Malware

DNA Diagnostic Center fined $400,000 for 2021 data breach

DNA Diagnostics Center, a DNA testing company, will pay a penalty of $400,000 to the attorneys general of Pennsylvania and Ohio for a data breach in 2021 that affected 2.1 million individuals nationwide, according to a settlement deal with the states’ attorneys general.  The company will also be required to implement improvements to its data security, including updating the asset inventory of its entire network and disabling or removing any assets identified that are not necessary for…

Read More

Why CISOs change jobs

Being a CISO is a hard job. You must constantly balance business, technology, and regulatory requirements against things like employee and adversary behavior. You can be a superstar, build a world-class cybersecurity program, and follow best practices, providing exceptional protection for the organization. Despite this excellence, a single employee can click on a malicious web link, share a password, or misconfigure an asset, leading directly to a successful cyberattack. When this happens, it’s your fault.…

Read More

10 dark web monitoring tools

The dark web is the place where every CISO hope their company’s data will not end up. It consists of sites that are not indexed by popular search engines such as Google, and the dark web includes marketplaces for data usually obtained as a result of a cyberattack such as compromised user accounts, identity information, or other confidential corporate information. Gaining operational intelligence on what data these sites are offering is critical to defending cybercriminals…

Read More

Three-quarters of businesses braced for ‘serious’ email attack this year

IT security leaders at three-out-of-four global businesses expect an email-borne attack will have serious consequences for their organization in the coming year, with the increasing sophistication of attacks a top concern, according to the 2023 State of Email Security (SOES) report. Businesses’ use of email is increasing, with 82% of companies reporting a higher volume of email in 2022 compared with 2021 and 2020, the 2023 SOES report found. More email has led to more…

Read More

Hilliard, Ohio Falls Victim to Phishing Payment Scam

The city has already taken some steps to prevent future scams, such as implementing multi-factor authentication and providing additional training for employees. However, they may also want to consider conducting regular security audits, hiring a third-party cybersecurity firm to assess their vulnerabilities, and establishing a response plan for potential future incidents. https://www.usatoday.com/story/news/nation/2023/02/17/hilliard-ohio-fires-finance-director-phishing-scam/11282093002

Read More

Norway Seizes Record $5.84 Million in Cryptocurrency Stolen by Lazarus Hackers

Although the service was launched in October 2022, it is believed to have facilitated the transfer of tens of millions of dollars from the Horizon and other North Korea-linked cyberattacks. According to data released by Chainalysis, the nation-state group sent 1,429.6 Bitcoin worth about $24.2 million to the mixer during the two months from December 2022 to January 2023. The overlaps in the wallet addresses utilized, their connections to Russia, and the similarities in how…

Read More

Coinbase Cyberattack Targeted Employees with Fake SMS Alert

To protect best against a campaign such as this, it is recommended to provide user education into common phishing tactics as well as overall emerging cybersecurity risks and vulnerabilities. It is important to employ a defense-in-depth strategy to detect this activity at a different portion of the attack chain, such as detecting lateral movement or reconnaissance activity. Binary Defense’s MDR and Threat Hunting services are an excellent solution to assist with such a program. https://www.bleepingcomputer.com/news/security/coinbase-cyberattack-targeted-employees-with-fake-sms-alert/

Read More

GoDaddy connects a slew of past attacks to a multiyear hacking campaign

Web hosting and infrastructure provider GoDaddy said it suspects a recent attack on its infrastructure in December 2022 may be connected to a series of incidents the business has been experiencing since 2020. The attack involved an unauthorized third-party gaining access to and installing malware on GoDaddy’s cPanel hosting servers, the company disclosed in an SEC filing. The company only discovered the security breach following customer reports in early December 2022 that their sites were…

Read More

7 reasons to avoid investing in cyber insurance

With cyberattacks rising at an alarming rate around the world, cyber insurance has become an increasingly popular layer of protection for businesses across all sectors. However, despite its clear appeal as a means of supporting and augmenting cyber risk management, insurance might not be the right fit for all companies in every circumstance. In fact, there are compelling reasons why some might be advised to avoid, delay, or at least seriously reconsider buying or renewing…

Read More

GoDaddy admits: Crooks hit us with malware, poisoned customer websites

by Paul Ducklin Late last week [2023-02-16], popular web hosting company GoDaddy filed its compulsory annual 10-K report with the US Securities and Exchange Commission (SEC). Under the sub-heading Operational Risks, GoDaddy revealed that: In December 2022, an unauthorized third party gained access to and installed malware on our cPanel hosting servers. The malware intermittently redirected random customer websites to malicious sites. We continue to investigate the root cause of the incident. URL redirection, also…

Read More