Mon.Nov 21, 2022

Chinese APT Using Google Drive, Dropbox to Drop Malware

Data Breach Today

Evolved Mustang Panda Malware Targets Government, Education, Other Sectors Globally A large-scale cyberespionage campaign by notorious China-based advanced persistent threat actor Mustang Panda is targeting government, academic and other sectors globally.

Expert published PoC exploit code for macOS sandbox escape flaw

Security Affairs

A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Regu?a

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Central Depository Attack Delays Trade Settlement in India

Data Breach Today

Systems Are Back Online But Brokers Say Some Systems Are Still Affected Trade-related services resumed Monday at Central Depository Services Ltd. in India, days after trading was suspended during a cyberattack Friday.

Retailers: Credential Harvesting Attacks Are the “Big Thing” This Year for the Holiday Season

KnowBe4

New data polled from analysts and members of the retail industry about their security focus is this holiday season reveals the kinds of attacks every organization should be preparing for. Phishing

6 Steps to More Streamlined Data Modeling

Are you a developer, database architect, or database administrator that's new to Cassandra, but been tasked with developing a plan for implementing the technology anyway? Worry no more. Discover a streamlined methodical approach to Apache Cassandra® data modeling.

5 Hospital Workers Charged with Selling Patient Information

Data Breach Today

Data of Patients Hurt in Auto Accidents Allegedly Sold to Chiropractors, Attorneys Authorities charged six people, including five former Tennessee hospital workers, with conspiracy in disclosing health data.

More Trending

RSA CEO Rohit Ghai on Authenticating Users to Mobile Devices

Data Breach Today

How to Defend BYOD Devices Without Installing Software or Creating Friction The divide between mobile app detection and IAM has fueled cyber incidents and breaches as remote work has expanded.

2022 Black Friday and Cyber Monday Scams

KnowBe4

In years gone by, Black Friday was a 24-hour rush to the shops (you remember those places with actual people and merchandise that you could touch) where there was a set time for you to grab a bargain. People arrived at the shops the night before waiting in line for the doors to open.

Covering Data Breaches in an Ethical Way

Data Breach Today

How Do We Avoid Data Dump Voyeurism and Victim Shaming? Data breaches are tricky to cover, and we want to report on them in an ethical way.

Microsoft Warns of Rise in Stolen Cloud Tokens Used to Bypass MFA

Dark Reading

Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

Cybersecurity Analysis of the FTX Crypto Heist: Part One

Data Breach Today

On the heels of the recent FTX financial meltdown came the theft of millions of dollars that left thousands of investors, exchanges and others in the lurch. Hugh Brooks, director of security operations at CertiK, shares how the funds may have been stolen and what happens next

Breaking the Zeppelin Ransomware Encryption Scheme

Schneier on Security

Luna Moth's Novel, Malware-Free Extortion Campaign Takes Flight

Dark Reading

Luna Moth is relying solely on call-back phishing, as well as legitimate tools, to steal data and extract ransoms from victims of all stripes in an expanding cyberattack effort

4 out of 10 Emails are Unwanted as nearly 40% of all Attacks Start with Phishing

KnowBe4

New data focused on emails sent through Microsoft 365 highlights the methods used to ensure a successful attack beginning with a malicious email. Phishing Email Security

10 Rules to More Streamlined Data Modeling

Apache Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn 10 rules that will help you perfect your Kafka system to get ahead.

Time to Get Kids Hacking: Our 2022 Holiday Gift Guide

Dark Reading

Check out our slideshow of 10 fun games and toys that teach programming principles, electronics, and engineering concepts to get kids ready to hack the planet

77

Octocrypt, Alice, and AXLocker Ransomware, new threats in the wild

Security Affairs

Experts from Cyble Research and Intelligence Labs (CRIL) discovered three new ransomware families: AXLocker, Octocrypt, and Alice Ransomware. Threat intelligence firm Cyble announced the discovery of three new ransomware families named AXLocker, Octocrypt, and Alice Ransomware.

Autonomous Vehicles Join the List of US National Security Threats

WIRED Threat Level

Lawmakers are growing concerned about a flood of data-hungry cars from China taking over American streets. Security Security / National Security

10 Million Health Records from Australian Insurer Medibank are Leaked After Refusing to Pay the Ransom

KnowBe4

The aftermath of a ransomware attack last month demonstrates just how bad an attack can get when the cybercriminals don’t get what they want. Phishing Ransomware

Powering Personalization Through Customer Data

Finding the right CDP can help unlock the value of your customer data. This eBook offers guidance on choosing, deploying, and utilizing a CDP, along with a case study on how one bank put data into action to forge stronger connections with customers.

Investors Are Pouring Cash Into These 10 Cybersecurity Startups

Dark Reading

Following the dollars reveals pen-test and intrusion-detection startups are the most attractive to investors right now, collectively getting more than $3 billion in funding

This New Phishing Kit Flies Under the Radar of Antivirus Software

KnowBe4

Akamai researchers have discovered a new phishing campaign that targets United States consumers with fake holiday offers, TechRadar reports. Fake landing pages created by threat actors attempt to steal victim's credit card information. Phishing

Major Security Breach From Business Users' Low-Code Apps Could Come in 2023, Analysts Warn

Dark Reading

Here's what that means about our current state as an industry, and why we should be happy about it

IT 74

MFA Fatigue Attacks

KnowBe4

Researchers at Specops Software describe a technique attackers are using to bypass multi-factor authentication (MFA).

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

#BeCyberSmart All Year Round With Educational Resources From Microsoft

Dark Reading

Improved cyber hygiene keeps users and their identities, devices, and data more secure and reduces the organization’s risk exposure

Over One-Third of Companies Who Pay the Ransom are Targeted for a Second Time

KnowBe4

Despite the somewhat logical notion that once you’ve paid the ransom, the attack is over, new data shows that paying the ransom doesn’t help you anywhere near how much you think it does. Social Engineering Ransomware

IT 72

A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup

WIRED Threat Level

A 500-page document reviewed by WIRED shows that Corellium engaged with several controversial companies, including spyware maker NSO Group. Security Security / National Security Security / Privacy

Google Releases YARA Rules to Disrupt Cobalt Strike Abuse

Dark Reading

The popular pen-testing tool is often cracked and repurposed by threat actors. Google now has a plan to address that

70

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Google provides rules to detect tens of cracked versions of Cobalt Strike

Security Affairs

Researchers at Google Cloud identified 34 different hacked release versions of the Cobalt Strike tool in the wild. Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named ‘Beacon’ on the victim machine.

Cloud 69

Better Together: Why It's Time for Ops and Security to Converge

Dark Reading

Threat actors are becoming only more sophisticated and determined

IT 69

Google won a lawsuit against the Glupteba botnet operators

Security Affairs

Google won a lawsuit filed against two Russian nationals involved in the operations of the Glupteba botnet. This week, Google announced it has won a nearly year-long legal battle against the Glupteba botnet.