive relationships Setting aside time each day to do something you enjoy Meditate Self-reflect Internalize your day As a leader, I understand the importance of addressing stress and burnout in the cybersecurity industry.This should include standardizing cybersecurity education and certification across the EU, encouraging more individuals to enter the cybersecurity field, consider tax reform, security clearance, and investing in training and development programs to help individuals acquire these skills. "


North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyberattacks

ciber
2023-01-25 https://thehackernews.com/2023/01/north-korean-hackers-turn-to-credential.html
A North Korean nation-state group notorious for crypto heists has been attributed to a new wave of malicious email attacks as part of a "sprawling" credential harvesting activity targeting a number of industry verticals, marking a significant shift in its strategy. The state-aligned threat actor is being tracked by Proofpoint under the name TA444, and by the larger cybersecurity community as "

Autosummary: "


How Microsoft is helping Ukraine’s cyberwar against Russia

ciber
2023-01-24 https://www.computerworld.com/article/3685939/how-microsoft-is-helping-ukraine-s-cyberwar-against-russia.html#tk.rss_security

One of the big surprises in Russia’s war against Ukraine has been how well Ukraine has fended off Russian cyberattacks. Ad hoc groups of white-hat hackers have helped, as have a number of nations and the US government.

Less well known is that tech companies, including Microsoft, are part of the effort. That aid ranges from giving advice to identifying attacks, offering fixes for them, and providing Ukraine with free tech and security services.

Microsoft isn’t just trying to help defend a country under siege from an aggressive, more-powerful neighbor. Russian cyberattacks against Ukraine can also get loose in the wild and do damage to enterprises and organizations that rely on Microsoft technology. (Russia could also deliberately target private companies with those attacks.)

To read this article in full, please click here

"

Autosummary: The day before the ground invasion began, Russia’s military intelligence service, the GRU, “launched destructive wiper attacks on hundreds of systems in Ukrainian government, IT, energy, and financial organizations,” according to Microsoft. Microsoft’s Tom Burt, corporate vice president for customer security and trust, said in a blog post last year that Microsoft’s Threat Intelligence Center (MSTIC) found wiper malware in more than a dozen Ukrainian networks, alerted the Ukrainian government to it, and opened a 24/7 cybersecurity hotline to help fight it. Microsoft offered a week-by-week account of Russia’s cyberattacks and listed some of the most dangerous pieces of malware being used, many of which target networks, Windows PCs, and .NET, Microsoft’s open source developer platform. "


Why most IoT cybersecurity strategies give zero hope for zero trust

industry ciber
2023-01-23 https://www.helpnetsecurity.com/2023/01/23/iot-cybersecurity-strategies-zero-trust-video/

IoT remains the biggest hurdle in achieving an effective zero-trust security posture across an organization. In this Help Net Security video, Denny LeCompte, CEO at Portnox, discusses how IoT has been difficult to profile accurately and why zero trust strategies fail when applied to IoT.

The post Why most IoT cybersecurity strategies give zero hope for zero trust appeared first on Help Net Security.

"

Autosummary: "


The loneliness of leading a cybersecurity startup

ciber
2023-01-23 https://www.helpnetsecurity.com/2023/01/23/leading-cybersecurity-startup/

Linor spends her days working with cybersecurity founders at her Venture Capital firm. Gaining insight into their experiences over the course of building these relationships and supporting the brick-laying of their visions, she shares observations on the tough – and often undiscussed –impact their startup journey has on emotional wellness and self-care. The world of well-invested startups is a glamorous beacon to highly motivated entrepreneurs across the cybersecurity industry, and the ultimate responsibility for reaching … More

The post The loneliness of leading a cybersecurity startup appeared first on Help Net Security.

"

Autosummary: When building something unprecedented and game-changing, the course and rules are steeped in darkness and uncertainty, with naysayers, critics, board members, competitors and time itself hurling criticisms every step of the way.Mentors are most likely to appreciate the toll leadership can take on the overall health of founders, who, under so much stress, often sacrifice things like eating well, sleeping well, family time and investing in personal growth. As investors who generate in-house services and accelerate growth for these founders, we do, at the very least, offer hands-on support and guidance across different company-building responsibilities. However, this determination alone is hardly enough to contend with the true reality of executive leadership; as VP of HR with the opportunity to frequently meet the Israeli tech sector’s best and brightest, I’ve come to appreciate how emotional resilience is no less important than passion, technical knowhow or business acumen. "


Key takeaways from Malwarebytes 2023 State of Mobile Cybersecurity

exploits government ciber
2023-01-23 https://www.malwarebytes.com/blog/business/2023/01/key-takeaways-from-malwarebytes-2023-state-of-mobile-cybersecurity-survey

Categories: Business

We asked 250 schools and hospitals about their mobile security posture, including Chromebooks. Here’s what we found out.

(Read more...)

The post Key takeaways from Malwarebytes 2023 State of Mobile Cybersecurity appeared first on Malwarebytes Labs.

"

Autosummary: "


Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram

ciber
2023-01-20 https://thehackernews.com/2023/01/gamaredon-group-launches-cyberattacks.html
The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group"s network infrastructure relies on multi-stage Telegram accounts for victim profiling and confirmation of geographic location, "

Autosummary: " Gamaredon, also known by names such as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and Winterflounder, is known for its assaults against Ukrainian entities since at least 2013. "


Abacus Group acquires two cybersecurity consulting companies

ciber
2023-01-19 https://www.helpnetsecurity.com/2023/01/19/abacus-group-gotham-security/

Abacus Group acquired two boutique cybersecurity consulting companies, Gotham Security and its parent company, GoVanguard, both of which have unparalleled track records of excellence in the cyber arena. Gotham Security, as the new business will be known, will be a subsidiary of Abacus Group but continue to operate independently. The acquisition marks a milestone in Abacus Group’s expansion from a security-focussed managed service provider (MSP) to a full-bodied managed security service provider (MSSP) with an … More

The post Abacus Group acquires two cybersecurity consulting companies appeared first on Help Net Security.

"

Autosummary: Abacus Group will acquire a comprehensive set of information security capabilities to provide clients with real-world, actionable insight, including penetration testing, red teaming, tabletop exercises, risk and compliance gap assessments, and threat hunting services. "


Bitzlato Crypto Exchange Founder Arrested for Aiding Cybercriminals

ciber
2023-01-19 https://thehackernews.com/2023/01/bitzlato-crypto-exchange-founder.html
The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of Anatoly Legkodymov (aka Gandalf and Tolik), the cofounder of Hong Kong-registered cryptocurrency exchange Bitzlato, for allegedly processing $700 million in illicit funds. The 40-year-old Russian national, who was arrested in Miami, was charged in a U.S. federal court with "conducting a money transmitting business that "

Autosummary: The 40-year-old Russian national, who was arrested in Miami, was charged in a U.S. federal court with "conducting a money transmitting business that transported and transmitted illicit funds and that failed to meet U.S. regulatory safeguards, including anti-money laundering requirements," the DoJ said. "


Bitzlato cryptocurrency exchange shut down by authorities, accused of cybercriminal links

ciber
2023-01-19 https://grahamcluley.com/bitzlato-cryptocurrency-exchange-shut-down-by-authorities-accused-of-cybercriminal-links/
The Bitzlato cryptocurrency exchange has had its website seized by the authorities, after its Russian founder was charged with processing more than US $700m worth of "dirty money" on behalf of criminals. "

Autosummary: "


Cybersecurity in 2023: Russian escalation, Chinese espionage, Iranian “hacktivism”

ciber
2023-01-18 https://www.helpnetsecurity.com/2023/01/18/cybersecurity-in-2023-russian-escalation-chinese-espionage-iranian-hacktivism/

In 2022, state-sponsored cyber activity has been drawn into sharp focus, ransomware continued to dominate as the primary threat facing organizations, and there have been several highly publicized incidents. Beyond the headlines, there have been some interesting shifts in both tools and tactics of cyber adversaries. What can we learn from the past 12 months as we look ahead at the trends that will shape the threat landscape in 2023? State-sponsored activity In 2022, we … More

The post Cybersecurity in 2023: Russian escalation, Chinese espionage, Iranian “hacktivism” appeared first on Help Net Security.

"

Autosummary: Ransomware-as-a-Service will flourish The Ransomware-as-a-Service (RaaS) landscape will continue to be dominated by a handful of organized cybercrime groups operating a limited number of highly active schemes.We also expect that new revelations will emerge of large scale, covert intelligence gathering by Russian state-sponsored threat actors, enabled by the exploitation of cloud environments, internet backbone infrastructure, or pervasive identity management systems. Russian cyber activity will be split between targeting Ukraine and advancing its broader intelligence objectives With no prospect of an immediate end to the conflict in Ukraine, we can expect more conflict-related cyber activity aimed at degrading Ukraine’s critical infrastructure and government services and collecting foreign intelligence useful to the Russian government from entities engaged in the war effort. "


Training, endpoint management reduce remote working cybersecurity risks

ciber
2023-01-17 https://www.helpnetsecurity.com/2023/01/17/remote-working-cybersecurity-risks/

33% of companies are not providing any cybersecurity awareness training to users who work remotely, according to Hornetsecurity. The study also revealed that nearly 74% of remote staff have access to critical data, which is creating more risk for companies in the new hybrid working world. Despite the current lack of training and employees feeling ill-equipped, almost 44% of respondents said their organization plans to increase the percentage of employees that work remotely. “The popularity … More

The post Training, endpoint management reduce remote working cybersecurity risks appeared first on Help Net Security.

"

Autosummary: Remote working security issues While companies have adapted to new ways of working, cybersecurity risks linked to remote working, still need to be addressed. "


Post-quantum cybersecurity threats loom large

ciber
2023-01-16 https://www.helpnetsecurity.com/2023/01/16/post-quantum-cybersecurity-threats/

A new Zapata Computing report reveals a deepening commitment from enterprises that points to a maturing industry with widespread, global interest and increased urgency regarding post-quantum cybersecurity threats. The growing interest in quantum is translating into spending, demonstrated by 71% of quantum-adopting enterprises surveyed having current quantum computing budgets of more than $1 million. This finding represents a 2.5X increase over 2021, where only 28% of quantum-adopting respondents indicated that they had a quantum computing … More

The post Post-quantum cybersecurity threats loom large appeared first on Help Net Security.

"

Autosummary: Enterprises get tactical about quantum adoption Enterprises are taking tactical steps to make quantum computing a reality, with respondents noting that they are building new applications (48%), running experiments on quantum hardware or simulators (62%), and experimenting and building proofs of concept (51%). "


Week in review: ChatGPT as an infosec assistant, Google offers help to EU cybersecurity startups

ciber
2023-01-15 https://www.helpnetsecurity.com/2023/01/15/week-in-review-chatgpt-as-an-infosec-assistant-google-offers-help-to-eu-cybersecurity-startups/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google is calling EU cybersecurity founders Google announced that the Google for Startups Growth Academy: Cybersecurity program now accepts applications from EU companies. Rackspace ransomware attack was executed by using previously unknown security exploit The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed … More

The post Week in review: ChatGPT as an infosec assistant, Google offers help to EU cybersecurity startups appeared first on Help Net Security.

"

Autosummary: Cisco has acknowledged one critical (CVE-2023-20025) and two medium-severity (CVE-2023-20026, CVE-2023-20045) vulnerabilities affecting some of its Small Business series of routers, but won’t be fixing them as the devices “have entered the end-of-life process.” How to protect yourself from bot-driven account fraud In this Help Net Security video, Nick Rieniets, Field CTO at Kasada, talks about this threat and offers tips on how to protect yourself from bot-driven account fraud. "


Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar

exploits ciber
2023-01-13 https://thehackernews.com/2023/01/cybercriminals-using-polyglot-files-in.html
Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security solutions that don"t properly validate the JAR file format," Deep Instinct security researcher "

Autosummary: If such a process has "-jar" as an argument the filename passed as an argument should be treated as a JAR file regardless of the file extension or the output of the Linux "file" command." "


LockBit ransomware operation behind the Royal Mail cyberattack

exploits ransomware ciber
2023-01-13 https://securityaffairs.com/140735/malware/lockbit-ransomware-royal-mail-attack.html

The cyberattack on Royal Mail, Britain’s postal service, is a ransomware attack that was linked to the LockBit ransomware operation. Royal Mail, the British multinational postal service and courier company, this week announced that a “cyber incident” has a severe impact on its operation. The incident only impacted Royal Mail’s international export services, the company said it is temporarily […]

The post LockBit ransomware operation behind the Royal Mail cyberattack appeared first on Security Affairs.

"

Autosummary: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Royal Mail) Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "


ThriveDX and Exclusive Networks address the cybersecurity talent shortage in Europe

ciber
2023-01-12 https://www.helpnetsecurity.com/2023/01/12/thrivedx-exclusive-networks/

ThriveDX is launching a road tour across Europe from Jan. 11 to Feb. 23, 2023 to introduce the company’s human factor security solutions to Exclusive Networks’ ecosystem of more than 25,000 partners and to address the cybersecurity talent shortage, skills gap and lack of diversity and inclusion in the industry. In October 2022, ThriveDX and Exclusive Networks announced their strategic partnership, following Exclusive Networks’ participation as a founding partner in the ThriveDX Cyber Talent Hub. … More

The post ThriveDX and Exclusive Networks address the cybersecurity talent shortage in Europe appeared first on Help Net Security.

"

Autosummary: "


Cyberattack halts Royal Mail"s overseas post

ciber
2023-01-12 https://www.malwarebytes.com/blog/news/2023/01/cyberattack-halts-royal-mails-overseas-post

Categories: News

Tags: royal mail

Tags: cyber attack

Tags: post

Tags: disruption

We take a look at reports that Royal Mail is experiencing severe issues due to an unnamed cyberattack.

(Read more...)

The post Cyberattack halts Royal Mail"s overseas post appeared first on Malwarebytes Labs.

"

Autosummary: " Hunting for clues The attack is being investigated by third parties, but there’s no word currently with regard to how quickly the services will be back online. "


Royal Mail cyberattack linked to LockBit ransomware operation

exploits ransomware ciber
2023-01-12 https://www.bleepingcomputer.com/news/security/royal-mail-cyberattack-linked-to-lockbit-ransomware-operation/
A cyberattack on Royal Mail, UK"s largest mail delivery service, has been linked to the LockBit ransomware operation. [...] "

Autosummary: LockBit 3.0 ransom note printed during Royal Mail cyberattack Source: Daniel Card on Twitter The ransom note states it was created by "LockBit Black Ransomware," which is the operation"s latest encryptor name as it includes code and features from the now-shut down BlackMatter ransomware gang. "


Google is calling EU cybersecurity founders

ciber
2023-01-11 https://www.helpnetsecurity.com/2023/01/11/google-growth-academy-eu-cybersecurity/

Google announced that the Google for Startups Growth Academy: Cybersecurity program now accepts applications from EU companies. The three-month program, announced last fall, will start in April and connect the finest of Google with the top European cybersecurity firms. From seed level to Series A, the chosen companies will participate in workshops led by a combination of Google and industry professionals. They will receive specialized mentoring in strategy, sales, and partnerships — including from executives … More

The post Google is calling EU cybersecurity founders appeared first on Help Net Security.

"

Autosummary: Startups need to be focused on an element of cybersecurity, such as: prevention, protection, research, and/or threat analysis and threat sharing. "


Royal Mail halts international services after cyberattack

ciber
2023-01-11 https://www.bleepingcomputer.com/news/security/royal-mail-halts-international-services-after-cyberattack/
The Royal Mail, UK"s leading mail delivery service, has stopped its international shipping services due to "severe service disruption" caused by what it described as a "cyber incident." [...] "

Autosummary: — Royal Mail (@RoyalMail) January 11, 2023 A UK National Cyber Security Centre (NCSC) spokesperson said that the NCSC is "aware of an incident affecting Royal Mail Group Ltd and are working with the company, alongside the National Crime Agency, to fully understand the impact. "


2023 prediction: Security workforce shortage will lead to nationally significant cyberattack

ciber
2023-01-11 https://www.malwarebytes.com/blog/business/2023/01/2023-prediction-security-workforce-shortage-will-lead-to-nationally-significant-cyberattack

Categories: Business

If 2022 was any indication, businesses are about to face an unprecedented volume, frequency, and sophistication of cyberthreats in 2023. Malwarebytes CEO Marcin Kleczynski takes a look at how, as an industry, we can preemptively address these risks.

(Read more...)

The post 2023 prediction: Security workforce shortage will lead to nationally significant cyberattack appeared first on Malwarebytes Labs.

"

Autosummary: The widespread and growing need for process digitization, cloud migration, post-COVID collaboration, analytics, compliance, and all-around better security are creating strong demand from SMBs for external expertise in cybersecurity. Recruiting security staff: fewer certifications, more diversification Historically, job listings for cybersecurity positions have placed heavy focus on prior experience, often with a legacy security institution, as well as a laundry list of technical skills and certifications. Instead, organizations should ditch preconceived notions that security professionals must possess a plethora of niche technical skills and consider candidates with so-called “soft skills” of creative problem-solving, communication, collaboration, and critical thinking. It follows, then, that creating fair policies for workload, promotion, and pay—plus treating all employees with dignity and respect—can help businesses hang onto talented security staff.Posted: January 11, 2023 by If 2022 was any indication, businesses are about to face an unprecedented volume, frequency, and sophistication of cyberthreats in 2023. "


5 must-haves for K-12 cybersecurity

ciber
2023-01-11 https://www.malwarebytes.com/blog/business/2023/01/5-must-haves-for-k-12-cybersecurity

Categories: Business

Over the years, cyberattacks on K-12 schools and districts have steadily increased and in 2022 that trend only continued. In this post, we’ll look at the 5 must-haves for K-12 cybersecurity.

(Read more...)

The post 5 must-haves for K-12 cybersecurity appeared first on Malwarebytes Labs.

"

Autosummary: In particular, an anti-ransomware EDR should have the following features: Multi-vector Endpoint Protection (EP) built-in (EP) built-in Maintains visibility and patching regularly regularly Has machine learning (ML) to recognize ‘goodware’ instead of malware Uses standard reference language and forensic analysis and forensic analysis Thorough containment, eradication, and recovery options Searches for ransomware indicators across all your managed endpoints For more, check out our six point checklist for an anti-ransomware EDR. Read the brief: Why it’s time to start automating endpoint remediation Next-generation threat prevention and remediation for K-12 schools As schools and districts continue to get hammered by cyberattacks, following a few K-12 cybersecurity best practices has never been more important. In 2021, schools reported breaches of personal information by Independent Health, PCS Revenue, and the Student Transportation of America, just to name a few. But, while safer than devices running Windows or iOS when it comes to viruses and malware, Chromebooks remain vulnerable to other threats including fake browser extensions, phishing, and dangerous or insecure websites. "


Iowa’s largest school district cancels classes after cyberattack

ciber
2023-01-10 https://www.bleepingcomputer.com/news/security/iowa-s-largest-school-district-cancels-classes-after-cyberattack/
Des Moines Public Schools, the largest school district in Iowa, canceled all classes on Tuesday after taking all networked systems offline in response to "unusual activity" detected on its network one day before. [...] "

Autosummary: — DM Public Schools (@DMschools) January 9, 2023 While the nature of the incident is yet to be revealed, other Iowa school districts, including the Cedar Rapids Community School District, the Davenport Community School District, and the Linn-Mar Community School District, have been targeted in recent ransomware attacks in 2022, according to Des Moines Register. "


Top SaaS Cybersecurity Threats in 2023: Are You Ready?

ciber
2023-01-09 https://thehackernews.com/2023/01/top-saas-cybersecurity-threats-in-2023.html
Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. 1 — Web application weaknesses Web applications are at the core of what SaaS companies do and how they operate, and they can store some of "

Autosummary: SaaS applications are often multi-tenanted, so your applications need to be secure against attacks where one customer could access the data of another customer, such as logic flaws, injection flaws, or access control weaknesses. To mitigate the risk, external network monitoring is a must, while a pentest of your cloud infrastructure will reveal issues including misconfigured S3 buckets, permissive firewalls within VPCs, and overly permissive cloud accounts. "


What to consider when budgeting for 2023’s OT cybersecurity needs and wants

ciber
2023-01-06 https://www.helpnetsecurity.com/2023/01/06/budgeting-ot-cybersecurity-2023/

Regardless of what 2023 holds in store for the economy, your organization’s financial commitment to supporting OT cybersecurity efforts is being decided now. In the public sector, much of the funding needed to secure critical infrastructure has already been allocated. But in the private sector funding is far from guaranteed. So how do you maximize your efforts, considering the current economic uncertainty and your need to protect assets? Weighing your options Option 1: Do nothing … More

The post What to consider when budgeting for 2023’s OT cybersecurity needs and wants appeared first on Help Net Security.

"

Autosummary: Weighing your options Option 1: Do nothing If your organization has not yet begun its digital revolution, you may choose to continue as-is, relying on manual tasks or machines that have no internet connectivity. Ultimately, understanding your department’s critical needs and aligning them with your company’s roadmap is the only way for the board, C-level executives, and your team to be aligned. "


Trend Micro establishes new subsidiary for 5G cybersecurity

ciber
2023-01-06 https://www.helpnetsecurity.com/2023/01/07/trend-micro-ctone/

Trend Micro has established CTOne, a new Trend Micro subsidiary focused on advancing 5G network security and beyond. The group’s intellectual capital and leadership come from Trend Micro’s culture of innovation and is the latest incubation project to launch as a standalone business. “Trend Micro has been at the forefront of network transformations for over three decades. The 5G network technology has enabled new capabilities and applications requiring new cybersecurity infrastructure. With our foresight and … More

The post Trend Micro establishes new subsidiary for 5G cybersecurity appeared first on Help Net Security.

"

Autosummary: However, with the widely used Open Radio Access (O-RAN) structure, the proliferation of cloud networks, open-source software, and the variety of IoT devices, the 5G environment faces more cyber threats than ever. "


HARMAN DefenSight Cybersecurity Platform helps enterprises protect IT systems

ciber
2023-01-05 https://www.helpnetsecurity.com/2023/01/05/harman-defensight-cybersecurity-platform/

HARMAN has unveiled that its Digital Transformation Solutions (DTS) business unit is introducing DefenSight Cybersecurity Platform to help enterprises keep their IT systems safe and secure using real-time threat intelligence analytics. DefenSight Cybersecurity Platform identifies vulnerable systems through continuous monitoring for compliance of enterprise IT systems against security policies. By triangulating internal systems data with external threat data in innovative ways, the new platform leverages artificial intelligence and machine learning technologies in order to reduce … More

The post HARMAN DefenSight Cybersecurity Platform helps enterprises protect IT systems appeared first on Help Net Security.

"

Autosummary: "


14 Cybersecurity Best Practices to Instill In Your End-Users

ciber
2023-01-04 https://www.bleepingcomputer.com/news/security/14-cybersecurity-best-practices-to-instill-in-your-end-users/
While it can be difficult to prevent all users" "bad" behavior, there are several cybersecurity best practices to train and regularly remind your employees of. [...] "

Autosummary: 4. Use a password manager It’s also important for your organization to encourage the use of a password manager, not only for the individual end-user but to utilize shared vault features to prevent insecure password sharing among employees.Utilize MFA whenever possible To further secure end-user accounts, the implementation of multifactor authentication (MFA) should be mandatory for end-users logging into work apps, or making a change like resetting their passwords. Protect Company Equipment It’s easy, especially in a software-lead organization, to forget the importance of secure hardware.Express IT permission for all new downloads New software downloads should be limited, but if users have to download a program, even a web-based application, they should clear it with IT first. "


Rackspace confirms Play ransomware was behind recent cyberattack

exploits ransomware ciber
2023-01-04 https://www.bleepingcomputer.com/news/security/rackspace-confirms-play-ransomware-was-behind-recent-cyberattack/
Texas-based cloud computing provider Rackspace has confirmed that the Play ransomware operation was behind a recent cyberattack that took down the company"s hosted Microsoft Exchange environments. [...] "

Autosummary: Play ransomware activity (ID Ransomware) Unlike most ransomware operations, Play gang affiliates use email as a negotiation channel and will not provide victims with a link to a Tor negotiations page within ransom notes dropped on encrypted systems. "


The cybersecurity industry will undergo significant changes in 2023

industry ciber
2023-01-03 https://www.helpnetsecurity.com/2023/01/03/cybersecurity-industry-2023/

The cybersecurity industry will undergo some significant changes in 2023. As more systems get connected, we can expect to see more outages. We probably won’t see a “digital Pearl Harbor,” but we will see more breaches, impact, and fear. How will this reshape the cybersecurity industry in the year ahead? Consolidation across the infosec industry Since the infosec sector is “hot,” investment has poured into it as everyone tries to get in on the action. … More

The post The cybersecurity industry will undergo significant changes in 2023 appeared first on Help Net Security.

"

Autosummary: For example, we had some valuable intelligence for an entire sector, went to the organization responsible for sharing info, and offered to provide it for free (literally write it an email, and they can share it).Tied to this, as budgets shrink, crazy salaries will no longer be paid, which is probably going to mean people think certs are a way to return to the crazy salary, and we end up with this vicious cycle. "


Pro-Russia cyberattacks aim at destabilizing Poland, security agency warns

ciber
2023-01-02 https://securityaffairs.com/140216/cyber-warfare-2/pro-russia-cyberattacks-hit-poland.html

Poland security agency warns pro-Russian hackers that are continuously targeting the state since the start of the invasion of Ukraine. Since the beginning of the invasion of Ukraine, Poland has been a constant target of cyber attacks conducted by pro-Russian hackers, Poland’s security agency warns. The attacks aimed at almost any entity in Poland, including […]

The post Pro-Russia cyberattacks aim at destabilizing Poland, security agency warns appeared first on Security Affairs.

"

Autosummary: In April, the same group claimed the responsibility for DDoS attacks on the sites of institutions in states such as the USA, Estonia, Poland, the Czech Republic, and also on NATO sites. "


BleepingComputer"s most popular cybersecurity stories of 2022

ciber
2023-01-02 https://www.bleepingcomputer.com/news/security/bleepingcomputers-most-popular-cybersecurity-stories-of-2022/
It was a big year for cybersecurity in 2022 with massive cyberattacks and data breaches, innovative phishing attacks, privacy concerns, and of course, zero-day vulnerabilities. [...] "

Autosummary: Applications using these libraries suddenly found their projects outputting gibberish messages on their console stating, "LIBERTY LIBERTY LIBERTY" followed by a sequence of non-ASCII characters: This change appears to have been introduced in retaliation against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.It was a big year for cybersecurity in 2022 with massive cyberattacks and data breaches, innovative phishing attacks, privacy concerns, and of course, zero-day vulnerabilities. "


SecurityAffairs Top 10 cybersecurity posts of 2022

ciber
2023-01-02 https://securityaffairs.com/140237/security/securityaffairs-top-10-cybersecurity-posts-2022.html

These are the most-read cybersecurity articles that have been published by SecurtiyAffairs in 2022. 1 – Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8. 2 […]

The post SecurityAffairs Top 10 cybersecurity posts of 2022 appeared first on Security Affairs.

"

Autosummary: "


Cybercriminals create new methods to evade legacy DDoS defenses

ciber
2022-12-30 https://www.helpnetsecurity.com/2022/12/30/cybercriminals-create-new-methods-to-evade-legacy-ddos-defenses/

The number of DDoS attacks we see around the globe is on the rise, and that trend is likely to continue throughout 2023, according to Corero. We expect to see attackers deploy ever higher rate request-based or packets-per-second attacks. “DDoS attacks have historically focused around sending packets of large sizes with the aim to paralyze and disrupt the internet pipeline by exceeding the available bandwidth. Recent request-based attacks, however, are sending smaller size packets, to … More

The post Cybercriminals create new methods to evade legacy DDoS defenses appeared first on Help Net Security.

"

Autosummary: With the number of recorded attacks on the rise and significant shifts in attackers’ motives and goals, 2023 will require organizations to ensure they have robust DDoS defense in place,” said Lionel Chmilewsky, CEO at Corero Network Security. "


Cybersecurity and quantum readiness

ciber
2022-12-29 https://www.helpnetsecurity.com/2022/12/29/cybersecurity-and-quantum-readiness-video/

Avast CISO Jaya Baloo explains what quantum computing is, talks about its promises and potential pitfalls, and urges organizations to be pragmatic about preparing for its advent. She lays out the steps that can be taken immediately and those that can be planned for the near and far future. This video was recorded at IRISSCON 2022, an annual conference organized by IRISSCERT. The all-day event focuses on providing attendees with an overview of the current … More

The post Cybersecurity and quantum readiness appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity trends and challenges to look out for in 2023

ciber
2022-12-29 https://www.welivesecurity.com/videos/cybersecurity-trends-challenges-look-out-2023/

What are some of the key cybersecurity trends and themes that organizations should have on their radars in 2023?

The post Cybersecurity trends and challenges to look out for in 2023 appeared first on WeLiveSecurity

"

Autosummary: "


SMEs: Boost awareness on cybersecurity – ENISA tools and guidance

ciber
2022-12-27 https://www.helpnetsecurity.com/2022/12/27/smes-boost-awareness-on-cybersecurity-video/

In a time of increased remote work and growing cyber threats, SMEs face major cybersecurity challenges. Low-security budget, lack of employee awareness, management support, lack of cyber-skills, and increase in cyber-attacks can seriously impact SMEs’ competitiveness and compromise even the value chain they are connected to. ENISA’s main goal is to raise awareness among SMEs and educate them on cybersecurity hygiene and prominent cybersecurity threats. Georgia Bafoutsou, Cybersecurity Officer at ENISA, presents ENISA’s work to … More

The post SMEs: Boost awareness on cybersecurity – ENISA tools and guidance appeared first on Help Net Security.

"

Autosummary: "


BTC.com lost $3 million worth of cryptocurrency in cyberattack

ciber
2022-12-27 https://www.bleepingcomputer.com/news/security/btccom-lost-3-million-worth-of-cryptocurrency-in-cyberattack/
BTC.com, one of the world"s largest cryptocurrency mining pools, announced it was the victim of a cyberattack that resulted in the theft of approximately $3 million worth of crypto assets belonging to both customers and the company. [...] "

Autosummary: "


2022 in review: 10 of the year’s biggest cyberattacks

ciber
2022-12-27 https://www.welivesecurity.com/2022/12/27/2022-review-10-biggest-cyberattacks/

The past year has seen no shortage of disruptive cyberattacks – here’s a round-up of some of the worst hacks and breaches that have impacted a variety of targets around the world in 2022

The post 2022 in review: 10 of the year’s biggest cyberattacks appeared first on WeLiveSecurity

"

Autosummary: A CISA alert from September explained that Iran-affiliated threat actors compromised a US municipal government and an aerospace company, among other targets, by exploiting the infamous Log4Shell bug for ransomware campaigns, which isn’t all that common for state-backed entities.Stolen from a Swiss contractor, the data included details of individuals separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.In September it was reported that a hacker, potentially a member of Lapsus$, had compromised email and cloud systems, code repositories, an internal Slack account and HackerOne tickets. "


Threat predictions for 2023: From hacktivism to cyberwar

ciber
2022-12-23 https://www.helpnetsecurity.com/2022/12/23/threat-predictions-2023/

When it comes to 2023 threat predictions, Trellix anticipates spikes in geopolitically motivated attacks across Asia and Europe, hacktivism fueled by tensions from opposing political parties, and vulnerabilities in core software supply chains. “Analyzing current trends is necessary but being predictive in cybersecurity is vital. While organizations focus on near-term threats, we advise all to look beyond the horizon to ensure a proactive posture,” said John Fokker, Head of Threat Intelligence, Trellix. “Global political events … More

The post Threat predictions for 2023: From hacktivism to cyberwar appeared first on Help Net Security.

