News
-
"Watchdog: Agency Overseeing Cybersecurity for Offshore Energy Falling Short"According to a recent report from the Government Accountability Office (GAO), the federal enforcement office that oversees more than 1,600 offshore oil and gas facilities has done little to address growing cybersecurity risks. GAO highlighted that the…
-
"Preparing for Quantum Cryptography, US Air Force Partners up With SandboxAQ"As researchers predict that quantum computers will be able to decrypt public key algorithms as early as 2030, organizations are under increasing pressure to develop quantum-resistant algorithms to protect their data from threat actors. The US Air Force…
-
"Rise of Security Champions: Application Development's Long-Awaited Evolution"Application development can be related to Newton's Third Law of Motion, which states that for every action, there is an equal and opposite reaction. Developers want to develop, but it appears that whenever they want to do so, application security teams…
-
"A Third of Global Organizations Were Breached Over Seven Times in the Past Year"Security researchers at Trend Micro have discovered that 32% of global organizations have had customer records compromised multiple times over the past 12 months as they struggle to profile and defend an expanding attack surface. The researchers…
-
"How One State's Phishing Training Evolves With Threats"According to a leading technology official, employee training must continue to evolve to keep up with cybercriminals' new tactics if state governments are to stay ahead of the latest phishing threats. Hemant Jain, CISO at the Indiana Office of Technology…
-
"Critical Infrastructure's Open-Source Problem"According to Synopsis research, 78 percent of code in codebases is open-source. Of the codebases, 81 percent have at least one vulnerability. When the code is left untouched for two years with no feature updates, that figure rises to 88 percent. Open-…
-
"PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability"Security researchers at Trend Micro's Zero Day Initiative (ZDI) have published details and proof-of-concept (PoC) code for a macOS vulnerability that could be exploited to escape a sandbox and execute code within Terminal. Tracked as CVE-2022-26696…
-
"Ten Charged in $11m Healthcare BEC Plots"Ten individuals have recently been charged with a series of business email compromise (BEC) and money laundering offenses, in which they allegedly defrauded Medicaid, Medicare, and private health insurance programs to the tune of over $11m. The…
-
"ESF Partners, NSA, and CISA Release Software Supply Chain Guidance for Customers""Securing the Software Supply Chain for Customers" guidance has been published by the National Security Agency (NSA) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA). The Enduring Security Framework (ESF…
-
"Luna Moth Ransomware Group Invests in Call Centers to Target Individual Victims"Palo Alto Networks Inc.'s Unit 42 released a new report detailing the rise of a ransomware group that has invested in call centers and infrastructure to target individual victims. Luna Moth, also known as the Silent Ransom Group, has been active since…
-
"Google Seeks to Make Cobalt Strike Useless to Attackers"The intelligence research and applications team at Google Cloud has developed and released a set of 165 YARA rules to help defenders in identifying Cobalt Strike components deployed by attackers. According to Greg Sinclair, a security engineer with the…
-
"New Ransomware Encrypts Files, Then Steals Your Discord Account"In addition to encrypting victims' files and requesting a ransom payment, the new "AXLocker" ransomware family also steals infected users' Discord accounts. Discord sends back a user authentication token saved on the computer when a user logs in with…