Social Engineering

Do you recall when you last reset your Kerberos password? Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password. If you’ve followed my advice, you are already one step ahead of the side effects caused by the November updates that introduced Kerberos changes. While many of you may be waiting to install the…

Read More

Microsoft is extending the Azure DDoS Protection family with a new product focusing on small and medium-size businesses (SMBs). The product, DDoS IP Protection for SMBs, was announced at Microsoft’s Ignite conference and is now in public preview. DDoS IP Protection for SMBs is designed to provide enterprise-grade DDoS (distributed denial of service) protection at a price that’s attractive to SMBs, Microsoft said. With the new product, Microsoft’s Azure DDoS Protection family now has two…

Read More

As group leader for Cyber Adversary Engagement at MITRE Corp., Maretta Morovitz sees value in getting to know the enemy – she can use knowledge about cyber adversaries to distract, trick, and deflect them and develop strategies to help keep threat actors from getting whatever they’re after. That could mean placing decoys and lures that exploit their expectations for what an attacker will find when they first hack into an environment, she says. Or it…

Read More

Palo Alto’s Unit 42 has investigated several incidents linked to the Luna Moth group callback phishing extortion campaign targeting businesses in multiple sectors, including legal and retail. The analysis discovered that the threat actors behind the campaign leverage extortion without malware-based encryption, have significantly invested in call centers and infrastructure unique to attack targets, and are evolving their tactics over time. Unit 42 stated that the campaign has cost victims hundreds of thousands of dollars…

Read More

The ability for employees to work remotely comes with many benefits, from better work-life balance to lower expenses to higher productivity. But a widely dispersed workforce can pose some great challenges for security teams, not least of which is how remote work affects security incident reporting. With companies growing more accustomed to implementing security technologies and processes better attuned to mass remote working, incident reporting has the potential to become a major stumbling block. Along…

Read More

Forty-seven percent of consumers have stopped doing business with a company after losing trust in that company’s digital security, according to new research from certificate authority and cybersecurity vendor DigiCert. The findings, which have been compiled in the company’s 2022 State of Digital Trust Survey, also revealed that 84% of customers would consider switching if they were to lose trust in a company, with 57% saying switching would be likely. The survey was administered as…

Read More

The Indian federal government on Friday published a new draft of data privacy laws that would allow personal data transfer to other nations under certain conditions, and impose fines for breaches of data-transfer and data-collection regulations. The proposed legislation has been in the works for about four years. Up until now, the Reserve Bank of India has enacted regulations that make businesses keep transaction data within the country. The government, though, has not issued more…

Read More

As breaches increase and companies scramble to go from a defensive to an offensive approach, API-focused Noname Security has launched Recon, whice simulates an attacker performing reconnaissance on an organization’s domains. Recon works from a root-level domain to find other domains, shadow domains, sub-domains, APIs, vulnerabilities, and public issues that put the organization at risk, according to Noname. “Then we start looking at, both actively and passively looking at any API-related information pertaining to those…

Read More

Google’s Android operating system dominates smartphone usage throughout the world — in every region except North America and Oceania, in fact. Thus, businesses in many regions are likely to support and issue Android devices to employees as their mainstay mobile devices. Even in areas where Apple’s iPhone dominates or is comparable in market share, businesses are likely to support or issue Android devices at least as a secondary option. But Android security has long been…

Read More

Organizations across multiple industries are struggling to mitigate potential risks—including loss of end-user and storage devices as well as unauthorized use of SaaS applications—during their offboarding process, according to new research conducted by YouGov in partnership with Enterprise Technology Management (ETM) firm Oomnitza. Over the last 18 months, employee turnover has increased, with the US Department of Labor estimating that by the end of 2021, a total of 69 million people—more than 20% of Americans—had…

Read More