Blog - Cyber Security Informer

T-Mobile Investigating Claims of Massive Data Breach

Krebs on Security

AUGUST 16, 2021

On Sunday, Vice.com broke the news that someone was selling data on 100 million people, and that the data came from T-Mobile. On Sunday, Vice.com broke the news that someone was selling data on 100 million people, and that the data came from T-Mobile. A sales thread tied to the allegedly stolen T-Mobile customer data.

Mobile

Mobile Data breaches Accountability Wireless

Assessing the state of mobile application security through the lens of COVID-19

Security Boulevard

APRIL 20, 2021

Are today’s mobile apps secure or do they offer opportunities for attackers? Learn about the state of mobile application security in our new report. The post Assessing the state of mobile application security through the lens of COVID-19 appeared first on Software Integrity Blog.

Mobile

Mobile Software

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Krebs on Security

NOVEMBER 28, 2022

A recent scoop by Reuters revealed that mobile apps for the U.S. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. “Pushwoosh Inc.

Mobile

Mobile Malware Technology Government

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

The 5 C’s of Audit Reporting

Centraleyes

MARCH 12, 2024

What is a Security Audit? In cybersecurity, audit management involves assessing the effectiveness of security measures, identifying vulnerabilities, and ensuring compliance with industry standards and regulations. At its core, an audit systematically examines an organization’s processes, controls, and practices.

Risk

Risk Cybersecurity Government Firewall

Rapid7 found a bypass for the recently patched actively exploited Ivanti EPMM bug

Security Affairs

AUGUST 3, 2023

Researchers discovered a bypass for a recently fixed actively exploited vulnerability in Ivanti Endpoint Manager Mobile (EPMM). Rapid7 cybersecurity researchers have discovered a bypass for the recently patched actively exploited vulnerability in Ivanti Endpoint Manager Mobile (EPMM). and below). .” and below of the product.”

Mobile

Mobile Authentication Internet Internet

GUEST ESSAY: The case for using augmented reality (AR) and virtual reality (VR) to boost training

The Last Watchdog

JANUARY 9, 2024

Common examples of AR applications include the Pokemon Go mobile game and Snapchat filters. Organizations conduct these sessions to bring participants up to speed on the cybersecurity threat landscape and develop their knowledge of best practices to secure sensitive data, assess risk levels, and report incidents.

Technology

Technology Cybersecurity Risk Mobile

Updating Software: Learn the Importance of Keeping Up-to-Date With the Latest Software Version and Patches

Duo's Security Blog

OCTOBER 25, 2023

It’s the idea that you need to secure the people and devices that connect to your network from cyberattacks so your organization can continue to move forward. Securing the people, your workforce, has to do with identity and verifying users are who they say they are before they’re allowed to access network applications and resources.

Software

Software Mobile Malware Risk

Researchers Find 3,200 Apps Exposing Twitter API Keys, Cite ‘BOT Army’ Threat

Security Boulevard

AUGUST 3, 2022

The vulnerability in mobile applications often is the result of an error on the part of the developer, the report said. While developing a mobile application, developers use the Twitter API for testing. While doing so, they save the credentials within the mobile application. based provider of API security.

Mobile

Mobile Authentication Accountability Identity Theft

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

” reads the report published by the Google TAG. According to the Fog of War report published by Google TAG, FROZENBARENTS shows sophisticated offensive capabilities, including credential phishing, mobile activity, malware, external exploitation of services, and beyond. ” continues the report.

Phishing

Phishing Education Accountability Telecommunications

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. The goal of this activity is assessed to be gaining access to the emails of military, government, and diplomatic organizations across Europe involved in the Russia Ukrainian War.”

Phishing

Phishing Spyware Government Passwords

3 Steps to Prevent a Case of Compromised Credentials

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. Delays in identifying, assessing, and notifying breaches make it more challenging to prevent harm. From the OAIC Notifiable Data Breaches Report 2.

