CyberSecure Specialist

09 Dec

The biggest data breaches and leaks of 2022

Attacks, Data Breaches

More than 4,100 publicly disclosed data breaches occurred in 2022 equating to approximately 22 billion records being exposed. Cyber security publication Security Magazine reported that the figures for 2022 are expected to exceed this figure by as much as five percent. In this article, we reveal which data breaches and leaks and the phishing, malware and cyber attacks ranked among our top ten most-read cyber security news stories of 2022. Read on to hear about…

Read More
09 Dec

Interpres Security Emerges From Stealth Mode With $8.5 Million in Funding

Information, News

Defense management startup Interpres Security on Thursday announced that it has emerged from stealth mode with $8.5 million in a seed funding round led by Ten Eleven Ventures and a solution designed to help companies optimize security performance. The Charleston-based firm proposes a new approach to managing the defense surface, offering a continuous, customized analysis of detection and mitigation capabilities, to help organizations improve their security posture. The company provides tailored mitigation, data collection, and…

Read More
09 Dec

Uptycs launches agentless cloud workload scanning

Data Breaches, Malware, Social Engineering

CNAPP (cloud native application protection platform) and XDR (extended detection and response ) provider Uptycs announced Friday that it has added agentless scanning to its existing cloud workload protection platform, which it said will open up a range of new use cases and attract new potential customers. The company said that its agentless workload scanning system will be fully interoperable with its agent-based Uptycs sensors, providing security metadata in the same format and letting users…

Read More
09 Dec

Credit card skimming – the long and winding road of supply chain failure

Information, Malware

by Paul Ducklin Researchers at application security company Jscrambler have just published a cautionary tale about supply chain attacks… …that is also a powerful reminder of just how long attack chains can be. Sadly, that’s long merely in terms of time, not long in terms of technical complexity or the number of links in the chain itself. Eight years ago… The high-level version of the story published by the researchers is simply told, and it…

Read More
08 Dec

JSON-based SQL injection attacks trigger need to update web application firewalls

Data Breaches, Malware, Social Engineering

Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for JSON inside SQL statements, allowing potential attackers to easily hide their malicious payloads. The bypass technique, discovered by researchers from Claroty’s Team82, was confirmed to work against WAFs from Palo Alto Networks, Amazon Web Services (AWS), Cloudflare, F5, and Imperva. These vendors have released…

Read More
08 Dec

Internet Explorer 0-day exploited by North Korean actor APT37

Attacks, Malware

TAG also identified other documents likely exploiting the same vulnerability and with similar targeting, which may be part of the same campaign. Although this campaign mainly targets South Korea, the tactic of using current events to lure potential victims into downloading malware is common and individuals should always verify the source of a link or document.Organizations should use the following preventative measures to protect themselves from an attack:• Implement network segmentation.• Install updates/patch operating systems,…

Read More
08 Dec

New Zerobot Malware Has 21 Exploits for BIG-IP, Zyxel, D-Link Devices

Attacks, Malware

It is highly recommended to make sure that all devices, including any network or IoT devices, that are exposed to the Internet are up-to-date on patching. The main infection vector of Zerobot is using one of the 21 exploits it supports to infect an Internet accessible device and propagating within the network from there. By making sure that all devices are properly patched, the attack surface that Zerobot can use to infect an environment is…

Read More
08 Dec

MENA IKEA Locations Affected by Vice Society

Attacks, Malware

Vice Society tends to target organizations that have the potential to pay out higher ransoms. To protect against Vice Society and other ransomware groups, companies should consider adopting a defense in depth strategy. Some suggestions for protecting against ransomware from the FBI and CISA include: • Maintain offline backups of data, and regularly maintain backup and restoration. By instituting this practice, the organization ensures they will not be severely interrupted, and/or only have irretrievable data.•…

Read More
08 Dec

New Ransom Payment Schemes Target Executives, Telemedicine

Information, Insights

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading. Alex Holden is founder of…

Read More
08 Dec

Removing the Barriers to Security Automation Implementation

Information, News

Implementation of security automation can be overwhelming, and has remained a barrier to adoption Previously, I wrote about balancing security automation and the human element to accelerate security automation initiatives. Equally important to address are the implementation aspects of security automation, which are holding many organizations back. In fact, a recent survey (PDF) found that while trust in security automation is rising, technology is the top barrier to adoption. And in Twitter poll, Allie Mellen,…

Read More