Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owne

DNS 233

DNS Cybercrime Passwords Accountability 233

Schneier on Security

MARCH 9, 2023

Here’s a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates. On Thursday, security firm Mandiant published a report that said threat actors with a suspected nexus to China were engaged in a campaign to maintain long-term persistence by running malware on unpatched SonicWall SMA appliances. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware. “The attackers put sig

Malware 193

Malware Firmware Backups 193

Tech Republic Security

MARCH 9, 2023

Over the next nine months, the largest internet hosting service for software development and collaboration will make all code contributors add another layer of electronic evidence to their accounts. The post GitHub rolling out two-factor authentication to millions of users appeared first on TechRepublic.

Authentication 149

Authentication Internet Internet Software 149

CyberSecurity Insiders

MARCH 9, 2023

Traditional vulnerability management is in need of a desperate change due to the lack of effectiveness in combating modern cyberattacks. It’s a bold statement, but true, nonetheless, because it’s just not enough. Numbers don’t lie, and the only direction the average cost of recovering from cyberattacks seems to move is up. Putting the monetary effect aside, a successful cyberattack from ineffective vulnerability management can fatally hit an organization’s reputation.

Risk 138

Risk Software Technology Cybersecurity 138

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MARCH 9, 2023

Learn a wide variety of topics for a lifetime with this eclectic bundle. The post Become your business’s cybersecurity expert appeared first on TechRepublic.

Cybersecurity 147

Cybersecurity 147

Bleeping Computer

MARCH 9, 2023

An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator of the NetWire remote access trojan and the seizure of the service's web domain and hosting server. [.

Malware 133

Malware 133

Dark Reading

MARCH 9, 2023

IceFire has changed up its OS target in recent cyberattacks, emblematic of ransomware actors increasingly targeting Linux enterprise networks, despite the extra work involved.

Ransomware 126

Ransomware 126

Bleeping Computer

MARCH 9, 2023

AT&T is notifying roughly 9 million customers that some of their information has been exposed after one of its marketing vendors was hacked in January. [.

Data breaches 130

Data breaches Hacking Marketing 130

CSO Magazine

MARCH 9, 2023

The cybercrime underground has long functioned as an open market where sellers of products and services are paired with buyers and contractors. One of the most valuable commodities on this market are stolen credentials since they can provide attackers with access into networks, databases, and other assets owned by organizations. It's no surprise to see cybercriminals focused on this valuable commodity.

Cybercrime 121

Cybercrime Marketing Data breaches Accountability 121

Bleeping Computer

MARCH 9, 2023

A suspected Chinese hacking campaign has been targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that establish long-term persistence for cyber espionage campaigns. [.

Firmware 122

Firmware Malware Mobile Hacking 122

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

MARCH 9, 2023

Cybersecurity threats are evolving rapidly, and CISOs must be ready to face the challenge. Be prepared for the top trends of 2023. The post 19 Cybersecurity Trends Every CISO Must Prepare for in 2023 appeared first on Indusface. The post 19 Cybersecurity Trends Every CISO Must Prepare for in 2023 appeared first on Security Boulevard.

CISO 120

CISO Cybersecurity 120

Bleeping Computer

MARCH 9, 2023

Cybercriminals are now using fake rewards in so-called "play-to-earn" mobile and online games to steal millions worth of cryptocurrency, according to an FBI warning issued on Thursday. [.

Cryptocurrency 111

Cryptocurrency Mobile 111

CyberSecurity Insiders

MARCH 9, 2023

ChatGPT, the sensational conversational app of Microsoft, has been identified as a threat to national security due to its increased sophistication in phishing scams. The Silicon Valley sophisticated sensation developed by OpenAI has become a part of every tech discussion on LinkedIn and Redditt these days. People believe that it assists threat actors in launching cyber-attacks.

Cybersecurity 106

Cybersecurity Scams Phishing Cyber Attacks 106

Security Boulevard

MARCH 9, 2023

A surge of cybersecurity incidents and a general feeling of work overload is leading to widespread burnout among IT security professionals, two surveys indicated. A Cynet survey of chief information security officers (CISOs) of small to midsize businesses found nearly two-thirds (65%) said their ability to protect their organization is compromised due to an overwhelming.

CISO 105

CISO Information Security Cybersecurity Security Awareness 105

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Approachable Cyber Threats

MARCH 9, 2023

Category Awareness, News, Case Study As one of the world’s fastest-growing industries, telecommunication has become a highly vulnerable target for cybersecurity threats. The Industry Information technology's ability to connect and communicate has become integral to our society here in the digital age. We rely on it for communication between individuals, businesses, governments, and organizations.

Telecommunications 105

Telecommunications IoT Firewall Encryption 105

CSO Magazine

MARCH 9, 2023

GitHub has begun its official rollout of two-factor authentication (2FA) for developers who contribute code to the platform to enhance the security of accounts and the software supply chain. GitHub first announced its intention to mandate 2FA for all code contributors in May 2022, and will begin the first group’s enrolment on Monday, March 13. GitHub is allowing users to choose their preferred 2FA method – SMS, TOTP, security keys, or GitHub mobile.