Authentication

Authentication Passwords Data breaches Phishing

Security Roundup April 2024

BH Consulting

APRIL 18, 2024

Emerging security threats and trends Who doesn’t enjoy some future-gazing? Two new reports have highlighted emerging trends for now and into the near future. Second on the list, up from tenth last year, is the skill shortage in security workforces. The executive summary is here , and the full report is free at this link.

Artificial Intelligence

Artificial Intelligence CISO Cybersecurity Data breaches

Chinese threat actors extract big data and sell it on the dark web

SC Magazine

APRIL 19, 2021

Researchers on Monday reported that cybercriminals are taking advantage of China’s push to become a leader in big data by extracting legitimate big data sources and selling the stolen data on the Chinese-language dark web. The data allegedly originated from big data sources of the two most popular mobile network operators in China.

Big data

Big data Data collection Mobile Risk

NetSPI’s View on the 2023 Gartner® Competitive Landscape: External Attack Surface Management Report

NetSpi Executives

MARCH 5, 2024

The technology creates a comprehensive view of a company’s external assets by mapping the internet-facing attack surface to provide better insight into changes and where to focus the attention of security teams. See what NetSPI ASM can do for your security by watching an on-demand demo of NetSPI’s solution.

Penetration Testing

Penetration Testing Technology Marketing Mobile

Verified Duo Push Makes MFA More Secure

Duo's Security Blog

AUGUST 25, 2022

As a security focused organization, Duo Security is committed to giving our customers the best available tools to address their security concerns. So we listened when customers pointed out the weaknesses in the Duo Push – the notification Duo Mobile users approve when they want to log into protected accounts.

Authentication

Authentication Mobile VPN Threat Detection

McAfee Enterprise Continues to be a Leader in CASB and Cloud Security

McAfee

NOVEMBER 22, 2021

Cloud Security Gateways (CSGs) are one of the hottest and most sought-after technologies in the market today, driven by the adoption of cloud services for business transformation and the acceptance of hybrid workforce policies.

Digital transformation

Digital transformation Data collection Technology Mobile

Increasing Your Business’s Cyber Threat Intelligence

SiteLock

AUGUST 27, 2021

diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography. With more consumers and B2B enterprises conducting business in the cyber world, security threats are an increasing concern. Incident response reports. Independent vendor research. Independent vendor research.

Cyber threats

Cyber threats Mobile B2B Threat Detection

How Encryption Became the Board’s New Best Friend

Thales Cloud Protection & Licensing

MAY 7, 2019

In recent years, we’ve seen a sharp rise in reporting and analysis of data breaches – arguably both a stimulant and a symptom of cyber-security taking its place on the board agenda. And while the rise in reporting is positive, it highlights the chasm between recognition of the problem and application of sufficient solutions.

Encryption

Encryption Digital transformation Cyber threats Risk

The Complete Guide to Securing Your Software Development Lifecycle

Security Boulevard

JANUARY 18, 2022

How to improve the security of your application with strong DevSecOps. The unfortunate reality is this: application security is in an abysmal state. The balance of power is overwhelmingly tipped in the favor of threat actors when most apps are vulnerable and many businesses cannot acquire security experts. Photo by ????

Software

Software Technology Penetration Testing Mobile

Mobile malware analysis for the BBC

Pen Test Partners

JANUARY 1, 2024

This is a version of our report, with all sensitive information removed. This is discussed later in the report. This information could later be used to gain access to the victim’s account as data such as a mother’s maiden name is a common security question used to verify a user’s identity.

Mobile

Mobile Malware Banking Accountability

Does Apple’s Recent Security Flaw Make You Feel Vulnerable? Enter Duo Device Trust

Duo's Security Blog

AUGUST 31, 2022

Recently, several Apple security vulnerabilities made headlines. So for security teams, having a resource like Duo Device Trust can make all the difference. Time to remediation is critical In an ideal world, everyone in your organization will install the new update before the cybercriminals can take advantage of the security flaw.

