Ransomware Attempts Flag as Payments Also Decline

Telecom and business services see the highest level of attacks, but the two most common ransomware families, which continue to be LockBit and Conti, are seen less often.

Watch Out for User Impersonation in Low-Code/No-Code Apps

How a well-meaning employee could unwittingly share their identity with other users, causing a whole range of problems across IT, security, and the business.

Building Guardrails for Autonomic Security

AI's potential for automating security has promise, but there are miles to go in establishing decision-making boundaries.

Netwrix Auditor Bug Could Lead to Active Directory Domain Compromise

IT asset tracker and auditor software has a critical issue with insecure object deserialization that could allow threat actors to execute code, researchers say.

What Are the Risks of Employees Going on a 'Hybrid Holiday'?

As more employees plan on taking longer holidays and working remotely from the destination for part of that time, organizations have to consider the risks. Like Wi-Fi networks.

How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub

Developers need to be cautious about whom they trust on GitHub because it's easy to establish fake credibility on the platform, security vendor warns.

Ex-CIA Programmer Found Guilty of Stealing Vault 7 Data, Giving It to Wikileaks

Joshua Schulte has been convicted for his role in the Vault 7 Wikileaks data dump that exposed invasive US cyber intelligence tactics.

Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine

Researchers who helped thwart the Russian nation-state group's recent attack on Ukraine's power supply will disclose at Black Hat USA what they found while reverse-engineering the powerful Industroyer2 malware used by the powerful hacking team.

How Hackers Create Fake Personas for Social Engineering

And some ways to up your game for identifying fabricated online profiles of people who don't exist.

Bishop Fox Secures $75 Million in Growth Funding From Carrick Capital Partners

Offensive security leader continues to defy market and economic trends with record growth and recognized innovation.

DHS Review Board Deems Log4j an 'Endemic' Cyber Threat

Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.

New Phishing Kit Hijacks WordPress Sites for PayPal Scam

Attackers use scam security checks to steal victims' government documents, photos, banking information, and email passwords, researchers warn.

Scribe Security Releases Code Integrity Validator Alongside Github Security Open Source Project

Developers can now rest assured that the code they are using, as well as their GitHub accounts, are safe.

AEI HorizonX Ventures Joins Shift5 Series B Funding Round

Investment bolsters Shift5’s traction within commercial aerospace and defense industries.

Data of Nearly 2M Patients Exposed in Ransomware Attack on Healthcare Debt Collection Firm

Professional Finance Company (PFC) was hit in February 2022 by a ransomware attack.

Is Cryptocurrency's Crash Causing Headaches for Ransomware Gangs?

Bitcoin is down more than 70% from its highs late last year, causing disruptions for cybercriminals and the underground exchanges that fuel the dark markets.

Virtual CISOs Are the Best Defense Against Accelerating Cyber-Risks

A poor, permanent hire can be a very expensive error, whereas a mis-hire on a virtual CISO can be rapidly corrected.

The Next Generation of Threat Detection Will Require Both Human and Machine Expertise

To be truly effective, threat detection and response need to combine the strengths of people and technology.

Data Breaches Linked to Ransomware Declined in Q2 2022

Phishing retained its place as the top root cause of data compromises, according to new data from the Identity Theft Resource Center (ITRC).

Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs

"Retbleed" bypasses a commonly used mechanism for protecting against a certain kind of side-channel attack.

CyberRatings.org Issues AAA Rating on Forcepoint's Cloud Network Firewall

Forcepoint's test results are second in a series of publications on this new technology.

Report: Financial Institutions Overly Complacent About Current Authentication Methods

New research report finds most financial organizations have experienced a breach due to an authentication weakness, yet only a third took action

Mozilla: EU's eIDAS Proposal Attracts Growing Criticism

In the wrong hands, the changes could enable state-sponsored internet surveillance says Mozilla's Chief Security Officer

Nearly Half of Enterprise Endpoints Present Significant Security Risks

.

MacOS Bug Could Let Malicious Code Break Out of Application Sandbox

Microsoft reveals now-fixed flaw in Apple's App Sandbox controls could allow attackers to escalate device privileges and deploy malware.

The 3 Critical Elements You Need for Vulnerability Management Today

Most organizations are flying blind when remediating vulnerabilities. We lack the tooling to secure software fast enough. We need a new approach to vulnerability management now.

Internet Searches Reveal Surprisingly Prevalent Ransomware

Two mostly defunct threats — WannaCry and NonPetya — top the list of ransomware searches, but does that mean they are still causing problems?

3 Golden Rules of Modern Third-Party Risk Management

It's time to expand the approach of TPRM solutions so risk management is more effective in the digital world.

Survey: Small Cybersecurity Teams Face Greater Risk from Attacks than Larger Enterprises

Cynet CISO survey reveals lack of staff, skills, and resources driving smaller teams to outsource security with advanced tools, technologies, and services.

Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication

The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials.

US Government and QuSecure Orchestrate First-Ever Post-Quantum Encryption Communication over a Government Network

QuSecure’s QuProtect leverages unique post-quantum cryptographic algorithm on government legacy systems to achieve world’s first and only post-quantum resilient channel within a government facility.

New Research Reveals 93% of Organizations Surveyed Have Had Failed IIoT/OT Security Projects

Barracuda research finds organizations are struggling to protect operational technology and getting breached as a result.

Keep Humans in the Loop in SOC Operations

Machine learning and automation can help free up security pros for higher-value tasks.

Exostar Empowers SMBs with Enhanced, Low-Cost, Easy-to-Use Microsoft 365 and CMMC 2.0 Solutions

Upgrades to the Exostar platform promote secure, compliant collaboration and handling of controlled unclassified information.

QuickBooks Vishing Scam Targets Small Businesses

Businesses receive an invoice via email with a credit card charge and are asked to call a fake number and hand over personal information to receive a refund.

Getting Up and Running with Windows Autopatch

This Tech Tip outlines how system administrators can get started with automated continuous patching for their Windows devices and applications.

PyPI Mandates 2FA, Plans Google Titan Key Giveaway

Python's most popular package manager is intent on securing the supply chain by requiring developers to enable two-factor authentication.

Core Security by HelpSystems Introduces New Ransomware Simulator

.

Privitar Announces Kormoon Acquisition, Extending Data Privacy and Provisioning Capabilities

.

Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now

July's security update included fixes for one actively exploited flaw, more than 30 bugs in Azure Site Recovery, and four privilege escalation bugs in Windows Print Spooler.

Understanding the Omdia Threat Detection Data Life Cycle

Data quality is key in an effective TDIR solution. Omdia's threat detection data life cycle highlights the considerations for effective data-driven threat detection.

Don't Have a COW: Containers on Windows and Other Container-Escape Research

Several pieces of Black Hat USA research will explore container design weaknesses and escalation of privilege attacks that can lead to container escapes.

One-Third of Users Without Security Awareness Training Click on Phishing URLs

New data from security training provider shows half of untrained users in consulting, energy, and healthcare industries fall for phishing attacks.

5 Traits That Differentiate CISOs From CIROs

Chief information risk officers must have a keen understanding of — and interaction with — the business.

Deloitte Launches Zero Trust Access, a New Managed Security Service

.

How Confidential Computing Locks Down Data, Regardless of Its State

Whether data's in motion, at rest, or in use, confidential computing makes moving workloads to the public cloud safer, and can enhance data security in other deployments.

Accessible Cybersecurity Awareness Training Reduces Your Risk of Cyberattack

If you're not teaching all of your employees proper security hygiene, you are leaving the door open to risk. Close that door by providing accessible training.

Ransomware Scourge Drives Price Hikes in Cyber Insurance

Cybersecurity insurance costs are rising, and insurers are likely to demand more direct access to organizational metrics and measures to make more accurate risk assessments.

Paladin Cloud Launches New Cloud Security and Governance Platform

The new open source security-as-code platform will help developers and security teams automatically detect security policy violations across the organization's cloud infrastructure.

Fake Google Software Updates Spread New Ransomware

"HavanaCrypt" is also using a command-and-control server that is hosted on a Microsoft Hosting Service IP address, researchers say.

'Luna Moth' Group Ransoms Data Without the Ransomware

Unsophisticated campaigns use off-the-shelf RATs and other tools to exfiltrate data and demand a ransom to keep it private.

Online Payment Fraud Expected to Cost $343B Over Next 5 Years

Fraudster innovation will continue to drive successful phishing, business email compromise, and socially engineered attacks, researchers say.

Omdia: Sustainability Ranks Top on Data Center Operators’ Agendas Despite Cost and Reliability Barriers

.

Proposed SEC Rules Require More Transparency About Cyber-Risk

The new guidelines would require public companies to file periodic disclosures about their cybersecurity practices and notify the SEC within 96 hours of a material breach.

Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better

Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams more inclusive and more representative.

New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials

Scams pressure victims to "resolve an issue that could impact their status, business."

Microsoft Reverses Course on Blocking Office Macros by Default

Security experts criticize company for reversing course, albeit temporarily, on a decision it made just this February to block macros in files downloaded from the Internet.

DoJ Charges CEO for Dealing $1B in Fake Cisco Gear

Fraudster allegedly passed off refurbished, modified Cisco equipment as new to hospitals, schools, and even the military.

SOAR Market Worth $2.3 Billion by 2027, According to Exclusive Report by MarketsandMarkets

.

Welcome-Back-to-the-Future Shock

This year's RSA Conference saw a strange mix of selling the future and the past — for good reason.