Cyber Security News

11 Nov 2023 06:08

Global Authentication Services Market Forecast Report 2023-2030: A Review of Data Protection Laws by Country

The Authentication Services market in the U.S. is estimated at US$244.9 Million in the year 2022.

China, the world's second largest economy, is forecast to reach a projected market size of US$603.4 Million by the year 2030 trailing a CAGR of 18.9% over the analysis period 2022 to 2030.

Among the other noteworthy geographic markets are Japan and Canada, each forecast to grow at 17.8% and 16.7% respectively over the 2022-2030 period. Within Europe, Germany is forecast to grow at approximately 13.3% CAGR.

@Cyber_Security_Channel

Cyber Security News

10 Nov 2023 13:55

⚡️World's Biggest Bank ICBC Hit By Cyber Attack

The Industrial and Commercial Bank of China’s US arm was hit by a ransomware attack that disrupted trades in the US Treasury market.

The attack, which was first reported by the Financial Times, is suspected to have been carried out by underground organisation LockBit, one of the active ransomware groups globally, Bloomberg reported, citing sources.

China’s foreign ministry said on Friday that the lender was striving to minimise risk impact and losses after the attack.

“ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication,” the ministry spokesperson Wang Wenbin said.

@Cyber_Security_Channel

Cyber Security News

10 Nov 2023 03:08

Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams

If a perpetrator doesn't already have targets in mind, Gibson posits, some social media or Dark Web data harvesting might help identify prime candidates.

Just as one would for an advertising campaign, "if you already have vast bodies of data that have previously been hacked," Gibson says.

"You can then populate software like those which do advertising analytics to define the best target for a particular kind of attack."

@Cyber_Security_Channel

Cyber Security News

09 Nov 2023 11:46

Ace Hardware Still Reeling From Weeklong Cyberattack

"Specifically, one involves a criminal sending a spoof email asking the retailer to send electronic payments meant for Ace Hardware Corporation to an alternate bank while we work to restore our systems.

The email looks legitimate and appears to be coming from someone in the Ace Finance Department," the letter explained.

@Cyber_Security_Channel

Cyber Security News

08 Nov 2023 18:56

Oracle Enables MFA by Default on Oracle Cloud

Cloud administrators should also use Oracle Cloud Guard to monitor configuration policies and to detect and alert teams on changes to buckets and access policies, Oracle said.

"The benefits of MFA are so impactful that we've decided to implement it by default across all OCI tenants," Oracle said.

@Cyber_Security_Channel

Cyber Security News

07 Nov 2023 21:47

CISA Awards Nonprofits $3 Million to Bolster Cyber Workforce

“CISA is looking forward to working with both recipients to help recruit and train tomorrow’s cybersecurity leaders,” CISA Director Jen Easterly said in a press release.

“These organizations are such valuable partners and assets in building a diverse cybersecurity workforce that strengthens our nation’s cyber defense capabilities and enhances safety and security in our communities.”

@Cyber_Security_Channel

Cyber Security News

07 Nov 2023 02:45

DOJ and Pentagon Email Breach Impacted Around 632,000 Federal Employees

According to CNN, Clop (aka C10p) – a ransomware gang – was allegedly responsible for the attacks, and it is known to demand multimillion-dollar ransoms.

The group appears to have used the MOVEit hack, which was first disclosed last month by Progress Software after it warned that hackers had found a way to break into its MOVEit Transfer tool.

@Cyber_Security_Channel

Cyber Security News

06 Nov 2023 09:30

Seiko Confirms Data Breach Resulted From a Ransomware Attack

Additionally, the cyber group threatened to publish the stolen information online unless Seiko paid a ransom. BlackCat/ALPHV ransomware eventually leaked the stolen data after Seiko refused to pay the ransom.

@Cyber_Security_Channel

Cyber Security News

05 Nov 2023 01:07

Arid Viper Camouflages Malware in Knockoff Dating App

The malware can also disable security notifications, collect users' sensitive information, and deploy additional malicious applications on compromised devices.

The researchers determined that the malware campaign has been active since at least April 2022.

@Cyber_Security_Channel

Cyber Security News

04 Nov 2023 06:16

Microsoft Exposes Octo Tempest, One of the Most Dangerous Financial Threat Actors to Date

The group might also use smishing, sending SMS containing a PHISHING LINK to employees leading to a fake login page with an AitM toolkit, or initiate a SIM swap attack on employees’ phone numbers, to be able to reset their password once they are in control of the phone number.

