Biden Broadens NSA Oversight of National Security Systems
New Cybersecurity National Security Memorandum will let the spy agency "identify vulnerabilities, detect malicious threat activity and drive mitigations," agency cybersecurity director says.
20-01-2022 22:55

(ISC)² Appoints Jon France, CISSP, as Chief Information Security Officer
Accomplished cybersecurity leader will advocate globally for best practices in risk management and head up association security operations.
20-01-2022 22:43

Researchers Discover Dangerous Firmware-Level Rootkit
MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI).
20-01-2022 22:35

Automating Response Is a Marathon, Not a Sprint
Organizations should balance process automation and human interaction to meet their unique security requirements.
20-01-2022 22:00

Red Cross Hit via Third-Party Cyberattack
The incident compromised the personal data and confidential information of more than 515,000 "highly vulnerable people," the Red Cross reports.
20-01-2022 21:25

Enterprises Are Sailing Into a Perfect Storm of Cloud Risk
Policy as code and other techniques can help enterprises steer clear of the dangers that have befallen otherwise sophisticated cloud customers.
20-01-2022 18:00

4 Ways to Develop Your Team's Cyber Skills
Organizations need to invest in professional development — and then actually make time for it.
20-01-2022 15:00

Cisco's Kenna Security Research Shows the Relative Likelihood of an Organization Being Exploited
A record-breaking 20,130 vulnerabilities were reported in 2021. However, only 4% pose a high risk to organizations.
20-01-2022 13:50

Red Cross Hack exposes data of 515,000
It has been reported that the International Committee of the Red Cross has recently suffered a cyber-attack, during which the data of more that 515,000 vulnerable people was accessed and seized. Some of the individuals affected recently fled conflicts. T
20-01-2022 10:54

Red Cross implores hackers not to leak data for 515k “highly vulnerable people”
Hack on Red Cross storage contractor follows a separate hacking incident last year.
20-01-2022 01:17

If you like the data on your WD My Cloud OS 3 device, patch it now
The disk maker updated the OS to incorporate patches available for 4 months.
19-01-2022 22:28

FireEye & McAfee Enterprise Renamed as Trellix
Symphony Technology Group announces a name for the newly merged company, which aims to become a leader in extended detection and response (XDR).
19-01-2022 22:15

What Happens to My Organization If APIs Are Compromised?
Once attackers have obtained access, they can compromise other systems or pivot within your networks.
19-01-2022 22:00

Nigerian Police Arrest 11 Individuals in BEC Crackdown
More than 50,000 targets around the world have been affected by the business email compromise scams, Interpol reports.
19-01-2022 21:30

FAA clears Boeing 777 and other planes after 5G warning halted some flights
AT&T, Verizon limit C-band rollout around airports while FAA evaluates altimeters.
19-01-2022 21:28

Revamped Community-Based DDoS Defense Tool Improves Filtering
Team Cymru updates its Unwanted Traffic Removal Service (UTRS), adding more granular controls and greater ranges of both IPv4 and IPv6 addresses.
19-01-2022 20:45

1Password Raises $620M Series C, Now Valued at $6.8B
The massive funding round comes as the rise of cloud and remote work led to new threats and growing security and privacy concerns.
19-01-2022 20:05

5 AI and Cybersecurity Predictions for 2022
Among them: Explainable artificial intelligence (XAI) will improve the ways humans and AI interact, plus expect a shift in how organizations fight ransomware.
19-01-2022 18:42

When Patching Security Flaws, Smarter Trumps Faster
Just turning the patch dial to "high" is not enough, and if your company is using the Common Vulnerability Scoring System (CVSS) to prioritize software patching, you are doing it wrong.
19-01-2022 18:19

Cloud Adoption Widens the Cybersecurity Skills Gap
No matter what cloud services you employ, you are still responsible for protecting the security of your data.
19-01-2022 18:00

LogPoint Releases LogPoint 7, Adding SOAR Capabilities Within SIEM
LogPoint 7 includes ready-made integrations to connect with existing security technologies, including endpoint protection, network detection, and threat management.
19-01-2022 16:15

