What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-04-16 06:00:00 | RubyGems typosquatting attack hits Ruby developers with trojanized packages (lien direct) | Over 700 malicious packages with names similar to legitimate ones have been uploaded to RubyGems, a popular repository of third-party components for the Ruby programming language. The upload took place over the course of a week in February, researchers report. The rogue packages contained a malicious script that, when executed on Windows computers, hijacked cryptocurrency transactions by replacing the recipient's wallet address with one controlled by the attacker. [ How well do you know these 9 types of malware and how to recognize them. | Sign up for CSO newsletters! ] | Malware | ||
|
2020-04-15 03:00:00 | Threat modeling explained: A process for anticipating cyber attacks (lien direct) | Threat modeling definition Threat modeling is a structured process through which IT pros can identify potential security threats and vulnerabilities, quantify the seriousness of each, and prioritize techniques to mitigate attack and protect IT resources.This broad definition may just sound like the job description of a cybersecurity professional, but the important thing about a threat model is that it is systematic and structured. Threat modelers walk through a series of concrete steps in order to fully understand the environment they're trying to secure and identify vulnerabilities and potential attackers.That said, threat modeling is still in some ways an art as much as a science, and there is no single canonical threat modeling process. The practice of threat modeling draws from various earlier security practices, most notably the idea of "attack trees" that were developed in the 1990s. In 1999, Microsoft employees Loren Kohnfelder and Praerit Garg circulated a document within the company called "The Threats to Our Products" that is considered by many to be the first definitive description of threat modeling. | Threat | ||
|
2020-04-14 07:23:00 | What is a deepfake? How to prepare for and respond to this cyber attack (lien direct) | As cyber criminals deploy more complex methods of hacking, using deepfakes to spread misinformation and “hack reality” have become more popular. This video, audio and/or text-based content is AI-generated and may be hard to discern from factual media. While no one can be totally safe from being deepfaked, heads of global companies or politicians may be especially appealing targets for hackers. Industry analyst and author Dr. Chase Cunningham joins Juliet to discuss how individuals and enterprises alike must respond to a deepfake attack, how the technology may evolve and how to determine what's real versus what has been deepfaked.Chase's book: Cyber Warfare – Truth, Tactics, and Strategies: Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare: https://www.amazon.com/Cyber-Warfare-Strategies-organization-battleground/dp/1839216999 | |||
|
2020-04-13 03:00:00 | AI-powered deception technology speeds deployment, improves results (lien direct) | Over the past few weeks, the cybersecurity landscape has changed dramatically. Employees working at home mean more exposed attack surface and plenty of unusual user behavior patterns. And newly deployed remote collaboration platforms might not have been fully vetted yet. | |||
|
2020-04-09 11:01:00 | 16 real-world phishing examples - and how to recognize them (lien direct) | You think you know phishing? Image by ThinkstockEven though computer users are getting smarter, and the anti-phishing tools they use as protection are more accurate than ever, the scammers are still succeeding. Lured with promises of monetary gain or threats of financial or physical danger, people are being scammed out of tens of thousands of dollars. Corporations lose even more - tens of millions. |
Malware Hack | ||
|
2020-04-09 03:00:00 | Beware malware-laden emails offering COVID-19 information, US Secret Service warns (lien direct) | As the coronavirus crisis continues to capture everyone's attention, cybercriminals stay busy running scams and delivering malware using the attention-getting virus as a lure. The threats from the scammers and crooks, which began as early as January and continue unabated, range from tricking people out of their financial data to delivering pernicious malware. [ Check out these 11 phishing prevention tips for best technology practices, employee education and social media smarts. | Get the latest from CSO by signing up for our newsletters. ] | |||
|
