Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart — a multi-layered approach with strategic redundancy and a blend of passive and
admin
North Korea-backed threat actors hacked more crypto platforms than ever in 2023 but stole less of the digital currency in total than in 2022. Crypto research firm Chainalysis has found that North Korean adversaries stole slightly over $1.0bn in 2023, compared with around $1.7bn in 2022. The 2022 spike, which set a record of stolen
Scams As AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detection Cameron Camp 23 Jan 2024 • , 4 min. read Would you fall for a faked call from your CEO asking
Jan 25, 2024NewsroomRemote Access Trojan Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. “SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP,” Kroll said in an analysis
The emergence of cybercrime-as-a-service (RaaS) has lowered the entry barrier into cybercrime by allowing cybercriminals to specialize in only one aspect of the attack supply chain. This can be coding malware, developing phishing kits, crafting initial access methods, releasing vulnerability exploits, or sharing data dumps listing potential victims. However, at the end of the chain,
Jan 24, 2024NewsroomCloud Security / Kubernetes Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters
The UK government has published a new Code of Practice on cybersecurity governance, targeting directors and other senior business leaders. The draft document aims to establish cybersecurity as a key focus for businesses, on par with financial and legal risks. The code highlights a number of areas business leaders should focus on to enhance their
Jan 23, 2024NewsroomSoftware Security / Supply Chain Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems on which they were installed. The modules named warbeast2000 and kodiak2k were published at the start of the month, attracting 412 and 1,281 downloads
A lack of understanding combined with budgetary squeezes are significant obstacles for organization’s navigating data privacy and compliance with data protection laws, according to industry body ISACA. In The State of Data Privacy in 2024 report, ISACA found that over half (57%) of cyber professionals are not confident in their organization’s privacy team’s ability to
We analyzed 2,5 million vulnerabilities we discovered in our customer’s assets. This is what we found. Digging into the data The dataset we analyze here is representative of a subset of clients that subscribe to our vulnerability scanning services. Assets scanned include those reachable across the Internet, as well as those present on internal networks.
Cybersecurity researchers at Proofpoint have identified the resurgence of TA866 in email threat campaigns after a hiatus of nine months. Writing in an advisory published today, the firm said it thwarted a large-scale campaign on January 11 involving several thousand emails primarily targeting North America. The malicious emails, adopting an invoice-themed guise, were equipped with
Video The job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failings 19 Jan 2024 The job of a chief information security officer (CISO) is becoming increasingly stressful, to the point that some security leaders are seeking out more peaceful career paths.
Jan 20, 2024NewsroomNetwork Security / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. The development came after the vulnerabilities –
South Africa, known to be ‘the world’s most internet-addicted country,’ finds itself plagued by the internet’s dark underbelly: ransomware. It is the most targeted nation in Africa for these cyber-attacks and places eighth globally, according to the South African Council for Scientific and Industrial Research. Despite its digital dependency, the country’s cyber strategy is still
Scams Phone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victims Phil Muncaster 18 Jan 2024 • , 4 min. read It’s every parent’s worst nightmare. You get a call from an unknown number and on the other end of the line hear
Jan 20, 2024NewsroomZero Day / Cyber Espionage An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. “UNC3886 has a track record of utilizing zero-day vulnerabilities
Russian threat group Coldriver has expanded its targeting of Western officials with the use of malware to steal sensitive data, Google’s Threat Analysis Group (TAG) has revealed. Coldriver, AKA Star Blizzard, is linked to Russia’s intelligence service, the FSB. It is known to focus on credential phishing campaigns targeting high-profile NGOs, former intelligence and military
Jan 19, 2024NewsroomMalware / Endpoint Security Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines. “These applications are being hosted on Chinese pirating websites in order to gain victims,” Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said. “Once detonated, the malware
The value of cryptocurrency flowing into illicit addresses in 2023 was nearly two-fifths lower than the figure a year previously, with sanctioned entities accounting for the vast majority of activity, according to Chainalysis. The blockchain analysis company revealed the news in a teaser of its forthcoming 2024 Crypto Crime Report. It tracks funds stolen in
Scams, Digital Security Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible deal Phil Muncaster 17 Jan 2024 • , 5 min. read If you’re on social media or use Google Shopping, the chances are you’ve
Jan 18, 2024NewsroomSupply Chain Attacks / AI Security Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to “conduct a supply chain compromise of TensorFlow releases on GitHub and PyPi by compromising
With elections expected to occur in over 50 countries in 2024, the misinformation threat will be top of mind. OpenAI, the developer of the AI chatbot ChatGPT and the image generator DALL-E, has announced new measures to prevent abuse and misinformation ahead of big elections this year. In a January 15 post, the firm announced
Business Security By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk Phil Muncaster 16 Jan 2024 • , 5 min. read Cloud computing is an essential component of today’s digital landscape. IT infrastructure, platforms and software are more likely to
Jan 17, 2024NewsroomBotnet / Cloud Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for “victim identification and exploitation in target networks.” A Python-based malware, AndroxGh0st was first documented by Lacework in December 2022, with the
Email security remained top of mind for cybersecurity professionals in 2023 as over nine in ten (94%) cyber decision-makers had to deal with a phishing attack, according to email security provider Egress. This is up 2% from the previous year, Egress’ Email Security Risk Report 2024 found. The top three phishing techniques used throughout 2023
Jan 16, 2024NewsroomVulnerability / Network Security Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). “The two issues are fundamentally the same but exploitable at different HTTP URI paths
The 28th United Nations Climate Change Conference (COP 28), held in Dubai at the end of 2023, sparked an “unprecedented surge” in distributed denial of service (DDoS) attacks against environmental services. In its DDoS Threat Report for 2023 Q4, content delivery provider Cloudflare found a 61,839% spike in HTTP DDoS attack traffic targeting environmental services’
Business Security How wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risks Mario Micucci 11 Jan 2024 • , 4 min. read In the untold expanse of online information and communication, the ability to find the signal in the noise and discern the authenticity of data
Jan 15, 2024NewsroomVulnerability / Browser Security Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the
A vulnerability has been discovered in a popular Bosch smart thermostat, allowing potential attackers to send commands to the device and replace its firmware, according to Bitdefender. The vulnerability impacts the Wi-Fi microcontroller that acts as a network gateway for the thermostat’s logic microcontroller. The Bosch smart thermostat products BCC101, BCC102 and BCC50, from version
- « Previous Page
- 1
- …
- 3
- 4
- 5
- 6
- 7
- …
- 114
- Next Page »