Mobile

Mobile Data breaches Software Authentication

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The challenge of the moment is that many companies already have their hands full trying to improve their security posture as they migrate their legacy, on premises, IT systems to the cloud. The operating systems of home IoT devices today typically get shipped with minimal logon security. This is a sign of IoT attacks to come.

IoT

IoT Healthcare Internet Internet

Understanding the Key Updates in NIST Cybersecurity Framework 2.0

Centraleyes

MARCH 18, 2024

This function covers the following outcomes: platform security (i.e., This function’s outcomes include reporting, communication, analysis, mitigation, and incident management. Click Here More Roads Lead to NIST In the new version, NIST created a suite of resources to help all organizations achieve their security goals.

Cybersecurity

Cybersecurity Government Risk Technology

How to Make Multi-Factor Authentication Even More Secure

Duo's Security Blog

MARCH 2, 2022

Here’s how bad actors are circumventing MFA protection, and 11 ways Duo can help you strengthen your security posture beyond standard MFA. Key Controls and Features You Should Consider Implement Domain Security Features First and foremost, utilize Duo’s Allowed Hostnames feature to mitigate abuse of the Traditional Duo Prompt.

Authentication

Authentication Phishing DNS Passwords

The Biggest Blocker to Open Banking Success? Slow, Risky Data

Security Boulevard

JUNE 16, 2021

Consumers have come to expect fast, accessible, convenient payments using online and mobile platforms, and traditional banking is falling to the wayside in favor of open banking. Open banking is the practice of enabling secure interoperability while maintaining the principles of customer centricity, security, and trust.

Banking

Banking Marketing Financial Services Retail

Penetration Testing: What is it?

NetSpi Executives

APRIL 27, 2024

How penetration testing is done How to choose a penetration testing company How NetSPI can help Penetration testing enables IT security teams to demonstrate and improve security in networks, applications, the cloud, hosts, and physical locations. Penetration testing reveals an organization’s security weaknesses.

Penetration Testing

Penetration Testing Social Engineering Software Wireless

GUEST ESSAY: Why rigorous vulnerability management is crucial to protecting critical systems

The Last Watchdog

MARCH 7, 2022

As companies accelerate their reliance on agile software development, cloud-hosted IT infrastructure and mobile applications, vulnerability management (VM) has an increasingly vital security role to play. A VM solution should make it easy for IT and security teams to understand their VM posture at any time. •It

Data breaches

Data breaches Mobile Risk Cyber Risk

CIS 20 Controls: Utilizing CIS 20 Critical Controls for Vulnerability Prioritization

NopSec

JULY 18, 2017

CIS 20 Security Controls represent one of the reference frameworks of the most critical controls an organization can implement to establish a well balanced security program to safeguard confidentiality, integrity and availability of information. With that in mind, in this blog post we’re covering 13 out of the 20 controls.

Wireless

Wireless Penetration Testing Software Authentication

Lazarus targets defense industry with ThreatNeedle

SecureList

FEBRUARY 25, 2021

Google TAG has recently published a post about a campaign by Lazarus targeting security researchers. We previously observed the Lazarus group utilizing this cluster when attacking cryptocurrency businesses and a mobile game company. We’ve observed numerous activities by this notorious APT group targeting various industries.

Malware

Malware Phishing Passwords Encryption

SANS Critical Control 20: SANS Penetration Testing and Red Team Exercises

NopSec

SEPTEMBER 4, 2013

As we have reached the end of this blog post series on SANS 20 Critical Controls, this one is definitely one of my favorites and the one where NopSec can add a lot of value. Penetration tests typically provide a deeper analysis of security flaws than a vulnerability assessment. since 2008.

Penetration Testing

Penetration Testing Social Engineering Wireless Engineering

The Pitfalls of Consolidating Identity Security With Identity Management Solutions

Duo's Security Blog

MARCH 21, 2024

CIO magazine reported that 95% of IT executives polled plan to consolidate software solutions due to “architecture consolidation” and “cost.” When it comes to securing identities, the stakes are high; Cisco Talos reported in February that three of the top five MITRE ATT@CK techniques used in 2023 were identity-based.

