Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
 |
2021-04-05 21:23:44 |
Personal Info for More Than Half a Billion Facebook Users Leaked Online (lien direct) |
Someone leaked the phone numbers and personal information for over half a billion Facebook users online. Alon Gal, CTO at cybercrime intelligence firm Hudson Rock, tweeted out that someone had dumped hundreds of millions of Facebook records onto a hacking forum: |
|
|
|
 |
2021-04-05 17:01:42 |
Ransomware Defense: Three Implementations Every Security Team Needs (lien direct) |
Few will be shocked to hear that ransomware attacks are continuing to accelerate at a torrid pace - but the more concerning trend is the effectiveness of ransomware at creating chaos and paralyzing business operations. |
Ransomware
|
|
|
 |
2021-04-01 18:41:06 |
CISO Stories Podcast: The Colonoscopy of CyberSecurity (lien direct) |
The information and cybersecurity industry has no shortage of regulations, and many organizations simply rundown the list of requirements, load them into an excel spreadsheet and check the boxes to demonstrate they are in compliance. But is being compliant the same as being secure?
Join this podcast with special guest Lee Parrish who shares an analogy that illustrates why being compliant is not the same as being secure, and how we can change an organization's orientation to keep the focus on security - check it out... |
|
|
|
 |
2021-04-01 14:02:27 |
Cybereason vs. DarkSide Ransomware (lien direct) |
DarkSide is a relatively new ransomware strain that made its first appearance in August 2020. DarkSide follows the RaaS (ransomware-as-a-service) model, and, according to Hack Forums, the DarkSide team recently made an announcement that DarkSide 2.0 has been released. According to the group, it is equipped with the fastest encryption speed on the market, and even includes Windows and Linux versions. |
Ransomware
Hack
|
|
|
 |
2021-03-31 19:10:25 |
Whistleblower Accuses Ubiquiti of Downplaying Major Data Breach (lien direct) |
A security professional who assisted Ubiquiti in its response to a data breach accused the Internet-of-Things (IoT) device vendor of having downplayed the incident's severity. |
Data Breach
|
|
|
 |
2021-03-31 16:34:21 |
FBI Pegs 2020 Cybercrime Costs at $4 Billion - Actual Losses Likely Higher (lien direct) |
Cybercrime cost the American public over $4 billion in reported losses over the course of 2020, according to the FBI. In its Internet Crime Report 2020, the FBI's Internet Crime Complaint Center (IC3) revealed that it had received 791,790 complaints of digital crime in 2020. |
|
|
|
 |
2021-03-30 17:26:15 |
DearCry Ransomware and the HAFNIUM Attacks – What You Need to Know (lien direct) |
The widespread HAFNIUM attacks were just the beginning of the problems stemming from multiple vulnerabilities in Microsoft's Exchange offering that were recently disclosed. According to Bleeping Computer, users began submitting new ransomware attack reports to the ID-Ransomware identification site on March 9 that site creator Michael Gillespie later determined had likely originated on Microsoft Exchange servers. |
Ransomware
|
|
|
 |
2021-03-29 13:08:15 |
Why Healthcare Security Requires an Operation-Centric Approach (lien direct) |
The healthcare industry is getting much more attention than normal right now. COVID-19 has disrupted business operations and turned lives upside down around the world as everyone struggles to get the pandemic under control. |
|
|
|
 |
2021-03-26 14:48:04 |
CISO Stories Podcast: Going All-In on a Career in Security (lien direct) |
Mauro Israel, CISO at BIOOOS, discusses his colorful background and how he – like so many others in the security field – came to discover his true calling late in life and was able to apply his wide range of knowledge and experience to the role of CISO in the healthcare field - check it out.. |
|
|
|
 |
2021-03-24 14:36:34 |
Cybereason Named a Strong Performer in Forrester Wave for MDR (lien direct) |
The Cybereason Managed Detection and Response (MDR) service offering has been named a Strong Performer in the Forrester Wave™: Managed Detection and Response, Q1 2021 report. |
|
|
|
 |
2021-03-23 18:00:09 |
Malicious Life Podcast: Inside the HAFNIUM Microsoft Exchange Attacks (lien direct) |
The recent HAFNIUM attacks hit tens of thousands of organizations' Microsoft Exchange servers around the globe. Now, an array of other threat actors are leveraging the residual webshells on victim systems to launch new attacks against organizations who thought patching the Microsoft vulnerabilities would have been enough to be protected. |
Threat
Patching
|
|
|
 |
2021-03-23 16:54:20 |
Sodinokibi/REvil Ransomware Gang Hit Acer with $50M Ransom Demand (lien direct) |
The Sodinokibi/REvil ransomware gang has reportedly infected Taiwanese multinational electronics corporation Acer and demanded a ransom of $50 million. Those responsible for the Sodinokibi ransomware strain announced on their data leaks website that they had breached the computer giant. |
