Mysterious, Cloud-Enabled macOS Spyware Blows Onto the Scene

The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities.

Equitable Digital Identity Verification Requires Moving Past Flawed Legacy Systems

Data science can be used to improve access to government assistance while reducing fraud.

Google Becomes First Cloud Operator to Join Healthcare ISAC

Google Cloud pledges experts and other resources to Health Information Sharing and Analysis Center, a community of healthcare infrastructure operators and owners.

The Market Is Teeming: Bargains on Dark Web Give Novice Cybercriminals a Quick Start

A study of the unregulated dark markets shows that the vast majority of malware, exploits, and attacker tools sell for less than $10, giving would-be criminals a fast entry point.

Cybercrime Group TA4563 Targets DeFi Market With Evolving Evilnum Backdoor

The cyber campaign, aimed at siphoning funds, uses an improved version of the malware, which can adjust infection paths based on recognized antivirus software.

The Kronos Ransomware Attack: What You Need to Know So Your Business Isn't Next

Identify your business's security posture and head off ransomware attacks with third-party risk management and vendor security assessments.

Cybersecurity Professionals Push Their Organizations Toward Vendor Consolidation and Product Integration

New global study from ESG and ISSA reveals nearly half of organizations are consolidating or plan on consolidating the number of vendors they do business with

Lax Security Fuels Massive 8220 Gang Botnet Army Surge

The threat group 8220 Gang's cryptocurrency miner and botnet reach has exploded to 30,000 global hosts, a notable increase over the past month, researchers say.

'AIG' Threat Group Launches With Unique Business Model

The rapidly growing Atlas Intelligence Group relies on cyber-mercenaries to carry out its missions.

Feds Recoup $500K From Maui Ransomware Gang

Law enforcement hopes that retuning ransom payments to impacted businesses will demonstrate that working with the feds following a cybersecurity breach is "good business."

Data-Centric Security Market Worth $12.3B by 2027 - Exclusive Report by MarketsandMarkets™

.

Mutare Voice Network Threat Survey Shows Nearly Half of Organizations Experienced Vishing or Social Engineering Attacks in Past Year

Unsecured voice traffic, skyrocketing adoption of Teams-centric enterprise collaboration tools widen enterprise cybersecurity gaps and increase risk of breach.

What InfoSec Pros Can Teach the Organization About ESG

Security pros' experience with transparency and evaluating third-party partners positions them to act as key environmental, social, and governance advisers.

Chaotic LAPSUS$ Group Goes Quiet, but Threat Likely Persists

The LAPSUS$ group emerged with a big splash at the end of 2021, targeting companies, including Okta, with a "reckless and disruptive" approach to hacking.

How to Mitigate the Risk of Karakurt Data Extortion Group's Tactics, Techniques, and Procedures

The group has become the new face of ransomware, taking advantage of vulnerabilities and poor encryption.

Tackling the Cybersecurity Workforce Challenge With Apprentices

One of the announcements out of the National Cyber Workforce and Education Summit on July 19 was the 120-day Cybersecurity Apprenticeship Sprint.

Ongoing Magecart Campaign Targets Online Ordering at Local Restaurants

More than 311 local eateries have been breached through online ordering platforms MenuDrive, Harbortouch, and InTouchPOS, impacting 50K records — and counting.

Post-Breakup, Conti Ransomware Members Remain Dangerous

The gang's members have moved into different criminal activities, and could regroup once law-enforcement attention has simmered down a bit, researchers say.

Startup Aims to Secure AI, Machine Learning Development

With security experts warning against attacks on machine learning models and data, startup HiddenLayer aims to protect the neural networks powering AI-augmented products.

Okta Exposes Passwords in Clear Text for Possible Theft

Researchers say Okta could allow attackers to easily exfiltrate passwords, impersonate other users, and alter logs to cover their tracks.

Will Your Cyber-Insurance Premiums Protect You in Times of War?

Multiple cyber-insurance carriers have adopted act-of-war exclusions due to global political instability and are seeking to stretch the definition of war to deny coverage.

Huntress Acquires Curricula for $22M to Disrupt Security Training Market, Elevate Cyber Readiness for SMB Employees

The Curricula platform uses behavioral science with a simplified approach to train and educate users — and marks another step forward in Huntress’ mission to secure the 99%.

Unpatched GPS Tracker Security Bugs Threaten 1.5M Vehicles With Disruption

A GPS device from MiCODUS has six security bugs that could allow attackers to monitor 1.5 million vehicles that use the tracker, or even remotely disable vehicles.

GhangorCloud Announces CAPE, a Next Generation Unified Compliance and Data Privacy Enforcement Solution

New CAPE platform delivers patented intelligent automation and enforcement of consumer data privacy mandates at lowest total cost of ownership.

Enso Security Leads Industry Mission to Bring Control to Chaos With Community-Driven AppSec Map

Builds personalization, posture scoring and enhanced market intelligence into interactive map of the application security ecosystem.

Protecting Against Kubernetes-Borne Ransomware

The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended.

Software Supply Chain Concerns Reach C-Suite

Major supply chain attacks have had a significant impact on software security awareness and decision-making, with more investment planned for monitoring attack surfaces.

