Data Breaches

Phishing was the most common type of identity-related incident in 2022, according to a study by Identity Defined Security Alliance (IDSA), a nonprofit identity and security intelligence firm. The study, commissioned through Dimensional Research, also revealed that the top phishes among the incidents included email phishing, spear phishing, and vishing/smishing incidents. “With a spike in digital identities comes an increase in cyberattacks targeting them. By far the most significant reason behind this was employees unknowingly…

Cybersecurity pioneer Mikko Hyppönen began his cybersecurity career 32 years ago at Finnish cybersecurity company F-Secure, two years before Tim Berners-Lee released the world’s first web browser. Since then, he has defused global viruses, searched for the first virus authors in a Pakistani conflict zone, and traveled the globe advising law enforcement and governments on cybercrime. He has also recently published a book, If It’s Smart, It’s Vulnerable, where he explains how the growth of…

SaaS-based customer identity and access management (CIAM) provider Frontegg has launched entitlements engine, an authorization management capability aimed at helping app developers and revenue teams streamline access authorization. The new engine will be powered by context-aware logic controls (CALC) technology to effect context-based, fine-grained authorization controls, Frontegg said. “The old way of building SaaS apps required the use of many different solutions to solve in-app entitlements — role-based access control (RBAC), attribute-based access control (ABAC), feature flag…

A screen recorder app with over 50,000 downloads on Google Play Store was found to be discreetly recording audio using the device’s microphone and stealing files, suggesting it might be part of an espionage campaign, according to researchers at ESET. iRecorder was a legitimate app made available in September 2021 and a remote access trojan (RAT) AhRat was most likely added to it in 2022. The app is currently unavailable on the app store. AhRat: the…

Finding qualified staff to replace vacancies or build out an expanding team can be a nightmare for already overburdened CISOs, especially given there’s a pernicious and ongoing shortage of skilled cybersecurity workers in the job market. One creative alternative to frustratedly trolling job-search sites is to look inward, rather than outward — to find capable, smart people already working at a company in other areas and train them to fill roles on the cyber team.…

BlackByte group has claimed responsibility for a ransomware attack on the city of Augusta in Georgia.  The ransomware group has posted 10GB of sample data for free and claimed they have a lot more data available.  “We have lots of sensitive data. Many people would like to see that as well as the media. You were given time to connect us but it seems like you are sleepy,” the screenshot shared by security researcher Brett Callow, who…

A new phishing technique can leverage the “file archiver in browser” exploit to emulate an archiving software in the web browser when a victim visits a .zip domain, according to a security researcher identifying as mr.d0x. The attacker essentially simulates a file archiving software like WinRAR in the browser and masks it under the .zip domain to stage the phishing attack. “Performing this attack first requires you to emulate a file archive software using HTML/CSS,”…

There’s no getting around it, I am long in the tooth and have been dealing with individuals who break trust within their work environment for more than 30 years, both in government (where we called it counterespionage or counterintelligence) and in the private sector. Today we call programs that help prevent or identify breaches of trust insider risk management (IRM). Over the years I have hypothesized that where such IRM programs reside within an organization…

Over the past few years state-sponsored attackers have been ramping up their capabilities of hitting critical infrastructure like power grids to cause serious disruptions. A new addition to this arsenal is a malware toolkit that seems to have been developed for red-teaming exercises by a Russian cybersecurity company. Dubbed COSMICENERGY by researchers from Mandiant, the malware can interact with remote terminal units (RTUs) and other operational technology (OT) devices that communicate over the specialized IEC…