CyberSecurity Updates

06 Feb

Indian Freight Company Exposing Data on Misconfigured Server

Attacks, Malware

Some recommendations to consider when attempting to protect sensitive data in a cloud infrastructure include: • Secure access to the cloud.• Manage user access privileges.• Provide visibility with employee monitoring.• Monitor privileged users.• Educate employees against phishing.• Ensure you meet IT compliance requirements.• Efficiently respond to security incidents. India’s Largest Truck Brokerage Company Leaking 140GB of Data

Read More
06 Feb

The dangerous vulnerabilities caused by weak email security

Attacks, Data Breaches

Why email security Threats to email security are on the rise. Research conducted for Cyber Security Hub’s Mid-Year Market Report 2022 found that 75 percent of cyber security practitioners think that email-based attacks such as phishing and social engineering are the ‘most dangerous’ cyber security threat to their organizations. Companies must protect this vulnerable asset without compromising its efficiency in communication. Email security is integral to protecting companies from external threats but also essential to…

Read More
06 Feb

Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition

Data Breaches, Malware, Social Engineering

Cyber insurance firm Coalition has predicted that there will be 1,900 average monthly critical Common Vulnerabilities and Exposures (CVEs) in 2023, a 13% increase over 2022. The predictions are a part of the company’s Cyber Threat Index, which was compiled using data gathered by the company’s active risk management and reduction technology, combining data from underwriting and claims, internet scans, its global network of honeypot sensors, and scanning over 5.2 billion IP addresses. The 1,900 CVEs…

Read More
06 Feb

OPSWAT mobile hardware offers infrastructure security for the air gap

Data Breaches, Malware, Social Engineering

Infrastructure protection vendor OPSWAT has announced the availability of its new MetaDefender Kiosk K2100 hardware, designed to provide a mobile option for users who want the company’s media-scanning capabilities to work in the field. OPSWAT’s MetaDefender line of kiosks is designed to address a potential security weakness for critical infrastructure defended by air gaps. In order to patch those systems, audit them, or move data among them, removable media like SD cards, USB sticks and…

Read More
06 Feb

Microsoft attributes Charlie Hebdo attacks to Iranian nation-state threat group

Data Breaches, Malware, Social Engineering

Microsoft’s Digital Threat Analysis Center (DTAC) has attributed a recent influence operation targeting the satirical French magazine Charlie Hebdo to an Iranian nation-state actor. Microsoft dubbed the threat group, which calls itself Holy Souls, NEPTUNIUM. It has also been identified as Emennet Pasargad by the US Department of Justice. In January, the group claimed to have obtained the personal information of more than 200,000 Charlie Hebdo customers after access to a database, which Microsoft believes…

Read More
06 Feb

Will your incident response team fight or freeze when a cyberattack hits?

Data Breaches, Malware, Social Engineering

If there’s an intrusion or a ransomware attack on your company, will your security team come out swinging, ready for a real fight? CISOs may feel their staff is always primed with the technical expertise and training they need, but there’s still a chance they might freeze up when the pressure is on, says Bec McKeown, director of human science at cybersecurity training platform Immersive Labs. “You may have a crisis playbook and crisis policies…

Read More
05 Feb

Finland’s Most-Wanted Hacker Nabbed in France

Information, Insights

Julius “Zeekill” Kivimäki, a 25-year-old Finnish man charged with extorting a local online psychotherapy practice and leaking therapy notes for more than 22,000 patients online, was arrested this week in France. A notorious hacker convicted of perpetrating tens of thousands of cybercrimes, Kivimäki had been in hiding since October 2022, when he failed to show up in court and Finland issued an international warrant for his arrest. In late October 2022, Kivimäki was charged (and…

Read More
05 Feb

Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process

Information, News

Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. It is not new. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores – giving them greater apparent validity to targets. The scam is a version of romance scam, where targets are befriended, lured in, persuaded to download a disguised malicious app, drawn into false cryptocurrency…

Read More
04 Feb

Key takeaways from ESET’s new APT Activity Report – Week in security with Tony Anscombe

Information

As our latest APT Activity Report makes abundantly clear, the threat of cyberespionage and stealthy attacks remains very real The threat of cyberespionage and stealthy cyberattacks remains very real, and the data from ESET’s T3 2022 APT Activity Report released this week backs this up. In this video, Tony shares some of the key takeaways from the report, which reviews the operations of some of the world’s most notorious nation state-affiliated and state-sponsored hacking collectives…

Read More
03 Feb

Critical vulnerability patched in Jira Service Management Server and Data Center

Data Breaches, Malware, Social Engineering

A critical vulnerability was fixed this week in Jira Service Management Server, a popular IT services management platform for enterprises, that could allow attackers to impersonate users and gain access to access tokens. If the system is configured to allow public sign-up, external customers can be affected as well. The bug was introduced in Jira Service Management Server and Data Center 5.3.0, so versions 5.3.0 to 5.3.1 and 5.4.0 to 5.5.0 are affected. Atlassian has…

Read More