Ransomware
|
|
|
 |
2021-03-22 13:08:36 |
Malicious Life Podcast: Inside NotPetya, Part 2 (lien direct) |
Many of you may have already heard of Amit Serper: he was the first researcher to tackle NotPetya and provide a solution when he was Principal Security Researcher at Cybereason back in 2017. |
|
NotPetya
NotPetya
|
|
 |
2021-03-18 15:27:30 |
HAFNIUM Response: Cybereason is Dedicated to Defending Our Customers (lien direct) |
It was recently disclosed that Microsoft Exchange offerings were severely compromised in nation-state sponsored operations by the threat group known as HAFNIUM. This incident has potentially affected tens-of-thousands of public and private organizations across the globe. |
Threat
|
|
|
 |
2021-03-18 10:04:34 |
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware (lien direct) |
Over the past year, the Cybereason Nocturnus Team has observed various trends among cyber criminals and nation-state groups leveraging various global events such as COVID-19 and other topical themes and trending issues as phishing content to lure their victims into installing their malware of choice. |
Malware
|
|
|
 |
2021-03-17 13:00:00 |
CISO Stories Podcast: Is Cybersecurity ROI Necessary? (lien direct) |
Business units are often challenged to demonstrate ROI on their spend for various initiatives. Why should the information security department be any different? |
|
|
|
 |
2021-03-16 16:03:52 |
Security CEO Roundtable: Restoring Our National Cybersecurity (lien direct) |
Now that President Biden has proposed the allocation of $10 Billion for cyber security and IT modernization, what specifically should the federal government focus on to restore confidence in our national cyber security defense posture? |
|
|
|
 |
2021-03-16 14:09:52 |
Webinar: Protecting Against IT Infrastructure Attacks from HAFNIUM to SolarWinds (lien direct) |
Attackers have proven time and again they are willing to innovate in nefarious ways to breach your defenses - as seen with the most recent headlines around the recent Microsoft Exchange and SolarWinds attacks. |
|
|
|
 |
2021-03-15 13:00:00 |
SolarWinds Attacks Recovery Effort Could Take U.S. Government 18 Months (lien direct) |
The U.S. government could take up to 18 months in its efforts to recover from the SolarWinds supply chain attack, explained the U.S. Cybersecurity & Infrastructure Security Agency (CISA). |
|
|
|
 |
2021-03-12 16:31:30 |
Webinar: The State of Ransomware (lien direct) |
Ransomware continues to evolve and despite what many in the industry had thought was a lull in the use of ransomware by cyber criminals; it hasn't gone away and has returned with a vengeance. |
Ransomware
|
|
|
 |
2021-03-12 15:15:23 |
International Women\'s Day: Why Be Daring? (lien direct) |
International Women's Day always makes me reflect about my career path and decisions, and I wonder if just the fact that I'm a woman makes them interesting. I hope not. |
|
|
|
 |
2021-03-11 17:36:05 |
Live Feeds of 150K Surveillance Cameras Compromised in Verkada Breach (lien direct) |
Digital attackers compromised the live feeds of 150,000 surveillance cameras made by enterprise security camera system manufacturer Verkada. According to Bloomberg News, a hacking collective that calls itself “Advanced Persistent Threat 69420” gained access to Verkada by misusing a “Super Admin” account at the company. |
Threat
|
|
|
 |
2021-03-11 13:38:02 |
International Women\'s Day: Girls Should Never Give Up (lien direct) |
“What do you want to be one day, Jean?” |
|
|
|
 |
2021-03-10 15:00:00 |
CISO Stories Podcast: Your Job is to Make Cybersecurity Simple (lien direct) |
The CISO position in some organizations is relatively new, but the role has actually been evolving over the past 25 years - ever since Citibank named the first CISO, Steve Katz, in 1995. Join this podcast to learn how Steve navigated the early days of security and the changes he sees in the role today... |
|
|
|
 |
2021-03-10 14:00:00 |
International Women\'s Day: “Win as One” Takes True Commitment to Diversity (lien direct) |
“As a woman...” I haven't really used that phrase for very long. Eight years ago, I came out as a transgender woman, very late in life. And even today I find myself fighting forty years of my own preconceived notions of what I had to be in order to say those words. |
|
|
|
 |
2021-03-09 15:00:00 |
International Women\'s Day: Culture Add Over Culture Fit as a Catalyst for Diversity (lien direct) |
Having worked in Human Resources my entire career, the notion of Culture Fit became near and dear to me throughout my career. Leadership teams would comment on needing to hire those who were a Culture Fit, hiring managers would request it, and recruiters would screen hundreds of candidates to try to ensure the people they presented truly fit the company's culture. |
