How Cybercriminals Are Operationalizing Money Laundering and What to Do About It

It's time to share threat intelligence and prioritize digital literacy and cyber hygiene to stem the rising money laundering tide.

Name That Edge Toon: For the Birds

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Predictions For Securing Today's Hybrid Workforce

Since requirements differ for users who work both from home and in the office, policies — and underlying technology — must adapt.

Unleash the Full Potential of Zero-Trust Security

The demand is unmistakeable and the business case is readily justified — it's time to implement zero trust.

What CISOs Can Do About Brand Impersonation Scam Sites

Apply these nine tips to proactively fight fraudulent websites that use your brand to rip people off.

Iran-Backed Actor Behind 'Holy Souls' Cyberattack on Charlie Hebdo, Microsoft Says

The January attack was in retaliation for the satirical French magazine's decision to launch a cartoon contest to lampoon Iran's Supreme Leader.

Scores of Redis Servers Infested by Sophisticated Custom-Built Malware

At least 1,200 Redis servers worldwide have been infected with "HeadCrab" cryptominers since 2021.

How the Cloud Is Shifting CISO Priorities

The greatly expanding attack surface created by the cloud needs to be protected.

MITRE Releases Tool to Design Cyber-Resilient Systems

Engineers can use the Cyber Resiliency Engineering Framework Navigator to visuzalize their cyber-resiliency capabilities.

Hornetsecurity Combats QR Code Phishing With Launch of New Technology

Korelock Launches IOT Smart Lock Technology Company

Denver-based business secures Series A Funding through partnerships with Iron Gate Capital and Kozo Keikaku Engineering.

Cyberattack on Fintech Firm Disrupts Derivatives Trading Globally

The Russia-linked LockBit ransomware group claims to be behind the attack that fouled automated transactions for dozens of clients of financial technology firm ION Group.

6 Examples of the Evolution of a Scam Site

Examining some key examples of recently found fraud sites that target the lucrative retail shoe industry helps us understand how brand impersonation sites evolve.

Rising 'Firebrick Ostrich' BEC Group Launches Industrial-Scale Cyberattacks

The group's wanton attacks demonstrate that business email compromise is everything a hacker can want in one package: low risk, high reward, quick, easy, and low effort.

Patch Critical Bug Now: QNAP NAS Devices Ripe for the Slaughter

QNAP NAS devices are vulnerable to CVE-2022-27596, which allows unauthenticated, remote SQL code injection.

Managing the Governance Model for Software Development in a No-Code Ecosystem

Forward-leading business and technology leaders are seeing the value of the "do-It-yourself" approach.

AppSec Playbook 2023: Study of 829M Attacks on 1,400 Websites

The total number of 61,000 open vulnerabilities, including 1,700 critical ones that have been open for 180+ days, exposes businesses to potential attacks.

Cybersecurity Leaders Launch First Attack Matrix for Software Supply Chain Security

Current and former cybersecurity leaders from Microsoft, Google, GitLab, Check Point, OWASP, Fortinet and others have already joined the open framework initiative, which is being led by OX Security.

ChatGPT May Already Be Used In Nation State Cyberattacks, Say IT Decision Makers in BlackBerry Global Research

Discrepancies Discovered in Vulnerability Severity Ratings

Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.

Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms

An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage.

Why CISOs Should Care About Brand Impersonation Scam Sites

Enterprises often don't know whose responsibility it is to monitor for spoofed brand sites and scams that steal customers' trust, money, and personally identifiable information.

Nearly All Firms Have Ties With Breached Third Parties

The average organization does business with 11 third parties, and 98% of organizations do business with a third party who has suffered a breach, an analysis finds.

CISA to Open Supply Chain Risk Management Office

A new supply chain risk management office aims to help public and private sectors implement recent CISA policies and guidance.

Greater Incident Complexity, Shift in How Threat Actors Use Stolen Data, Will Drive the Cyber Threat Landscape in 2023, Says Beazley Report

Noting 13% year-over-year growth in fraudulent instruction as a cause of loss, report predicts organizations must get smarter about educating employees to spot fraudulent tactics.

Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC

Move will strengthen position as a leader in the identity governance and analytics market.

Vista Equity Partners Completes Acquisition of KnowBe4

.

Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows

Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.

Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry

Companies need to be aware of the work culture they foster. Diversity and inclusion aren't just buzzwords. Increasing female visibility and improving female mentoring to help women enter and advance within the cybersecurity industry are key steps forward.

Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats

Gem Security provides the world's first holistic approach for Cloud TDIR, bridging the gap between cloud complexity and security operations.