2020-04-02 03:48:00 | Weakness in Zoom for macOS allows local attackers to hijack camera and microphone (lien direct) | The Zoom video conferencing client for macOS does not take full advantage of the application hardening features the operating system offers, which could allow local malware to elevate its privileges or access the camera and microphone without the user's knowledge. The issues, which stem from insecure use of system APIs, were revealed Wednesday by security researcher Patrick Wardle on his blog. Wardle has a long history of macOS security research, which includes finding vulnerabilities, analyzing malware and writing security tools for Apple's platform.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Exploiting the two flaws requires attackers to already have local code execution access on the machine, but this does not mean they're not serious issues, since local code execution with limited user privileges can be achieved in a variety of ways. Furthermore, Wardle believes the problems could have been easily avoided by Zoom because the attack techniques have been documented by himself and other researchers in the past in blog posts and at security conferences. | Malware | ||
|
2020-04-01 06:00:00 | Attack campaign hits thousands of MS-SQL servers for two years (lien direct) | In December, security researchers noticed an uptick in brute-force attacks against publicly exposed Microsoft SQL servers. It turns out the attacks go as far back as May 2018 and infect on average a couple thousand database servers every day with remote access Trojans (RATs) and cryptominers.Researchers from Guardicore Labs have dubbed the ongoing campaign Vollgar and traced it back to China. The scans and attacks originate from Chinese IP addresses -- likely associated with infected and hijacked machines -- and the command-and-control (C&C) servers are also hosted in China and uses Chinese language for their web-based management interfaces. | |||
|
2020-03-30 11:14:00 | BrandPost: Considerations for Addressing Additional Security Needs for Remote Workers (lien direct) | By now, most organizations responding to the current global pandemic have already moved their workforce to their homes using a secure remote worker system that includes an endpoint VPN client, online teleconferencing systems, and a headend VPN concentrator. But getting workers up and running is not the same thing as making sure that they, and the corporate assets they need to access remotely, have been properly secured.There has been a massive spike in coronavirus-focused attacks over the past couple of weeks. Cybercriminals are intentionally targeting not just teleworkers, but even their children who are now being schooled at home using e-learning, to compromise home networks. Their goal is to exploit this new attack vector by taking advantage of novice teleworkers and any gaps in security resulting from a rushed transition to a new networking model. Poorly secured home devices and network, combined with overwhelmed head-end VPN termination systems and corporate resources that have rarely, if ever, been accessed remotely, is a formula for disaster. | |||
|
2020-03-27 04:38:00 | Cybercriminal group mails malicious USB dongles to targeted companies (lien direct) | Security researchers have come across an attack where an USB dongle designed to surreptitiously behave like a keyboard was mailed to a company under the guise of a Best Buy gift card. This technique has been used by security professionals during physical penetration testing engagements in the past, but it has very rarely been observed in the wild. This time it's a known sophisticated cybercriminal group who is likely behind it.The attack was analyzed and disclosed by security researchers from Trustwave SpiderLabs, who learned about it from the business associate of one of their team members. Ziv Mador, vice president for security research Trustwave SpiderLabs, tells CSO that a US company in the hospitality sector received the USB sometime in mid-February. | |||
|
2020-03-26 03:00:00 | Dear future victim, please panic (lien direct) | Dear Victim,Please panic.Cower in the corner under a toilet paper fort with a pile of ammo for a pillow. Meanwhile, I'm hacking your corporate network.Work from home, they said. Self-isolate, they said. Avoid contagion, they said. They forgot about me, for I am a DORMANT CYBER PATHOGEN. Dormant no longer... [ How much does a cyber attack really cost? Take a look at the numbers.. | Get the latest from CSO by signing up for our newsletters. ] | |||
|
2020-03-25 03:00:00 | Securing Windows and Office in a time of COVID-19: update policies, remote options (lien direct) | The stay-at-home alerts for many large cities, US states, and countries is putting information technology and security professionals on the forefront of the battle to keep businesses up and running with most employees working remotely. Technology has risen to the challenge in some ways, but for some things there's just too much on our plates to deal with right now. Here's how the COVID-19 pandemic is impacting our Windows security in that regard: [ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] | Malware | ||
|