"

Autosummary: "


German industrial giant ThyssenKrupp targeted in a new cyberattack

industry ciber
2022-12-21 https://securityaffairs.co/wordpress/139870/hacking/thyssenkrupp-targeted-cyberattack.html

German multinational industrial engineering and steel production company ThyssenKrupp AG was the target of a cyberattack. German multinational industrial engineering and steel production giant ThyssenKrupp AG announced that the Materials Services division and corporate headquarters were hit by a cyberattack. At this time the company has yet to disclose the type of attack that hit […]

The post German industrial giant ThyssenKrupp targeted in a new cyberattack appeared first on Security Affairs.

"

Autosummary: “At the present time, no damage has been done, nor are there any indications that data has been stolen or modified,” This isn’t the first attack suffered by the company, in 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.” "


Beware: Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users

financial exploits latam ciber
2022-12-20 https://thehackernews.com/2022/12/beware-cybercriminals-launch-new.html
The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users as part of an ongoing multi-platform campaign. BrasDex features a "complex keylogging system designed to abuse Accessibility Services to extract credentials specifically from a set of Brazilian targeted apps, "

Autosummary: Casbaneiro"s features run the typical backdoor gamut that allows it to seize control of banking accounts, take screenshots, perform keylogging, hijack clipboard data, and even function as a clipper malware to hijack crypto transactions. "


5 cybersecurity trends accelerating in 2023

ciber
2022-12-19 https://www.helpnetsecurity.com/2022/12/19/5-cybersecurity-trends-accelerating-in-2023/

Netwrix has released key cybersecurity trends that will affect organizations of all sizes in 2023. Here are five specific trends that you need to be aware of: The business of cybercrime will be further professionalized The return of malware strains like Emotet, Conti and Trickbot indicates an expansion of cybercrime for hire. In particular, the growth of ransomware-as-a-service is enabling criminals without deep technical skills to make money, either by extorting a ransom for decryption … More

The post 5 cybersecurity trends accelerating in 2023 appeared first on Help Net Security.

"

Autosummary: To overcome this challenge, organizations will rely more on their trusted security partners, such as channel partners, system integrators, MSPs and MSSPs. "


Executives take more cybersecurity risks than office workers

ciber
2022-12-16 https://www.helpnetsecurity.com/2022/12/16/executives-take-more-cybersecurity-risks-than-office-workers/

Ivanti worked with cybersecurity experts and surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand the perception of today’s cybersecurity threats and find out how companies are preparing for yet-unknown future threats. The report revealed that despite 97% of leaders and security professionals reporting their organization is as prepared or more prepared to defend against cybersecurity attacks than they were a year ago, one in five wouldn’t bet a chocolate bar they could … More

The post Executives take more cybersecurity risks than office workers appeared first on Help Net Security.

"

Autosummary: "


Keysight introduces APS-M8400 Modular Network Cybersecurity Test Platform

ciber
2022-12-16 https://www.helpnetsecurity.com/2022/12/16/keysight-aps-m8400-modular-network-cybersecurity-test-platform/

Keysight Technologies announced the new APS-M8400 Modular Network Cybersecurity Test Platform, which provides data center network equipment manufacturers (NEM) and operators with the high density 8-port 400GE Quad Small Form Factor Pluggable Double Density (QSFP-DD) network security test platform. Data center operators and service providers are facing exponential growth in encrypted traffic volumes and security threats driven by increases in video streaming, cloud computing, artificial intelligence (AI), machine learning (ML), and internet of things (IoT) … More

The post Keysight introduces APS-M8400 Modular Network Cybersecurity Test Platform appeared first on Help Net Security.

"

Autosummary: Fortinet is the only vendor delivering 400GE interface speeds on a hyperscale firewall via the FortiGate 7121F, 4800F, and 3700F. Keysight’s groundbreaking 8x400GE APS-M8400 cybersecurity test platform delivers the port density, multi-terabit application and TLS throughput rates, and session scalability that help Fortinet test and validate the performance and real-time threat protection our customers expect.” "


Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities

exploits government ciber
2022-12-16 https://thehackernews.com/2022/12/trojanized-windows-10-installer-used-in.html
Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. It"s tracking the threat cluster as UNC4166 "

Autosummary: These included Stowaway, an open source proxy tool, Cobalt Strike Beacon, and SPAREPART, a lightweight backdoor programmed in C, enabling the threat actor to execute commands, harvest data, capture keystrokes and screenshots, and export the information to a remote server. "


InfraGard infiltrated by cybercriminal

ciber
2022-12-16 https://www.malwarebytes.com/blog/news/2022/12/infragard-infiltrated-by-cybercriminal

Categories: News

Tags: InfraGard

Tags: FBI

Tags: critical infrastructure

Tags: data breach

Tags: USDoD

Tags: Breach

Tags: escrow service

A partnership between the FBI and private sector members established to protect US critical infrastructure, called InfraGard, was infiltrated by a cybercriminal.

(Read more...)

The post InfraGard infiltrated by cybercriminal appeared first on Malwarebytes Labs.

"

Autosummary: InfraGard’s membership includes business executives, entrepreneurs, lawyers, security personnel, military and government officials, IT professionals, academia, and state and local law enforcement. "


5 tips for building a culture of cybersecurity accountability

ciber
2022-12-15 https://www.helpnetsecurity.com/2022/12/15/5-tips-for-building-a-culture-of-cybersecurity-accountability-video/

In this Help Net Security video, Corey Nachreiner, CSO at WatchGuard, talks about how effective cybersecurity often boils down to doing the basics: patching, updating, and following day-to-day best practices for using applications and systems. However, sometimes this knowledge stays within the network admin/cybersecurity teams and fails to make it to “regular employees,” creating a company culture that’s susceptible to attack rather than a culture of accountability.

The post 5 tips for building a culture of cybersecurity accountability appeared first on Help Net Security.

"

Autosummary: "


Distractions at work can have serious cybersecurity implications

ciber
2022-12-15 https://www.helpnetsecurity.com/2022/12/15/distracted-employees-cybersecurity/

Distracted employees are twice as likely to do the bare minimum for security at work, according to 1Password. The findings reveal that sustained burnout, now paired with high levels of distraction, has critical implications for workplace security. “While we hope the worst of the pandemic is behind us, world events continue to unsettle and distract employees. Mishaps are inevitable – it’s not a case of if world distractions will make employees more vulnerable to human … More

The post Distractions at work can have serious cybersecurity implications appeared first on Help Net Security.

"

Autosummary: A perfect storm : Top distractions include the Covid-19 pandemic (44%), recession/inflation (42%), economic uncertainty (38%), gas prices (34%), and personal relationships (29%).Top distractions include the Covid-19 pandemic (44%), recession/inflation (42%), economic uncertainty (38%), gas prices (34%), and personal relationships (29%). : Nearly 9 in 10 employees (89%) now use authentication products or services such as two-factor (2FA) or multi-factor authentication (MFA), biometrics, password managers and single sign-on. "


FuboTV says World Cup streaming outage caused by a cyberattack

ciber
2022-12-15 https://www.bleepingcomputer.com/news/security/fubotv-says-world-cup-streaming-outage-caused-by-a-cyberattack/
FuboTV has confirmed that a streaming outage preventing subscribers from watching the World Cup Qatar 2022 semifinal match between France and Morocco was caused by a cyberattack. [...] "

Autosummary: "On December 14, 2022, the day of the Qatar 2022™ semifinal match between France and Morocco, many FuboTV customers experienced issues accessing their accounts," reads a statement posted to FuboTV"s website. "


CyberData Pros and RiskRecon launch global cybersecurity protection for businesses

ciber
2022-12-14 https://www.helpnetsecurity.com/2022/12/14/cyberdata-pros-riskrecon/

CyberData Pros collaborates with RiskRecon, a Mastercard Company, to provide threat prevention services for clients worldwide. Specializing in data security, compliance, consulting and due diligence, CDP analysts provide solution-oriented awareness and implementation routes to improve and eliminate security risks for clients. RiskRecon is a SaaS platform that analyzes a company’s internet-facing assets for cyber risks. RiskRecon cybersecurity ratings and insights make it easy for a company to understand and act based on the risks found … More

The post CyberData Pros and RiskRecon launch global cybersecurity protection for businesses appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity predictions for 2023: Diversity is key

ciber
2022-12-13 https://www.helpnetsecurity.com/2022/12/13/cybersecurity-predictions-2023-diversity-key-video/

In this Help Net Security video, John Xereas, Executive Director, Technology Solutions at Raytheon Intelligence & Space, offers his cybersecurity predictions for 2023. Specifically, he talks about the need to look at the non-traditional talent that has the potential to thrive in the cyber field. The security industry needs to expand – in terms of diversifying the hiring pool and schools of thought regarding finding cyber solutions for threats like ransomware and malware.

The post Cybersecurity predictions for 2023: Diversity is key appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity Experts Uncover Inner Workings of Destructive Azov Ransomware

exploits ransomware ciber
2022-12-13 https://thehackernews.com/2022/12/cybersecurity-experts-uncover-inner.html
Cybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that"s deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems. Distributed through another malware loader known as SmokeLoader, the malware has been described as an "effective, fast, and unfortunately unrecoverable data wiper," by Israeli cybersecurity company "

Autosummary: "


Cybersecurity Trends 2023: Securing our hybrid lives

ciber
2022-12-12 https://www.welivesecurity.com/2022/12/12/cybersecurity-trends-2023-securing-our-hybrid-lives/

ESET experts offer their reflections on what the continued blurring of boundaries between different spheres of life means for our human and social experience – and especially our cybersecurity and privacy

The post Cybersecurity Trends 2023: Securing our hybrid lives appeared first on WeLiveSecurity

"

Autosummary: Going about our days without tech is practically unthinkable, and this applies to various aspects of our digitally-driven lives, notably work, education, health, leisure, and social interactions.For many, the cloud is best “embodied” in a range of collaboration, videoconferencing, productivity and networking platforms du jour – think Microsoft Teams, Slack or Zoom. "


What Stricter Data Privacy Laws Mean for Your Cybersecurity Policies

ciber
2022-12-09 https://thehackernews.com/2022/12/what-stricter-data-privacy-laws-mean.html
For today"s businesses data privacy is already a big headache, and with modern privacy laws expanding to more of the world"s population, regulatory compliance is on track to become a more complicated, high-stakes process touching on every aspect of an organization. In fact, Gartner predicts that by 2024, 75% of the Global Population will have its personal data covered under privacy regulations. "

Autosummary: This legislation includes; Virginia Consumer Data Protection Act (VCDPA), effective January 1st, 2023 California Privacy Rights Act (CPRA), effective January 1st, 2023 Utah Consumer Privacy Act (UCPA), effective December 31st, 2023 Connecticut Data Privacy Act (CDPA), effective July 1st, 2023 Colorado Privacy Act (CPA), effective July 1st, 2023 Australia has already begun tightening its data privacy and cybersecurity laws.Indeed, organizations can stay compliant with the ever-changing privacy regulations and reduce the risk of reputational damage by implementing up-to-date policy protocols, identifying employee training best practices, and instilling a nimble framework for company-wide password changes. "


Using XDR to Consolidate and Optimize Cybersecurity Technology

ciber
2022-12-09 https://thehackernews.com/2022/12/using-xdr-to-consolidate-and-optimize.html
Businesses know they need cybersecurity, but it seems like a new acronym and system is popping up every day. Professionals that aren’t actively researching these technologies can struggle to keep up. As the cybersecurity landscape becomes more complicated, organizations are desperate to simplify it. Frustrated with the inefficiencies that come with using multiple vendors for cybersecurity, often "

Autosummary: However, many XDR platforms, including Cynet 360 AutoXDR, provide automation as a standard offering, meaning it won"t cost the business any extra.Additionally, learning a new system could contribute to analyst burnout, so organizations concerned with retention may be hesitant to implement something new, even if it could reduce burnout over time.Additionally, Cynet 360 AutoXDR includes a managed detection and response (MDR) service for no extra charge, helping businesses fill in security gaps without hiring extra analysts — something that is both expensive and extremely difficult at a time when there are around 770,000 unfilled cybersecurity job openings in the United States alone.Frustrated with the inefficiencies that come with using multiple vendors for cybersecurity, often stemming from a lack of integration of a heterogenous security stack, approximately 75% of organizations are looking to consolidate their cybersecurity technology in 2022 — a 29% increase from 2020. "


Cybercriminals are scamming each other, tipping off law enforcement

financial ciber
2022-12-08 https://www.helpnetsecurity.com/2022/12/08/cybercriminals-scamming-each-other/

Cybercriminals are scamming each other out of millions of dollars and use arbitration to settle disputes about the scams, according to Sophos. For this report, Sophos experts investigated two Russian-language cybercrime forums that provide Access-as-a-Service (AaaS) listings, and an English-language cybercrime forum and marketplace specializing in data leaks. All three sites have dedicated arbitration rooms. Despite this resolution process provoking occasional mayhem among the “plaintiffs and defendants,” with some accused criminals either going dark and … More

The post Cybercriminals are scamming each other, tipping off law enforcement appeared first on Help Net Security.

"

Autosummary: "


Best Year-End Cybersecurity Deals from Uptycs, SANS Institute, and Bitdefender

ciber
2022-12-08 https://thehackernews.com/2022/12/best-year-end-cybersecurity-deals-from.html
Looking to up your cybersecurity game in the new year? Do not just buy electronics this vacation season, improve your cybersecurity! The end of the year is a great time to re-evaluate your cybersecurity strategy and make some important investments in protecting your personal and professional data. Cyber threats are constantly evolving and becoming more sophisticated, so it"s important to stay on "

Autosummary: With this offer, you get access to Uptycs" powerful security tools and features, including real-time visibility and control over your infrastructure, customizable queries and dashboards for tailored threat detection, and a scalable architecture for large and complex environments. This package includes advanced features like antivirus, anti-ransomware, web protection, and more. "


Metaparasites: The cybercriminals who rip each other off

ciber
2022-12-08 https://grahamcluley.com/metaparasites-the-cybercriminals-who-rip-each-other-off/
Researchers at Sophos have investigated so-called "metaparasites" - the scammers who scam other scammers. "

Autosummary: According to the researchers, yes there is: “Metaparasites, inadvertently, provide an intelligence boon to analysts, allowing us to gain unprecedented insights into sales, operations, negotiations, and identifiers which would otherwise remain hidden – as well as into marketplace culture, differing levels of operational security, and susceptibilities to deception and social engineering.” "


Fear of cyberattacks drives SMBs to spend more on software

ciber
2022-12-07 https://www.helpnetsecurity.com/2022/12/07/smbs-software-spending-2023/

Despite fears of a looming recession, SMBs in the U.S. are spending more on software in 2023, according to Capterra’s 2023 SMB Software Buying Trends Survey. 75% of U.S. SMBs estimate they’ll spend more on software in 2023 compared to 2022. Alongside increased software budgets, Capterra’s survey of over 500 SMBs reveals four other major trends in software buying behaviors and challenges that will impact businesses in 2023: Fearful of cyberattacks, U.S. businesses rate security … More

The post Fear of cyberattacks drives SMBs to spend more on software appeared first on Help Net Security.

"

Autosummary: "


Top 7 factors boosting enterprise cybersecurity resilience

ciber
2022-12-07 https://www.helpnetsecurity.com/2022/12/07/factors-cybersecurity-resilience/

Cybersecurity resilience is a top priority for companies as they look to defend against a rapidly evolving threat landscape, according to the latest edition of Cisco’s annual Security Outcomes Report. The survey findings are based on survey responses from over 4,700 participants across 26 countries, and pinpoint the top seven success factors that boost enterprise cybersecurity resilience, with a particular focus on cultural, environmental, and solution-based factors that businesses leverage to achieve security. The survey … More

The post Top 7 factors boosting enterprise cybersecurity resilience appeared first on Help Net Security.

"

Autosummary: The leading impacts cited include IT and communications interruption (62.6 percent), supply chain disruption (43 percent), impaired internal operations (41.4 percent) and lasting brand damage (39.7 percent). "


Microsoft Alerts Cryptocurrency Industry of Targeted Cyberattacks

industry ciber
2022-12-07 https://thehackernews.com/2022/12/microsoft-alerts-cryptocurrency.html
Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft"s Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea"s Lazarus Group. "DEV-0139 joined Telegram groups "

Autosummary: " In recent years, Telegram has not only witnessed widespread adoption in the cryptocurrency industry, but also been co-opted by threat actors looking to discuss zero-day vulnerabilities, offer stolen data, and market their services through the popular messaging platform. "


CloudSEK claims it was hacked by another cybersecurity firm

ciber
2022-12-07 https://www.bleepingcomputer.com/news/security/cloudsek-claims-it-was-hacked-by-another-cybersecurity-firm/
Indian cybersecurity firm CloudSEK says a threat actor gained access to its Confluence server using stolen credentials for one of its employees" Jira accounts. [...] "

Autosummary: Threat actor claims to have access to CloudSEK"s network A threat actor named "sedut" is now trying to sell what they claim is access to CloudSek"s "networks, Xvigil, codebase, email, JIRA and social media accounts" on multiple hacking forums. "


Microsoft warns of Russian cyberattacks throughout the winter

ciber
2022-12-06 https://www.bleepingcomputer.com/news/security/microsoft-warns-of-russian-cyberattacks-throughout-the-winter/
Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter. [...] "

Autosummary: " Sandworm is a group of elite Russian hackers that have been active for at least two decades, previously linked to malicious campaigns leading to the Ukrainian blackouts of 2015 and 2016 [1, 2, 3], the KillDisk wiper attacks targeting Ukrainian banks, and the NotPetya ransomware. "


Resecurity partners with Totalsec to increase its presence in the Mexican cybersecurity market

ciber
2022-12-06 https://www.helpnetsecurity.com/2022/12/06/resecurity-totalsec/

In August 2022, the United States and Mexico held the first dialogue between the two North American nations regarding the U.S.-Mexico Bicentennial Framework for Security, Public Health, and Safe Communities. Both countries met in August 2022 to advance their cooperation in cybersecurity and their commitment to an open, interoperable, secure, and reliable internet and stable cyberspace. Moreover, they hope to tighten their association through numerous initiatives, including sharing cyber threat information, which is fundamental at … More

The post Resecurity partners with Totalsec to increase its presence in the Mexican cybersecurity market appeared first on Help Net Security.

"

Autosummary: Echoing Yoo’s sentiments, Totalsec’s head of cybersecurity, Omar Garcia, and CEO, Francisco Sandoval, put forward: “The partnership with Resecurity brings industry- leading cyber threat intelligence to the Mexican market. "


Engage your employees with better cybersecurity training

ciber
2022-12-05 https://www.helpnetsecurity.com/2022/12/05/cybersecurity-training-employees/

Cybercriminals use a variety of tactics all at once and are constantly innovating. Organizations need to do the same and take a multidimensional approach to cybersecurity because biannual training videos aren’t enough to engage employees or protect your business. Is your cybersecurity strategy disengaging employees? A bad actor stole $540 million from an NFT gaming company in July, an attack that started with a fake job offer on LinkedIn. In cases like these, social engineering … More

The post Engage your employees with better cybersecurity training appeared first on Help Net Security.

"

Autosummary: 2. Create clear and specific cybersecurity policies When organizations draft their cybersecurity policies, they often apply a one-size-fits-all approach. When providing training related to social engineering or other types of attacks, strike a balance between communicating the very real consequences of cyber-attacks and more positive messaging, like best practices and cyber hygiene routines. Social engineering attacks can present as emails from (what appear to be) friends, asking you for credit card information, or they can be hyper-personal attacks in which fraudsters clone family members’ social media accounts and use personal photos and location information to convince you they’re real. "


Attack of drones: airborne cybersecurity nightmare

ciber
2022-12-02 https://securityaffairs.co/wordpress/139196/hacking/drones-abuse.html

Threat actors could exploit drones for payload delivery, kinetic operations, and even diversion, experts warn. Original post at hxxps://cybernews.com/security/drones-hack-airborne-cybersecurity-nightmare/ Once a niche technology, drones are about to explode in terms of market growth and enterprise adoption. Naturally, threat actors follow the trend and exploit the technology for surveillance, payload delivery, kinetic operations, and even diversion. […]

The post <strong>Attack of drones: airborne cybersecurity nightmare</strong> appeared first on Security Affairs.

"

Autosummary: This article is going to explore cybersecurity considerations surrounding drone platforms through an initial review of drone market trends, popular drone hacking tools, and general drone hacking techniques that may be used to compromise enterprise drone platforms, including how drone platforms themselves may be used as malicious hacking platforms.Common attacks against enterprise drones include platform takeover, where an attacker uses RF, Wi-Fi or a subscription service like Aerial Armor to detect flight paths of a drone in a geographical area, perform de-authentication attacks, take over control of the drone and land the stolen drone in a location of its choosing.Using the monitored interface from the Dronesploit example, aspects of Aircrack-ng can be used to perform several useful drone security tests, including identification of wireless drone networks, de-authentication of connected devices like a drone controller, or cracking of the WEP/WPA keys.Further considerations must be taken to secure onboard storage of the drone, ensure routes drones travel are relatively safe (i.e., free from obstacles, sparsely populated, etc.) and that Wi-Fi or Radio Frequency (RF) signals used by drone platforms are properly encrypted against eavesdropping or manipulation. The below example shows how the “Airodump-ng wlan0” command is useful for identifying nearby drone wi-fi signals, including the MAC address of the broadcasting device, the network encryption scheme, and the wireless authentication standard used by the drone. "


Cybersecurity engineering under the Federal Trade Commission

ciber
2022-12-01 https://www.helpnetsecurity.com/2022/12/01/ftc-privacy/

When the Federal Trade Commission (FTC) releases new regulations or changes to existing ones, the implications may not be obvious to the average business or company employees. The FTC and privacy The FTC is a federal agency that protects consumers from fraudulent, deceptive, and unfair business practices. The Commission, often in collaboration with other regulatory agencies such as the United States Department of Justice and Attorney General, has enforcement authority and other responsibilities under more … More

The post Cybersecurity engineering under the Federal Trade Commission appeared first on Help Net Security.

"

Autosummary: To accomplish the safeguard rule: 1. Design an information security program containing “administrative, technical, and physical safeguards” to protect the security, confidentiality, and integrity of customer personal information, including both electronic and paper records. The FTC has used its authority to promulgate specific privacy-focused rules, including the Health Breach Notification Rule (HBN Rule), the Standards for Safeguarding Customer Information under the Gramm-Leach-Bliley Act (Safeguards Rule), the Children’s Online Privacy Protection Act (COPPA) and the Fair Credit Reporting Act. 4. Provide customers with clear and conspicuous privacy notices that include information collected, with whom it may be shared, how information is protected, and an explanation of the opt-out policy. "


CloudWave acquires Sensato to expand its healthcare cybersecurity portfolio

ciber
2022-11-30 https://www.helpnetsecurity.com/2022/11/30/cloudwave-sensato/

CloudWave acquires Sensato Cybersecurity, bringing together cloud hosting services and managed Cybersecurity-as-a-Service for healthcare organizations. Sensato was founded by long-time health information technology visionary John Gomez, who will join CloudWave as chief security and engineering officer. Sensato developed a fully integrated Cybersecurity-as-a-Service platform (CaaS) that features an innovative solution stack to provide real-time network monitoring, intrusion detection, and asset fingerprinting along with a 24×7 Security Operations Center designed specifically for healthcare infrastructure and connected devices. … More

The post CloudWave acquires Sensato to expand its healthcare cybersecurity portfolio appeared first on Help Net Security.

"

Autosummary: “With the addition of the innovative, proprietary technologies included in the Sensato Cybersecurity suite, along with the cyber expertise of the Sensato team, CloudWave will be able to offer customers the high-level cybersecurity we provide for our cloud-based delivery to on-premises systems.”, Littlejohn continued. "


Cybersecurity researchers take down DDoS botnet by accident

ciber
2022-11-30 https://www.bleepingcomputer.com/news/security/cybersecurity-researchers-take-down-ddos-botnet-by-accident/
While analyzing its capabilities, Akamai researchers have accidentally taken down a cryptomining botnet that was also used for distributed denial-of-service (DDoS) attacks. [...] "

Autosummary: KmsdBot botnet crash (Akamai) "This malformed command likely crashed all the botnet code that was running on infected machines and talking to the C2 — essentially, killing the botnet," Cashdollar added. "


Cybercriminals are cashing in on FIFA World Cup-themed cyberattacks

ciber
2022-11-29 https://www.helpnetsecurity.com/2022/11/29/fifa-world-cup-themed-cyberattacks/

The hype and popularity of the FIFA World Cup has attracted audiences from across the globe. And this, in turn attracts a variety of cybercriminals, who want to exploit the varied fan following, and the organizations participating, to make a quick buck. Advanced persistent threat (APT) campaigns, phishing, credit card/cryptocurrency fraud, DDoS attacks, and identity theft are among the threats faced by organizations and audiences, CloudSEK reports. The cybercriminals are motivated by financial gain, ideology, … More

The post Cybercriminals are cashing in on FIFA World Cup-themed cyberattacks appeared first on Help Net Security.

"

Autosummary: “The gap between the supply and demand of FIFA World Cup game tickets, flight tickets, hotels, souvenirs, etc., has been co-opted by cybercriminals, to defraud fans and enthusiasts. Advanced persistent threat (APT) campaigns, phishing, credit card/cryptocurrency fraud, DDoS attacks, and identity theft are among the threats faced by organizations and audiences, CloudSEK reports. "


The cybersecurity trends organizations will soon be dealing with

ciber
2022-11-29 https://www.helpnetsecurity.com/2022/11/29/cybersecurity-trends/

In this interview with Help net Security, Brad Jones, VP of Information Security at Seagate Technology, talks about cybersecurity trends organizations will be dealing with soon, particlularly concerning cloud misconfiguration, data classification, software vulnerabilities, and the cybersecurity skills gap. Cybersecurity risks are an ever-evolving issue for all organizations. What are the main ones we are going to be dealing with in the near future? There will be a spotlight on cloud misconfiguration. It is already … More

The post The cybersecurity trends organizations will soon be dealing with appeared first on Help Net Security.

"

Autosummary: In this interview with Help net Security, Brad Jones, VP of Information Security at Seagate Technology, talks about cybersecurity trends organizations will be dealing with soon, particlularly concerning cloud misconfiguration, data classification, software vulnerabilities, and the cybersecurity skills gap.As a result, we will see legal departments, security teams, and data owners across other departments work together to classify, manage and protect valuable data.For example, by training security talent to manage automated, cloud-agnostic security tools, companies can better manage security across a multicloud environment. "


CISOs in investment firms help fast-track cybersecurity startups

ciber
2022-11-29 https://www.helpnetsecurity.com/2022/11/29/cisos-investment-firms-video/

In this Help Net Security video, Frank Kim, CISO-in-Residence at YL Ventures, discusses the growing role of CISOs in investment firms and how their role as advisors helps drive cybersecurity startups. Frank works closely with cybersecurity startup founders on ideation, product-market-fit, and value realization, on an in-house and regular basis. He provides them with what can be considered an important perspective into the needs of modern CISOs, security teams, and businesses, and he specifically guides … More

The post CISOs in investment firms help fast-track cybersecurity startups appeared first on Help Net Security.

"

Autosummary: "


Tips for Gamifying Your Cybersecurity Awareness Training Program

ciber
2022-11-29 https://securityaffairs.co/wordpress/139073/security/gamifying-cybersecurity-awareness-training.html

In today’s technological world, educating people about cybersecurity awareness is an absolute necessity. According to one report, 82% of data breaches involved the human element, from social attacks to misuse of technologies. These errors are not always entirely preventable, as some level of human error is inevitable, but proper training in cybersecurity awareness can greatly […]

The post Tips for Gamifying Your Cybersecurity Awareness Training Program appeared first on Security Affairs.

"

Autosummary: By leveraging simple concepts of rewards, teamwork, simulations, quizzes, and visual aids, you can give your employees an experience that is more engaging, more entertaining, and more effective than traditional methods.Gamification incentivizes and motivates employees to be more engaged, participate more actively, retain information, and implement behavioral changes moving forward.Visual aids such as graphs, charts, pictures, or videos are a quick and efficient way to convey information that might be harder to understand in text format. "


Kurt Sanger joins Batten as Cybersecurity Expert

ciber
2022-11-29 https://www.helpnetsecurity.com/2022/11/30/batten-kurt-sanger/

Batten announced the appointment of Kurt Sanger as a Cybersecurity Expert. As a former Deputy General Counsel with U.S Cyber Command, Sanger brings years of experience and expertise in cybersecurity and has been involved in the planning of many complex cyber operations. Through this role, Sanger often found himself translating and communicating complex technical information between different communities. Sanger also served 23 years in the United States Marine Corps, giving him a unique perspective on … More

The post Kurt Sanger joins Batten as Cybersecurity Expert appeared first on Help Net Security.

"

Autosummary: "


7 free cybersecurity resources you need to bookmark

ciber
2022-11-28 https://www.helpnetsecurity.com/2022/11/28/7-free-cybersecurity-resources-you-need-to-bookmark/

CodeSec CodeSec is a CLI based tool which brings Contrast’s enterprise-level security testing right to your laptop. It allows you to run real-time SAST or Serverless scans and receive actionable results in a matter of minutes. Defendify Essentials Package Assess your cyber risk, test your network, and improve awareness with essential tools from Defendify: Cybersecurity assessments: Assess your cyber strengths, weaknesses, and opportunities for improvement. Vulnerability scanning: Identify and prioritize vulnerabilities in your organization’s external … More

The post 7 free cybersecurity resources you need to bookmark appeared first on Help Net Security.

"

Autosummary: Defendify Essentials Package Assess your cyber risk, test your network, and improve awareness with essential tools from Defendify: Cybersecurity assessments: Assess your cyber strengths, weaknesses, and opportunities for improvement. "


Check Point launches CyberUp program to support Israel’s growing network of cybersecurity start-ups

ciber
2022-11-25 https://www.helpnetsecurity.com/2022/11/25/check-point-cyberup/

Check Point has launched its CyberUp program, an initiative that will support Israel’s growing network of cybersecurity start-ups by opening up market opportunities with its customers and providing access to potential investors. As well as guiding successful participants through the crucial stages of growth, CyberUp will in turn give Check Point customers access to Israeli innovation. Unlike other start-up programs, CyberUp is focused solely on the cybersecurity sector. Candidates are carefully selected, vetted, and chosen … More

The post Check Point launches CyberUp program to support Israel’s growing network of cybersecurity start-ups appeared first on Help Net Security.

"

Autosummary: These are Cyberpion, Grip Security, Infinipoint, Reflectiz, Sentra, Suridata and Zero Networks. "


5 cybersecurity predictions for 2023

ciber
2022-11-25 https://www.helpnetsecurity.com/2022/11/25/top-cybersecurity-predictions-2023/

The cyber game is now an entire underground economy wrapped around cyberattacks. Thanks to increased international friction and the activity of groups such as Lapsus$, cybercriminals have upped the ante on cybercrime in order to turn a profit. Atakama outlines its top cybersecurity predictions for 2023. IoT blends with shadow IT to make a security headache With 43 billion devices connected to the internet in 2023, attackers have no shortage of targets. Although IoT devices … More

The post 5 cybersecurity predictions for 2023 appeared first on Help Net Security.

