A "technically sophisticated" threat campaign is cloning cryptocurrency apps to steal funds from web3 wallet users, security researchers at Confiant say. The campaign, dubbed SeaFlower, uses cloned wallet apps offered by MetaMask, Coinbase, imToken and TokenPocket to carry out the theft.
Business-critical applications, the crown jewels of the modern enterprise, are increasingly targeted due to their significant value, and many organizations are struggling to secure them. These systems must be properly deployed, monitored and maintained, says Onapsis CEO Mariano Nunez.
Anyone using machine-learning models to support so-called artificial intelligence capabilities must prioritize ethical design to ensure the systems work equally well for all, says industry veteran Diana Kelley. She also discusses how to include and keep people in cyber.
Microsoft’s June rollout of security flaw fixes includes patching Follina, a zero-day exploit launched via malicious Office documents which has been spotted being exploited in the wild. From July users with E3 licenses and above will have the option of automatic updates instead of manual Patch Tuesday fixes.
Organizations face major challenges gaining visibility into networks that grow more complex by the day, and Corelight CEO Brian Dye says the open-source community can help with gathering evidence and insights from networks so that the perimeter is better secured.
The disruption of the Netwalker ransomware group in January 2021 by U.S. and Bulgarian authorities highlights how blockchain can be an Achilles' heel for cryptocurrency-using criminals, says Jackie Burns Koven, cyberthreat intelligence lead at Chainalysis.
As the Russia-Ukraine war continues, and analysts watch for retaliatory cyberattacks against Ukraine's allies, cybercrime tracker Jon DiMaggio of Analyst1 says there's good news, in that Russian cybercriminals seem to have little or no incentive to move against U.S. critical infrastructure.
Darknet markets continue to thrive despite regular disruption by law enforcement agencies and exit scams by administrators because they offer easy access to services such as tools for laundering cryptocurrency, says Kimberly Grauer, head of research at blockchain analytics firm Chainalysis.
The use of software-as-a-service applications has dramatically increased since the onset of the COVID-19 pandemic, and the changing consumption patterns have ushered in a new set of security challenges, according to Obsidian Security co-founder and chief product officer Glenn Chisholm.
Former Rockwell Automation CISO Dawn Cappelli discusses the mission of the new Dragos OT-CERT - a cybersecurity resource designed to help industrial asset owners and operators build their OT cybersecurity programs, improve their security postures and reduce OT risk - and her role as its director.
Microsoft has not yet released patches for two zero-days, Follina and DogWalk, that both exploit vulnerabilities in the Microsoft Windows Support Diagnostic Tool. But the company has released a workaround for Follina, and micropatching service 0Patch has offered a temporary fix for DogWalk.
It's critical to enable companies to not only see what is going on in their IT environments but to also quickly react, and "sheer manpower" is no longer sufficient to respond to the surge of cyberthreats evolving today, says Mike DeCesare, CEO of Exabeam.
Cyber adversaries are embracing defense evasion, triple extortion, wiper malware and the accelerated exploit chain, and that is significantly reshaping the threat landscape that CISOs have to deal with, according to Derek Manky, head of Fortinet's FortiGuard Labs.
While adversaries are often still using many of the same old methods and exploits to compromise their victims, the exposure and consequences of these attacks are becoming increasingly damaging, says Bryan Ware, CEO of LookingGlass Cyber Solutions. He discusses how to keep ahead of the adversaries.
Software bills of material, or SBOMs, are still "years away" from being ubiquitous, says Grant Schneider, senior director for cybersecurity services at Venable. He says it will take time for them to catch on, and a set of standards and other critical components for industry need to be defined.