Malware

21 Oct

Security Recruiter Directory

Data Breaches, Malware, Social Engineering

Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others. If you’re a security recruiting firm, we want your information! Our goal is to provide the most complete…

Read More
20 Oct

96% of companies report insufficient security for sensitive cloud data

Data Breaches, Malware, Social Engineering

The vast majority of organizations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA). The CSA report surveyed 1,663 IT and security professionals from organizations of various sizes and in various locations. “Only 4% report sufficient security for 100% of their data in the cloud. This means that 96% of organizations…

Read More
20 Oct

CISA Adds Two Known Exploited Vulnerabilities to Catalog   

Attacks, Insights, Malware

Original release date: October 20, 2022 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.       Binding Operational Directive (BOD)…

Read More
20 Oct

Hackers Use New Stealthy PowerShell Backdoor to Target 60+ Victims

Attacks, Malware

It is highly recommended to implement and maintain good email security products to help detect phishing emails and malicious attachments. It is also recommended to implement an attachment file type block list, if possible, to help prevent attachments with specific file extensions from being delivered to end users. In this scenario, the threat actors used “.docm” files to deliver their malicious payload, which for most organizations would likely be considered an abnormal or suspicious attachment…

Read More
20 Oct

Brazilian Federal Police Arrested a Lapsus$ Gang Member

Attacks, Malware

After hacking well-known tech businesses worldwide — including Microsoft, Nvidia, Samsung, Ubisoft, Okta, Vodafone, and Mercado — the Lapsus$ gang has made news this year. In addition, seven people from the UK were detained by the City of London Police in late March on suspicion of connection to the Lapsus$ group. On April 2nd, two of them were accused of helping the Lapsus$ extortion group. Following their appearance before the Highbury Corner Magistrates Court, they…

Read More
20 Oct

iDealwine Confirms Data Breach

Attacks, Malware

Individuals that were potentially affected have an increased likelihood of becoming targets of phishing attempts. iDealwine has advised their customers to not respond to emails or open their attachments if they are unfamiliar of the source. Customers can reach out to iDealwine if they have any issues, and they claim their team will assist. Although passwords were encrypted, a good precautionary step would be to change those passwords, and make sure passwords aren’t reused on…

Read More
20 Oct

With Conti gone, LockBit takes lead of the ransomware threat landscape

Data Breaches, Malware, Social Engineering

The number of ransomware attacks observed over the previous three months declined compared to the previous quarter, according to reports from two threat intelligence companies. However, the gap left by the Conti gang has been filled by other players, with LockBit cementing itself in the top position and likely to serve as a future source for ransomware spin-offs. From July to September, security firm Intel 471 counted 455 attacks from 27 ransomware variants, with LockBit…

Read More
20 Oct

Securing your organization against phishing can cost up to $85 per email

Data Breaches, Malware, Social Engineering

As phishing attacks increase, preventing them from doing damage is proving costly for organizations. Phishing-related activities are consuming a third of the total time available to IT and security teams and costing organizations anywhere between $2.84 and $85.33 per phishing email, according to a new report by Osterman Research. The report does not calculate the cost of damage caused by phishing, rather the productivity loss of IT and security teams. On average, organizations spend 16-30…

Read More
20 Oct

CISA Releases Three Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: October 20, 2022 CISA has released three (3) Industrial Control Systems (ICS) advisories on October 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: •    ICSA-22-293-01 Bentley Systems MicroStation Connect •    ICSMA-21-294-01 B Braun Infusomat Space Large Volume Pump (Update A) •    ICSMA-20-296-02 B. Braun SpaceCom Battery Pack…

Read More
20 Oct

Mozilla Releases Security Updates for Firefox

Attacks, Insights, Malware

Original release date: October 20, 2022 Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox. An attacker could exploit these vulnerabilities to cause denial-of-service conditions. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox ESR 102.4 and Firefox 106 for mitigations and updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More