Blog - Cyber Security Informer

The Most Popular Data Insider Blogs of 2020

Digital Guardian

JANUARY 25, 2021

SOX compliance, preventing social engineering attacks, and data classification. In this blog, we count down the most read blogs of 2020.

Social Engineering

Social Engineering Engineering

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I've been directly involved in the discovery or disclosure of a heap of these and indeed, security is normally the thing I most commonly write about. I can't blame this on the teddy bears themselves, rather the fact that the MongoDB holding all the collected data was left publicly facing without a password.

IoT

IoT Firmware Risk Manufacturing

Rising volume of email fatigue opens doors for Cybercriminals

CyberSecurity Insiders

NOVEMBER 29, 2021

This blog was written by an independent guest blogger. In fact, one of the most worrying types of DAF for security professionals is email fatigue. In fact, one of the most worrying types of DAF for security professionals is email fatigue. Unfortunately, this is when we are the most vulnerable to hackers.

Phishing

Phishing Healthcare Data breaches Cyber Attacks

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Thales joins Google’s 5G Mobile Edge Cloud initiative

CyberSecurity Insiders

FEBRUARY 12, 2021

In March 2020, Google Cloud unveiled its telecom operator strategy called Global Mobile Edge Cloud (GMEC), aimed at helping Communications Service Providers (CSPs) digitally transform and harness the full potential of 5G. Data analytics. Data protection. With 5G , more applications and data are moving closer to end customers.

Mobile

Mobile Digital transformation Architecture Technology

Post-Quantum Cryptography: Lessons Learned from SHA-1 Deprecation

Security Boulevard

JULY 21, 2022

Since 2020, chosen-prefix attacks against SHA-1 are feasible. The results of our analysis clearly show that, while the most popular websites have done a good job of migrating away from SHA-1 certificates, a significant portion of the Internet continues to rely on them,” said Walter Goulet, a cloud solutions product manager at Venafi, in 2017.

Encryption

Encryption Authentication Architecture Backups

3 reasons even Chromebook™ devices benefit from added security

Webroot

OCTOBER 25, 2021

The respected technology blog TechRadar has even referred to 2021 as “the year of the Chromebook.”. Even strong security can’t prevent an account from being hacked if account credentials are stolen in a phishing attack, one of the most common causes of identity theft. But many types of malware aren’t immediately obvious.

Identity Theft

Identity Theft Spyware Phishing Antivirus

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel

SecureList

DECEMBER 14, 2021

While looking for potentially malicious implants that targeted Microsoft Exchange servers, we identified a suspicious binary that had been submitted to a multiscanner service in late 2020. The malicious module was most likely compiled between late 2020 and April 2021. Geography of Owowa targets.

Authentication

Authentication Encryption Accountability Passwords

FBI warns of ransomware gang – What you need to know about the OnePercent group

CyberSecurity Insiders

OCTOBER 14, 2021

This blog was written by an independent guest blogger. The FBI recently published a warning stating that ransomware gang OnePercent Group has been attacking companies in the US since November 2020. If the ransom is not paid, then the OnePercent threatens to leak 1% of their data. RaaS has gained a lot of popularity.

Social Engineering

Social Engineering Ransomware Engineering Phishing

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

CyberSecurity Insiders

NOVEMBER 11, 2021

According to a recent Intezer post, the Go programming language has dramatically increased in its popularity among malware authors in the last few years. In addition, Mirai uses a “XOR table” to hold its strings and other data, as well as to decrypt them when needed — this is not the case for the new malware using Go.

Malware

Malware IoT Firmware Authentication

How to Apply the Lessons of 2019 to the Security of 2020

McAfee

DECEMBER 23, 2019

It comes as no surprise that financial services, insurance, and healthcare were popular targets, given their proximity to sensitive, easily-monetizable data. Application misconfigurations were responsible for two of 2019’s most prominent data breaches. Lack of Appropriate Authentication/Credentials for Sensitive Data.

