Article, CSO and Hacking - Cyber Security Informer

CSO's ultimate guide to security and privacy laws, regulations, and compliance

CSO Magazine

JANUARY 28, 2021

CSO's ultimate guide to security and privacy laws, regulations, and compliance Security and privacy laws, regulations, and compliance: The complete guide This directory includes laws, regulations and industry guidelines with significant security and privacy impact and requirements. To read this article in full, please click here

CSO

CSO Financial Services Consumer Protection Data privacy

The Microsoft Exchange Server hack: A timeline

CSO Magazine

MAY 6, 2021

Related reading: 9 tips to detect and prevent web shell attacks on Windows networks | Sign up for CSO newsletters. ]. On the same day, Microsoft announced they suspected the attacks were carried out by a previously unidentified Chinese hacking group they dubbed Hafnium. To read this article in full, please click here

Hacking

Hacking CSO Accountability Malware

FBI cleans web shells from hacked Exchange servers in rare active defense move

CSO Magazine

APRIL 16, 2021

In a move that has been described as unprecedented, the FBI obtained a court order that allowed it to remove a backdoor program from hundreds of private Microsoft Exchange servers that were hacked through zero-day vulnerabilities earlier this year. Sign up for CSO newsletters. ]. Sign up for CSO newsletters. ].

Hacking

Hacking CSO Cyber threats Cybersecurity

What happened to the Lapsus$ hackers?

CSO Magazine

AUGUST 11, 2022

[Editor's note: This article originally appeared on the CSO Germany website on July 29.] Claire Tills, senior research engineer at Tenable, describes the methods of the hacking group Lapsus$ as bold, illogical and poorly thought out. To read this article in full, please click here

CSO

CSO Engineering Ransomware Hacking

Chinese cyberespionage group hacks US organizations with Exchange zero-day flaws

CSO Magazine

MARCH 3, 2021

Sign up for CSO newsletters. ]. To read this article in full, please click here The flaws allow the extraction of mailbox contents and the installation of backdoors on vulnerable servers. Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan.

CSO

CSO Hacking Education Internet

Uber CISO's trial underscores the importance of truth, transparency, and trust

CSO Magazine

MAY 19, 2022

Case in point: A federal judge recently ordered Uber Technologies to work with its former CSO, Joseph Sullivan (who held the position from April 2015 to November 2017), and review a plethora of Uber documents that Sullivan has requested in unredacted form for use in his defense in the upcoming criminal trial.

CISO

CISO CSO Data breaches Media

Social engineering: Definition, examples, and techniques

CSO Magazine

FEBRUARY 7, 2022

Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data. Get the latest from CSO by signing up for our newsletters. ] Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here

Social Engineering

Social Engineering Engineering CSO Passwords

Hacking 2FA: 5 basic attack methods explained

CSO Magazine

JUNE 3, 2021

As Roger Grimes wrote in this article about two-factor hacks three years ago, when MFA is done well it can be effective, but when IT managers take shortcuts it can be a disaster. To read this article in full, please click here (Insider Story) Indeed, according to a survey conducted by Microsoft last year, 99.9%

Hacking

Hacking Accountability Authentication

APT29 targets Active Directory Federation Services with stealthy backdoor

CSO Magazine

SEPTEMBER 30, 2021

Sign up for CSO newsletters ! ]. The group is considered the hacking arm of Russia's foreign intelligence service, the SVR and is known for its high level of sophistication and stealth. To read this article in full, please click here How well do you know these 9 types of malware and how to recognize them.

CSO

CSO Malware Government Software

Atomic Wallet hack leads to at least $35M in stolen crypto assets

CSO Magazine

JUNE 5, 2023

A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT, an independent on-chain investigator known for tracing stolen crypto funds and assisting with hacked projects. To read this article in full, please click here

Hacking

Hacking Accountability

Ryuk ransomware explained: A targeted, devastatingly effective attack

CSO Magazine

MARCH 19, 2021

The group behind the malware is known for using manual hacking techniques and open-source tools to move laterally through private networks and gain administrative access to as many systems as possible before initiating the file encryption. Get the latest from CSO by signing up for our newsletters. ]

Ransomware

Ransomware CSO Encryption Government

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

CSO Magazine

APRIL 20, 2021

Sign up for CSO newsletters. ]. To read this article in full, please click here Some of the flaws date from 2019 and 2020, but one was unknown until this month. Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need.

VPN

VPN CSO Hacking Authentication

Guilty verdict in the Uber breach case makes personal liability real for CISOs

CSO Magazine

OCTOBER 6, 2022

Yesterday, a federal jury handed down a guilty verdict to Joe Sullivan, the former CSO on charges of “obstruction of the proceedings of the Federal Trade Commission and misprision of felony in connection with the attempted cover-up of a 2016 hack at Uber” according to a notice published by the Department of Justice (DOJ).

