July, 2022

Why Are Ransomware Attacks Intensifying?

Data Breach Today

The latest edition of the ISMG Security Report analyzes why the number of ransomware attacks and the amounts being paid in ransoms are both on the rise. It also discusses today's cyberthreat landscape and whether organizations should rely on user training to improve security

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization

Dark Reading

The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams

IT 114

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

The Last Watchdog

Phishing itself is not a new or a particularly complicated threat. But the emergence of advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises. Related: Deploying human sensors. Phishing comes with a simple premise – lure someone to interact with a malicious link, file, or credentials-input, disguised as a legitimate email or website. The financial impact of phishing attacks quadrupled over the past six years, with the average cost for U.S.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras.

More Trending

H0lyGh0st Ransomware Linked to North Korean Hackers

Data Breach Today

Small and Mid-Size Businesses Targeted Globally But So Far Extortion Attempts Have Failed Microsoft security researches say they're tracking a hacking group originating from North Korea that may be a side project of an established threat actor.

Experian, You Have Some Explaining to Do

Krebs on Security

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs.

The Beautiful Lies of Machine Learning in Security

Dark Reading

Machine learning should be considered an extension of — not a replacement for — existing security methods, systems, and teams

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

Gathering intelligence has always been a key tool for organisational decision making – understanding the external operating environment is the ‘101’ for business. How can you grasp the challenges and opportunities for your company without a deep understanding of all the contributing factors that make the company tick? Related: We’re in the golden age of cyber espionage.

Risk 195

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

A database containing data of 5.4 million Twitter accounts available for sale

Security Affairs

Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform.

Sales 114

How Tor Is Fighting—and Beating—Russian Censorship

WIRED Threat Level

Russia has been trying to block the anonymous browser since December—with mixed results. Security Security / Security News

Microsoft Says Phishing Campaign Skirted MFA to Access Email

Data Breach Today

Attackers Targeted More Than 10,000 Organizations Since Last September Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server. Attackers stole online session cookies, allowing them to defeat MFA and access inboxes.

Access 284

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

The 911 service as it exists today.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

The Kronos Ransomware Attack: What You Need to Know So Your Business Isn't Next

Dark Reading

Identify your business's security posture and head off ransomware attacks with third-party risk management and vendor security assessments

Risk 114

GUEST ESSAY: The post-pandemic challenges of securely managing employee endpoints

The Last Watchdog

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat. Related: Deploying human sensors. Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say.

MDM 170

Fortinet addressed multiple vulnerabilities in several products

Security Affairs

Fortinet released security patches to address multiple High-Severity vulnerabilities in several products of the vendor. Fortinet addressed multiple vulnerabilities in several products of the vendor.

New Highly-Evasive Linux Malware Infects All Running Processes

eSecurity Planet

Intezer Labs security researchers have identified a sophisticated new malware that targets Linux devices. Dubbed OrBit , the malware can gain persistence quickly, evade detection and hide its presence in network activity by manipulating logs.

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Phishing-as-a-Service Platform Offers Cut-Rate Prices

Data Breach Today

Customers of 'Robin Banks' Platform Have Netted $500,000 Fifty bucks gets cybercriminals access to a phishing-as-a-service platform for campaigns impersonating major brands in the United States and other English-speaking countries.

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

The 911 service as it existed until July 28, 2022. re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations.

Trojanized Password Crackers Targeting Industrial Systems

Dark Reading

Tools purporting to help organizations recover lost passwords for PLCs are really droppers for malware targeting industrial control systems, vendor says

GUEST ESSAY: The case for physically destroying — and not just wiping clean — old hard drives

The Last Watchdog

Cybersecurity poses a risk to all businesses. Related: Biden moves to protect critical infrastructure. Dataprot reports that 59 percent of Americans have experienced cybercrime in the past. An estimate stated that $6 trillion worth of damage was caused by cybercrime in 2022, making it vital for businesses to securely destroy data. Deleting information from a hard disk drive (HDD) is not enough. Hackers can recover data from physical drives, even when the information has been removed.

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

New Luna ransomware targets Windows, Linux and ESXi systems

Security Affairs

Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems.

The Danger of License Plate Readers in Post-Roe America

WIRED Threat Level

Known as ALPRs, this surveillance tech is pervasive across the US—and could soon be used by police and anti-abortion groups alike. Security Security / Privacy

Search Here: Ransomware Groups Refine High-Pressure Tactics

Data Breach Today

Free Searching on Stolen Data and Higher Ransom Demands Among Latest Innovations Seeking maximum profits, ransomware groups continually refine the tactics they use to bypass defenses, infect victims and pressure them into paying.

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

Microleaves , a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, recently fixed a vulnerability in their website that exposed their entire user database.

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware

Dark Reading

Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests

GUEST ESSAY: How amplified DDoS attacks on Ukraine leverage Apple’s Remote Desktop protocol

The Last Watchdog

Cyber-attacks continue to make headlines, and wreak havoc for organizations, with no sign of abating. Having spiked during the COVID-19 pandemic, threats such as malware, ransomware, and DDoS attacks continue to accelerate. Related: Apple tools abuse widespread. A10’s security research team recorded a significant spike in the number of potential DDoS weapons available for exploitation in 2021 and early 2022.

Three UEFI Firmware flaws found in tens of Lenovo Notebook models

Security Affairs

IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models.