Cybersecurity Tabletop Board Game Pits Hackers vs. Defenders
The game would come with a generic incident response binder – "a playbook detailing exactly what to do to deal with and recover from the disaster".
It addresses malware propagation, file and operations recovery, insurance and payment negotiation advice, and how to communicate with the public and stakeholders, according to the campaign's FAQ.
@Cyber_Security_Channel
What Cybersecurity Gets Wrong
Further, Williams notes, the integration of cybersecurity staff with various skill sets can be quite difficult.
“I have silos of expertise,” he says. “I don’t have very many people who actually can knit it together.
I see very few fleet commanders, people who can actually manage more than just a ship, that can manage a task force.
Once you find one, the truth of the matter is they’re jumping off to startups to make the big time instead of hanging around in corporations”.
@Cyber_Security_Channel
Greater Manchester Police Hack Follows Third-Party Supplier Fumble
This incident is nearly identical to a hack that impacted London's Metropolitan Police in August in which officers were warned that their information such as names, ranks, and ID numbers had been stolen when hackers broke into the IT systems of a contactor that printed warrant cards and staff passes.
Around 47,000 officers were affected, including those that were undercover or assigned to the royal family.
@Cyber_Security_Channel
MGM Resorts Confirms ‘Cybersecurity Issue’, Shuts Down Systems
MGM Resorts properties include the Mandalay Bay (the site of the Black Hat security conference), Bellagio, MGM Grand, Aria, Luxor and the Cosmopolitan.
The incident began sometime on Sunday and affected hotel reservation systems throughout the United States and other IT systems that run the casino floors.
@Cyber_Security_Channel
A Second Major British Police Force Suffers a Cyberattack in Less Than a Month
The federation that represents officers in Greater Manchester said it is working with the police force to limit the damage.
“Our colleagues are undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe,” said Mike Peake, chair of the Greater Manchester Police Federation.
“To have any personal details potentially leaked out into the public domain in this manner — for all to possibly see — will understandably cause many officers concern and anxiety.”
@Cyber_Security_Channel
ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities
Because it's such a tedious task, and because everybody's attacking the same target, it's only natural that healthy-sized online communities have formed around the practice to share tips and tricks.
Members of these jailbreak communities scratch one another's backs, helping each other to make ChatGPT to crack and do things the developers intended to prevent it from doing.
@Cyber_Security_Channel
Zero-Day Summer: Microsoft Warns of Fresh New Software Exploits
The Microsoft Streaming Service Proxy is part of the enterprise-facing Microsoft Stream video communications service.
Microsoft credited the discovery of the flaw to IBM X-Force security researcher Valentina Palmiotti and its internal threat-intelligence and malware-hunting teams.
@Cyber_Security_Channel
Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software
Securiti has embraced all of these tenants since it launched its solution over four years ago.
Our belief is that honoring privacy rights ultimately comes down to safeguarding the data of each individual, and that can not be done without a comprehensive and accurate understanding of all of the personal data within an organization’s data landscape.
This is why the market needs to move beyond traditional manual approaches and surveys, which are prone to errors, exposing organizations to compliance risks and excessive operational costs.
@Cyber_Security_Channel
Iranian APT Hits US Aviation Org via ManageEngine, Fortinet Bugs
The aviation incident is not the first instance of Iranian APTs targeting the interests of the US federal government.
Last year, an Iranian government-sponsored group used the Log4Shell vulnerability to breach the US Federal Civilian Executive Branch systems and leave malware.
@Cyber_Security_Channel
Google Patches Chrome Zero-Day Reported by Apple, Spyware Hunters
Heap buffer overflow issues occur when an application writes more data to a heap-allocated memory buffer than what the buffer can hold.
Such vulnerabilities can be exploited to crash an application and potentially achieve arbitrary code execution.
As usual, Google has refrained from disclosing details on the bug. The company does not provide information on the observed exploitation either.
@Cyber_Security_Channel
⚡️TikTok Fined $367 Million for How it Handled Children’s Data
Ireland’s Data Protection Commission (DPC) announced a €345 million (around $367 million) fine on TikTok for how the company processes the data of children.
