News

Multifactor authentication > Mobile phone verification of a permission request for laptop login.

Frontegg launches entitlements engine to streamline access authorization

Can your employer spy on your iPhone or Android phone?

Screen recording Android app found to be spying on users

12 ransomware

Hackers hold city of Augusta hostage in a ransomware attack

The ransomware group has released 10GB of sample data from the cyberattack on the US city of Augusta and claimed they have a lot more data available.

A hook is cast at laptop email with fishing lures amid abstract data.

New phishing technique poses as a browser-based file archiver

The new technique has a hacker simulate an archiving software in the web browser to trick the victim as he tries to access a .zip domain.

Electricity grid

Researchers find new ICS malware toolkit designed to cause electric power outages

Mandiant recommends threat-hunting steps to detect COSMICENERGY despite no confirmed attacks in the wild.

Conceptual image of a network of executives / silhouettes of executives in motion.

New CISO appointments, February 2023

Keep up with news of CSO, CISO, and other senior security executive appointments.

VMware: Why CISOs Are Looking to Lateral Security to Mitigate Ransomware

How to check for new exploits in real time? VulnCheck has an answer

VulnCheck’s new database tracks exploits for fresh vulnerabilities in real time and allows for search using CVE IDs.

Person holding phone near a laptop while getting two-factor authentication info

Inactive accounts pose significant account takeover security risks

Inactive accounts that haven’t been accessed for extended periods are more likely to be compromised due to password reuse and lack of multifactor authentication.

A laptop displays binary code and the flag of China.

Microsoft links attacks on American critical infrastructure systems to China

The Chinese nation-state actor has been actively conducting espionage and information-gathering attacks on American systems since mid-2021.

fighter hacker skull and crossbone skeleton scary mask sebastiaan stam 573834 unsplash

SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups

Research shows a shift toward advanced persistent threat actors compromising smaller organization, in part to enable other attacks.

fishing phishing survival competition different point of view

New hyperactive phishing campaign uses SuperMailer templates: Report

Network security firm Cofense was able to identify a code trace in phishing emails that revealed SuperMailer abuse in the attacks.

north korea statue pyongyang

US sanctions four North Korean entities for global cyberattacks

North Korean hackers stole more virtual currency in 2022 than in any previous year, with estimates ranging from $630 million to over $1 billion — reportedly doubling Pyongyang’s total cybertheft proceeds in 2021.

searching, search bar

CyberArk’s enterprise browser promises zero-trust support, policy management

The identity security vendor is set to launch an enterprise browser in response to increasing post-MFA attacks on session cookies.

cyber attack alarm alert

Credential harvesting tool Legion targets additional cloud services

Threat actors now use Legion to steal AWS-specific credentials from web servers to enable email and SMS spam campaigns.

cybersecurity eye with binary face recognition abstract eye

Axiado releases new security processors for servers and network appliances

The new TCUs released by Axiado are built within a single SoC, with AI as added layer of security.

enter neon sign do not tresspass privacy authentication access barbed wire by clem onojeghuo unspla

Teleport releases Teleport 13 with automatic vulnerability patching, enhanced DevOps security

Teleport 13 features include Transport Layer Security routing and the ability to import applications/groups from Okta and AWS OpenSearch support for secure database access.

EU / European Union / GDPR data privacy protection, regulation, compliance

Meta fined $1.3B for violating EU GDPR data transfer rules on privacy

The Irish Data Protection Commission has levied a record-breaking fine against Facebook's parent company, Meta, for transferring data to the US without data privacy safeguards.

Cybersecurity > Email security threats, such as phishing

Microsoft reports jump in business email compromise activity

Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report.

Security threat [illustration] > A hacker with black hat, mask, and crowbar breaks into a laptop.

Legitimate looking npm packages found hosting TurkoRat infostealer

The malicious packages have been downloaded hundreds of times, but the long-term impact is unknown.

samsung message

Guerrilla malware is preinfected on 8.9 million Android devices, Trend Micro says

Guerilla malware, distributed by cybercrime gang Lemon Group, can load additional payloads, intercept one-time passwords from SMS texts, set up a reverse proxy from the infected device, and infiltrate WhatsApp sessions.

Load More