The Sophos Rapid Response team published findings from its investigations into recent ransomware attacks that reveal a failure to keep close tabs on “ghost” account credentials of recently deceased employees can give cybercriminals a discreet foothold to launch an attack.
In spite of the fact that mobile apps live on IoT-enabled devices, collect user data, and continuously loop communication between Internet, cloud services and companies (even when not “in use”), there is a limited view that they are different entities altogether. We see this particularly when it comes to security – or lack-there-of – regarding security standards in place to continuously protect users from detrimental application hacks.
Google has announced that a North Korean government hacking group has targeted members of the cybersecurity community engaging in vulnerability research. The attacks have been spotted by the Google Threat Analysis Group (TAG), a Google security team specialized in hunting advanced persistent threat (APT) groups.
The 16th edition of the World Economic Forum’s Global Risks Report analyses the risks from societal fractures—manifested through persistent and emerging risks to human health, rising unemployment, widening digital divides, youth disillusionment, and geopolitical fragmentation. Among the highest impact risks of the next decade, infectious diseases are in the top spot, followed by climate action failure and other environmental risks; as well as weapons of mass destruction, livelihood crises, debt crises and IT infrastructure breakdown, the World Economic Forum says.
The report also ranked cybersecurity failure as a critical threat to the world.
Due to its popularity as an embedded protocol operating in devices across the industrial control systems (ICS) domain, the Claroty Research Team decided to analyze the Open Platform Communications (OPC) for security vulnerabilities and implementation issues. In a blog, they shared some details about a number of vulnerabilities that emerged from their intensive investigation of the protocol.
NCC Group and Fox-IT have been tracking a threat group - Chimera - with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to passenger data from the airline industry.
U.S. cybersecurity company Malwarebytes is the latest victim in a string of attacks targeting top security firms. In a statement from the company, the hackers breached the internal systems by way of a dormant email protection product within their Office 365 tenant that allowed access to a limited subset of internal company emails.
Most bot mitigation solutions rely on rules and risk scores, which use information from the past, even when paired with advanced machine learning or AI capabilities. Since bot operators are continually inventing new ways to evade detection, using historical data fails to detect and stop bots never seen before. As a result, retailers and e-commerce companies can’t keep up with the evolving nature of bot operators’ techniques, tools, and tactics. This is evidenced by the record volume of “Grinch” bots that we saw over the holidays.
As Data Privacy Day approaches this week, new research conducted by ISACA reveals critical skills gaps and insufficient training. The survey report, Privacy in Practice 2021: Data Privacy Trends, Forecasts and Challenges, also explores past and future trends in privacy, offering insights into privacy workforce and skills, the use of privacy by design, and the organizational structure and composition of privacy teams.
According to Digital Shadows’ Photon Research Team in Q4 2020, six groups made up 84% of alerts —Maze, Egregor, Conti, Sodinokibi, DoppelPaymer, and NetWalker— from the ransomware data leak sites Digital Shadows monitors.