"

Autosummary: In response, organizations will need to look beyond conventional data protection practices toward technologies that protect data at the source, such as multifactor encryption to render files useless to threat-actors who will not be able to access the data, whether it is still inside the security perimeter or successfully exfiltrated.Double extortion attacks, pack an even greater punch by encrypting sensitive and proprietary data, hold it for ransom, and worse, publish the data on the dark web unless organizations cough up the cash. "


Overcoming unique cybersecurity challenges in schools

ciber
2022-11-25 https://www.helpnetsecurity.com/2022/11/25/ransomware-attacks-schools/

A school’s ecosystem is far different from that of the typical enterprise. Not only does a school district face the monumental task of educating our upcoming generations, but they must do it at the scale of a Fortune 500 enterprise with a fraction of the budget! With ransomware attacks rising, administrators must find ways to prevent their schools from becoming the next victim, while preserving the integrity of the learning process. Furthermore, unlike companies who … More

The post Overcoming unique cybersecurity challenges in schools appeared first on Help Net Security.

"

Autosummary: Unfortunately, students and staff often make themselves vulnerable through the re-use of passwords across dozens of platforms, devices, websites, and applications within the school.Remote learning, cloud-based tools, smartphones, laptops, and countless other devices have wiped away any perimeter for schools and the sensitive information that they house. "


Interpol Seized $130 Million from Cybercriminals in Global "HAECHI-III" Crackdown Operation

ciber
2022-11-25 https://thehackernews.com/2022/11/interpol-seized-130-million-from.html
Interpol on Thursday announced the seizure of $130 million worth of virtual assets in connection with a global crackdown on cyber-enabled financial crimes and money laundering. The international police operation, dubbed HAECHI-III, transpired between June 28 and November 23, 2022, resulting in the arrests of 975 individuals and the closure of more than 1,600 cases. This comprised two fugitives "

Autosummary: "


Interpol seized $130 million from cybercriminals worldwide

ciber
2022-11-24 https://www.bleepingcomputer.com/news/security/interpol-seized-130-million-from-cybercriminals-worldwide/
INTERPOL has announced the seizure of $130,000,000 million worth of money and virtual assets linked to various cybercrimes and money laundering operations. [...] "

Autosummary: " The types of cybercrimes that generated the said amount include romance scams, voice phishing, sextortion, investment fraud, and money laundering associated with illegal online gambling. "


Russian cybergangs stole over 50 million passwords this year

ciber
2022-11-23 https://www.bleepingcomputer.com/news/security/russian-cybergangs-stole-over-50-million-passwords-this-year/
At least 34 distinct Russian-speaking cybercrime groups using info-stealing malware like Raccoon and Redline have collectively stolen 50,350,000 account passwords from over 896,000 individual infections from January to July 2022. [...] "

Autosummary: Passwords stolen: 50,352,518 (up by 80%) Cookie files exfiltrated: 2,117,626,523 (up by 74%) Crypto wallets breached: 113,204 (up by 216%) Payment cards compromised: 103,150 (up by 81%) Infostealer operation stats from first seven months of 2022 (Group-IB) Group-IB also notes that in the first seven months of this year the actors focused on stealing of Steam, Epic Games, and Roblox accounts, recording a five-fold increase compared to last year. "


How entrepreneurs can capitalize on the impending golden age of cybersecurity

ciber
2022-11-22 https://www.helpnetsecurity.com/2022/11/22/cybersecurity-investing-golden-age/

As the markets continue to fluctuate, budget cuts and layoffs now extend across the tech industry, with cybersecurity no exception from tightening its belt and assessing its priorities. Investors are proceeding with caution and waiting to see a correction in valuations, while cybersecurity startups are examining their runway and long-term viability. The growing number and sophistication of cyberattacks, however, reinforce the need for heightened security awareness and innovation. Standing on the front lines of these … More

The post How entrepreneurs can capitalize on the impending golden age of cybersecurity appeared first on Help Net Security.

"

Autosummary: Udi Mokady, chairman and CEO of CyberArk, who amassed decades of experience working with cybersecurity professionals, says, “Never go frothy in good times, and never over-correct in bad times.As they grow, they must pay more attention to the correlation between growth rate and burn rate, unit economics in terms of customer acquisition and all the important basics — product-market fit, sales repeatability and more, before they begin to scale.” Greg Sands, managing director at Costanoa Ventures, agrees: “Those of us who help startups build brick-by-brick and grow at a good pace into stellar companies with great unit economics are not worried, and will not change our investing approach.” The mix of bountiful opportunities and a limited number of top-of-the-line vendors in the early 2000s brought about the “bronze age” of cybersecurity, as Richard called it, with the “silver age” dawning in the post-2008 crisis as cloud computing began its meteoric rise and helped establish the tech behemoths that are today iconic and publicly owned. "


Wipro launches cybersecurity consulting offering for businesses across Europe

ciber
2022-11-22 https://www.helpnetsecurity.com/2022/11/23/wipro-cybersecurity-consulting-offering/

Wipro has launched a strategic cybersecurity consulting offering in Europe. The announcement comes on the heels of a series of acquisitions in the consulting space—Edgile, Capco, and Ampion—and is part of the firm’s vision to build a global cybersecurity consulting offering to help clients stay ahead of a dynamic threat and regulatory environment. “Escalation of cyber threats, compounded by the rapidly changing regulatory environment, is creating brand new challenges for businesses across Europe,” said Tony … More

The post Wipro launches cybersecurity consulting offering for businesses across Europe appeared first on Help Net Security.

"

Autosummary: "


5 free resources from the Cybersecurity and Infrastructure Security Agency (CISA)

ciber
2022-11-21 https://www.helpnetsecurity.com/2022/11/21/5-free-resources-cybersecurity-and-infrastructure-security-agency-cisa/

The Cybersecurity and Infrastructure Security Agency (CISA) is an agency of the United States Department of Homeland Security. CISA is in charge of enhancing cybersecurity and infrastructure protection at all levels of government, coordinating cybersecurity initiatives with American U.S. states, and enhancing defenses against cyberattacks. To assist businesses in enhancing their security capabilities, CISA offers free cybersecurity products and services. Cyber Hygiene Vulnerability Scanning You can register for this service by emailing vulnerability@cisa.dhs.gov. Scanning will start … More

The post 5 free resources from the Cybersecurity and Infrastructure Security Agency (CISA) appeared first on Help Net Security.

"

Autosummary: Checklist for implementing cybersecurity measures This document outlines four goals for your organization: Reducing the likelihood of a damaging cyber incident Detecting malicious activity quickly Responding effectively to confirmed incidents Maximizing resilience. "


Aurora infostealer malware increasingly adopted by cybergangs

exploits ciber
2022-11-21 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/
Cybercriminals are increasingly turning to a new Go-based information stealer named "Aurora" to steal sensitive information from browsers and cryptocurrency apps, exfiltrate data directly from disks, and load additional payloads. [...] "

Autosummary: The highlight features listed in the promotional posts are: Polymorphic compilation that doesn’t require crypter wrapping Server-side data decryption Targets over 40 cryptocurrency wallets Automatic seed phrase deduction for MetaMask Reverse lookup for password collection Runs on TCP sockets Communicates with C2 only once, during license check Fully native small payload (4.2 MB) requiring no dependencies The above features are geared towards high-level stealthiness, which is the main advantage of Aurora over other popular info-stealers. "


Cybersecurity implications of using public cloud platforms

ciber
2022-11-18 https://www.helpnetsecurity.com/2022/11/18/cybersecurity-implications-using-public-cloud-platforms-video/

According to a recent Node4 report, IT managers have a generally positive view of public cloud platforms. Half of the respondents said that, despite benefits, they have had to migrate a workload back off a public cloud platform — and called out several potential shortcomings that could be behind this trend: 56% said their public cloud environment was more expensive to operate than initially forecast 22% identified service issues or capacity constraints 21% reported a … More

The post Cybersecurity implications of using public cloud platforms appeared first on Help Net Security.

"

Autosummary: "


Photos: Cybersecurity marketers gather at Cyber Marketing Con 2022

ciber
2022-11-18 https://www.helpnetsecurity.com/2022/11/18/cyber-marketing-con-2022-photos/

Help Net Security is attending Cybersecurity Marketing Society’s Cyber Marketing Con 2022 in Arlington, VA. Here’s a look at the event. Nathan Burke, CMO, Axonius Carmen Harris, Director, Product and Technology Communications, Sumo Logic Robin Campbell-Burt, CEO, Code Red Communications – Tanya Loh, Head of Marketing and Community, Forgepoint Capital – Melissa Goldberger, CMO, SafeBreach – Ryan Shopp, CMO, Deep Instinct – Michelle Schafer, SVP and Partner, Security Practice, Merritt Group Kaite Rosa, Sr. Director … More

The post Photos: Cybersecurity marketers gather at Cyber Marketing Con 2022 appeared first on Help Net Security.

"

Autosummary: "


Rallying cybersecurity and healthcare IT to support patient safety

ciber
2022-11-16 https://www.helpnetsecurity.com/2022/11/16/cyber-physical-systems-healthcare/

The expansion of cyber-physical systems in healthcare, particularly the IP “heartbeats” dispersed across hospital networks, has stretched cybersecurity beyond its IT legacy of monitoring for downed email and site uptimes at a clinic. As we look to expedite applying cybersecurity to protect the field of medicine and its evolving cyber-physical nature, patient safety should be our guiding star. Healthcare organizations already understand the priority; patient safety and the Hippocratic Oath guide the work of medical … More

The post Rallying cybersecurity and healthcare IT to support patient safety appeared first on Help Net Security.

"

Autosummary: Though, to be fair, medical professionals are usually granted ample resources to win the battle against patient disease, while hospitals’ IT teams are often lacking people, processes, and the technology support they need to foil ransomware, device hacking and other cybersecurity threats. The same as in healthcare, there is no substitute for a human in cybersecurity: a human that knows the network, knows the patient, knows the attackers, etc.For example: to date, consumer health monitoring apps have introduced unacceptable levels of risk to the medical community since they impact patient safety (inaccurate blood pressure measurement, etc.). "


CIS SecureSuite Membership: Leverage proven best practices to improve cybersecurity

ciber
2022-11-16 https://www.helpnetsecurity.com/2022/11/16/cis-securesuite-membership-video/

Whether you’re facing a security audit or interested in configuring systems securely, CIS SecureSuite Membership is here to help. CIS SecureSuite provides thousands of organizations with access to an effective and comprehensive set of cybersecurity resources and tools to implement the CIS Critical Security Controls (CIS Controls) and CIS Benchmarks. Track compliance with industry frameworks, secure systems with more than 100 configuration guides, and more, all with one powerful Membership.

The post CIS SecureSuite Membership: Leverage proven best practices to improve cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Immersive Labs helps UK Ministry of Defence identify qualified candidates to fill vital cybersecurity roles

ciber
2022-11-15 https://www.helpnetsecurity.com/2022/11/15/immersive-labs-uk-ministry-of-defence/

Immersive Labs announced that the UK Ministry of Defence (MOD) has deployed Immersive Labs Cyber Pro, Crisis Sim, and AppSec solutions to upskill individuals and teams across its organization to confront the latest cyber threats, prove cyber readiness, and identify cybersecurity talent to fill open roles. The integration supports the MOD’s new Digital Skills for Defence programme to build stronger, digital skills across defence and follows a successful trial by the UK Army. The partnership … More

The post Immersive Labs helps UK Ministry of Defence identify qualified candidates to fill vital cybersecurity roles appeared first on Help Net Security.

"

Autosummary: Immersive Labs is trusted by the world’s largest organizations and governments, including Citi, Pfizer, Daimler, Humana, Atos, HSBC, and the UK National Health Service. "


ThreatX Academy increases access to cybersecurity expertise

ciber
2022-11-15 https://www.helpnetsecurity.com/2022/11/16/threatx-academy/

ThreatX has launched the ThreatX Academy, an online portal hosting an extensive library of cybersecurity training modules. These courses provide an accessible and approachable opportunity for those looking to begin, or advance, their cybersecurity careers. ThreatX is providing all foundational 100-level content at no charge. Training content spans many areas of cybersecurity, including Application Security, Data Protection and Privacy, Networking, Secure DevOps and Wireless Security, among others. The need for cybersecurity professionals has been growing … More

The post ThreatX Academy increases access to cybersecurity expertise appeared first on Help Net Security.

"

Autosummary: Through (ISC)², members can earn several security certifications, including: CISSP Certified in Cybersecurity SSCP – Security Administration CCSP – Cloud Security CSSLP – Software Security In order to maintain these certifications, members must earn Continuing Professional Education (CPE) Credits. "


Key cybersecurity trends in the energy sector

industry ciber
2022-11-14 https://www.helpnetsecurity.com/2022/11/14/energy-sector-cybersecurity-trends-video/

The key trends for the energy industry are about how we manage the future supply and demand challenges at a much more granular level than we are currently able do. If we’re ever to balance the supply and demand equation against the backdrop of increased consumer demands (electric vehicles, mass transport systems, electrification of home heating systems, etc.), and the increased complexity in the generation, distribution and storage systems, this supply and demand will have … More

The post Key cybersecurity trends in the energy sector appeared first on Help Net Security.

"

Autosummary: "


Have board directors any liability for a cyberattack against their company?

ciber
2022-11-14 https://securityaffairs.co/wordpress/138507/security/board-directors-liability-for-cyberattack.html

Are the directors of a company hit by a cyberattack liable for negligence in failing to take steps to limit the risk. As the risk of a cyberattack grows, it is pivotal to consider whether the directors of a company hit by a ransomware attack, for example, can bear any liability for negligence in failing […]

The post Have board directors any liability for a cyberattack against their company? appeared first on Security Affairs.

"

Autosummary: In this context, some of the worst-case scenarios from the perspective of directors’ liability should a cyber attack occur are the following: the actions listed above have been discussed at the board of directors meeting, but no activity has been undertaken; risk analysis actions were undertaken, a weakness in the information systems was identified, but the company did nothing (or very little) to correct them in a timely manner; the company realizes that it has not paid for the renewal of the insurance policy covering the cyber risk, considering it to be remote and assessing the policy to be excessively expensive. The BoD will have to, among others, analyze the corrective actions to be taken to minimize the negative consequences of the cyber attack, assess the economic impact of the attack, including in terms of possible penalties, to possibly inform shareholders and create a budget reserve, and decide whether the incident should be reported to the appropriate authorities and communicated to the individuals whose data was compromised.Also, due to the costs of the pandemic, but in general due to the other overriding priorities, some companies sometimes do not conduct periodic penetration tests and analyses of the state of maturity of technical and organizational measures taken to reduce cyber risk; when these analyses flag weaknesses, they do not immediately handle them but are added to a “to-do-list” without a specific deadline in the short term; and they rely on an incident response plan that has not been tested and, therefore, may not properly function in the event of an attack. The size of the cyber risk to companies cannot be underestimated To indicate the size of the cyber risk to companies, there is, on average, a cyber-attack every 39 seconds, which does not mean that every attack is successful, but that there is an attempt to access companies’ computer systems with that frequency. "


Offensive Security partners with Climb Credit to increases access to cybersecurity education

ciber
2022-11-13 https://www.helpnetsecurity.com/2022/11/13/offensive-security-climb-credit/

Offensive Security has partnered with Climb Credit to make professional cybersecurity education more affordable and accessible for individuals through a variety of financing options. There is an ongoing need for cybersecurity experts. According to data from CyberSeek, there are 760,000 cybersecurity job openings in the United States. At the same time, the number of cyberattacks continues to rise at a rate of 32% year over year, according to Check Point Research. A survey from cybersecurity … More

The post Offensive Security partners with Climb Credit to increases access to cybersecurity education appeared first on Help Net Security.

"

Autosummary: “Climb’s mission is to make career-related education affordable, accessible, and inclusive. "


Personal cybersecurity is now a company problem

ciber
2022-11-11 https://www.helpnetsecurity.com/2022/11/11/personal-cybersecurity-company-problem-video/

As work and personal lives have almost merged into one, threat actors are increasingly targeting people because of their work lives, and cybersecurity needs to adapt to the new reality. In this Help Net Security video, Amir Targighat, CEO at Agency, discusses the rise of employee digital risk. He explores the intersection of personal and enterprise cybersecurity and new approaches for managing the new wave of attacks.

The post Personal cybersecurity is now a company problem appeared first on Help Net Security.

"

Autosummary: "


Living Security collaborates with SpyCloud to manage and mitigate human cybersecurity risk

ciber
2022-11-10 https://www.helpnetsecurity.com/2022/11/10/living-security-spycloud/

Living Security partners with SpyCloud to better identify segments of human risk inside organizations and help security leaders create a proactive plan to mitigate attacks. Living Security’s Unify Human Risk Management Platform now includes SpyCloud’s Identity Risk Engine, which delivers risk assessments and key risk indicators (KRIs) based on analysis of 300+ billion assets recaptured from data breaches and malware victim logs being traded in the criminal underground. The KRIs link email addresses, usernames, passwords, … More

The post Living Security collaborates with SpyCloud to manage and mitigate human cybersecurity risk appeared first on Help Net Security.

"

Autosummary: The KRIs link email addresses, usernames, passwords, and PII across employees’ exposed online personas, giving security teams a fuller picture of individuals’ security hygiene, as well as details on the scope, recency, and severity of their darknet exposures. "


Is Cybersecurity Awareness Month Anything More Than PR?

ciber
2022-11-10 https://thehackernews.com/2022/11/is-cybersecurity-awareness-month.html
Cybersecurity Awareness Month has been going on since 2004. This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways:  The public, by taking action to stay safe online. Professionals, by joining the cyber workforce. Cyber industry partners, as part of the cybersecurity solution. CISA outlined four "things "

Autosummary: Advice implementation from Cyber Security Awareness Month 2022 The CISA "four things you can do" initiative for the 2022 Cybersecurity Awareness Month, including updating software, thinking before they click to prevent phishing, using strong passwords, and enabling multifactor authentication was publicized aiming to influence end-user behavior toward better security practices.This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways: The public, by taking action to stay safe online. CISA outlined four "things you can do" to stay safe online for individuals and families, including updating their software, thinking before they click, using strong passwords, and enabling multifactor authentication on sensitive accounts. "


Armis and NextGen Cyber Talent join forces to address the shortage of cybersecurity experts

ciber
2022-11-09 https://www.helpnetsecurity.com/2022/11/09/armis-nextgen-cyber-talent/

Armis partners with non-profit NextGen Cyber Talent to help develop the next generation of cybersecurity professionals. NextGen Cyber Talent is on a mission to successfully educate cohorts of underprivileged and underserved students about cyber technologies and address the talent shortage by providing students with professional development enabling them to pursue careers in cybersecurity. Armis is supporting the non-profit by offering certified classes for students taught by Armis team members and by furthering the organization’s impact … More

The post Armis and NextGen Cyber Talent join forces to address the shortage of cybersecurity experts appeared first on Help Net Security.

"

Autosummary: “We need to recognize and address that not only on days like today – National STEM/STEAM Day, which draws attention to the importance of providing education on and cultivating talent across science, technology, engineering, art, and mathematics – but on an ongoing basis to make a real difference. "


Exposing Emotet and its cybercriminal supply chain

ciber
2022-11-08 https://www.helpnetsecurity.com/2022/11/08/exposing-emotet-cybercriminal-supply-chain-video/

Emotet, one of the most evasive and destructive malware delivery systems, caused substantial damage during its initial reign. After a coordinated takedown by authorities in early 2021, Emotet has reemerged as a global threat that will persist for organizations. In this Help Net Security video, Chad Skipper, Global Security Technologist at VMware, unpacks insights learned from Emotet’s most recent resurgence in hopes that organizations can better understand and defend themselves against this resilient malware.

The post Exposing Emotet and its cybercriminal supply chain appeared first on Help Net Security.

"

Autosummary: "


How geopolitical turmoil changed the cybersecurity threat landscape

industry ciber
2022-11-08 https://www.helpnetsecurity.com/2022/11/08/cybersecurity-threat-landscape-2022/

ENISA, EU’s Agency for Cybersecurity, released its annual Threat Landscape report, covering the period from July 2021 up to July 2022. Cybersecurity threat landscape in 2022 With more than 10 terabytes of data stolen monthly, ransomware still fares as one of the prime threats in the new report with phishing now identified as the most common initial vector of such attacks. The other threats to rank highest along ransomware are attacks against availability also called … More

The post How geopolitical turmoil changed the cybersecurity threat landscape appeared first on Help Net Security.

"

Autosummary: Ransomware : 60% of affected organizations may have paid ransom demands : 60% of affected organizations may have paid ransom demands Malware : 66 disclosures of zero-day vulnerabilities observed in 2021 : 66 disclosures of zero-day vulnerabilities observed in 2021 Social engineering : Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing : Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing Threats against data : Increasing in proportionally to the total of data produced : Increasing in proportionally to the total of data produced Disinformation – misinformation :Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service Supply chain targeting : Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020 : Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020 Threats against availability : : Largest denial of service (DDoS) attack ever was launched in Europe in July 2022 Internet: destruction of infrastructure, outages and rerouting of internet traffic. "


Taking cybersecurity investments to the next level

ciber
2022-11-07 https://www.helpnetsecurity.com/2022/11/07/cybersecurity-investments-alberto-yepez-forgepoint-capital/

Recently, the Forgepoint team announced a new alliance with global banking leader Santander to increase cyber investment worldwide, specifically in Europe, Israel, and Latin America. Santander will also be the primary investor in Forgepoint’s next fund, slated for 2023, with a nearly $300 million goal. This was the perfect reason to connect with Alberto Yépez, the co-founder and Managing Director of Forgepoint Capital. In this Help Net Security interview, the former Trident Capital leader offers … More

The post Taking cybersecurity investments to the next level appeared first on Help Net Security.

"

Autosummary: Large market opportunity Differentiated offerings that are hard to replicate Sound go-to-market strategy Ensuring the right team is in place Product market fit as demonstrated by early customer traction Israeli and European companies trying to get funding in the US should be able to clearly speak to these fundamentals, demonstrating how they’ll incorporate the US into their go-to-market and growth plans as they partner with investors, form channel alliances, and further develop their businesses.Networking with VCs may also suggest you meet with others and while these introductions may not be directly about fundraising, they can help you get exposure to potential customers, team members, and advisors for input on your tech, business, and model.In this Help Net Security interview, the former Trident Capital leader offers insight into innovation in the cybersecurity market, M&A activity, pitching to VCs, and more. "


Robin Banks Phishing Service for Cybercriminals Returns with Russian Server

financial ciber
2022-11-07 https://thehackernews.com/2022/11/robin-banks-phishing-service-for.html
A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet. Robin Banks was "

Autosummary: "


Maple Leaf Foods suffers outage following weekend cyberattack

ciber
2022-11-07 https://www.bleepingcomputer.com/news/security/maple-leaf-foods-suffers-outage-following-weekend-cyberattack/
Maple Leaf Foods confirmed on Sunday that it experienced a cybersecurity incident causing a system outage and disruption of operations. [...] "

Autosummary: "The outage is creating some operational and service disruptions that vary by business unit, plant, and site," reads the statement. "


A cyberattack blocked the trains in Denmark

ciber
2022-11-06 https://securityaffairs.co/wordpress/138127/cyber-crime/cyberattack-blocked-trains-denmark.html

At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider. The attack hit the Danish company Supeo […]

The post A cyberattack blocked the trains in Denmark appeared first on Security Affairs.

"

Autosummary: "


Outmaneuvering cybercriminals by recognizing mobile phishing threats’ telltale markers

financial ciber
2022-11-04 https://www.helpnetsecurity.com/2022/11/04/smartphones-phishing-attacks/

Preventative medicine has long been recognized as a vital approach in safeguarding our physical health. We take a variety of tests and assessments so that doctors can uncover key biological markers that may indicate the potential development of certain diseases or illnesses as early as possible. Cybercrime in the digital world has distinguishing features, too, and we can react to cyberattacks by neutralizing the source. As phishing attacks soar in frequency and sophistication and are … More

The post Outmaneuvering cybercriminals by recognizing mobile phishing threats’ telltale markers appeared first on Help Net Security.

"

Autosummary: This makes sense: Smartphones are our main connection to our digital endpoints – social media, email, apps, SMS, etc. – and the sophistication of today’s phishing criminals means that even the most switched on and savvy users can fall prey to attacks.However, this takes time and a major shift in mindset, so more than anything we need to deploy a technology, that can do the detection, decoding, and everything in between. "


Cybersecurity recovery is a process that starts long before a cyberattack occurs

ciber
2022-11-03 https://www.helpnetsecurity.com/2022/11/03/cybersecurity-recovery/

While most organizations have insurance in case of cyberattacks, the premium they pay depends on how the business identifies, detects and responds to these attacks – and on how quickly they recover. Organizations that can prove their resiliency and compliance with NIS guidelines – showing that they will be able to recover quickly in the event of an attack – could reduce their risks and their insurance premiums. A great cybersecurity recovery program can save … More

The post Cybersecurity recovery is a process that starts long before a cyberattack occurs appeared first on Help Net Security.

"

Autosummary: An ever-evolving threat Organizations are racing to stay ahead of cyber criminals, and as a result, we see businesses investing a lot of money on identifying and detecting attacks, on preventing attacks in the first place, and in responding to live attacks.Having the right IT architecture, security and recovery process in place Organizations with the right IT architecture, recovery time and point objectives, and security policies are at a considerable advantage when it comes to the recovery process. "


Bitdefender Chat Protection defends users from cybercriminal activities targeting mobile devices

ciber
2022-11-03 https://www.helpnetsecurity.com/2022/11/03/bitdefender-chat-protection/

Bitdefender unveiled a real-time chat protection capabilities for mobile-based instant messaging applications. Bitdefender Chat Protection immediately alerts users if malicious links are received or sent during live sessions over the world’s most popular chat applications including WhatsApp, Facebook Messenger, Telegram and Discord. A true industry innovation, the new capabilities help protect users from increased cybercriminal activities targeting mobile devices. Chat Protection is incorporated into Bitdefender Mobile Security for Android through Bitdefender Scam Alert technology, used … More

The post Bitdefender Chat Protection defends users from cybercriminal activities targeting mobile devices appeared first on Help Net Security.

"

Autosummary: Chat Protection is incorporated into Bitdefender Mobile Security for Android through Bitdefender Scam Alert technology, used by consumers worldwide for monitoring, detecting and stopping link-based attacks delivered via messaging applications, notifications, and SMS text messages. "


IoT cybersecurity is slowly gaining mainstream attention

industry ciber
2022-11-03 https://www.helpnetsecurity.com/2022/11/03/iot-devices-cybersecurity/

In this interview for Help Net Security, Jason Oberg, CTO at Cycuity, talks about IoT devices cybersecurity, from production to usage, and how far have we come to securing these devices. IoT has been part of our reality for quite some time, but what about the security of these devices? Is it becoming a priority? We’ve seen the concern and prioritization of IoT security growing, this is due both to the growing popularity of these … More

The post IoT cybersecurity is slowly gaining mainstream attention appeared first on Help Net Security.

"

Autosummary: In this interview for Help Net Security, Jason Oberg, CTO at Cycuity, talks about IoT devices cybersecurity, from production to usage, and how far have we come to securing these devices.That said, we see a shift to making security a key component of the entire development process so that the approach is systematic, predictable, and scalable with the usual development schedule. "


ALMA Observatory shuts down operations due to a cyberattack

ciber
2022-11-03 https://www.bleepingcomputer.com/news/security/alma-observatory-shuts-down-operations-due-to-a-cyberattack/
The Atacama Large Millimeter Array (ALMA) Observatory in Chile has suspended all astronomical observation operations and taken its public website offline following a cyberattack on Saturday, October 29, 2022. [...] "

Autosummary: The project cost $1.4 billion, making it the world’s most expensive ground telescope, and it was developed thanks to a multi-national effort involving the United States, Europe, Canada, Japan, South Korea, Taiwan, and Chile. "


The future starts now: 10 major challenges facing cybersecurity

ciber
2022-11-03 https://www.welivesecurity.com/2022/11/03/future-starts-10-major-challenges-facing-cybersecurity/

To mark Antimalware Day, we’ve rounded up some of the most pressing issues for cybersecurity now and in the future

The post The future starts now: 10 major challenges facing cybersecurity appeared first on WeLiveSecurity

"

Autosummary: Monitoring the dark web helps cyber-defenders prevent attacks, understand how fraudsters and cybercriminal groups think, what vulnerabilities are being traded, what malicious tools the bad actors use to access organizations’ systems or to defraud people, or what information about an organization is circulating in these underground markets. One variety of phishing that has seen explosive growth lately is so-called callback phishing, a tactic that combines traditional email-based phishing with voice-based phishing (aka vishing) and is used to gain access to organizations’ systems and deploy malware, such as ransomware, on their networks. To get an idea of the general interest in the world of cryptocurrencies, NFT, play-to-earn games and others, just take a look at platforms such as PhishTank and notice the number of new phishing sites that are spotted daily and are designed to steal people’s credentials for cryptocurrency wallets. "


Cybertech NYC 2022 to feature 70+ cybersecurity startups

ciber
2022-11-03 https://www.helpnetsecurity.com/2022/11/03/cybertech-nyc-2022-cybersecurity-startups/

Cybertech NYC 2022 will host more than 70 cybersecurity startups at the Javits Center in New York City on November 15-16. The event will also feature global cyber leaders from Israel, France, Spain, Finland, United Arab Emirates, and more. Oleh Derevianko, Chairman, and CVO of Information System Security Partners in Ukraine, will offer his perspective on the cybersecurity angle of the war with Russia. Derevianko’s presentation is one of more than 20 sessions discussing various … More

The post Cybertech NYC 2022 to feature 70+ cybersecurity startups appeared first on Help Net Security.

"

Autosummary: "


32% of cybersecurity leaders considering quitting their jobs

ciber
2022-11-02 https://www.helpnetsecurity.com/2022/11/02/cisos-leaving-organization/

32% of CISOs or IT Security DMs in the UK and US are considering leaving their current organization, according to a research from BlackFog. Of those considering leaving their current role, a third of those would do so within the next six months. This research, which explored the frustrations and challenges faced by cybersecurity professionals also highlights the impact that cyber incidents have on turnover and job security. It revealed that of those who had … More

The post 32% of cybersecurity leaders considering quitting their jobs appeared first on Help Net Security.

"

Autosummary: The struggle to keep up with new cybersecurity approaches Escalating cybersecurity threats are driving new innovations to help organizations improve their cybersecurity posture, however, findings show: 52%, admitted that they are struggling to keep up to date with new frameworks and models such as zero trust. "


Meet fundamental cybersecurity needs before aiming for more

ciber
2022-11-02 https://www.helpnetsecurity.com/2022/11/02/hierarchy-of-cybersecurity-needs/

In this interview for Help Net Security, Mike Lefebvre, Director of Cybersecurity at SEI, talks about the hierarchy of cybersecurity needs and what should be done to meet them properly. We have all heard about the hierarchy of human needs, but what about the hierarchy of cybersecurity needs? What does it consist of? A hierarchy of cybersecurity needs is inspired by a similar concept of the hierarchy of human needs, coined by the psychologist Abraham … More

The post Meet fundamental cybersecurity needs before aiming for more appeared first on Help Net Security.

"

Autosummary: Examples of this include servers, endpoints, clouds, printers, applications, third-party vendors, IoT devices, identities and anything-as-a-service.Examples of this include servers, endpoints, clouds, printers, applications, third-party vendors, IoT devices, identities and anything-as-a-service.Just as the hierarchy of human needs posits that we need to consistently have food, shelter, and water to achieve higher order actualization (e.g., belonging, religion, self-esteem), so too do we need to regularly meet foundational cyber needs. "


Forescout Continuum Timeline accelerates threat detection for cybersecurity teams

ransomware ciber
2022-11-02 https://www.helpnetsecurity.com/2022/11/02/forescout-continuum-timeline/

Forescout Technologies has released its latest Continuum platform update which includes Forescout Continuum Timeline, a new cloud-native solution that provides long-term retention, search, and analytics of asset data. Timeline enables enterprises to meet compliance and audit requirements, better support incident investigations, and to identify risks and gaps to help prioritize preventative measures. Today, all organizations need an automated way of maintaining real-time asset intelligence for every connected device. Cybersecurity teams overwhelmed with rapid asset growth … More

The post Forescout Continuum Timeline accelerates threat detection for cybersecurity teams appeared first on Help Net Security.

