Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Common spear-phishin ...

 Business

Virtually every employee of a large company comes across the occasional e-mail aiming to steal their corporate credentials. Its usually in the form of mass phishing, an attack in which e-mails are sent out at random in the hope that at least some recipients will take the bait. However, the stream of phishing e-mails   show more ...

may contain one or two more dangerous, targeted messages, the content of which has been customized for employees of specific companies. This is spear-phishing. Spear-phishing messages represent a clear sign that cybercriminals are interested in your company, specifically, and it may not be the only attack in play. That is a major reason infosec officers need to know if any employee has received a spear-phishing e-mail — they need to prepare countermeasures and alert personnel in good time. Thats why we advise IT to check filtered e-mails periodically in search of spear-phishing, and to teach other employees how to spot signs of targeted phishing. What follows are a few of the most common tricks, with examples from some fresh spear-phishing campaigns. Misspelled company name The human brain does not always perceive the whole of a written word — it sees a familiar beginning and completes the rest by itself. Attackers can take advantage of this trait by registering a domain that differs from your companys by just one or two letters. The cybercriminals who own the domain can even set up a DKIM signature so that the e-mail passes all checks — its their domain, after all. Extra words in the company name Another way to fool recipients into thinking a colleague is at the other end is to register a two-word domain, for example, to appear as a sender from a local branch or a particular department. In the latter case, cybercriminals tend to impersonate tech support or security personnel. In reality, employees from every department should have a standard corporate e-mail address. No one ever sets up a separate domain for security personnel. As for local offices, if youre not sure, check the domain in the corporate address book. Specific content A phishing e-mail mentioning your company (or worse, the recipient) by name is a sure sign of spear-phishing and a reason to sound the alarm. Highly specialized topic Strictly speaking, seeing those names doesnt always mean a message is spear-phishing — it might be a variation on a mass-phishing scam. For example, phishers may use a database of conference participants addresses and play on the topic of the conference — thats mass phishing. If they try to attack employees of a particular company in the exact same way, however, thats spear-phishing, and thus security needs to know about it. Finally, to be able to search for potential spear-phishing signs without diminishing the companys actual security, we recommend installing protective antiphishing solutions on mail servers as well as on employee workstations.

image for Leonardo DRZ wins fi ...

 application development

President and Chairman of Trusted Computing Group (TCG), Dr. Joerg Borchert, shares the news regarding TCG's first ever CodeGen Developer Challenge. The post Leonardo DRZ wins first ever TCG CodeGen Developer Challenge appeared first on The Security Ledger with Paul F. Roberts. Related StoriesSpotlight: How   show more ...

Secrets Sprawl Undermines Software Supply Chain SecuritySpotlight: Automation Beckons as DevOps, IoT Drive PKI ExplosionSpotlight: E-Commerce’s Bot and Mouse Game

 Malware and Vulnerabilities

There is a wicked attempt by cybercriminals to deploy a largely inactive ransomware family known as TellYouThePass against the recently discovered critical remote code execution flaw, Log4Shell. Hackers are carrying out attacks onWindows and Linux systems. It is highly recommended to apply security patches immediately and conduct a security review.

 Trends, Reports, Analysis

The challenge is compounded by “disconnects in perception between SOC leadership and staff in terms of organizational effectiveness and capability,” according to a new global survey released by Devo.

 Threat Actors

“After 675 days of presence on the darknet, we have decided to close our door for good,” the ToRReZ administrator, an individual known as MrBlonde, wrote in a message posted on the site’s homepage.

 Security Culture

Organizers of the RSA Conference, one of the largest cybersecurity events of the year, announced on Wednesday that they are moving the February gathering to June due to health concerns.

 Expert Blogs and Opinion

For more accountability and better integration, a CISO should report to the chief executive officer (CEO) or another C-suite executive who is not the chief information officer (CIO).

 Identity Theft, Fraud, Scams

The attackers are using clean PDF attachments with newly registered domains that seem to be valid Pfizer online spaces. Then, they use spawn email accounts for email distribution to bypass email protection.

 Trends, Reports, Analysis

2021 marks the end of another eventful year, filled with more pandemic-related pandemonium, bigger cyberattacks, massive digital transformation, and other incidents. However, with this piece, we'd like to share with you the best of events from the year that shaped cyberspace for the better this year.

 Feed

A security flaw has been unearthed in Microsoft's Azure App Service that resulted in the exposure of source code of customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017. The vulnerability, codenamed "NotLegit," was reported to the tech giant by Wiz researchers on October 7, 2021, following which mitigations have been undertaken to fix

 Feed

Microsoft said it won't be fixing or is pushing patches to a later date for three of the four security flaws uncovered in its Teams business communication platform earlier this March. The disclosure comes from Berlin-based cybersecurity firm Positive Security, which found that the implementation of the link preview feature was susceptible to a number of issues that could "allow accessing

 Feed

Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache's Log4j software library by nefarious adversaries. "These vulnerabilities, especially Log4Shell, are severe," the intelligence agencies said in the new guidance. "Sophisticated cyber threat actors

 Feed

By the end of 2021, there will be 12 billion connected IoT devices, and by 2025, that number will rise to 27 billion. All these devices will be connected to the internet and will send useful data that will make industries, medicine, and cars more intelligent and more efficient. However, will all these devices be safe? It's worth asking what you can do to prevent (or at least reduce) becoming a

2021-12
Aggregator history
Thursday, December 23
WED
THU
FRI
SAT
SUN
MON
TUE
DecemberJanuaryFebruary