CSO

CSO CISO Data breaches Hacking

8 IT security disasters: Lessons from cautionary examples

CSO Magazine

MARCH 21, 2022

We've assembled eight truly disastrous IT security failures over the past decade, with the goal of finding not just clever hacks, but real mistakes on the part of the victims. Sign up for CSO newsletters. ]. To read this article in full, please click here 2012: Court Ventures gets social-engineered.

Social Engineering

Social Engineering CSO Engineering Data breaches

Iran’s nuclear energy agency confirms email server hacked

CSO Magazine

OCTOBER 24, 2022

The Atomic Energy Organization of Iran on Sunday confirmed that an email server at its Bushehr Nuclear Power Plant was hacked. The organization blamed a foreign country, but an Iranian hacking group that goes by the name Black Reward has claimed responsibility for the breach. To read this article in full, please click here

Hacking

Hacking Media

SolarWinds attacker Nobelium targets over 150 companies in new mass email campaign

CSO Magazine

MAY 28, 2021

The Russian hacking group behind the supply chain attack that poisoned software updates for the SolarWinds Orion platform has been perfecting its email-based attacks over the past few months to plant backdoors inside organizations. Sign up for CSO newsletters. ]. Sign up for CSO newsletters. ].

CSO

CSO Government Marketing Hacking

How to hack a phone: 7 common attack methods explained

CSO Magazine

NOVEMBER 2, 2021

7 ways to hack a phone. To read this article in full, please click here We spoke to a number of security experts to help you get a sense of the most common ways attackers might go about breaking into the powerful computers in your users’ pockets. This should hopefully give you perspective on potential vulnerabilities. Malvertising.

Social Engineering

Social Engineering Hacking Engineering Malware

What is ethical hacking? Getting paid to break into computers

CSO Magazine

MARCH 29, 2022

Ethical hacking, also known as penetration testing , is legally breaking into computers and devices to test an organization's defenses. From the penetration tester's point of view, there is no downside: If you hack in past the current defenses, you’ve given the client a chance to close the hole before an attacker discovers it.

Hacking

Hacking Penetration Testing Technology

Hacked home computer of engineer led to second LastPass data breach

CSO Magazine

FEBRUARY 28, 2023

To read this article in full, please click here The threat actor involved in the breaches infected the engineer's home computer with a keylogger , which recorded information that enabled a cyberattack that exfiltrated sensitive information from the company's AWS cloud storage servers, LastPass said in a cybersecurity incident update Monday.

Data breaches

Data breaches Engineering Password Management Hacking

Cash App customer investment data hacked

CSO Magazine

APRIL 5, 2022

To read this article in full, please click here The reports didn’t contain Cash App usernames or passwords, and the company said that Social Security numbers, birthdays, payment card info and most other types of personally identifiable information weren’t accessed.

Hacking

Hacking Data breaches Passwords Accountability

Police charge UK teenagers in relation to LAPSUS$ hacking group investigation

CSO Magazine

APRIL 1, 2022

Two teenagers from the UK have been charged by police over hacking offenses in relation to an international investigation into the LAPSUS$ group. In a statement , Detective Inspector Michael O’Sullivan, City of London Police, said: “The City of London Police has been conducting an investigation into members of a hacking group.

Hacking

Hacking Data breaches Authentication Software

CREST partners with Immersive Labs, Hack The Box to enhance cybersecurity skills development

CSO Magazine

MAY 10, 2022

The second is a collaboration with cybersecurity training and upskilling platform Hack The Box to assist the development of offensive security capabilities. To read this article in full, please click here Both will help CREST members prepare for CREST examinations, the company said.

Hacking

Hacking Cybersecurity Information Security

Karakurt data thieves linked to larger Conti hacking group

CSO Magazine

APRIL 15, 2022

An analysis of the cryptocurrency wallets tied to the Karakurt hacker group, combined with their particular methodology for data theft, suggests that the group's membership overlaps with two other prominent hacking crews, according to an analysis published by cybersecurity firm Tetra Defense. To read this article in full, please click here

Hacking

Hacking Cryptocurrency Ransomware Cybersecurity

GoDaddy connects a slew of past attacks to a multiyear hacking campaign

CSO Magazine

FEBRUARY 20, 2023

To read this article in full, please click here “Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,” the filing added.

Hacking

Hacking Malware

Skyrocketing cryptocurrency bug bounties expected to lure top hacking talent

CSO Magazine

FEBRUARY 17, 2022

To read this article in full, please click here February started with the second-largest decentralize finance (DeFi) theft to date when a hacker exploited a token exchange bridge in Wormhole to steal $320 million worth of Ethereum.

