CyberSecurity Updates

22 Jun

Maltego: Check how exposed you are online

Information

A primer on how to use this powerful tool for uncovering and connecting information from publicly available sources It’s a truism that personal data is a valuable asset for cybercriminals, as it allows them to tailor and otherwise improve their phishing and other social engineering attacks. The wealth and variety of personal data that is available online is leveraged for attacks and scams that target not only people but also companies. But organizations too can…

Read More
22 Jun

S3 Ep140: So you think you know ransomware?

Information

by Paul Ducklin LISTEN AND LEARN Gee Whizz BASIC (probably). Think you know ransomware? Megaupload, 11 years on. ASUS warns of critical router bugs. MOVEit mayhem Part III. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of…

Read More
22 Jun

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Information, Insights

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee. In a snail mail letter sent this month to…

Read More
22 Jun

Google Backs Creation of Cybersecurity Clinics With $20 Million Donation

Information, News

Free medical clinics and legal aid clinics, where college students and their instructors help their communities while also learning more about their professions, are now commonplace. Google hopes to add cybersecurity clinics to that list. Google CEO Sundar Pichai pledged $20 million in donations on Thursday to support and expand the Consortium of Cybersecurity Clinics to introduce thousands of students to potential careers in cybersecurity, while also helping defend small government offices, rural hospitals and…

Read More
22 Jun

China-sponsored APT group targets government ministries in the Americas

Data Breaches, Malware, Social Engineering

An advanced persistent threat (APT) group named Flea has been carrying out attacks against foreign affairs ministries in North and South America using a new backdoor called Graphican, according to a report by the Symantec Threat Hunter Team. The campaign ran from late 2022 into early 2023. It also targeted a government finance department in a country in the Americas and a corporation that sells products in Central and South America. There was also one…

Read More
22 Jun

Opaque Systems releases new data security, privacy-preserving features for LLMs

Data Breaches, Malware, Social Engineering

Opaque Systems has announced new features in its confidential computing platform to protect the confidentiality of organizational data during large language model (LLM) use. Through new privacy-preserving generative AI and zero-trust data clean rooms (DCRs) optimized for Microsoft Azure confidential computing, Opaque said it also now enables organizations to securely analyze their combined confidential data without sharing or revealing the underlying raw data. Meanwhile, broader support for confidential AI use cases provides safeguards for machine…

Read More
22 Jun

SSDF and IoT Cybersecurity Guidance: Building Blocks for IoT Product Security

Insights

Credit: Shutterstock NIST’s IoT cybersecurity guidance has long recognized the importance of secure software development (SSDF) practices, highlighted by the NIST IR 8259 series—such as the recommendation for documentation in Action 3.d of NIST IR 8259B, that manufacturers have considered and documented their “secure software development and supply chain practices used.” The NIST SSDF (NIST SP 800-218) describes software development practices that can aid manufacturers in developing IoT products by providing guidance for the secure…

Read More
22 Jun

RangeForce launches Defense Readiness Index to measure businesses’ cybersecurity capabilities

Data Breaches, Malware, Social Engineering

Cyber defense upskilling company RangeForce has announced the release of the Defense Readiness Index (DRI) to enable companies to measure and improve their cybersecurity capabilities. Integrated into RangeForce’s Threat Centric platform and mapped to both the MITRE ATT&CK and D3FEND frameworks, the DRI scores an organization’s readiness to respond to cyberattacks, the firm said in a press release. It also provides cybersecurity upskilling rooted in United States Department of Defense and NATO training to help…

Read More
22 Jun

Apple patches exploits used in spy campaign ‘Operation Triangulation’

Data Breaches, Malware, Social Engineering

Apple has shipped patches for the remote code execution (RCE) vulnerabilities in iOS that have already been exploited in the wild under the digital spy campaign, dubbed Operation Triangulation. The campaign used two zero-click iMessage exploits and compromises without any user interactions based on a pair of bugs respectively in the kernel and Webkit. Apple has attributed the discovery of these vulnerabilities to Kaspersky Lab just two weeks after the Russian cybersecurity firm reported discovering…

Read More