(ISC)² Launches Entry-Level Cybersecurity Course
Prospective entrants to the sector will receive instruction on fundamental cybersecurity concepts on which they will be evaluated during the new (ISC)² entry-level cybersecurity certification pilot exam.
19-01-2022 16:00

Preparing For the Next Cybersecurity Epidemic: Deepfakes
Using blockchain, multifactor authentication, or signatures can help boost authentication security and reduce fraud.
19-01-2022 15:00

Cloud Identity Startup Permiso Launches With $10M Seed
Permiso's co-founders say the No. 1 problem in the cloud is identity, and their platform is designed to tackle the notoriously difficult challenge of monitoring the activity of those identities.
18-01-2022 23:18

Microsoft Details Recent Damaging Malware Attacks on Ukrainian Organizations
"WhisperGate" malware was used to overwrite Master Boot Record and other files to render systems inoperable at several organizations in Ukraine, Microsoft says.
18-01-2022 23:08

Researchers Explore Hacking VirusTotal to Find Stolen Credentials
VirusTotal can be used to collect large amounts of credentials without infecting an organization or buying them online, researchers found.
18-01-2022 22:05

End Users Remain Organizations' Biggest Security Risk
Yet they're showing signs of improvement across several important areas, a Dark Reading survey reveals.
18-01-2022 22:00

Take 'Urgent' Steps to Secure Systems From Damaging Attacks, CISA Says
CISA issues alert for senior leadership of US organizations amid rising tensions between Russia and Ukraine.
18-01-2022 21:48

Kaspersky Announces Takedown Service
Service facilitates the removal of malicious and phishing domains.
18-01-2022 21:30

Kovrr Translates Cyber Risk into Business Impact with its Quantum Platform
On-demand cyber risk quantification platform enables C-suite to prioritize and justify cybersecurity investments through financial quantification.
18-01-2022 20:08

Microsoft fixes Patch Tuesday bug that broke VPN in Windows 10 and 11
IPSEC and L2TP VPN connections could fail after installing January's updates.
18-01-2022 19:32

Europol Shuts Down Popular Cybercriminal VPN Service
VPNLab was used to support criminal activity, including ransomware campaigns and other attacks, Europol officials report.
18-01-2022 19:30

US Search for Vulnerabilities Drives 10x Increase in Bug Reports
Cross-site scripting and broken access controls continued to be the top classes of vulnerabilities researchers discovered, according to Bugcrowd's annual vulnerability report.
18-01-2022 18:30

Safari and iOS users: Your browsing activity is being leaked in real time
Unfixed bug violating the Internet's most foundational rules is easy to exploit.
18-01-2022 18:14

Name That Toon: Nowhere to Hide
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
18-01-2022 17:00

5 Reasons Why M&A Is the Engine Driving Cybersecurity
Consistent acquisition of key technologies and talent is a proven strategy for growth.
18-01-2022 15:00

Spoof Nintendo sites advertising discounted Switch consoles
A new scam website has been impersonating Nintendo’s official website, pretending to sell discounted Nintendo Switch consoles. Last week, the Japanese video game company warned customers to be wary of the scam.  Nintendo rarely warns customers of s
18-01-2022 11:31

DHL most imitated brand in phishing scams
In Q4 of 2021, DHL was threat actors’ preferred brand to imitate when launching phishing campaigns. This pushed Microsoft into second place and Google into fourth. These findings were unsurprising as the last three months of the year include holida
18-01-2022 11:13

Microsoft warns of destructive disk wiper targeting Ukraine
Ukrainian authorities blame Russia for attacks as geopolitical tensions escalate.
17-01-2022 23:19

Mastering the Art of Cloud Tagging Using Data Science
Cloud tagging, the process of labeling cloud assets by certain attributes or operational values, can unlock behavioral insights to optimize and automate cyber asset management at scale.
17-01-2022 15:00