2020-03-23 03:00:00 | New York\'s SHIELD Act could change companies\' security practices nationwide (lien direct) | The Stop Hacks and Improve Electronic Data Security Act, otherwise known as the SHIELD Act, is a New York State bill signed into law last July. One key provision in the legislation that could significantly change security practices across the country is slated to go into effect March 21, possibly inducing companies big and small to change the way they secure and transmit not only New Yorkers' private data but all consumers' sensitive information.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Technically an amendment to the state's data breach notification law, the SHIELD Act could have as much of an impact on internet and tech companies' privacy and security practices as the more famous California Consumer Privacy Act (CCPA) or even the European Union's General Data Protection Regulation (GDPR) experts say. | Data Breach | ||
|
2020-03-19 14:14:00 | The 14 biggest data breaches of the 21st century (lien direct) | Not long ago, a breach that compromised the data of a few million people would have been big news. Now, breaches that affect hundreds of millions or even billions of people are far too common. About 3.5 billion people saw their personal data stolen in the top two of 14 biggest breaches of this century alone. The smallest incident on this list involved the data of a mere 134 million people. [ How well do you know these 9 types of malware and how to recognize them. | Sign up for CSO newsletters! ] | Malware | ||
|
2020-03-19 05:45:00 | 6 ways attackers are exploiting the COVID-19 crisis (lien direct) | While organizations can take plenty of steps to ensure employees are well-equipped to work remotely in a secure manner, threat actors of all stripes are already taking advantage of the COVID19/coronavirus situation. Never ones to miss an opportunity, attackers are ramping up operations to spread malware via Covid19-themed emails, apps, websites and social media. Here's a breakdown of potential threat vectors and techniques threat actors are using to attack organizations. | Threat | ||
|
2020-03-11 05:54:00 | Deloitte: 8 things municipal governments can do about ransomware (lien direct) | The IT systems of the City of Durham and Durham County in North Carolina have been shuttered since a successful ransomware attack struck the municipalities on the evening of March 6. Although details are still sketchy, the North Carolina Bureau of Investigation indicated the attackers used Russian-made malware known as Ryuk. [ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ] | Ransomware | Deloitte | |
|
2020-03-10 15:55:00 | New CPU attack technique can leak secrets from Intel SGX enclaves (lien direct) | Researchers have devised a new attack against Intel CPUs that can leak sensitive secrets stored in SGX secure enclaves and, at least in theory, from privileged processes across security boundaries such as kernel space, virtual machines and hypervisors. Dubbed Load Value Injection (LVI), the new attack is based on techniques used in other CPU vulnerabilities such as Spectre, Meltdown and Microarchitectural Data Sampling (MDS), but is different, more importantly, in that it bypasses the mitigations put in place for those flaws. | |||
|
2020-03-10 03:00:00 | Is the EARN-IT Act a backdoor attempt to get encryption backdoors? (lien direct) | Last week a pair of US senators on the Senate Judiciary Committee, Lindsey Graham (R-SC) and Richard Blumenthal (D-CT), introduced a flashpoint piece of legislation called The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT). The law, ostensibly designed to dampen the rampant child exploitation activities online, has drawn criticism from civil rights groups, free speech advocates, and cybersecurity professionals during draft discussions. Most observers said it is a sneak attack on end-to-end encryption. The release of the formal version of the bill only solidified this fear. | |||
|
2020-03-10 03:00:00 | RSA 2020: 7 trends and takeaways (lien direct) | RSA 2020 had an uninvited guest, Covid-19. Fist bumps replaced handshakes and hand sanitizing stations were spread throughout the Moscone Center. Attendance seemed to be down due to factors like the virus panic and the withdrawal of major players like AT&T, IBM, and Verizon. | |||
|
2020-03-09 10:15:00 | BrandPost: The Evolution of Linux Threats (lien direct) | 2019 was the year of Linux threats. Our research team observed a significant increase in the number of cyber attacks targeting Linux systems, evidenced by the discoveries of HiddenWasp, QNAPCrypt and EvilGnome.Sadly, the antivirus industry continues to be plagued by low Linux threat detection rates.It's important to understand that in an open-source ecosystem like Linux, there is a large amount of publicly available code that can be quickly copied by attackers to produce their own malware. At the time of its discovery, for example, HiddenWasp contained large portions of code from previously leaked and/or open-sourced threats Mirai and the Azazel rootkit. While Mirai is not a highly complex malware, its code was leaked in 2016. We now see its code being reused often by adversaries to develop their own malware instances within the Linux operating system. | Malware Threat | ||