Cryptocurrency

Cryptocurrency Hacking

3CX hack highlights risk of cascading software supply-chain compromises

CSO Magazine

APRIL 21, 2023

To read this article in full, please click here "The identified software supply chain compromise is the first we are aware of which has led to a cascading software supply chain compromise," incident responders from cybersecurity firm Mandiant, who was contracted to investigate the incident, said in a report Thursday. "It

Software

Software Risk Hacking Cybersecurity

Rash of hacktivism incidents accompany Russia’s invasion of Ukraine

CSO Magazine

MARCH 1, 2022

Cyber Partisans of Belarus claim train hacks. Another hacktivist group known as AgainstTheWest claims to have hacked a steady stream of Russian websites and corporations, including Russian Government contractor promen48.ru, Presumed hacktivists hacked Russian EV charging stations. AgainstTheWest targeted Russian interests.

DDOS

DDOS Media Hacking CSO

Hackers behind 3CX breach also breached US critical infrastructure

CSO Magazine

APRIL 24, 2023

The hacking group responsible for the supply-chain attack targeting VoIP company 3CX also breached two critical infrastructure organizations in the energy sector and two financial trading organizations using the trojanized X_TRADER application, according to a report by Symantec. To read this article in full, please click here

Hacking

500 million WhatsApp mobile numbers up for sale on the dark web

CSO Magazine

NOVEMBER 28, 2022

hacking community forum. On the hacking community forum, the user is listed as “Agency123456.” On the hacking community forum, the user is listed as “Agency123456.” To read this article in full, please click here A database of 487 million WhatsApp users’ mobile numbers has been put up for sale on the Breached.vc

Mobile

Mobile Hacking

BrandPost: Don’t Bore the Board: 5 CISO Hacks for Highly Effective Presentations

CSO Magazine

APRIL 6, 2022

To read this article in full, please click here One corporate director confided that he paid less attention to the technical aspects of the CISO’s presentation, and instead scrutinized his CISO’s demeanor during presentations to obtain a gut-feel sense of the CISO’s confidence in his own ability to manage security risks.

CISO

CISO Hacking Risk

Iran cyberespionage group taps SimpleHelp for persistence on victim devices

CSO Magazine

APRIL 21, 2023

Iranian APT hacking group MuddyWater has been observed using SimpleHelp, a legitimate remote device control and management tool, to ensure persistence on victim devices. To read this article in full, please click here

Hacking

Cisco admits hack on IT network, links attacker to LAPSUS$ threat group

CSO Magazine

AUGUST 11, 2022

To read this article in full, please click here It also said that it has taken the decision to publicly announce the incident now as it was previously actively collecting information about the bad actor to help protect the security community.

Hacking

Hacking Accountability Cybersecurity

Biden administration, US allies condemn China's malicious hacking, espionage actions

CSO Magazine

JULY 20, 2021

To read this article in full, please click here

Hacking

Hacking Ransomware

Collective resilience: Why CISOs are embracing a new culture of openness

CSO Magazine

JANUARY 18, 2022

Security exec Chad Kliewer had heard the initial reports of the SolarWinds attack as news about it broke in December 2020, sympathetic to those companies first named as victims of the hack. To read this article in full, please click here (Insider Story)

CISO

CISO Hacking

Cyberwar's global players—it's not always Russia or China

CSO Magazine

NOVEMBER 18, 2021

Consequently, the SolarWinds spyware infiltration , the Microsoft Exchange hack , and ransomware attacks launched by criminal gangs harbored by the Kremlin dominate headlines and drive nation-state cybersecurity responses. To read this article in full, please click here

Spyware

Spyware Ransomware Hacking Cybersecurity

Nebulon time jumps ransomware recovery through smart-infra hack

CSO Magazine

MARCH 29, 2022

To read this article in full, please click here Conventional ranswomware recovery techniques , including those provided by 3-tier and hyper-converged infrastructure (HCI) vendors, typically involve taking snapshots of customer data and using them for recovery.

Ransomware

Ransomware Hacking

Know thy enemy: thinking like a hacker can boost cybersecurity strategy

CSO Magazine

NOVEMBER 22, 2022

That could mean placing decoys and lures that exploit their expectations for what an attacker will find when they first hack into an environment, she says. To read this article in full, please click here As group leader for Cyber Adversary Engagement at MITRE Corp.,

Cybersecurity

Cybersecurity Hacking

TikTok denies breach after hackers claim billions of user records stolen

CSO Magazine

SEPTEMBER 6, 2022

TikTok is denying claims that a hacking group has breached an Alibaba cloud database containing 2.05 The hacking group, which goes by the name AgainstTheWest, on Friday posted screenshots—which they say were taken from the hacked database—on a hacking forum. To read this article in full, please click here

Hacking

The SolarWinds hack timeline: Who knew what, and when?