Alleged REvil hackers charged in court
Eight people have been charged by Moscow court for their alleged involvement in the REvil ransomware gang, Russian News Agency (TASS) reported. The arrests were made as part of a larger raid on Friday across 25 locations in Moscow, St. Petersburg and Lip
17-01-2022 11:47

Millions of UK Wi-Fi routers are vulnerable to security threats
Researchers at Broadband Genie have found that millions of Wi-Fi routers in the UK are left vulnerable to threats because their owners don’t take the basic security measures to protect them. Broadband Genie surveyed 1,320 broadband users, with 88%
17-01-2022 11:46

Romance Fraudster who Targeted more than 650 Victims has been Convicted for Two Years
A London-based cyber fraudster who targeted 670 women, including one who was terminally ill, has been arrested by UK police and pleaded guilty to fraud and money laundering charges. Taking more than £20,000 from his marks, Osagie Aigbonohan operated out
17-01-2022 11:11

North Korean hackers stole nearly $400 million in crypto last year
"Banner year” thanks to skyrocketing cryptocurrency values, vulnerable startups.
16-01-2022 22:34

Backdoor RAT for Windows, macOS, and Linux went undetected until now
Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."
15-01-2022 14:00

Russia Takes Down REvil Ransomware Operation, Arrests Key Members
Timing of the move has evoked at least some skepticism from security experts about the country's true motives.
14-01-2022 22:07

The Cybersecurity Measures CTOs Are Actually Implementing
Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.
14-01-2022 22:00

Russia says it has neutralized the cutthroat REvil ransomware gang
"Big-game hunter" REvil has menaced the world for 3 years with massive attacks.
14-01-2022 18:51

Maryland Dept. of Health Responds to Ransomware Attack
An attack discovered on Dec. 4, 2021 forced the Maryland Department of Health to take some of its systems offline.
14-01-2022 18:05

White House Meets With Software Firms and Open Source Orgs on Security
The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.
14-01-2022 16:46

The FCC propose new rules for data breach reporting
The Federal Communications Commission (FCC) has called for more in-depth requirements for data breach reporting in the telecommunications industry. The proposal follows the recent increase of attacks seen in the telecommunications sector. The proposal wa
14-01-2022 16:04

Ukraine says government websites hit by “massive cyber attack”
Kyiv has yet to assign blame for disruption to at least 70 sites.
14-01-2022 15:55

Ukrainian government targeted in cyberattack
Over a dozen Ukrainian government website have been down since Friday, following a cyber-attack that also targeted the embassies. Among the embassies impacted were the UK, US and Sweden, as well as the foreign and education ministries. It is still unclea
14-01-2022 15:40

What's Next for Patch Management: Automation
The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.
14-01-2022 15:00

BlueNoroff Threat Group Targets Cryptocurrency Startups
A series of attacks against small and medium-sized businesses has led to major cryptocurrency losses for the victims.
13-01-2022 21:50

Fighting Back Against Pegasus, Other Advanced Mobile Malware
Detecting infection traces from Pegasus and other APTs can be tricky, complicated by iOS and Android security features.
13-01-2022 21:29

New Chrome security measure aims to curtail an entire class of Web attack
Hackers have long used browsers as a beachhead. Google aims for PNA to change that.
13-01-2022 21:09

How to Protect Your Phone from Pegasus and Other APTs
The good news is that you can take steps to avoid advanced persistent threats. The bad news is that it might cost you iMessage. And FaceTime.
13-01-2022 20:35

New Vulnerabilities Highlight Risks of Trust in Public Cloud
Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services.
13-01-2022 18:30

How Cybercriminals Are Cashing in on the Culture of 'Yes'
The reward is always front of mind, while the potential harm of giving out a phone number doesn't immediately reveal itself.
13-01-2022 18:00

Redefining the CISO-CIO Relationship
While these roles have different needs, drivers, and objectives, they should complement each other rather than compete with one another.
13-01-2022 15:00

Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking
The vulnerability was patched this week in Microsoft's set of security updates for January 2022.
13-01-2022 14:45