|
2020-03-09 03:00:00 | Top cybersecurity facts, figures and statistics for 2020 (lien direct) | Looking for hard numbers to back up your sense of what's happening in the cybersecurity world? We dug into studies and surveys of the industry's landscape to get a sense of the lay of the land-both in terms of what's happening and how security leaders are reacting to it. If you want data on what systems are most vulnerable, what malware is topping the charts, and how much people are getting paid to deal with it all, read on.9 key cybersecurity statistics at-a-glance 94% of malware is delivered via email Phishing attacks account for more than 80% of reported security incidents $17,700 is lost every minute due to phishing attacks 60 percent of breaches involved vulnerabilities for which a patch was available but not applied 63 percent of companies said their data was potentially compromised within the last twelve months due to a hardware- or silicon-level security breach Attacks on IoT devices tripled in the first half of 2019. fileless attacks grew by 256 percent over the first half of 2019 Data breaches cost enterprises an average of $3.92 million 40 percent of IT leaders say cybersecurity jobs are the most difficult to fill The year in vulnerabilities Let's start by getting basic: no matter how many new and exotic vulnerabilities you'll hear about, in this article and others on cybersecurity, there's one that towers over all the rest. In an examination of thousands of security incidents, Verizon found that almost all malware arrived on computers via email: this was true in 94 percent of cases. In not unrelated news, the number one type of social engineering attack, accounting for more than 80 percent of reported incidents, is phishing-the end goal of which is often to convince users to install malware. So if you want to improve your security posture, you know where to start. (And before you think of phishing as some kind of sinister Eastern European or Nigerian scam, know that 40 percent of phishing command and control servers are in the US.) | Malware Studies Guideline | ||
|
2020-03-02 08:49:00 | BrandPost: The Understated Link Between Linux Threats and Cloud Security (lien direct) | In the antivirus industry, a large emphasis is placed on protecting Windows endpoints. Windows desktop users comprise nearly 87% of the total desktop market share, in comparison to the 2% share held by Linux desktop users. Because of this disparity, and the fact that we rarely see malware targeting Linux end users, some people argue that Linux is the safest and most secure operating system.When discussing threats to the Linux platform, however, we must consider that Linux accounts for nearly 90% of all cloud servers. Even among Microsoft's Azure Cloud, Linux is the most popular operating system. The industry's quick migration to the cloud, coupled with a lack of awareness surrounding Linux threats, has contributed to 1) low detection rates reported by the majority of security vendors, and 2) the increase of attackers' appetite to target Linux systems.Mitigation RecommendationsOrganizations can implement the following security best practices to mitigate cyber threats targeting Linux systems: | Malware | ||
|
2020-02-26 08:00:00 | BrandPost: Benchmarks for 2020: Three Goals for CISOs in the Coming Year (lien direct) | As the attack landscape expands, CISOs must become more strategic and proactive.“They're already dealing with very porous infrastructures that result from the business building products and services quickly without input from security teams,” says Wolfgang Goerlich, CISO Advisor with Cisco.Also, the pace of business hasn't slowed. Cloud, digital transformation, and mobile services have all contributed to what he calls “legacy debt,” with CISOs working hard to gain control.Combined with the growing sophistication of cyber-attacks, these challenges make it imperative for organizations to have an overarching security strategy.“Companies need an adaptive, flexible perimeter with realistic security controls,” Goerlich advises. | |||
|
2020-02-26 07:55:00 | 2020 Security: Securing Your Business with an Integrated Security Platform (lien direct) | IT security may, at times, seem an elusive goal.CISOs are facing multiple challenges. Digital transformation efforts, cloud and mobile implementations, and DevOps adoption have led to increasingly complex IT environments. These same trends have also expanded the attack surface.At the same time, security leaders are grappling with obstacles often outside their control - including sophisticated threats arising from well-funded attackers and the ongoing skills gap.With the release of Cisco SecureX, CISOs gain a solution that addresses these challenges and offers the visibility and confidence that arise from an improved security posture. | Guideline | ||
