Data Breaches

Attributes of a mature cyber-threat intelligence program

Earlier this year, ESG published a research report focused on how enterprise organizations use threat intelligence as part of their overall cybersecurity strategy. The research project included a survey of 380 cybersecurity professionals working at enterprise organizations (i.e., more than 1,000 employees). Survey respondents were asked questions about their organization’s cyber-threat intelligence (CTI) program – how it was staffed, what types of skills were most important, its challenges and strategies, spending plans, etc. I’ve written…

Read More

6 ways generative AI chatbots and LLMs can enhance cybersecurity

The rapid emergence of Open AI’s ChatGPT has been one of the biggest stories of the year, with the potential impact of generative AI chatbots and large language models (LLMs) on cybersecurity a key area of discussion. There’s been a lot of chatter about the security risks these new technologies could introduce — from concerns about sharing sensitive business information with advanced self-learning algorithms to malicious actors using them to significantly enhance attacks. Some countries,…

Read More

SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups

Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyberespionage interest. That’s no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly. Cybersecurity firm Proofpoint analyzed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT groups, particularly those…

Read More

Hackers attempt to sell personal data of 1.5 million women

The personal information of more than 1.5 million women has been put up for sale on the dark web following an alleged data breach of Indian lingerie brand Zivame. The alleged data breach was discovered after an advert offering the sale of the personal data stolen during the hack was posted on the dark web and the messaging app Telegram. The sellers, who are claiming to be the malicious actors who stole the data, are…

Read More

New hyperactive phishing campaign uses SuperMailer templates: Report

SuperMailer, a legitimate email newsletter program, has been found abused by threat actors to conduct a high-volume credential harvesting campaign, according to network security firm Cofense. “The SuperMailer-generated emails have been reaching inboxes at an increasingly remarkable volume,” Brah Haas, cyber threat intelligence analyst at Cofense, said in a blog post. “Emails containing the unique SuperMailer string barely registered in January and February, but in the first half of May they accounted for over 5%…

Read More

US sanctions four North Korean entities for global cyberattacks

The US Department of Treasury has imposed sanctions on four entities and one individual involved in illicit revenue generation and malicious online activities to generate revenue for the Democratic People’s Republic of Korea (North Korea). The entities and individuals sanctioned are the Pyongyang University of Automation, the Technical Reconnaissance Bureau, the 110th Research Center cybersecurity unit, Chinyong Information Technology Cooperation Company, and North Korean national Kim Sang Man, the US Department of State said in…

Read More

CyberArk’s enterprise browser promises zero-trust support, policy management

CyberArk has announced plans to launch an enterprise browser, dubbed CyberArk Secure Browser, at the end of 2023 as part of its CyberArk Identity Security Platform. The identity security vendor decided to create a new enterprise browser based on trends impacting hybrid work environments and its own research, which found an increase in post-multifactor authentication (MFA) attacks targeting session cookies. “Developing an enterprise browser — with an identity-first, security-first approach — was a natural progression…

Read More

Credential harvesting tool Legion targets additional cloud services

A commercial malware tool called Legion that hackers deploy on compromised web servers has recently been updated to extract credentials for additional cloud services to authenticate over SSH. The main goal of this Python-based script is to harvest credentials stored in configuration files for email providers, cloud service providers, server management systems, databases, and payment systems. These hijacked resources enable the attackers to launch email and SMS spam campaigns. “This recent update demonstrates a widening…

Read More

Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach

Like most CSOs, Joe Sullivan was drawn to the role to help prevent cybercrimes. His role as CSO of Uber was something of a shift from his previous job prosecuting cybercriminals as an assistant US attorney, but closer to the tip of the cybersecurity spear. As a top-level professional in the business of defending against the bad guys, it was unexpected and not a little ironic that he would find himself on the other side…

Read More

Axiado releases new security processors for servers and network appliances

Security processor provider Axiado has announced the availability of two new trusted compute units (TCUs) to help detect ransomware and other cyberattacks on servers and infrastructure elements in cloud data centers, 5G networks, and network switches. Dubbed AX3000 and AX2000, these TCUs are AI-powered hardware security platform solutions that, the company says, integrate all security functions within a single system-on-chip (SoC) module. “Products such as Axiado’s TCU are important developments in the market, as they…

Read More