Healthcare

Healthcare Insurance Artificial Intelligence Authentication

Here are 11 of the best technology podcasts you should listen to

CyberSecurity Insiders

JUNE 30, 2023

Given this is a technology blog, we wanted to share some of the best tech-related podcasts out there right now. In Machines We Trust – Launched in August 2020, this is one of the world’s most popular podcasts focused on artificial intelligence, and the impact it is having on our lives. Let us know in the comments below.

Technology

Technology Artificial Intelligence Digital transformation Cybersecurity

CVE-2020-15359: VDALabs Uses Mayhem To Find MP3Gain Stack Overflow

ForAllSecure

SEPTEMBER 4, 2020

Researchers from VDA Labs used ForAllSecure Mayhem to discover a stack overflow ( CVE-2020-15359 ) in a popular open source sound utility, MP3Gain. In this blog, we will cover: 1) VDA Labs. 2) Finding CVE-2020-15359. Finding CVE-2020-15359 Through Fuzzing. 3) Setting up Mayhem. 4) What was found. 5) Verification.

IoT

IoT Technology

CVE-2020-15359: VDALabs Uses Mayhem To Find MP3Gain Stack Overflow

ForAllSecure

SEPTEMBER 3, 2020

Researchers from VDA Labs used ForAllSecure Mayhem to discover a stack overflow ( CVE-2020-15359 ) in a popular open source sound utility, MP3Gain. In this blog, we will cover: 1) VDA Labs. 2) Finding CVE-2020-15359. Finding CVE-2020-15359 Through Fuzzing. 3) Setting up Mayhem. 4) What was found. 5) Verification.

IoT

CVE-2020-15359: VDALabs Uses Mayhem To Find MP3Gain Stack Overflow

ForAllSecure

SEPTEMBER 3, 2020

Researchers from VDA Labs used ForAllSecure Mayhem to discover a stack overflow ( CVE-2020-15359 ) in a popular open source sound utility, MP3Gain. In this blog, we will cover: 1) VDA Labs. 2) Finding CVE-2020-15359. Finding CVE-2020-15359 Through Fuzzing. 3) Setting up Mayhem. 4) What was found. 5) Verification.

IoT

The Analyst Prompt #16: Monero’s Hard Fork Enhances Privacy and May Make It More Attractive to Cybercriminals

Security Boulevard

AUGUST 25, 2022

5] EclecticIQ analysts assess that Bitcoin will remain the most popular currency used by cybercriminals [6] , but that savvy criminals will switch to Monero and other Anonymity Enhanced Cryptocurrency (AEC). It would not prevent the release of stolen data. Structured Data. TAXII v1 Discovery services: [link]. 23, 2022).

DDOS

DDOS Cryptocurrency Ransomware Technology

Technical Analysis of Xloader’s Code Obfuscation in Version 4.3

Security Boulevard

MARCH 30, 2023

Key Points Xloader is a popular information stealing malware family that is the successor to Formbook. In early 2020, Formbook was rebranded as Xloader and the threat actors moved to a malware-as-a-service (MaaS) business model, renting C2 infrastructure to customers. In early 2020, the malware was rebranded as Xloader.

Encryption

Encryption Malware

Spam and phishing in 2022

SecureList

FEBRUARY 16, 2023

The bait included the most awaited and talked-about releases: the new season of Stranger Things, the new Batman movie, and the Oscar nominees. Scammers were betting on the finals typically being the most popular stage of the competition, tickets to which are often hard to get.

Phishing

Phishing Scams Accountability Energy and Utilities

A Closer Look at the LAPSUS$ Data Extortion Group

Krebs on Security

MARCH 23, 2022

Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$ , a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. In a blog post published Mar. ” LAPSUS$ leader Oklaqq a.k.a.

