Ransomware 3.0: The Next Frontier

Attackers are already circling back to reselling stolen data instead of — and in addition to — extortion.

Tidal Cyber Closes $4M Funding Round To Expand Threat-Informed Defense Tech

.

Expert Insights: How to Protect Sensitive Machine-Learning Training Data Without Borking It

Another element of ML security is the data used to train the machine learning system itself.

Growing Reliance on Cloud Brings New Security Challenges

With organizations expanding their cloud operations, cloud security is imperative to protect applications and data.

Bumblebee Malware Loader's Payloads Significantly Vary by Victim System

On some systems the malware drops infostealers and banking Trojans; on others it installs sophisticated post-compromise tools, new analysis shows.

First 72 Hours of Incident Response Critical to Taming Cyberattack Chaos

Responding to cyberattacks is extraordinarily stressful, but better planning, frequent practice, and the availability of mental health services can help IR professionals, a survey finds.

Vice Society Publishes LA Public School Student Data, Psych Evals

After a flat refusal to pay the ransom, Los Angeles Unified School District's stolen data has been dumped on the Dark Web by a ransomware gang.

Name That Edge Toon: Mumbo Dumbo

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

How AWS, Cisco, Netflix & SAP Are Approaching Cybersecurity Awareness Month

This year's theme is "See Yourself in Cyber," and these security folks are using the month to reflect on the personal factor in cybersecurity.

Worried About the Exchange Zero-Day? Here's What to Do

While organizations wait for an official patch for the two zero-day flaws in Microsoft Exchange, they should scan their networks for signs of exploitation and apply these mitigations.

LA School District Ransomware Attackers Now Threaten to Leak Stolen Data

Weeks after it breached the Los Angeles Unified School District, the Vice Society ransomware group is threatening to leak the stolen data, unless they get paid.

The Top 4 Mistakes in Security Programs to Avoid

Overlooking even just a single security threat can severely erode a company’s community and consumer confidence, tarnish reputation and brand, negatively impact corporate valuations, provide competitors with an advantage, and create unwanted scrutiny.

Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here

It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones.

Cybercriminals See Allure in BEC Attacks Over Ransomware

While ransomware seems stalled, business email compromise (BEC) attacks continue to make profits from the ProxyShell and Log4j vulnerabilities, nearly doubling in the latest quarter.

Trojanized, Signed Comm100 Chat Installer Anchors Supply Chain Attack

Malicious Comm100 files have been found scattered throughout North America, and across sectors including tech, healthcare, manufacturing, telecom, insurance, and others.

Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet

The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.

SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates

The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.

With the Software Supply Chain, You Can't Secure What You Don't Measure

Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain.

Onyxia Raises $5M to Help Companies Proactively Manage Cybersecurity Risks Using AI

Onyxia, an AI-powered cybersecurity strategy and performance platform providing a centralized way for security teams to monitor and manage cybersecurity efforts in real time, has raised $5 million in seed fundraising led by World Trade Ventures with participation by Silvertech Ventures and angel investors.

Cyera Survey Finds One in Three Respondents Want to Minimize Cloud Data Risk

Multiple providers say 'cloud data sprawl' makes managing cloud data risk a priority initiative within the next 12 months.

Safous Adds Browser Isolation to Its Zero-Trust Network Access Service

This new function offers secure access to corporate applications and external SaaS through a virtual browser.

Israel Cybersecurity Enterprise (ICE) Teams with CybeReady to Deliver World-Class Security Training

Security service provider selects cybersecurity training platform to safeguard enterprises in LATAM.

Aunalytics Launches Security Patching Platform as a Service

Expedited software patching and updating recognized as one of the most important processes to protect against system compromise from cyberattacks.

Veristor Partners with SANS Security Awareness to Deliver Employee Security Awareness Training

Companies collaborate to strengthen organizations' first line of security defense – end users.

YouMail, Inc. and WMC Global Partner to Deliver Voice and SMS Phishing Disruption Services

Joint phishing intelligence solution provides 360-degree mobile communication defense.

Organizations Finding the Need for New Approaches on the Cybersecurity Front, CompTIA research reveals

Settling for 'satisfactory' level of readiness may underestimate growing levels of risk.

Intel Hardens Confidential Computing With Project Amber Updates

The chip giant has developed new features and services to make it tougher for malicious hackers and insiders to access sensitive data from applications in the cloud.

Latest Delinea Update Streamlines DevOps Security

.

KnowBe4 Simplifies Compliance Requirements for Healthcare Privacy

KnowBe4's Compliance Audit Readiness Assessment (CARA) now addresses select requirements from HIPAA Security Rule.

Pathlock Expands SAP Capabilities with Acquisition of Grey Monarch

Combination of two companies to help SAP customers streamline audit, compliance and control processes.

Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months - New Survey

Survey of over 2,000 IT pros revealed that a quarter either don't know or don't think Microsoft 365 data can be affected by ransomware.

Why the US Should Help Secure Mexican Infrastructure — and What It Gets in Return

Call it cross-border enlightened self-interest: As one of the US's premier trade partners and closest neighbors, what's bad for Mexico is bad for the US.