CSO Magazine

APRIL 5, 2021

To read this article in full, please click here

Hacking

Hacking Software Risk

The 10 most dangerous cyber threat actors

CSO Magazine

MAY 24, 2021

When hacking began many decades ago, it was mostly the work of enthusiasts fueled by their passion for learning everything they could about computers and networks. To read this article in full, please click here (Insider Story)

Cyber threats

Cyber threats Hacking

BrandPost: TCP Floods Are Again the Leading DDoS Attack Vector

CSO Magazine

JANUARY 9, 2023

One of my favorite things to watch on the attention-sucking platform of TikTok or YouTube Shorts are life hacks. Life hacks are supposed to make tasks easier or more efficient to accomplish but, in many cases are simply more complicated. To read this article in full, please click here

DDOS

DDOS Retail Hacking Government

D&O insurance not yet a priority despite criminal trial of Uber’s former CISO

CSO Magazine

SEPTEMBER 22, 2022

Sullivan is charged with trying to conceal from federal investigators the details of a 2016 hack at Uber that exposed the email addresses and phone numbers of 57 million drivers and passengers. To read this article in full, please click here

CISO

CISO Insurance Hacking Cybersecurity

9 tips for an effective ransomware negotiation

CSO Magazine

NOVEMBER 24, 2021

Concepts were presented by Pepijn Hack and Zong-Yu Wu at Black Hat Europe 2021 and expanded upon in a detailed NCC Group blog posting shortly after. These are: To read this article in full, please click here

Ransomware

Ransomware Hacking Cybersecurity

Who's who in the cybercriminal underground

CSO Magazine

MARCH 14, 2022

We are at a point in time when cybercriminals including ransomware gangs have established themselves as organized, illicit businesses rather than a one-person hacking operation. To read this article in full, please click here The increased success of ransomware gangs , extortion groups, and DDoS attackers is by no means accidental.

DDOS

DDOS Ransomware Hacking

CSO's ultimate guide to security and privacy laws, regulations, and compliance

The Microsoft Exchange Server hack: A timeline

Trending Sources

FBI cleans web shells from hacked Exchange servers in rare active defense move

What happened to the Lapsus$ hackers?

Chinese cyberespionage group hacks US organizations with Exchange zero-day flaws

Uber CISO's trial underscores the importance of truth, transparency, and trust

Social engineering: Definition, examples, and techniques

Hacking 2FA: 5 basic attack methods explained

APT29 targets Active Directory Federation Services with stealthy backdoor

Atomic Wallet hack leads to at least $35M in stolen crypto assets

Ryuk ransomware explained: A targeted, devastatingly effective attack

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

Guilty verdict in the Uber breach case makes personal liability real for CISOs

8 IT security disasters: Lessons from cautionary examples

Iran’s nuclear energy agency confirms email server hacked

SolarWinds attacker Nobelium targets over 150 companies in new mass email campaign

How to hack a phone: 7 common attack methods explained

What is ethical hacking? Getting paid to break into computers

Hacked home computer of engineer led to second LastPass data breach

Cash App customer investment data hacked

Police charge UK teenagers in relation to LAPSUS$ hacking group investigation

CREST partners with Immersive Labs, Hack The Box to enhance cybersecurity skills development

Karakurt data thieves linked to larger Conti hacking group

GoDaddy connects a slew of past attacks to a multiyear hacking campaign

Skyrocketing cryptocurrency bug bounties expected to lure top hacking talent

3CX hack highlights risk of cascading software supply-chain compromises

Rash of hacktivism incidents accompany Russia’s invasion of Ukraine

Hackers behind 3CX breach also breached US critical infrastructure

500 million WhatsApp mobile numbers up for sale on the dark web

BrandPost: Don’t Bore the Board: 5 CISO Hacks for Highly Effective Presentations

Iran cyberespionage group taps SimpleHelp for persistence on victim devices

Cisco admits hack on IT network, links attacker to LAPSUS$ threat group

Biden administration, US allies condemn China's malicious hacking, espionage actions

Collective resilience: Why CISOs are embracing a new culture of openness

Cyberwar's global players—it's not always Russia or China

Nebulon time jumps ransomware recovery through smart-infra hack

Know thy enemy: thinking like a hacker can boost cybersecurity strategy

TikTok denies breach after hackers claim billions of user records stolen

The SolarWinds hack timeline: Who knew what, and when?

The 10 most dangerous cyber threat actors

BrandPost: TCP Floods Are Again the Leading DDoS Attack Vector

D&O insurance not yet a priority despite criminal trial of Uber’s former CISO

9 tips for an effective ransomware negotiation

Who's who in the cybercriminal underground

Stay Connected