Trojanized Password Crackers Targeting Industrial Systems

Tools purporting to help organizations recover lost passwords for PLCs are really droppers for malware targeting industrial control systems, vendor says.

Retbleed Fixed in Linux Kernel, Patch Delayed

Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.

FBI: Beware of Scam Cryptocurrency Investment Apps

Law enforcement estimates campaign has already bilked cryptocurrency investors out of $42.7 million.

WordPress Page Builder Plug-in Under Attack, Can't Be Patched

An ongoing campaign is actively targeting the vulnerability in the Kaswara Modern WPBakery Page Builder Addon, which is still installed on up to 8,000 sites, security analysts warn.

Name That Toon: Modern-Day Fable

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Ransomware Attempts Flag as Payments Also Decline

Telecom and business services see the highest level of attacks, but the two most common ransomware families, which continue to be LockBit and Conti, are seen less often.

Watch Out for User Impersonation in Low-Code/No-Code Apps

How a well-meaning employee could unwittingly share their identity with other users, causing a whole range of problems across IT, security, and the business.

Building Guardrails for Autonomic Security

AI's potential for automating security has promise, but there are miles to go in establishing decision-making boundaries.

Netwrix Auditor Bug Could Lead to Active Directory Domain Compromise

IT asset tracker and auditor software has a critical issue with insecure object deserialization that could allow threat actors to execute code, researchers say.

What Are the Risks of Employees Going on a 'Hybrid Holiday'?

As more employees plan on taking longer holidays and working remotely from the destination for part of that time, organizations have to consider the risks. Like Wi-Fi networks.

How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub

Developers need to be cautious about whom they trust on GitHub because it's easy to establish fake credibility on the platform, security vendor warns.

Ex-CIA Programmer Found Guilty of Stealing Vault 7 Data, Giving It to Wikileaks

Joshua Schulte has been convicted for his role in the Vault 7 Wikileaks data dump that exposed invasive US cyber intelligence tactics.

Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine

Researchers who helped thwart the Russian nation-state group's recent attack on Ukraine's power supply will disclose at Black Hat USA what they found while reverse-engineering the powerful Industroyer2 malware used by the powerful hacking team.

How Hackers Create Fake Personas for Social Engineering

And some ways to up your game for identifying fabricated online profiles of people who don't exist.

Bishop Fox Secures $75 Million in Growth Funding From Carrick Capital Partners

Offensive security leader continues to defy market and economic trends with record growth and recognized innovation.

DHS Review Board Deems Log4j an 'Endemic' Cyber Threat

Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.

New Phishing Kit Hijacks WordPress Sites for PayPal Scam

Attackers use scam security checks to steal victims' government documents, photos, banking information, and email passwords, researchers warn.

Scribe Security Releases Code Integrity Validator Alongside Github Security Open Source Project

Developers can now rest assured that the code they are using, as well as their GitHub accounts, are safe.

AEI HorizonX Ventures Joins Shift5 Series B Funding Round

Investment bolsters Shift5’s traction within commercial aerospace and defense industries.

Data of Nearly 2M Patients Exposed in Ransomware Attack on Healthcare Debt Collection Firm

Professional Finance Company (PFC) was hit in February 2022 by a ransomware attack.

Is Cryptocurrency's Crash Causing Headaches for Ransomware Gangs?

Bitcoin is down more than 70% from its highs late last year, causing disruptions for cybercriminals and the underground exchanges that fuel the dark markets.

Virtual CISOs Are the Best Defense Against Accelerating Cyber-Risks

A poor, permanent hire can be a very expensive error, whereas a mis-hire on a virtual CISO can be rapidly corrected.

The Next Generation of Threat Detection Will Require Both Human and Machine Expertise

To be truly effective, threat detection and response need to combine the strengths of people and technology.

Data Breaches Linked to Ransomware Declined in Q2 2022

Phishing retained its place as the top root cause of data compromises, according to new data from the Identity Theft Resource Center (ITRC).

Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs

"Retbleed" bypasses a commonly used mechanism for protecting against a certain kind of side-channel attack.

CyberRatings.org Issues AAA Rating on Forcepoint's Cloud Network Firewall

Forcepoint's test results are second in a series of publications on this new technology.

Report: Financial Institutions Overly Complacent About Current Authentication Methods

New research report finds most financial organizations have experienced a breach due to an authentication weakness, yet only a third took action

Mozilla: EU's eIDAS Proposal Attracts Growing Criticism

In the wrong hands, the changes could enable state-sponsored internet surveillance says Mozilla's Chief Security Officer

Nearly Half of Enterprise Endpoints Present Significant Security Risks

.

MacOS Bug Could Let Malicious Code Break Out of Application Sandbox

Microsoft reveals now-fixed flaw in Apple's App Sandbox controls could allow attackers to escalate device privileges and deploy malware.

The 3 Critical Elements You Need for Vulnerability Management Today

Most organizations are flying blind when remediating vulnerabilities. We lack the tooling to secure software fast enough. We need a new approach to vulnerability management now.

Internet Searches Reveal Surprisingly Prevalent Ransomware

Two mostly defunct threats — WannaCry and NonPetya — top the list of ransomware searches, but does that mean they are still causing problems?

3 Golden Rules of Modern Third-Party Risk Management

It's time to expand the approach of TPRM solutions so risk management is more effective in the digital world.