|
2020-02-26 03:00:00 | How to prevent scripting attacks in Microsoft Office (lien direct) | If you have looked at your inbox lately, you'll not be surprised when I say that phishing attacks increased 400% in the first seven months of 2019. Those phishing attacks attempted to either tricking a user to go to a website or open an Office document. Phishing attack that try to get you to open an Office document often call a script to take additional action. Scripts are most often used in malicious macros to call actions. [ Check out these 11 phishing prevention tips for best technology practices, employee education and social media smarts. | Get the latest from CSO by signing up for our newsletters. ] | |||
|
2020-02-25 03:00:00 | 8 mobile security threats you should take seriously in 2020 (lien direct) | Mobile security is at the top of every company's worry list these days - and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle. The stakes, suffice it to say, are higher than ever: The average cost of a corporate data breach is a whopping $3.86 million, according to a 2018 report by the Ponemon Institute. That's 6.4 percent more than the estimated cost just one year earlier. [ Learn how SandBlast Mobile simplifies mobile security. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2020-02-21 03:00:00 | 11 penetration testing tools the pros use (lien direct) | What is penetration testing? Penetration testing is a simulated cyber attack where professional ethical hackers break into corporate networks to find weaknesses ... before attackers do.It's like in the movie Sneakers, where hacker-consultants break into your corporate networks to find weaknesses before attackers do. It's a simulated cyber attack where the pentester or ethical hacker uses the tools and techniques available to malicious hackers.Back in ye olde days of yore, hacking was hard and required a lot of manual bit fiddling. Today, though, a full suite of automated testing tools turn hackers into cyborgs, computer-enhanced humans who can test far more than ever before. | |||
|
2020-02-19 16:12:00 | BrandPost: How to Maximize Resources in Your Cybersecurity Workforce (lien direct) | There's no denying that skilled people will always be an integral part of cybersecurity operations. After all, every cybersecurity threat requires a conversation around it, intelligent intervention, and thorough analysis to combat future issues.Yet without the right resources at their fingertips, even the most knowledgeable cybersecurity workforce is set up to fail. Consider this in the context of a misconfiguration in the cloud-one of the top cloud security threats. If this issue is buried beneath a pile of other threats and alerts or SecOps need days or maybe even weeks to identify the root of the problem, cyber attackers have more room to make their way in the perimeter and exfiltrate sensitive data. (This year's Capital One data breach is a prime example.) | Data Breach Threat | ||
|
2020-02-19 15:41:00 | BrandPost: What Does Cloud-Native Mean for Security? (lien direct) | Among enterprise C-level leaders, "cloud-native" is becoming a strategic imperative for several reasons. Cloud-native applications are purposefully designed and deployed using agile methods to support flexibility and scalability in the cloud. The implementation of cloud-native applications is thus more efficient and lends itself to automation.While this defines cloud-native in the simplest of terms, there are several implications for security operations, from the migration process to collaborative efforts in securing the hybrid attack surface.The Relationship Between Cloud-Native and Security The recent 451 Research report, "The Impact and Evolution of Cloud Native," suggests that cloud-native architectures are more economical because they are driven by multiple microservices. Businesses can easily scale when they need to, making software deployment and development a much simpler and more cost-effective process. | Guideline | ||
|
2020-02-19 12:44:00 | BrandPost: Securing your Cloud Workloads in Runtime: Why Pre-Runtime Scans Aren\'t Enough (lien direct) | Enterprises that apply a security strategy to their cloud workloads often rely on security checks pre-runtime. In most cases, they scan for vulnerabilities within their code or containers before deploying their cloud workloads into production. However, in runtime - when actual cyber attacks can occur - organizations are left completely blind. In my discussions with CISOs during the last year I was surprised to hear that, despite having hundreds or even thousands of cloud servers, security teams lack visibility into what code is actually running inside their production environment. These teams believe that what's running is the software they intentionally deployed during the CI/CD process. However, they aren't