CyberSecure Specialist

Iranian Nuclear Energy Agency Becomes Target of Hacktivist Group

Black Reward’s intention is not to have any type of monetary gain, but rather to expose corrupt activity. Being at the center of world controversy has opened Iran up to the possibility of more attacks of this style. Binary Defense analysts will continue to monitor this situation and provide updates as necessary. https://www.theregister.com/2022/10/24/black_reward_iran_nuclear_leak/?&web_view=true

Read More

CISA Warns of Daixin Hackers Targeting Healthcare Organizations

According to the advisory, Virtual Private Network (VPN) servers are used in these attacks to gain initial access to targeted networks, often exploiting unpatched security vulnerabilities and compromised credentials obtained via phishing emails. After establishing a foothold, the Daixin Team has been seen moving laterally via Secure Shell (SSH) and remote desktop protocol (RDP), then gaining elevated privileges using techniques like credential dumps. “The actors have leveraged privileged accounts to gain access to VMware vCenter…

Read More

CISA Adds Six Known Exploited Vulnerabilities to Catalog

Original release date: October 24, 2022 CISA has added six vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.       Binding Operational Directive (BOD)…

Read More

Security by design vital to protecting IoT, smart cities around the world, says CEO of UK NCSC

A secure by design approach is vital to protecting the internet of things (IoT) and smart cities, according to Lindy Cameron, CEO of the UK National Cyber Security Centre (NCSC). Cameron spoke during Singapore International Cyber Week, calling for swift ongoing action to ensure connected devices are designed, built, deployed, and managed securely to prevent malicious actors, improve national resilience, and reap the benefits of emerging technologies. Growth of IoT giving rise to increased security…

Read More

Iran’s nuclear energy agency confirms email server hacked

The Atomic Energy Organization of Iran on Sunday confirmed that an email server at its  Bushehr Nuclear Power Plant was hacked. The organization blamed a foreign country, but an Iranian hacking group that goes by the name Black Reward has claimed responsibility for the breach. The Atomic Energy Organization said that the IT group serving the Bushehr plant has examined and issued a report on the breach, and denied any sensitive information being exposed. The…

Read More

Cybersecurity Awareness Month 2022: Recognizing & Reporting Phishing

This blog will officially wrap up our 2022 Cybersecurity Awareness Month blog series — today we have a special interview from Marian Merritt, deputy director, lead for industry engagement for the National Initiative for Cybersecurity Education (NICE)! Marian will be discussing the importance of recognizing and reporting phishing incidents in detail. A phishing attack is an attempt to fool an individual into sharing private information or taking an action that gives criminals access to your…

Read More

When CISOs are doomed to fail, and how to improve your chances of success

There’s a joke cryptographer Jon Callas likes to tell: CISO stands for Chief Intrusion Scapegoat Officer, “because CISOs are often thrown into a position where they can’t succeed.” Callas, who is the director of public interest tech at the Electronic Frontier Foundation, says that security officers are often “simultaneously in charge and powerless.” They know what they should do to mitigate risks, but they can’t get enough support. This predicament threatens to overwhelm them. Almost…

Read More

ESET Threat Report T2 2022

A view of the T2 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts The past four months were the time of summer vacations for many of us in the northern hemisphere. It appears that some malware operators also took this time as an opportunity to possibly rest, refocus, and reanalyze their current procedures and activities. According to our telemetry, August was a vacation month…

Read More

The need to change cybersecurity for the next generation

Healthy habits that are instilled and nurtured at an early age bring lifelong benefits – the same applies to good cybersecurity habits It’s October, it’s Cybersecurity Awareness Month (CSAM), and with it the annual deluge of articles about phishing, passwords, protecting personal data and such like that will be hitting your inboxes very soon (if they have not already landed). The underlying message behind CSAM is the need to be cyber-vigilant and to educate the…

Read More

Key takeaways from ESET Threat Report T2 2022 – Week in security with Tony Anscombe

A look back on the key trends and developments that shaped the cyberthreat landscape from May to August of this year The ESET research team has just released its latest Threat Report, and in this week’s video, Tony summarizes the report’s main takeaways. What trends and developments shaped the threat landscape between May and August of this year? What were the top threats and what trended downwards? What else do the numbers say? What does…

Read More