Lazarus Group, Cobalt Gang and FIN7 the Worst Threat Actors Targeting the Financial Services Sector
A new industry report by Blueliv, an Outpost24 company, has deep dived into the evolving threat landscape that is surrounding the financial services sector. Using advanced threat intelligence gathered by Blueliv’s Threat Compass; the ‘Follow the Money’ r
13-01-2022 14:02

EU to launch Cyberattack simulations on supply chains
Later this week, EU governments will be staging a large-scale cyberattack against multiple of the member states. The attacks will specifically target supply chains and will aim to push governments to coordinate public communications and a diplomatic resp
13-01-2022 10:46

Check If You Have to Worry About the Latest HTTP Protocol Stack Flaw
In this Tech Tip, SANS Institute’s Johannes Ullrich suggests using PowerShell to identify Windows systems affected by the newly disclosed vulnerability in http.sys.
12-01-2022 23:07

Oxeye Introduce Open Source Payload Deobfuscation Tool
Ox4Shell exposes hidden payloads thatare actively being used to confuse security protection tools and security teams.
12-01-2022 22:40

New Research Reveals Public-Sector IAM Weaknesses and Priorities
Auth0 Public Sector Index shows that governments are struggling to provide trustworthy online citizen services.
12-01-2022 22:10

New Cyberattack Campaign Uses Public Cloud Infrastructure to Spread RATs
An attack campaign detected in October delivers variants of Nanocore, Netwire, and AsyncRATs to target user data.
12-01-2022 22:05

Why Is Cyber Assessment So Important in Security?
All the pen testing and tabletop exercises in the world won't help unless an organization has a complete and accurate understanding of its assets.
12-01-2022 20:49

Flashpoint Acquires Risk Based Security
Flashpoint plans to integrate Risk Based Security data and technology into its platform to boost threat intelligence and vulnerability management.
12-01-2022 18:05

Critical Infrastructure Security and a Case for Optimism in 2022
The new US infrastructure law will fund new action to improve cybersecurity across rail, public transportation, the electric grid, and manufacturing.
12-01-2022 18:00

Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.
12-01-2022 15:00

Several EA accounts compromised by phishing mails
Recently, it has been revealed that several EA Sports accounts were compromised by hackers via phishing techniques. The threat-actors exploited EA’s live chat, targeting high-profile players for account takeover. The attackers utilised social engin
12-01-2022 11:28

Let's Play! Raising the Stakes for Threat Modeling With Card Games
On a recent Friday night, three security experts got together to play custom games that explore attack risks in an engaging way.
11-01-2022 23:10

Kiteworks Acquires Email Encryption Leader totemo
Further closes intelligence gap inhibiting companies from tracking and controlling private content communications.
11-01-2022 23:00

Microsoft Kicks Off 2022 With 96 Security Patches
Nine of the Microsoft patches released today are classified as critical, 89 are Important, and six are publicly known.
11-01-2022 22:45

Cloud Apps Replace Web as Source for Most Malware Downloads
Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.
11-01-2022 22:30

Honeywell Adds Deception Tech to Building Automation Systems Security
New OT security platform directs attackers toward phony assets to deflect threats.
11-01-2022 21:31

Enterprise Security at CES 2022 Marked by IoT, Biometrics, and PC Chips
Amid the onslaught of mostly consumer-oriented announcements in Las Vegas, a few key items pertaining to enterprise security emerged.
11-01-2022 19:25

FBI, NSA & CISA Issue Advisory on Russian Cyber Threat to US Critical Infrastructure
Advisory explains how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups.
11-01-2022 19:15

Details Released on SonicWall Flaws in SMA-100 Devices
The most serious of the five vulnerabilities disclosed today can lead to unauthenticated remote code execution on affected devices.
11-01-2022 19:05

Remotely Exploitable NetUSB Flaw Puts Millions of Devices at Risk
A vulnerability in a third-party component used by many networking firms puts consumer and small business routers at risk for remote exploitation.
11-01-2022 18:00

Why the Insider Threat Will Motivate Cyber and Physical Teams to Collaborate More Than Ever in 2022
It's hard to have a crystal ball in the world of security, but if one were to make a safe prediction, it's this: Organizations will need to further integrate their cybersecurity and physical security functions throughout 2022 and beyond. So argues former
11-01-2022 18:00

