Recently, schools throughout the U.S. have endured delays in reopening after experiencing massive ransomware attacks that force the shutdown of critical information technology systems.
Recently, two teens and a young adult infiltrated one of Silicon Valley’s biggest companies in a high-profile hack – and the biggest ever for Twitter. Authorities say the 17-year-old “mastermind” used social engineering tactics to convince a Twitter employee that he also worked in the IT department and gained access to Twitter’s Customer Service Portal. The 130-account takeover proved unique, as it was fundamentally a dramatic manipulation of trust and could have had far more world-changing consequences if the attackers had the aspirations of say, a dangerous fringe group versus that of a teenager. There are a few takeaways to learn here, especially when it comes to considering redefining what we classify as “critical infrastructure” and what must be protected at all costs.
Last week, Didier Reynders, European Commissioner for Justice, and Dr. Andrea Jelinek, Chair of the European Data Protection Board (EDPB), appeared at a hearing conducted by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, and updated committee members on their work since the Schrems II decision.
In his remarks, Mr. Reynders identified three main areas on which the Commission is focusing.
The Information Security Forum (ISF) is hosting it’s Annual World Congress (Digital 2020), which takes place November 15-19, 2020. For the first time, the ISF World Congress will be held virtually, providing a unique online, interactive global event experience, available in multiple time zones, allowing attendees to watch and participate in the full show at times that best suit their schedules.
Coalition announced the results of its H1 2020 Cyber Insurance Claims Report, which explores top cybersecurity trends and threats facing organizations today, in addition to data showing the impact of COVID-19 on cyber insurance claims.
Digital Shadows released new research into a group of cybercriminals who are essential to the profitability of ransomware, but who are also often overlooked: initial access brokers. Initial access brokers gain remote access to vulnerable organizations, which an end-purchaser of ransomware or RaaS can then leverage to wreak havoc.
ESET researchers have discovered and analyzed malware that targets Voice over IP (VoIP) softswitches. This new malware, named CDRThief by ESET, is designed to target a very specific VoIP platform used by two China-made softswitches (software switches): Linknat VOS2009 and VOS3000.
The pandemic has redefined what it means to be a resilient business, especially when it comes to retail. “Essential” businesses that have remained open, such as supermarkets or pharmacies, have had to figure out how to operate safely in this new world. No matter the type of retailer, the importance of cybersecurity hasn’t gone away. If anything, it becomes more important as a cyber disruption could be the fatal final straw for a business looking for a smooth return to operations and maintain its brand image and reputation.
We talk to David “moose” Wolpoff, Chief Technology Officer (CTO) and co-founder of Randori, about Black Hats’ processes for finding and exploiting weaknesses in software.
Claroty researchers have uncovered six critical vulnerabilities in third-party license management components, which could expose operational technology (OT) environments (hardware and software components) across numerous industries to exploits via cyberattacks.