Sat.Aug 27, 2022 - Fri.Sep 02, 2022

Business Email Compromise: Secret Service on How to Respond

Data Breach Today

Federal Law Enforcement Agents Offer Tips on Improving Detection, Rapid Response Ransomware gets the headlines, and phishing sets off the most alerts, but business email compromise costs enterprises the most - more than $43 billion since 2016.

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

The Last Watchdog

Web application attacks directed at organizations’ web and mail servers continue to take the lead in cybersecurity incidents. Related: Damage caused by ‘business logic’ hacking. This is according to Verizon’s latest 2022 Data Breach Investigations Report ( DBIR ). In the report’s findings, stolen credentials and exploited vulnerabilities are the top reasons for web breaches. This year, these were the top reasons for web breaches. •A

A study on malicious plugins in WordPress Marketplaces

Security Affairs

A group of researchers from the Georgia Institute of Technology discovered malicious plugins on tens of thousands of WordPress sites.

CMS 110

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

A new Google bug bounty program now covers Open Source projects?

Security Affairs

Google this week launched a new bug bounty program that covers the open source projects of the IT giant. Google launched a new bug bounty program as part of the new Open Source Software Vulnerability Rewards Program (OSS VRP) that covers the source projects of the IT giant.

More Trending

Black Hat Fireside Chat: Taking the fight to the adversaries — with continuous, proactive ‘pen tests’

The Last Watchdog

Penetration testing – pen tests – traditionally have been something companies might do once or twice a year. Related : Cyber espionage is on the rise. Bad news is always anticipated. That’s the whole point. The pen tester’s assignment is to seek out and exploit egregious, latent vulnerabilities – before the bad guys — thereby affording the organization a chance to shore up its network defenses. Pen testing has limitations, of course.

FTC Sues Data Broker

Schneier on Security

This is good news: The Federal Trade Commission (FTC) has sued Kochava, a large location data provider, for allegedly selling data that the FTC says can track people at reproductive health clinics and places of worship, according to an announcement from the agency.

The Key To Compliance? Third-Party Management

Data Breach Today

Getting a Grip on Third-Party Access They’re necessary contributors to the business ecosystem, but there’s risk associated with third-party remote access, including bad actors lurking around every access point

Final Thoughts on Ubiquiti

Krebs on Security

Last year, I posted a series of articles about a purported “breach” at Ubiquiti. My sole source for that reporting was the person who has since been indicted by federal prosecutors for his alleged wrongdoing – which includes providing false information to the press.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

The Makings of a Successful Threat-Hunting Program

Dark Reading

Threat hunters can help build defenses as they work with offensive security teams to identify potential threats and build stronger threat barriers

Another Ransomware For Linux Likely In Development

Security Affairs

Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format ( ELF ) ransomware which encrypts the files inside Linux systems based on the given folder path.

Russia-Ukraine War: Role of Hacktivists Vastly Overestimated

Data Breach Today

Lost in Translation? New Cryptomining Malware Attacks Based in Turkey Cause Suspicion

KnowBe4

Researchers at Check Point warn that attackers based in Turkey are distributing cryptomining malware via free software distribution websites, including Softpedia and uptodown. The malicious apps appear to be legitimate, but have malware packaged within them. Malware Cryptomining

108
108

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Phishing Campaign Targets PyPI Users to Distribute Malicious Code

Dark Reading

The first-of-its-kind campaign threatens to remove code packages if developers don’t submit their code to a "validation" process

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies.

Okta-Auth0 Sales Integration Falters, Fueling Staff Turnover

Data Breach Today

Okta CEO Todd McKinnon on How SMS Tokens Put Customers in Danger During Twilio Hack There’s been an unintended effect from Okta’s acquisition of customer identity giant Auth0. It confused its own sales force with similar CIAM products. Salespeople quit.

Sales 218

So, Your MFA is Phishable, What To Do Next

KnowBe4

We’ve written a lot about multi-factor authentication (MFA) not being the Holy Grail to prevent phishing attacks, including here: Phishing Password Security MFA

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Ragnar Locker Brags About TAP Air Portugal Breach

Dark Reading

TAP assures its customers that it stopped data theft in a recent cyberattack, but the Ragnar Locker ransomware group says it made off with user info

Three campaigns delivering multiple malware, including ModernLoader and XMRig miner

Security Affairs

Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners.

Tenable CEO on What's New in Cyber Exposure Management

Data Breach Today

Amit Yoran Shares Why Tenable Has Doubled Down on Analytics and OT Security Tenable wants to help the cybersecurity industry move away from traditional vulnerability management focused on giving customers a list of vulnerabilities.

Phishing Attacks Leveraging Legitimate SaaS Platforms Soars 1100%

KnowBe4

As threat actors look for ways to evade detection by security solutions, the use of cloud applications has seen a material jump in the last 12 months, according to new data. Phishing

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams

Dark Reading

The expanding Internet of Things ecosystem is seeing a startling rate of vulnerability disclosures, leaving companies with a greater need for visibility into and patching of IoT devices

IoT 107

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Security Affairs

Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group.

Twilio-Linked Phishing Campaign Also Targets DoorDash

Data Breach Today

Unusual Activity' By Third-Party Service Provider to Blame Food delivery firm DoorDash says its customers and employees have been impacted by the phishing attack on its third-party service provider.

LockBit Ransomware Group Steps Up Their Game with Triple Extortion as the Next Evolution

KnowBe4

After suffering a taste of their own medicine as part of a response effort from victim organization Entrust, LockBit appears to have bounced back even stronger than before. Ransomware

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

The Inevitability of Cloud Breaches: Tales of Real-World Cloud Attacks

Dark Reading

While cloud breaches are going to happen, that doesn't mean we can't do anything about them. By better understanding cloud attacks, organizations can better prepare for them. First of two parts

Cloud 107

Attack infrastructure used in Cisco hack linked to Evil Corp affiliate

Security Affairs

Researchers discovered that the infrastructure used in Cisco hack was the same used to target a Workforce Management Solution firm.

Report: Organ Transplant Data Security Needs Strengthening

Data Breach Today

United Network of Organ Sharing Security and IT Management Under Scrutiny The national network for connecting medical centers with donated human organs faces doubts about its ability to secure data amid concerns about its IT infrastructure.