CyberSecure Specialist

06 Jan

SASE Company Netskope Raises $401 Million

Information, News

Secure access service edge (SASE) provider Netskope on Thursday announced that it has raised $401 million in an oversubscribed financing round. To date, the company has raised close to $1.5 billion. The new investment round was led by Morgan Stanley Tactical Value, with participation from CPP Investments, Goldman Sachs Asset Management, and Ontario Teachers’ Pension Plan. Founded in 2012, the Santa Clara, California-based Netskope offers a converged SASE platform that provides optimized access and zero…

Read More
06 Jan

Twitter’s mushrooming data breach crisis could prove costly

Data Breaches, Malware, Social Engineering

Since Elon Musk purchased Twitter in late October, non-stop turmoil and controversy have dogged the company, from massive staff firings and resignations to reputational damage from Musk’s careless and often bizarre tweets. Now, mushrooming concern around a possible data breach stemming from a now-fixed Twitter flaw is poised to drive the company further down unless Twitter takes quick action. Even as regulators in Europe begin to probe what appears to be a massive Twitter data…

Read More
05 Jan

The doctor will see you now … virtually: Tips for a safe telehealth visit

Information

Are your virtual doctor visits private and secure? Here’s what to know about, and how to prepare for, connecting with a doctor from the comfort of your home. Telehealth services were one of the tech success stories of the COVID-19 pandemic. Just as cloud-based services helped suddenly locked-down workers to stay productive, telemedicine consultations ensured doctors could still provide essential healthcare and advice without endangering their patients or staff. In fact, telehealth consultations accounted for…

Read More
05 Jan

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

Information

by Paul Ducklin LAST STRAW FOR LASTPASS? IS CRYPTO DOOMED? Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE…

Read More
05 Jan

Banking Trojan apocalypse: how hackers are stealing millions

Malware

Several weeks ago, I received a phone call from my friend who is a business owner and works in the cargo industry. He informed me that US$24,000 had vanished from his bank account during the previous night. The bank customer care team could not assist and suggested that my friend file a report with the police. The funds were transferred using a mobile app. The transaction was verified via a text message and appeared to…

Read More
05 Jan

Attackers create 130K fake accounts to abuse limited-time cloud computing resources

Data Breaches, Malware, Social Engineering

A group of attackers is running a cryptomining operation that leverages the free or trial-based cloud computing resources and platforms offered by several service providers including GitHub,  Heroku, and Togglebox. The operation is highly automated using CI/CD processes and involves the creation of tens of thousands of fake accounts and the use of stolen or fake credit cards to activate time-limited trials. Researchers from Palo Alto Networks’ Unit 42 have dubbed the group Automated Libra…

Read More
05 Jan

Toyota Customers’ Personal Information Potentially Exposed in GitHub Repository

Attacks, Malware

Although Toyota does not believe data was accessed by an unauthorized party, it is still recommended that those customers remain vigilant for the time being. Since email addresses were included with other exposed data, affected individuals are more vulnerable to scams and phishing attempts. If emails from unknown senders are received, they should not be interacted with. Unusual emails, emails involving payments, or emails involving sign-in links to high value accounts from trusted counterparties should…

Read More
05 Jan

Hackers Abuse Windows Error Reporting Tool to Deploy Malware

Attacks, Malware

It is highly recommended to implement and maintain email security controls, including the ability to block certain file attachments. ISO files have become extremely popular among threat actors as a way to initially get malware on to the system while also evading defenses. In this campaign, the threat actors attach the ISO directly to a phishing email received by the end user. By being able to block incoming emails that contain ISO (or IMG) attachments,…

Read More
05 Jan

Cyberattack on Records Vendor Affects Scores of U.S. Counties

Attacks, Malware

To protect against similar cyber-attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan• Install updates/patch operating systems, software, and firmware as soon as practical after they are released.• Implement monitoring of security events on employee workstations and servers, with a 24/7 Security…

Read More
05 Jan

IOTW: Almost 50,000 UK government ministers vulnerable to cyber attacks

Attacks, Data Breaches

A large number of UK government ministers and civil servants have been warned that they are vulnerable to hackers after their personal information was posted online and remained visible for months. The personal information for more than 45,000 civil servants was available until March 2020 via the Government Communication Service (GCS) website. The information included names, email addresses, phone numbers and job titles as well as links to social media profiles including Twitter and LinkedIn.…

Read More