Guideline
|
|
|
 |
2021-03-09 14:00:00 |
Cybereason Expands in the DACH Region with Bechtle AG Partnership (lien direct) |
Cybereason is pleased to announce a strategic partnership with Bechtle AG to facilitate expansion across the DACH region of Germany, Austria and Switzerland to better protect enterprises against sophisticated cyber attacks on endpoints and everywhere in their networks. |
|
|
|
 |
2021-03-08 20:27:29 |
HAFNIUM and SolarWinds Attacks Highlight Lack of Accountability (lien direct) |
On the heels of the SolarWinds supply chain attacks, organizations are again scrambling to assess the impact of a recently disclosed attack attributed to the Chinese state-sponsored HAFNIUM APT group that targets vulnerabilities in Microsoft Exchange servers with two zero-day exploits. Perhaps it's time we accept that there's a war going on, and that this war is being fought on the backs of commercial companies who are targeted by sophisticated, military-grade offensive campaigns. |
|
|
|
 |
2021-03-08 14:00:00 |
International Women\'s Day: UbU and Lead Like a Girl (lien direct) |
Rewind to 2012: Sheryl Sandberg's Lean In had just been published, pushing women to stop sitting back and start taking more risks. Amy Cuddy had just come out with her “Power Pose” TED Talk telling women that posing like Superwoman for two minutes can make you feel more powerful. |
Guideline
|
|
|
 |
2021-03-04 14:00:00 |
CISO Stories Podcast: …and Other Useless Security Constructs (lien direct) |
Bob Bigman, former CISO for the CIA, simplifies the conversation by slaughtering some of the industry's most sacred cows like risk tolerance as a key driver for security programs - check it out… |
|
|
|
 |
2021-03-03 14:00:00 |
Malicious Life Podcast: Inside NotPetya, Part 1 (lien direct) |
On June 28th, 2017, millions of Ukrainians were celebrating Constitution Day. Their national holiday turned into a nightmare, as tens of thousands of computers all over the country were infected by mysterious malware. By that afternoon, the cyber-pandemic was already going global. |
|
NotPetya
|
|
 |
2021-03-02 14:29:11 |
Defender Spotlight: Keith Barros, Seton Hall University (lien direct) |
Top-tier defender Keith Barros of Seton Hall University discusses the successes SHU has achieved with a deployment of Cybereason solutions to secure endpoints and ramp-up students to Level1 Analyst level performance. |
|
|
|
 |
2021-03-01 14:00:00 |
CISO Stories Podcast: Without Building a CISO EQ, You May Be On Your Own (lien direct) |
The CISO must interact with many different groups within the company. These groups differ in the amount of business acumen and technical depth necessary. The CISO must have self-awareness of how to approach each of these different types of stakeholders, as well as ensuring appropriate self-care is taken to limit burnout, stress and anxiety. |
|
|
|
 |
2021-02-25 14:00:00 |
CISO Stories Podcast: Doing Privacy Right vs. Doing Privacy Rights (lien direct) |
Eric Schmidt (CEO Google 2001-2007) famously noted that his company's policy was to get 'right up to the creepy line and not cross it.' The closer an organization can get to this imaginary line, the greater the profit maximization. When does this become an invasion of privacy? |
|
|
|
 |
2021-02-24 14:00:00 |
More Money Won\'t Prevent the Next SolarWinds - But Better Detection Strategies Will (lien direct) |
The SolarWinds supply chain attacks aren't out of the news yet - not by a longshot. Now is when we're starting to see the U.S. government implement changes in response to the incident. |
|
|
|
 |
2021-02-23 14:05:00 |
Cybereason Accelerates North American Expansion with Strategic Hires (lien direct) |
Cybereason is pleased to announce further expansion in North America with the addition of cybersecurity leaders Abigail Maines as Vice President of Commercial and Channel Sales, Stephan Tallent as Vice President of Managed Security Services Providers, and Ahmed Saleh as Vice President of Incident Response Services. |
Guideline
|
|
|
 |
2021-02-23 14:00:00 |
Case Study: SCM Insurance Services Finds True Partnership Cybereason (lien direct) |
SCM Insurance Services has been supporting the insurance and risk management community for more than 30 years with over 200 locations and over 3,000 employees across North America providing claims adjusting, third-party administration (TPA), risk management, investigative, surveillance, risk mitigation, medical services, forensic services (accounting/engineering), and risk intelligence. |
|
|
|
 |
2021-02-22 13:45:00 |
Ransomware Attacks Remain Persistent and Pervasive (lien direct) |
Ransomware has been the scourge of businesses for some time now, and it doesn't seem that there is an end in sight where the impact to business is concerned. |
|
|
|
 |
2021-02-19 13:40:58 |
Kia Motors America: Ransomware Not Behind Extended Systems Outage (lien direct) |