"

Autosummary: This Continuum platform update expands asset discovery, assessment, and management capabilities to reduce high manual labor costs, performance issues, challenges with keeping asset databases current, business disruptions, and the risk of security breaches due to asset intelligence gaps. "


Persistent and Google Cloud launch a solution to help organizations recover from cyberattacks

ciber
2022-11-01 https://www.helpnetsecurity.com/2022/11/01/persistent-intelligent-cyber-recovery/

Persistent Systems launched a trailblazing solution that enables organizations to recover more quickly from cyber-attacks. Together with Google Cloud, the Persistent Intelligent Cyber Recovery (PiCR) solution provides a comprehensive and scalable cyber recovery approach, allowing organizations to reduce data loss and minimize the negative impact to brand reputation from prolonged downtime. Persistent Intelligent Cyber Recovery is now available on the Google Cloud Marketplace. Hackers are increasing the frequency and scale of ransomware attacks. They are … More

The post Persistent and Google Cloud launch a solution to help organizations recover from cyberattacks appeared first on Help Net Security.

"

Autosummary: Reduction in data loss Decreased risk of recurrent attacks through the removal of malware Faster recovery from ransomware and zero-day attacks (from weeks/months to hours/days) Potential cyber insurance cost reduction Scalable solution depending on enterprise size challenges Nitha Puthran, Senior Vice President – Cloud, Infrastructure and Security, Persistent: “The digital environment today is constantly evolving and so are the risks associated with it. "


Cyberattacks in healthcare sector more likely to carry financial consequences

financial ciber
2022-10-31 https://www.helpnetsecurity.com/2022/10/31/healthcare-sector-cyberattack/

Netwrix announced additional findings for the healthcare sector from its global 2022 Cloud Security Report, revealing that 61% of respondents in the healthcare industry suffered a cyberattack on their cloud infrastructure within the last 12 months, compared to 53% for other verticals. Phishing was the most common type of attack reported. “The healthcare sector is a lucrative target for attackers because the chances of success are higher. The first two years of the pandemic exhausted … More

The post Cyberattacks in healthcare sector more likely to carry financial consequences appeared first on Help Net Security.

"

Autosummary: "


A massive cyberattack hit Slovak and Polish Parliaments

ciber
2022-10-29 https://securityaffairs.co/wordpress/137777/hacking/slovak-polish-parliaments-cyberattacks.html

The Slovak and Polish parliaments were hit by a massive cyber attack, and the voting system in Slovakia’s legislature was brought down. A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought down the voting system in Slovakia’s legislature. “The attack was multi-directional, including from inside the Russian […]

The post A massive cyberattack hit Slovak and Polish Parliaments appeared first on Security Affairs.

"

Autosummary: "


Protexxa raises $4 million to remediate gaps in cybersecurity for companies and individuals

ciber
2022-10-29 https://www.helpnetsecurity.com/2022/10/30/protexxa-funding/

Cybersecurity startup Protexxa has raised CAD$4 million in seed funding. The company aims to address the risk to businesses resulting from gaps in personal cybersecurity for both companies and individuals. Its seed funding round was led by BKR Capital, which makes transformational investments in disruptive companies and promising Black technology founders. The Firehood Angels and several angel investors, including Jeff Fettes, Annette Verschuren, and Leen Li also participated in the round. The funds will be … More

The post Protexxa raises $4 million to remediate gaps in cybersecurity for companies and individuals appeared first on Help Net Security.

"

Autosummary: Using artificial intelligence (AI), the Protexxa platform identifies, evaluates, predicts, and resolves common cyber issues. "


Know the dangers you’re facing: 4 notable TTPs used by cybercriminals worldwide

ciber
2022-10-28 https://www.helpnetsecurity.com/2022/10/28/4-notable-ttps-used-by-cybercriminals-worldwide-video/

In this Help Net Security video, Dmitry Bestuzhev, Most Distinguished Threat Researcher at BlackBerry, talks about some of the most interesting tactics, techniques, and procedures employed by cybercriminals in recent months. These are: The exploitation of Log4Shell Trojanization of security and privacy-focused tools Malicious ads based on the victim’s location and browser referrer Supply-chain attacks through open-source projects

The post Know the dangers you’re facing: 4 notable TTPs used by cybercriminals worldwide appeared first on Help Net Security.

"

Autosummary: "


Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints

ciber
2022-10-28 https://thehackernews.com/2022/10/raspberry-robin-operators-selling.html
The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware. It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread," the Microsoft Security Threat Intelligence Center (MSTIC "

Autosummary: The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware. "


Largest EU copper producer Aurubis suffers cyberattack, IT outage

ciber
2022-10-28 https://www.bleepingcomputer.com/news/security/largest-eu-copper-producer-aurubis-suffers-cyberattack-it-outage/
German copper producer Aurubis has announced that it suffered a cyberattack that forced it to shut down IT systems to prevent the attack"s spread. [...] "

Autosummary: "


Cybersecurity’s importance and impact reaches all levels of the tech workforce

ciber
2022-10-27 https://www.helpnetsecurity.com/2022/10/27/cybersecurity-professionals-demand/

Employer demand for cybersecurity professionals continues to strain talent availability, according to new data from CyberSeek. For the 12-month period ending in September 2022, employers listed 769,736 openings for cybersecurity positions or jobs requiring cybersecurity skills. Employer demand for cybersecurity workers grew 2.4 times faster than the overall rate across the U.S. economy. Nine of the 10 top months for cybersecurity job postings in the past 10 years have occurred in 2022. Despite a slight … More

The post Cybersecurity’s importance and impact reaches all levels of the tech workforce appeared first on Help Net Security.

"

Autosummary: There is a similar expansion of cybersecurity skills requirements in adjacent positions such as auditor (+336%), software developer (+87%), cloud architect (+83%) and technical support engineer (+48%). "


How cybersecurity VCs find visionary companies in emerging sectors

ciber
2022-10-26 https://www.helpnetsecurity.com/2022/10/26/cybersecurity-vc/

33N Ventures is fundraising €150 million for investing in cybersecurity and infrastructure software companies across Europe, Israel, and the US. The fund will mostly target investments at Series A and B, with an average ticket size of around €10 million, and has an investment capacity of €20 million already committed by Alantra and its strategic partners. Co-founders and managing partners Carlos Alberto Silva and Carlos Moreira da Silva have made more than 20 investments in … More

The post How cybersecurity VCs find visionary companies in emerging sectors appeared first on Help Net Security.

"

Autosummary: Our strategic advisors – including leading entrepreneurs, experts, and cybersecurity decision-makers such Brian NeSmith (Arctic Wolf), Eyal Hayardeny (Reblaze), Nuno Sebastião (Feedzai), and Pierre Polette (Hackuity) – all founders of companies we’ve invested in in the past – possess an incredible depth and breadth of sector-specific knowledge and experience that, added to our own, really helps us identify and support the founders and companies with the biggest breakthrough and scaling potential.That’s not going to change – from digital transformation to national security, cyber will continue being a top priority for governments, institutions, companies, and investors across the globe, and the market is expected to reach $162 billion in 2022, with robust annual double-digit growth forecast for the coming years – and so the companies we’ll be looking at have some in-built resilience. Of course, we stay up to date with the industry, look at all publicly available sources, and attend the most relevant cybersecurity events across Europe, Israel, and the US. In this Help Net Security interview, they discuss the cybersecurity investment landscape in Europe, the strategies for finding the right companies, and more. Co-founders and managing partners Carlos Alberto Silva and Carlos Moreira da Silva have made more than 20 investments in cybersecurity and infrastructure software over the past 10 years, across Europe, Israel and the US – including most notably Arctic Wolf. "


A quick guide for small cybersecurity teams looking to invest in cyber insurance

ciber
2022-10-26 https://www.helpnetsecurity.com/2022/10/26/quick-guide-for-small-cybersecurity-teams-looking-to-invest-in-cyber-insurance/

In the world of insurance providers and policies, cyber insurance is a fairly new field. And many security teams are trying to wrap their heads around it. What is it and do they need it? And with what time will they spend researching how to integrate cyber insurance into their strategy? For small security teams, this is particularly challenging as they contend with limited resources. Luckily, there’s a new eBook dedicated to helping small security … More

The post A quick guide for small cybersecurity teams looking to invest in cyber insurance appeared first on Help Net Security.

"

Autosummary: The market varies widely, with policies often determined by insurance providers, but the primary forms of cyber insurance include: Network security systems policies which cover the cost of lawyers, IT forensic services, data restoration, breach notifications and communications, and more when a data breach, malware infection or ransomware incident occurs. Privacy liability policies which cover any costs related to a data breach that exposes personally identifiable information (PII), i.e. lawsuits, compliance violations, reputational risk management, etc. Network business interruption policies that enable a business to cover costs related to data loss or any financial losses incurred by a disruption in services. "


Fill the cybersecurity talent gap with inquisitive job candidates

ciber
2022-10-26 https://www.helpnetsecurity.com/2022/10/26/cybersecurity-job-candidates/

The impact of the Great Resignation and the Great Reshuffle is still strongly felt across many industries, including cybersecurity. There is a talent gap: Companies are struggling to hire enough talent to fulfill their needs and goals. Widen the pool of cybersecurity job candidates According to a McKinsey Global Survey, nearly nine out of 10 executives and managers say their organizations face a skills gap or expect one to develop by 2024. This means the … More

The post Fill the cybersecurity talent gap with inquisitive job candidates appeared first on Help Net Security.

"

Autosummary: It won’t be easy, and training will be necessary, but with the proper supportive environment, a diverse set of skills will help you build a stronger cybersecurity team.When beginning a career in cybersecurity, with or without a degree or previous experience in the field, there are many learning opportunities, but also multiple learning curves. "


IRISSCERT brings eminent cybersecurity experts to its conference in Dublin

ciber
2022-10-26 https://www.helpnetsecurity.com/2022/10/26/irisscert-conference-2022-dublin/

The Irish Reporting and Information Security Service’s (IRISSCERT) Conference on Cybercrime will be on the 10th of November 2022 in the Aviva stadium. This all-day conference will focus on providing attendees with an overview of the current cyber threats facing businesses in Ireland and what they can do to help deal with those threats. With the ransomware attack on the HSE still fresh in many people’s minds and the increasing focus on cybersecurity resulting from … More

The post IRISSCERT brings eminent cybersecurity experts to its conference in Dublin appeared first on Help Net Security.

"

Autosummary: "


This 9-Course Bundle Can Take Your Cybersecurity Skills to the Next Level

ciber
2022-10-26 https://thehackernews.com/2022/10/this-9-course-bundle-can-take-your.html
If you regularly read The Hacker News, there’s a fair chance that you know something about cybersecurity. It’s possible to turn that interest into a six-figure career. But to make the leap, you need to pick up some key skills and professional certifications. Featuring nine in-depth courses, The 2022 Masters in Cyber Security Certification Bundle helps you get ready for the next step. And in a "

Autosummary: Just as importantly, the training provides full prep for CISSP, CISM, CISA, and other important exams. "


InterVision partners with Arctic Wolf to defend organizations against cyberattacks

ciber
2022-10-26 https://www.helpnetsecurity.com/2022/10/27/intervision-arctic-wolf/

InterVision has teamed with Arctic Wolf to help proactively protect organizations against today’s cyberattacks. The Arctic Wolf Security Operations Cloud pairs the power, speed, and scale of a cloud-native platform with world-class security operations expertise that provides organizations with comprehensive coverage across the entire security operations framework. InterVision offers comprehensive cybersecurity protection, backed by SLAs. Ransomware Protection as a Service proactively detects, protects, and defends against cybersecurity crimes. “We are excited to have InterVision as … More

The post InterVision partners with Arctic Wolf to defend organizations against cyberattacks appeared first on Help Net Security.

"

Autosummary: "


Don’t wait for medical device cybersecurity legislation: Act now to save patients’ lives

ciber
2022-10-25 https://www.helpnetsecurity.com/2022/10/25/medical-device-cybersecurity-compliance/

Cyberattacks can cost lives — especially in the healthcare sector. Nearly a quarter of healthcare providers victimized by ransomware reported increased mortality rates following an attack, and 70% experienced longer hospital stays or procedure delays leading to poor patient outcomes. Congress is working to pass cybersecurity legislation, but the process is laborious. Consequently, healthcare systems must act to prevent security breaches and protect patients’ data. More than two-thirds of healthcare providers are victims of cybercrime. … More

The post Don’t wait for medical device cybersecurity legislation: Act now to save patients’ lives appeared first on Help Net Security.

"

Autosummary: The proposal requires the FDA to regularly update cybersecurity guidance, publish public information on improving medical device cybersecurity and resource access, and issue a report identifying challenges in cybersecurity for medical equipment, including legacy devices.The framework consists of five tenets: Identify : Identify a complete inventory of devices and software, cybersecurity policies, legal requirements, and vulnerabilities. : Identify a complete inventory of devices and software, cybersecurity policies, legal requirements, and vulnerabilities. "


To retain cybersecurity professionals, keep remote work as an option

ciber
2022-10-25 https://www.helpnetsecurity.com/2022/10/25/cybersecurity-professionals-shortage-increase/

(ISC)² highlighted a stark increase in the shortage of cybersecurity professionals as it announced the findings of its 2022 (ISC)² Cybersecurity Workforce Study. The study reveals the global cybersecurity workforce is at an all-time high, with an estimated 4.7 million professionals. Despite adding 464,000 more cybersecurity professionals this year, the data revealed that 3.4 million more cybersecurity workers are needed to secure assets effectively. 70% of respondents report their organization does not have enough cybersecurity … More

The post To retain cybersecurity professionals, keep remote work as an option appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity event cancelled after scammers disrupt LinkedIn live chat

financial ciber
2022-10-25 https://www.bitdefender.com/blog/hotforsecurity/cybersecurity-event-cancelled-after-scammers-disrupt-linkedin-live-chat/
It was all going so well. At first. Read more in my article on the Hot for Security blog. "

Autosummary: The AICD eventually cancelled the event, and later made a video of the event available to stream (complete with on-air apology for the "technical difficulties") The organisation issued a statement to the press, advising anyone who entered their credit card details to inform their banks: We strongly advise any participants who may have concerns to contact their financial institution as soon as possible. "


Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards

exploits ciber
2022-10-25 https://thehackernews.com/2022/10/cybercriminals-used-two-pos-malware-to.html
Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant proportion of attacks aimed at "

Autosummary: Most of the stolen cards are said to have been issued by banks in the U.S., Puerto Rico, Peru, Panama, the U.K., Canada, France, Poland, Norway, and Costa Rica. "


GoSecure expands partnership with Check Point to improve clients’ cybersecurity defenses

ciber
2022-10-25 https://www.helpnetsecurity.com/2022/10/26/gosecure-check-point/

GoSecure and Check Point partnership will enable GoSecure to add support for Check Point’s security products, expanding their open ecosystem of MDR/XDR technology partners. The new technology partnership with Check Point reinforces GoSecure’s commitment to optimizing clients’ investments in security solutions through a strategic approach to continuously improving clients’ cybersecurity defenses. By focusing on an open ecosystem of technology partners, GoSecure is creating choices for customers as they manage their cybersecurity solutions today and define … More

The post GoSecure expands partnership with Check Point to improve clients’ cybersecurity defenses appeared first on Help Net Security.

"

Autosummary: "


A cyber threat hunter talks about what he’s learned in his 16+ year cybersecurity career

ciber
2022-10-25 https://www.malwarebytes.com/blog/business/2022/10/an-interview-with-cyber-threat-hunter-hiep-hinh

Categories: Business

Hiep Hinh breaks down his threat hunting career and shares tips and best practices for those looking to become a cyber threat hunter (or who are just interested to listen!).

(Read more...)

The post A cyber threat hunter talks about what he’s learned in his 16+ year cybersecurity career appeared first on Malwarebytes Labs.

"

Autosummary: “You"re gonna get an overwhelming amount of data, and will need to put it into segments, separate it, understand it, and then, potentially find something that stands out.Hiep is an expert user of Endpoint Detection and Response (EDR) platforms and is highly-skilled in incident response, DLP (data loss prevention), data mining, and threat hunting, among other things.It"s easy to go after a bunch of indicators, like lists of hashes, looking for VPN and RDP tools, and looking for a lot of freeware stuff that generally is used during attacks, such as IP scanners.” says Hiep. If worse comes to worse, however, and a cyber threat hunter doesn’t know the network well, Hiep says there are “low-hanging fruit” you can look out for.That includes SOC work, forensics, malware analysis, and more, each of which Hiep feels has over the years given him a leg-up in the world of threat hunting. "


Wholesale giant METRO confirmed to have suffered a cyberattack

ciber
2022-10-23 https://securityaffairs.co/wordpress/137506/hacking/metro-confirmed-cyberattack.html

International cash and carry giant METRO suffered this week IT infrastructure outages following a cyberattack. International cash and carry giant METRO was hit by a cyberattack that caused IT infrastructure outages. Metro employs more than 95,000 people in 681 stores worldwide, most of them in Germany, its sales reached 24.8 billion euros in 2020. The […]

The post Wholesale giant METRO confirmed to have suffered a cyberattack appeared first on Security Affairs.

"

Autosummary: "


Student Freedom Initiative and Cisco partnership supports cybersecurity infrastructure at HBCUs

ciber
2022-10-22 https://www.helpnetsecurity.com/2022/10/23/student-freedom-initiative-cisco/

Student Freedom Initiative and Cisco have expanded their partnership to bolster cybersecurity infrastructure at Historically Black Colleges and Universities (HBCUs) by adding three prominent Certified Minority Business Enterprises (MBEs)—Procellis Technology, Sology Solutions, and IPC Consulting—to the cybersecurity implementation team. This collaboration is a direct actionable response to the Department of Education/Federal Student Aid (FSA) guidance promulgated on December 18, 2020 for colleges and universities to comply with National Institute of Standard and Technology (NIST) 800 … More

The post Student Freedom Initiative and Cisco partnership supports cybersecurity infrastructure at HBCUs appeared first on Help Net Security.

"

Autosummary: “Over the last two years, we’ve made steady progress building scalable systems, processes, governance and technology, and establishing strategic partnerships to increase the resilience of our institutions and the global competitiveness of our students,” said Mark Brown, Executive Director of Student Freedom Initiative. "


A Quick Look at the "Strengthening America"s Cybersecurity" Initiative

ciber
2022-10-21 https://thehackernews.com/2022/10/a-quick-look-at-strengthening-americas.html
Acknowledging that you have a problem is the first step to addressing the problem in a serious way. This seems to be the reasoning for the White House recently announcing its "Strengthening America"s Cybersecurity" initiative. The text of the announcement contains several statements that anyone who"s ever read about cybersecurity will have heard many times over: increasing resilience, greater "

Autosummary: Nonetheless, sharing information about threat actors, methodologies, and novel techniques is undoubtedly in everyone"s best interest and, if set in motion adequately, will enable faster responses to new threats. Also, without adequate international support, the labeling initiative will probably lead to fragmentation, just like GDPR did – as some websites now choose to simply block off all visitors from GDPR-covered regions rather than try to comply with GDPR requirements. "


Wholesale giant METRO hit by IT outage after cyberattack

ciber
2022-10-21 https://www.bleepingcomputer.com/news/security/wholesale-giant-metro-hit-by-it-outage-after-cyberattack/
International wholesale giant METRO is experiencing infrastructure outages and store payment issues following a recent cyberattack. [...] "

Autosummary: METRO store notification regarding IT issues (Günter Born) METRO is an international wholesale company for customers in the HoReCa (hotel, restaurants, and catering) industry, operating in over 30 countries and employing more than 95,000 people worldwide. "


Sophos expands its MDR offering to include compatibility with third-party cybersecurity products

ciber
2022-10-20 https://www.helpnetsecurity.com/2022/10/20/sophos-mdr/

Sophos has launched new third-party security technology compatibilities with Sophos Managed Detection and Response (MDR) to better detect and remediate attacks across diverse customer and operating environments. The service now integrates telemetry from third-party endpoint, firewall, cloud, identity, email, and other security technologies as part of the Sophos Adaptive Cybersecurity Ecosystem. “The complexity of modern operating environments and the velocity of cyberthreats make it increasingly difficult for most organizations to successfully manage detection and response … More

The post Sophos expands its MDR offering to include compatibility with third-party cybersecurity products appeared first on Help Net Security.

"

Autosummary: Sophos MDR is now compatible with security telemetry from vendors such as Microsoft, CrowdStrike, Palo Alto Networks, Fortinet, Check Point, Rapid7, Amazon Web Services (AWS), Google, Okta, Darktrace, and many others. "


Cybercriminals jailed for cryptocurrency theft, death threats

ciber
2022-10-20 https://www.bleepingcomputer.com/news/security/cybercriminals-jailed-for-cryptocurrency-theft-death-threats/
On Wednesday, two Massachusetts men were sentenced to more than two years in prison each for stealing cryptocurrency in SIM swapping attacks and hijacking their victims" social media accounts. [...] "

Autosummary: Death threats, hacking, and cryptocurrency theft According to the court documents, they allegedly stole $200,000 worth of cryptocurrency in one go from an Arizona resident who "publicly communicated with cryptocurrency experts online," while $100,000 were swiped from a victim in California with close ties to someone who "operated a blockchain-based business. "


(ISC)² to aid cybersecurity professional development in emerging economies

ciber
2022-10-20 https://www.helpnetsecurity.com/2022/10/20/cybersecurity-emerging-economies/

(ISC)² has signed a Memorandum of Understanding (MOU) with the Korea Internet & Security Agency (KISA) to strenghten cybersecurity professional development in emerging economies. The collaboration will leverage the expertise of both organizations to nurture the global cybersecurity workforce in South Korea and Global Cybersecurity Collaboration Network (CAMP) member countries. Through the MOU, both organizations will collaborate to: Expand cybersecurity professional education and training Strengthen professional cybersecurity capabilities, and Reinforce the effectiveness of professional education … More

The post (ISC)² to aid cybersecurity professional development in emerging economies appeared first on Help Net Security.

"

Autosummary: "


A Quick Guide for Small Cybersecurity Teams Looking to Invest in Cyber Insurance

ciber
2022-10-19 https://thehackernews.com/2022/10/a-quick-guide-for-small-cybersecurity.html
In the world of insurance providers and policies, cyber insurance is a fairly new field. And many security teams are trying to wrap their heads around it.  What is it and do they need it? And with what time will they spend researching how to integrate cyber insurance into their strategy?  For small security teams, this is particularly challenging as they contend with limited resources. Luckily, "

Autosummary: The market varies widely, with policies often determined by insurance providers, but the primary forms of cyber insurance include: Network security systems policies which cover the cost of lawyers, IT forensic services, data restoration, breach notifications and communications, and more when a data breach, malware infection or ransomware incident occurs. Cyber insurance, also referred to as cyber liability insurance or data breach insurance, can help mitigate the costs of cyber attacks – an expense that is growing at an alarming rate. "


Inspira and Trellix join forces to provide integrated approach to cybersecurity

ciber
2022-10-19 https://www.helpnetsecurity.com/2022/10/20/inspira-trellix/

Inspira and Trellix partnership extends XDR from Trellix with Inspira’s multivendor tools and broad set of services provided to clients through the company’s Integrated Cyber Threat Management approach, adding prediction and protection to the detection and response capabilities that Trellix’s tool provides. Extended Detection and Response (XDR) is new to the market, with various degrees of XDR solution variants; clients are often confused about where to start. Enterprise clients can invest in multiple solutions and … More

The post Inspira and Trellix join forces to provide integrated approach to cybersecurity appeared first on Help Net Security.

"

Autosummary: "


For auto dealerships, cybersecurity is more essential than ever

ciber
2022-10-18 https://www.helpnetsecurity.com/2022/10/18/auto-retailers-cyberattacks/

Cybercriminals are getting craftier as auto retailers continue to fall victim to well-disguised cyberattacks. According to the second annual dealership cybersecurity study by CDK Global, 15% of dealers have experienced a cybersecurity incident in the past year. Of those impacted, 85% of the occurrences were due to sophisticated phishing attempts concealed as legitimate emails that resulted in data breaches, IT-related business interruptions and loss of revenue. “Consumers are continuously shifting to a more mobile environment, … More

The post For auto dealerships, cybersecurity is more essential than ever appeared first on Help Net Security.

"

Autosummary: Dealers plan to update cybersecurity measures to combat top cyberthreats, such as email phishing, ransomware, lack of employee awareness, theft of business data, PC virus or malware, and stolen or weak passwords. "


Cervello collaborates with ST Engineering to provide cybersecurity for rail operational networks

ciber
2022-10-18 https://www.helpnetsecurity.com/2022/10/19/cervello-st-engineering/

Cervello announced a partnership with ST Engineering to incorporate ST Engineering’s cybersecurity services as part of Cervello’s patented rail security solution for rail operators and infrastructure managers. This partnership, which has already proven its value by securing the operations of one of the busiest rail networks in APAC, enhances Cervello’s ability to offer and support its solution globally. “We are pleased to officially announce our already proven strategic cooperation with ST Engineering, a proven technology … More

The post Cervello collaborates with ST Engineering to provide cybersecurity for rail operational networks appeared first on Help Net Security.

"

Autosummary: "


Expel extends its reach in EMEA to address critical cybersecurity needs

ciber
2022-10-18 https://www.helpnetsecurity.com/2022/10/19/expel-emea/

Expel has expanded to support the cybersecurity needs of customers in EMEA, and is now operating in the United Kingdom (UK), Ireland, Sweden and the Netherlands. Expel hired cybersecurity industry veteran Chris Waynforth as the general manager and vice president of international business. Waynforth is responsible for growing Expel’s presence in EMEA, supporting customers, and building relationships with EMEA channel partners. “We’re fortunate that Expel’s reputation has preceded us formally entering the market, as we … More

The post Expel extends its reach in EMEA to address critical cybersecurity needs appeared first on Help Net Security.

"

Autosummary: This unmatched transparency means customers always know what’s happening in their investigations into incidents like business email compromise (BEC), business application compromise (BAC), phishing, ransomware, cryptojacking, and supply chain attacks, to name a few. "


Security stack consolidation helps CISOs lower cybersecurity spending

ciber
2022-10-17 https://www.helpnetsecurity.com/2022/10/17/security-stack-consolidation-video/

In this Help Net Security video, Alfredo Hickman, Head of Information Security at Obsidian Security, discusses the importance of security stack consolidation for organizations looking to reduce security costs while increasing security efficiency and effectiveness.

The post Security stack consolidation helps CISOs lower cybersecurity spending appeared first on Help Net Security.

"

Autosummary: "


AwareGO Employee Cybersecurity Risk Audit identifies weak points associated with human risk

ciber
2022-10-17 https://www.helpnetsecurity.com/2022/10/17/awarego-employee-cybersecurity-risk-audit/

AwareGO launched full Employee Cybersecurity Risk Audit and consultation to help organizations identify critical cybersecurity risks among employees. “Today, around 90% of all successful cybersecurity attacks involve employees enabling the break-in. It is therefore critical for anyone responsible for an organization’s cybersecurity to have a clear picture of what employees know and how they behave in the face of potential threats. Only then is it possible to effectively respond with training or other risk-reducing approaches.” … More

The post AwareGO Employee Cybersecurity Risk Audit identifies weak points associated with human risk appeared first on Help Net Security.

"

Autosummary: "


Economic uncertainty is increasing cybersecurity risks

ciber
2022-10-17 https://www.helpnetsecurity.com/2022/10/17/economic-uncertainty-increasing-cybersecurity-risks/

Cybercriminals are always seeking to make their attacks, scams and campaigns as effective as possible. This includes harnessing whatever is dominating the news agenda and is on their victims’ mind. Economic uncertainty and cybersecurity risks The current economic uncertainty and cost of living pressures that many consumers are facing around the world is one example. The stress, fear and concern the public is feeling is unfortunately a perfect scenario for cybercriminals to take advantage. Case … More

The post Economic uncertainty is increasing cybersecurity risks appeared first on Help Net Security.

"

Autosummary: That’s not even factoring in the broader array of IT assets in place, from cloud services and software, to workstations, personal mobile devices, users and more.Businesses must walk the line carefully between removing the bloat and nice-to-haves, and hamstringing their cybersecurity capability, otherwise leaders could find themselves paying much, much more. "


5 steps to protect your school from cyberattacks

ciber
2022-10-17 https://www.welivesecurity.com/2022/10/17/5-steps-protect-school-cyberattacks/

What can schools, which all too often make easy prey for cybercriminals, do to bolster their defenses and keep threats at bay?

The post 5 steps to protect your school from cyberattacks appeared first on WeLiveSecurity

"

Autosummary: Make sure that, over time, your staff understands the importance of not sharing equipment, of keeping passwords private, and of not publishing pictures that might identify sensitive information – and that they can recognize basic features of phishing email.Have a dedicated IT specialist: To understand whether all the devices you listed are working properly or need to be updated, you need an IT person, or an IT team, depending on the size of your school. For schools that went online, new challenges arose over privacy concerns, data leaks, and hacks. "


Smart buildings may be your cybersecurity downfall

ciber
2022-10-14 https://www.helpnetsecurity.com/2022/10/14/smart-buildings-cybersecurity/

According to a recent eEnergy report, 30 per cent of all purchased energy in the UK is currently wasted in commercial buildings, warehouses and education facilities. Whilst that’s quite a shocking number, it is, unfortunately, no surprise, as the majority of existing buildings in UK cities were constructed without energy efficiency as a key priority. Many UK organizations have started taking decarbonisation goals much more seriously, but there is still a long way to go, … More

The post Smart buildings may be your cybersecurity downfall appeared first on Help Net Security.

"

Autosummary: The adoption of security solutions that integrate IT, OT, and IoT is essential for gaining a complete view of environments within building automation systems, as they provide continuous monitoring and guard against vulnerabilities, threats, and anomalies within the automation environment. "


BAE Systems Viper MLV II reduces F-16 aircraft vulnerability to cyberattacks

exploits ciber
2022-10-14 https://www.helpnetsecurity.com/2022/10/14/bae-systems-viper-mlv-ii/

BAE Systems has released the Viper Memory Loader Verifier II (MLV II), a new version of a maintenance capability that will reduce vulnerability to cyberattacks for F-16 aircraft. “Our first generation Viper MLV has 20 years of proven reliability and durability in challenging flight line environments,” said Carl Huncharek, F-16 product line director for BAE Systems. “This new version of the product will include cyber-hardened aircraft mission capabilities, with an open system architecture that reduces … More

The post BAE Systems Viper MLV II reduces F-16 aircraft vulnerability to cyberattacks appeared first on Help Net Security.

"

Autosummary: "


Cybersecurity pros opine on the future of security

ciber
2022-10-14 https://www.helpnetsecurity.com/2022/10/14/future-of-security-video/

Trellix released global research revealing the cost of siloed security, weak spots in protection, and lack of confidence amongst security operations teams. This Help Net Security video uncovers how unsustainable the situation is for cybersecurity professionals today.

The post Cybersecurity pros opine on the future of security appeared first on Help Net Security.

