This edition of the ISMG Security Report features a discussion about why the head of Britain's National Cyber Security Center says the No. 1 cyber risk is not nation-state attackers but ransomware-wielding criminals. Also featured: Western Digital IoT flaws; an FBI agent tracks cybersecurity trends.
The NSA, the FBI and other U.S. government agencies are tracking an ongoing Russian cyberespionage campaign in which attackers are using brute-force methods to access Office 365 and other cloud-based services.
Some 700 million records of LinkedIn users have reportedly been offered for sale on a hacker forum. The social media platform, and several security experts, say that the offering stems from the "scraping" of records from websites and not a data breach.
The CISO/board relationship is a hot topic and Selim Aissi has a unique perspective. Besides serving as a board member on several organizations, he has been regularly reporting to the private and public company boards in his role as CISO. So he knows exactly what CISOs should be conveying - and how.
In a multinational effort led by the Dutch National Police, authorities seized servers and web domains used by DoubleVPN, a Russia-based company that allegedly provided a safe operating infrastructure for cybercriminals, according to Europol.
The Justice Department has filed seven new criminal charges against Paige Thompson, who is suspected of hacking Capital One in 2019, compromising the data of 100 million Americans, including exposing hundreds of thousands of Social Security numbers. If convicted, She now faces a possible 20-year sentence.
Roger Lang, who has experience in SaaS and fintech and has invested in various cybersecurity companies, says that education is the key to making real progress on cybersecurity issues.
During the past year-plus of digital transformation, many enterprises have not just migrated to the cloud but to hybrid cloud environments. David Hill of Veeam says two security measures - data portability and protection - are often overlooked.
The legitimate security penetration testing tool Cobalt Strike is increasingly being used by threat groups, especially those that are less technically proficient, according to a Proofpoint report. The security firm says the number of attacks using the tool rose by 161% from 2019 to 2020.
Cyberattackers are using malware dubbed "Crackonosh" to disable many antivirus programs, paving the way for installation of the XMRig cryptominer, according to Avast. So far, this approach has generated more than $2 million in monero for the attackers over the last seven months, the security firm reports.
Taiwanese networking device manufacturer Zyxel is notifying customers about an ongoing series of attacks on some of its enterprise firewall and VPN products and is advising users to maintain proper remote access security policies as it prepares a hotfix.
A government watchdog is urging NASA to make multiple improvements to its cybersecurity and risk management policies to counter threats to the space agency's network, infrastructure and data. NASA, in turn, is working toward making some security improvements outlined by the GAO by the end of this year.
Microsoft recently released updates for its Edge browser, including a fix for a bypass vulnerability that could allow a remote attacker to bypass implemented security restrictions.
An unidentified hacking group is deploying a rootkit dubbed Netfilter, which is signed in as a legitimate Microsoft driver but used to affect gaming outcomes, researchers at German security firm G Data CyberDefense say.
Mercedes-Benz USA says one of its vendors exposed 1.6 million records that pertained to its customers and interested buyers. The incident, which involved an unnamed vendor and a cloud storage platform, is similar to one recently disclosed by Volkswagen.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.