Joseph Steinberg

DECEMBER 6, 2022

The era of cyberwar has not only arrived, but is advancing rapidly – and the repercussions of the march forward are nothing short of terrifying. The following infographic, reproduced with permission from Nowsourcing, highlights how Ukraine has become the battleground between Russia and the United States, in a 21st Century epilogue to the Cold War: This infographic originally appeared here , and is reproduced with permission.

Artificial Intelligence 242

Artificial Intelligence Cybersecurity 242

Schneier on Security

DECEMBER 6, 2022

Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks. The Trojan corrupts any data that’s not vital for the functioning of the operating system. It doesn’t affect files with extensions.exe,dll,lnk,sys or.msi, and ignores several system folders in the C:Windows directory. The malware focuses on databases, archives, and user documents.

Ransomware 223

Ransomware Government Malware 223

Tech Republic Security

DECEMBER 6, 2022

At 75% off, this affordable VPN service is more affordable than ever and capable of defending your business from cybercrime while browsing the internet. The post Protect yourself and your business on public Wi-Fi appeared first on TechRepublic.

VPN 139

VPN Cybercrime Internet Internet 139

Bleeping Computer

DECEMBER 6, 2022

Offensive Security has released ​Kali Linux 2022.4, the fourth and final version of 2022, with new Azure and QEMU images, six new tools, and improved desktop experiences. [.].

144

144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

DECEMBER 6, 2022

By Mike Wilkinson. Mike Tyson famously said, “Everyone has a plan until they get punched in the mouth.” That applies to the world of boxing—and to the world of cyberattacks. Many companies have an Incident Response (IR) plan in place. But those plans don’t always hold up when an actual cyberattack occurs. At Avertium , we carry out hundreds of IR engagements a year, so I’m highly familiar with what makes IR plans useful—and what doesn’t.

Insurance 139

Insurance Cyber Insurance Ransomware Risk 139

Bleeping Computer

DECEMBER 6, 2022

Contestants have hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hacking competition, the 10th edition of the consumer-focused event. [.].

Hacking 143

Hacking 143

Bleeping Computer

DECEMBER 6, 2022

Texas-based cloud computing provider Rackspace has confirmed today that a ransomware attack is behind an ongoing Hosted Exchange outage described as an "isolated disruption." [.].

Ransomware 134

Ransomware 134

Dark Reading

DECEMBER 6, 2022

Threat actors can weaponize code within AI technology to gain initial network access, move laterally, deploy malware, steal data, or even poison an organization's supply chain.

Technology 131

Technology Malware 131

CyberSecurity Insiders

DECEMBER 6, 2022

By: Matt Lindley, COO and CISO of NINJIO. Companies have struggled to cope with surging costs, an extremely tight labor market, a looming recession, and many other issues that have made 2022 a uniquely turbulent and unpredictable year. Likewise, the cyberthreat landscape is undergoing several tectonic shifts, such as the increasing frequency of state-sponsored cyberattacks, the infiltration of supply chains, and the exploitation of a widening array of attack vectors.

Cybersecurity 129

Cybersecurity VPN Digital transformation Education 129

InfoWorld on Security

DECEMBER 6, 2022

It’s a fact that most enterprises put security teams and tools in a silo. It drives me nuts when I see these bad habits carried over to cloud computing security. I covered this topic three years ago , and for the most part, it’s unchanged. Many of today’s security breaches are due to human error. A study by Ponemon and IBM indicates that misconfigured cloud servers cause 19% of data breaches.

