SOCs to Face Greater Challenges From Cybercriminals Targeting Governments and Media in 2023

FanDuel Sportsbook Bettors Exposed in Mailchimp Breach

Amid all the NFL playoff action, FanDuel has sent an email warning to gamblers that their data was exposed in its third-party breach, putting them at risk for phishing attacks.

No One Wants to Be Governed, Everyone Wants to Be Helped

Here's how a security team can present itself to citizen developers as a valuable resource rather than a bureaucratic roadblock.

TSA No-Fly List Snafu Highlights Risk of Keeping Sensitive Data in Dev Environments

A Swiss hacker poking around in an unprotected Jenkins development server belonging to CommuteAir accessed the names and birthdates of some 1.5 million people on a TSA no-fly list from 2019.

Hunting Insider Threats on the Dark Web

Use threat intelligence to reduce chance of success for malicious insider and Dark Web threats.

Gartner Predicts 10% of Large Enterprises Will Have a Mature and Measurable Zero-Trust Program in Place by 2026

Cybersecurity Worries Around Hybrid Working Drop, but Many IT Leaders Still Concerned Over Cyber-Skills Gap

S-RM reports show that cybersecurity concerns surrounding hybrid work prevail for 37% of organizations.

Supply Chain Security Global Market Report 2022: Sector to Reach $3.5 Billion by 2027 at an 11% CAGR

T-Mobile Breached Again, This Time Exposing 37M Customers' Data

This time around, weak API security allowed a threat actor to access account information, the mobile phone giant reported.

Ransomware Profits Decline as Victims Dig In, Refuse to Pay

Two new reports show ransomware revenues for threat actors dropped sharply in 2022 as more victims ignored ransom demands.

Compromised Zendesk Employee Credentials Lead to Breach

Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce.

GPT Emerges as Key AI Tech for Security Vendors

Orca Security is one of the companies integrating conversational AI technology into its products.

Critical Manufacturing Sector in the Bull's-eye

Serious security flaws go unpatched, and ransomware attacks increase against manufacturers.

The Evolution of Account Takeover Attacks: Initial Access Brokers for IoT

Head off account takeover attacks by being proactive about IoT security. Start with designing and building better security protocols into IoT devices, always change weak default configurations, and regularly apply patches to ensure that IoT devices are secure.

PayPal Breach Exposed PII of Nearly 35K Accounts

The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.

EmojiDeploy Attack Chain Targets Misconfigured Azure Service

Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system.

Massive Adware Campaign Shuttered

Mainly Apple iOS in-app ads were targeted, injecting malicious JavaScript code to rack up phony views.

Attackers Crafted Custom Malware for Fortinet Zero-Day

The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.

Roaming Mantis Uses DNS Changers to Target Users via Compromised Public Routers

Shift Identity Left: Preventing Identity-Based Breaches

Traditional compliance and IAM are insufficient to secure the modern enterprise. We must shift left with modern access controls to avoid costly data breaches.

Name That Toon: Poker Hand

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

The Media Industry Is the Most Vulnerable to Cyber Attacks, Report Shows

The report highlights concerning security stats following two years of extreme tech growth.

SynSaber Releases ICS Vulnerabilities & CVEs Report Covering Second Half of 2022

ICS/OT cybersecurity firm finds 35% of CVEs in second half of 2022 unpatchable.

SecurityGen Identifies the Cybersecurity Priorities for Mobile Operators in 2023

Open architecture, non-standalone roaming, nation-state attacks, ransomware, and the need for more industry collaboration are among the major 5G security challenges that operators must address in the year ahead.

KnowBe4 to Offer $10,000 Women in Cybersecurity Scholarship and (ISC) 2 Certification Education Package

KnowBe4 partners with the Center for Cyber Safety and Education to bolster women in cybersecurity for the fourth consecutive year.

International Council of E-Commerce Consultants Launches Cybersecurity Essentials Professional Certificate Program on edX

New program enables students and early career professionals to learn critical skills required in today's entry-level cybersecurity field, helping address urgent cyber workforce jobs gap.

Ethically Exploiting Vulnerabilities: A Play-by-Play

There's a fine line between a hacker and an attacker, but it pays to be proactive. Consider tests by ethical hackers, a red team, or pen testers, and then bolster your company's defenses against malicious attacks.

Mendix and Software Improvement Group Launch a New Software Application Quality and Security Scanning Solution

New Research From EMA Reveals How Organizations Are Struggling to Develop Secure Software Applications

Research shows that over 50% of organizations performing software development struggle with fully integrating security into their software development lifecycle.

New Survey Sheds Light on Why Enterprises Struggle to Thwart API Attacks

Corsha’s Annual State of API Secrets Management Report finds over 50% of respondents suffered a data breach due to compromised API secrets.