Software

Software Authentication Engineering Artificial Intelligence

Facebook warns of a new information-stealing malware dubbed NodeStealer

Security Affairs

MAY 4, 2023

” continues the report. ” continues the report. “The stolen information then enables the threat actor to assess and then use users’ advertising accounts to run unauthorized ads.” The malware looks for a Facebook session cookie and will only continue if one is found.”

Malware

Malware Accountability Advertising Education

The Argument for Security Being a Priority, Not a Feature

Duo's Security Blog

APRIL 9, 2024

Negative Outcomes of Using Security Functionality From IT Tools Instead of Dedicated Security Controls Vendor consolidation is gaining momentum in the IT space. CIO magazine reported that 95% of IT executives polled plan to consolidate software solutions due to “architecture consolidation” and “cost.”

Software

Software Authentication Engineering Artificial Intelligence

2024 Duo Trusted Access Report: 5 Key Findings for MSPs to Strengthen Security

Duo's Security Blog

FEBRUARY 16, 2024

For managed service providers (MSPs), navigating the ever-evolving landscape of access security can be a daunting task. With complex identity stacks and a constant influx of new devices and endpoints, ensuring secure access across your clients' infrastructure requires comprehensive data-driven insights.

Authentication

Authentication Accountability Risk Mobile

APT annual review 2021

SecureList

NOVEMBER 30, 2021

The report, called Pegasus Project , alleged that the software uses a variety of exploits, including several iOS zero-click zero-days. Based on forensic analysis of numerous mobile devices, Amnesty International’s Security Lab found that the software was repeatedly used in an abusive manner for surveillance.

Malware

Malware Mobile Spyware Surveillance

Who Wants to Support My Work Commercially?

Security Boulevard

JANUARY 25, 2022

Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran – Free Research Report. Astalavista Security Newsletter - 2003-2006 - Full Offline Reading Copy. Cybercriminals Impersonate Legitimate Security Researcher Launch a Typosquatting C&C Server Campaign – WhoisXML API Analysis.

Cybercrime

Cybercrime Hacking Scams Ransomware

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Security Affairs

APRIL 12, 2023

Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. ” reads the report published by Citizen Lab. REIGN is a suite of exploits, malware, and infrastructure designed to exfiltrate data from mobile devices.”

Spyware

Spyware Surveillance Government Malware

Intro to phishing: simulating attacks to build resiliency

Security Affairs

APRIL 21, 2023

Phishing-borne threats IBM’s 2022 Data Breach report highlighted how effective phishing-based attacks have become, being the second leading cause of cybersecurity incidents globally, by using a sample instance that affected hundreds of international entities.

Phishing

Phishing Social Engineering Security Awareness Passwords

Understanding the New PCI DSS 4.0 Requirements

Duo's Security Blog

AUGUST 1, 2022

The Payment Card Industry Data Security Standard (PCI DSS) recently updated their standards from PCI DSS 3.2.1 for companies to implement security that works security framework. The new requirement is best practice until March 31, 2025, after which it will be required and must be fully considered during a PCI DSS assessment.

Authentication

Authentication Passwords Accountability VPN

How to protect your business from supply chain attacks

Malwarebytes

FEBRUARY 1, 2023

When American store Target found a Trojan designed to steal card details on its POS (point-of-sale) systems in 2013, no one expected that the route into its secure environment was its heating, ventilation, and air conditioning (HVAC) supplier, Fazio Mechanical Services. What is a supply chain attack?

Software

Software Risk Backups Technology

Strengthen Security: Duo SSO Integration with the KnowBe4 Security Awareness Training Platform

Duo's Security Blog

OCTOBER 31, 2023

In today's digital landscape, organizations seek to bolster security and mitigate phishing due to the growing cyber security threats. Cisco Duo has partnered with KnowBe4, a leader in security awareness training, by integrating our Single Sign-On (SSO) product with the KnowBe4 Security Awareness Training platform.

