Malware

14 Nov

New York-barred attorneys required to complete cybersecurity, privacy, and data protection training

Data Breaches, Malware, Social Engineering

New York-barred attorneys will be required to complete one continuing legal education (CLE) credit hour of cybersecurity, privacy, and data protection training as part of their biennial learning requirement beginning July 1, 2023. New York is the first jurisdiction to stipulate this specific requirement as the state aims to emphasize the technical competence duty of lawyers to meet professional, ethical and contractual obligations to safeguard client information. Lawyers have ethical obligations and professional responsibilities around…

Read More
14 Nov

How Cisco keeps its APIs secure throughout the software development process

Data Breaches, Malware, Social Engineering

Software developers know not to reinvent the wheel. So, they lean on reusable micro-services – and their corresponding application programming interfaces (APIs) – as building blocks for application components. “Developers want to focus on the added value they can bring instead of rebuilding things that have great solutions out there already,” says Grace Francisco, vice president of developer relations, strategy, and experience at Cisco. “APIs make that easy for developers to consume.” And they have been consuming:…

Read More
11 Nov

Multiple High-Severity Flaws Affect Widely Used OpenLiteSpeed Web Server Software

Attacks, Malware

It is recommended to update all instances of OpenLightSpeed Server to the latest version as that reportedly addresses these issues. It is always advised to patch systems with the latest updates whenever they become available. Patches should only be downloaded directly from the manufactures’ websites, never from a third party as they could have nefarious software added to them. https://thehackernews.com/2022/11/multiple-high-severity-flaw-affect.html

Read More
11 Nov

IceXLoader Being Shared Through Phishing

Attacks, Malware

It is important for companies to properly train employees on how to spot phishing emails. Organizations should also have detections in place to identify when malware has been downloaded. Binary Defense’s Managed Detection and Response service is an excellent asset to assist with these types of detection needs. https://www.bleepingcomputer.com/news/security/phishing-drops-icexloader-malware-on-thousands-of-home-corporate-devices/

Read More
11 Nov

BadBazaar Android Malware Tied to Chinese Cyberspies

Attacks, Malware

This campaign highlights the difficulty of attribution in relation to threat campaigns. While the BadBazaar malware was previously tied to a campaign taking place in the Middle East in 2017, it was later tied to APT15 in 2020, and now Xi’an Tian He Defense Technology in 2022. This is likely due to this specific tool being sold as a service rather than one of the groups developing this malware themselves, which is becoming more and…

Read More
11 Nov

Cybersecurity startups to watch for in 2023

Data Breaches, Malware, Social Engineering

The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base. The downside, of course, is that startups often lack resources and maturity. It’s a risk for a company to commit to a startup’s product or platform, and it requires a different kind of customer/vendor…

Read More
11 Nov

Medibank hackers revealed to be in Russia

Data Breaches, Malware, Social Engineering

The Australian Federal Police has revealed that those responsible for the data breach of Australian private health insurer Medibank are in Russia. On October 13, Medibank paused trading in the Australian Securities Exchange and announced there had been a “cyber incident”. At the time the company believed no data had been accessed and that the main issue was at its ahm and international student policy management units. But what started as the second largest breach…

Read More
10 Nov

Lacework releases cloud-native application security service

Data Breaches, Malware, Social Engineering

Cloud security vendor Lacework this week announced the availability of a cloud-native application protection platform (CNAPP) for its broader Polygraph Data Platform offering, providing an agentless, low-touch option for organizations looking to improve their application security posture. There are two main components to the CNAPP release, according to Lacework, both of which require only that the user connect their cloud accounts with Lacework’s apparatus. The first is attack path analysis, which uses Lacework’s systems to…

Read More
10 Nov

Canadian Meat Giant Suffers Cyberattack

Attacks, Malware

To minimize the effect of ransomware attacks, organizations should regularly back up their data and keep secure copies offline. On top of that, keeping systems up to date with patches and keeping an up-to-date anti-virus software will help a considerable amount. A 24/7 monitoring solution like the one that is offered by Binary Defense and the Security Operations Center should be considered when determining a defense solution as well. Keeping eyes out for network intrusions…

Read More
10 Nov

New StrelaStealer Malware Steals Your Outlook, Thunderbird Accounts

Attacks, Malware

It is highly recommended to implement and maintain good email security controls, such as AV scanning and sandboxing, to help prevent phishing emails from being delivered to end users. Since the vast majority of malware is delivered via phishing emails, this step alone can help prevent a large number of malware campaigns from being unsuccessful in infecting an organization. It is also recommended to implement a blocklist of potentially suspicious email attachment file types, such…

Read More