Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Ubiquity says no databases containing user data appear to have been accessed as a result of the data breach. [Read More]
CrowdStrike shares an analysis of Sunspot, a piece of malware that was used by hackers to insert the Sunburst backdoor into SolarWinds’ Orion product in the recent supply chain attack. [Read More]
Bitdefender has released a free decryptor for DarkSide, a piece of ransomware that allegedly helped cybercriminals make millions from targeted companies. [Read More]
Researchers have found some similarities between the Sunburst malware used in the SolarWinds attack and Kazuar, a backdoor attributed to the Russia-linked cyber-espionage group Turla. [Read More]
New Zealand's central bank said Jan 10th that it was responding with urgency to a "malicious" breach of one of its data systems, a third-party file sharing service that stored "sensitive information". [Read More]
Multiple serious security vulnerabilities were addressed in GPU drivers and vGPU software. [Read More]
Equifax will acquire Kount for $640 Million to expand its worldwide footprint in digital identity and fraud prevention solutions. [Read More]
Ongoing coverage of the SolarWinds Orion attacks and useful resources, including analysis and indicators of compromise (IOC). Check back often for updates. [Read More]
The FBI has issued an alert for Egregor ransomware attacks on businesses. The ransomware operators claim over 150 victims worldwide. [Read More]
An investigation has been launched into the impact of the SolarWinds breach on U.S. federal courts, which reportedly were considered a target of interest by the hackers. [Read More]
FEATURES, INSIGHTS // Cybercrime
CISA has recently designated many cyber security positions ‘essential roles', and our understanding of essential businesses and essential employees will continue to change as the pandemic evolves.
The barriers to entering the field of cybercrime have been significantly lowered, and for modest amounts of money, would-be scammers can buy high-quality phishing tools online.
Most of today’s cyber-attacks are front ended by phishing campaigns. So, what can organizations do to prevent their users from falling for the bait of these attacks?
Many of us are familiar with the two most common types of socially engineered attacks – phishing and spear-phishing – but there are many more to be aware of.
Although robocalls are a pain for many of us, action is being taken to bring the problem under control.
The holidays are also a bonanza for cybercriminals whose own sales and purchases of contraband on the dark web mirror the one-day-only specials of their consumer-facing counterparts.
Domain name typo-squatting is an established tactic in the world of cybercrime.
Intent-based segmentation, deception technology, and an integrated security fabric are essential tools in beating malware designed to avoid detection and analysis.
At the end of the day, I encourage businesses and organizations of all sizes to leave the moral judgments regarding ransomware to the government.
Given the likelihood of an uptick in ransomware attacks, let’s consider steps organizations can take to minimize the risk of being victimized.
Get the Daily Briefing
- EU Regulator: Hackers ‘Manipulated’ Stolen Vaccine Documents
- Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution
- Data Security Startup Qohash Raises $6 Million
- Microsoft Reminds Organizations of Upcoming Phase in Patching Zerologon Vulnerability
- Facebook Takes Legal Action Against Data Scrapers
- Malvuln Project Catalogues Vulnerabilities Found in Malware
- NSA Publishes Guidance for Enterprises on Adoption of Encrypted DNS
- Telegram-Based Automated Scam Service Helps Fraudsters Make Millions
- Vulnerability Exposes F5 BIG-IP Systems to Remote DoS Attacks
- Report: TikTok Harvested MAC Addresses By Exploiting Android Loophole
Copyright © 2020 Wired Business Media. All Rights Reserved. Privacy Policy