CyberSecure Specialist

03 Nov

Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop

Data Breaches, Information, News

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop, exposing credentials that led to the theft of data from multiple Okta customers. A brief post-mortem from Okta security chief David Bradbury said the internal lapse was the “most likely avenue” for the breach that ensnared hundreds of Okta customers, including cybersecurity companies BeyondTrust and Cloudflare. “We can confirm that from…

Read More
02 Nov

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Information, Insights

The login page for the criminal reshipping service SWAT USA Drop. One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service, which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards. Among the most common ways…

Read More
02 Nov

Who killed Mozi? Finally putting the IoT zombie botnet in its grave

Information

ESET Research How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there 01 Nov 2023  •  , 3 min. read In August 2023, the notorious Mozi botnet, infamous for exploiting vulnerabilities in hundreds of thousands of IoT devices each year, experienced a sudden and unanticipated nosedive in activity. First observed in India on August 8th, 2023 and a week later in China on…

Read More
01 Nov

Countries at a UK Summit Pledge to Tackle AI’s Potentially ‘Catastrophic’ Risks

Information, News

Delegates from 28 nations, including the U.S. and China, agreed Wednesday to work together to contain the potentially “catastrophic” risks posed by galloping advances in artificial intelligence. The first international AI Safety Summit, held at a former codebreaking spy base near London, focused on cutting-edge “frontier” AI that some scientists warn could pose a risk to humanity’s very existence. British Prime Minister Rishi Sunak said the declaration was “a landmark achievement that sees the world’s…

Read More
01 Nov

Mozi Botnet Likely Killed by Its Creators

Information, News

The recent shutdown of the Mozi botnet is believed to be the work of its operators, who may have been forced to kill their creation by Chinese authorities. This is a theory from cybersecurity firm ESET, whose researchers recently discovered a kill switch suggesting that the takedown was deliberate.  Mozi emerged in September 2019 and at one point it was a highly active botnet, accounting for a large chunk of the traffic associated with IoT…

Read More
01 Nov

Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges

Information, News

VMware Carbon Black’s Threat Analysis Unit (TAU) has identified dozens of previously unknown vulnerable kernel drivers that could be exploited by attackers to alter firmware or escalate privileges. It’s not uncommon for threat actors, including cybercriminals and state-sponsored groups, to abuse kernel drivers in their operations. Such drivers can allow malicious hackers to manipulate system processes, maintain persistence on a system, and evade security products. VMware’s TAU collected roughly 18,000 Windows driver samples from VirusTotal…

Read More
01 Nov

20 scary cybersecurity facts and figures for a haunting Halloween

Information

Digital Security Cybersecurity Awareness Month draws to a close and Halloween is just around the corner, so here is a bunch of spine-tingling figures about some very real tricks and threats lurking online Phil Muncaster 30 Oct 2023  •  , 4 min. read October is Cybersecurity Awareness Month (CSAM) in the US and Canada and European Cybersecurity Month (ECMS) on the other side of the pond. These campaigns represent a great opportunity to share best…

Read More
01 Nov

Closing the gender gap: 7 ways to attract more women into cybersecurity

Information

We Live Progress Global Diversity Awareness Month is a timely occasion to reflect on the steps required to remove the obstacles to women’s participation in the security industry, as well as to consider the value of inclusion and diversity in the security workforce. 31 Oct 2023  •  , 7 min. read While our digital age is progressing by leaps and bounds and technology-related roles will remain in high demand in the future, the cybersecurity industry…

Read More
31 Oct

Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO

Information, News

In a development sparking chatter and debate through the cybersecurity world, the lawsuit filed by the the U.S. Securities and Exchange Commission (SEC) against the Chief Information Security Officer (CISO) of SolarWinds is leaving CISOs across the industry spooked and reevaluating their roles. The lawsuit alleges that former SolarWinds CISO Timothy Brown failed to disclose critical information regarding the massive cyberattack on the company’s software supply chain that occurred in late 2020. The complex attack,…

Read More
31 Oct

.US Harbors Prolific Malicious Link Shortening Service

Information, Insights

The top-level domain for the United States — .US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified .US domains as among the most prevalent in phishing attacks over the past year. Researchers at Infoblox say they’ve been tracking what appears to be a three-year-old link shortening service…

Read More