@Cyber_Security_Channel

Cyber Security News

03 Nov 2023 14:58

White House Executive Order on AI Provides Guidelines for AI Privacy and Safety

Principles and best practices will be developed to reduce harm from AI in terms of job displacement, labor equity, collective bargaining and other potential labor impacts.

@Cyber_Security_Channel

Cyber Security News

02 Nov 2023 21:16

New Cyberattack From Winter Vivern Exploits a Zero-Day Vulnerability in Roundcube Webmail

The JavaScript injection worked on fully patched Roundcube instances at the time of Faou’s discovery.

The researcher could establish that this zero-day vulnerability was located in the server-side script rcube_washtml.php, which failed to ”… properly sanitize the malicious SVG document before being added to the HTML page interpreted by a Roundcube user,” as stated by Faou.

@Cyber_Security_Channel

Cyber Security News

01 Nov 2023 20:41

Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data

Horizon3.ai also points out that Mirth Connect appears to be deployed mostly on Windows machines, where it typically runs with System privileges, suggesting that the impact of a successful attack would be critical.

@Cyber_Security_Channel

Cyber Security News

01 Nov 2023 07:08

Mandiant Intelligence Chief Raises Alarm Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure

The Volt Typhoon campaign was first flagged by Microsoft with deliberate targeting of critical infrastructure in Guam, a discovery that raised eyebrows because the tiny island is considered an important part of a future China/Taiwan military conflict.

@Cyber_Security_Channel

Cyber Security News

31 Oct 2023 13:19

Argentina: AAIP Approves Use of IADPN Model Contractual Clauses for International Transfers of Personal Data

The incorporation of these instruments, in addition to promoting security in data transfers, contributes to regulatory harmonization and consolidates Argentina’s position in the protection of privacy.

@Cyber_Security_Channel

Cyber Security News

10 Nov 2023 20:34

SentinelOne® Sets New Standard for Cybersecurity with Singularity™ Platform Unity Release

The Singularity Unity Release is a unique series of enhancements that SentinelOne will incrementally roll out over the next 12 months to revolutionize Security Operations Centers (SOCs).

The platform will provide a new user experience and function as their command post and comprehensive system of record.

@Cyber_Security_Channel

Cyber Security News

10 Nov 2023 11:57

NTT Unveils Five Trends That Will Dominate the Cybersecurity Landscape in 2024

"Zero Trust is no longer a buzz word, but a core concept that organizations will implement to improve their cybersecurity measures," said Taro Hashimoto, CSIS Visiting Fellow & Senior Manager of Cybersecurity, NTT.

"The concept of Zero Trust is all about risk-based management and continuous process.

@Cyber_Security_Channel

Cyber Security News

09 Nov 2023 17:31

Aqua Security Introduces Industry-First Kubernetes Vulnerability Scanning With Trivy KBOM

Kubernetes vulnerability scanning is the latest capability added to Trivy, the industry’s most popular vulnerability and risk scanner.

With nearly 20,000 GitHub stars, Trivy has a thriving community of users and contributors.

@Cyber_Security_Channel

Cyber Security News

09 Nov 2023 03:28

Federal Trade Commission Expands Rule Regarding Reporting of Data Security Breaches

While parts of the Safeguards Rule already apply to non-banking financial institutions such as mortgage brokers, motor vehicle dealers, accountants, tax preparation services, and payday lenders, the recent amendment expands the data breach reporting requirements to these entities.

@Cyber_Security_Channel

Cyber Security News

08 Nov 2023 07:55

Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons

Upon discovering the spyware in the WhatsApp mods, Kaspersky researchers' analysis showed that Telegram was the primary source in various channels.

"Just the most popular of these had almost two million subscribers," Kalinin notes.

"We alerted Telegram to the fact that the channels were used for spreading malware."

@Cyber_Security_Channel

Cyber Security News

07 Nov 2023 14:17

Safeguarding Healthcare Supply Chains with Cybersecurity

“It’s the easiest way for attackers to compromise systems en masse and to get more bang for their buck,” said Dearing.

“In healthcare, one of the biggest gaps in supply chain security is the absence of regular, rigorous, cybersecurity audits. 

