Thu.Jun 23, 2022

Vendor Impersonation Competing with CEO Fraud

KnowBe4

Researchers at Abnormal Security have observed an increase in vendor impersonation in business email compromise (BEC) attacks. Social Engineering CEO Fraud

Ping Identity Debuts $50M Venture Fund to Back IAM Startups

Data Breach Today

Ping Ventures Will Support Startups Building the Next Generation of Identity Tools Ping Identity is making a $50 million bet it can integrate cutting-edge technology into its own stack through a new in-house corporate venture fund to support identity and access management technology startups. "We

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: New SEC rules aim to help C-levels, board members quantify cyber risks

The Last Watchdog

The U.S. Securities and Exchange Commission (SEC) is taking steps to crack down on insufficient cyber risk reporting. Related : Making third-party risk audits actionable. Seeking to minimize cybersecurity threat effects, the SEC has proposed several amendments requiring organizations to report on cyber risk in a “fast, comparable, and decision-useful manner.”. Worryingly, threats are beginning to outpace organizations’ ability to effectively prevent and respond to them.

Risk 155

Federal Authorities Warn of Cardio Product Security Flaws

Data Breach Today

Vulnerabilities Contained in Certain Hillrom Medical Electrocardiographs A popular line of portable electrocardiographs contains vulnerabilities that allow hackers to execute commands and access sensitive information, federal authorities warn.

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

Cyberattackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign

Dark Reading

Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions

Cloud 106

More Trending

The Rise, Fall, and Rebirth of the Presumption of Compromise

Dark Reading

The concept might make us sharp and realistic, but it's not enough on its own

IT 95

Russian Onslought of Cyberattacks Against Ukraine and Supporters Underscored By Microsoft

Data Breach Today

Data Wipers And Phishing Are Weapons In the Kremlin's War A report from the company behind the world's most ubiquitous operating system depicts active cyber scrimmage between Russia and Ukraine and Russia and a slew of other countries.

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Security Affairs

China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language.

Cybercrime: Conti Ransomware Retools After Backing Moscow

Data Breach Today

The latest edition of the ISMG Security Report investigates the reboot of ransomware group Conti, which supports Russia's invasion of Ukraine. It also discusses why paying ransomware actors is a "business decision" and how to respond to the talent shortage in the financial sector

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

Amazon Prime Day 2022 is Coming: Here are Quick Cybersecurity Tips to Help You Stay Safe

KnowBe4

Amazon Prime Days this year are July 12 - 13th 2022. As a result, cybercriminals are taking every step to capitalize on the holiday with new phishing attacks. I have been getting asked about common types of Amazon-related scams and wanted to share what to look out for. Social Engineering Phishing

MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security

Dark Reading

The credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page

Top Security Tools & Software for SMBs in 2022

eSecurity Planet

Small businesses generally don’t have time to dip into logs several times a day, monitor every aspect of endpoint security via complex management consoles, or jump from point product to point product to stay on top of security.

MDM 90

Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft

Dark Reading

Bronze Starlight’s use of multiple ransomware families and its victim-targeting suggest there’s more to the group’s activities than just financial gain, security vendor says

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

Technology, Microlearning, and its Impact on Users and Cybersecurity

KnowBe4

Technology is everywhere in society these days from our communication, shopping, and commerce capabilities. Whether email, online purchases, or using the blockchain, it amounts to large amounts of data collected about people. All this data, while easy to store, is also harder to manage and protect.

80% of Legacy MSSP Users Planning MDR Upgrade

Dark Reading

False positives and staff shortages are inspiring a massive managed detection and response (MDR) services migration, research finds

89

QNAP warns of a critical PHP flaw that could lead to remote code execution

Security Affairs

Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor QNAP is addressing a critical PHP vulnerability, tracked as CVE-2019-11043 (CVSS score 9.8 out of 10), that could be exploited to achieve remote code execution.

How APTs Are Achieving Persistence Through IoT, OT, and Network Devices

Dark Reading

To prevent these attacks, businesses must have complete visibility into, and access and management over, disparate devices

IoT 87

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

Google Warns of New Spyware Targeting iOS and Android Users

WIRED Threat Level

The spyware has been used to target people in Italy, Kazakhstan, and Syria, researchers at Google and Lookout have found. Security Security / Cyberattacks and Hacks Security / Security News

Pair of Brand-New Cybersecurity Bills Become Law

Dark Reading

Bipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments

Introducing the Mac Admins Foundation

Jamf

A new nonprofit organization birthed from the thriving Slack community is working to enhance access and development for IT professionals working with Apple devices

Access 114

Reinventing How Farming Equipment Is Remotely Controlled and Tracked

Dark Reading

Farmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

On the Subversion of NIST by the NSA

Schneier on Security

Nadiya Kostyuk and Susan Landau wrote an interesting paper: “ Dueling Over DUAL_EC_DRBG: The Consequences of Corrupting a Cryptographic Standardization Process “: Abstract: In recent decades, the U.S.

Pre-Hijacking of Online Accounts are the Latest Method for Attackers to Impersonate and Target

KnowBe4

Rather than run a complex credential harvesting phishing scam, attackers use existing information about their victim and hijack a popular web service account *before* it’s created. Phishing

IT 77

Yodel Hack Leaves Millions Waiting for Parcel Deliveries

IT Governance

The delivery service company Yodel has suffered a “cyber incident” resulting in widespread disruption. Customers awaiting deliveries noted that Yodel’s systems went offline last weekend, and that they have been unable to receive updates since then.

IT 75

NSO Group told lawmakers that Pegasus spyware was used by at least 5 European countries

Security Affairs

The Israeli surveillance firm NSO Group revealed that its Pegasus spyware was used by at least five European countries. The controversial Israeli surveillance vendor NSO Group told the European Union lawmakers that its Pegasus spyware was used by at least five countries in the region.

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

Phishing Scammers Leverage Telegraph’s Loose Governance to Host Crypto and Credential Scams

KnowBe4

The free and unmonitored webpage publishing platform has been identified as being used in phishing scams dating back as early as mid-2019, as a key part to bypass security solutions. Phishing

ShiftLeft: Focus On 'Attackability' To Better Prioritize Vulnerabilities

Dark Reading

ShiftLeft's Manish Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability

72

“Failure to Authenticate” Wire Transaction at the Heart of a Cyber Insurance Appeal Case

KnowBe4

Lawsuits over denied cyber insurance claims provide insight into what you should and shouldn’t expect from your policy – and that actions by your own users may make the difference. Security Awareness Training