Malware

21 Oct

Malware Analysis Strives To Outpace Enterprise Digitalization

Malware

An increase in enterprise phishing threats and malware delivery has boosted demand for malware analysis. Malware analysis is the process by which the purpose and functionality of malware samples are analyzed and determined. The information gathered from the malware analysis provides insights into developing an effective detection technique for the malicious code. In addition, it is an essential element for developing the efficient removal tools that can ultimately eliminate malware from an infected system. Mobile…

Read More
21 Oct

#StopRansomware: Daixin Team

Attacks, Insights, Malware

Original release date: October 21, 2022 CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Daixin Team to provide information on the “Daixin Team,” a cybercrime group actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations. This joint CSA provides Daixin actors’ tactics, techniques, and procedures (TTPs) and indicators of…

Read More
21 Oct

New Variant of FurBall Android Malware Seen from Iranian Domestic Kitten (APT-C-50)

Attacks, Malware

The latest campaign by Domestic Kitten not only highlights the rise of using phishing as an initial attack vector, but also the growing mobile malware market. This form of malware should be on the radar of every enterprise, especially ones with Bring-Your-Own-Device (BYOD) policies, as there are limited ways for an employer to monitor their employees’ mobile devices. With the growing threat of malware targeting mobile devices, it is becoming more and more likely that…

Read More
21 Oct

Detained Iranian Protester Phones Infected with I3mon Malware

Attacks, Malware

Installing a strong mobile antivirus solution is advised. Vetting apps before downloading them and monitoring application permissions are highly suggested as well. Unused apps that are given unnecessary permissions should be deleted as a preventative measure. If a device is believed to have been infected, getting a new device, or running a hard factory reset should be considered. Smartphones of Iran’s protest detainees targeted with spyware

Read More
21 Oct

Health System Data Breach Due to Meta Pixel Hits 3 million Patients

Attacks, Malware

AAH reported that the breach affected 3 million people to the U.S. Department of Health, which listed it on its breach report portal. Analysts Notes: The healthcare provider has disabled the Pixel tracker on all systems and is implementing safeguards to prevent a similar exposure from happening again. Patients are advised to use their web browsers’ tracker-blocking features or use incognito mode when logging in on medical portals. Those with a Facebook or Google account…

Read More
21 Oct

Cisco Releases Security Update for Cisco Identity Services Engine 

Attacks, Insights, Malware

Original release date: October 21, 2022 Cisco has released a security update to address vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.  CISA encourages users and administrators to review Cisco Advisory cisco-sa-ise-path-trav-Dz5dpzyM and apply the necessary updates. This product is provided subject to this Notification and this Privacy &…

Read More
21 Oct

IoT security strategy from enterprises using connected devices

Data Breaches, Malware, Social Engineering

Freeman Health System has around 8,000 connected medical devices in its 30 facilities in Missouri, Oklahoma, and Kansas. Many of these devices have the potential to turn deadly at any moment. “That’s the doomsday scenario that everyone is afraid of,” says Skip Rollins, the hospital chain’s CIO and CISO. Rollins would love to be able to scan the devices for vulnerabilities and install security software on them to ensure that they aren’t being hacked. But…

Read More
21 Oct

It’s time to prioritize SaaS security

Data Breaches, Malware, Social Engineering

We’ve made a point of shoring up security for infrastructure-as-a-service clouds since they are so complex and have so many moving parts. Unfortunately, the many software-as-a-service systems in use for more than 20 years now have fallen down the cloud security priority list. Organizations are making a lot of assumptions about SaaS security. At their essence, SaaS systems are applications that run remotely, with data stored on back-end systems that the SaaS provider encrypts on…

Read More
21 Oct

Security Recruiter Directory

Data Breaches, Malware, Social Engineering

Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others. If you’re a security recruiting firm, we want your information! Our goal is to provide the most complete…

Read More
20 Oct

96% of companies report insufficient security for sensitive cloud data

Data Breaches, Malware, Social Engineering

The vast majority of organizations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA). The CSA report surveyed 1,663 IT and security professionals from organizations of various sizes and in various locations. “Only 4% report sufficient security for 100% of their data in the cloud. This means that 96% of organizations…

Read More