Wed.Jun 22, 2022

Symbiote Backdoor in Linux

Schneier on Security

Interesting : What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines.

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

Authorities in the United States, Germany, the Netherlands and the U.K.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Be you in the (cyber) workplace

Jane Frankland

At The Source, my new venture for women in cyber and businesses who value them, we have a saying, “Be you in the workplace.” ” And although that should be easy to do, sometimes it’s not.

Q&A: The lesser role VPNs now play for enterprises, SMBs — in a post-pandemic world

The Last Watchdog

During the first two decades of this century, virtual private networks —VPNs—served as a cornerstone of network security. Related: Deploying human sensors. VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe. This worked extremely well for users accessing network resources remotely via their company-issued laptops and immobile home computers.

VPN 129

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

Researchers Uncover Ways to Break the Encryption of 'MEGA' Cloud Storage Service

The Hacker News

A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data.

Microsoft 365 Users in US Face Raging Spate of Attacks

Dark Reading

A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes

More Trending

Machine Learning Tackles Ransomware Attacks

Security Boulevard

There are approximately 250 known ransomware families, and these families are directly related to the rise of ransomware-as-a-service, according to Bitdefender.

Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign

Dark Reading

Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine

105
105

Per Mar Security remains resilient as threats evolve

Cisco CSR

As an early adopter of Cisco Secure Endpoint , Per Mar Security Services has seen the product evolve alongside the threat landscape. According to Dan Turner , CIO at Per Mar, the evolution of the Cisco security portfolio has helped the company remain cyber resilient during the pandemic and beyond.

Retail 104

Risk Disconnect in the Cloud

Dark Reading

New Cloud Security Alliance (CSA) and Google Cloud study shows many enterprises struggle to measure and manage risk in their cloud workloads

Risk 105

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Cyber Attack propels false Rocket Attack alarms in Israel

CyberSecurity Insiders

On Sunday last week, many cities in Israel buzzed with false alarms about rocket attacks, creating panic among the populace. The alarms were intensive and were triggering once in every 3 hours, making authorities and citizens in cities like Katamon, Hakerem, and Beit worrisome.

Gartner reveals 8 cybersecurity predictions for the next 4 years

Tech Republic Security

The cybersecurity company went into great detail on some of the sweeping cybersecurity changes anticipated over the next four years. The post Gartner reveals 8 cybersecurity predictions for the next 4 years appeared first on TechRepublic. Security

Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign

The Hacker News

A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that two malware domains identified as hosting credit card skimmer code — "scanalytic[.]org" org" and "js.staticounter[.]net"

Why Digital ID Should be On the Vacation Checklist

CyberSecurity Insiders

Vacation season is officially upon us, and after Covid-19 kept most of the world grounded for the best part of two years, airports and airlines are in for one of the busiest summers on record. .

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Europol Busts Phishing Gang Responsible for Millions in Losses

The Hacker News

Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities.

Scams 95

GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar

Dark Reading

We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures

Why organizations are keen on zero trust but are slow to adopt it

Tech Republic Security

Most organizations surveyed by Banyan Security consider zero trust a priority, but many see it as difficult and expensive to implement. The post Why organizations are keen on zero trust but are slow to adopt it appeared first on TechRepublic. CXO Security implementing zero trust zero trust

131
131

Magecart attacks are still around but are more difficult to detect

Security Affairs

Researchers from Malwarebytes warns that the Magecart skimming campaign is active, but the attacks are more covert. Magecart threat actors have switched most of their operations server-side to avoid detection of security firms.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Microsoft uses AI to tackle Ransomware Attacks

CyberSecurity Insiders

As ransomware attacks are ever-evolving, they are hard to detect with human intelligence. So, Microsoft issued a press statement on Tuesday confirming the use of Artificial Intelligence (AI) technology to tackle ransomware attacks.

Hyperautomation and the Future of Cybersecurity

eSecurity Planet

Next-gen AI systems are now baked into just about every category of software—but Gartner believes we can automate even further. For the last few years, Gartner has predicted that hyperautomation would become a global, if not necessary, business trend.

Tips to stay safe from online banking frauds

CyberSecurity Insiders

Because of Covid-19 lockdowns, the banking world across the globe has switched to the online banking plan. For all the basic needs, people need not visit the bank premises on a physical note. As they can opt for online banking services, to quench all their account needs.

Replace Your SIEM with Neural Net Technology

Security Boulevard

Security Information Event Management (SIEM) systems are an outdated technology. It’s no longer enough to just manage information – today’s organizations need technology that can proactively detect and respond to dynamic threats as well.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Proofpoint dispels commonly held threat actor assumptions in new report

Tech Republic Security

The company found that Google-related URLs were the most frequently abused last year. The post Proofpoint dispels commonly held threat actor assumptions in new report appeared first on TechRepublic. Security

124
124

WhiteHat brings new dimension to DAST capabilities at Synopsys

Security Boulevard

The acquisition of WhiteHat Security, the leading the DAST solution provider, is a step toward a more comprehensive, end-to-end portfolio for AppSec. The post WhiteHat brings new dimension to DAST capabilities at Synopsys appeared first on Application Security Blog.

Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts

Dark Reading

Don't sleep on Magecart attacks, which security teams could miss by relying solely on automated crawlers and sandboxes, experts warn

86

What are Injection Attacks?

Security Boulevard

You’d agree that the range of different types of cyberattacks is expanding, and the situation is getting intense. Hackers use new and robust techniques to break into systems and steal or modify confidential data.

Crooks are using RIG Exploit Kit to push Dridex instead of Raccoon stealer

Security Affairs

Threat actors are using the Rig Exploit Kit to spread the Dridex banking trojan instead of the Raccoon Stealer malware. Since January 2022, the Bitdefender Cyber Threat Intelligence Lab observed operators behind the RIG Exploit Kit pushing the Dridex banking trojan instead of the Raccoon Stealer.

Biden Signs State and Local Government Cybersecurity Act Into Law; Establishes Rotational Cyber Workforce

Security Boulevard

Blogs Blog Biden Signs State and Local Government Cybersecurity Act Into Law; Establishes Rotational Cyber Workforce President Biden signed two cyber-related bills into law on July 21, both of which aim to bolster the cybersecurity capabilities at—and across—various government entities.

The Risk of Multichannel Phishing Is on the Horizon

Dark Reading

The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks

Targeted voicemail phishing attacks hits specific US industries’ verticals

Tech Republic Security

A new wave of targeted voicemail phishing attacks has been hitting US companies in selected verticals since May 2022. The campaign’s goal is to collect Office 365 credentials of legitimate corporate users.

Flagstar Bank discloses a data breach that impacted 1.5 Million individuals

Security Affairs

US Flagstar Bank disclosed a data breach that exposed files containing the personal information of 1.5 million individuals. US-based Flagstar Bank disclosed a data breach that impacted roughly 1.5 million individuals, but the company did not share details about the attack.

WordPress Security

Security Boulevard

The internet has revolutionized how people communicate and do business around the globe. Beginning in 2005, the internet became so widespread that almost all businesses began to have a presence online, most notably through a website.