certain.Having no visibility in runtime is problematic. If an attacker wants to steal your credentials or exploit a vulnerability - in any kind of attack vector - a cyber attack is almost always the result of malicious code or commands running in your servers.While pre-runtime security vulnerability checks are effective to some extent, they are not sufficient enough to cope with modern cyber threats, which don't necessarily rely on a known vulnerability. It's time for organizations to gain visibility and control over the code that is running in their cloud workloads. By identifying and terminating the malicious code running in memory, they will be able to detect the vast majority of cyber attacks on their cloud infrastructure. | Vulnerability | ||
|
2020-02-12 03:00:00 | How to fight hidden malware on Windows networks (lien direct) | If I listed the names of services on your Windows systems, would you be able to determine which ones were real and which ones were fake? Attackers often use fake services designed to act and look like real Windows services but contain malicious files. Is Windows Updates a true Windows service, or is it called “Windows Update” on your computer? Have you taken the time to become aware of what services and processes are normal on the computers in your network? | Malware | ||
|
2020-02-10 03:00:00 | Cybersecurity in 2020: From secure code to defense in depth (lien direct) | Since 2014, CIOs have flagged cybersecurity as either their first or second most important IT management issue in the venerable IT Trends Study from the Society for Information Management. Yet in 2013, cybersecurity came in just seventh in that same survey. What happened in a year? The infamous Target data breach, which resulted in an $18.5 million fine and the ignominious departure of Target's CEO.The cascading series of disastrous, high-profile breaches since then makes the Target breach seem almost quaint. The message is clear: Year over year, the risk of career-ending breaches looms larger as threats continue to balloon in number and potency. | |||
|
2020-02-10 03:00:00 | More targeted, sophisticated and costly: Why ransomware might be your biggest threat (lien direct) | Ransomware attacks have matured over the years, adopting more stealthy and sophisticated techniques, while at the same time fixing many of the implementation errors that earlier iterations had. Moreover, some attacks are now gaining a new data leak component, which exposes companies to more than the traditional data loss associated with ransomware. [ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ] | Ransomware Threat | ||
|
2020-01-29 11:53:00 | Episode 2: Three things that keep Biogen CISO Bob Litterer up at night (lien direct) | Bob Litterer, VP and CISO of biotech giant Biogen, isn't a worrier at heart, but there are a few things that keep him up at night. High on that list is the interdependencies in his company's third-party network; a data breach anywhere in that ecosystem could have a devastating ripple effect. Also topping Litterer's list of worries are the exposed underbelly of operational technology and cloud sprawl, which can leave organizations with more exposure than they may realize. | Data Breach | ||
|
2020-01-28 04:48:00 | Implementation flaws make LoRaWAN networks vulnerable to attack (lien direct) | LoRaWAN, a long-range wireless communications technology for low-powered devices such as sensors, has been gaining popularity worldwide in smart city, industrial internet of things (IioT) and smart home projects. Even though the protocol uses built-in encryption, implementation errors are common, and they enable attacks that are hard to detect. [ Find out how 4 deception tools deliver truer network security. | Get the latest from CSO by signing up for our newsletters. ] | |||
|
2020-01-27 13:16:00 | Magecart-related arrests made in Indonesia (lien direct) | Three members of a group that infected hundreds of websites from around the world with payment card stealing malware were arrested in Indonesia, the International Criminal Police Organization (INTERPOL) announced Tuesday. The arrests are the result of a larger multi-national law enforcement investigation that continues in other countries from the Southeast Asia region. [ How well do you know these 9 types of malware and how to recognize them. | Sign up for CSO newsletters! ] | Malware | ||
|
2020-01-15 03:00:00 | 3 ways to make your Windows network harder to attack (lien direct) | As you start the new year, it's a good time to think about what you can do to keep your network and organization from being low hanging fruit for attackers. Taking these steps won't make you immune to attacks, but it might encourage attackers to go after someone else. | |||
|
