Cybercriminals can take advantage of human weaknesses in one place and use them in other places where they can get financial or other gains. Email addresses, real names, real addresses, phone numbers, date of birth, etc., all are valuable information for cybercriminals. They can build their database with this personal information and use them in future attacks. This is why practicing good cybersecurity habits as users and as administrators is critical for all of us for all systems we use.
Google has announced that a North Korean government hacking group has targeted members of the cybersecurity community engaging in vulnerability research. The attacks have been spotted by the Google Threat Analysis Group (TAG), a Google security team specialized in hunting advanced persistent threat (APT) groups.
The 16th edition of the World Economic Forum’s Global Risks Report analyses the risks from societal fractures—manifested through persistent and emerging risks to human health, rising unemployment, widening digital divides, youth disillusionment, and geopolitical fragmentation. Among the highest impact risks of the next decade, infectious diseases are in the top spot, followed by climate action failure and other environmental risks; as well as weapons of mass destruction, livelihood crises, debt crises and IT infrastructure breakdown, the World Economic Forum says.
The report also ranked cybersecurity failure as a critical threat to the world.
Due to its popularity as an embedded protocol operating in devices across the industrial control systems (ICS) domain, the Claroty Research Team decided to analyze the Open Platform Communications (OPC) for security vulnerabilities and implementation issues. In a blog, they shared some details about a number of vulnerabilities that emerged from their intensive investigation of the protocol.
NCC Group and Fox-IT have been tracking a threat group - Chimera - with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to passenger data from the airline industry.
U.S. cybersecurity company Malwarebytes is the latest victim in a string of attacks targeting top security firms. In a statement from the company, the hackers breached the internal systems by way of a dormant email protection product within their Office 365 tenant that allowed access to a limited subset of internal company emails.
Most bot mitigation solutions rely on rules and risk scores, which use information from the past, even when paired with advanced machine learning or AI capabilities. Since bot operators are continually inventing new ways to evade detection, using historical data fails to detect and stop bots never seen before. As a result, retailers and e-commerce companies can’t keep up with the evolving nature of bot operators’ techniques, tools, and tactics. This is evidenced by the record volume of “Grinch” bots that we saw over the holidays.
Cisco published the 2021 Data Privacy Benchmark Study, its fourth annual look into corporate privacy practices worldwide, which found enhanced importance of privacy protections during the pandemic and increasing benefits for businesses that adopt strong privacy measures.
The Wiz Research team conducted extensive research of permissions provided to 3rd party vendors in cloud environments and the results should be a wake-up call: 82% of companies provide 3rd party vendors highly privileged roles. This is a major risk to sensitive data leakage and may pose both a security risk, as well as serious privacy risk.
According to Kroll, a Division of Duff & Phelps, ransomware was the most observed threat in 2020, accounting for over one-third of all cases as of September 1, 2020. Notably, Kroll found that Ryuk and Sodinokibi, perennially the most observed variants in Kroll’s cases, were joined by Maze as the top three ransomware variants so far in 2020. To get some insight on ransomware trends in 2021, as well as how cybercriminals execute this type of attack, we spoke to Wade Lance, Field CTO of Illusive Networks.