Kia Motors America stated that a ransomware attack was not the apparent cause of an extended systems outage affecting the automobile dealer's IT systems. It all started with an error message… |
Ransomware
|
|
|
 |
2021-02-18 14:00:00 |
Cybereason Expands Middle East and North Africa Presence with Dubai\'s Oxygen (lien direct) |
Cybereason is pleased to announce a partnership with Oxygen DMCC, the Dubai-based leader in AI-powered cybersecurity and mobility solutions, enabling enterprises across the Middle East and North Africa (MENA) to detect and end cyber attacks on endpoints anywhere on their networks. |
Guideline
|
|
|
 |
2021-02-17 20:19:15 |
Malicious Life Podcast: Should Law Enforcement Use Facial Recognition? Pt. 2 (lien direct) |
It seems likely that legislation alone won't be able to regulate the widespread use of facial recognition. However, placing AI in the hands of law enforcement or the government does have its dangers due to the limitations of the technology itself and the biases of the officers who use it. |
|
|
|
 |
2021-02-17 18:35:26 |
Global Law Firm Attributes Data Breach to Compromise at File Sharing Provider (lien direct) |
An international law firm attributed a data breach to a compromise at a cloud solutions company that provides file-sharing services. According to the Wall Street Journal, a threat actor claimed to have stolen data from global law firm Jones Day and published that information on the dark web. |
Data Breach
Threat
|
|
|
 |
2021-02-17 14:00:00 |
CISO Stories Podcast: Sled Security - Pandemics, Policies, and Penny-Pinching (lien direct) |
The Cybersecurity Coalition's Ari Schwartz brings us up to date on some of the organization's initiatives and then dives into some of the challenges SLED defenders are facing in trying to do more with less… |
|
|
|
 |
2021-02-16 13:00:00 |
Cybereason vs. NetWalker Ransomware (lien direct) |
The NetWalker ransomware has been one of the most notorious ransomware families over the course of the past year, targeting organizations in the US and Europe including several healthcare organizations, despite several known threat actors publicly claiming to abstain from targeting such organizations due to COVID-19. |
Ransomware
Threat
|
|
|
 |
2021-02-15 14:00:00 |
The Cybereason Difference: Why PenTesters Don\'t Want to be Our Valentine (lien direct) |
This is the inaugural blog for our new series, The Cybereason Difference. Each post will explore a unique way that Cybereason empowers defenders. For this post, we decided to take a look at some of the reasons why we often get notes from our customers to the effect of, “I'm having fun watching our pentesters get frustrated over and over again as they attempt to bypass Cybereason - literally throwing the kitchen sink at it to no avail!” |
|
|
|
 |
2021-02-12 19:59:42 |
CISO Stories Podcast: Telling Scary Stories to the Board? Stop. Here\'s Why… (lien direct) |
CISOs today have varied tenures at organizations depending upon their ability to master learning the business of the organization. Enjoy this podcast with special guest Mischel Kwon to learn how to translate information security technical issues into a business-focused language and determine the right amount of technical language to share with executives… |
|
|
|
 |
2021-02-12 14:43:04 |
Malicious Life Podcast: Should Law Enforcement Use Facial Recognition? Pt. 1 (lien direct) |
There are plenty of reasons why law enforcement should use AI for facial recognition - after all, humans are notoriously bad eye witnesses. However, placing AI in the hands of law enforcement does have its dangers due to the limitations of the technology itself and the biases of the officers who use it. |
|
|
|
 |
2021-02-10 14:00:00 |
The Cybereason Malop: Achieving Operation-Centric Security (lien direct) |
Targeted attacks are increasingly taking aim at multiple users and devices simultaneously as well as leveraging a wider range of tactics, techniques and procedures. |
|
|
|
 |
2021-02-09 16:21:37 |
Attacker Tries to Poison Florida City\'s Water Supply (lien direct) |
A cyberattacker attempted to poison a Florida municipality's water supply by breaking into the city's water treatment plant systems. On February 5, an operator at the water treatment plant for the City of Oldsmar in Pinellas County noticed someone controlling his mouse. The operator didn't think much of the activity at first, reported WTSP-TV. |
|
|
|
 |
2021-02-08 18:47:37 |
Extortionists Publish Data Stolen from Two Healthcare Service Providers (lien direct) |
An attacker group published information stolen from two healthcare service providers in a reported attempt to extort them for money. On February 5, NBC News reported that a well-known ransomware group had published tens of thousands of files to a data leaks website on the dark web. Among those files were scanned diagnostic results, letters to health insurers and a folder containing background checks on employees. |
Ransomware
|
|
|