Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains. The volume of phishing websites registered through Freenom dropped considerably since the registrar was sued by Meta.

Phishing 320

Phishing Malware 320

Schneier on Security

MAY 26, 2023

Cyberspace operations now officially has a physical dimension, meaning that the United States has official military doctrine about cyberattacks that also involve an actual human gaining physical access to a piece of computing infrastructure. A revised version of Joint Publication 3-12 Cyberspace Operations—published in December 2022 and while unclassified, is only available to those with DoD common access cards, according to a Joint Staff spokesperson—officially provides a definition

273

273

Tech Republic Security

MAY 26, 2023

GitLab 16 includes more than 55 improvements and new features. Learn about the most notable new technologies in this GitLab platform. The post GitLab announces AI-DevSecOps platform GitLab 16 appeared first on TechRepublic.

Technology 174

Technology Artificial Intelligence Big data Software 174

Security Boulevard

MAY 26, 2023

Shouty name—dangerous game. Red-team tool ripe for misuse. The post COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT appeared first on Security Boulevard.

Cyber Attacks 137

Cyber Attacks IoT Risk Government 137

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

MAY 26, 2023

Learn how easy it is to sign into your Google Account using the Smart Lock app on iPhone without needing two-factor authentication codes. The post How to use Google Smart Lock on iOS to lock down your Google Account appeared first on TechRepublic.

Accountability 147

Accountability Authentication Mobile 147

The Hacker News

MAY 26, 2023

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was first documented by Google's Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android.

Spyware 136

Spyware Marketing 136

Bleeping Computer

MAY 26, 2023

Swiss tech multinational and U.S. government contractor ABB has confirmed that some of its systems were impacted by a ransomware attack, previously described by the company as "an IT security incident." [.

Ransomware 127

Ransomware Government 127

Graham Cluley

MAY 26, 2023

Bad enough for your company to be held to ransom after a cyber attack. Worse still to then have one of your own employees exploit the attack in an attempt to steal the ransom for themselves. Read more in my article on the Tripwire State of Security blog.

Cyber Attacks 125

Cyber Attacks Ransomware Malware 125

Dark Reading

MAY 26, 2023

Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees.

123

123

The Hacker News

MAY 26, 2023

A new security flaw has been disclosed in the Google Cloud Platform's (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data.

Passwords 122

Passwords 122

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Bleeping Computer

MAY 26, 2023

Microsoft has introduced a new Microsoft Defender capability named "performance mode" for developers on Windows 11, tuned to reduce the impact of antivirus scans when analyzing files stored on Dev Drives. [.

Antivirus 119

Antivirus 119

Security Boulevard

MAY 26, 2023

The world of cybersecurity is ever-evolving, and organizations are facing new and complex security challenges every day. The traditional approach to managing identities and access has been fragmented and siloed, with separate systems for identity and access management (IAM), privileged access management (PAM) and identity governance and administration (IGA).

Government 111

Government Cybersecurity Security Awareness Network Security 111

CyberSecurity Insiders

MAY 26, 2023

A Tesla employee has reportedly stole about 100GB of data related to the automaker and handed it over to a media company, which has now released a portion of the details. According to a German media resource Handelsblatt, the leaked information from the Tesla Files include sensitive details related to 100,000 names of current and former employees including the social security number of Tesla CEO Elon Musk his itinerary for the next few months.

Data breaches 111

Data breaches Media Cybersecurity Hacking 111

CSO Magazine

MAY 26, 2023

Over the past few years state-sponsored attackers have been ramping up their capabilities of hitting critical infrastructure like power grids to cause serious disruptions. A new addition to this arsenal is a malware toolkit that seems to have been developed for red-teaming exercises by a Russian cybersecurity company. Dubbed COSMICENERGY by researchers from Mandiant, the malware can interact with remote terminal units (RTUs) and other operational technology (OT) devices that communicate over the

Malware 111

Malware Engineering Technology Cybersecurity 111

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Bleeping Computer

MAY 26, 2023

Ransomware gangs continue to hammer local governments in attacks, taking down IT systems and disrupting cities' online services. [.

Ransomware 110

Ransomware Government 110

Security Boulevard

MAY 26, 2023

Early releases of identity verification and facial recognition technology have failed to deliver on the promise of trustworthy digital identification and have damaged the reputation of biometric security tech, according to an Incode report. The global survey of 1,000 respondents found close to half (48%) indicated they consider digital authentication technology as detrimental to their.

Authentication 110

Authentication Technology Mobile Cybersecurity 110

The Hacker News

MAY 26, 2023

5G is a game changer for mobile connectivity, including mobile connectivity to the cloud. The technology provides high speed and low latency when connecting smartphones and IoT devices to cloud infrastructure.

