June, 2022

Highlights of RSA Conference 2022

Data Breach Today

The latest edition of the ISMG Security Report includes highlights and observations from RSA Conference 2022, including a key message from RSA CEO Rohit Ghai. It also discusses the value of automation and the Cybersecurity and Infrastructure Security Agency's mission to grow cyber talent

KrebsOnSecurity in New Netflix Series on Cybercrime

Krebs on Security

Netflix has a new documentary series airing next week — “ Web of Make Believe: Death, Lies & the Internet ” — in which Yours Truly apparently has a decent amount of screen time.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly

The Last Watchdog

What is it about the elderly that makes them such attractive targets for cybercriminals? A variety of factors play a role. Related: The coming of bio-digital twins. Unlike many younger users online, they may have accumulated savings over their lives — and those nest eggs are a major target for hackers. Now add psychological variables to the mix of assets worth stealing. Perhaps elderly folks who haven’t spent a lot of time online are easier to deceive.

On the Dangers of Cryptocurrencies and the Uselessness of Blockchain

Schneier on Security

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019.

Cyber Security, Change Management and Enterprise Risk Management: Scaling Operations for Growth

Speaker: William Hord, Vice President of Risk Management and Compliance

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

7 Ways to Avoid Worst-Case Cyber Scenarios

Dark Reading

In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data

IT 114

More Trending

ISMG Editors: Are We Closing in on a Federal Privacy Law?

Data Breach Today

The State of Passwordless in 2022, New Identity Technologies In the latest weekly update, Jeremy Grant, coordinator of the Better Identity Coalition, joins three editors at ISMG to discuss important cybersecurity issues, including where we are with passwordless, if we are getting closer to a U.S.

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Krebs on Security

At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee ) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email.

RSAC insights: Malware is now spreading via weaponized files circulating in data lakes, file shares

The Last Watchdog

The zero trust approach to enterprise security is well on its way to mainstream adoption. This is a very good thing. Related: Covid 19 ruses used in email attacks. At RSA Conference 2022 , which takes place next week in San Francisco, advanced technologies to help companies implement zero trust principals will be in the spotlight. Lots of innovation has come down the pike with respect to imbuing zero trust into two pillars of security operations: connectivity and authentication.

Police Linked to Hacking Campaign to Frame Indian Activists

WIRED Threat Level

New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest. Security Security / Cyberattacks and Hacks

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

AI Is Not a Security Silver Bullet

Dark Reading

AI can help companies more effectively identify and respond to threats, as well as harden applications

Russian APT28 hacker accused of the NATO think tank hack in Germany

Security Affairs

The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28.

FBI: Hospital Averted 'Despicable' Iranian Cyberattack

Data Breach Today

FBI Director Says Boston Children's Hospital Was Targeted Last Summer Boston Children's Hospital thwarted a cyberattack by government-backed Iranian hackers last summer after U.S.

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

Authorities in the United States, Germany, the Netherlands and the U.K.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

The Last Watchdog

The Deep & Dark Web is a mystery to most in the mainstream today: many have heard about it, but few understand just a fraction of what’s going on there. Related: ‘IABs’ spread ransomware. Planning your roadmap, executing your projects, and keeping an eye on the barrage of ransomware headlines, it’s understandable if you and your team are feeling some anxiety. Cyber anxiety can indeed be paralyzing, but new software solutions have the potential to become game-changers for IT departments.

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Schneier on Security

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act ; and S. 2710, the Open App Markets Act.

Microsoft 365 Users in US Face Raging Spate of Attacks

Dark Reading

A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. Resecurity, Inc. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft.

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

The Evolution of Phishing From Email to SMS and Voice Hacks

Data Breach Today

KnowBe4's Roger Grimes on Why MFA Alone Isn't a Successful Hack Prevention Strategy Phishing is no longer restricted to just emails.

Ransomware Group Debuts Searchable Victim Data

Krebs on Security

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying.

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

The Last Watchdog

Third-Party Risk Management ( TPRM ) has been around since the mid-1990s – and has become something of an auditing nightmare. Related: A call to share risk assessments. Big banks and insurance companies instilled the practice of requesting their third-party vendors to fill out increasingly bloated questionnaires, called bespoke assessments, which they then used as their sole basis for assessing third-party risk. TPRM will be in the spotlight at the RSA Conference 2022 next week in San Francisco.

Risk 177

Symbiote Backdoor in Linux

Schneier on Security

Interesting : What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines.

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

Feds Take Down Russian 'RSOCKS' Botnet

Dark Reading

RSOCKS commandeered millions of devices in order to offer proxy services used to mask malicious traffic

111
111

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors.

IT 114

Securing Digital Payments in the Future

Data Breach Today

Mastercard's Nick Coleman Discusses 'Threatcasting' and Real-Time Payments Ten years from now, "the ability to transact on a global basis will continue," says Nick Coleman, CSO, real-time payments at MasterCard, who adds, "Maybe my car will buy stuff for me."

What Counts as “Good Faith Security Research?”

Krebs on Security

The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases.

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

SHARED INTEL: VCs pumped $21.8 billion into cybersecurity in 2021 — why there’s more to come

The Last Watchdog

At the start of this year, analysts identified a number of trends driving the growth of cybersecurity. Among them: an expanding digital footprint, growing attack surfaces, and increasing government regulation. Related: Taking API proliferation seriously. Last year saw an unprecedented $21.8 billion in venture capital poured into cybersecurity companies globally. Investors more than doubled down in 2021, increasing investment by about 145 percent.

Facebook Phishing Scam Steals Millions of Credentials

KnowBe4

Researchers at PIXM have uncovered a major Facebook Messenger phishing scam that’s “potentially impacted hundreds of millions of Facebook users.” More than eight million people have visited just one of these phishing pages so far this year. Phishing

Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware

Dark Reading

Most of the attacks involve the use of automated exploits, security vendor says