The fine follows an investigation by the DPC announced in 2021 that looked at TikTok’s compliance with Europe’s General Data Protection Regulation (GDPR) laws.
The probe focused on a few TikTok features: default account settings; “Family Pairing” settings; and age verification.
After consulting with the European Data Protection Board, the DPC found that TikTok set children’s accounts to public by default when they signed up on the platform.
That meant that kids’ videos were publicly viewable by default and that comments, duets, and Stitch features were also enabled by default.
@Cyber_Security_Channel
2023 Database Encryption Market Is Booming Worldwide | Industry Research Report
In this report, we uncover the key driving force behind the keyword market's expansion.
We provide a detailed analysis of this essential element, enabling you to align your strategies with market dynamics effectively.
It profiled the outlook of key manufacturers, where significant locales and regions are thought about, trailed by an estimate by type.
Aside from worldwide creation and income forecast, this part gives creation and income figures by region.
@Cyber_Security_Channel
Data Breach Notification Software Market Size, Analyzing Trends and Forecasting Growth from 2023-2030
The research report encompasses the prevailing trends embraced by major manufacturers in the Data Breach Notification Software Market, such as the adoption of innovative technologies, government investments in research and development, and a growing emphasis on sustainability.
Moreover, our research team has furnished essential data to illuminate the manufacturer's role within the regional and global markets.
@Cyber_Security_Channel
Cisco: Booming Identity Market Driven by Leadership Awareness
The 30,000-foot view: Interviewees said that, above all, they need more interoperability and less friction, and data that is actually useful and comprehensible for decision-makers.
The key spending priorities the report unearthed constituted a fairly even split, with user and device identity being cited by the largest number of CISOs, followed by cloud identity, governance and remote access.
@Cyber_Security_Channel
Minneapolis School District Says Data Breach Affected More Than 100,000 People
The breach began February 6 and continued until at least February 18, when MPS said it became aware of the “suspicious activity” and notified law enforcement.
The district said a “preliminary review” had been completed on March 22, and on April 7 it “sent notice to a limited number of known impacted individuals.”
@Cyber_Security_Channel
Massive Phishing Attack Targeting 40+ Prominent Companies
Check Point Research discovered a phishing attack targeting over 40 Colombian companies using the "Remcos" malware, a Remote Access Trojan, allowing attackers to infect victims' systems, steal data, install malware, and hijack user accounts.
@Cyber_Security_Channel
How to Mitigate Cybersecurity Risks From Misguided Trust
Furthermore, blindly trusting that all employees have the same level of security maturity is also a big mistake.
Whether employees will act responsibly towards a security threat depends on several factors.
These include knowledge and awareness about the threat, alertness when the threat approaches, and commitment to protecting the organization.
Just because you're aware of the stop sign, it doesn't guarantee you'll stop.
@Cyber_Security_Channel
Software Giant Retool Announces Customer Account Breach After Targeted Social Engineering Attack
After allowing for signup, the attacker mimicked the voice of the worker and ended up calling IT team members in a specific manner.
This tricked them and provided more MFA codes that enabled the addition of controlled devices held by attackers toward a targeted account.
Now, the blame is being shoved in Google’s face because of its Authenticator sync feature.
@Cyber_Security_Channel
Dutch Football Association Admits Paying LockBit in ‘April Fools’ Ransomware Attack
People who were involved in disciplinary matters with the KNVB, such as sanctions, in the 21-year period between 1999 and 2020 may also have had their name, address, contact details, and other information found in their disciplinary files stolen by the ransomware actors.
This could apply to players, coaches, and KNVB staff.
@Cyber_Security_Channel
Check Point: Hackers Are Dropping USB Drives at Watering Holes
I spoke with Pete Nicoletti, global chief information security officer for the Americas at Check Point Software, about some other top-line findings from the report.
Nicoletti, who has more than 30 years in the field, said AI is a game changer, and that out of Check Point Software’s 70-plus engines, AI and machine learning drives 40 of them.
