News

  • How XDR Helps Protect Critical Infrastructure
    on December 7, 2022

    Critical infrastructure is important for societal existence, growth, and development. Societies are reliant on the services provided by critical infrastructure sectors like telecommunication, energy, healthcare, transportation, and information technology. Safety and security are necessary for the optimal operation of these critical infrastructures. Critical infrastructure is made up of digital

  • Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities
    on December 7, 2022

    The China-linked nation-state hacking group referred to as Mustang Panda is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific. That's according to the BlackBerry Research and Intelligence Team, which analyzed a RAR archive file titled "Political Guidance for the new EU approach towards Russia.rar." Some of the targeted countries include

  • Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier
    on December 7, 2022

    A state-sponsored hacking group with links to Russia has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate U.S.-based military weapons and hardware supplier. Recorded Future attributed the new infrastructure to a threat activity group it tracks under the name TAG-53, and is broadly known by the cybersecurity community as Blue Callisto,

  • Microsoft Alerts Cryptocurrency Industry of Targeted Cyberattacks
    on December 7, 2022

    Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft's Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea's Lazarus Group. "DEV-0139 joined Telegram groups

  • Prepare for Future Security Career Challenges
    on December 7, 2022

    Building a strong, integrated security culture begins with connection at all levels of an organization.

  • New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network
    on December 7, 2022

    A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software. The botnet "contains several modules, including self-replication, attacks for different protocols, and self-propagation," Fortinet FortiGuard Labs researcher Cara Lin said. "It also

  • CISA's 2023 priorities include election security, corporate cyber risk
    on December 7, 2022 in Government, Policy, critical infrastructure, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Jen Easterly

    Director Jen Easterly said the agency's focus will include working with the C-suite, local officials and educators on key cyber issues. The post CISA's 2023 priorities include election security, corporate cyber risk appeared first on CyberScoop.

  • ChatGPT shows promise of using AI to write malware
    on December 6, 2022 in Research, Technology, artificial intelligence (AI), Cybersecurity, hacking

    Large language models pose a major cybersecurity risk, both from the vulnerabilities they risk introducing and the malware they could produce. The post ChatGPT shows promise of using AI to write malware appeared first on CyberScoop.

  • With OT attacks on rise, organizations weigh cybersecurity trends for 2023
    on December 6, 2022

    What are six operational technology (OT) cybersecurity trends to watch in 2023? 

  • Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks
    on December 6, 2022

    A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat (APT) group with ties to China. The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful exploitation of ProxyShell flaws in the Microsoft Exchange Server. Initial compromise leveraged binaries

  • Regulation won't fix internet routing security
    on December 6, 2022 in Commentary, Uncategorized, FCC, infrastructure, internet, policy, regulation

    A push for routing security regulation from U.S. agencies including the FCC won't result in the sort of safe digital ecosystem we all want. The post Regulation won't fix internet routing security appeared first on CyberScoop.

  • Iranian State Hackers Targeting Key Figures in Activism, Journalism, and Politics
    on December 6, 2022

    Hackers with ties to the Iranian government have been linked to an ongoing social engineering and credential phishing campaign directed against human rights activists, journalists, researchers, academics, diplomats, and politicians working in the Middle East. At least 20 individuals are believed to have been targeted, Human Rights Watch (HRW) said in a report published Monday, attributing the

  • Poor software costs the US 2.4 trillion
    on December 6, 2022

    Software quality issues may have cost the U.S. economy $2.41 trillion in 2022, according to Synopsys Inc. cybersecurity research.

  • Top 12 physical security, cybersecurity & risk management stories of 2022
    on December 6, 2022

    Get a special look at Security magazine's top 12 articles of 2022 — all of which cover thought leadership around physical security, cybersecurity, risk management & more. 

  • 5 video surveillance trends to watch in 2023
    on December 6, 2022

    The "2023 Trends in Video Surveillance" report from Eagle Eye Networks identifies five trends in security surveillance across parking, schools and more.

  • Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide
    on December 6, 2022

    Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that's designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own. "

  • Understanding NIST CSF to assess your organization's Ransomware readiness
    on December 6, 2022

    Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack the level of protective controls and staffing of larger organizations. According to a recent RSM survey, 62% of mid-market companies believe they are at risk of ransomware in the next 12

  • Telcom and BPO Companies Under Attack by SIM Swapping Hackers
    on December 6, 2022

    A persistent intrusion campaign has set its eyes on telecommunications and business process outsourcing (BPO) companies at lease since June 2022. "The end objective of this campaign appears to be to gain access to mobile carrier networks and, as evidenced in two investigations, perform SIM swapping activity," CrowdStrike researcher Tim Parisi said in an analysis published last week. The

  • Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware
    on December 6, 2022

    A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its "weak architecture and programming." Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground, and was instead offered for free by an actor named CYBERDEVILZ until recently through a GitHub repository. The source code and

  • DHS secretary says US faces 'a new kind of warfare'
    on December 5, 2022 in Government, Policy, Alejandro Mayorkas, critical infrastructure, Department of Homeland Security (DHS)

    DHS Secretary Alejandro Mayorkas said in a speech that the convergence of international and national threats is unprecedented. The post DHS secretary says US faces 'a new kind of warfare' appeared first on CyberScoop.

  • Drone-based security patrols: Mitigate the "human factor"
    on December 5, 2022

    Drone patrols can boost facility security through increased surveillance coverage, data analytics and bolstering human security officer teams.

  • Jason Loomis named Chief Information Security Officer at Freshworks
    on December 5, 2022

    Jason Loomis has joined Freshworks Inc. as Chief Information Security Officer.

  • New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers
    on December 5, 2022

    Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers. "The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking),"

  • Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware
    on December 5, 2022

    A new data wiper malware called CryWiper has been found targeting Russian government agencies, including mayor's offices and courts. "Although it disguises itself as a ransomware and extorts money from the victim for 'decrypting' data, [it] does not actually encrypt, but purposefully destroys data in the affected system," Kaspersky researchers Fedor Sinitsyn and Janis Zinchenko said in a

  • When Being Attractive Gets Risky - How Does Your Attack Surface Look to an Attacker?
    on December 5, 2022

    In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization's assets, or in other words, the external attack surface. This dramatically increases the need to define an exposure management strategy. To keep up with business

  • SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars
    on December 5, 2022

    Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle's vehicle identification number (VIN), researcher Sam Curry said in a 

  • North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps
    on December 5, 2022

    The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. "This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents,"

  • Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
    on December 5, 2022

    The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. "

  • The nonlinear path to a sustainable security culture
    on December 5, 2022

    Building a strong, integrated security culture begins with connection at all levels of an organization.

  • Designing security for long-term success
    on December 5, 2022

    Advanced Data Risk Management (ADRM) updated the security posture of One Post Office Square, a Boston multi-tenant smart building, during a renovation.

  • Endpoint detection & response and its cybersecurity benefits
    on December 5, 2022

    What are the four major cybersecurity capabilities endpoint detection and response (EDR) solutions provide?

  • Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
    on December 3, 2022

    Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion

  • Tackling retail cybersecurity threats with human-centric behavioral change
    on December 2, 2022

    What are some steps organizations can implement to better protect their employees from falling victims to cyberattacks?

  • Shifting left isn't always right
    on December 2, 2022

    True DevSecOps requires shifting both left and right, testing in both staging and production environments continuously in real-time.

  • Let's get ethical: Data privacy as an ethical business practice
    on December 2, 2022

    Creating ethical business practices that focus on data privacy enable organizations to use data responsibly, build customer trust, and meet data protection compliance requirements.

  • Shift left: Beyond the cybersecurity buzzword
    on December 2, 2022

    Shift left is one of the most popular terms within modern cybersecurity. As a result, the core objective and best approach to shift left has become unclear. 

  • WAF is woefully insufficient in today’s container-based applications: Here’s why
    on December 2, 2022

    In a world where successful exploits may be inevitable, relying on a perimeter WAF for application security leaves entire environments vulnerable unless adequate security tools and policies are implemented.

  • DHS Cyber Safety Review Board to focus on Lapsus$ hackers
    on December 2, 2022 in Cybercrime, Government, Policy, Threats, Cybersecurity Review Board, Department of Homeland Security (DHS), Lapsus$, log4j

    DHS officials said Lapsus$ is the perfect target for the next CSRB report and described the hacking group's hacks as "ongoing." The post DHS Cyber Safety Review Board to focus on Lapsus$ hackers appeared first on CyberScoop.

  • Hackers Sign Android Malware Apps with Compromised Platform Certificates
    on December 2, 2022

    Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. "A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report filed through the

  • CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs
    on December 2, 2022

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server