Malware

21 Feb

Why CISOs change jobs

Data Breaches, Malware, Social Engineering

Being a CISO is a hard job. You must constantly balance business, technology, and regulatory requirements against things like employee and adversary behavior. You can be a superstar, build a world-class cybersecurity program, and follow best practices, providing exceptional protection for the organization. Despite this excellence, a single employee can click on a malicious web link, share a password, or misconfigure an asset, leading directly to a successful cyberattack. When this happens, it’s your fault.…

Read More
21 Feb

Three-quarters of businesses braced for ‘serious’ email attack this year

Data Breaches, Malware, Social Engineering

IT security leaders at three-out-of-four global businesses expect an email-borne attack will have serious consequences for their organization in the coming year, with the increasing sophistication of attacks a top concern, according to the 2023 State of Email Security (SOES) report. Businesses’ use of email is increasing, with 82% of companies reporting a higher volume of email in 2022 compared with 2021 and 2020, the 2023 SOES report found. More email has led to more…

Read More
20 Feb

Hilliard, Ohio Falls Victim to Phishing Payment Scam

Attacks, Malware

The city has already taken some steps to prevent future scams, such as implementing multi-factor authentication and providing additional training for employees. However, they may also want to consider conducting regular security audits, hiring a third-party cybersecurity firm to assess their vulnerabilities, and establishing a response plan for potential future incidents. https://www.usatoday.com/story/news/nation/2023/02/17/hilliard-ohio-fires-finance-director-phishing-scam/11282093002

Read More
20 Feb

Norway Seizes Record $5.84 Million in Cryptocurrency Stolen by Lazarus Hackers

Attacks, Malware

Although the service was launched in October 2022, it is believed to have facilitated the transfer of tens of millions of dollars from the Horizon and other North Korea-linked cyberattacks. According to data released by Chainalysis, the nation-state group sent 1,429.6 Bitcoin worth about $24.2 million to the mixer during the two months from December 2022 to January 2023. The overlaps in the wallet addresses utilized, their connections to Russia, and the similarities in how…

Read More
20 Feb

Coinbase Cyberattack Targeted Employees with Fake SMS Alert

Attacks, Malware

To protect best against a campaign such as this, it is recommended to provide user education into common phishing tactics as well as overall emerging cybersecurity risks and vulnerabilities. It is important to employ a defense-in-depth strategy to detect this activity at a different portion of the attack chain, such as detecting lateral movement or reconnaissance activity. Binary Defense’s MDR and Threat Hunting services are an excellent solution to assist with such a program. https://www.bleepingcomputer.com/news/security/coinbase-cyberattack-targeted-employees-with-fake-sms-alert/

Read More
20 Feb

GoDaddy connects a slew of past attacks to a multiyear hacking campaign

Data Breaches, Malware, Social Engineering

Web hosting and infrastructure provider GoDaddy said it suspects a recent attack on its infrastructure in December 2022 may be connected to a series of incidents the business has been experiencing since 2020. The attack involved an unauthorized third-party gaining access to and installing malware on GoDaddy’s cPanel hosting servers, the company disclosed in an SEC filing. The company only discovered the security breach following customer reports in early December 2022 that their sites were…

Read More
20 Feb

7 reasons to avoid investing in cyber insurance

Data Breaches, Malware, Social Engineering

With cyberattacks rising at an alarming rate around the world, cyber insurance has become an increasingly popular layer of protection for businesses across all sectors. However, despite its clear appeal as a means of supporting and augmenting cyber risk management, insurance might not be the right fit for all companies in every circumstance. In fact, there are compelling reasons why some might be advised to avoid, delay, or at least seriously reconsider buying or renewing…

Read More
19 Feb

GoDaddy admits: Crooks hit us with malware, poisoned customer websites

Information, Malware

by Paul Ducklin Late last week [2023-02-16], popular web hosting company GoDaddy filed its compulsory annual 10-K report with the US Securities and Exchange Commission (SEC). Under the sub-heading Operational Risks, GoDaddy revealed that: In December 2022, an unauthorized third party gained access to and installed malware on our cPanel hosting servers. The malware intermittently redirected random customer websites to malicious sites. We continue to investigate the root cause of the incident. URL redirection, also…

Read More
17 Feb

EU parliamentary committee says ‘no’ to EU-US data privacy framework

Data Breaches, Malware, Social Engineering

The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs has recommended that the European Commission reject the proposed EU-US Data Privacy Framework, which would govern the way in which the personal information of EU citizens is handled by US companies. The committee’s decision — formally, a draft motion for a resolution— represents a rejection of the European Commission’s recommendation, announced in December, that the data privacy framework should be adopted. The recommendation stated…

Read More
17 Feb

New Mirai Malware Variant Infects Linux Devices to Build DDoS Botnet

Attacks, Malware

The most effective way to defend systems against Miria and other botnet infections is to change the default password to a complex password that is unique to that device. It is also recommended to download and apply security patches when the official manufacturer releases them. https://www.bleepingcomputer.com/news/security/new-mirai-malware-variant-infects-linux-devices-to-build-ddos-botnet/

Read More