"

Autosummary: "


How To Build a Career as a Freelance Cybersecurity Analyst — From Scratch

ciber
2022-10-14 https://thehackernews.com/2022/10/how-to-build-career-as-freelance.html
With each passing year, the cybersecurity threat landscape continues to worsen. That reality makes cybersecurity analysts some of the most sought-after technology professionals in the world. And there are nowhere near enough of them to meet the demand. At last count, there were over 3.5 million unfilled cybersecurity jobs worldwide — and that number is still growing. The situation means that "

Autosummary: Your goal is to emerge from these programs with a working knowledge of the following concepts: Networking architecture and design Networking, routing and switching hardware and systems Firewalls and packet sniffing systems Threat detection and analysis methods Common network and software vulnerability types Earn One or More Cybersecurity Certifications The next thing you"ll need to do is to earn one or more cybersecurity certifications to demonstrate your abilities to would-be employers. Prepare Your Freelance Business Once you"ve got enough experience and have a solid resume of small freelance cybersecurity jobs under your belt, you"ll be ready to turn your hard work into a standalone freelance business. The Takeaway The simple fact is, the sheer volume of open cybersecurity jobs — and the countless more that will appear in the next few years — make your odds of success as a freelance cybersecurity analyst quite high.Since you"ll be marketing your skills and reputation as a cybersecurity analyst, the site doesn"t need to be anything more than a professional-looking portal with your business name, basic information, and contact details. "


Fear of cybercriminals drives cybersecurity improvements

ciber
2022-10-13 https://www.helpnetsecurity.com/2022/10/13/improving-cybersecurity-defenses-video/

Fortifying cybersecurity defenses remains a work in progress for many organizations, who acknowledge their shortcomings but have yet to commit the necessary resources to the effort, according to new research from CompTIA. This Help Net Security video uncovers how cybersecurity is becoming more tightly integrated with business objectives.

The post Fear of cybercriminals drives cybersecurity improvements appeared first on Help Net Security.

"

Autosummary: "


For most companies ransomware is the scariest of all cyberattacks

exploits ransomware ciber
2022-10-12 https://www.helpnetsecurity.com/2022/10/12/customers-concerned-ransomware/

SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused on financially motivated attacks like ransomware. “No one is safe from cyberattacks — businesses or individuals,” said SonicWall Executive Chairman of the Board Bill Conner. “Today’s business landscape requires persistent digital trust to exist. Supply-chain attacks have dramatically changed the attack surface of the typical enterprise in the … More

The post For most companies ransomware is the scariest of all cyberattacks appeared first on Help Net Security.

"

Autosummary: Additional findings: Rising concerns about escalating cyberattacks : There is growing concern regarding cyberattacks amongst 66% of organizations surveyed; ransomware leads the distress as 91% of all customers cited it as their biggest concern. "


How to improve employees’ cybersecurity behavior

ciber
2022-10-12 https://www.helpnetsecurity.com/2022/10/12/organizations-cybersecurity-behaviors-video/

We already have cybersecurity behaviors we learned from elsewhere, especially those who have grown up with technology. Initially, cybersecurity starts from home and school, and it is very hard nowadays to exist without some sort of online presence. When it comes to cybersecurity within organizations, employees tend to prioritize and focus on productivity rather than security. It is important to act on cybersecurity vulnerabilities within the IT system, but organizations should also strengthen the defenses … More

The post How to improve employees’ cybersecurity behavior appeared first on Help Net Security.

"

Autosummary: "


Are your cybersecurity investments making you less resilient?

ciber
2022-10-12 https://www.helpnetsecurity.com/2022/10/12/being-cyber-resilient/

In the past decade, digital transformation has become a buzzword in nearly every industry. Organizations have scaled down workforces in favor of automation, moved their servers and networks off-premises, and transferred their data to the cloud, but mostly kept to their old ways when thinking about cybersecurity. But things are finally changing, and the idea of cyber resilience is taking hold as an extension (or enhancement) of traditional business continuity (BC) and disaster recovery (DR) … More

The post Are your cybersecurity investments making you less resilient? appeared first on Help Net Security.

"

Autosummary: You’ve spent years securing your use of, and access to, SaaS providers with things like SSO, MFA, only allowing access from allowed IPs, etc.But even so, in the case of big companies, rebuilding machines, infrastructure, customer environments, and more takes time and money.When everything is running smoothly, of course, everything seems “critical” to the business, but when faced with a major security event that requires rebuilding, you simply can’t get everything back at the same time. "


Cybercriminals are having it easy with phishing-as-a-service

financial ciber
2022-10-11 https://www.helpnetsecurity.com/2022/10/11/paas-risks/

In this interview for Help Net Security, Immanuel Chavoya, Threat Detection Expert at SonicWall, talks about phishing-as-a-service (PaaS), the risks it can pose to organization, and what to do to tackle this threat. Phishing-as-a-service has become a growing threat to organizations. How exactly does this trend work? Phishing attacks have only grown with the rise of SaaS in the workplace, and even the most security-savvy worker can be duped into a phishing attack. Phishing-as-a-service is … More

The post Cybercriminals are having it easy with phishing-as-a-service appeared first on Help Net Security.

"

Autosummary: In this interview for Help Net Security, Immanuel Chavoya, Threat Detection Expert at SonicWall, talks about phishing-as-a-service (PaaS), the risks it can pose to organization, and what to do to tackle this threat. Instead of threat actors being required to have technical knowledge of building or taking over infrastructure to host a phishing kit (login page emulating known login interfaces like Facebook/Amazon/Netflix/OWA), the barrier to entry is significantly lowered with the introduction of PaaS. Last year, a large-scale SaaS campaign, marketed by criminals as BulletProofLink was exposed by Microsoft, finding more than 300,000 newly created and unique subdomains. "


DeepFakes Are The Cybercriminal Economy’s Latest Business Line

ciber
2022-10-11 https://securityaffairs.co/wordpress/136927/cyber-crime/deepfakes-services-cybercrime.html

California-based Resecurity has identified a new spike of underground services enabling bad actors to generate deepfakes. According to cybersecurity experts, this may be used for political propaganda, foreign influence activity, disinformation, scams, and fraud.  Introduced by Canadian researchers to the public in 2014, Generative Adversarial Networks (GANs), typically imitate people’s faces, speech, and unique facial […]

The post DeepFakes Are The Cybercriminal Economy’s Latest Business Line appeared first on Security Affairs.

"

Autosummary: "


Lack of transparency, systemic risks weaken national cybersecurity preparedness

ciber
2022-10-10 https://www.helpnetsecurity.com/2022/10/10/national-cybersecurity-preparedness/

What is critical infrastructure? If you ask 5 different people, you may receive 5 different answers. The term critical infrastructure has lost much of its meaning as a differentiator of private entities and currently defines sectors from energy to commercial facilities. Bob Kolasky, SVP for Critical Infrastructure at Exiger, previously served as Assistant Director for Cybersecurity and Infrastructure Security Agency (CISA), and in this Help Net Security interview talks about protecting critical infrastructure, the importance … More

The post Lack of transparency, systemic risks weaken national cybersecurity preparedness appeared first on Help Net Security.

"

Autosummary: Bob Kolasky, SVP for Critical Infrastructure at Exiger, previously served as Assistant Director for Cybersecurity and Infrastructure Security Agency (CISA), and in this Help Net Security interview talks about protecting critical infrastructure, the importance of information-sharing, national cybersecurity preparedness, and more. The United States defines critical infrastructure as the “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” "


Week in review: 7 cybersecurity audiobooks to read, Patch Tuesday forecast

ciber
2022-10-09 https://www.helpnetsecurity.com/2022/10/09/week-in-review-7-cybersecurity-audiobooks-to-read-patch-tuesday-forecast/

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: MS Exchange zero-days: The calm before the storm? CVE-2022-41040 and CVE-2022-41082, the two exploited MS Exchange zero-days that still have no official fix, have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog. October 2022 Patch Tuesday forecast: Looking for treats, not more tricks We’ve entered the final quarter of 2022 with a favorite holiday for many – Halloween, at … More

The post Week in review: 7 cybersecurity audiobooks to read, Patch Tuesday forecast appeared first on Help Net Security.

"

Autosummary: Infosec products of the month: September 2022 Here’s a look at the most interesting products from the past month, featuring releases from: 42Crunch, Avetta, Cloudflare, Code42, Commvault, D3 Security, Illumio, Kingston Digital, Malwarebytes, Netography, novoShield, Onfido, Socure, TransUnion, and Truecaller. New infosec products of the week: October 7, 2022 Here’s a look at the most interesting products from the past week, featuring releases from HashiCorp, Legit Security, LiveAction, LogRhythm, Pentest People, and Verica. APIs are quickly becoming the most popular attack vector In this Help Net Security video, Shay Levi, CTO at Noname Security, discusses the findings from a recent API security report, which reveals a growing number of API security incidents, a concerning lack of API visibility, and a level of misplaced confidence in existing controls. "


ADATA denies RansomHouse cyberattack, says leaked data from 2021 breach

ciber
2022-10-08 https://www.bleepingcomputer.com/news/security/adata-denies-ransomhouse-cyberattack-says-leaked-data-from-2021-breach/
Taiwanese chip maker ADATA denies claims of a RansomHouse cyberattack after the threat actors began posting the company"s stolen files on their data leak site. [...] "

Autosummary: " Comparing the timestamps on the data shared by RansomHouse with the data leaked by Ragnar Locker in June 2021, both sets of stolen data have similar timestamps, with no file being newer than May 2021. "


What $1B in cybersecurity funding can mean for US state, local governments

government ciber
2022-10-07 https://www.helpnetsecurity.com/2022/10/07/us-state-local-governments-spend-cybersecurity-budget/

How do you best spend a cybersecurity budget you have long been hoping you’d get? That’s the question state, local, and territorial (SLT) governments are starting to ask themselves in the wake of a major September announcement from the Department of Homeland Security. DHS will be doling out $1 billion in funding over the next four years as part of a first-of-its-kind cybersecurity grant program specifically aimed at SLT governments. The Cybersecurity and Infrastructure Security … More

The post What $1B in cybersecurity funding can mean for US state, local governments appeared first on Help Net Security.

"

Autosummary: The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Emergency Management Agency (FEMA) are jointly managing the grants, and CISA has laid out the overarching goals for the funding: Implement cyber governance and planning Assess and evaluate systems and capabilities Mitigate prioritized issues, and Build a cybersecurity workforce While the designated State Administrative Agency (SAA) for each state and territory is the only entity eligible to apply for funding (this fact sheet does a great job of summarizing what you need to know), the legislation requires states to distribute at least 80% of funds to local governments, with a minimum of 25% of the allocated funds distributed to rural areas.After decades of experience in IT security, networking, and compliance (I helped found the Symantec State Local and Education division), I’d say start here: Identify what is aging and vulnerable Know your gaps and design a road map around them Your list of potential projects is probably going to be a long one, so prioritization is key Sometimes understanding the company you find yourself in can help. "


The essentials of GRC and cybersecurity — How they empower each other

ciber
2022-10-07 https://thehackernews.com/2022/10/the-essentials-of-grc-and-cybersecurity.html
Understanding the connection between GRC and cybersecurity When talking about cybersecurity, Governance, Risk, and Compliance (GRC) is often considered the least exciting part of business protection. However, its importance can"t be ignored, and this is why.  While cybersecurity focuses on the technical side of protecting systems, networks, devices, and data, GRC is the tool that will help the "

Autosummary: With an integrated approach, organizations will: Increase efficiencies Enhance security posture Tell better security stories Improve visibility across the board Increase support from leadership Avoid compliance/regulatory fines IT and security teams set the tone for the entire company Hand in hand toward a lower-risk future Empowering cybersecurity through GRC – methodology The OCEG has developed this Capability Model (Red Book) as an open-source methodology that merges the sub-disciplines of governance, risk, audit, compliance, ethics/culture, and IT into a unified approach. In summary: A well-planned GRC program enables organizations to: Collect and maintain high-quality information Improve decision making Promote collaboration Increase accountability Build a strong culture Increase efficiency and agility Provide visibility Reduces costs by supporting suitable investments Increase integration Protect the company"s value and reputation GRC and Cybersecurity: Why do companies need an integrated approach?Also, organizations might use this GRC Capability Model with more specific functional frameworks, such as: ISO, COSO, ISACA, IIA, NIST, and others. As a process, it would look like this: Learning business plans and goals Understanding strategic objectives Being aware of the current and future compliance activities Connecting with the key stakeholders 2. Understanding the principles of GRC Governance, Risk, and Compliance (GRC) is a business strategy for managing a company"s overall governance, enterprise risk management, and regulatory compliance. "


Pradeo acquires Yagaan, strengthens its cybersecurity services unification strategy

ciber
2022-10-06 https://www.helpnetsecurity.com/2022/10/06/pradeo-acquires-yagaan/

Pradeo, a global leader in mobile fleet and application security enters into exclusive negotiations for the acquisition of Yagaan, an application security software company based in France. Thus, the mobile security leader is strengthening his path towards unifying cybersecurity services by providing comprehensive expertise and solutions in the fast-growing mobile security market. In 2021, the global mobile security market was valued at $3.96 billion and the global application security market was valued at $6.95 billion, … More

The post Pradeo acquires Yagaan, strengthens its cybersecurity services unification strategy appeared first on Help Net Security.

"

Autosummary: Pradeo’s objective is to become the sole contact for CISOs, application developers, auditors, device manufacturers and other cybersecurity stakeholders for all issues related to the protection of mobile applications and associated web services, as well as smartphones and tablets. "


Fine-tuning Germany’s cybersecurity strategy

ciber
2022-10-06 https://www.helpnetsecurity.com/2022/10/06/germany-cybersecurity-strategy/

Recently, Eileen Walther, Northwave’s Country Manager for Germany and specialized in information security, was elected the new Vice President of the Cyber Security Council Germany (Cyber-Sicherheitsrat Deutschland). Before joining Northwave, she was head of the Dutch High Tech Crime Team and strategic advisor at the German Federal Criminal Police Office (BKA – Bundeskriminalambt). The Cyber Security Council Germany was founded in August 2012. The Berlin-based association is politically neutral and advises companies, authorities and political … More

The post Fine-tuning Germany’s cybersecurity strategy appeared first on Help Net Security.

"

Autosummary: Moreover, on a national level, I believe that Germany should keep on joining forces with other EU member states that are leading in cybersecurity, such as the Netherlands, and dare to establish itself as an international pioneer. In this interview with Help Net Security, Walther talks about Germany’s cybersecurity future, working on information security strategy, and more.Recently, Eileen Walther, Northwave’s Country Manager for Germany and specialized in information security, was elected the new Vice President of the Cyber Security Council Germany (Cyber-Sicherheitsrat Deutschland). "


Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals

exploits ciber
2022-10-06 https://thehackernews.com/2022/10/eternity-group-hackers-offering-new.html
The threat actor behind the malware-as-a-service (MaaS) called Eternity has been linked to new piece of malware called LilithBot. "It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," Zscaler ThreatLabz researchers Shatak Jain and Aditya Sharma said in a Wednesday report. "The group has been continuously enhancing the malware, adding "

Autosummary: "


The need to change cybersecurity for the next generation

ciber
2022-10-06 https://www.welivesecurity.com/2022/10/06/need-change-cybersecurity-next-generation/

Healthy habits that are instilled and nurtured at an early age bring lifelong benefits – the same applies to good cybersecurity habits

The post The need to change cybersecurity for the next generation appeared first on WeLiveSecurity

"

Autosummary: Whether the issue is trolling, cyberbullying, fraud, identity theft, grooming, credential theft, or one of the many other variants of cyberthreats, there are likely to be consequences – mental health consequences that are hidden from visual identification.Healthy habits that are instilled and nurtured at an early age bring lifelong benefits – the same applies to good cybersecurity habits It’s October, it’s Cybersecurity Awareness Month (CSAM), and with it the annual deluge of articles about phishing, passwords, protecting personal data and such like that will be hitting your inboxes very soon (if they have not already landed). "


Oort raises $15 million to defend enterprises against identity-based cyberattacks

ciber
2022-10-06 https://www.helpnetsecurity.com/2022/10/07/oort-funding/

Oort announced the completion of a $15 million funding round, including both Seed and Series A investments. Oort will use the funds to grow and further accelerate its go-to-market (GTM) strategy. The funding round was co-led by .406 Ventures, a Boston-based early-stage venture capital firm specializing in cybersecurity, as well as Energy Impact Partners (EIP), a New York-based global investment platform, and included Cisco Investments. They join existing investors including 645 Ventures, Bain Capital Ventures … More

The post Oort raises $15 million to defend enterprises against identity-based cyberattacks appeared first on Help Net Security.

"

Autosummary: The funding round was co-led by .406 Ventures, a Boston-based early-stage venture capital firm specializing in cybersecurity, as well as Energy Impact Partners (EIP), a New York-based global investment platform, and included Cisco Investments. “With the increasing cyber risks to enterprises today, we know that an identity-first solution is critical to every security strategy,” said Shawn Cherian, partner, EIP. "


7 cybersecurity audiobooks you should listen to this year

ciber
2022-10-05 https://www.helpnetsecurity.com/2022/10/05/7-cybersecurity-audiobooks/

Audiobooks have gained enormous popularity among book lovers for a variety of factors, including their convenience, which enables listeners to learn while running errands or traveling. Here’s a list of cybersecurity audiobooks that are worthy of your time. Cybersecurity: The Insights You Need from Harvard Business Review Author: Harvard Business Review This book brings you today’s most essential thinking on cybersecurity, from outlining the challenges to exploring the solutions, and provides you with the critical … More

The post 7 cybersecurity audiobooks you should listen to this year appeared first on Help Net Security.

"

Autosummary: They’ll also find: Concrete strategies for aligning your security practices with the business Common myths and pitfalls when implementing Zero Trust and how to implement it in a cloud environment Strategies for preventing breaches that encourage efficiency and cost reduction in your company’s security practices Project Zero Trust is an ideal resource for aspiring technology professionals, as well as experienced IT leaders, network engineers, system admins, and project managers who are interested in or expected to implement zero-trust initiatives.From understanding the need, to core risk management principles, to threats, tools, roles, and responsibilities, this book walks the listener through each step of developing and implementing a cybersecurity program. "


FBI: Cyberattacks targeting election systems unlikely to affect results

ciber
2022-10-05 https://www.bleepingcomputer.com/news/security/fbi-cyberattacks-targeting-election-systems-unlikely-to-affect-results/
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) in a public service announcement says that cyber activity attempting to compromise election infrastructure is unlikely to cause a massive disruption or prevent voting. [...] "

Autosummary: As for what people can do to protect themselves from potential attempts of election-related fraud, the FBI has issued the following recommendations: Use official state and local government portals to source information about voter registration, polling locations, voting by mail, provisional ballot process, and final election results. "


Critical Insight releases Cybersecurity-as-a-Service to protect organizations from threats

ciber
2022-10-04 https://www.helpnetsecurity.com/2022/10/04/critical-insight-cybersecurity-as-a-service/

Critical Insight has released an end-to-end offering that will evolve the security programs of healthcare, public sector, and SMB organizations. For IT Teams constrained in their ability to handle the ever-changing complexities of cybersecurity, Critical Insight is putting all of its services under one delivery model: Cybersecurity-as-a-Service. Cybersecurity-as-a-Service integrates Critical Insight’s software, professional and technology services into a unified solution that allows customers to prepare for an attack with risk assessments, technical testing and training; … More

The post Critical Insight releases Cybersecurity-as-a-Service to protect organizations from threats appeared first on Help Net Security.

"

Autosummary: "


What should investing in cybersecurity look like for a technology organization?

ciber
2022-10-04 https://www.helpnetsecurity.com/2022/10/04/investing-in-cybersecurity-technology-organization-video/

To withstand cyberattacks, businesses must continually update internal systems and avoid hasty tech upgrades that might open the door to attackers. In this Help Net Security video, Phillip Verheyden, Security Engineer at Shipwell, discusses the challenges technology organizations face when investing in cybersecurity and offers tips for CISOs, from securing development to dealing with phishing attacks.

The post What should investing in cybersecurity look like for a technology organization? appeared first on Help Net Security.

"

Autosummary: "


Back to Basics: Cybersecurity"s Weakest Link

industry ciber
2022-10-04 https://thehackernews.com/2022/10/back-to-basics-cybersecuritys-weakest.html
A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you"re often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go.  It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do. But is it a silver "

Autosummary: All it took was a simple social engineering message – something like, "Hey Bob, I"m from the IT team, and we need to check something on your PC, so I"m sending you a tool for you to run. And it"s not just users that need educating – you should reinforce these practices in your security team too, by covering patching, permissions, and overall security positioning. "


ADVA launches network security company to protect mission-critical cloud traffic from cyberattacks

ciber
2022-10-04 https://www.helpnetsecurity.com/2022/10/05/adva-network-security/

ADVA has launched Adva Network Security, a specialist security company committed to protecting mission-critical communication networks from cyberattacks. The new separate company will complement ADVA’s networking technology portfolio with proven and approved security controls to protect mission-critical connectivity applications. It will develop, produce and integrate encryption technology able to withstand increasingly sophisticated threats. With its own IT infrastructure and secure data center facilities in Germany, Adva Network Security will collaborate with national security organizations to … More

The post ADVA launches network security company to protect mission-critical cloud traffic from cyberattacks appeared first on Help Net Security.

"

Autosummary: What’s more, the company offers high-bandwidth quantum-safe transport, enabling customers to apply future-proof security solutions to their infrastructure and guaranteeing that valuable information cannot be seized and stored today, ready to be deciphered when large-scale quantum computers become readily accessible. "


ESET unveils new cloud and XDR solutions to improve cybersecurity for MSPs

ciber
2022-10-03 https://www.helpnetsecurity.com/2022/10/03/eset-protect-platform/

ESET launches a new cloud and XDR solutions for Managed Service Providers (MSPs). By expanding the ESET PROTECT Platform to include ESET Inspect and ESET Inspect Cloud, MSPs and their business customers will now have access to dedicated XDR security solutions – available on prem or via the cloud. ESET also launched an all new ESET Direct Endpoint Management plugin for Kaseya VSA, as well as Native ARM Support for macOS. “With this launch, our … More

The post ESET unveils new cloud and XDR solutions to improve cybersecurity for MSPs appeared first on Help Net Security.

"

Autosummary: This launch includes: ESET Inspect Cloud for MSP: Previously released for the enterprise market, ESET Inspect Cloud is a cloud-based tool that enables MSPs to evolve the ESET PROTECT Platform into an XDR solution for enterprise-grade security and risk management capabilities, including advanced threat hunting, incident response, full network visibility, cloud-based threat defense, and more. “When businesses need hardened, next-generation cybersecurity solutions, ESET’s approach to multilayered security plus real time intelligence sets us apart,” said Grant. “We have hundreds of experts and researchers in 13 R&D centers around the world who are analyzing never-before-seen threats, tracking sophisticated APT group activity and creating resources for our partner community that keep them up to date on the latest cybersecurity concerns. "


How to start and grow a cybersecurity consultancy

ciber
2022-10-03 https://www.helpnetsecurity.com/2022/10/03/praveen-singh-cybersecurity-consultancy/

A cybersecurity industry veteran, Praveen Singh is the co-founder and Chief Information Security Advisor at CyberPWN Technologies, a digital defense consulting firm. In this interview with Help Net Security, he offers insight for anyone interested in building their own cybersecurity consultancy. You have experience across a variety of cybersecurity roles. What motivated you to co-found a company? Building or co-founding a company requires a leap into the unknown, but also significant amounts of fortitude, dedication, … More

The post How to start and grow a cybersecurity consultancy appeared first on Help Net Security.

"

Autosummary: I also had to educate myself in critical areas such as finance, marketing, and sales by reading business advice websites, attending events, joining business groups, and seeking mentors. We have a vendor-agnostic approach, and we always provide a fair scorecard, which pivots around their critical business requirements, regulatory needs, and risk mitigation strategies.With our extensive experience in the field of cybersecurity and consultative approach, we partner with global clients, start-ups, and Fortune 500 companies, aiding them in their cyber transformation journey and helping them achieve strategic business objectives. Building or co-founding a company requires a leap into the unknown, but also significant amounts of fortitude, dedication, drive, and passion.Many factors influence what the outcome will be and when the ultimate goal will be achieved – the type of business, the industry you operate in, the size of the company, investment capital, etc. "


LMG Security expands its cybersecurity solutions and services

ciber
2022-10-01 https://www.helpnetsecurity.com/2022/10/01/lmg-security-cybersecurity-solutions/

LMG Security has expanded its selection of cybersecurity advisory, testing, and training services with a new line of cybersecurity solutions. These solutions are designed to reduce the burden organizations face from implementing or managing cybersecurity technology, as well as create fast, easy access to skilled cybersecurity staff to augment internal teams. LMG Security offers the following new solutions and services: Virtual CISO and staff augmentation: Organizations struggle to find and retain cybersecurity talent. LMG Security … More

The post LMG Security expands its cybersecurity solutions and services appeared first on Help Net Security.

"

Autosummary: Endpoint detection and response implementation: LMG Security implements and seamlessly integrates an endpoint detection and response solution that helps organizations defend against zero-day attacks, supply chain vulnerabilities, and other common cybersecurity threats. "


Top issues driving cybersecurity: Growing number of cybercriminals, variety of attacks

ciber
2022-09-30 https://www.helpnetsecurity.com/2022/09/30/top-issues-driving-cybersecurity/

Fortifying cybersecurity defenses remains a work in progress for many organizations, who acknowledge their shortcomings but have yet to commit the necessary resources to the effort, according to new research from CompTIA. While a majority of respondents in each of seven geographic regions feels that their company’s cybersecurity is satisfactory, CompTIA’s “State of Cybersecurity” shows that a much smaller number rank the situation as “completely satisfactory.” Nearly everyone feels that there is room for improvement. … More

The post Top issues driving cybersecurity: Growing number of cybercriminals, variety of attacks appeared first on Help Net Security.

"

Autosummary: Among other changes in organizations’ approach to cybersecurity: 43% of companies have placed a higher priority on incident response 39% are deploying a more diverse set of technology tools, with SaaS monitoring and management tools making a substantial jump in adoption 38% are increasing their focus on process improvements 37% are shifting to more proactive measures 36% are expanding employee education. "


Are you inundated by a never-ending stream of cyberattacks?

ciber
2022-09-30 https://www.helpnetsecurity.com/2022/09/30/inundated-never-ending-stream-cyberattacks/

Trellix released global research revealing the cost of siloed security, weak spots in protection, and lack of confidence amongst security operations teams. The study of 9,000 global cybersecurity professionals also looks to the future of security and the technology poised to revolutionize security operations. 89% of respondents describe their current security model as “siloed.” Consequentially, 73% are likely allocating budget to advanced solutions, including XDR, to enable an integrated security approach. “This research reveals how … More

The post Are you inundated by a never-ending stream of cyberattacks? appeared first on Help Net Security.

"

Autosummary: Additional technologies very likely to be implemented are Network Detection and Response (NDR) (39%), Endpoint Detection and Response (EDR) (38%) and breach attack simulations (37%). "


Local government cybersecurity: 5 best practices

government ciber
2022-09-29 https://www.malwarebytes.com/blog/business/2022/09/local-government-cybersecurity-5-best-practices

Categories: Business

With a few best practices, local governments can improve their cybersecurity posture and make it less likely that threat actors attack their systems. We’ll break down five best practices for local government cybersecurity in this post.

(Read more...)

The post Local government cybersecurity: 5 best practices appeared first on Malwarebytes Labs.

"

Autosummary: In particular, local governments looking to be eligible for the State and Local Cybersecurity Grant Program must include these best practices in their cybersecurity plan: In addition, only 23% of local governments have adopted the .gov domain, meaning a majority of local governments are missing out on one of the simplest ways to strengthen their cybersecurity posture. Know who you’re going to contact: Maintain an up-to-date list of internal and external stakeholders to contact in the event of an attack, which may include senior management, PR, your legal team, insurance providers, vendors, and law enforcement.NIST recommends that organizations follow these steps to accelerate their recovery, among others: Develop an incident recovery plan: Establish a plan that has a Cyber Incident Response Team (CIRT) with clearly identified roles, responsibilities, and contacts ahead of time, then regularly exercise that plan.Some of functions commonly outsourced are: “By working with a trusted partner or service provider, local governments can fast track to get their security stack up to par,” said David Pier, Team Lead, Corporate Solutions Engineering at Malwarebytes. "


A personal perspective on investing in cybersecurity

ciber
2022-09-28 https://www.helpnetsecurity.com/2022/09/28/personal-perspective-investing-cybersecurity-video/

Cyber threats worldwide continue to escalate and drive continued innovation and investment in cybersecurity. Cyber budgets remain high, and how the cyber market continues to outpace other IT sectors. In this Help Net Security video, Nick Kingsbury, Partner at Amadeus Capital Partners, offers a unique perspective on investing in cybersecurity. Amadeus Capital Partners is a global technology investor. Since 1997, the firm has backed over 180 companies and raised over $1 billion for investment.

The post A personal perspective on investing in cybersecurity appeared first on Help Net Security.

"

Autosummary: "


4 times students compromised school cybersecurity

ciber
2022-09-28 https://www.malwarebytes.com/blog/news/2022/09/when-students-hack-their-schools

Categories: News

Tags: School

Tags: password

Tags: sticky note

Tags: lax security

Tags:

Sometimes we hear stories about brilliant students that hack their school and get celebrated, but it doesn"t always end well.

(Read more...)

The post 4 times students compromised school cybersecurity appeared first on Malwarebytes Labs.

"

Autosummary: 3. 12-year-olds pwn their school district The hack started small, in seventh grade, when the students bypassed their middle school’s internet filters to watch YouTube during lunch.Guilty until proven innocent A Canadian student at Tufts University veterinarian school was expelled for an elaborate months-long scheme involving stealing and using university logins to break into the student records system, view answers, and alter her own and other students’ grades. "


Elevate Security partners with Booz Allen Hamilton to combat advanced cybersecurity attack

ciber
2022-09-28 https://www.helpnetsecurity.com/2022/09/29/elevate-security-booz-allen-hamilton/

Elevate Security and Booz Allen Hamilton announced a strategic partnership that aligns Booz Allen’s cybersecurity consulting services with Elevate’s human cyber risk quantification and mitigation software to address the human element of cybersecurity risk. Booz Allen’s Commercial team will leverage Elevate’s vast cyber risk intelligence capabilities to deliver rapid risk assessments and provide deep visibility to organization-wide internal cyber risk. Additionally, Elevate will power the Booz Allen Commercial team’s Dynamic Cyber Trust solution, which adapts … More

The post Elevate Security partners with Booz Allen Hamilton to combat advanced cybersecurity attack appeared first on Help Net Security.

"

Autosummary: “Our Dynamic Cyber Trust solution leverages the Elevate Security platform to create a uniquely scalable approach that holistically targets one of cybersecurity’s root causes of failure – people,” said Andrew Turner, executive vice president, chief technology officer, and market strategy lead for Booz Allen’s global Commercial business. "


Cybrary and Carahsoft join forces to provide cybersecurity training for government customers

government ciber
2022-09-28 https://www.helpnetsecurity.com/2022/09/29/cybrary-carahsoft/

Cybrary announced a partnership with Carahsoft Technology Corp to provide cybersecurity skill development to government agencies and customers. Under the agreement, Carahsoft will serve as Cybrary’s Public Sector distributor, making the company’s cybersecurity training and skills development platform available to the Public Sector through Carahsoft’s reseller partners, NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2), OMNIA Partners, National Association of State Procurement Officials (NASPO), ValuePoint, and National Cooperative … More

The post Cybrary and Carahsoft join forces to provide cybersecurity training for government customers appeared first on Help Net Security.