Cybercriminals Target Telecom Provider Networks

The growing use of mobile devices for MFA and the proliferation of 5G and VoIP in general could result in more attacks in future, experts say.

As Social Engineering Tactics Change, So Must Your Security Training

Craft specific awareness training for high-exposure teams like finance, and reinforce other critical awareness training across the organization.

Data Security in Multicloud: Limit Access, Increase Visibility

Ensuring that data can be easily discovered, classified, and secured is a crucial cornerstone of a data security strategy.

How Would the FTC Rule on Noncompetes Affect Data Security?

Without noncompetes, how do organizations make sure employees aren't taking intellectual property when they go work to work for a competitor?

Vulnerable Historian Servers Imperil OT Networks

These specialized database servers, which collect and archive information on device operation, often connect IT and OT networks.

Founder and Majority Owner of Cryptocurrency Exchange Charged With Processing Over $700 Million of Illicit Funds

Sophos Cuts Jobs to Focus on Cybersecurity Services

Layoffs intended to cut costs, help company shift its focus on cybersecurity services, Sophos says.

ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn

The powerful AI bot can produce malware without malicious code, making it tough to mitigate.

DoControl Announces SaaS Security Platform Expansion With Shadow Apps Module Launch

New module introduces shadow SaaS application discovery, monitoring, and remediation to protect businesses from supply chain attacks.

KnowBe4 2022 Phishing Test Report Confirms Business-Related Emails Trend

KnowBe4 releases overall 2022 and Q4 2022 global phishing test reports and finds business-related emails continue to be utilized as a phishing strategy and reveal top holiday email phishing subjects.

ChatGPT Opens New Opportunities for Cybercriminals: 5 Ways for Organizations to Get Ready

From updating employee education and implementing stronger authentication protocols to monitoring corporate accounts and adopting a zero-trust model, companies can better prepare defenses against chatbot-augmented attacks.

ICS Confronted by Attackers Armed With New Motives, Tactics, and Malware

Threat actors are diversifying across all aspects to attack critical infrastructure, muddying the threat landscape, and forcing industrial organizations to rethink their security.

Abacus Group Acquires Gotham Security and GoVanguard to Expand Cybersecurity Service Offerings

Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched

The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.

AI and Residual Finger Heat Could Be a Password Cracker's Latest Tools

New research demonstrates the use of thermal camera images of keyboards and screens in concert with AI to correctly guess computer passwords faster and more accurately.

Critical Open Source vm2 Sandbox Escape Bug Affects Millions

Attackers could exploit the "Sandbreak" security bug, which has earned a 10 out of 10 on the CVSS scale, to execute a sandbox escape, achieve RCE, and run shell commands on a hosting machine.

OT Cybersecurity Leader Paul Brager Passes Away

The IT security executive led ICS/OT, IT/OT integration, and other security programs, as well as diversity and inclusion efforts in the industry.

Intel Processor UEFI Source Code Leaked

Exposed code included private key for Intel Boot Guard, meaning it can no longer be trusted, according to a researcher.

It's Time to Make Security an Innovation Enabler

How data-driven security can best safeguard your unique cloud operations.

Skybox Security Unveils Industry's First SaaS Solution For Security Policy and Vulnerability Management Across Hybrid Environments

Skybox Security Cloud Edition ushers in a new era of proactive cybersecurity .

Dependency Management Aims to Make Security Easier

Existing software security firms and new startups tackle the tasks of exposing dependencies and helping developers manage their use of open-source components.

DigiCert Root CA Approved for Matter Device Attestation by Connectivity Standards Alliance

DigiCert ready to help smart home device manufacturers achieve Matter compliance rapidly and at scale.

Delinea Releases 'Cloud Server Privilege Management for Dummies' eBook

.

Stairwell Announces $45M Series B Funding Round

Investment led by Section 32 will be used to scale the product and team.

Outpost24 Announces Expansion of Penetration Testing Offerings to North America

Pen testing solutions to empower businesses to proactively address application security vulnerabilities amid surging threats.

High-Value Targets: String of Aussie Telco Breaches Continues

Australian IT services provider Dialog has announced a breach, making it the third telecom company in the area compromised in less than a month.

Proposed SEC Disclosure Rules Could Transform Cyber-Incident Response

It's not too early for firms to start preparing for change.

Cybersecurity Survey of State CISOs Identifies Many Positive Trends

.

5 Attack Elements Every Organizations Should Be Monitoring

Security teams have to protect an increasingly complex enterprise environment. Here are five elements of attack surface management they should consider.

US Airports in Cyberattack Crosshairs for Pro-Russian Group Killnet

Killnet calls on other groups to launch similar attacks against US civilian infrastructure, including marine terminals and logistics facilities, weather monitoring centers, and healthcare systems.