The Country Where You Live Impacts Password Choices

Literacy, levels of personal freedom, and other macro-social factors help determine how strong average passwords are in a given locale, researchers have found.

Dangerous New Attack Technique Compromising VMware ESXi Hypervisors

China-based threat actor used poisoned vSphere Installation Bundles to deliver multiple backdoors on systems, security vendor says.

3 Reasons Why BEC Scams Work in Real Estate

Identity verification could be the key to fighting back and building trust in an industry beset with high-stakes fraud.

(ISC)² Recruits More Than 55,000 Cybersecurity Candidates in First 30 Days of New Programs to Address Workforce Gap

2,700 cybersecurity career pursuers have already passed the (ISC)2 Certified in Cybersecurity℠ exam, with more than 53,000 more people registered for a free course and exam.

Capital One Phish Showcases Growing Bank-Brand Targeting Trend

Capital One lures leveraged the bank's new partnership with Authentify, showing that phishers watch the headlines, and take advantage.

Espionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange

APT group Witchetty (aka LookingFrog) has exploited the ProxyShell and ProxyLogon vulnerabilities to gain initial access and deploy new custom cyber tools against government agencies and a stock exchange.

XSS Flaw in Prevalent Media Imaging Tool Exposes Trove of Patient Data

Bugs in Canon Medical's Virea View could allow cyberattackers to access several sources of sensitive patient data.

What Lurks in the Shadows of Cloud Security?

Organizations looking to get ahead in cloud security have gone down the path of deploying CSPM tooling with good results. Still, there’s a clear picture that data security and security operations are next key areas of interest.

Fake Accounts Are Not Your Friends!

Inflated user bases and fake engagement cause more harm than good, especially when the artificial accounts are based on stolen human identities.

Plug Your Data Leaks: Integrating Data Loss Prevention into Your Security Stack

The average cost of a data-exposing cybersecurity incident is $4.35 million. If your business can’t avoid to pay, make sure you’ve got a strong data loss prevention practice in place.

Google Quashes 5 High-Severity Bugs With Chrome 106 Update

External researchers contributed 16 of the 20 security updates included in the new Chrome 106 Stable Channel rollout, including five high-severity bugs.

Sophisticated Covert Cyberattack Campaign Targets Military Contractors

Malware used in the STEEP#MAVERICK campaign features rarely seen obfuscation, anti-analysis, and evasion capabilities.

Fast Company CMS Hack Raises Security Questions

The company's website remains offline after hackers used its compromised CMS to send out racist messages.

Container Supply Chain Attacks Cash In on Cryptojacking

Cloud-native threats are costing cloud customer victims money as cryptojackers mine their vulnerable cloud instances.

Google Cloud DORA: Securing the Supply Chain Begins With Culture

The team's annual survey finds that the right development culture is better than technical measures when it comes to shoring up software supply chain security practices. An additional benefit: Less burnout.

Phishing Attacks Crushed Records Last Quarter, Driven by Mobile

Shocking phishing numbers (more than 1 million in a single quarter) are being driven by vishing, smishing, and other lures that target mobile devices.

The Countdown to DORA

With provisional agreement reached on the Digital Operational Resilience Act, the clock is now ticking for banks and information and communications technology (ICT) services companies with European operations. Here's what you need to know.

Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules

The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys.

Illumio Introduces New Solution to Stop Endpoint Ransomware from Spreading Across the Hybrid Attack Surface

Illumio Endpoint extends zero trust segmentation to see risk and set policy across macOS and Windows devices.

Jamf Announces Intent to Acquire ZecOps, to Provide a Market-Leading Security Solution for Mobile Devices as Targeted Attacks Continue to Grow

ZecOps extends Jamf's mobile security capabilities by adding advanced detections and incident response.

Time to Change Our Flawed Approach to Security Awareness

Defend against phishing attacks with more than user training. Measure users' suspicion levels along with cognitive and behavioral factors, then build a risk index and use the information to better protect those who are most vulnerable.

When Will Cybersecurity Get Its Bloomberg Terminal?

The "single pane of glass" that gathers and correlates all the information security professionals need doesn't exist, so it's up to us to create it.

Malwarebytes Expands OneView Platform for MSPs

Malwarebytes achieves 250% year-over-year MSP partner growth, introduces new modules to enhance protection, detection, and resolution of threats for SMBs.

Most Attackers Need Less Than 10 Hours to Find Weaknesses

Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days.

Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings

Previously observed using fake Coinbase jobs, the North Korea-sponsored APT has expanded into using Crypo.com gigs as cover to distribute malware.

Amid Sweeping Change, Cyber Defenders Face Escalating Visibility — and Pressure

Why cyber teams are now front and center for business enablement within organizations, and the significant challenges they face.

FBI Helping Australian Authorities Investigate Massive Optus Data Breach: Reports

Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API.

Microsoft Rolls Out Passwordless Sign-on for Azure Virtual Desktop

Azure says cloud-native single sign-on with a passwordless option is most-requested new AVD feature in the product's history.