The following transcript of my interview with Nicoletti has been edited for length and clarity.
@Cyber_Security_Channel
Zero Trust is About More Than Security – It's the Foundation for Digital Transformation
Fundamentally, zero trust represents a paradigm shift away from virtual private network (VPN) and firewall-laden security practices, Howe says, which traditionally sees devices within an organization's network as being trustworthy.
We’ve seen glaring issues in the long established ‘castle and moat’ approach in recent years, especially during the shift to remote and hybrid work practices with distributed workforces using devices in a range of locations.
@Cyber_Security_Channel
Professional Sports: The Next Frontier of Cybersecurity?
High-profile sporting events come together quickly, so it’s important that security teams have clear visibility and control across their entire digital estates.
This includes everything from attendees' personal devices to the team or venue's Web and social media presence, registration and ticketing platforms, mass notification systems, electronic signage, and more.
@Cyber_Security_Channel
'Anonymous Sudan' Sets Its Sights on Telegram in DDoS Attack
Though it's unclear as to why the group was banned on Telegram, SOCRadar speculated that it could be related to its attack on X or its use of bot accounts.
The group is primarily motivated by religious and political causes, but it seems as though its attack on Telegram is simply a retaliatory action or a cry for attention, SOCRadar noted.
@Cyber_Security_Channel
Being Flexible Can Improve Your Security Posture
Those people who are alert, self-aware, and flexible enough to reconsider their approach from time to time are the lucky ones, in my opinion.
If you read my articles regularly, it probably won't surprise you that I believe there is an important security lesson we can learn from this.
Let's examine six areas in which being flexible, rather than stubborn, can help us improve our security postures.
@Cyber_Security_Channel
Dymocks Warns Shoppers of Possible Dark Web Data Breach
The company apologised and said it was unsure how many customers were impacted and promised to update those affected.
Customers were warned their email addresses, phone numbers, postal addresses, genders and dates of birth could form part of the breached data.
@Cyber_Security_Channel
Vulnerabilities Allow Hackers to Hijack, Disrupt Socomec UPS Devices
Organizations have been advised by the vendor to stop using the outdated product and upgrade to MODULYS GP2 (M4-S-XXX), which should not be impacted by the security flaws.
Businesses still using the vulnerable product could be exposing themselves to significant risks, as the security holes can allow an attacker who has knowledge of how the system works to modify its behavior and prevent it from functioning properly.
@Cyber_Security_Channel
North Korean Hackers Steal $41 Million Crypto from Online Casino
It all started on a seemingly ordinary Monday when Stake, the crypto casino with the golden touch (and a nod from Drake himself), began showing signs of distress.
Outbound transactions were spiraling out of control, and something smelled fishier than a seafood market on a hot summer day.
@Cyber_Security_Channel
Recent Rhysida Attacks Show Focus on Healthcare by Ransomware Actors
Sergey Shykevich, threat intelligence group manager at Check Point Software, which is tracking the Rhysida operation, says he can confirm the Rhysida group recently posted a small sample of data apparently belonging to Singing River on its leak disclosure site. The group has said it is willing to sell all the data it has from the healthcare system for 30 Bitcoin — or roughly $780,000 at today's rates. "We sell only to one hand, no reselling you will be the only owner," the group's post noted.
@Cyber_Security_Channel
New Phishing Campaign Launched via Google Looker Studio
The message contains a link to the fake report, claiming to provide the victim with information on investment strategies that would lead to significant returns.
The recipient is lured into clicking on the provided link, which redirects to a legitimate Google Looker page, hosting a Google slideshow claiming to provide instructions on how the recipient could receive more cryptocurrency.
@Cyber_Security_Channel
List of Data Breaches and Cyber Attacks in August 2023 – 79,729,271 Records Breached
For more details about the year’s incidents, check out our new page, which provides a complete list of known data breaches and cyber attacks in 2023.
It also breaks down each month’s cyber security incidents and provides more information about the biggest and most notable breaches of the month.
@Cyber_Security_Channel