"

Autosummary: "


Why zero trust should be the foundation of your cybersecurity ecosystem

ciber
2022-09-27 https://www.helpnetsecurity.com/2022/09/27/why-zero-trust-should-be-the-foundation-of-your-cybersecurity-ecosystem/

For cybersecurity professionals, it is a huge challenge to separate the “good guys” from the “villains”. In the past, most cyberattacks could simply be traced to external cybercriminals, cyberterrorists, or rogue nation-states. But not anymore. Threats from within organizations – also known as “insider threats” – are increasing and cybersecurity practitioners are feeling the pain. Traditional perimeter defenses are not designed to prevent these attacks. They also struggle to keep external attackers out. Clever hackers … More

The post Why zero trust should be the foundation of your cybersecurity ecosystem appeared first on Help Net Security.

"

Autosummary: The guide explains how your organization can design a zero trust implementation strategy, select an appropriate methodology, assemble the right tools, and execute the implementation plan for successful zero trust adoption. The growth of zero trust Recently, zero trust has developed a large following due to a surge in insider attacks and an increase in remote work – both of which challenge the effectiveness of traditional perimeter-based security approaches. New eBook helps you implement zero trust The Cynet zero trust eBook walks through the core concepts and principles of zero trust. "


Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructures

ciber
2022-09-27 https://thehackernews.com/2022/09/ukraine-says-russia-planning-massive.html
The Ukrainian government on Monday warned of "massive cyberattacks" by Russia targeting critical infrastructure facilities located in the country and that of its allies. The attacks are said to be targeting the energy sector, the Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GUR) said. "By the cyberattacks, the enemy will try to increase the effect of missile strikes on "

Autosummary: "


Fortress Information Security collaborates with ONG-ISAC to improve supply chain cybersecurity

ciber
2022-09-27 https://www.helpnetsecurity.com/2022/09/28/fortress-information-security-ong-isac/

Fortress Information Security and the Oil and Natural Gas Information Sharing Analysis Center (ONG-ISAC) announced an industry-wide initiative focused on securing hardware and software components and supply chains. The software and hardware used by oil and natural gas systems are critical to the industry’s reliable and safe operation. In addition, the supply chains for these products are at increased risk of compromise. Fortress will enable ONG-ISAC members to manage these risks securely and cost-effectively. For … More

The post Fortress Information Security collaborates with ONG-ISAC to improve supply chain cybersecurity appeared first on Help Net Security.

"

Autosummary: “As an industry, we must face today’s cybersecurity challenges as a united front,” said Angela Hahn, executive director of the ONG-ISAC. "


Ukraine warns allies of Russian plans to escalate cyberattacks

ciber
2022-09-26 https://www.bleepingcomputer.com/news/security/ukraine-warns-allies-of-russian-plans-to-escalate-cyberattacks/
The Ukrainian military intelligence service warned today that Russia is planning "massive cyber-attacks" targeting the critical infrastructure of Ukraine and its allies. [...] "

Autosummary: "


Russia prepares massive cyberattacks on the critical infrastructure of Ukraine and its allies

ciber
2022-09-26 https://securityaffairs.co/wordpress/136265/cyber-warfare-2/russia-prepares-massive-cyberattacks.html

The Ukrainian military intelligence warns that Russia is planning to escalate cyberattacks targeting Ukraine and Western allies. The Main Directorate of Intelligence of the Ministry of Defence of Ukraine (HUR MO) warns that Russia is planning to escalate cyberattacks targeting the critical infrastructure of Ukraine and western countries. According to the Ukrainian military intelligence service, […]

The post Russia prepares massive cyberattacks on the critical infrastructure of Ukraine and its allies appeared first on Security Affairs.

"

Autosummary: Linkedin Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On "


Mitigating the cybersecurity crisis for the school year ahead

ciber
2022-09-23 https://www.helpnetsecurity.com/2022/09/23/schools-cyberattacks/

As students head back into the classroom, K-12 district leaders are faced with the difficult task of preventing and mitigating cybersecurity threats against their districts. School systems have become a popular target for cybercriminals over the last few years due to their growing reliance on technology and their wealth of data. It’s a growing problem that is producing costly ramifications for school districts of all sizes across the country who are already grappling with tight … More

The post Mitigating the cybersecurity crisis for the school year ahead appeared first on Help Net Security.

"

Autosummary: As the school year kicks into high gear, the ongoing cybersecurity crisis should be viewed as a universal problem that is addressed not only by education leaders, but also policymakers and government leaders, education technology partners and vendors, school boards, and community members.On average, it costs education institutions $2.73 million to remediate the impact of a ransomware attack, including the cost of downtime, data recovery, device and network repairs, security updates and lost opportunity. "


Firing Your Entire Cybersecurity Team? Are You Sure?

ciber
2022-09-23 https://thehackernews.com/2022/09/firing-your-entire-cybersecurity-team.html
What on earth were they thinking? That"s what we – and other security experts – were wondering when content giant Patreon recently dismissed its entire internal cybersecurity team in exchange for outsourced services. Of course, we don"t know the true motivations for this move. But, as outsiders looking in, we can guess the cybersecurity implications of the decision would be inescapable for any "

Autosummary: Yes, SLAs can guide performance standards, but when it matters, in a crisis, an SLA will never replicate the urgent sense of "right now" that you have with a dedicated, internal team. Bad for press, bad for finances, bad for security Was there a valid reason other than cost savings for dismissing an entire in-house cybersecurity team?Lack of competence, insider risk, interpersonal issues, lack of communication, or failure to achieve business goals? "


Why Zero Trust Should be the Foundation of Your Cybersecurity Ecosystem

ciber
2022-09-21 https://thehackernews.com/2022/09/why-zero-trust-should-be-foundation-of.html
For cybersecurity professionals, it is a huge challenge to separate the “good guys” from the “villains”. In the past, most cyberattacks could simply be traced to external cybercriminals, cyberterrorists, or rogue nation-states. But not anymore. Threats from within organizations – also known as “insider threats” – are increasing and cybersecurity practitioners are feeling the pain.  Traditional "

Autosummary: The guide explains how your organization can design a zero trust implementation strategy, select an appropriate methodology, assemble the right tools, and execute the implementation plan for successful zero trust adoption. The Growth of Zero Trust Recently, zero trust has developed a large following due to a surge in insider attacks and an increase in remote work – both of which challenge the effectiveness of traditional perimeter-based security approaches. By combining multiple defenses such as threat prevention, detection, and automated response, XDR provides a strong foundation to a zero trust strategy. "


Domain shadowing becoming more popular among cybercriminals

ciber
2022-09-21 https://www.bleepingcomputer.com/news/security/domain-shadowing-becoming-more-popular-among-cybercriminals/
Threat analysts at Palo Alto Networks (Unit 42) discovered that the phenomenon of "domain shadowing" might be more prevalent than previously thought, uncovering 12,197 cases while scanning the web between April and June 2022. [...] "

Autosummary: In the meantime, the threat actors are free to host C2 (command and control) addresses, phishing sites, and malware-dropping points, abusing the good reputation of the hijacked domain to bypass security checks. "


Take cybersecurity out to where employees and data are coming together

ciber
2022-09-20 https://www.helpnetsecurity.com/2022/09/20/networking-security/

Every morning, we wake up and chances are, we start immediately accessing and consuming information. Whether it’s accessing personal emails, downloading sales reports, or paying bills, we’re switching devices constantly, and are used to managing both our personal and work lives from anywhere. Cybercriminals are keenly aware that users are constantly switching between personal and corporate devices, or even blurring the lines between the two. Thanks to cloud technologies, we’ve made huge convenience and productivity … More

The post Take cybersecurity out to where employees and data are coming together appeared first on Help Net Security.

"

Autosummary: For the typical organization, they have likely established a series of ad hoc systems and multiple vendors to manage their security, so adopting a SASE architecture, even if it is done gradually, allows organizations to streamline their processes and reduce their spending on several individual point products.Whether it’s accessing personal emails, downloading sales reports, or paying bills, we’re switching devices constantly, and are used to managing both our personal and work lives from anywhere. "


Top 8 takeaways from the VMWare Cybersecurity Threat Report

ciber
2022-09-20 https://www.bleepingcomputer.com/news/security/top-8-takeaways-from-the-vmware-cybersecurity-threat-report/
VMware has recently released the 2022 edition of its annual Global Incident Response Threat Report. It is critically important for IT professionals to understand these trends and what they could mean for your organization"s cyber security efforts. Let"s break down VMware"s 8 key findings and offer meaningful insights into each. [...] "

Autosummary: 5. 23 % of attacks now compromise API security as these platforms emerge as a promising new endpoint for threat actors to exploit The VMware study also found that attackers are increasingly exploiting APIs, as well as using tried and true techniques such as SQL injections.Zero-day exploits were encountered by 62 percent of respondents in the past 12 months, an 11 percent increase from last year Zero-day exploits can be hugely problematic for any organization since they are impossible to anticipate. Virtual patching, also known as vulnerability shielding, involves using a Web Application Firewall or similar tool to disrupt an attacker’s network path, thereby shielding the vulnerability. "


Belden and Cylus join forces to provide cybersecurity platform for rail operators

ciber
2022-09-20 https://www.helpnetsecurity.com/2022/09/21/belden-cylus/

Belden has joined forces with Cylus, and will enable customers that use Belden’s Firewall to supplement it with an optimized version of CylusOne software available for license from Cylus. The combination of Belden and Cylus solutions that customers will be able to implement offers a cybersecurity platform for rail operators for both rolling stock and signaling systems. As the rail industry continues to adopt automated, wireless, and connected technologies – both trackside and onboard – … More

The post Belden and Cylus join forces to provide cybersecurity platform for rail operators appeared first on Help Net Security.

"

Autosummary: The combined Belden and Cylus cybersecurity solution is tailored to signaling and rolling stock systems, combining Belden’s next-generation industrial firewall (NGFW), the EAGLE40-6M, with CylusOne, the cybersecurity solution providing continuous monitoring and real-time protection for rolling stock and rail infrastructure. "


Hive ransomware claims cyberattack on Bell Canada subsidiary

exploits ransomware ciber
2022-09-15 https://www.bleepingcomputer.com/news/security/hive-ransomware-claims-cyberattack-on-bell-canada-subsidiary/
The Hive ransomware gang claimed responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS). [...] "

Autosummary: " Hive is a Ransomware-as-a-Service (RaaS) operation active since June 2021 behind attacks against dozens of organizations, counting only those victims who had their data leaked online after refusing to pay the ransom, The Federal Bureau of Investigation (FBI) released some indicators of compromise and technical details associated with Hive ransomware attacks in August 2021. "


CFOs’ overconfidence in cybersecurity can cost millions

ciber
2022-09-14 https://www.helpnetsecurity.com/2022/09/14/cfos-cybersecurity-confidence/

Kroll announced its report Cyber Risk and CFOs: Over-Confidence is Costly which found chief financial officers (CFOs) to be woefully in the dark regarding cybersecurity, despite confidence in their company’s ability to respond to an incident. The report, conducted by StudioID of Industry Dive, exposed three key themes among the 180 senior finance executives surveyed worldwide: Ignorance is bliss. Eighty-seven percent of CFOs are either very or extremely confident in their organization’s cyberattack response. This … More

The post CFOs’ overconfidence in cybersecurity can cost millions appeared first on Help Net Security.

"

Autosummary: David Ball, Managing Director in the Valuation Advisory Services practice at Kroll, said: “Cyber incidents have the potential to cause material damage or impairment to the assets of a company, particularly intangible assets, including intellectual property, customer relationships and brand. "


5 technologies that help prevent cyberattacks for SMBs

ciber
2022-09-14 https://www.malwarebytes.com/blog/business/2022/09/5-technologies-that-help-prevent-cyber-attacks-for-smbs

Categories: Business

Cybercriminals are more likely to target small-and-medium businesses for their perceived (and sometimes actual) lack of cyberdefenses. In this post, we break down five must-have technologies that help prevent cyberattacks for SMBs.

(Read more...)

The post 5 technologies that help prevent cyberattacks for SMBs  appeared first on Malwarebytes Labs.

"

Autosummary: Through a combination of web protection, application hardening, and more, EP provides businesses with full attack chain protection against both known and unknown malware, ransomware, and zero-hour threats.To that end, the following are strongly recommended: Endpoint protection, VPM, DNS filtering, cloud storage scanning, and 2FA (and cyber insurance!).However, businesses use multiple different cloud storage repositories, and due to lack of integration options, they are unable to get a centralized view of all of their scan results, across multiple repositories, in a single pane of glass. To better prevent cyberattacks, look for a cloud scanning service that uses multiple anti-malware engines, using a combination of signatures, heuristics and machine learning to increase detection rates. This article focuses on helping to prevent cyberattacks purely through technology; though of course, businesses need a combination of technology, people, and strategy to truly become cyber resilient. What’s important to note here is that, because the risk level of every organization is different, there"s no “one-size-fits-all” approach to prevent cyberattacks. "


MSPs and cybersecurity: The time for turning a blind eye is over

ciber
2022-09-12 https://www.helpnetsecurity.com/2022/09/12/msps-email-security/

Results of a Vade report highlight the prevalence of Managed Service Providers (MSPs), with 96% of organizations either currently outsourcing at least some of their needs to MSPs or planning to do so in the future. The report also analyzes the successes and pitfalls of email security solutions and where MSPs may have an opportunity to reach into the market. Conducted by Vanson Bourne, the survey includes findings from interviews of 500 IT decision makers … More

The post MSPs and cybersecurity: The time for turning a blind eye is over appeared first on Help Net Security.

"

Autosummary: Threat monitoring and intrusion (43%), cybersecurity consulting (37%) and firewall management (36%) are the three most important services to them.Threat monitoring and intrusion (43%), cybersecurity consulting (37%) and firewall management (36%) are the three most important services to them. "


Outdated infrastructure remains a problem against sophisticated cyberattacks

ciber
2022-09-12 https://www.helpnetsecurity.com/2022/09/12/outdated-infrastructure-video/

A global research commissioned by Cohesity reveals that nearly half of respondents say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. This Help Net Security video showcases that organizations are still relying on outdated infrastructure to protect their data.

The post Outdated infrastructure remains a problem against sophisticated cyberattacks appeared first on Help Net Security.

"

Autosummary: "


Building a successful cybersecurity business, one client at a time

ciber
2022-09-12 https://www.helpnetsecurity.com/2022/09/12/cloudsek-building-a-successful-cybersecurity-business/

Rahul Sasi is the founder and CEO of CloudSEK, which leverages artificial intelligence and machine learning to combat cyber threats. The Singapore-headquartered company was founded in 2015, and raised a $7 million in Series A investment led by MassMutual Ventures in 2021. In this Help Net Security interview, Sasi talks about the challenges of building CloudSEK, his journey in the cybersecurity industry, and discusses lessons learned along the way. What unexpected obstacles did you encounter … More

The post Building a successful cybersecurity business, one client at a time appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Sasi talks about the challenges of building CloudSEK, his journey in the cybersecurity industry, and discusses lessons learned along the way.So, as long as we ensure that all CloudSters are growing and experimenting, at a good pace, CloudSEK will continue to grow.“If you want to go fast, go alone, if you want to go far, go together.” It is also important to nurture and cultivate a culture that fosters consistency, innovation, and experimentation. "


Albania was hit by a new cyberattack and blames Iran

ciber
2022-09-11 https://securityaffairs.co/wordpress/135602/cyber-warfare-2/albania-second-cyber-attack.html

Albania blamed Iran for a new cyberattack that hit computer systems used by the state police on Friday. Albania blamed the government of Teheran for a new cyberattack that hit computer systems used by the state police on Saturday. “The national police’s computer systems were hit Friday by a cyberattack which, according to initial information, […]

The post Albania was hit by a new cyberattack and blames Iran appeared first on Security Affairs.

"

Autosummary: “The national police’s computer systems were hit Friday by a cyberattack which, according to initial information, was committed by the same actors who in July attacked the country’s public and government service systems,” reads a statement issued by the Albanian interior ministry. “In order to neutralize the criminal act and secure the systems,” the authorities have shut down computer control systems at seaports, airports and border posts, the statement added. "


U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania

ciber
2022-09-10 https://thehackernews.com/2022/09/us-imposes-new-sanctions-on-iran-over.html
The U.S. Treasury Department on Friday announced sanctions against Iran"s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies. "Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government and private-sector "

Autosummary: " Microsoft, which investigated the attacks, said the adversaries worked in tandem to carry out distinct phases of the attacks, with each cluster responsible for a different aspect of the operation - DEV-0842 deployed the ransomware and wiper malware DEV-0861 gained initial access and exfiltrated data DEV-0166 (aka IntrudingDivisor) exfiltrated data, and DEV-0133 (aka Lyceum or Siamese Kitten) probed victim infrastructure The tech giant"s threat intelligence teams also attributed the groups involved in gaining initial access and exfiltrating data to the Iranian MOIS-linked hacking collective codenamed Europium, which is also known as APT34, Cobalt Gypsy, Helix Kitten, or OilRig. "


IHG suffered a cyberattack that severely impacted its booking process

ciber
2022-09-10 https://securityaffairs.co/wordpress/135572/hacking/ihg-suffered-cyberattack.html

InterContinental Hotels Group PLC (IHG) discloses a security breach, parts of its IT infrastructure has been subject to unauthorised activity The hospitality conglomerate, InterContinental Hotel Group (IHG) manages 17 hotel chains, including the Regent, Crowne Plaza, Holiday Inn, and Candlewood Suites. IHG operates 6,028 hotels in more than 100 different countries. The company announced that […]

The post IHG suffered a cyberattack that severely impacted its booking process appeared first on Security Affairs.

"

Autosummary: "


Cybercriminals are changing focus from large hospitals to smaller hospital systems

ciber
2022-09-09 https://www.helpnetsecurity.com/2022/09/09/healthcare-data-breach-video/

Critical Insight announced the release of the firm’s H1 2022 Healthcare Data Breach Report, which analyzes ​​breach data reported to the United States Department of Health and Human Services by healthcare organizations. This Help Net Security video reveals why attackers are changing targets and moving from large hospitals to smaller hospital systems.

The post Cybercriminals are changing focus from large hospitals to smaller hospital systems appeared first on Help Net Security.

"

Autosummary: "


US sanctions Iran’s Ministry of Intelligence over Albania cyberattack

ciber
2022-09-09 https://www.bleepingcomputer.com/news/security/us-sanctions-iran-s-ministry-of-intelligence-over-albania-cyberattack/
The U.S. Treasury Department announced sanctions today against Iran"s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence for their role in the July cyberattack against the government of Albania, a U.S. ally and a NATO member state. [...] "

Autosummary: https://t.co/JoH2cEqNzp — Jens Stoltenberg (@jensstoltenberg) September 8, 2022 MOIS-controlled threat groups Earlier this year, U.S. Cyber Command (USCYBERCOM) officially linked the Iranian-backed MuddyWatter threat group to Iran"s Ministry of Intelligence and Security (MOIS). "


US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack

ciber
2022-09-09 https://securityaffairs.co/wordpress/135532/intelligence/us-treasury-sanctioned-iran.html

The U.S. Treasury Department sanctioned Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the Albania cyberattack. The U.S. Treasury Department announced sanctions against Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the cyber attack that hit Albania in July. MOIS is the primary intelligence […]

The post US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack appeared first on Security Affairs.

"

Autosummary: Error. "


InterContinental Hotels" booking systems disrupted by cyberattack

ciber
2022-09-08 https://www.malwarebytes.com/blog/news/2022/09/intercontinental-hotels-booking-systems-disrupted-by-cyberattack

Categories: News

InterContinental Hotels Group PLC reports that parts of the company"s technology systems have been subject to unauthorized activity. Ransomware?

(Read more...)

The post InterContinental Hotels" booking systems disrupted by cyberattack appeared first on Malwarebytes Labs.

"

Autosummary: InterContinental Hotels Group The InterContinental Hotels Group, also known as IHG Hotels & Resorts, operates 17 hotel brands around the world, including established brands like InterContinental, Regent, Six Senses, Crowne Plaza, and Holiday Inn.Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., hard drive, storage device, the cloud). "


7 free online cybersecurity courses you can take right now

ciber
2022-09-07 https://www.helpnetsecurity.com/2022/09/07/7-free-online-cybersecurity-courses-you-can-take-right-now/

The cybersecurity skills shortage continues to present multiple challenges and have repercussions for organizations. The skills gap can be addressed through training and certifications to increase employees’ education. The talent shortage and a variety of specialized fields within cybersecurity have inspired many to reskill and join the industry. One way to get more knowledge is to take advantage of online learning opportunities. Below you can find a list of free online cybersecurity courses that can … More

The post 7 free online cybersecurity courses you can take right now appeared first on Help Net Security.

"

Autosummary: Security Governance & Compliance University of California, Irvine Instructor: Jacob Horne, Cybersecurity Consultant In this course, students are introduced to the field of cyber security with a focus on the domain of security & risk management. Web Security Fundamentals KU Leuven University Instructor: Philippe De Ryck, Founder, Pragmatic Web Security This course provides an overview of the most common attacks, and illustrates fundamental countermeasures that every web application should implement. "


eBook: 4 cybersecurity trends to watch in 2022

ciber
2022-09-07 https://www.helpnetsecurity.com/2022/09/07/ebook-4-cybersecurity-trends-to-watch-in-2022/

With the rapid acceleration of cloud usage and digitized systems, a host of new security concerns are likely to emerge in the new year. Growing threats around network defense, data protection and multicloud strategies are dominating the security conversation, while cybercriminals have become faster, smarter and more discreet than ever before. It’s crucial that businesses, government agencies, schools and other organizations stay mindful of the latest predictions. 4 cybersecurity trends to watch in 2022 eBook … More

The post eBook: 4 cybersecurity trends to watch in 2022 appeared first on Help Net Security.

"

Autosummary: "


Albania blames Iran for July cyberattack, severs diplomatic ties

ciber
2022-09-07 https://www.bleepingcomputer.com/news/security/albania-blames-iran-for-july-cyberattack-severs-diplomatic-ties/
Albanian Prime Minister Edi Rama announced on Wednesday that the entire staff of the Embassy of the Islamic Republic of Iran was asked to leave within 24 hours. [...] "

Autosummary: "


Massive hotel group IHG struck by cyberattack which disrupts booking systems

ciber
2022-09-07 https://www.bitdefender.com/blog/hotforsecurity/massive-hotels-group-ihg-struck-by-cyberattack-which-disrupts-booking-systems/
InterContinental Hotels Group (IHG), which owns brands such as InterContinental, Crowne Plaza, Holiday Inn, and many others, has had its IT systems breached by malicious hackers Read more in my article on the Hot for Security blog. "

Autosummary: "


Booz Allen Hamilton and CyberSaint provide clients with real-time insight into their cybersecurity posture

ciber
2022-09-07 https://www.helpnetsecurity.com/2022/09/08/booz-allen-hamilton-cybersaint/

Booz Allen Hamilton and CyberSaint have formed a strategic partnership that aligns Booz Allen’s cybersecurity consulting services with CyberSaint’s cyber and IT risk management software, providing clients with an on-demand view of their cybersecurity posture against frameworks and standards like the NIST CSF paired with credible cyber risk quantification and analytics. Considering the fast-changing landscape of cybersecurity threats, organizations need a way to understand their cyber risks, whether that is ransomware from a criminal group … More

The post Booz Allen Hamilton and CyberSaint provide clients with real-time insight into their cybersecurity posture appeared first on Help Net Security.

"

Autosummary: The Booz Allen Hamilton Cyber Risk Solution, powered by CyberSaint, is designed for strategic (BoD, ELT, ERM) and operational (CISO, Risk Director) stakeholders to measure, monitor, and manage their cybersecurity risks and control posture. "


New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

financial ciber
2022-09-06 https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html
A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim"s session," Resecurity researchers said in a Monday "

Autosummary: "


China accuses the US of cyberattacks

ciber
2022-09-06 https://securityaffairs.co/wordpress/135369/cyber-warfare-2/china-accuses-us-cyberattacks.html

China accuses the United States of conducting tens of thousands of cyberattacks on its country, including cyberespionage campaigns. The Government of Beijing accused the United States of launching tens of thousands of cyberattacks on China. The attacks aimed at stealing sensitive data from government entities and universities. In the past, the US Government has accused […]

The post China accuses the US of cyberattacks appeared first on Security Affairs.

"

Autosummary: "


Go-Ahead cyberattack might derail UK public transport services

ciber
2022-09-06 https://www.helpnetsecurity.com/2022/09/06/go-ahead-cyberattack/

One of the UK’s largest public transport operators, Go-Ahead Group, has fallen victim to a cyberattack. The Go-Ahead Group, which connects people across its bus and rail networks, reported it was “managing a cyber security incident” after “unauthorized activity” was detected on its network. This type of cyber strike on the UK’s transport system isn’t uncommon. Hackers have regularly been targeting the airline industry for some time. By design, the cyberattacks intend to cause interruptions … More

The post Go-Ahead cyberattack might derail UK public transport services appeared first on Help Net Security.

"

Autosummary: Stretched beyond capacity Nearly seven in ten (69%) mid-sized organizations have three people or fewer in their team looking after cyber security, according to Censornet’s ‘UK Mid-Market on Code Red Report’. "


InterContinental Hotels Group cyberattack disrupts booking systems

ciber
2022-09-06 https://www.bleepingcomputer.com/news/security/intercontinental-hotels-group-cyberattack-disrupts-booking-systems/
Leading hospitality company InterContinental Hotels Group PLC (also known as IHG Hotels & Resorts) says its information technology (IT) systems have been disrupted since yesterday after its network was breached. [...] "

Autosummary: Its brands include luxury, premium, and essential hotel chains such as InterContinental, Regent, Six Senses, Crowne Plaza, Holiday Inn, and many others. "


Your vendors are likely your biggest cybersecurity risk

ciber
2022-09-05 https://www.helpnetsecurity.com/2022/09/05/vendors-cybersecurity-risk/

As speed of business increases, more and more organizations are looking to either buy companies or outsource more services to gain market advantage. With organizations expanding their vendor base, there is a critical need for holistic third-party risk management (TPRM) and comprehensive cybersecurity measures to assess how much risk vendors pose. While organizations assess and manage risk on a multitude of layers, none present bigger threats to business resiliency than third-party risk and a lack … More

The post Your vendors are likely your biggest cybersecurity risk appeared first on Help Net Security.

"

Autosummary: Addressing cybersecurity with your third parties A cross-functional approach to TPRM and cybersecurity reduces duplicative work and lends deeper insight into enterprise risk for your organization, your vendors, and your partners. Organizations that understand and implement integrated cybersecurity and TPRM systems gain a complete view of their vendor’s risk profile, comprehensively prepare for possible threats and compliance violations, and improve business results with trustworthy secure vendors. "


Use of machine identities is growing in state-sponsored cyberattacks

government ciber
2022-09-05 https://www.helpnetsecurity.com/2022/09/05/state-sponsored-cyberattacks-video/

66% of organizations have changed their cybersecurity strategy as a direct response to the conflict between Russia and Ukraine, while 64% suspect their organization has been either directly targeted or impacted by a nation-state cyber attack, according to Venafi. This Help Net Security video uncovers how exploiting machine identities is becoming the modus operandi for nation-state attackers.

The post Use of machine identities is growing in state-sponsored cyberattacks appeared first on Help Net Security.

"

Autosummary: "


CIOs find it most difficult to solve cybersecurity challenges

ciber
2022-09-02 https://www.helpnetsecurity.com/2022/09/02/cio-solve-cybersecurity-challenges/

A global research study from Lenovo reveals how the CIO role has evolved, shedding light on growing areas of responsibility and increasing influence in the C-Suite, as well as removing barriers to business growth. Today, technology is the nervous system that connects corporate strategy, finance, innovation, operations, and talent. CIOs are increasingly tasked with connecting with key stakeholders across the organization to ensure alignment and drive execution. With IT enmeshed in every facet of a … More

The post CIOs find it most difficult to solve cybersecurity challenges appeared first on Help Net Security.

"

Autosummary: 9-in-10 CIOs say that their role and responsibilities have expanded beyond technology, including non-traditional areas such as data analytics and business reporting (56%), sustainability/ESG (45%), DE&I (42%), HR/talent acquisition (39%), and sales/marketing (32%). Similarly in the UK, 9-in-10 CIOs say that their role and responsibilities have expanded beyond technology, including non-traditional areas such as digital transformation and business process automation (62%), data analytics and business reporting (57%), DE&I (42%), and HR/talent acquisition (58%). "


Prynt Stealer Contains a Backdoor to Steal Victims" Data Stolen by Other Cybercriminals

ciber
2022-09-02 https://thehackernews.com/2022/09/prynt-stealer-contains-backdoor-to.html
Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer, which its developer added with the intention of secretly stealing a copy of victims" exfiltrated data when used by other cybercriminals. "While this untrustworthy behavior is nothing new in the world of cybercrime, the victims" data end up in the hands of multiple threat "

Autosummary: "


The Prynt Stealer malware contains a secret backdoor. Crooks steal data from other cybercriminals

exploits ciber
2022-09-02 https://securityaffairs.co/wordpress/135229/malware/prynt-stealer-backdoor.html

The information-stealing malware Prynt Stealer contains a backdoor that allows stealing the data it has infiltrated from victims. Zscaler researchers discovered Telegram channel-based backdoor in the information stealing malware, Prynt Stealer, which allows to secretly steal a copy of the data exfiltrated from the victims. “Zscaler ThreatLabz researchers have uncovered the Prynt Stealer builder, also […]

The post The Prynt Stealer malware contains a secret backdoor. Crooks steal data from other cybercriminals appeared first on Security Affairs.

"

Autosummary: “Zscaler ThreatLabz researchers have uncovered the Prynt Stealer builder, also attributed with WorldWind, and DarkEye, has a secret backdoor in the code that ends up in every derivative copy and variant of these malware families.” reads the analysis published by Zscaler. "


FBI is helping Montenegro in investigating the ongoing cyberattack

ciber
2022-09-01 https://securityaffairs.co/wordpress/135143/cyber-warfare-2/fbi-helps-montenegro-investigation.html

A team of cybersecurity experts from the US FBI will help the authorities in Montenegro to investigate the recent massive cyberattack. A team of cybersecurity experts from the FBI is heading to Montenegro to help local authorities in investigating the recent massive cyber attack that hit the government infrastructure last week. “This is another confirmation […]

The post FBI is helping Montenegro in investigating the ongoing cyberattack appeared first on Security Affairs.

"

Autosummary: Linkedin Share this: Email Twitter Print LinkedIn Facebook More Tumblr Pocket Share On The term “Hybrid warfare” refers to a military strategy which employs political warfare and blends conventional warfare, irregular warfare and cyberwarfare with other influencing methods, such as fake news, diplomacy, lawfare and foreign electoral intervention. "


Resecurity partners with ECOMIL SAS to improve cybersecurity for Colombian organizations

latam ciber
2022-08-29 https://www.helpnetsecurity.com/2022/08/29/resecurity-ecomil-sas/

Resecurity announced its partnership with ECOMIL SAS to expand Resecurity’s AI-driven cybersecurity solutions and threat intelligence services to Colombia. Based in Bogotá, Colombia, ECOMIL SAS provides cybersecurity, IT management and networking solutions to enterprise and government customers in Colombia. Colombia is rapidly transforming to a digital economy, where remote work has exploded 400% post pandemic. The transition to a digital economy has increased the threat of cyber-attacks, which increased 59% in the first half of … More

The post Resecurity partners with ECOMIL SAS to improve cybersecurity for Colombian organizations appeared first on Help Net Security.