Security Awareness

Security Awareness Authentication Phishing Passwords

APT trends report Q1 2021

SecureList

APRIL 27, 2021

The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. In parallel, Volexity also reported the same Exchange zero-days being in use in early 2021. Hopefully, further analysis will make things clearer.

Malware

Malware Spyware Government Social Engineering

Black Hat USA 2022: Creating Hacker Summer Camp

Cisco Security

AUGUST 29, 2022

In part one of this issue of our Black Hat USA NOC (Network Operations Center) blog, you will find: Adapt and Overcome. Port Security, by Ryan MacLennan, Ian Redden and Paul Fiddler. I am proud of the Cisco Meraki and Secure team members and our NOC partners. Building the Hacker Summer Camp network, by Evan Basta. Full stop.

Engineering

Engineering Wireless Malware DNS

Hamas-linked threat actors target high-profile Israeli individuals

Security Affairs

APRIL 8, 2022

.” Once established contact with the victims and gained their trust, the threat actors o suggests migrating the conversation to WhatsApp to obtain the target’s mobile number. ” concludes the report. The post Hamas-linked threat actors target high-profile Israeli individuals appeared first on Security Affairs.

Social Engineering

Social Engineering Engineering Malware Accountability

T-Mobile Investigating Claims of Massive Data Breach

Assessing the state of mobile application security through the lens of COVID-19

Webinars

Trending Sources

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Webinars

The 5 C’s of Audit Reporting

Rapid7 found a bypass for the recently patched actively exploited Ivanti EPMM bug

GUEST ESSAY: The case for using augmented reality (AR) and virtual reality (VR) to boost training

Updating Software: Learn the Importance of Keeping Up-to-Date With the Latest Software Version and Patches

Researchers Find 3,200 Apps Exposing Twitter API Keys, Cite ‘BOT Army’ Threat

Google TAG warns of Russia-linked APT groups targeting Ukraine

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

3 Steps to Prevent a Case of Compromised Credentials

Security Roundup April 2024

Chinese threat actors extract big data and sell it on the dark web

NetSPI’s View on the 2023 Gartner® Competitive Landscape: External Attack Surface Management Report

Verified Duo Push Makes MFA More Secure

McAfee Enterprise Continues to be a Leader in CASB and Cloud Security

Increasing Your Business’s Cyber Threat Intelligence

How Encryption Became the Board’s New Best Friend

The Complete Guide to Securing Your Software Development Lifecycle

Mobile malware analysis for the BBC

Does Apple’s Recent Security Flaw Make You Feel Vulnerable? Enter Duo Device Trust

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

Understanding the Key Updates in NIST Cybersecurity Framework 2.0

How to Make Multi-Factor Authentication Even More Secure

The Biggest Blocker to Open Banking Success? Slow, Risky Data

Penetration Testing: What is it?

GUEST ESSAY: Why rigorous vulnerability management is crucial to protecting critical systems

CIS 20 Controls: Utilizing CIS 20 Critical Controls for Vulnerability Prioritization

Lazarus targets defense industry with ThreatNeedle

SANS Critical Control 20: SANS Penetration Testing and Red Team Exercises

The Pitfalls of Consolidating Identity Security With Identity Management Solutions

Facebook warns of a new information-stealing malware dubbed NodeStealer

The Argument for Security Being a Priority, Not a Feature

2024 Duo Trusted Access Report: 5 Key Findings for MSPs to Strengthen Security

APT annual review 2021

Who Wants to Support My Work Commercially?

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Intro to phishing: simulating attacks to build resiliency

Understanding the New PCI DSS 4.0 Requirements

How to protect your business from supply chain attacks

Strengthen Security: Duo SSO Integration with the KnowBe4 Security Awareness Training Platform

APT trends report Q1 2021

Black Hat USA 2022: Creating Hacker Summer Camp

Hamas-linked threat actors target high-profile Israeli individuals

Stay Connected