Social Engineering

Social Engineering Accountability Mobile Passwords

I'm Open Sourcing the Have I Been Pwned Code Base

Troy Hunt

AUGUST 7, 2020

The single most important objective of that process was to seek a more sustainable future for HIBP and that desire hasn't changed; the project cannot be solely dependent on me. Open sourcing the code base is the most obvious way to do this. As soon as it got popular, I wrote about how I optimised it for performance.

Passwords

Passwords Architecture Data breaches Internet

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Taylor Monahan is founder and CEO of MetaMask , a popular software cryptocurrency wallet used to interact with the Ethereum blockchain.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Drawing the RedLine – Insider Threats in Cybersecurity

Security Boulevard

MARCH 31, 2022

Let’s not mince words: passwords are difficult for most organizations to manage. What Is an Insider Threat? Insider threats are some of the most dangerous and effective threats, primarily because they cannot be eliminated as risks. can become insider threats. Data collection from FTP clients, IM clients.

Cybersecurity

Cybersecurity Social Engineering Passwords Malware

How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates

McAfee

SEPTEMBER 9, 2021

Recruitment posting for REvil from 2020. Moreover, the popular cybercrime forums have banned ransomware actors from advertising since the Colonial Pipeline attack. Let’s make it clear that we don’t do anything without a reason, so at the end of the day, it’s us who will benefit most from this contest. Hello, friends!

Marketing

Marketing Ransomware Cybercrime Accountability

Turning every Android device into a trusted companion

CyberSecurity Insiders

MAY 24, 2021

In this blog, I am joined by my colleagues Stéphane Quetglas, Marketing Director, Embedded Products and Jean-François Rubon, Strategy and Partnership, as well as Sudhi Herle, Head of Android TM Platform Security at Google, to discuss the latest innovation in embedded secure element (eSE). Could you explain the recent announcement about eSE?

Mobile

Mobile Marketing Manufacturing Encryption

Commenting on the SANS Threat Intelligence Summit 2021 Presentations – An Analysis and Practical Recommendations

Security Boulevard

SEPTEMBER 20, 2021

The collection phrase can be best described as the process of obtaining processing and analyzing actionable threat intelligence for the purpose of processing and disseminating the processed data.

Cybercrime

Cybercrime Cyber Attacks Security Defenses Cyber threats

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

Troy Hunt

NOVEMBER 23, 2020

For the most part, the IoT devices in my home simply take their IP address from the DHCP server and I never think about it again. Disclosure: I bought every piece of equipment in that original blog post. pic.twitter.com/PE3eVLseFY — Troy Hunt (@troyhunt) November 24, 2020 Turns out it was my daughter Elle's Amazon Echo Dot.

Firmware

Firmware IoT Wireless Manufacturing

Uncovering new techniques and phishing attack trends from the cloud

Security Boulevard

APRIL 20, 2022

In this annual report, ThreatLabz offers deep insights on the current phishing threat landscape from a full year’s worth of phishing data from the world’s largest security cloud. Retail and wholesale moved from the fifth-most phished industry category all the way to first, ahead of last year’s most phished industry, manufacturing.

Phishing

Phishing Retail Risk Architecture

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

CyberSecurity Insiders

MARCH 5, 2021

On December 13 2020, multiple vendors such as FireEye and Microsoft reported emerging threats from a nation-state threat actor who compromised SolarWinds, and trojanized SolarWinds Orion business software updates in order to distribute backdoor malware called SUNBURST. Universities) were affected most by the SUNBURST backdoor attack.

DNS

DNS Education Malware Telecommunications

How Ransomware attacks leverage unprotected RDPs and what you can do about it

Thales Cloud Protection & Licensing

OCTOBER 28, 2020

Thu, 10/29/2020 - 05:17. As mentioned in my colleague Charles Goldberg’s blog post earlier this year, “ Stop Ransomware in its Tracks with Strong Data Security ,” ransomware attacks targeting enterprises in a variety of sectors have skyrocketed during the first half of 2020. However, this is not correct.

