Malware

11 Nov

Cybersecurity startups to watch for in 2023

Data Breaches, Malware, Social Engineering

The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base. The downside, of course, is that startups often lack resources and maturity. It’s a risk for a company to commit to a startup’s product or platform, and it requires a different kind of customer/vendor…

Read More
11 Nov

Medibank hackers revealed to be in Russia

Data Breaches, Malware, Social Engineering

The Australian Federal Police has revealed that those responsible for the data breach of Australian private health insurer Medibank are in Russia. On October 13, Medibank paused trading in the Australian Securities Exchange and announced there had been a “cyber incident”. At the time the company believed no data had been accessed and that the main issue was at its ahm and international student policy management units. But what started as the second largest breach…

Read More
10 Nov

Lacework releases cloud-native application security service

Data Breaches, Malware, Social Engineering

Cloud security vendor Lacework this week announced the availability of a cloud-native application protection platform (CNAPP) for its broader Polygraph Data Platform offering, providing an agentless, low-touch option for organizations looking to improve their application security posture. There are two main components to the CNAPP release, according to Lacework, both of which require only that the user connect their cloud accounts with Lacework’s apparatus. The first is attack path analysis, which uses Lacework’s systems to…

Read More
10 Nov

Canadian Meat Giant Suffers Cyberattack

Attacks, Malware

To minimize the effect of ransomware attacks, organizations should regularly back up their data and keep secure copies offline. On top of that, keeping systems up to date with patches and keeping an up-to-date anti-virus software will help a considerable amount. A 24/7 monitoring solution like the one that is offered by Binary Defense and the Security Operations Center should be considered when determining a defense solution as well. Keeping eyes out for network intrusions…

Read More
10 Nov

New StrelaStealer Malware Steals Your Outlook, Thunderbird Accounts

Attacks, Malware

It is highly recommended to implement and maintain good email security controls, such as AV scanning and sandboxing, to help prevent phishing emails from being delivered to end users. Since the vast majority of malware is delivered via phishing emails, this step alone can help prevent a large number of malware campaigns from being unsuccessful in infecting an organization. It is also recommended to implement a blocklist of potentially suspicious email attachment file types, such…

Read More
10 Nov

Verified Mess — Twitter’s $8 Blue Tick Rollout Sees ‘Verified’ Fakes

Attacks, Malware

This issue is likely to get worse before it gets better. Threat actors will continue to use the new verified check marks as a means to spread misinformation as well as attempt social engineering tactics to take advantage of individuals. Users should be wary of “verified” twitter accounts and should validate any information received from a twitter account with a secondary reliable source. Individuals should also be cautious of direct messages from verified accounts enticing…

Read More
10 Nov

CISA Releases SSVC Methodology to Prioritize Vulnerabilities

Attacks, Insights, Malware

Original release date: November 10, 2022 Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization (SSVC), a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular system. As stated in Executive Assistant Director (EAD) Eric Goldstein’s blog post Transforming the Vulnerability Management Landscape, implementing a methodology, such as SSVC, is a critical step to advancing the vulnerability management…

Read More
10 Nov

CISA Releases Twenty Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: November 10, 2022 CISA has released twenty (20) Industrial Control Systems (ICS) advisories on November 10, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-314-01 Siemens Parasolid ICSA-22-314-02 Siemens Missing Web Server Login Page of Industrial Controllers ICSA-22-314-03 Siemens SINEC Network Management System Logback Component ICSA-22-314-04 Siemens SINUMERIK…

Read More
10 Nov

PCI DSS 4.0 is coming: how to prepare for the looming changes to credit card payment rules

Data Breaches, Malware, Social Engineering

For enterprises that handle credit card data, which means just about every consumer-facing company, payment processing is a mission-critical system that requires the highest levels of security. The volume of transactions conducted with general purpose credit cards (American Express, Discover, Mastercard, Visa, UnionPay in China, and JCB in Japan) totaled $581 billion in 2021, up 24.5% year-over-year, according to the Nilson Report. However, credit card issuers, merchants, banks, and third-party transaction processors lost $28.58 billion…

Read More
09 Nov

Microsoft Releases November 2022 Security Updates

Attacks, Insights, Malware

Original release date: November 9, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2022 Security Update Guide and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More