2020-01-09 03:00:00 | What is a false flag? How state-based hackers cover their tracks (lien direct) | False flag definition A false flag cyberattack is when a hacker or hacking group stages an attack in a way that attempts to fool their victims and the world about who's responsible or what their aims are. The techniques used in this type of attack run a gamut that ranges from simply issuing false claims of responsibility to emulating the tools, techniques, and even languages typically used by the group or country the attackers are trying to frame.The term false flag originated during World War I, when British and German auxiliary ships would fly the ensigns of other countries-sometimes the British would fly German flags, or vice versa-in order to deceive their enemies. The term came to be applied to more elaborate acts of deception meant to cast political blame on opponents and allow aggressors to claim to be victims; the Japanese started its war with China in the '30s after staging a fake Chinese attack on Japanese forces, for instance, a technique that the Germans repeated when they launched their invasion of Poland and the Soviets used before beginning a war against Finland. From there, the term entered the discourse of conspiracy theorists, who often believe terrorist attacks or mass shootings to be staged or perpetrated by the government in order to stoke fear or gain dictatorial powers. | |||
|
2020-01-07 03:00:00 | How to stop email spoofing of parked domains (lien direct) | Deploying DMARC to prevent email spoofing is a no-brainer. No one wants spoofed email from @yourdomain.com that could easily lead to a successful phishing attack or business email compromise (BEC). But have you deployed DMARC (Domain-based Message Authentication, Reporting and Conformance) for domains you own that do not send or receive email? | Guideline | ||
|
2020-01-02 03:00:00 | 7 security incidents that cost CISOs their jobs (lien direct) | CISOs can leave their job for any number of reasons, but a breach or other security incident often hastens their departure. [ Find out what are the top cyber security certifications, who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] According to Radware's 2018 State of Web Application Security report, 23% of companies reported executive firings related to application attacks. US companies were more likely to say execs were let go after an incident, as were companies in the technology or financial services sectors. | |||
|
2019-12-26 03:00:00 | What is Magecart? How this hacker group steals payment card data (lien direct) | Magecart definition Magecart is a consortium of malicious hacker groups who target online shopping cart systems, usually the Magento system, to steal customer payment card information. This is known as a supply chain attack. The idea behind these attacks is to compromise a third-party piece of software from a VAR or systems integrator or infect an industrial process unbeknownst to IT. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-12-19 07:05:00 | (Déjà vu) Learn how to be an ethical hacker with this $39 in-depth training bundle (lien direct) | It seems like there's a new data breach every month, and as hackers ramp up their efforts to steal our private info, it's only natural to feel afraid. What can you do to fight back? Oddly enough, the best way to prevent cybersecurity attacks is by fighting fire with fire. As an ethical hacker, you can make a living by exploiting cybersecurity vulnerabilities, and this $39 bundle will show you how. | Data Breach | ||
|
2019-12-19 00:00:00 | Macy\'s breach is a game-changing Magecart attack (lien direct) | The payment card breach that hit Macy's online store in October was the result of a highly targeted and custom-built Magecart attack that could set the trend for web skimmers going forward, researchers believe. [ How well do you know these 9 types of malware and how to recognize them. | Sign up for CSO newsletters! ] On November 14, US department store chain Macy's alerted customers of a security breach discovered in October on its website that led to the compromise of payment card details and customer information, including full names, addresses, telephone numbers and email addresses. At the time, the company described the breach as consisting of highly specific unauthorized code injected into the checkout and wallet pages on Macys.com with the goal of capturing information submitted by customers -- in other words what the security industry calls a web skimming attack. | Malware | ||
|
2019-12-17 12:18:00 | Hackers use free tools in new APT campaign against industrial sector firms (lien direct) | Researchers have recently detected an advanced persistent threat (APT) campaign that targets critical infrastructure equipment manufacturers by using industry-sector-themed spear-phishing emails and a combination of free tools. This tactic fits into the “living off the land” trend of cyberespionage actors reducing their reliance on custom and unique malware programs that could be attributed to them in favor of dual-use tools that are publicly available. [ How well do you know these 9 types of malware and how to recognize them. | Sign up for CSO newsletters! ] | Malware Threat | ||
