News
-
"National Cybersecurity Review Begins for All Levels of Government"A survey made available by the US Homeland Security Department's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) every year for state, local, tribal, and territorial governments to assess their cybersecurity has been opened. The annual…
-
"SCADA Systems Involved in Many Breaches Suffered by US Ports, Terminals"Researchers at Jones Walker have published the results of a survey focusing on the cybersecurity preparedness of ports and terminals in the United States. According to Jones Walker's 2022 Ports and Terminals Cybersecurity Survey, there has been a…
-
"Canadian NetWalker Ransomware Affiliate Gets 20-Year Prison Sentence in US"Recently a former Canadian government employee was sentenced to prison in the United States for his role in the NetWalker ransomware attacks. The man, Sebastien Vachon-Desjardins, 35, of Gatineau, Quebec, pleaded guilty in June 2022 to…
-
"A Fundamental Mechanism That Secures the Internet Has Been Broken"The Resource Public Key Infrastructure (RPKI) is a security framework designed to keep cybercriminals and rogue states from redirecting Internet traffic. The National Research Center for Cybersecurity ATHENE has discovered a way to easily bypass this…
-
"Hiring and Retention in the Cybersecurity Workforce Remain Difficult"Findings from a new ISACA report indicate that it is becoming increasingly difficult to hire and retain a cybersecurity workforce. According to the report, 63 percent of the 2,000 surveyed security workers say they have open positions, representing an 8…
-
"Steam Gaming Phish Showcases Browser-in-Browser Threat"Attackers have been targeting Steam online gaming platform users with a new phishing tactic involving authentic-looking fake browser windows to steal credentials and take control of accounts. The widespread campaign serves as a warning to businesses that…
-
"Dissect: Open-Source Framework for Collecting, Analyzing Forensic Data"The Dissect framework is a game changer in cyber incident response as it enables data acquisition on thousands of systems in hours, regardless of the nature and size of the IT environment, to be investigated following an attack. Over the last ten years,…
-
"Hackers Are Breaching Scam Sites to Hijack Crypto Transactions"Water Labbu is a threat actor who is hacking into cryptocurrency scam sites to inject malicious JavaScript that steals funds from the scammer's victims. The FBI issued a warning in July about scam decentralized applications (dApps) that impersonated…
-
"Ransomware Group Bypasses 'Enormous' Range of EDR Tools"Security researchers at Sophos have discovered that a notorious ransomware group has been leveraging sophisticated techniques to bypass endpoint detection and response (EDR) tools. BlackByte, which the US government has said poses a serious threat…
-
"CISA: Multiple Government Hacking Groups Had 'Long-Term' Access to Defense Company"Several US agencies have stated that multiple government hacking groups had "long-term" access to a defense company's network. According to a report from the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the National Security…
-
"Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices"RatMilad, a novel Android malware, has been observed targeting a Middle Eastern enterprise mobile device while masquerading as a Virtual Private Network (VPN) and phone number spoofing app. The mobile Trojan acts as advanced spyware, receiving and…
-
"Microsoft: Watch Out for Password Spray Attacks – Especially You, Basic Auth"Microsoft has issued a warning to Exchange Online users about an increase in password spray attacks, urging those who have yet to disable Basic Auth to set up authentication policies. Password spray attacks, a type of brute-force tactic in which an…