An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage. This article has been indexed from Dark Reading Read the original article: Lazarus Group Rises Again, to…
Do you know what your supply chain is and if it is secure?
W-2 phishing scams: Everything you need to know
It’s that time of year again – tax season – and, unfortunately, it’s also a peak time for phishing scams. Cybercriminals know that people are more likely to be filing their taxes and sharing sensitive information online, so they increase…
New Prilex Malware Blocks Contactless Payments to Steal Credit Card Data
Prilex is indeed a single threat actor that transformed from malware targeted at ATMs into distinctive modular point-of-sale (PoS) malware. Prilex has resurfaced with new upgrades that allow it to block contactless payment transactions. This is extremely sophisticated malware that uses…
New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers
At least 1,200 Redis database servers worldwide have been corralled into a botnet using an “elusive and severe threat” dubbed HeadCrab since early September 2021. “This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and…
How to Address the Requirements of Personal Data Protection (PDP) Law of Indonesia
How to Address the Requirements of Personal Data Protection (PDP) Law of Indonesia divya Thu, 02/02/2023 – 06:35 In response to the increased number of attacks targeting the personal data of millions of Indonesian citizens, the government passed the first…
Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw
Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw. On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that…
LockBit Ransomware Attack on ION and Expeditors faces $2m lawsuit from customer
A serious cyber attack that took place on the servers of trading software service provider named ION is said to have affected its operations deeply, as the entire communication network was paralyzed for hours. Several of the trading clients took…
New UN cybercrime convention has a long way to go in a tight timeframe
Cybercrime is a growing scourge that transcends borders, spreading across the boundaries of virtually all the world’s nearly 200 nation-states. From ransomware attacks to rampant cryptocurrency theft, criminal exploitation of borderless digital systems threatens global economic security and the political…
Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges
Researchers from cybersecurity firm Proofpoint claim to have discovered a new threat campaign involving malicious third-party OAuth apps that are used to infiltrate organizations’ cloud environments. According to a blog on the company’s website, threat actors satisfied Microsoft’s requirements for…
The emergence of trinity attacks on APIs
When it comes to attacks against application programming interfaces (APIs), the building blocks that provide access to many of our applications, the OWASP API Top Ten is seen as definitive – and rightly so. Compiled in 2019 based on a…
School District 42 – 18,850 breached accounts
In January 2023, Pitt Meadows School District 42 in British Columbia suffered a data breach. The incident exposed the names and email addresses of approximately 19k students and staff which were consequently redistributed on a popular hacking forum. This article…
Yugabyte Releases YugabyteDB Voyager to Accelerate Cloud Native Adoption through Simple, Risk-Free Migration
SUNNYVALE, Calif.–(BUSINESS WIRE)–Yugabyte, the leading open source distributed SQL database company, today announced the general availability of YugabyteDB Voyager—a unified database migration solution. With YugabyteDB Voyager, organizations of all sizes can leave behind the limitations of legacy and single-cloud databases,…
Research Exposes Azure Serverless Security Blind Spots
Simulation uncovers hidden features and urges greater user awareness This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Research Exposes Azure Serverless Security Blind Spots
New APT34 Malware Targets The Middle East
We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the…
6 Ransomware Trends & Evolutions For 2023
In the era of digital transformation, ransomware groups are adapting to changing technology. The next evolution of ransomware could begin with these trends. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: 6…
50% of organizations have indirect relationships with 200+ breached fourth-party vendors
98 percent of organizations have vendor relationships with at least one third-party that has experienced a breach in the last two years, according to SecurityScorecard and The Cyentia Institute. The study also found that 50 percent of organizations have indirect…
The next cyber threat may come from within
71% of business executives worry about accidental internal staff error as one of the top threats facing their companies, almost on par with concern about outside attackers (75%), according to EisnerAmper. An additional 23% said they worry about malicious intent…
Hybrid cloud storage security challenges
Companies are challenged with more complex hybrid IT environments. They are raising budgets to fend off cyberattacks and keep up as production environments continue to diversify across various clouds, according to Veeam Software. While organizations of all sizes now embrace…
Janes Secures Sam Gordy as President of Janes US via Benchmark Executive Search
RESTON, Va.–(BUSINESS WIRE)–Benchmark Executive Search, an award-winning search firm, announced today the placement of Sam Gordy as President of Janes US. He will be responsible for Janes continued growth in the US market and will develop and execute a comprehensive…
Tanium Appoints Dan Streetman as Chief Executive Officer
KIRKLAND, Wash.–(BUSINESS WIRE)–Tanium, a leading IT operations and security management company and the premier supplier of converged endpoint management (XEM), today announced the appointment of Dan Streetman to the role of chief executive officer. Orion Hindawi, who is the co-founder…
CEA Invests in European-Based Cyber and Intel
TAMPA, Fla.–(BUSINESS WIRE)–CEA Group (CEA) is pleased to announce an exciting and exclusive investment in European-based cyber and intel. Funds advised by Rheingold Capital have acquired 100% of the shares in Cybersecurity Specialists SIM and ATECS. Funds advised by Rheingold…
LATEST CYBERTHREATS AND ADVISORIES – JANUARY 13, 2023
Cybercriminals attack schools, the FCC looks to change data breach rules and artificial intelligence alters the cybersecurity landscape. Here are the latest threats and advisories for the week of January 13, 2023. Threat Advisories and Alerts How Businesses Can Securely…
Predicting which hackers will become persistent threats
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the authors in this article. This blog was jointly written with David Maimon,…
InterVision enhances its cloud and security services for mid-market organizations
InterVision has launched new offerings: Managed Cloud Services (MCS) for AWS and Azure cloud environments and Penetration Testing as a Service (PTaaS) powered by RedSpy365. Both services offer enhanced and expanded cybersecurity designed to address current business and resilience concerns.…
Hornetsecurity unveils two tools to counter rise in phishing attacks and malicious links
Hornetsecurity launched two new tools – the QR Code Analyzer and Secure Links – to combat growing cyber threats. These launches come in response to a rise in fake QR codes and the ongoing threat of phishing, which represents 40%…
Neustar Security Services introduces UltraDDR for DNS-based user protection
Neustar Security Services has introduced UltraDDR (DNS Detection and Response), a recursive DNS-based protection service aimed at combatting network breaches, ransomware attacks, phishing and supply chain compromise, while enforcing enterprise acceptable use policies for its users. UltraDDR provides a Protective…