|
2019-12-10 09:00:00 | Cryptominers and fileless PowerShell techniques make for a dangerous combo (lien direct) | Along with ransomware, cryptocurrency mining malware is one of the most common threats to enterprise systems. Just like with ransomware, the sophistication of cryptominers has grown over the years, incorporating attack vectors and techniques such as fileless execution, run-time compilation and reflective code injection that were once associated with advanced persistent threats (APTs). [ How well do you know these 9 types of malware and how to recognize them. | Sign up for CSO newsletters! ] | Malware | ||
|
2019-12-09 05:41:00 | IDG Contributor Network: 2019 in review: data breaches, GDPR\'s teeth, malicious apps, malvertising and more (lien direct) | Midyear reports showed a 54 percent increase in breaches over last year with more than 4 billion records compromised. The year is ending with news about breaches impacting customers of Macy's and T-Mobile. Disney's new streaming service, Disney+, wasn't even online for a full day before hackers got in and compromised user accounts. | |||
|
2019-12-09 03:00:00 | How a nuclear plant got hacked (lien direct) | If you think attacking civilian infrastructure is a war crime, you'd be right, but spies from countries around the world are fighting a silent, dirty war to pre-position themselves on civilian infrastructure - like energy-producing civilian nuclear plants - to be able to commit sabotage during a moment of geopolitical tension.What follows is an explanation of how India's Kudankulam Nuclear Power Plant (KNPP) got hacked - and how it could have been easily avoided.[ Learn what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ] The KNPP hack The news came to light, as it so often does these days, on Twitter. Pukhraj Singh (@RungRage), a "noted cyber intelligence specialist" who was "instrumental in setting up of the cyber-warfare operations centre of the National Technical Research Organisation (NTRO)," according to The New Indian Express, tweeted: "So, it's public now. Domain controller-level access Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit," noting in a quote tweet that he was aware of the attack as early as September 7, 2019, calling it a "causus belli" (an attack sufficiently grave to provoke a war). | |||
|
2019-12-06 03:00:00 | 8 common pen testing mistakes and how to avoid them (lien direct) | One of the most effective ways to uncover flaws and weaknesses in your security posture is to have a third party carry out planned attacks on your system. Penetration testing is all about exposing gaps in your defenses so that they can be plugged before someone with malicious intent can take advantage. There are several different types of pen test designed to target different aspects of your organization.From network infrastructure to applications to devices to employees, there are many potential avenues of attack for a criminal targeting your business. A good pen testing partner will approach the problem with an open mind and try to emulate a malicious hacker, probing for weaknesses, and trying various techniques and tools to breach your network. | |||
|
2019-11-27 04:34:00 | Data breached in translation (lien direct) | Before September, translation didn't matter - at least, from an infosec standpoint. Taking content written in one language and changing it to another wasn't at the top of most CSOs' lists of data risks. Then Norwegian news network NRK uncovered a breach at Statoil, one of the world's biggest oil and gas companies. | |||
|
2019-11-25 07:21:00 | BrandPost: Using AI to Level the Cyber Playing Field (lien direct) | Imagine what you would have done differently in your network if you could have just seen a few years into the future. Would you have been quicker to embrace the cloud? What about the time and money spent on technologies that you now don't really use? Every wiring closet has a number of expensive “boat anchors” sitting on a shelf somewhere gathering dust. Of course, if your organization has ever been the victim of a serious breach, it's easy to guess how you may have prepared differently for that.Predicting the FutureThe truth is, that last one isn't really just wishful thinking. Cybersecurity professionals, myself included, have been warning organizations about the threats just around the corner for years. Some requires years of experience to understand threat actor trends and malware trajectories. But others just stare you in the face. For example, much of the recent success of the cybercriminal community has been due to their ability to successfully exploit the expanding attack surface and the resulting security gaps resulting from digital transformation that are not being properly closed. This shouldn't be news to anyone. | Malware Threat |
To see everything:
Our RSS (filtrered)
