The Last Watchdog

MAY 20, 2023

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Ransomware 171

Ransomware Internet Internet 171

Bleeping Computer

MAY 20, 2023

PyPI, the official third-party registry of open source Python packages has temporarily suspended new users from signing up, and new projects from being uploaded to the platform until further notice. The groundbreaking move comes amid the registry's struggle to upkeep with a large influx of malicious users and packages [.

Malware 141

Malware 141

The Hacker News

MAY 20, 2023

The identity of the second threat actor behind the Golden Chickens malware has been uncovered courtesy of a fatal operational security blunder, cybersecurity firm eSentire said. The individual in question, who lives in Bucharest, Romania, has been given the codename Jack. He is one of the two criminals operating an account on the Russian-language Exploit.

Malware 124

Malware Cybersecurity Accountability 124

Bleeping Computer

MAY 20, 2023

Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. [.

134

134

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

WIRED Threat Level

MAY 20, 2023

From USB worms to satellite-based hacking, Russia’s FSB hackers, known as Turla, have spent 25 years distinguishing themselves as “adversary number one.

Hacking 105

Hacking 105

Bleeping Computer

MAY 20, 2023

HP is working to address a bad firmware update that has been bricking HP Office Jet printers worldwide since it was released earlier this month. [.

Firmware 142

Firmware Technology 142

Bleeping Computer

MAY 20, 2023

Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. [.

Malware 97

Malware 97

Security Affairs

MAY 20, 2023

Luxottica has finally confirmed the 2021 data breach that exposed the personal information of 70 million customers. Luxottica Group S.p.A. is an Italian eyewear conglomerate and the world’s largest company in the eyewear industry. As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, Apex by Sunglass Hut, Pearle Vision, Target Optical, Eyemed vision care plan, and Glasses.com.

Data breaches 90

Data breaches Ransomware Hacking Cybersecurity 90

Bleeping Computer

MAY 20, 2023

A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims. [.

Malware 109

Malware 109

Security Affairs

MAY 20, 2023

Cybercriminal gang FIN7 returned with a new wave of attacks aimed at deploying the Clop ransomware on victims’ networks. Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at distributing the Clop ransomware and linked it to the financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7 ).

Cybercrime 89

Cybercrime Ransomware Security Intelligence Hacking 89

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Security Boulevard

MAY 20, 2023

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated … (more…) The post RSAC Fireside Chat: Counteracting Putin’s weaponizing of ransomware — with containment appeared first on Security Boulevard.

Ransomware 75

Ransomware Security Awareness 75

WIRED Threat Level

MAY 20, 2023

Plus: The FBI gets busted abusing a spy tool, an ex-Apple engineer is charged with corporate espionage, and collection of airborne DNA raises new privacy risks.

Engineering 71

Engineering Risk Hacking 71

Security Boulevard

MAY 20, 2023

The post Live panel discussion on insider threats and abuse of privilege appeared first on Click Armor. The post Live panel discussion on insider threats and abuse of privilege appeared first on Security Boulevard.

Security Awareness 69

Security Awareness CISO Risk 69

Spinone

MAY 20, 2023

Many small and even medium businesses do not have a well-articulated disaster recovery strategy for their IT systems. This approach can cost them a substantial amount of money and even can cause business termination. In this article, we discuss the Recovery Point Actual, one of the critical indicators of disaster recovery. What is Recovery Point […] The post Recovery Point Actual: a Critical Indicator for SMB Disaster Recovery first appeared on SpinOne.

Backups 52

Backups 52

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

Risk

Security Boulevard

MAY 20, 2023

Our thanks to BSidesSF for publishing their presenter’s superlative BSidesSF 2023 content on the organizations’ YouTube channel. Permalink The post BSidesSF 2023 – Rami McCarthy, Lea Snyder, Hasnain Lakhani, Kurt Boberg – Level Up Your Career: A Panel on Staff+ Engineering appeared first on Security Boulevard.

Engineering 52

Engineering InfoSec Cybersecurity Education 52

Security Boulevard

MAY 20, 2023

Who would have thought? The U.S Secret Service is currently offering $10M reward for Denis Gennadievich Kulkov also known as Kreenjo/Nordex/Nordexin who's particularly famous for running the infamous Try2Check credit card checking cybercriminal enterprise. What's so special about this individual is the fact that he's also been running a well known money mule recruitment operation since 2016 using the World Issuer LLC money mule recruitment franchise based on my research using public sources whe

DNS 52

DNS Spyware Accountability 52