CyberSecure Specialist

21 Feb

10 dark web monitoring tools

Data Breaches, Malware, Social Engineering

The dark web is the place where every CISO hope their company’s data will not end up. It consists of sites that are not indexed by popular search engines such as Google, and the dark web includes marketplaces for data usually obtained as a result of a cyberattack such as compromised user accounts, identity information, or other confidential corporate information. Gaining operational intelligence on what data these sites are offering is critical to defending cybercriminals…

Read More
21 Feb

Why CISOs change jobs

Data Breaches, Malware, Social Engineering

Being a CISO is a hard job. You must constantly balance business, technology, and regulatory requirements against things like employee and adversary behavior. You can be a superstar, build a world-class cybersecurity program, and follow best practices, providing exceptional protection for the organization. Despite this excellence, a single employee can click on a malicious web link, share a password, or misconfigure an asset, leading directly to a successful cyberattack. When this happens, it’s your fault.…

Read More
21 Feb

Three-quarters of businesses braced for ‘serious’ email attack this year

Data Breaches, Malware, Social Engineering

IT security leaders at three-out-of-four global businesses expect an email-borne attack will have serious consequences for their organization in the coming year, with the increasing sophistication of attacks a top concern, according to the 2023 State of Email Security (SOES) report. Businesses’ use of email is increasing, with 82% of companies reporting a higher volume of email in 2022 compared with 2021 and 2020, the 2023 SOES report found. More email has led to more…

Read More
20 Feb

Twitter tells users: Pay up if you want to keep using insecure 2FA

Information

by Paul Ducklin Twitter has announced an intriguing change to its 2FA (two-factor authentication) system. The change will take effect in about a month’s time, and can be summarised very simply in the following short piece of doggerel: Using texts is insecure for doing 2FA, So if you want to keep it up you’re going to have to pay. We said “about a month’s time” above because Twitter’s announcement is somewhat ambiguous with its dates-and-days…

Read More
20 Feb

Hilliard, Ohio Falls Victim to Phishing Payment Scam

Attacks, Malware

The city has already taken some steps to prevent future scams, such as implementing multi-factor authentication and providing additional training for employees. However, they may also want to consider conducting regular security audits, hiring a third-party cybersecurity firm to assess their vulnerabilities, and establishing a response plan for potential future incidents. https://www.usatoday.com/story/news/nation/2023/02/17/hilliard-ohio-fires-finance-director-phishing-scam/11282093002

Read More
20 Feb

Norway Seizes Record $5.84 Million in Cryptocurrency Stolen by Lazarus Hackers

Attacks, Malware

Although the service was launched in October 2022, it is believed to have facilitated the transfer of tens of millions of dollars from the Horizon and other North Korea-linked cyberattacks. According to data released by Chainalysis, the nation-state group sent 1,429.6 Bitcoin worth about $24.2 million to the mixer during the two months from December 2022 to January 2023. The overlaps in the wallet addresses utilized, their connections to Russia, and the similarities in how…

Read More
20 Feb

Coinbase Cyberattack Targeted Employees with Fake SMS Alert

Attacks, Malware

To protect best against a campaign such as this, it is recommended to provide user education into common phishing tactics as well as overall emerging cybersecurity risks and vulnerabilities. It is important to employ a defense-in-depth strategy to detect this activity at a different portion of the attack chain, such as detecting lateral movement or reconnaissance activity. Binary Defense’s MDR and Threat Hunting services are an excellent solution to assist with such a program. https://www.bleepingcomputer.com/news/security/coinbase-cyberattack-targeted-employees-with-fake-sms-alert/

Read More
20 Feb

Twitter Shuts Off Text-Based 2FA for Non-Subscribers

Information, News

Elon Musk’s Twitter started a security ruckus over the weekend with the sudden decision to turn off text message/SMS method of two-factor authentication (2FA) for anyone not subscribed to its paid Twitter Blue service. “While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors. So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA…

Read More
20 Feb

GoDaddy connects a slew of past attacks to a multiyear hacking campaign

Data Breaches, Malware, Social Engineering

Web hosting and infrastructure provider GoDaddy said it suspects a recent attack on its infrastructure in December 2022 may be connected to a series of incidents the business has been experiencing since 2020. The attack involved an unauthorized third-party gaining access to and installing malware on GoDaddy’s cPanel hosting servers, the company disclosed in an SEC filing. The company only discovered the security breach following customer reports in early December 2022 that their sites were…

Read More
20 Feb

7 reasons to avoid investing in cyber insurance

Data Breaches, Malware, Social Engineering

With cyberattacks rising at an alarming rate around the world, cyber insurance has become an increasingly popular layer of protection for businesses across all sectors. However, despite its clear appeal as a means of supporting and augmenting cyber risk management, insurance might not be the right fit for all companies in every circumstance. In fact, there are compelling reasons why some might be advised to avoid, delay, or at least seriously reconsider buying or renewing…

Read More