Ransomware: The Latest Chapter

As ransomware attacks continue to evolve, beyond using security best practices organizations can build resiliency with extended detection and response solutions and fast response times to shut down attacks.

Microsoft Brings Zero Trust to Hardware in Windows 11

A stacked combination of hardware and software protects the next version of Windows against the latest generation of firmware threats.

ChromeLoader Malware Evolves into Prevalent, More Dangerous Cyber Threat

Microsoft and VMware are warning that the malware, which first surfaced as a browser-hijacking credential stealer, is now being used to drop ransomware, steal data, and crash systems at enterprises.

2-Step Email Attack Uses Powtoon Video to Execute Payload

The attack uses hijacked Egress branding and the legit Powtoon video platform to steal user credentials.

Beware of Phish: American Airlines, Revolut Data Breaches Expose Customer Info

The airline and the fintech giant both fell to successful phishing attacks against employees.

Cast AI Introduces Cloud Security Insights for Kubernetes

The release augments the company's Kubernetes management platform with free, user-friendly insight on security postures, along with cost monitoring and observability.

Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords

It's called "spell-jacking": Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services.

Survey Shows CISOs Losing Confidence in Ability to Stop Ransomware Attacks

Despite an 86% surge in budget resources to defend against ransomware, 90% of orgs were impacted by attacks last year, a survey reveals.

How to Dodge New Ransomware Tactics

The evolving tactics increase the threat of ransomware operators, but there are steps organizations can take to protect themselves.

No Motivation for Quantum Without Regulatory Push

What's it going to take to prod organizations to implement a post-quantum security plan? Legislative pressure.

New Kaspersky EDR Optimum Further Simplifies Protection Against Evasive Threats

.

ThreatQuotient Enhances Data-Driven Automation Capabilities With New ThreatQ TDR Orchestrator Features

Focused on bringing ease of use to IT security automation, ThreatQ TDR Orchestrator addresses industry needs for simpler implementation and more efficient operations.

SASE Bucks Economic Uncertainty With Over 30% Growth in 2Q 2022, According to Dell'Oro Group

Overall SASE Spend on Pace to Top $6 Billion in 2022.

Invicti Security and ESG Report on How Companies are Shifting for Higher Quality, Secure Application Code

The balance of deploying secure applications vs. time to market continues to be the biggest risk to organizations.

Byos Releases Free Assessment Tool to Provide Companies With Tailored Network Security Recommendations

Assessment tool instantly generates a detailed report breaking down a company’s current network security maturity and recommended next steps.

Water Sector Will Benefit From Call for Cyber Hardening of Critical Infrastructure

A call for federal agency "review and assessment" of cyber-safety plans at water treatment plants should better protect customers and move the industry forward.

CrowdStrike Investment Spotlights API Security

The investment in Salt Security underscores the fact that attacks targeting APIs are increasing.

Uber: Lapsus$ Targeted External Contractor With MFA Bombing Attack

The ride-sharing giant says a member of the notorious Lapsus$ hacking group started the attack by compromising an external contractor's credentials, as researchers parse the incident for takeaways.

Rockstar Games Confirms 'Grand Theft Auto 6' Breach

The Take-Two Interactive subsidiary acknowledges an attack on its systems, where an attacker downloaded "early development footage for the next Grand Theft Auto" and other assets.

Cyberattackers Make Waves in Hotel Swimming Pool Controls

Pool controllers exposed to the Internet with default passwords let threat actors tweak pool pH levels, and potentially more.

5 Ways to Improve Fraud Detection and User Experience

If we know a user is legitimate, then why would we want to make their user experience more challenging?

TPx Introduces Penetration Scanning, Expands Security Advisory Services

TPx, a leading nationwide managed services provider (MSP) delivering cybersecurity, managed networks, and cloud communications, today announced the addition of penetration scanning to its Security Advisory Services portfolio.

Cyberattack Costs for US Businesses up by 80%

Cyberattacks keep inflicting more expensive damage, but firms are responding decisively to the challenge.

Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber

Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.

Tackling Financial Fraud With Machine Learning

Financial services firms need to learn how — and when — to put machine learning to use.

Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials

The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign.

Keep Today's Encrypted Data From Becoming Tomorrow's Treasure

Building quantum resilience requires C-suite commitment, but it doesn't have to mean tearing out existing infrastructure.

DDoS Attack Against Eastern Europe Target Sets New Record

The target has been under relentless DDoS attack, which ultimately set a new packets-per-second record for Europe.

Hacker Pwns Uber Via Compromised VPN Account

A teen hacker reportedly social-engineered an Uber employee to hand over an MFA code to unlock the corporate VPN, before burrowing deep into Uber's cloud and code repositories.

Highlights of the 2022 Pwnie Awards

Since 2007, the Pwnies have celebrated the good, the bad, and the wacky in cybersecurity. Enjoy some of the best moments of this year's ceremony.