"

Autosummary: "


The complexity of modern aircraft cybersecurity

ciber
2022-08-29 https://www.helpnetsecurity.com/2022/08/29/modern-aircraft-cybersecurity-video/

Modern aircraft are more connected now than they ever have been. The results have been rewards like faster flight turnarounds, greater fuel efficiency, and more comfortable and enjoyable passenger experiences. Underpinning all of this technology, however, is operational technology: the digital components inside aircraft that allow the sensors and actuators inside of them to interact with one another and fly passengers safely. This operational technology was designed in an era with safety and reliability at … More

The post The complexity of modern aircraft cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Montenegro says Russian cyberattacks threaten key state functions

government ciber
2022-08-29 https://www.bleepingcomputer.com/news/security/montenegro-says-russian-cyberattacks-threaten-key-state-functions/
Members of the government in Montenegro are stating that the country is being hit with sophisticated and persistent cyberattacks that threaten the country"s essential infrastructure. [...] "

Autosummary: Targets include electricity and water supply systems, transportation services, online portals that citizens use to access various state services, and more. "


Okta one-time MFA passcodes exposed in Twilio cyberattack

ciber
2022-08-28 https://www.bleepingcomputer.com/news/security/okta-one-time-mfa-passcodes-exposed-in-twilio-cyberattack/
The threat actor behind the Twilio hack used their access to steal one-time passwords (OTPs) delivered over SMS to from customers of Okta identity and access management company. [...] "

Autosummary: Additionally, Okta advises the following: Use Network Zones to deny or perform step-up authentication on requests from rarely-used networks and anonymizing proxies Restrict access to applications to only registered devices or devices managed by endpoint management tools Restrict access to the most sensitive applications and data using application-specific authentication policies For customers that want to look for Scatter Swine SMS events (e.g. authentication challenges, password resets or factor enrollment events), Okta has provided a system log query that reveals new devices and network locations for a particular user. "


French hospital crippled by cyberattack – Week in security with Tony Anscombe

ciber
2022-08-26 https://www.welivesecurity.com/videos/french-hospital-cyberattack-week-security-tony-anscombe/

As another hospital falls victim to ransomware, Tony weighs in on the much-debated issue of banning ransomware payouts

The post French hospital crippled by cyberattack – Week in security with Tony Anscombe appeared first on WeLiveSecurity

"

Autosummary: "


U.S. Government Spending Billions on Cybersecurity

government ciber
2022-08-25 https://thehackernews.com/2022/08/us-government-spending-billions-on.html
In recent months, the House of Representatives has been hard at work drafting various spending bills for the 2023 fiscal year. While these bills provide funding for a vast array of government programs and agencies, there was one thing that really stands out. Collectively, the bills that are making their way through the house allocate a staggering $15.6 billion to cybersecurity spending. As you "

Autosummary: With billions of dollars in government spending being poured into the security industry, we will almost certainly see security products and cloud services eventually take an exponential leap forward as a direct result of being able to invest more heavily in product development and security research. Beef up your own cybersecurity initiatives, without the price tag CISA offers numerous recommendations for how organizations can improve their overall cybersecurity, but many of these guidelines pertain to passwords. "


Cybercriminals Are Selling Access to Chinese Surveillance Cameras

ciber
2022-08-25 https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. "

Autosummary: In the time since, the researchers have discovered “multiple instances of hackers looking to collaborate on exploiting Hikvision cameras using the command injection vulnerability,” specifically in Russian dark web forums, where leaked credentials have been put up for sale. "


Cloud Range RightTrak Cyber Aptitude Assessment improves cybersecurity hiring process

ciber
2022-08-24 https://www.helpnetsecurity.com/2022/08/25/cloud-range-righttrak-cyber-aptitude-assessment/

Cloud Range has introduced a cognitive assessment to help security and HR leaders optimize the cybersecurity hiring process and make the right hiring choice. The Cloud Range RightTrak Cyber Aptitude Assessment is a metric-based assessment with different cognitive components that identify an individual’s cognitive aptitude for a career in cybersecurity. It matches their innate talents and abilities with their optimal cyber work role. “Unfortunately, security leaders and HR professionals are challenged by finding the right … More

The post Cloud Range RightTrak Cyber Aptitude Assessment improves cybersecurity hiring process appeared first on Help Net Security.

"

Autosummary: While Gartner reports validate a skills shortage, there are many alternative mechanisms to fill this gap,” write Richard Addiscott, senior director analyst at Gartner, and Sam Olyaei, vice president and team manager at Gartner. "


ImmuniWeb joins Cybersecurity Tech Accord to improve cyber resilience for customers

ciber
2022-08-23 https://www.helpnetsecurity.com/2022/08/24/immuniweb-cybersecurity-tech-accord/

The Cybersecurity Tech Accord is a global interindustry agreement and partnership of leading cybersecurity and technology vendors that are jointly building a better future in cyberspace. Some vendors and experts referred to it as a nascent version of Geneva Cybersecurity Convention. The signatories of the Tech Accord strive to protect all their customers in the best possible manner, to progressively help their customers fortify their cyber resilience and cyber defense capabilities, to shield innocent citizens … More

The post ImmuniWeb joins Cybersecurity Tech Accord to improve cyber resilience for customers appeared first on Help Net Security.

"

Autosummary: We will design, develop, and deliver products and services that prioritize security, privacy, integrity and reliability, and in turn reduce the likelihood, frequency, exploitability, and severity of vulnerabilities. "


European Cybersecurity in Context: A Policy-Oriented Comparative Analysis

ciber
2022-08-22 https://securityaffairs.co/wordpress/134731/security/european-cybersecurity-in-context.html

I’m proud to have contributed to the “European Cybersecurity in Context: A Policy-Oriented Comparative Analysis“ Worldwide connectivity has unleashed global digitalisation, creating cross-border social networks for communicating and spreading information. The use of digital identity for democratic procedures is becoming a reality and public services are shifting towards using digital tools to implement simplified procedures. […]

The post European Cybersecurity in Context: A Policy-Oriented Comparative Analysis appeared first on Security Affairs.

"

Autosummary: "


Become a Cybersecurity Expert with 18 New Online Courses @ 98% OFF

ciber
2022-08-20 https://thehackernews.com/2022/08/become-cybersecurity-expert-with-18-new.html
With more data stored in the cloud than ever before, now is a good time to get into cybersecurity. Many top corporations are looking for new talent, and even junior professionals can earn $80,000 or more. The only barrier to entry is education. How do you learn about security protocols and white hat hacking? Enter the All-In-One 2022 Super-Sized Ethical Hacking Bundle. This collection of 18 "

Autosummary: The line-up covers ethical hacking with Python 3, NMAP, OWASP ZAP, Burp Suite, and other top tools. "


Cybercriminals are using bots to deploy DDoS attacks on gambling sites

ciber
2022-08-19 https://www.helpnetsecurity.com/2022/08/19/gambling-sites-ddos-attacks/

Imperva releases data showing that 25% of all gambling sites were hit with DDoS attacks executed by botnets in June. As the Wimbledon tennis tournament began at the end of June, DDoS attacks increased and impacted 10% of gambling sites. This continues a damaging pattern for the industry with 40% of gambling sites suffering attacks in the last 12 months, 80% of whom were hit multiple times. Overall, the number of application layer DDoS attacks … More

The post Cybercriminals are using bots to deploy DDoS attacks on gambling sites appeared first on Help Net Security.

"

Autosummary: “For gambling firms, even an hour of downtime can equate to significant amounts of lost revenue,” says Yuriy Arbitman, Data Scientist, Imperva. "


Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

ciber
2022-08-19 https://securityaffairs.co/wordpress/134560/cyber-warfare-2/estonia-blocked-cyberattacks-killnet.html

Estonia announced to have blocked a wave of cyber attacks conducted by Russian hackers against local institutions. Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. The DDoS attacks targeted both public institutions and the private sector. The Pro-Russia hacker […]

The post Estonia blocked cyberattacks claimed by Pro-Russia Killnet group appeared first on Security Affairs.

"

Autosummary: E-services created under this initiative include i-Voting, e-Tax Board, e-Business, e-Banking, e-Ticket, e-School, University via internet, the E-Governance Academy, as well as the release of several mobile applications. "


Redpoint Cybersecurity names David Duncan as VP of Cyber Operations

ciber
2022-08-19 https://www.helpnetsecurity.com/2022/08/20/redpoint-cybersecurity-david-duncan/

Redpoint Cybersecurity has named David Duncan as its new Vice President of Cyber Operations. As leader of the Cyber Operations team, David will have oversight over the Breach Response group as well as the Redpoint Labs team. Redpoint’s Breach Response has handled the most complex and extensive ransomware and other breaches, and the Redpoint Labs group houses Redpoint’s Threat Mitigation Group as well as its DevOps team. Prior to his newly expanded role, David was … More

The post Redpoint Cybersecurity names David Duncan as VP of Cyber Operations appeared first on Help Net Security.

"

Autosummary: "


IoT: The huge cybersecurity blind spot that’s costing millions

industry ciber
2022-08-18 https://www.helpnetsecurity.com/2022/08/18/iot-cybersecurity-blind-spots/

In many ways, IoT has made our lives easier. We are technologically connected in ways we never thought possible. But organizations need to be aware of the cybersecurity blind spots generated by the prevalence of IoT technology, because connected devices are opening virtual doors into organizations’ networks. The enterprise IoT cybersecurity blind spots According to Forrester, over 60% of enterprise cyberattacks originate from the trust organizations place in their partner or vendor, and vulnerable devices … More

The post IoT: The huge cybersecurity blind spot that’s costing millions appeared first on Help Net Security.

"

Autosummary: The enterprise IoT cybersecurity blind spots According to Forrester, over 60% of enterprise cyberattacks originate from the trust organizations place in their partner or vendor, and vulnerable devices ending up in the end-product or system ecosystem – which is where the blind spot comes in.As an industry-recognized seal of approval, vendors and partners can be sure that the products they are working with meet the high standards they need, and create a strong, trusting relationship between them. "


Why smart factories need to prioritize cybersecurity

ciber
2022-08-18 https://www.helpnetsecurity.com/2022/08/18/why-smart-factories-need-to-prioritize-cybersecurity-video/

Recent Capgemini research revealed that the vast majority of organizations do not have device visibility at their smart factory locations. The use of legacy machinery, designed before cybersecurity was a key element, has opened networks to attack. In this Help Net Security video, Aarthi Krishna, Global Head of Intelligent Industry Security at Capgemini, provides an overview of the cybersecurity issues smart factories have to deal with, and offers steps to help organizations better prepare, prevent … More

The post Why smart factories need to prioritize cybersecurity appeared first on Help Net Security.

"

Autosummary: "


TXOne Networks raises $70 million to defend industry verticals against cybersecurity threats

industry ciber
2022-08-18 https://www.helpnetsecurity.com/2022/08/19/txone-networks-funding/

TXOne Networks has entered into definitive agreements in connection with its Series B financing with total investment proceeds of $70 million. The latest capital injection will be used to expand TXOne Networks’ global presence and defend industry verticals worldwide against cybersecurity threats to industrial control systems (ICS). The new funding round was led by TGVest Capital ($20 million), with participation from KAiA Capital, CDIB Capital Group, CDIB-Innolux L.P., MediaTek, Ta Ya Electric Wire & Cable, … More

The post TXOne Networks raises $70 million to defend industry verticals against cybersecurity threats appeared first on Help Net Security.

"

Autosummary: The new funding round was led by TGVest Capital ($20 million), with participation from KAiA Capital, CDIB Capital Group, CDIB-Innolux L.P., MediaTek, Ta Ya Electric Wire & Cable, Ta Ya Venture Capital, Simplo Technology Group, CHT Security Corporation and Ash Tower Limited, as well as Steven Pan, Silks Hotel Group Chair, and Chun-I Wu, TAYIH Group Chair. "


Cybercriminals Developing BugDrop Malware to Bypass Android Security Features

exploits ciber
2022-08-17 https://thehackernews.com/2022/08/cybercriminals-developing-bugdrop.html
In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that"s currently in development. "This new malware tries to abuse devices using a novel technique, not seen before in Android malware, to spread the extremely dangerous Xenomorph banking trojan, allowing criminals "

Autosummary: "


Airiam acquires Vantage Point Solutions to assist SMEs with cybersecurity and MSP support

ciber
2022-08-17 https://www.helpnetsecurity.com/2022/08/18/airiam-vantage-point-solutions-group/

Airiam has acquired Vantage Point Solutions Group. The addition of Vantage Point Solutions Group extends Airiam’s reach as a national cybersecurity provider to small to medium-sized enterprises (SMEs). “Airiam is thrilled to support Vantage Point Solutions Group’s customers with our world-class line of AirProducts and welcome their talented employees into the Airiam family,” said Ohad Jehassi, Airiam’s CEO. “In addition to enhancing the MSP services they already receive, customers will now have a wider selection … More

The post Airiam acquires Vantage Point Solutions to assist SMEs with cybersecurity and MSP support appeared first on Help Net Security.

"

Autosummary: “In addition to enhancing the MSP services they already receive, customers will now have a wider selection of services, including a managed security service provider (MSSP), managed detection and response (MDR), recovery, compliance services, digital transformation, and consulting.”, Jehassi continued. "


Unified Threat Management: The All-in-One Cybersecurity Solution

ciber
2022-08-16 https://thehackernews.com/2022/08/unified-threat-management-all-in-one.html
UTM (Unified threat management) is thought to be an all-in-one solution for cybersecurity. In general, it is a versatile software or hardware firewall solution integrated with IPS (Intrusion Prevention System) and other security services. A universal gateway allows the user to manage network security with one comprehensive solution, which makes the task much easier. In addition, compared to a "

Autosummary: SafeUTM has flexible integration scenarios - it supports VMware, Microsoft Hyper-V, VirtualBox, KVM, Citrix XenServer hypervisors, and monitoring systems, such as Zabbix agent, SNMP, DLP (via ICAP), & Microsoft Active Directory.It prevents intrusion, filters content, controls apps, has an anti-virus traffic inspection, secure VPN, reporting and more. "


Quick Heal collaborates with RevBits to strengthen its cybersecurity portfolio

ciber
2022-08-16 https://www.helpnetsecurity.com/2022/08/17/quick-heal-revbits/

Quick Heal Technologies has collaborated with RevBits to address the protection need for an on-premise infrastructure of government organisations. The partnership will help Quick Heal enhance its Seqrite product portfolio while enabling RevBits to expand its market presence in India. The association also aims to help government organizations that prefer to run their critical systems on-premise rather than in the cloud, thereby ensuring that they operate safely and seamlessly without the fear of cyberattacks. Dr. … More

The post Quick Heal collaborates with RevBits to strengthen its cybersecurity portfolio appeared first on Help Net Security.

"

Autosummary: "


Why it’s past time we operationalized cybersecurity

ciber
2022-08-15 https://www.helpnetsecurity.com/2022/08/15/operationalizing-cybersecurity/

Enterprises are investing more in cybersecurity than ever before, but we’re also seeing a record number of breaches. More than 5.1 billion pieces of personal information were reported stolen last year, and the average cost of a breach has climbed to $4.35 million. Have the threat actors really become that good? Or is this a business failing? It can’t be denied that cyber criminals have become more organized, and more advanced tools and tactics are … More

The post Why it’s past time we operationalized cybersecurity appeared first on Help Net Security.

"

Autosummary: This isn’t a single measurement, but rather applies to each of those core foundations – culture, accountability, processes, resources, automation, and measurement. Bringing cybersecurity in line with business metrics The first step toward operationalizing cybersecurity is to start thinking of it just like any other business investment. Tying security to core business foundations Every business needs to deliver on several core foundations to be successful. "


25% of employees don’t care enough about cybersecurity to report a security incident

ciber
2022-08-12 https://www.helpnetsecurity.com/2022/08/12/strong-cybersecurity-posture-video/

According to a new Tessian report, 30% employees do not think they personally play a role in maintaining their company’s cybersecurity posture. This Help Net Security video reveals why strong security culture is important in maintaining a strong security posture.

The post 25% of employees don’t care enough about cybersecurity to report a security incident appeared first on Help Net Security.

"

Autosummary: "


Why SAP systems need to be brought into the cybersecurity fold

ciber
2022-08-11 https://www.helpnetsecurity.com/2022/08/11/why-sap-systems-need-to-be-brought-into-the-cybersecurity-fold/

SAP’s status as a leading business process management software provider is undeniable. Today, the company serves over 230 million cloud users and 99 of the top 100 companies in the world with the largest cloud portfolio of any provider, comprising more than 100 solutions covering all business functions. Touching 77% of all transactions and thought to store 70% of all corporate data, SAP systems are a fundamental digital cog in the global economy. But SAP … More

The post Why SAP systems need to be brought into the cybersecurity fold appeared first on Help Net Security.

"

Autosummary: By converging SIEM solutions with Security Orchestration, Automation and Response (SOAR) and User and entity behavior analytics (UEBA), organizations can benefit from automated threat detection, investigation, and response capabilities as well as accurate, risk-based analytics, guiding security teams to combat advanced threats.SAP SCM, for example, is built to support supply chain management specialists with solutions in planning, logistics, manufacturing, and product lifecycle management. In meeting the unique requirements of individual departments, these applications can end up siloed in small pockets of the organization away from central security strategies, making it difficult to monitor, patch and maintain them, let alone spot suspicious or malicious activity. "


5 cybersecurity tips for students going back to school

ciber
2022-08-10 https://www.malwarebytes.com/blog/news/2022/08/5-cybersecurity-tips-for-students-going-back-to-school

Categories: Personal

The new school season is just around the corner. And while you are getting ready to go back to school, now is a good opportunity to check you are doing all you can to stay as safe as possible online.

(Read more...)

The post 5 cybersecurity tips for students going back to school appeared first on Malwarebytes Labs.

"

Autosummary: It"s on social media, SMS, chat platforms, gaming platforms, and other online watering holes, too. 5. Lock down your files The school does its part to secure your most important data, but you have a part to play, too. "


SecurityScorecard provides a combination of services and platform to help CISOs manage cybersecurity risks

ciber
2022-08-10 https://www.helpnetsecurity.com/2022/08/10/securityscorecard-professional-services/

At Black Hat USA 2022, SecurityScorecard announced the integration of its Professional Services offering with its ratings platform to provide a single point of orchestration to manage cybersecurity risks. SecurityScorecard’s Professional Services team can help any customer manage cybersecurity risk in concert with the industry’s largest and most comprehensive global, cyber risk data set, setting the industry standard for how cyber risk is quantified, measured and reduced. SecurityScorecard delivers strategic, proactive and acute-scenario services paired … More

The post SecurityScorecard provides a combination of services and platform to help CISOs manage cybersecurity risks appeared first on Help Net Security.

"

Autosummary: “CISOs are under pressure to protect their organizations, and are now accountable to the Board of Directors, but they lack a single-point of orchestration for cybersecurity workflow and to define success,” said Aleksandr Yampolskiy, co-founder and CEO, SecurityScorecard. "


Open Cybersecurity Schema Framework project helps organizations detect and defend from cyberattacks

ciber
2022-08-10 https://www.helpnetsecurity.com/2022/08/11/open-cybersecurity-schema-framework/

A coalition of cybersecurity and technology leaders announced an open-source effort to break down data silos that impede security teams. The Open Cybersecurity Schema Framework (OCSF) project, revealed at Black Hat USA 2022, will help organizations detect, investigate and stop cyberattacks faster and more effectively. The OCSF project was conceived and initiated by AWS and Splunk, building upon the ICD Schema work done at Symantec, a division of Broadcom. The OCSF includes contributions from 15 … More

The post Open Cybersecurity Schema Framework project helps organizations detect and defend from cyberattacks appeared first on Help Net Security.

"

Autosummary: The OCSF includes contributions from 15 additional initial members, including Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and Zscaler. “We, as security vendors, need to do right by the security teams who work tirelessly to protect not only their organizations, but the greater community, against a constantly evolving array of threats,” said Sam Adams, Vice President of Detection and Response, Rapid7. “Cybersecurity is one of the most pressing challenges of the 21st century, and no single organization, agency, or vendor can solve it alone,” said Sridhar Muppidi, IBM Fellow, Vice President and Chief Technology Officer, IBM Security. “Security leaders are wrestling with integration gaps across an expanding set of application, service and infrastructure providers, and they need clean, normalized and prioritized data to detect and respond to threats at scale,” said Patrick Coughlin, Group Vice President Security Market, Splunk. "


guardDog.ai partners with VMware to protect users and networks from attempted cyberattacks

ciber
2022-08-09 https://www.helpnetsecurity.com/2022/08/10/guarddog-ai-vmware/

As the provider of real-time cyber security protection for business and consumers, guardDog.ai is using VMware’s Tanzu containerization technology to support hardware-free and entirely remote deployment and management of cyber security protection for any size MSSP or organization. guardDog’s subscription-based Fido technology uses patent-pending artificial intelligence from the company’s cloud-based Autonomous Incident Response (AiR) database to pre-emptively recognize all devices connected to a network (including most especially the IoT and smart device connections device management … More

The post guardDog.ai partners with VMware to protect users and networks from attempted cyberattacks appeared first on Help Net Security.

"

Autosummary: These include the myriad of IoT (Internet of Things) devices such as specialized health monitoring equipment, printers, doorbells, thermostats, smart refrigerators, smart pens, smart TVs, and game systems that are inherently vulnerable to the networks they join. "


Cyberattacks on healthcare organizations negatively impact patient care

ciber
2022-08-08 https://www.helpnetsecurity.com/2022/08/08/cyberattacks-healthcare-impact/

Cynerio and the Ponemon Institute have examined the current impact of cyberattacks on healthcare facilities and network-connected IoT and medical devices, and found multiple alarming trends. Among other things, the survey has also revealed that almost half of hospitals have been attacked with ransomware, and that 76% of victimized hospitals were attacked 3 or more times. Key report findings The Insecurity of Connected Devices in HealthCare 2022 Report surveyed 517 experts in leadership positions at … More

The post Cyberattacks on healthcare organizations negatively impact patient care appeared first on Help Net Security.

"

Autosummary: Perceived risk in IoT/ IoMT devices is high, but proactive security actions and accountability are not 71% of respondents rated the security risks presented by IoT/IoMT devices as high or very high, while only 21% report a mature stage of proactive security actions. "


7-Eleven stores in Denmark closed due to a cyberattack

ciber
2022-08-08 https://www.bleepingcomputer.com/news/security/7-eleven-stores-in-denmark-closed-due-to-a-cyberattack/
7-Eleven stores in Denmark shut down today after a cyberattack disrupted stores" payment and checkout systems throughout the country. [...] "

Autosummary: "


Serious cyberattack hits German Chambers of Industry and Commerce (DIHK)

industry ciber
2022-08-07 https://securityaffairs.co/wordpress/134121/hacking/dihk-cyberattack.html

A massive cyberattack hit the website of the German Chambers of Industry and Commerce (DIHK) this week. A massive attack hit the website of the German Chambers of Industry and Commerce (DIHK) forcing the organization to shut down its IT systems as a precautionary measure for security reasons. “Due to a possible cyber attack, the […]

The post Serious cyberattack hits German Chambers of Industry and Commerce (DIHK) appeared first on Security Affairs.

"

Autosummary: "


Iranian Hackers likely Behind Disruptive Cyberattacks Against Albanian Government

government ciber
2022-08-05 https://thehackernews.com/2022/08/iranian-hackers-likely-behind.html
A threat actor working to further Iranian goals is said to have been behind a set of disruptive cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a "geographic expansion of Iranian disruptive cyber operations." The July 17 attacks, according to Albania"s National Agency of Information "

Autosummary: "


UK NHS suffers outage after cyberattack on managed service provider

ciber
2022-08-05 https://www.bleepingcomputer.com/news/security/uk-nhs-suffers-outage-after-cyberattack-on-managed-service-provider/
United Kingdom"s National Health Service (NHS) 111 emergency services are affected by a major outage triggered by a cyberattack that hit the systems of managed service provider (MSP) Advanced. [...] "

Autosummary: "


ActZero releases Blueprint for Ransomware Defense to improve cybersecurity posture for enterprises

exploits ransomware ciber
2022-08-05 https://www.helpnetsecurity.com/2022/08/06/actzero-blueprint-for-ransomware-defense/

ActZero has launched the Ransomware Task Force’s (RTF) “Blueprint for Ransomware Defense”. Aimed at small- and medium-sized enterprises (SMEs) that have limited cybersecurity expertise, the Blueprint provides a set of achievable ransomware safeguards to harden their IT environments. ActZero contributed to the development of the Blueprint, and is actively engaging with its clients, partners, and prospects to encourage adoption. The RTF’s 2021 report called for the cybersecurity community to “develop a clear, actionable framework for … More

The post ActZero releases Blueprint for Ransomware Defense to improve cybersecurity posture for enterprises appeared first on Help Net Security.

"

Autosummary: The RTF’s 2021 report called for the cybersecurity community to “develop a clear, actionable framework for ransomware mitigation, response, and recovery”. "


How can organizations stay ahead of cybersecurity challenges?

ciber
2022-08-04 https://www.helpnetsecurity.com/2022/08/04/stay-ahead-of-cybersecurity-challenges-video/

The onslaught of ransomware attacks has catapulted cybersecurity to the forefront of global business operations. However, just 36% of mid-sized organizations still don’t have a formal incident response plan in place, according to research from Egnyte. In this Help Net Security video, Neil Jones, Director of Cybersecurity Evangelism at Egnyte, discusses how organizations can stay one step ahead of cybersecurity challenges.

The post How can organizations stay ahead of cybersecurity challenges? appeared first on Help Net Security.

"

Autosummary: "


Qualys CyberSecurity Asset Management 2.0 with EASM identifies unknown internet-facing assets

ciber
2022-08-04 https://www.helpnetsecurity.com/2022/08/04/qualys-cybersecurity-asset-management-2-0-with-easm/

Qualys announced it is adding External Attack Surface Management (EASM) capabilities to the Qualys Cloud Platform. Integrated into CyberSecurity Asset Management 2.0, the new component adds the external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface. Digital transformation, increased adoption of cloud and Internet of Things (IoT), a growing remote workforce, and a technology talent shortage have led to an exponential rise in organizations’ … More

The post Qualys CyberSecurity Asset Management 2.0 with EASM identifies unknown internet-facing assets appeared first on Help Net Security.

"

Autosummary: It also helps synchronize with CMDBs, detect security gaps like unauthorized or end-of-support software, open ports, remotely exploitable vulnerabilities, digital certificate issues, unsanctioned apps and domains, and mitigate risk by taking appropriate actions. "


Cybersecurity agencies reveal last year’s top malware strains

exploits ciber
2022-08-04 https://www.bleepingcomputer.com/news/security/cybersecurity-agencies-reveal-last-year-s-top-malware-strains/
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a list of the topmost detected malware strains last year in a joint advisory with the Australian Cyber Security Centre (ACSC). [...] "

Autosummary: "


German Chambers of Industry and Commerce hit by "massive" cyberattack

industry ciber
2022-08-04 https://www.bleepingcomputer.com/news/security/german-chambers-of-industry-and-commerce-hit-by-massive-cyberattack/
The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack. [...] "

Autosummary: "


State of cybersecurity funding in the first half of 2022

government ciber
2022-08-02 https://www.helpnetsecurity.com/2022/08/02/cybersecurity-funding-2022/

As the stock market dropped more than 20% in 2022 and prices rise at the pump and grocery store, there are some markets that have shown their ability to weather the storm and retain strong demand and growth even amongst broader market turmoil. One example of this: the cybersecurity market. In the first half of 2022, the cybersecurity industry saw venture capital funding continue to pour into the space, according to Momentum Cyber’s Market Review … More

The post State of cybersecurity funding in the first half of 2022 appeared first on Help Net Security.

"

Autosummary: Of the deals tracked, 37 raised more than $100 million and 14+ were put in the unicorn category, including Abnormal, Beyond Identity, JupiterOne, Material Security, Nord Security, Perimeter 81, Sonar, Teleport, and others.However, there were also seven more deals valued at more than $1B in the first half of 2022, including WatchGuard ($1.5B), Barracuda ($4B), Datto ($6.2B), Sailpoint ($6.9B), Mandiant ($5.3B) and others. "


How AI and cybersecurity complement each other

ciber
2022-08-02 https://www.helpnetsecurity.com/2022/08/02/ai-cybersecurity-video/

As the modern world evolves, more threats arise. Knowledge of cybersecurity and artificial intelligence (AI) has become crucial to a successful business. Businesses everywhere need true expertise to protect their data to avoid their competitors getting ahead. In this Help Net Security video, Taylor Hersom, CEO at Eden Data, discusses why we need AI and how it helps minimize human error, as well as cybersecurity threats such as ransomware.

The post How AI and cybersecurity complement each other appeared first on Help Net Security.

"

Autosummary: "


Cyberattack prevention is cost-effective, so why aren’t businesses investing to protect?

ciber
2022-08-01 https://www.helpnetsecurity.com/2022/08/01/cyberattack-prevention-investing/

Cyberattacks like ransomware, BEC scams and data breaches are some of the key issues businesses are facing today, but despite the number of high-profile incidents, many boardrooms are reluctant to free up budget to invest in the cybersecurity measures necessary to avoid becoming the next victim. In this Help Net Security interview, Former Pentagon Chief Strategy Officer Jonathan Reiber, VP Cybersecurity Strategy and Policy, AttackIQ, discusses how now, more than ever, companies need to protect … More

The post Cyberattack prevention is cost-effective, so why aren’t businesses investing to protect? appeared first on Help Net Security.

"

Autosummary: In this Help Net Security interview, Former Pentagon Chief Strategy Officer Jonathan Reiber, VP Cybersecurity Strategy and Policy, AttackIQ, discusses how now, more than ever, companies need to protect themselves from cyber threat actors.By adopting specialised frameworks to counteract cyber threats, for instance, running a threat-informed defence, utilising automated platforms such as Breach-and-Attack Simulation (BAS), CISO’S can continuously test and validate their system.CISO’s need to be aware of the current threat landscape, in a post-COVID world, remote work has opened a volt to new vulnerabilities, the forward thinking CISO of today needs to put into place preventative cybersecurity measures to manage the long term risk to a company. "


Spanish Police Arrest 2 Nuclear Power Workers for Cyberattacking the Radiation Alert System

ciber
2022-07-29 https://thehackernews.com/2022/07/spanish-police-arrest-2-nuclear-power.html
Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country"s radioactivity alert network (RAR), which took place between March and June 2021. The act of sabotage is said to have disabled more than one-third of the sensors that are maintained by the Directorate-General for Civil Protection and Emergencies (DGPCE) and used to "

Autosummary: "


Kansas MSP shuts down cloud services to fend off cyberattack

ciber
2022-07-28 https://www.bleepingcomputer.com/news/security/kansas-msp-shuts-down-cloud-services-to-fend-off-cyberattack/
A US managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint, and CRM services. [...] "

Autosummary: MyAppsAnywhere services, which include Hosted GP, Hosted CRM, Hosted Exchange, and Hosted Sharepoint, will be offline until further notice. "


1 in 3 employees don’t understand why cybersecurity is important

ciber
2022-07-28 https://www.helpnetsecurity.com/2022/07/28/employees-dont-understand-why-cybersecurity-is-important/

According to a new Tessian report, 30% employees do not think they personally play a role in maintaining their company’s cybersecurity posture. What’s more, only 39% of employees say they’re very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams. When asked why, 42% of employees said they wouldn’t know if they had caused an incident in the first place, and 25% say they just don’t … More

The post 1 in 3 employees don’t understand why cybersecurity is important appeared first on Help Net Security.

"

Autosummary: What’s more, only 39% of employees say they’re very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams. "


Cybersecurity is becoming a top priority among critical infrastructure operators

ciber
2022-07-28 https://www.helpnetsecurity.com/2022/07/28/cybersecurity-critical-infrastructure-video/

Increased cyber threats and government directives have made cybersecurity a top priority among critical infrastructure organizations. This Help Net Security video highlights how leaders rethink their approach to cybersecurity for operations.

The post Cybersecurity is becoming a top priority among critical infrastructure operators appeared first on Help Net Security.

