CyberSecurity Updates

23 Feb

Stress pushing CISOs out the door

Data Breaches, Malware, Social Engineering

Nearly half of CISOs will change jobs by 2025 due to stress caused by the risk of being breached while trying to retain staff, according to the Gartner report, Predicts 2023: Cybersecurity Industry Focuses on the Human Deal. The research firm found that the stressors of the cybersecurity world make the job of a cybersecurity professional unsustainable. This includes the knowledge that there are only two possible outcomes: get hacked or don’t. “The psychological impact…

Read More
23 Feb

ESET SMB Digital Security Sentiment Report: The damaging effects of a breach

Information

SMBs need to not only reduce their odds of being hit by an attack, but also implement processes that they can follow if their defenses are breached The prevalence of cyberattacks continues to rise, with our telemetry showing a 13% increase in cyberthreat detections in 2022 year-on-year. While the news tends to feature breaches involving major companies, it would be wrong to assume that only large enterprises are targeted by cybercriminals. Although these incidents grab…

Read More
23 Feb

Writing like a boss with ChatGPT and how to get better at spotting phishing scams

Information

It’s never been easier to write a convincing message that can trick you into handing over your money or personal data ChatGPT has been taking the world by storm, having reached 100 million users only two months after launching. However, media stories about the tool’s uncanny ability to write human-sounding text mask a potentially darker reality. In the wrong hands, the powerful chatbot (now also built into the Bing search engine) and technologies like it could…

Read More
23 Feb

NPM JavaScript packages abused to create scambait links in bulk

Information

by Paul Ducklin Johnathan Swift is probably most famous for his novel Gulliver’s Travels, during which the narrator, Lemuel Gulliver, encounters a socio-political schism in Liiliputian society caused by unending arguments over whether you should open a boiled egg at the big end or the little end. This satirical observation has flowed diretly into modern computer science, with CPUs that represent integers with the least significant bytes at the lowest memory addresses called little-endian (that’s…

Read More
22 Feb

Cyberattacks hit data centers to steal information from global companies

Data Breaches, Malware, Social Engineering

Cyberattacks targeting multiple data centers in several regions globally have been observed over the past year and a half, resulting in exfiltration of information pertaining to some of the world’s biggest companies and the publishing of access credentials on the dark web, according to cybersecurity company Resecurity. “Malicious cyber activity targeting data center organizations creates a significant precedent in the context of supply chain cybersecurity,” Resecurity said in a blog post. “Resecurity expects attackers to…

Read More
22 Feb

How Covid-19 impacted cyber security challenges, focus and spends

Attacks, Data Breaches

Survey methodology and respondent profiles The results in this report are from the Cyber Security Hub survey which we fielded to subscribers from May and June 2020 to benchmark actual results from H1 2020 vs. expectations for H2 2020. A balanced representation of the enterprise cyber security mindset, the largest segment of survey respondents (41 percent) describes their job function as cyber security. The next largest segment is IT at (27 percent) followed by corporate…

Read More
22 Feb

5 top threats from 2022 most likely to strike in 2023

Data Breaches, Malware, Social Engineering

The threat landscape is highly diverse and attacks range in sophistication from the most basic scams to nation-state-level cyberespionage. However, companies need to prioritize their defenses against the most common threats that are likely to impact them and their employees. In its newly released annual State of Malware report, cybersecurity firm Malwarebytes selected five threats that they consider to be archetypes for some of the most common malware families observed in 2022: LockBit ransomware The…

Read More
22 Feb

Intel Paid Out Over $4.1 Million via Bug Bounty Program Since 2017

Information, News

Intel has paid out more than $4.1 million through its bug bounty program since its creation in 2017, according to a product security report published by the chip giant on Wednesday. Between 2018 and 2021, Intel paid out, on average, $800,000 through its bug bounty program each year for vulnerabilities discovered in the company’s products. In 2022, it awarded $935,000.  Intel says a total of 243 vulnerabilities were reported in 2022, roughly the same as…

Read More
22 Feb

Activision Confirms Data Breach Exposing Employee and Game Info

Attacks, Malware

Advise employees not to open links arriving in unexpected SMS messages. If a business sends an unexpected text, look up their number online and call them back to verify if they sent the message. Suspicious links should only be opened in a controlled, safe environment, such as a resettable virtual machine image. That way, if the link points to malicious code, it won’t execute on a device that contains sensitive information. https://www.bleepingcomputer.com/news/security/activision-confirms-data-breach-exposing-employee-and-game-info/

Read More
22 Feb

Hydrochasma Threat Group Targeting Research Labs, Shipping Firms

Attacks, Malware

Phishing continues to be a focal point of initial access for threat actors. This campaign emphasizes the importance of a phishing awareness program and monitoring processes such as PowerShell and Procdump for potential misuse or abuse. LOLBIN usage can allow attackers to blend in with normal activity. Organizations are recommended to employ detections and mitigations for the post exploitation phase of an attack to try and weed out misuse of these programs. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/hydrochasma-asia-medical-shipping-intelligence-gathering

Read More