Malware

22 Mar

North Korean Threat Actor Using Chrome Extensions to Steal Gmail Data

Attacks, Malware

This threat actor has been seen running similar campaigns in the past, but these recent campaigns drew attention from German government authorities due to targeting “experts on issues relating to the Korean Peninsula.” Government bodies publicly speaking out regarding phishing campaigns is a major step in raising awareness about such attacks, which decreases their effectiveness. This campaign is ongoing, with the malicious domains still appearing to be active. To check for evidence of this attack,…

Read More
22 Mar

Landmark UK-Israeli agreement to boost mutual cybersecurity development, tackle shared threats

Data Breaches, Malware, Social Engineering

The UK and Israeli governments have signed a landmark agreement to define bilateral relations between the two countries and boost mutual cybersecurity advancement until 2030. The 2030 Roadmap for Israel-UK Bilateral Relations is the culmination of efforts that began with the signing of a Memorandum of Understanding in November 2021 to work more closely over the next decade on security, technology, trade, and defense. The Roadmap seeks to ensure the partnership remains modern and continues…

Read More
21 Mar

Ferrari Data Breach

Attacks, Malware

All affected customers are recommended to change their login credentials on the Ferrari site to a unique and complex password. With the possibility of financial information leak, it is also recommended that customers monitor their banking information for unusual activity. It would also be prudent to enable credit monitoring services to further protect themselves from fraud. https://www.bleepingcomputer.com/news/security/ferrari-discloses-data-breach-after-receiving-ransom-demand/

Read More
21 Mar

Go-based HinataBot Discovered by Akamai

Attacks, Malware

When Akamai benchmarked the botnet in 10-second HTTP and UDP attacks, the malware produced 20,430 requests with a combined size of 3.4 MB during the HTTP attack. There were 6,733 packets totaling 421 MB of data produced by the UDP deluge. The researchers calculated that the UDP flood might yield approximately 336 Gbps with 1,000 nodes and 3.3 Tbps with 10,000 nodes. While defending against a targeted DDoS attack can be difficult, if organizations mutually…

Read More
21 Mar

Developed countries lag emerging markets in cybersecurity readiness

Data Breaches, Malware, Social Engineering

Organizations in developed countries are not as prepared for cybersecurity incidents compared to those in developing countries, according to Cisco’s Cybersecurity Readiness Index, released today. Countries that were found to be most mature in their overall cybersecurity readiness included Asia-Pacific countries such as Indonesia, with 39% of organizations in what Cisco considers a “mature stage” of security preparedness; Philippines and Thailand, both with 27% of organizations in the mature stage; and India, with 24% of…

Read More
21 Mar

CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management

Attacks, Insights, Malware

As part of the Enduring Security Framework (ESF), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) has released Identity and Access Management Recommended Best Practices Guide for Administrators. These recommended best practices provide system administrators with actionable recommendations to better secure their systems from threats to Identity and Access Management (IAM). IAM—a framework of business processes, policies, and technologies that facilitate the management of digital identities—ensures that users only gain…

Read More
21 Mar

CISA Releases Updated Cybersecurity Performance Goals

Attacks, Insights, Malware

Today, we published stakeholder-based updates to the Cybersecurity Performance Goals (CPGs). Originally released last October, the CPGs are voluntary practices that businesses and critical infrastructure owners can take to protect themselves against cyber threats. The CPGs have been reorganized, reordered and renumbered to align closely with NIST CSF functions (Identify, Protect, Detect, Respond, and Recover) to help organizations more easily use the CPGs to prioritize investments as part of a broader cybersecurity program built around…

Read More
21 Mar

9 attack surface discovery and management tools

Data Breaches, Malware, Social Engineering

Cyber asset attack surface management (CAASM) or external attack surface management (EASM) solutions are designed to quantify the attack surface and minimize and harden it. The goal with CAASM tools is to give the adversary as little information about the security posture of the business as possible while still maintaining critical business services. If you’ve ever watched a heist film, step one in executing the score of the century is casing the place: observing security…

Read More
20 Mar

ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises

Data Breaches, Malware, Social Engineering

ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure and provide end users with a unified login approach to all their applications. “While ForgeRock already offers passwordless authentication for…

Read More
20 Mar

ForgeRock, Double Secret Octopus offer passwordless authentication for enterprises

Data Breaches, Malware, Social Engineering

ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure and provide end users with a unified login approach to all their applications. “While ForgeRock already offers passwordless authentication for…

Read More