CyberSecurity Updates

19 Oct

Operation King TUT: The universe of threats in LATAM

Information

ESET Research ESET researchers reveal a growing sophistication in threats affecting the LATAM region by employing evasion techniques and high-value targeting 17 Oct 2023  •  , 3 min. read Much like the life and mysterious demise of Pharaoh Tutankhamun, also known as King Tut, the threat landscape in Latin America (LATAM) remains shrouded in mystery. This is primarily due to the limited global attention on the evolving malicious campaigns within the region. While notable events…

Read More
18 Oct

Finland Charges Psychotherapy Hacker With Extortion

Data Breaches, Information, News

Finland on Wednesday charged a hacker, accused of the theft of tens of thousands of records from psychotherapy patients, with over 21,000 counts of extortion, the national prosecutor announced. “The suspect is held on remand and has denied being guilty of the offenses,” the National Prosecution Authority said in a statement. The prosecutor is seeking a seven-year prison sentence for the defendant, Aleksanteri Kivimaki, who was formerly identified as Julius Kivimaki. In the 2018 breach…

Read More
18 Oct

The Fake Browser Update Scam Gets a Makeover

Information, Insights

One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency…

Read More
18 Oct

Cybersecurity Awareness Month 2023 Blog Series | Updating Software

Insights

Credit: NIST It’s week three in our Cybersecurity Awareness Month blog series! This week, we interviewed NIST’s Michael Ogata (Computer Scientist) and Paul Watrobski (IT Security Specialist) about the importance of updating software. This week’s Cybersecurity Awareness Month theme is ‘updating software.’ How does your work/specialty area at NIST tie into this behavior? NIST’s Applied Cybersecurity Division’s core mission is to explore, measure, and evaluate both the cybersecurity guidance NIST provides as well as industry…

Read More
18 Oct

CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance

Attacks, Insights, Malware

Today, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One. The joint guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers to reduce the impact of phishing techniques used in obtaining credentials and deploying malware.…

Read More
17 Oct

Tech CEO Sentenced to 5 Years in IP Address Scheme

Information, Insights

Amir Golestan, the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC, has been sentenced to five years in prison for wire fraud. Golestan’s sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,000 Internet Protocol (IP) addresses from the American Registry for Internet Numbers (ARIN), the nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts…

Read More
17 Oct

Prove Identity Snags $40M Funding for ID Verification Tech

Information, News

Prove Identity, a late-stage startup with roots in the ecommerce mobile payments space, on Tuesday closed a $40 million funding round as it continues a major pivot to the digital identity verification and authentication market. The New York-based company, previously known as Payfone, said the latest investment round led by MassMutual Ventures and Capital One Ventures.  To date, Prove Identity has raised more than $215 million and rebranded itself as an enterprise vendor targeting banks, retailers…

Read More
16 Oct

Signal Pours Cold Water on Zero-Day Exploit Rumors

Information, News

Privacy-focused messaging firm Signal is pouring cold water on widespread rumors of a zero-day exploit in its popular encrypted chat app. “We have seen the vague viral reports alleging a Signal 0-day vulnerability. After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels,” Signal said late Sunday night. Rumors of a Signal zero-day started circulating over the weekend with what…

Read More
16 Oct

CISA, NSA, FBI, and International Partners Release Updated Secure by Design Guidance

Attacks, Insights, Malware

Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) released an update to Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by- Design and -Default with the following international partners: Australian Cyber Security Centre (ACSC) Canadian Centre for Cyber Security (CCCS) United Kingdom’s National Cyber Security Centre (NCSC-UK) Germany’s Federal Office for Information Security (BSI) Netherland’s National Cyber Security Centre (NCSC-NL) Norway’s National Cyber…

Read More
16 Oct

Cisco Releases Security Advisory for IOS XE Software Web UI

Attacks, Insights, Malware

Cisco released a security advisory to address a vulnerability (CVE-2023-20198) affecting IOS XE Software Web UI. A cyber threat actor can exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the Cisco security advisory, apply the necessary recommendations, hunt for any malicious activity and report any positive findings to CISA, and apply patches when made available. See the following for additional guidance and resources:  BOD 23-02: Mitigating…

Read More