Business Application Compromise & the Evolving Art of Social Engineering

Be wary of being pestered into making a bad decision. As digital applications proliferate, educating users against social engineering attempts is a key part of a strong defense.

Note to Security Vendors: Companies Are Picking Favorites

A stunning three-quarters of companies are looking to consolidate their security products this year, up from 29% in 2020, suggesting fiercer competition among cybersecurity vendors.

Malware on Pirated Content Sites a Major WFH Risk for Enterprises

Malware-laced ads are hauling in tens of millions of dollars in revenue for operators of pirated-content sites — posing a real risk to enterprises from remote employees.

Will the Cloud End the Endpoint?

When an organization fully embraces the cloud, traditional endpoints become disposable. Organizations must adapt their security strategy for this reality.

Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks

Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption.

5 Steps to Strengthening Cyber Resilience

Organizations are thinking about their cyber resilience. Here are five steps security teams should take.

Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government

Authorities are cracking down on persistent cybercriminal attacks from APTs associated with Iran's Islamic Revolutionary Guard Corps.

Telos Corporation to Help Enterprises Operationalize Cybersecurity Compliance and Regulatory Risks with IBM Security

Solution addresses compliance challenges in complex landscapes

5 Best Practices for Building Your Data Loss Prevention Strategy

The entire security team should share in the responsibility to secure sensitive data.

Fortanix Raises $90M in Series C Funding Led by Goldman Sachs Asset Management

Oversubscribed round validates company's data-first approach to solving cloud security and privacy issues for global businesses thwarting data breaches and ransomwar

Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish

Access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch.

White House Guidance Recommends SBOMs for Federal Agencies

New executive order stops short of mandating NIST's guidelines, but recommends SBOMs for federal agencies across government.

How to Use SSH Keys and 1Password to Sign Git Commits

This Tech Tip walks through the steps to set up signed commits with SSH keys stored in 1Password.

SparklingGoblin Updates Linux Version of SideWalk Backdoor in Ongoing Cyber Campaign

Researchers link the APT to an attack on a Hong Kong university, which compromised multiple key servers using advanced Linux malware.

To Ease the Cybersecurity Worker Shortage, Broaden the Candidate Pipeline

With enough passion, intelligence, and effort, anyone can be a successful cybersecurity professional, regardless of education or background.

Cyberattacks Are Now Increasingly Hands-On, Break Out More Quickly

Interactive intrusion campaigns jumped nearly 50%, while the breakout time between initial access and lateral movement shrank to less than 90 minutes, putting pressure on defenders to react quickly.

TeamTNT Hits Docker Containers via 150K Malicious Cloud Image Pulls

Honeypot activity exposed two credentials that the threat actor is using to host and distribute malicious container images, security vendor says.

Key Takeaways From the Twitter Whistleblower's Testimony

Twitter did not know what data it had or who had access to it, Peiter "Mudge" Zatko told Congressional lawmakers during a Senate panel hearing.

Bishop Fox Releases Cloud Enumeration Tool CloudFox

CloudFox is a command-line tool that helps penetration testers understand unknown cloud environments.

Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs

In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.

U-Haul Customer Contract Search Tool Compromised

Password compromise led to unauthorized access to a customer contract search tool over a five-month window, according to the company.

ShadowPad Threat Actors Return With Fresh Government Strikes, Updated Tools

Cyber spies are using legitimate apps for DLL sideloading, deploying an updated range of malware, including the new "Logdatter" info-stealer.

Cyberattackers Abuse Facebook Ad Manager in Savvy Credential-Harvesting Campaign

Facebook lead-generation forms are being repurposed to collect passwords and credit card information from unsuspecting Facebook advertisers.

Name That Toon: Shiver Me Timbers!

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Opus Security Emerges from Stealth with $10M in Funding for Cloud SecOps and Remediation Processes

Siemplify veterans introduce Cloud Security Orchestration and Remediation platform, backed by high-profile investors including YL Ventures, Tiger Global, and CEOs of CrowdStrike and CyberArk

Arcserve Independent Global Study Finds Businesses Still Losing Mission-Critical Company Data

.

Lorenz Ransomware Goes After SMBs via Mitel VoIP Phone Systems

The ransomware gang has been seen exploiting a Mitel RCE flaw discovered in VoIP devices in April (and patched in July) to perform double-extortion attacks.

Business Security Starts With Identity

How identity-centric security can support business objectives.

Gartner Survey Shows 75% of Organizations Are Pursuing Security Vendor Consolidation in 2022

.

Attackers Can Compromise Most Cloud Data in Just 3 Steps

An analysis of cloud services finds that known vulnerabilities typically open the door for attackers, while insecure cloud architectures allow them to gain access to the crown jewels.