"

Autosummary: "


How SMBs are evolving their cybersecurity operations practices

ciber
2022-07-27 https://www.helpnetsecurity.com/2022/07/27/smb-cybersecurity-operations-practices/

While 81% of SMBs are monitored by a security operations center (SOC), 57% do not operate 24 hours a day, 7 days a week. Considering that 69% of SMBs feel they are facing critical and expanding cybersecurity threats and 75% say cyberattacks have increased in the past three years, the lack of 24/7 coverage continues to put SMBs at risk, according to a survey by Forrester and Pondurance. Cybercriminals and threat actors work around the … More

The post How SMBs are evolving their cybersecurity operations practices appeared first on Help Net Security.

"

Autosummary: By engaging the right security operations partners, respondents expect to see increased customer trust (49%), reduced risk (47%), increased revenue (45%), improved efficiencies (44%) and increased employee engagement (44%). "


Messaging Apps Tapped as Platform for Cybercriminal Activity

ciber
2022-07-27 https://threatpost.com/messaging-apps-cybercriminals/180303/
Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes. "

Autosummary: One stealer observed by Intel 471, known as Blitzed Grabber, uses Discord’s webhooks feature to deposit data lifted by the malware, including autofill data, bookmarks, browser cookies, VPN client credentials, payment card information, cryptocurrency wallets and passwords, researchers said.Once the malware infects a system, threat actors can swipe passwords, session cookies, login credentials and credit-card details from popular browsers– including Google Chrome, Chromium, Opera, Slimjet and Vivaldi–and then deposit that stolen info “into a Telegram channel of their choosing,” researchers said. "


Minimizing risk: Key cybersecurity-related M&A considerations

ciber
2022-07-25 https://www.helpnetsecurity.com/2022/07/25/cybersecurity-related-ma-considerations-video/

Global M&A hit new highs in 2021 reaching an eye-popping $5.1 trillion in total deal value, according to PwC. With economic headwinds leaving acquisition as the only viable exit, further consolidation in the market is inevitable. One thing that typically gets overlooked in that M&A frenzy, is the technical difficulties of inheriting digital assets of the acquired company and the cybersecurity risk that comes with it. In this Help Net Security video, Lenny Zeltser, CISO … More

The post Minimizing risk: Key cybersecurity-related M&A considerations appeared first on Help Net Security.

"

Autosummary: "


Siemens Energy joins AWS Partner Network to provide customers with industrial cybersecurity solutions

industry ciber
2022-07-22 https://www.helpnetsecurity.com/2022/07/23/siemens-energy-aws/

Siemens Energy announces it is joining the Amazon Web Services (AWS) Partner Network (APN), a global community of partners that leverage programs, expertise, and resources to build, market, and sell customer offerings. This expanded relationship includes listing Siemens Energy’s Managed Detection and Response (MDR) industrial cyber security solution in AWS Marketplace, a digital catalog that makes it easy for customers to find, compare, and immediately start using the software and services that run on AWS. … More

The post Siemens Energy joins AWS Partner Network to provide customers with industrial cybersecurity solutions appeared first on Help Net Security.

"

Autosummary: “The energy transition relies on seamlessly connecting physical assets with digital technologies to foster innovation, reduce emissions, and improve efficiency, but this future depends on strong cybersecurity across the whole supply chain,” said Leo Simonovich, Vice President and Global Head of Industrial Cyber, Siemens Energy. "


Cybercriminals targeting law enforcement agencies worldwide

ciber
2022-07-19 https://www.helpnetsecurity.com/2022/07/19/cybercriminals-targeting-law-enforcement-video/

Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies worldwide, has registered an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. This Help Net Security video highlights how cyber attacks affect law enforcement agencies worldwide.

The post Cybercriminals targeting law enforcement agencies worldwide appeared first on Help Net Security.

"

Autosummary: "


EU warns of Russian cyberattack spillover, escalation risks

ciber
2022-07-19 https://www.bleepingcomputer.com/news/security/eu-warns-of-russian-cyberattack-spillover-escalation-risks/
The Council of the European Union (EU) said today that Russian hackers and hacker groups increasingly attacking "essential" organizations worldwide could lead to spillover risks and potential escalation. [...] "

Autosummary: In related news, in July 2021, President Joe Biden warned that cyberattacks leading to severe security breaches could lead to a "real shooting war," a statement issued a month after NATO said that cyberattacks could be compared to "armed attacks" in some circumstances. "


Industrial cybersecurity leaders are making considerable headway

industry ciber
2022-07-18 https://www.helpnetsecurity.com/2022/07/18/industrial-cybersecurity-leaders-making-headway/

Increased cyber threats and government directives have made cybersecurity a top priority among critical infrastructure organizations. A zero trust security architecture is the gold standard for blocking and containing threats, but there’s been heavy skepticism around the practicality of implementing zero trust in operational technology (OT) environments with the mix of legacy and modern equipment. A study from Wakefield Research suggests that despite this skepticism, industrial cybersecurity leaders are making significant progress. The survey conducted … More

The post Industrial cybersecurity leaders are making considerable headway appeared first on Help Net Security.

"

Autosummary: Tactics for accelerating implementations include integrating zero trust into organizational culture (68%); incorporating Identify and Access Management (IAM) practices or tools (66%), while avoiding “rip and replace” of existing networks and systems; setting a formal process to define zero trust goals (60%); assessing weakness in existing OT security architecture (60%). "


SecurityScorecard partners with NACo to improve cybersecurity posture for U.S. county governments

government ciber
2022-07-18 https://www.helpnetsecurity.com/2022/07/18/securityscorecard-naco/

In its ongoing effort to improve the security posture of federal, state and local government agencies, SecurityScorecard announced a partnership with The National Association of Counties (NACo). Through this partnership, U.S. county governments will gain access to SecurityScorecard’s cybersecurity ratings platform to monitor and improve cybersecurity risk. NACo successfully piloted SecurityScorecard’s cybersecurity ratings platform, which involved 38 counties. SecurityScorecard’s platform is now available in the NACo County Tech Xchange, an online portal that connects more … More

The post SecurityScorecard partners with NACo to improve cybersecurity posture for U.S. county governments appeared first on Help Net Security.

"

Autosummary: "


A massive cyberattack hit Albania

ciber
2022-07-18 https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html

A synchronized criminal attack from abroad hit Albania over the weekend, all Albanian government systems shut down following the cyberattack. Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A synchronized criminal attack from abroad hit the servers of the National Agency for Information Society (AKSHI), which handles many […]

The post A massive cyberattack hit Albania appeared first on Security Affairs.

"

Autosummary: Most of the desk services for the population were interrupted, and only several important services, such as online tax filing, are still working because they are provided by servers not targeted in the attack. "


Conventional cybersecurity approaches are falling short

ciber
2022-07-14 https://www.helpnetsecurity.com/2022/07/14/conventional-cybersecurity-approaches/

Traditional security approaches that rely on reactive, detect-and-respond measures and tedious manual processes can’t keep pace with the volume, variety, and velocity of current threats, according to Skybox Security. As a result, 27% of all executives and 40% of CSOs say their organizations are not well prepared for today’s rapidly shifting threat landscape. A tipping point for conventional cybersecurity On average, organizations experienced 15% more cybersecurity incidents in 2021 than in 2020. In addition, “material … More

The post Conventional cybersecurity approaches are falling short appeared first on Help Net Security.

"

Autosummary: Looking more closely at the ingredients of a risk-based approach and the specific practices that distinguish risk-oriented organizations from their less proficient peers, the benchmark study found that risk-based leaders excelled in key areas beyond the NIST framework, including: Attack surface visibility and context Attack simulation Exposure analysis Risk scoring Vulnerability assessments Research (threat intelligence) Technology assessments and consolidation The business impact of successful risk-based security management — versus the old status-quo, detect-and-respond approach — is measured in this research. "


Smart factories need to prioritize their cybersecurity

ciber
2022-07-14 https://www.helpnetsecurity.com/2022/07/14/smart-factories-prioritize-cybersecurity-video/

51% of industrial organizations believe that the number of cyber attacks on smart factories is likely to increase over the next 12 months, according to the Capgemini Research Institute. Yet, 47% of manufacturers say cybersecurity in their smart factories is not a C-level concern. This Help Net Security video shows why smart factories need to prioritize their cybersecurity.

The post Smart factories need to prioritize their cybersecurity appeared first on Help Net Security.

"

Autosummary: "


Cyble partners with VirusTotal to protect customers’ digital assets from targeted cyberattacks

ciber
2022-07-14 https://www.helpnetsecurity.com/2022/07/15/cyble-virustotal/

Cyble announced that it is now a credible source in the list of key contributors to VirusTotal‘s risk analysis. Being a part of VT’s list of website/domain scanning engine contributors will allow Cyble to extend its threat research even beyond its client base and serve the entire cybersecurity fraternity at large. Owned by Chronicle – a subsidiary of Alphabet Inc. (Google), VirusTotal offers threat research insights and reputation data to foster the analysis of suspicious … More

The post Cyble partners with VirusTotal to protect customers’ digital assets from targeted cyberattacks appeared first on Help Net Security.

"

Autosummary: With proprietary threat hunting models based on a combination of big data, ML+AI, and state-of-the-art threat research, Cyble alerts its users with sufficient context to understand cyber risks and prioritize them through real-time alerts and meaningful threat intelligence. "


Collaboration and knowledge sharing key to progress in cybersecurity

ciber
2022-07-13 https://www.welivesecurity.com/2022/07/13/collaboration-knowledge-sharing-key-progress-cybersecurity/

In a world of ever-evolving cyberthreats, collaboration and knowledge exchange are vital for keeping an edge on attackers

The post Collaboration and knowledge sharing key to progress in cybersecurity appeared first on WeLiveSecurity

"

Autosummary: For example, disciplines such as threat intelligence process vast amounts of data to enhance security processes, platforms and open source development, using contributions and information provided by users, companies, government agencies, as well as efforts such as the MITRE ATT&CK framework, a knowledge bases that facilitates the exchange of information between organizations and researchers, and global conferences on cybersecurity that engage more and more people every year.Therefore, thinking of these new solutions from the security point of view will allow us to have more robust technology; as the human factor may not be removed, what we can do is minimize its impact,” adds Gutiérrez. "


Hackers impersonate cybersecurity firms in callback phishing attacks

financial ciber
2022-07-12 https://www.bleepingcomputer.com/news/security/hackers-impersonate-cybersecurity-firms-in-callback-phishing-attacks/
Hackers are impersonating well-known cybersecurity companies, such as CrowdStrike, in callback phishing emails to gain initial access to corporate networks. [...] "

Autosummary: However, over the past year, threat actors have increasingly used "callback" phishing campaigns that impersonate well-known companies requesting you call a number to resolve a problem, cancel a subscription renewal, or discuss another issue. "


Apple Lockdown Mode will protect users against highly targeted cyberattacks

ciber
2022-07-09 https://securityaffairs.co/wordpress/133065/mobile-2/apple-lockdown-mode.html

Apple plans to introduce a security feature, called Lockdown Mode, to protect its users against “highly targeted cyberattacks.” The recent wave of sophisticated attacks against Apple users (i.e. Pegasus, DevilsTongue, and Hermit) urged the tech giant to develop a new security feature, called Lockdown Mode, to protect its users against highly targeted cyberattacks. The new feature will be implemented in iOS 16, iPadOS […]

The post Apple Lockdown Mode will protect users against highly targeted cyberattacks appeared first on Security Affairs.

"

Autosummary: The recent wave of sophisticated attacks against Apple users (i.e. Pegasus, DevilsTongue, and Hermit) urged the tech giant to develop a new security feature, called Lockdown Mode, to protect its users against highly targeted cyberattacks. "


Cyberattacks against law enforcement are on the rise

ciber
2022-07-07 https://www.helpnetsecurity.com/2022/07/07/cyberattacks-against-law-enforcement-rise/

Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies worldwide, has registered an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Threat actors are hacking email and other accounts which belong to law enforcement officers and their internal systems. The emerging trend consists of threat actors sending fake subpoenas and EDR’s (Emergency Data Requests) to their victims from the hacked law enforcement email accounts. Using such capabilities, the … More

The post Cyberattacks against law enforcement are on the rise appeared first on Help Net Security.

"

Autosummary: The most typical scenarios involving attacks on law enforcement systems include: Protest activity (15%) Unauthorized access (25%) Cyberespionage (40%) Law enforcement systems and applications abuse (8%) Data theft (12%) Based on the published research, such malicious activity is especially visible in countries of Latin America, South-East Asia, and offshore jurisdictions. "


Online programming IDEs can be used to launch remote cyberattacks

ciber
2022-07-07 https://www.bleepingcomputer.com/news/security/online-programming-ides-can-be-used-to-launch-remote-cyberattacks/
Security researchers are warning that hackers can abuse online programming learning platforms to remotely launch cyberattacks, steal data, and scan for vulnerable devices, simply by using a web browser. [...] "

Autosummary: "In addition, in order to prevent individual malpractice, we have implemented a responsible disclosure policy and monitor our systems on an ongoing basis to mitigate risk" - DataCamp Abuse likely possible on other platforms Although Profero did not extend their research to other learning platforms, the researchers believe that DataCamp is not the only one that hackers could abuse. "


CISA and NPower offer free entry-level cybersecurity training

ciber
2022-07-06 https://www.helpnetsecurity.com/2022/07/06/free-cybersecurity-training-us/

NPower, a US-based non-profit participating in a cybersecurity workforce development program started by the Cybersecurity and Infrastructure Agency (CISA), is looking for recruits for a free cybersecurity training program aimed at underserved populations in the US, including women, people of color, young adults, and military veterans and their spouses. The program is part of CISA’s wider effort to address the cyber workforce shortage in the short and long term. We’ve asked Nelson Abbott, Senior Director … More

The post CISA and NPower offer free entry-level cybersecurity training appeared first on Help Net Security.

"

Autosummary: NPower, a US-based non-profit participating in a cybersecurity workforce development program started by the Cybersecurity and Infrastructure Agency (CISA), is looking for recruits for a free cybersecurity training program aimed at underserved populations in the US, including women, people of color, young adults, and military veterans and their spouses.Trainees gain an understanding of the basic theories of cybersecurity, as well as hands-on experience with many of the tools that are used by cyber professionals (Linux, NMap, Wireshark, Metasploit, Webgoat, FoxyProxy, etc). The program is offered nationally to candidates that reside in or near the regions we currently operate in: New York/New Jersey, Maryland, Michigan, Missouri, Texas and California. We’ve asked Nelson Abbott, Senior Director of Advanced Program Operations at NPower, and Chris Starling, a US Marine Corps veteran and Assistant VP at NPower California, to tell us more about it. "


Cyberattacks against law enforcement are on the rise

ciber
2022-07-06 https://securityaffairs.co/wordpress/132929/cyber-crime/cyberattacks-against-law-enforcement.html

Experts observed an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies worldwide, has registered an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Threat actors are hacking email and other accounts which belong […]

The post Cyberattacks against law enforcement are on the rise appeared first on Security Affairs.

"

Autosummary: The most typical scenarios involving attacks on law enforcement systems include: Protest Activity (15%) Unauthorized Access (25%) Cyberespionage (40%) Law Enforcement Systems and Applications Abuse (8%) Data Theft (12%) Based on the published research, such malicious activity is especially visible in countries of Latin America, South-East Asia, and offshore jurisdictions. "


Cybersecurity is driving digital transformation in alternative investment institutions

ciber
2022-07-05 https://www.helpnetsecurity.com/2022/07/05/cybersecurity-digital-transformation-alternative-investment-institutions/

As the alternative investment industry tackles a rapidly changing threat landscape, increased regulation, and a continuous need to innovate, most firms are increasing their DX and security budgets and cite security as critically important to their DX initiatives, according to IDC. Senior leaders from 400 global alternative investment institutions in U.S., Canada, France, U.K., and Germany were surveyed to understand the current state of digital transformation and cybersecurity, identify key barriers and benefits of an … More

The post Cybersecurity is driving digital transformation in alternative investment institutions appeared first on Help Net Security.

"

Autosummary: "


Latest Cyberattack Against Iran Part of Ongoing Campaign

ciber
2022-07-05 https://threatpost.com/cyberattack-iran-campaign/180122/
Iran"s steel manufacturing industry is victim to ongoing cyberattacks that previously impacted the country"s rail system. "

Autosummary: The overlaps in the code, combined with contextual clues and even recycled jokes, indicate that the same threat actor, dubbed Indra, is behind the attacks impacting Iran’s infrastructure. "


Iranian Fars News Agency claims cyberattack on a company involved in the construction of Tel Aviv metro

ciber
2022-07-05 https://securityaffairs.co/wordpress/132897/hacking/tel-aviv-metro-company-attacked.html

Iran’s Fars News Agency reported that a massive cyberattack hit operating systems and servers of the Tel Aviv Metro. Iran’s Fars News Agency reported on Monday that operating systems and servers of the Tel Aviv Metro were hit by a massive cyberattack. The rail system is still under construction and according to The Jerusalem Post, […]

The post Iranian Fars News Agency claims cyberattack on a company involved in the construction of Tel Aviv metro appeared first on Security Affairs.

"

Autosummary: "


Cyberattacks: A very real existential threat to organizations

ciber
2022-07-04 https://www.welivesecurity.com/2022/07/04/cyberattacks-real-existential-threat-organizations/

One in five organizations have teetered on the brink of insolvency after a cyberattack. Can your company keep hackers at bay?

The post Cyberattacks: A very real existential threat to organizations appeared first on WeLiveSecurity

"

Autosummary: Several best practices are highlighted, including the following: Formalize cybersecurity with clearly defined roles and board or senior management buy-in Ensure top execs have clear visibility into and engagement with cybersecurity Follow best practice standards such as the US National Institute of Standards and Technology (NIST) framework Spread investment over NIST’s five key functions – identify, protect, detect, respond and recover Focus on incident response planning and attack simulations in light of current geopolitical uncertainty Regularly assess corporate data and technology infrastructure Provide effective cybersecurity awareness training Ensure business suppliers and partners adhere to security requirements Focus on “low-hanging fruit” processes such as patching, pentesting and regular backups Taken together, these steps will help minimize the chances of an attack ultimately bankrupting the organization.According to the report, the main vectors for attack are: Cloud severs (41%) Business email (40%) Corporate servers (37%) Remote access servers (31%) Employee-owned mobile devices (29%) DDoS (26%) This chimes with the findings of other reports and the narrative that remote working, pandemic-related investments in cloud infrastructure and remote working security challenges are some of the biggest risks facing organizations today. "


Resecurity’s cybersecurity solutions now available in the Microsoft Azure marketplace

ciber
2022-07-02 https://www.helpnetsecurity.com/2022/07/02/resecurity-microsoft-azure/

Resecurity announced its award-winning cybersecurity threat intelligence and risk monitoring platform is now available on Microsoft’s Azure Marketplace. Microsoft’s Azure Marketplace is the most comprehensive marketplace on the planet, offering thousands of certified cloud applications and software to over four million active users and subscribers. With cyber-risk ranking as a top concern for CEOs and business owners, enterprises are looking for additional support to secure and manage the evolving cyber threatscape. More importantly, they’re looking … More

The post Resecurity’s cybersecurity solutions now available in the Microsoft Azure marketplace appeared first on Help Net Security.

"

Autosummary: Microsoft Azure users who integrate Resecurity into their cybersecurity strategy will benefit from: Around-the-clock security monitoring of your cloud workloads and enterprise ecosystem, In-depth risk evaluation of the entire enterprise ecosystem (Dark Web, Compromised Accounts, Data Leaks, Network Hygiene, Cloud Security, etc.), A scalable software solution that can monitor a digital footprint of any size (Domains, Network Ranges, Cloud-based Nodes), AI-powered threat intelligence that leverages Rescurity’s Dark Web intelligence repositories with over 3.4 billion records and cyber intelligence analysts deployed across all continents, Contextualized risk alerts and data-backed suggested actions to enable a proactive security strategy. "


NXM Autonomous Security platform protects space infrastructure and IoT devices from cyberattacks

industry ciber
2022-07-01 https://www.helpnetsecurity.com/2022/07/01/nxm-autonomous-security-platform/

NXM Labs unveiled its NXM Autonomous Security platform that prevents hackers from gaining unauthorized access to commercial, industrial, medical, or consumer internet of things (IoT) devices. Tested in collaboration with the Jet Propulsion Laboratory (JPL), California Institute of Technology (Caltech), NXM successfully demonstrated the ability of its technology to enable future Mars rovers to automatically defend themselves and recover from cyberattacks. Caltech manages JPL on behalf of the National Aeronautics and Space Administration (NASA). NXM’s … More

The post NXM Autonomous Security platform protects space infrastructure and IoT devices from cyberattacks appeared first on Help Net Security.

"

Autosummary: "


Korean cybersecurity agency released a free decryptor for Hive ransomware

exploits ransomware ciber
2022-06-30 https://securityaffairs.co/wordpress/132770/malware/hive-ransomware-decryptor.html

Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware, the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4. “The Korea Internet & Security Agency (KISA) is distributing […]

The post Korean cybersecurity agency released a free decryptor for Hive ransomware appeared first on Security Affairs.

"

Autosummary: The results of the tests demonstrated the efficiency of the method, the master key recovered 92% succeeded in decrypting approximately 72% of the files, while the master key restored 96% succeeded in decrypting approximately 82% of the files, and the master key restored 98% succeeded in decrypting approximately 98% of the files. "


Ukraine targeted by almost 800 cyberattacks since the war started

ciber
2022-06-30 https://www.bleepingcomputer.com/news/security/ukraine-targeted-by-almost-800-cyberattacks-since-the-war-started/
Ukrainian government and private sector organizations have been the target of 796 cyberattacks since the start of the war on February 24, 2022, when Russia invaded Ukraine. [...] "

Autosummary: The Microsoft Threat Intelligence Center (MSTIC) also observed threat groups linked to the GRU, SVR, and FSB Russian intelligence services (e.g., APT28, Sandworm, Gamaredon, EnergeticBear, Turla, DEV-0586, and UNC2452/2652) intensifying their attacks against Ukraine and its allies starting with March 2022. "


How to get Fortune 500 cybersecurity without the hefty price tag

ciber
2022-06-30 https://grahamcluley.com/feed-sponsor-solcyber-2/
Graham Cluley Security News is sponsored this week by the folks at SolCyber. Thanks to the great team there for their support! If the bad guys don’t discriminate when it comes to who they are attacking, how can your business settle for anything less than the very best security? SolCyber has brought to market a … Continue reading "How to get Fortune 500 cybersecurity without the hefty price tag" "

Autosummary: "


Skyhigh Security collaborates with Gotara to increase diversity in the cybersecurity sector

ciber
2022-06-30 https://www.helpnetsecurity.com/2022/07/01/skyhigh-security-gotara/

Skyhigh Security announced it has partnered with Gotara, a global career growth platform for women in STEM+. The program launched internally to Skyhigh Security employees this month and is a key element of the company’s leadership development program. Through the partnership, Gotara will offer personalized and confidential career advice and support guided by STAR Program advisors, designed to mentor and upskill individuals to create future leaders. Cybersecurity is currently a male-dominated field. According to a … More

The post Skyhigh Security collaborates with Gotara to increase diversity in the cybersecurity sector appeared first on Help Net Security.

"

Autosummary: “At Skyhigh Security, we are focused on anticipating the market and responding quickly to the ever-changing security landscape in a way that reduces complexity,” said Kristen Wynne, Head of People Success at Skyhigh Security. "


Carnival Cruises bruised by $6.25 million fine after series of cyberattacks

ciber
2022-06-28 https://www.bitdefender.com/blog/hotforsecurity/carnival-cruises-bruised-by-6-25-million-find-after-series-of-cyberattacks/
Carnival Cruises, the world"s largest travel leisure firm which operates over 100 ships for millions of vacationing customers, has been fined a total of $6.25 million following a series of security mishaps. Read more in my article on the Hot for Security blog. "

Autosummary: Details exposed included guests" names, addresses, social security numbers, passport or driving license details, credit card and financial account information, and health-related information. "


Cybersecurity Experts Warn of Emerging Threat of "Black Basta" Ransomware

exploits ransomware ciber
2022-06-27 https://thehackernews.com/2022/06/cybersecurity-experts-warn-of-emerging.html
The Black Basta ransomware-as-a-service (RaaS) syndicate has amassed nearly 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window. "Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, "

Autosummary: The top five sectors historically targeted by Conti have been manufacturing (14%), real estate (11.1%), logistics (8.2%), professional services (7.1%), and trade (5.5%), with the operators specifically singling out companies in the U.S. (58.4%), Canada (7%), the U.K. (6.6%), Germany (5.8%), France (3.9%), and Italy (3.1%). "


5 ways cybercriminals steal credit card details

ciber
2022-06-27 https://www.welivesecurity.com/2022/06/27/5-ways-cybercriminals-steal-credit-card-details/

Here are some of the most common ways hackers can get hold of other people’s credit card data – and how you can keep yours safe

The post 5 ways cybercriminals steal credit card details appeared first on WeLiveSecurity

"

Autosummary: At its simplest, it’s a con trick in which the hacker masquerades as a legitimate entity (e.g., a bank, an e-commerce provider, or a tech firm) to trick you into divulging your personal details, or unwittingly downloading malware. Install anti-malware, including anti-phishing protection, from a reputable security vendor on all laptops and other devices Use two-factor authentication on all sensitive accounts.Public Wi-Fi When you’re out and about it can be tempting to surf the web for free on public Wi-Fi hotspots – in airports, hotels, cafes, and other shared spaces.SMS phishing (smishing) more than doubled year-on-year in 2021, while voice phishing (vishing) also surged, according to one estimate. "


How to get Fortune 500 cybersecurity without the hefty price tag

ciber
2022-06-20 https://grahamcluley.com/feed-sponsor-solcyber/
Graham Cluley Security News is sponsored this week by the folks at SolCyber. Thanks to the great team there for their support! If the bad guys aren’t discriminating who they are attacking, how can your business settle for anything less than Fortune 500 level security? SolCyber has brought to market a new way to consume … Continue reading "How to get Fortune 500 cybersecurity without the hefty price tag" "

Autosummary: "


Cybersecurity awareness training: What is it and what works best?

ciber
2022-06-07 https://www.welivesecurity.com/2022/06/07/cybersecurity-awareness-training-what-is-it-what-works-best/

Give employees the knowledge needed to spot the warning signs of a cyberattack and to understand when they may be putting sensitive data at risk

The post Cybersecurity awareness training: What is it and what works best? appeared first on WeLiveSecurity

"

Autosummary: Among the areas to cover could be: Social engineering and phishing/vishing/smishing Accidental disclosure via email Web protection (safe searching and use of public Wi-Fi) Password best practices and multi-factor authentication Safe remote and home working How to spot insider threats Above all, bear in mind that lessons should be: Fun and gamified (think positive reinforcement rather than fear-based messages) Based around real-world simulation exercises Run continuously throughout the year in short lessons (10-15 minutes) Inclusive of every staff member including executives, part-timers and contractors Able to generate results which can be used to adjust programs to suit individual needs Tailored to suit different roles Once all this is decided, it’s important to find the right training provider. Ultimately, a serious security breach, whether resulting from third-party attack or an accidental data disclosure, could result in major financial and reputational damage. "


Cybersecurity: A global problem that requires a global answer

ciber
2022-05-27 https://www.welivesecurity.com/2022/05/27/cybersecurity-global-problem-requires-global-answer/

New and exacerbated cyber-risks following Russia’s invasion of Ukraine are fueling a new urgency towards enhancing resilience

The post Cybersecurity: A global problem that requires a global answer appeared first on WeLiveSecurity

"

Autosummary: In parallel, Garth suggests involving organizations such as the UN, OECD and groups like the G7, G20 dynamically, so that “the international community shines a spotlight on state cyberactivity, calling out and taking action where necessary against those that ignore established norms and cracking down on criminal groups and their ability to monetize their criminal endeavors … but also works together to enhance cyber-resilience across the globe, including in developing countries”. Getting everyone to work together is the real challenge Governments don’t have an easy job, maintaining legacy systems, tackling skills shortage, building cyberawareness in the workplace, managing an expanding attack surface area, integrating new technologies, and facing down sophisticated attacks.While its exact role and structure are still being decided, it is expected to have an operational character that ensures a better exchange of intelligence on cybersecurity threats among the Member States, the European Commission, ENISA, CERT-EU, and the private sector. "


Opportunity out of crisis: Tapping the Great Resignation to close the cybersecurity skills gap

ciber
2022-05-11 https://www.welivesecurity.com/2022/05/11/opportunity-crisis-tapping-great-resignation-cybersecurity-skills-gap/

What can organizations do to capitalize on the current fluidity in the job market in order to bring fresh cybersecurity talent into the fold?

The post Opportunity out of crisis: Tapping the Great Resignation to close the cybersecurity skills gap appeared first on WeLiveSecurity

"

Autosummary: Ten things spring to mind: Don’t focus just on accreditations, certifications and university degrees, but consider actual experience and appetite to learn Retrain those HR algorithms to ensure they’re not unduly filtering out potentially suitable candidates Change the hiring culture to one where there’s more focus on training candidates on the job Appeal to talent inside the organization in adjacent departments such as IT Reach out to talent outside the organization, in roles including mathematics, database management, and even former military operatives Offer improved support for single parents and mums returning to work after having a child.According to the (ISC)² report, the top consequences of staff shortages are: Misconfigured systems (32%) Not enough time for proper risk assessments (30%) Slow patching of critical systems (29%) Oversights in process and procedure (28%) There are ways to mitigate the shortfall in talent. "


Cybersecurity threats to critical infrastructure – Week in security with Tony Anscombe

ciber
2022-04-22 https://www.welivesecurity.com/videos/week-security-tony-anscombe-169/

As the Five Eyes nations warn of attacks against critical infrastructure, we look at the potentially cascading effects of such attacks and how essential systems and services can ramp up their defense

The post Cybersecurity threats to critical infrastructure – Week in security with Tony Anscombe appeared first on WeLiveSecurity

"

Autosummary: "


Critical infrastructure: Under cyberattack for longer than you might think

ciber
2022-04-21 https://www.welivesecurity.com/2022/04/21/critical-infrastructure-cyberattack-longer-think/

Lessons from history and recent attacks on critical infrastructure throw into sharp relief the need to better safeguard our essential systems and services

The post Critical infrastructure: Under cyberattack for longer than you might think appeared first on WeLiveSecurity

"

Autosummary: The first time the network of an entire country faced a cyberattack On the morning of April 27th 2007, like domino pieces Estonia’s government communications, banks, phone operators, media websites, ATM machines, and the website of Parliament, along with many other online services simply shut down. According to a 2021 study by Claroty that surveyed 1,000 IT and OT security professionals working in critical infrastructure in the US, the UK, Germany, France, and Australia, 65% indicated concern over attacks on critical infrastructure. Attackers used several well-known tactics, from ping floods, a type of denial-of-service (DoS) attack, to malformed web queries and email spam, most of them originating from outside Estonia. A few months after, on December 9th, the EU’s health regulator, the European Medicines Agency (EMA), revealed it had suffered a cyberattack.The group, however, is known to provide ransomware as a service to affiliates, and received a US$4.4 million ransom payment, half of which was later recovered by the FBI. "


Is your Lenovo laptop vulnerable to cyberattack?

ciber
2022-04-20 https://www.welivesecurity.com/videos/is-your-lenovo-laptop-vulnerable-cyberattack/

Here’s what to know about vulnerabilities in more than 100 Lenovo consumer laptop models and what you can do right away to stay safe – all in under three minutes

The post Is your Lenovo laptop vulnerable to cyberattack? appeared first on WeLiveSecurity

"

Autosummary: "