Mobile 104

Mobile Software Authentication Accountability 104

The Hacker News

MARCH 9, 2023

Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems.

Malware 101

Malware Software Cryptocurrency 101

CSO Magazine

MARCH 9, 2023

Botnet proliferation is growing at an alarming rate. In 1H 2022 alone, NETSCOUT’s global honeypot network observed more than 67 million connections from 608,000 unique IP addresses, spanning 13,000 autonomous system numbers (ASNs), 30,000 organizations, and 165 countries. Direct-path attacks are becoming a tool of choice for adversaries – a fact further established by an 11% increase in direct-path attacks from 2H 2021 to 1H 2022.

100

100

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

MARCH 9, 2023

Microsoft's Security Intelligence team recently investigated a business email compromise (BEC) attack and found that attackers move rapidly, with some steps taking mere minutes. [.

Security Intelligence 98

Security Intelligence 98

Security Boulevard

MARCH 9, 2023

At HYAS, we take pride in our effort to try to make a positive impact on the world whenever possible. Cybersecurity, of course, is a business, but stopping bad actors helps protect not only people’s livelihoods but also the critical services that we all depend on. It also prevents the profits from these activities from being funneled back into other criminal ventures.

Scams 98

Scams CISO Technology Software 98

Identity IQ

MARCH 9, 2023

Can Hackers Create Fake Hotspots? IdentityIQ We rely on the internet, from communicating with loved ones on social media to working and conducting business. As a result, vulnerability to cybercrime is a serious concern. One of the ways hackers attempt to exploit people is by creating Wi-Fi hotspots that imitate a legit business, organization or even an airport and acts as a “guest” public hotspot.

VPN 98

VPN Antivirus Identity Theft DNS 98

Security Boulevard

MARCH 9, 2023

“Because that’s where the money is” – the classic answer from a bank robber on why he robbed banks. Add “that’s where the data is” to crime risk for the financial industry today, including banks, insurance companies, lenders, investment companies, credit agencies, exchanges and the many third parties that make the money go around. The post Ranking Top Cyber Risks to Financial Companies with Risk Quantification appeared first on Security Boulevard.

Cyber Risk 98

Cyber Risk Risk Banking Insurance 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

MARCH 9, 2023

Iranian state-sponsored actors are continuing to engage in social engineering campaigns targeting researchers by impersonating a U.S. think tank. "Notably the targets in this instance were all women who are actively involved in political affairs and human rights in the Middle East region," Secureworks Counter Threat Unit (CTU) said in a report shared with The Hacker News.

Social Engineering 98

Social Engineering Engineering Cybersecurity 98

Security Boulevard

MARCH 9, 2023

ChatGPT, developed by the artificial intelligence lab OpenAI, is a humanoid chatbot causing a global sensation. It is now the fastest-growing app in history, hitting 100 million active users in just two months—way faster than the nine months it took previous record-holder TikTok to reach that mark. This powerful, open source tool can do whatever. The post The Security Risks of ChatGPT: Safeguarding Business Data appeared first on Security Boulevard.

Artificial Intelligence 98

Artificial Intelligence Risk Social Engineering Engineering 98

Dark Reading

MARCH 9, 2023

Users should patch an unauthenticated remote code execution bug impacting FortiOS and FortiProxy administrative interfaces ASAP, Fortinet says.

110

110

The Hacker News

MARCH 9, 2023

A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986, CVSS score: 9.

Ransomware 96

Ransomware Media Software 96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

MARCH 9, 2023

Russia continues its disinformation campaign around the Ukraine war through advanced social engineering tactics delivered by the TA499 threat group. Also known as Vovan and Lexus, TA499 is a Russian-aligned threat actor conducting aggressive email campaigns since at least 2021. They seem to target US and European politicians, business people, and celebrities who oppose Putin’s invasion, according […] The post Putin’s Deepfake Campaign: A New Weapon in the War Against Dissent ap

Social Engineering 96

Social Engineering Engineering Cybersecurity 96

SecureList

MARCH 9, 2023

In recent months, we observed an increase in the number of malicious campaigns that use Google Advertising as a means of distributing and delivering malware. At least two different stealers, Rhadamanthys and RedLine, were abusing the search engine promotion plan in order to deliver malicious payloads to victims’ machines. They seem to use the same technique of mimicking a website associated with well-known software like Notepad++ and Blender 3D.

Engineering 95

Engineering Software Malware Encryption 95

The Hacker News

MARCH 9, 2023

The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with successful exploitation of susceptible Oracle WebLogic servers to download a PowerShell script that contains ScrubCrypt.

Cryptocurrency 94

Cryptocurrency Encryption Software 94

Security Affairs

MARCH 9, 2023

Akamai has mitigated the largest DDoS (distributed denial of service) attack ever, which peaked at 900.1 gigabits per second. Akamai reported that on February 23, 2023, at 10:22 UTC, it mitigated the largest DDoS attack ever. The attack traffic peaked at 900.1 gigabits per second and 158.2 million packets per second. The record-breaking DDoS was launched against a Prolexic customer in Asia-Pacific (APAC). “On February 23, 2023, at 10:22 UTC, Akamai mitigated the largest DDoS attack ever la

DDOS 92

DDOS Hacking Information Security 92

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.