Microsoft added certificate-based authentication (CBA) to the Azure Active Directory to help organizations enable phishing-resistant MFA that complies with US federal requirements. The change paves the way for enterprises to migrate their Active Directory implementations to the cloud.
An analysis by RSA Conference's security operations center found 20% of data over its network was unencrypted and more than 55,000 passwords were sent in the clear.
In the nearly two years since the company discovered the cyber intrusion, SolarWinds has fundamentally rearchitected its development environment to make it much harder to compromise, CISO Tim Brown tells Dark Reading.
Fourteen states, including Arizona, Iowa, and Pennsylvania, have called in the Guard to help with election network risk assessments and threat mitigation.
The International Committee of the Red Cross (ICRC) wants to devise a digital equivalent of its emblems (the red cross and red crescent), to signify that certain digital resources are protected and must not be targeted during cyberwarfare.
An internal data leak appears to have caused the Yanluowang ransomware group to close up shop, at least temporarily. The group's data leaks site has been shut down, signaling that its operations have been put on hold.
According to Group-IB, French-speaking hacking group OPERA1ER conducted at least 30 cyberattacks against financial and telecom firms and services in Africa. In those attacks, hackers swindled no less than $11 million. The operators had developed a vast network to withdraw stolen cash.
SolarWinds has agreed to pay $26 million to settle a shareholder lawsuit, and it's also expecting to be slapped with an enforcement action by the U.S. government related to its 2020 supply chain breach, according to its latest US regulatory filing.
Apple last week announced a security update for the Xcode macOS development environment, to resolve three Git vulnerabilities, including one leading to arbitrary code execution.
Researchers reported over two dozen of packages in the PyPI software repository that aim to infect developers' machines with a malware called W4SP Stealer. The malicious packages are typosquatted names of popular libraries. A very small number of packages with the same IOCs were seen in July, which is thought to be POC efforts by the attackers before launching the actual attack.
In 2022, we are dealing with a different breed of hacker. They aren’t just targeting sub-optimal phone security or taking advantage of exploitable systems – they understand the end user (you and me). They know how we think and what we’ll do.
Microsoft on Friday accused state-backed hackers in China of abusing the country’s vulnerability disclosure requirements in an effort to discover and develop zero-day exploits.
Data exfiltrated from independent co-educational Baptist institution Kilvington Grammar School by the LockBit ransomware gang has been posted on the dark web on October 14. LockBit only attacks Windows systems.
A hacking incident at a New York-based administrative services firm has resulted in a growing list of anesthesiology practices reporting breaches that so far have affected the personal information of about 430,000 people.
Last month, Medibank revealed a hacker using compromised high-level credentials had been able to access the personal information of up to four million customers, including ahm and international student customers.
One of the most powerful things you can do when fighting cybercrime is shift the economics of an attack, and this new standard focused on adversary behavior does just that.
A new cryptojacking campaign, dubbed Kiss-a-dog, was found targeting vulnerable Kubernetes and Docker instances. The attacker’s C2 infrastructure overlaps with that of TeamTNT. The campaign uses multiple C&C servers to launch cryptomining attacks, escape containerized environments, and gain root privileges.
The original publication provides 2 hashes of ISO files named amazon_test.iso and amazon_assessment.iso respectively. Virustotal researchers found a new sample that seems to be a new variant with a different configuration.
Defense evasion involves exploiting security gaps to prevent detection; attackers try to get in through security holes. They frequently pull this off using system binary proxy execution.
As the law enforcement agency explained in a private industry notification issued on Friday, this happens because they target public-facing infrastructure like websites instead of the actual services, leading to limited disruption.
In recent years there has been a trend for computer security firms to pretend to be training “white hat” hackers so their knowledge can be used to protect clients from online attacks. In reality, however, they are being readied for the dark side.
Australian real estate agency Harcourts has revealed it was affected by a cyberattack last month, with the personal information of tenants, landlords, and tradespeople potentially exposed.
Thousands of Victorian students and their families may have had personal data including medical information stolen after a technology company that has contracts with the Victorian government was hacked.
