CyberSecurity Updates

04 Nov

Qualys previews TotalCloud FlexScan for multicloud security management

Data Breaches, Malware, Social Engineering

Vulnerability management vendor Qualys this week announced the trial availability of its TotalCloud with FlexScan offering, an agentless, cloud-native vulnerability detection and response platform designed for use in multicloud and hybrid environments. The software is designed to provide a holistic overview of an organization’s cloud-based workloads and identify known vulnerabilities. The system also scans workloads to check whether they’ve opened network ports, and monitors a host of other factors to offer a detailed picture of…

Read More
04 Nov

As Twitter Brings on $8 Fee, Phishing Emails Target Verified Accounts

Attacks, Malware

Standard phishing defense tactics apply in this situation. Users should always take a close look at the sender’s display name when checking the legitimacy of an email. Most companies use a single domain for their URLs and emails, so a message that originates from a different domain is a red flag. It is also important to check for mismatched URLs. While an embedded URL might seem perfectly valid, hovering above it might show a different…

Read More
04 Nov

BEC Scam Impersonating Top Law Firms

Attacks, Malware

BEC attacks account for a very small percentage of phishing emails that are targeting companies worldwide yet is still a multibillion-dollar issue. Organizations should adapt policies to prevent BEC scams from being executed, including a verification process for all business transactions or money transfers. Because it is so easy for a threat actor to set up a typo-squatted domain, this verification should take place in person or over the phone. Companies can work to prevent…

Read More
04 Nov

Hundreds of U.S. News Sites Push Malware in Supply-Chain Attack

Attacks, Malware

This campaign highlights the ever-growing threat of supply-chain attacks. Typically, when browsing a newspaper website, the end user feels as if the site is reputable and secure. Combining this with a fake update alert from SocGholish, many users may trust this alert and fall victim to the threat actor. This form of phishing, while it can be completed at a much smaller scale, is amplified by the undisclosed media company compromise, as it allows the…

Read More
04 Nov

Geopolitics plays major role in cyberattacks, says EU cybersecurity agency

Data Breaches, Malware, Social Engineering

The ongoing Russia-Ukraine conflict has resulted in an increase in hacktivist activity in the past year, with state-sponsored threat actors targeting 128 governmental organizations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA). In addition, some threat actors targeted Ukrainian and Russian entities during the early days of the conflict, likely for the collection of intelligence, according to the 10th edition of the ENISA threat landscape report. The report—this…

Read More
04 Nov

Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone

Information, News

For many, proactively monitoring ESG risks is not only the right thing to do – it’s the right business strategy. More than ever investors, consumers and partners are using ESG factors to determine who they do business with.  In this session, Mastercard’s Johan Gerber, EVP, Cyber and Security Products, discusses: ● New industry findings on how organizations are navigating this new landscape ● The strategies and tools needed to mitigate ESG risk on a business’s supply chain and…

Read More
04 Nov

A step‑by‑step guide to enjoying LinkedIn safely

Information

LinkedIn privacy settings are just as overwhelming as any other social media settings. There’s a lot of menus, a lot buttons to enable, select, accept or reject. To make sure you have control over your information we bring you a step-by-step guide on how to enjoy LinkedIn safely. Managing our privacy settings is overwhelming. There’s a lot of menus, a lot buttons to enable, select, accept or reject – it certainly gives a sense of…

Read More
04 Nov

Google and Apple release patches for zero‑day flaws – Week in security with Tony Anscombe

Information

Both tech giants rush to release fixes for security vulnerabilities that were being exploited in-the-wild Google and Apple are both release patches for zero-day vulnerabilities that have already been exploited in the wild. ESET cybersecurity expert Tony Anscombe explains what those vulnerabilities are in simpler words, and reiterate the importance of keeping all your apps and devices up-to-date to stay cybersafe. Watch the video to learn more.

Read More
04 Nov

The future starts now: 10 major challenges facing cybersecurity

Information

To mark Antimalware Day, we’ve rounded up some of the most pressing issues for cybersecurity now and in the future Organizations large and small have never been more at risk from cyberattacks, to the point that the litany of evolving and escalating cyberthreats have made cybersecurity a key boardroom-level agenda item. As security is the backbone of a successful digital transformation, getting a grip on it becomes vital. The need to stay ahead of the…

Read More
04 Nov

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

Information, Malware

by Paul Ducklin WE DON’T KNOW HOW BAD WE WERE, BUT PERHAPS THE CROOKS WEREN’T ANY GOOD? Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS…

Read More