Businesses Suffered 50% More Cyberattack Attempts per Week in 2021
The rise — partly due to Log4j — helped boost cyberattack attempts to an all-time high in Q4 2021, new data shows.
11-01-2022 16:57

London, UK, January 11, 2022 – Kiteworks, which governs and protects sensitive digital content moving within, into, and out of global enterprises, announced today that Kiteworks and totemo, the leading email encryption gateway provider used by hundreds o
11-01-2022 15:32

Kaspersky Research Uncovers Cybersecurity Budgets, Insurance, and Vendor Expectations for 2022
Kaspersky commissioned a survey in October 2021 targeting 600 employees based in the US and Canada who are key decision makers for the cybersecurity sector within their company.
11-01-2022 15:00

Why Security Awareness Training Should Begin in the C-Suite
It's not just the rights and privileges that CXOs have on the network. They can also set an example of what good security hygiene looks like.
11-01-2022 15:00

5 Things to Know About Next-Generation SIEM
NG-SIEM is emerging as a cloud- and analytics-driven alternative to legacy SIEMs. Based on new research, Omdia highlights five important new insights for anyone considering a NG-SIEM purchase.
11-01-2022 14:00

Cyber attacks on corporations hit record breaking highs
New data has found that the number of global weekly cyberattacks has reached the highest record to date. The data has shown that there were 925 attempts per organization in Q4 2021. The data also revealed that the number of attempted attacks has been on
11-01-2022 13:21

How banks can help counter Human Trafficking
Today marks National Human Trafficking Awareness Day. While predominately recognised in the US, it is for sure a global issue that banks can help address with the right technology and training, according to Brian Ferro, director of AML at Feedzai and cer
11-01-2022 11:43

£92m lost to romance scammers in 2021
Users of dating sites have been warned to be weary of romance scams between Christmas Day and Valentine’s Day. This is because during this time, scammers are out in full force seeking to establish contact and build rapport with victims and extort t
11-01-2022 11:19

DDoS Attacks Increasing Again
Distributed denial-of-service (DDoS) attacks are increasingly being accompanied by huge demands against their marks, according to an annual survey from Cloudflare. Ransom-motivated DDoS attacks increased 29% year-on-year and 175% between Q3 2021 and Q4 2
11-01-2022 10:21

What Editing Crosswords Can Teach Us About Security Leadership
When security leaders look for mistakes, they often find them before customers do.
10-01-2022 23:12

No Significant Intrusions Related to Log4j Flaw Yet, CISA Says
But that could change anytime, officials warn, urging organizations to prioritize patching against the critical remote code execution flaw.
10-01-2022 22:45

Microsoft: macOS 'Powerdir' Flaw Could Enable Access to User Data
The vulnerability could allow an attacker to bypass the macOS Transparency, Consent, and Control measures to access a user's protected data.
10-01-2022 22:05

Microsoft: macOS 'Powerdir' Flaw Could Let Attackers Gain Access to User Data
The vulnerability could allow an attacker to bypass the macOS Transparency, Consent, and Control measures to access a user's protected data.
10-01-2022 22:05

Breach Response Shift: More Lawyers, Less Cyber-Insurance Coverage
Companies are more likely to rely on outside attorneys to handle cyber response in order to contain potential lawsuits. Meanwhile, cyber-insurance premiums are rising but covering less.
10-01-2022 21:09

Developer sabotages his own apps, then claims Aaron Swartz was murdered
Developer throws a wrench in thousands of apps after making malicious updates.
10-01-2022 20:58

FBI Warns FIN7 Campaign Delivers Ransomware via BadUSB
An FBI warning says the FIN7 cybercrime group has sent packages containing malicious USB drives to US companies in an effort to spread ransomware.
10-01-2022 20:15

The Evolution of Patch Management: How and When It Got So Complicated
In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3.
10-01-2022 15:00

source : arstechnica, darkreading, itsecurityguru