Kearney & Company was added to the list of victims of the LockBit 3.0 group on November 05, the gang is threatening to publish stolen data by November 26, 2022, if the company will not pay the ransom.
Attackers conduct a variety of activities after gaining access through SocGholish, such as system and network reconnaissance, establishing persistence, and deployment of additional tools and malware.
Cryptocurrency users worldwide are under attack with the novel Laplas Clipper clipboard stealer, which is being delivered through Smoke Loader and Raccoon Stealer 2.0. Laplas actively monitors the victim’s clipboard activity and replaces the wallet address with a lookalike wallet address during the transactions.
Microsoft has asserted that China's offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities.
Debian Linux Security Advisory 5272-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks.
Debian Linux Security Advisory 5271-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files.
A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet. Robin Banks was
Facebook appears to have silently rolled out a tool that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others. The existence of the tool, which is buried inside a Help Center page about "Friending," was first reported by Business Insider last show more ...
week. It's offered as a way for "Non-users" to "exercise their rights under applicable laws."
Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive Security co-founder, Fabian Bräunlein, said in a report published on November 2, 2022. The
Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its systems, but not
Embattled Australian health insurer Medibank says that it will not pay a ransom to cyber extortionists who stolen the personal data of almost ten million customers. Read more in my article on the Hot for Security blog.
Small and medium-size business (SMB) leaders have a lot on their minds. The looming recession and inflation have created financial uncertainty. Meanwhile, the global rise in sophisticated ransomware threats and geo-political tensions are escalating cyber threats. With so many factors and pressures at play, how are show more ...
SMBs navigating this challenging business landscape while fighting back against cybercriminals? Insight from OpenText Security Solutions’ 2022 Global Ransomware SMB Survey sheds light on security priorities, concerns and posture. Feedback from SMBs across multiple industries and countries confirm security teams and the C-suite are worried about increasingly sophisticated and relentless attacks. Ransomware is a top concern for SMBs: An overwhelming majority (88%) of SMBs indicated they are concerned or extremely concerned about an attack impacting their businesses. This worry is heightened by increasing geopolitical tensions. In fact, more than half (52%) of respondents now feel more at risk of suffering a ransomware attack due to these unfolding events. SMBs’ ransomware concerns are already becoming a reality. Nearly half (46%) of SMBs have experienced a ransomware attack. Meanwhile, 66% of respondents are not confident or only somewhat confident that they can fend off a ransomware attack. Budget constraints and small security teams were cited as the primary roadblocks. Despite concern, security awareness training is infrequent: The vast majority of SMBs believe a successful ransom attack is the result of someone clicking on a malicious link or opening an email attachment. Yet despite this knowledge of users as the preferred attack surface, many SMBs (based on action) don’t view their employees as a first line of defense. Sixty-seven percent of SMBs conduct security awareness training twice a year or less. Of these SMBs, 31% conduct security awareness trainings only once a year; 10% only if an employee fails a phishing test. Fear of small security budgets getting smaller: Sixty-seven percent of SMBs spend less than $50,000 annually on cybersecurity. While 59% reported plans to increase their security budget in 2023, 57% fear inflation will lead to a change in plans resulting in budget cuts. SMB security teams are spread thin; MSPs are an appealing option: The majority (68%) of SMBs have fewer than five people on their security team. To help alleviate resource constraints, more than half (58%) of respondents use external security management support. In the future, 65% of SMBs that don’t currently use a managed services provider (MSP) for their security needs would consider doing so. Fighting more, with less Adversaries have become increasingly sophisticated and relentless as the surface area of attacks only grows. Meanwhile, fear of looming budget cuts impacting already over-stretched security teams put SMBs in a vulnerable position. Ongoing education and awareness of new attack vectors and defense against common channels such as email are critical for achieving a cyber resilience posture. Monthly phishing simulations are a great way to keep users current and accountable. A multi-layered approach that includes email security, DNS filtering, endpoint protection, and backup and recovery is essential to mitigating risk and exposure from attacks. To learn more, go to: https://www.opentext.com/products/security-cloud The post OpenText Security Solutions 2022 Global SMB Ransomware Survey: Fighting More… with Less appeared first on Webroot Blog.
