Information

23 Aug

The End of “Groundhog Day” for the Security in the Boardroom Discussion?

Information, News

It’s been eight and half years since I first wrote about the need for security leadership representation in the boardroom. I then revisited the topic last year, when the SEC initially proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting. Now, as the SEC cyber incident disclosure rules come into effect, organizations will finally be forced to seriously consider giving security leaders a seat at…

Read More
22 Aug

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

Information, Insights

In large metropolitan areas, tourists are often easy to spot because they’re far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like data theft and ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior. In a…

Read More
22 Aug

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

Information, Malware

by Paul Ducklin Researchers at Apple device management company Jamf recently published an intriguing paper entitled Fake Airplane Mode: A mobile tampering technique to maintain connectivity. We’ll start with the good news: the tricks that Jamf discovered can’t magically be triggered remotely, for example merely by enticing you to a booby-trapped website. Attackers need to implant rogue software onto your iPhone first in order to pull off a “fake airplane” attack. The bad news, however,…

Read More
22 Aug

TP-Link Smart Bulb Vulnerabilities Expose Households to Hacker Attacks

Information, News

Four vulnerabilities identified by academic researchers from Italy and the UK in the TP-Link Tapo L530E smart bulb and its accompanying mobile application can be exploited to obtain the local Wi-Fi network’s password. Currently a best-seller on Amazon Italy, the TP-Link Tapo smart Wi-Fi light bulb (L530E) is cloud-enabled and can be controlled using a Tapo application (available on both Android and iOS) and a Tapo account. The most severe of the identified issues is…

Read More
21 Aug

Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer

Information, Malware, News

Cybersecurity company Cyfirma claims to have uncovered the real identity of the developer behind the CypherRAT and CraxsRAT remote access trojans (RATs). Using the online handle of ‘EVLF DEV’ and operating out of Syria for the past eight years, the individual is believed to have made over $75,000 from selling the two RATs to various threat actors. The same person is also a malware-as-a-service (MaaS) operator, according to Cyfirma. For the past three years, EVLF…

Read More
20 Aug

Suspected N. Korean Hackers Target S. Korea-US Drills

Information, News

Suspected North Korean hackers have attempted an attack targeting a major joint military exercise between Seoul and Washington that starts on Monday, South Korean police said. South Korea and the United States will kick off the annual Ulchi Freedom Shield drills on Monday through August 31 to counter growing threats from the nuclear-armed North. Pyongyang views such exercises as rehearsals for an invasion and has repeatedly warned it would take “overwhelming” action in response. The…

Read More