The Last Watchdog

MAY 20, 2023

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Ransomware 203

Ransomware Internet Internet 203

WIRED Threat Level

MAY 20, 2023

From USB worms to satellite-based hacking, Russia’s FSB hackers, known as Turla, have spent 25 years distinguishing themselves as “adversary number one.

Hacking 145

Hacking 145

Bleeping Computer

MAY 20, 2023

HP is working to address a bad firmware update that has been bricking HP Office Jet printers worldwide since it was released earlier this month. [.

Firmware 129

Firmware Technology 129

The Hacker News

MAY 20, 2023

The identity of the second threat actor behind the Golden Chickens malware has been uncovered courtesy of a fatal operational security blunder, cybersecurity firm eSentire said. The individual in question, who lives in Bucharest, Romania, has been given the codename Jack. He is one of the two criminals operating an account on the Russian-language Exploit.

Malware 108

Malware Accountability Cybersecurity 108

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Bleeping Computer

MAY 20, 2023

PyPI, the official third-party registry of open source Python packages has temporarily suspended new users from signing up, and new projects from being uploaded to the platform until further notice. The groundbreaking move comes amid the registry's struggle to upkeep with a large influx of malicious users and packages [.

Malware 122

Malware 122

Security Affairs

MAY 20, 2023

Luxottica has finally confirmed the 2021 data breach that exposed the personal information of 70 million customers. Luxottica Group S.p.A. is an Italian eyewear conglomerate and the world’s largest company in the eyewear industry. As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, Apex by Sunglass Hut, Pearle Vision, Target Optical, Eyemed vision care plan, and Glasses.com.

Data breaches 98

Data breaches Retail Hacking Ransomware 98

Security Affairs

MAY 20, 2023

US CISA added the vulnerability CVE-2023-21492 flaw affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. US CISA added the vulnerability CVE-2023-21492 vulnerability (CVSS score: 4.4) affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. The issue affects Samsung mobile devices running Android 11, 12, and 13, it is described as an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address

Internet 98

Internet Internet Mobile Hacking 98

WIRED Threat Level

MAY 20, 2023

Plus: The FBI gets busted abusing a spy tool, an ex-Apple engineer is charged with corporate espionage, and collection of airborne DNA raises new privacy risks.

Engineering 96

Engineering Risk Hacking 96

Security Affairs

MAY 20, 2023

Cybercriminal gang FIN7 returned with a new wave of attacks aimed at deploying the Clop ransomware on victims’ networks. Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at distributing the Clop ransomware and linked it to the financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7 ).

Cybercrime 98

Cybercrime Ransomware Security Intelligence Hacking 98

Bleeping Computer

MAY 20, 2023

A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims. [.

Malware 79

Malware 79

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Boulevard

MAY 20, 2023

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated … (more…) The post RSAC Fireside Chat: Counteracting Putin’s weaponizing of ransomware — with containment appeared first on Security Boulevard.

Ransomware 75

Ransomware Security Awareness 75

Hacker's King

MAY 20, 2023

Two-factor authentication (2FA) has become an essential security measure in the digital age. By combining something you know(like a password) with something you have(such as a verification code), 2FA adds an extra layer of protection to your online accounts. However, like any security system, 2FA is not foolproof. In this article, we’ll explore some lesser-known methods that hackers may use to bypass 2FA.

Authentication 52

Authentication Social Engineering Spyware Engineering 52

Security Boulevard

MAY 20, 2023

The post Live panel discussion on insider threats and abuse of privilege appeared first on Click Armor. The post Live panel discussion on insider threats and abuse of privilege appeared first on Security Boulevard.

CISO 69

CISO Security Awareness Risk 69

Spinone

MAY 20, 2023

Many small and even medium businesses do not have a well-articulated disaster recovery strategy for their IT systems. This approach can cost them a substantial amount of money and even can cause business termination. In this article, we discuss the Recovery Point Actual, one of the critical indicators of disaster recovery. What is Recovery Point […] The post Recovery Point Actual: a Critical Indicator for SMB Disaster Recovery first appeared on SpinOne.

Backups 52

Backups 52

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Boulevard

MAY 20, 2023

Our thanks to BSidesSF for publishing their presenter’s superlative BSidesSF 2023 content on the organizations’ YouTube channel. Permalink The post BSidesSF 2023 – Rami McCarthy, Lea Snyder, Hasnain Lakhani, Kurt Boberg – Level Up Your Career: A Panel on Staff+ Engineering appeared first on Security Boulevard.

Engineering 52

Engineering Education InfoSec Cybersecurity 52

Security Boulevard

MAY 20, 2023

Who would have thought? The U.S Secret Service is currently offering $10M reward for Denis Gennadievich Kulkov also known as Kreenjo/Nordex/Nordexin who's particularly famous for running the infamous Try2Check credit card checking cybercriminal enterprise. What's so special about this individual is the fact that he's also been running a well known money mule recruitment operation since 2016 using the World Issuer LLC money mule recruitment franchise based on my research using public sources whe

DNS 52

DNS Spyware Accountability 52