News

Russian hammer and sickle / binary code
U.S. dollar sign circuitry.

Ransomware  >  A masked criminal ransoms data for payment.

Financial crime group FIN11 pivots to ransomware and stolen data extortion

FIN11, believed to be Russia-based, follows a trend of cybercriminal groups expanding their operations beyond financial crime.

One lock in a series is unlocked / weakness / vulnerability

Half of all virtual appliances have outdated software and serious vulnerabilities

New study shows that even security vendors can use outdated and vulnerable virtual appliances. Top advice: Make sure your vulnerability management processes include virtual appliances.

A man casts the shadow of an ominous hooded figure against a circuit-based wall.

Elusive hacker-for-hire group Bahamut linked to historical attack campaigns

The Bahamut group targets high-value victims and takes meticulous care with its own operational security.

Facebook / network connections / privacy / security / breach / wide-eyed fear

How SilentFade group steals millions from Facebook ad spend accounts

SilentFade steals credentials and ad spend account information and sells the information to other bad actors. The group returned with improved malware after Facebook's initial mitigation efforts.

Remote worker  >  A man works from home with his dog

CIOs say security must adapt to permanent work-from-home

Both private- and public-sector CIOs see many more employees permanently working remotely, and say security needs to adapt to new threats and how they communicate.

A hacker targets a sitting duck  >  easy target / easy pickings / victim targeting

Privacy dominates Australians’ concerns as cybercriminals pummel banks

Major bank blocking “tens of millions” of attacks monthly in fight to protect customers’ data.

Insider threats  >  Employees suspiciously peering over cubicle walls

Preventing insider threats: What to watch (and watch out) for

Understanding human behaviors that precede malicious actions from an insider is the best way to avoid data loss or disruption, experts say.

bucket with holes breach security vulnerability

SAP ASE leaves sensitive credentials in installation logs

Two vulnerabilities in SAP ASE's Cockpit component leaves some sensitive information available to anyone on the network and other data susceptible to brute-force attacks.

CSO  >  Searching for vulnerabilities  >  Magnifying lens in a virtual interface idnetifies weakness

Zerologon explained: Why you should patch this critical Windows Server flaw now

Attackers have learned how to exploit the Zerologon vulnerability in Windows Server, potentially gaining domain admin control.

frustrated defeated discouraged upset mistake failure karina carvalho 87593 unsplash

University of Tasmania breach a tough lesson in cloud misconfiguration errors

Human error back in the spotlight after Office 365 permissions lapse.

Ransomware

Ransomware attacks growing in number, severity: Why experts believe it will get worse

Law enforcement and federal experts discuss recent ransomware trends and challenges of fighting the attacks.

Data viewed secretively with binoculars.

What data China collected about 35,000 Aussies—and 2.4 million people globally

Zhenhua Data defends “research”—but concerns mount over what Australia has discovered about Chinese gathering of personal data.

whitelisting computer security security oversight admin lockout control by metamorworks getty images

Telstra taps Australian cyber cops to block SMS spoofing attacks

As COVID-19’s digital-services surge drives increased fraud, Defence Ministry helps government services agency identify legitimate communications.

frustrated waiting for the phone to ring 137888054

Just let week-long DDoS attack ‘fizzle out’, says NZ government

Authorities haven’t identified the perpetrators of rolling DDoS attacks that took down the NZX stock exchange and crippled other firms.

vulnerable breach cyberattack hacker

Evilnum group targets FinTech firms with new Python-based RAT

The attack hides in Windows systems by impersonating several legitimate programs.

Security threat   >   One endpoint on a network has been compromised.

APT-style mercenary groups challenge the threat models of many organizations

APT-for-hire services will broaden the scope of who is vulnerable to that type of attack. Small- and medium-sized companies in particular need to rethink their threat models.

cloud security expert casb binary cloud computing cloud security by metamorworks getty

With cloud's security benefits comes systemic risks, report finds

A new report from the Carnegie Endowment for International Peace seeks to give law and policy makers a better understanding of cloud security risks.

Application security  >  Software code + data protected with a lock

IT managers urged to revisit security following hasty lockdown changes

CERT NZ cites a rise in ransomware and RDP attacks during the COVID-19 pandemic, at a time when companies may have made changes that compromise security.

Load More