Network Security 105

Network Security IoT Mobile Government 105

Security Boulevard

MAY 26, 2023

For almost nine years, Chinese national and U.S. resident Haitao Xiang had been employed by the Monsanto company in St. Louis, Missouri, as a research application engineer specializing in hyperspectral imaging technology. As with most jobs of this type, Xiang had signed a non-disclosure and confidentiality agreement with his employer, agreeing not to take and/or.

Engineering 105

Engineering Technology Risk Government 105

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Bleeping Computer

MAY 26, 2023

The city of Augusta in Georgia, U.S., has confirmed that the most recent IT system outage was caused by unauthorized access to its network. [.

Ransomware 104

Ransomware 104

Security Boulevard

MAY 26, 2023

Organizations should emphasize processes that connect the dots between software development practices, business risk and due diligence activities. The post Connecting the dots: Development + business risk + due diligence appeared first on Security Boulevard.

Risk 104

Risk Software 104

CSO Magazine

MAY 26, 2023

Today, the convergence of operational technology (OT) and IT networks is accelerating because organizations can use the data collected by physical equipment and Industrial Internet of Things (IIoT) devices to identify issues and increase efficiency. With less siloed IT and OT departments, convergence reduces space requirements and physical hardware.

Technology 103

Technology Cybersecurity Data collection Internet 103

Bleeping Computer

MAY 26, 2023

Firefox users have been complaining about very intrusive full-screen advertisements promoting Mozilla VPN displayed in the web browser when navigating an unrelated page. [.

VPN 103

VPN Advertising 103

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

MAY 26, 2023

Researchers spotted a new botnet dubbed Dark Frost that is used to launch distributed denial-of-service (DDoS) attacks against the gaming industry. Researchers from Akamai discovered a new botnet called Dark Frost that was employed in distributed denial-of-service (DDoS) attacks. The botnet borrows code from several popular bot families, including Mirai , Gafgyt , and Qbot.

DDOS 98

DDOS Architecture Malware Hacking 98

Heimadal Security

MAY 26, 2023

In today’s fast-changing digital landscape, ensuring strong network security has become a top priority for companies of all sizes. Given the rise of remote work, cloud computing, and increasingly complex cyber threats, conventional network architectures and perimeter-based security measures are no longer enough. Enter Zero Trust Network Access (ZTNA), a game-changing security concept that questions […] The post What Is ZTNA?

Architecture 98

Architecture Cyber threats Network Security 98

Security Affairs

MAY 26, 2023

An alleged Iran-linked APT group targeted an organization linked to the United Arab Emirates (U.A.E.) with the new PowerExchange backdoor. Researchers from the Fortinet FortiGuard Labs observed an attack targeting a government entity in the United Arab Emirates with a new PowerShell-based backdoor dubbed PowerExchange. The experts speculate that the backdoor is likely linked to an Iran-linked APT group.

Internet 98

Internet Internet Government Malware 98

Digital Shadows

MAY 26, 2023

The post Threat Update: Critical Infrastructure Vulnerability appeared first on ReliaQuest.

98

98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

MAY 26, 2023

Experts detailed a new piece of malware, named CosmicEnergy, that is linked to Russia and targets industrial control systems (ICS). Researchers from Mandiant discovered a new malware, named CosmicEnergy, designed to target operational technology (OT) / industrial control system (ICS) systems. The malicious code was first uploaded to a public malware scanning service in December 2021 by a user in Russia.

Malware 98

Malware Hacking Technology Cybersecurity 98

Malwarebytes

MAY 26, 2023

Zyxell has released a security advisory for multiple buffer overflow vulnerabilities. Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on the affected Zyxell firewalls. Affected users should patch as a matter of urgency, and we urge you not to expose the management interfaces of network edge devices to the Internet, in order to reduce their attack surface.

Firmware 98

Firmware VPN Firewall Accountability 98

Heimadal Security

MAY 26, 2023

A new malware has been discovered in the wild by security researchers. Called CosmicEnergy, the malware is designed to disrupt industrial systems. Sources say that the Russian cybersecurity group Rostelecom-Solar (fka Solar Security) is behind the malware. IEC-104-compliant remote terminal units (RTUs), which are widely utilized in electric transmission and distribution operations throughout Europe, the […] The post CosmicEnergy: The New Russian-Linked Malware Targets Industrial System app

Malware 98

Malware Cybersecurity 98

SecureWorld News

MAY 26, 2023

Security researchers at Mandiant have recently made a significant discovery in the realm of industrial control system (ICS) malware. Named "CosmicEnergy," this specialized operational technology (OT) malware poses a potential threat to critical infrastructure systems and electric grids. Mandiant's findings shed light on the similarities between CosmicEnergy and previous malware used to target power grids, including the infamous Industroyer incident that caused power outages in Ukraine in 2016.

Malware 98

Malware Government Technology Cybersecurity 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!