Ransomware

Ransomware Authentication Passwords Social Engineering

‘A lot of late nights’: Zoom’s compliance chief reflects on the year that was the pandemic

SC Magazine

MARCH 19, 2021

On April 30, 2020, roughly one month after the world essentially shut down, Zoom joined the NASDAQ-100 stock index – among a small pool of tech companies deemed able to keep businesses and individuals alike connected amid the pandemic. What are you most proud of in terms of the evolution that emerged during the last year for Zoom?

Advertising

Advertising Education Media Encryption

Detecting and Preventing Insider Threats in the Cloud

McAfee

SEPTEMBER 19, 2019

Organizations are less worried about unauthorized consumer cloud applications and are more concerned about the security of sensitive data in strategic enterprise cloud services. Cybersecurity incidents involving sensitive data in the cloud can be less frequent, but more damaging. Securing Data with McAfee.

Threat Detection

Threat Detection Accountability Risk Data breaches

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

ForAllSecure

AUGUST 27, 2020

They’re all examples of ubiquitous data serialization and transmission standards, making them great targets for testing with fuzzing. While fuzzing has found many bugs in these kinds of targets, they all have requirements for structure in order for data to be considered “valid.”

Technology

Technology Software

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

ForAllSecure

AUGUST 25, 2020

They’re all examples of ubiquitous data serialization and transmission standards, making them great targets for testing with fuzzing. While fuzzing has found many bugs in these kinds of targets, they all have requirements for structure in order for data to be considered “valid.”

Software

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

ForAllSecure

AUGUST 25, 2020

They’re all examples of ubiquitous data serialization and transmission standards, making them great targets for testing with fuzzing. While fuzzing has found many bugs in these kinds of targets, they all have requirements for structure in order for data to be considered “valid.”

Software

RM3 – Curiosities of the wildest banking malware

Fox IT

MAY 4, 2021

In this post we provide some history, analysis and observations on this most pernicious family of banking malware targeting Oceania, the UK, Germany and Italy. Although most variants were only short-lived – they either disappeared or were taken down by law enforcement – a few have had greater staying power.

Banking

Banking Malware Encryption Architecture

Cyber Security Informer

The Most Popular Data Insider Blogs of 2020

IoT Unravelled Part 3: Security

Webinars

Trending Sources

Rising volume of email fatigue opens doors for Cybercriminals

Webinars

Thales joins Google’s 5G Mobile Edge Cloud initiative

Post-Quantum Cryptography: Lessons Learned from SHA-1 Deprecation

3 reasons even Chromebook™ devices benefit from added security

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel

FBI warns of ransomware gang – What you need to know about the OnePercent group

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

How to Apply the Lessons of 2019 to the Security of 2020

Here are 11 of the best technology podcasts you should listen to

CVE-2020-15359: VDALabs Uses Mayhem To Find MP3Gain Stack Overflow

CVE-2020-15359: VDALabs Uses Mayhem To Find MP3Gain Stack Overflow

CVE-2020-15359: VDALabs Uses Mayhem To Find MP3Gain Stack Overflow

The Analyst Prompt #16: Monero’s Hard Fork Enhances Privacy and May Make It More Attractive to Cybercriminals

Technical Analysis of Xloader’s Code Obfuscation in Version 4.3

Spam and phishing in 2022

A Closer Look at the LAPSUS$ Data Extortion Group

I'm Open Sourcing the Have I Been Pwned Code Base

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Drawing the RedLine – Insider Threats in Cybersecurity

How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates

Turning every Android device into a trusted companion

Commenting on the SANS Threat Intelligence Summit 2021 Presentations – An Analysis and Practical Recommendations

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

Uncovering new techniques and phishing attack trends from the cloud

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

How Ransomware attacks leverage unprotected RDPs and what you can do about it

‘A lot of late nights’: Zoom’s compliance chief reflects on the year that was the pandemic

Detecting and Preventing Insider Threats in the Cloud

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

RM3 – Curiosities of the wildest banking malware

Stay Connected