CyberSecurity Updates

31 Jan

Cyber Insights 2023: Attack Surface Management

Information, News

About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. SecurityWeek Cyber Insights 2023 | Attack Surface Management…

Read More
31 Jan

Privacera connects to Dremio’s data lakehouse to aid data governance

Data Breaches, Malware, Social Engineering

Open-source based data governance and security SaaS provider Privacera on Tuesday said that it was integrating with Dremio’s open lakehouse to aid enterprise customers with data governance and data security. A data lakehouse is a data architecture that offers both storage and analytics capabilities, in contrast to data lakes, which store data in native format, and data warehouses, which store structured data (often in SQL format). The native integration between Privacera and Dremio, which comes…

Read More
31 Jan

Trulioo launches end-to-end identity platform

Data Breaches, Malware, Social Engineering

Identity verification firm Trulioo on Tuesday launched a new global identity platform for “person” and “business” verification. Trulioo so far sold multiple identity products, each operating in their own silos. Their products and services range from person and business verification, to no-code workflow building, low-code integrations, and anti-fraud measures. The new platform combines all these solutions into a single contract for clients who can use the platform to access information matching, identity document verification, proof of…

Read More
31 Jan

Why do hackers target cryptocurrencies?

Attacks, Data Breaches

Cyber Security Hub explores why and how hackers are targeting cryptocurrency investors. With more than 420 million cryptocurrency users, more than 12,000 cryptocurrencies worldwide and an estimated value of US$2.2bn by 2026, the digital currency marketplace is growing rapidly. This rapid growth, however, has made it a target for cyber attackers looking to defraud victims.  Here, Cyber Security Hub explores the threat vectors used and vulnerabilities exploited by hackers specific to cryptocurrency-based cyber crime. Why…

Read More
31 Jan

Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges

Data Breaches, Malware, Social Engineering

Researchers from cybersecurity firm Proofpoint claim to have discovered a new threat campaign involving malicious third-party OAuth apps that are used to infiltrate organizations’ cloud environments. According to a blog on the company’s website, threat actors satisfied Microsoft’s requirements for third-party OAuth apps by abusing the Microsoft “verified publisher” status, employing brand abuse, app impersonation and other social engineering tactics to lure users into authorizing malicious apps. The potential impacts of the campaign, which Proofpoint…

Read More
31 Jan

New UN cybercrime convention has a long way to go in a tight timeframe

Data Breaches, Malware, Social Engineering

Cybercrime is a growing scourge that transcends borders, spreading across the boundaries of virtually all the world’s nearly 200 nation-states. From ransomware attacks to rampant cryptocurrency theft, criminal exploitation of borderless digital systems threatens global economic security and the political welfare of all countries. Now, the United Nations has a major initiative to develop a new and more inclusive approach to addressing cybercrime. This revised global approach could spark new laws worldwide to battle cybercrime…

Read More
30 Jan

Sandworm Targets Ukraine’s National News Agency

Attacks, Malware

Wiper malware can be a very destructive tool for threat actors when targeting a specific group or business. Although difficult to defend against, there are ways to make organizations less susceptible to these types of attacks. Some of these methods include: • Making sure malware protection and AV is up to date• Regularly creating secure offline backups• Train employees on how to spot phishing attempts and other forms of attacks• Install updates/patch operating systems, software,…

Read More
30 Jan

New Golang-Based Malware Dubbed Titan Stealer

Attacks, Malware

“One of the primary reasons [threat actors] may be using Golang for their information stealer malware is because it allows them to easily create cross-platform malware that can run on multiple operating systems, such as Windows, Linux, and macOS. Additionally, the Go compiled binary files are small in size, making them more difficult to detect by security software,” reads Cyble’s technical analysis. The finding comes a little more than two months after SEKOIA announced Aurora…

Read More
30 Jan

Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability

Information, News

A researcher has disclosed the details of a two-factor authentication (2FA) vulnerability that earned him a $27,000 bug bounty from Facebook parent company Meta.  Gtm Manoz of Nepal discovered in September 2022 that a system designed by Meta for confirming a phone number and email address did not have any rate-limiting protection. A fix was rolled out by Meta in October 2022 and the company highlighted Manoz’s findings in its annual bug bounty program report.…

Read More
30 Jan

Economic headwinds could deepen the cybersecurity skills shortage

Data Breaches, Malware, Social Engineering

According to the most recent research report from ESG and the Information System Security Association International (ISSA), 57% of organizations claim that they’ve been impacted by the global cybersecurity skills shortage, while 44% of organizations believe the skills shortage has gotten worse over the past few years. The result? Increasing workloads on existing cybersecurity staff, job requisitions open for weeks or months, and high burnout rates and attrition for cybersecurity professionals. (ESG and ISSA will update…

Read More