Data breaches 123

Data breaches 123

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

DECEMBER 6, 2022

Doug Dooley, COO, Data Theorem. Security automation will be a high priority in a down-economy with hiring freezes. Many IT security projects will be delayed or put on-hold because of staff shortages and budgets cuts. Compliance, regulatory, and critical services will triage to the top of the priority and budget list for most IT security teams. Automation of processes previously done by staffing and manual efforts will be one of the top projects in 2023 to remedy resource reduction and constraint

Cybersecurity 126

Cybersecurity CISO InfoSec Technology 126

Security Affairs

DECEMBER 6, 2022

Russia’s second-largest bank VTB Bank reveals it is facing the largest DDoS (distributed denial of service) attack in its history. State-owned VTB Bank, the second-largest financial institution in Russia, says it is facing the largest DDoS (distributed denial of service) attack in its history. The pro-Ukraine collective IT Army of Ukraine has claimed responsibility for the DDoS attacks against the bank.

Banking 122

Banking DDOS Cyber Attacks Government 122

CSO Magazine

DECEMBER 6, 2022

Digital twins are a digital representation of objects, structures or systems that give organizations greater insight into the life cycle of these objects, but this same level of insight and control can also open doors for malicious attackers. Digital twins can be created for any physical infrastructure that includes individual components of an engine, turbine and other equipment, or entire factories, and data centers.

Cybersecurity 122

Cybersecurity Engineering Technology 122

Heimadal Security

DECEMBER 6, 2022

Researchers warn that the Linux PRoot utility is now frequently used by threat actors in BYOF (Bring Your Own Filesystem) attacks. Unfortunately, the technique can be successfully used on various Linux distributions, like Ubuntu, Fedora, or Alpine. What`s a BYOF Attack? When threat actors create a malicious filesystem that holds a typical set of hijacking […].

Cybersecurity 120

Cybersecurity 120

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

DECEMBER 6, 2022

As the frequency and severity of ransomware, phishing, and denial of service attacks has increased, so has demand for cyber insurance. About $6.5 billion in direct written premiums were recorded in 2021, a 61% increase over the prior year, according to an October 2022 memorandum from the National Association of Insurance Commissioners. “Some companies see it as essential to their risk management strategy,” says Heather Engel, managing partner at advisory firm Strategic Cyber Partners.

Cyber Insurance 121

Cyber Insurance Insurance Phishing Ransomware 121

Heimadal Security

DECEMBER 6, 2022

The creators of the FreeBSD operating system have released updates meant to resolve a vulnerability within the ping module. The vulnerability, identified as CVE-2022-23093, could be exploited to crash the program or trigger remote code execution, and affects all supported versions of FreeBSD. Last week, an advisory was published, explaining the issue in further detail. ping […].

Cybersecurity 120

Cybersecurity 120

Cisco Security

DECEMBER 6, 2022

“There’s so much left to know, and I’m on the road to find out.” –Cat Stevens (Yusuf). Two years ago, we asked the question: What actually works in cybersecurity? Not what everyone’s doing—because there are plenty of cybersecurity reports out there that answer that question—but which data-backed practices lead to the outcomes we want to implement in cybersecurity strategies?

Cybersecurity 119

Cybersecurity CISO Architecture Technology 119

Security Affairs

DECEMBER 6, 2022

Researchers spotted a version of the open-source ransomware toolkit Cryptonite that doesn’t support decryption capabilities. Fortinet researchers discovered a sample of malware generated with the publicly available open-source ransomware toolkit Cryptonite that never offers the decryption window, turning it as a wiper. The experts also reported an increase in ransomware intentionally turned into wiper malware, these malicious code are mainly employed in politically-motivated campaigns.

Ransomware 116

Ransomware Encryption Malware Architecture 116

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

DECEMBER 6, 2022

Netwrix, a cybersecurity vendor that makes data security easy, today released key IT security trends that will affect organizations of all sizes in 2023. This analysis from Dirk Schrader, Vice President of Security Research, and Michael Paye, Vice President of Research and Development, is based on Netwrix’s global experience across a wide range of verticals, including technology, finance, manufacturing, government and healthcare.