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions

The Security Innovation Alliance (SIA) empowers customers to create holistic security programs by leveraging robust end-to-end integration partnerships.

Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data

Findings underscore security awareness training that leverages practical, hands-on exercises is essential to creating a security-aware culture.

Application Security Must Be Nonnegotiable

Companies need to keep security priorities top of mind during economic downturns so all-important revenue generation doesn't come with a heaping side order of security problems.

KnowBe4 to Offer $10,000 to Black Americans in Cybersecurity Scholarship

KnowBe4 partners with the Center for Cyber Safety and Education to support Black Americans in recognition of Black History Month to help further education.

ManageEngine Study Finds United States Enterprises Hit by Short-Staffed Security Operations Centers

Study also reveals enterprises rely on multiple tools to ensure cloud security.

Google Fi Users Caught Up in T-Mobile Breach

Google Fi mobile customers have been alerted that their SIM card serial numbers, phone numbers, and other data were exposed in T-Mobile hack.

Checkmarx Launches Threat Intelligence for Open Source Packages

The new API incorporates threat intelligence research and employs machine learning to identify threats in the supply chain.

How Can Disrupting DNS Communications Thwart a Malware Attack?

Malware eventually has to exfiltrate the data it accessed. By watching DNS traffic for suspicious activity, organizations can halt the damage.

Firmware Flaws Could Spell 'Lights Out' for Servers

Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.

Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code

Security vulnerabilities in VMware's vRealize Log Insight platform can be chained together to offer a cybercriminals a gaping hole to access corporate crown jewels.

Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status

Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps.

Poser Hackers Impersonate LockBit in SMB Cyberattacks

Recent cyberattacks against SMBs across Europe have been traced back to copycat groups using leaked LockBit locker malware.

Will Cybersecurity Remain Recession-Proof in 2023?

Demand for skilled professionals will remain high, but cyber budgets will be eaten away.

NanoLock Addresses Global Industrial & OT Cyber Demand with Expansions into Europe and North America

To meet a pressing demand for industrial and OT security, zero-trust, device-level cybersecurity provider expands with strategic hires in new and established markets.

New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

SysKit report highlighting effects of digital transformation on IT admins and governance landscape released.

Aura and Nonprofit Cyversity Partner to Support a More Inclusive Cyber Workforce

Mentoring, scholarships, and professional development opportunities will be offered to those underrepresented in the industry through the collaboration.

Sentra Raises $30 Million Series A Financing to Meet Growing Demand for Data Security in the Cloud

Standard Investments leads round with participation from Munich Re Ventures, Moore Strategic Ventures, Bessemer Venture Partners, and Zeev Ventures.

Are Your Employees Thinking Critically About Their Online Behaviors?

Three mindset shifts will help employees build a habit of vigilance and make better security decisions. Move past security theater to reframe thinking so employees understand data's value, act with intention, and follow data best practices.

Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.

SentinelOne and KPMG Announce Alliance To Accelerate Cyber Investigations and Response

Cybercrime Ecosystem Spawns Lucrative Underground Gig Economy

The complex nature of cyberattacks has increased demand for software developers, reverse engineers, and offensive specialists — attracting workers facing financial insecurity.

10M JD Sports Customers' Info Exposed in Data Breach

UK sportswear retailer asks exposed customers to stay "vigilant" against phishing attempts following cyberattack.

IT and Security Professionals Spend an Average of 4,300 Hours Annually Achieving or Maintaining Compliance

New research from Drata shows compliance remains a business challenge for many organizations.

The Threat from Within: 71% of Business Leaders Surveyed Think Next Cybersecurity Breach Will Come from the Inside

Make Developers the Driver of Software Security Excellence

Those who are wrangling code every day could fuel a genuinely transformational approach to security — if they are adequately upskilled.

How $6 Can Buy Hacked Social Media & Streaming Accounts From the Dark Web, Whizcase Study Reveals

Facebook Bug Allows 2FA Bypass Via Instagram

The Instagram rate-limiting bug, found by a rookie hunter, could be exploited to bypass Facebook 2FA in vulnerable apps, researcher reports.

Fake Texts From the Boss, Bogus Job Postings and Frankenstein Shoppers — Oh My!

Experian’s annual Future of Fraud Forecast highlights five fraud threats facing businesses and consumers in 2023.

Convincing, Malicious Google Ads Look to Lift Password Manager Logins

Users searching for Bitwarden and 1Password's Web vaults on Google have recently reported seeing paid ads with links to cleverly spoofed sites for stealing credentials to their password vaults.