News
-
"Researchers Warn of Self-Spreading Malware Targeting Gamers via YouTube"People looking for game cheats on YouTube are being targeted with links to malicious password-protected archive files that install the RedLine Stealer malware and cryptocurrency miners on compromised machines. These links are being spread through YouTube…
-
"Rust Foundation Launches Security Team With Support From OpenSSF and JFrog"The Rust Foundation, which supports the open-source Rust programming language, has announced the formation of a dedicated security team. The security team includes dedicated staff resources that enable the development and implementation of security best…
-
"Webworm Hackers Modify Old Malware in New Attacks to Evade Attribution"The Chinese 'Webworm' hacking group is experimenting with repurposing old malware in new attacks, most likely to avoid attribution and cut operational costs. Webworm is a cyberespionage cluster that has been active since at least 2017 and has previously…
-
"Backlogs Larger Than 100K+ Vulnerabilities but Too Time-Consuming to Address"A report titled "The State of Vulnerability Management in DevSecOps" released by Rezilion and Ponemon Institute reveals that organizations are losing thousands of hours in time and productivity due to a massive backlog of vulnerabilities. Of the security…
-
"Employees Take Risks to Avoid Login Hassles"According to a new 1Password report, 43 percent of employees admit to risky online behaviors such as sharing logins, offloading tasks to others, or abandoning certain tasks in order to avoid complicated login procedures. Of those surveyed by 1Password,…
-
"Organizations Are Scaling Back Their Open Source Software Due to Security Fears – Anaconda"The latest research from the data science platform provider Anaconda, growing security concerns about open-source software are causing organizations to reduce their use. The annual 2022 State of Data Science report from the firm delves into the trends,…
-
"Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish"According to the security firm Vectra, attackers who gain initial access to a victim's network can expand their reach by using access tokens from other Microsoft Teams users to impersonate employees and exploit their trust. The firm released an advisory…
-
"Off-The-Shelf Crypto-Detectors Give a False Sense of Data Security"A team of computer scientists at the College of William & Mary outlined a leading reason behind insecure data and provided suggestions on how to fix the problem. Data security is dependent on the use of appropriate, well-executed cryptography.…
-
"NYU to Create Comprehensive Cybersecurity and Resiliency Program"The NYU Tandon School of Engineering and the Depository Trust & Clearing Corporation (DTCC) have announced a new partnership aimed at advancing the capabilities of the NYU Center for Cybersecurity (CCS). The partnership will support the new program…
-
"Strike Force: Why Ransomware Groups Feel the Need for Speed"The faster cryptocurrency-locking malware can encrypt a victim's files and delete the originals, the less likely the attack will be detected and stopped. Furthermore, the less time it takes to carry out an attack, the more victims a malicious actor can…
-
"Three Iranian Nationals Charged with Engaging in Computer Intrusions and Ransomware-Style Extortion Against US Critical Infrastructure Providers"The US has charged three Iranian nationals with allegedly orchestrating a scheme to hack into multiple US victims' computer networks. In order to access and steal data and information from victims' computer systems, the defendants' hacking campaign took…
-
"CISA Directs Critical Infrastructure Organizations to Prepare for Post-Quantum Cryptography"The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) published guidelines that critical infrastructure organizations should follow to transition smoothly to post-quantum cryptography standards. These standards…