CyberSecure Specialist

05 Jan

Predictions 2023: Big Tech’s Coming Security Shopping Spree

Information, News

The SecurityWeek editorial team huddled over the holidays to look back at the stories that shaped 2022 and, more importantly, to stare into a shiny crystal ball to find the cybersecurity narratives that will dominate this year’s headlines. For the most part, not much will change. Organizations large and small will continue to acknowledge major data breaches, zero-days and ransomware crises will spread to new targets and a skills shortage in an uncertain economy will…

Read More
05 Jan

CISA Releases Three Industrial Systems Control Advisories

Attacks, Insights, Malware

Original release date: January 5, 2023 CISA released three Industrial Control Systems (ICS) advisories on January 5 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-005-01 Hitachi Energy UNEM ICSA-23-005-02 Hitachi Energy FOXMAN-UN ICSA-23-005-03 Hitachi Energy Lumada Asset Performance Management This product is provided subject to this Notification and this Privacy…

Read More
05 Jan

NATO tests AI’s ability to protect critical infrastructure against cyberattacks

Data Breaches, Malware, Social Engineering

Autonomous intelligence, artificial intelligence (AI) that can act without human intervention, can help identify critical infrastructure cyberattack patterns and network activity, and detect malware to enable enhanced decision-making about defensive responses. That’s according to the preliminary findings of an international experiment of AI’s ability to secure and defend systems, power grids and other critical assets by cyber experts at the North Atlantic Treaty Organization’s (NATO) Cyber Coalition 2022 event late last year. The simulated experiment…

Read More
05 Jan

The BISO: bringing security to business and business to security

Data Breaches, Malware, Social Engineering

Throughout her career in IT security, Irina Singh has thrived on difficult projects. With a bachelor of science degree in management of information systems and a minor in international business, she now manages a team of business information security liaisons serving four foundational business units at medical device company Medtronic. “One of my slogans is that we bring business to security and security to the business,” she says. Singh calls herself a business information security partner, but…

Read More
04 Jan

Gaming: How much is too much for our children?

Information

With many children spending a little too much time playing video games, learn to spot the signs things may be spinning out of control Across Europe, half of the population aged 6-64 plays video games, according to industry body ISFE. The number rises significantly for 6-10-year-olds (68%), and those aged 11-14 (79%) and 15-24 (72%). According to some research, teenagers may spend as many as three hours per day gaming. That’s not necessarily a problem,…

Read More
04 Jan

Serious Security: Vital cybersecurity lessons from the holiday season

Information, Malware

by Paul Ducklin Even though it’s already Day 4 of Year 2023, some of the important IT/sysadmin/X-Ops security stories of the holiday season are only popping up in mainstream news now. So we though we’d take a quick look back at some of the major issues we covered over the last couple of weeks, and (just so you can’t accuse us of sneaking out a New Year’s listicle!) reiterate the serious security lessons we can…

Read More
04 Jan

How to foster secure and efficient data practices

Attacks, Data Breaches

Companies rely on data transfers to communicate between departments and with clients. When transferring data between different people, however, there are several risks if these data transfers are insecure. If insecure file transfer methods such as unencrypted email or cloud services are used, companies can open themselves up to potential exploitation by malicious actors. These actors could look to utilize methods including poisoning uploads with malware or intercepting files to gain access to confidential data.…

Read More
04 Jan

Attackers use stolen banking data as phishing lure to deploy BitRAT

Data Breaches, Malware, Social Engineering

In a case that highlights how attackers can leverage information from data breaches to enhance their attacks, a group of attackers is using customer information stolen from a Colombian bank in phishing attacks with malicious documents, researchers report. The group, which might have been responsible for the data breach in the first place, is distributing an off-the-shelf Trojan program called ​​BitRAT that has been sold on the underground market since February 2021. Stolen data used…

Read More
04 Jan

Cyberattacks against governments jumped 95% in last half of 2022, CloudSek says

Data Breaches, Malware, Social Engineering

The number of attacks targeting the government sector increased by 95% worldwide in the second half of 2022 compared to the same period in 2021, according to a new report by AI-based cybersecurity company CloudSek.  The increase in attacks can be attributed to rapid digitization and the shift to remote work during the pandemic, which broadened the attack surface of government entities and paved the way for an increase in cyberwarfare waged by nation-state actors,…

Read More