@Cyber_Security_Channel

Cyber Security News

06 Nov 2023 16:31

Tech Matters: New Data Breach Reporting Rules Start in December

Further, the new rules require publicly traded companies to describe their processes to secure their data and operations from cyber threats, as well as their expertise in assessing and managing these risks.

This part will be done in a company’s annual report filing to the SEC.

@Cyber_Security_Channel

Cyber Security News

05 Nov 2023 20:03

FBI Director Warns of Increased Iranian Attacks

However, Wray did say the FBI is able to "outpace our adversaries" and that the agency had disrupted 40% more cyber operations than last year and arrested 60% more cybercriminals than in 2021.

@Cyber_Security_Channel

Cyber Security News

04 Nov 2023 15:35

'Elektra-Leak' Attackers Harvest AWS Cloud Keys in GitHub Campaign

Palo Alto researchers discovered the Elektra-Leak campaign via a honey trap the company implemented for gathering threat intelligence on new and emerging cloud security threats.

Their investigation of the campaign showed the threat actor is likely using automated tools to continuously clone public GitHub repositories and to scan them for exposed AWS keys.

Many organizations clone their GitHub repositories so that they have a local copy of the repository within their development environment.

@Cyber_Security_Channel

Cyber Security News

03 Nov 2023 22:38

Getting Smart With Cybersecurity: AI Can Help the Good Guys, Too

To be effective, most security technologies today require a lot of manual fine-tuning, often through sophisticated parameter tweaks.

Depending on the tool, these can affect what incidents are reported, what vulnerabilities a tool finds, or how issue priorities are determined.

All these manual tweaks are time-consuming and can leave you exposed to threats until the right configurations are in place.

@Cyber_Security_Channel

Cyber Security News

03 Nov 2023 08:05

Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools

“Such an approach is by no means common among APT and crimeware developers, and this notable example underscores the sophistication of this malware against the background of many others.

Its functional complexity and elegance remind us of the elegant code implementing delay tolerant Equation communications networking and other libraries, reinforcing its classification as a highly advanced threat,” Kaspersky notes.

@Cyber_Security_Channel

Cyber Security News

02 Nov 2023 08:29

Longer Support Periods Raise the Bar for Mobile Security

The update support period is therefore crucial, as well as the frequency of updates and the ability for security-specific updates to be rolled out independent of wider software updates — which is now offered by many of the leading smartphones.

@Cyber_Security_Channel

Cyber Security News

01 Nov 2023 14:23

Do Small Companies Need Fractional AppSec Teams Akin to Virtual CISOs?

"Experienced application security people are in short supply, and they're getting hoovered up by the big companies, by the Microsofts, Amazons, Apples, and Googles of the world, and if you are a smaller company, you're just not competing on that playing field," explains Kymberlee Price, who has led product security and AppSec teams, worked as a security researcher, and run red team and incident response operations for the likes of Microsoft, Amazon, and Bugcrowd.

@Cyber_Security_Channel

Cyber Security News

31 Oct 2023 19:59

US Energy Firm Shares How Akira Ransomware Hacked Its Systems

The Akira operators revisited the network on June 16, 2023, to enumerate data would be stolen.

Between June 20 and 29, the threat actors stole 767k files containing 690 GB of data, including BHI's Windows Active Directory database.

Finally, on June 29, 2023, having stolen all data they could from BHI's network, the threat actors deployed the Akira ransomware on all devices to encrypt files.

This was when BHI's IT team realized the company had been compromised.

@Cyber_Security_Channel

Cyber Security News

31 Oct 2023 06:55

BlackDice and Landatel Partner to Bring AI-Powered Cybersecurity Solutions to Small Businesses

Paul Hague, CEO and Founder of BlackDice, said, “The partnership with Landatel Communications is a tremendous endorsement of BlackDice’s cybersecurity solutions.

It marks a pivotal milestone in our strategic roadmap positioning us for further growth, as we continue to secure partnerships with key industry players to deliver solutions that address the pressing cybersecurity challenges confronting small businesses.

We’re living in a digital age where over 560,000 new pieces of malware emerge every day.

This alarming statistic underscores the urgency for robust cybersecurity measures, especially for businesses that are now heavily reliant on online operations and hybrid work settings.”

@Cyber_Security_Channel