Cybersecurity 116

Cybersecurity Cybercrime Social Engineering Risk 116

Bleeping Computer

DECEMBER 6, 2022

Four men suspected of hacking into US networks to steal employee data for identity theft and the filing of fraudulent US tax returns have been arrested in London, UK, and Malmo, Sweden, at the request of the U.S. law enforcement authorities. [.].

Identity Theft 115

Identity Theft Hacking 115

Security Boulevard

DECEMBER 6, 2022

Chinese hackers stole tens of millions of dollars from PPP, the federal Paycheck Protection Program. So say Secret Service sources. The post APT41 Sent US Covid Cash to China — Wicked Panda appeared first on Security Boulevard.

Digital transformation 113

Digital transformation Social Engineering Security Awareness Engineering 113

Bleeping Computer

DECEMBER 6, 2022

OpenAI's newly unveiled ChatGPT bot is making waves when it comes to all the amazing things it can do—from writing music to coding to generating vulnerability exploits, and what not. As the erudite machinery turns into a viral sensation, humans have started to discover some of the AI's biases, like the desire to wipe out humanity. [.].

Technology 115

Technology 115

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

DECEMBER 6, 2022

Researchers discovered a security flaw in the connected vehicle service SiriusXM that exposes multiple car models to remote attacks. Cybersecurity researchers discovered a security vulnerability in the connected vehicle service provided by SiriusXM that can allow threat actors to remotely attack vehicles from multiple carmakers, including Honda, Nissan, Infiniti, and Acura.

Hacking 113

Hacking Engineering Mobile Internet 113

CSO Magazine

DECEMBER 6, 2022

Action1 has announced new AI-based threat actor filtering to detect and block abuse of its remote management platform. The cloud-native patch management, remote access, and remote monitoring and management (RMM) firm stated its platform has been upgraded to spot abnormal user behavior and automatically block threat actors to prevent attackers exploiting its tool to carry out malicious activity.

Accountability 113

Accountability Ransomware 113

CyberSecurity Insiders

DECEMBER 6, 2022

A few days ago, there were reports that China has breached the network of All India Institute of Medical Sciences Servers (AIIMS) in India to siphon data related to over 3 crore patients from the subcontinent. 1.) Now fresh reports are in that a Chinese sponsored hacking group aka APT has stolen $20 million from US Covid relief funds, and the figure might vary as the probe in still underway on this note.

Hacking 112

Hacking Small Business Insurance Cyber Attacks 112

Bleeping Computer

DECEMBER 6, 2022

The city of Antwerp, Belgium, is working to restore its digital services that were disrupted last night by a cyberattack on its digital provider. [.].

120

120

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CyberSecurity Insiders

DECEMBER 6, 2022

Indian Council of Medical Research, shortly known as ICMR, was hit by cyber attacks on November 30th, 2022, and reports are that hackers made over 6,000 attempts to breach the firewall in a time frame of just 24 hours. The good news is that the firewall of ICMR did not have any vulnerabilities, so the threat actors failed to infiltrate the network. The web portal of ICMR was being hosted on the servers operating in the National Informatics Centre (NIC) and as per the preliminary inquiries, the a

Cyber Attacks 111

Cyber Attacks Firewall Technology Software 111

Bleeping Computer

DECEMBER 6, 2022

Amnesty International's Canadian branch has disclosed a security breach detected in early October and linked by cybersecurity firm Secureworks, who investigated the incident, to a threat group likely sponsored by China. [.].

Cybersecurity 109

Cybersecurity 109

Naked Security

DECEMBER 6, 2022

Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.

Cryptocurrency 132

Cryptocurrency Passwords Cybercrime 132

Heimadal Security

DECEMBER 6, 2022

The list of security flaws that can be exploited in attacks has been expanded by the Cybersecurity and Infrastructure Security Agency (CISA). On Friday, the Google Chrome web browser for Windows, Mac, and Linux users was patched to address the vulnerability (tracked as CVE-2022-4262). Since the beginning of the year, Google has patched nine Chrome […].

Cybersecurity 106

Cybersecurity 106

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.