CyberSecurity Updates

17 Oct

Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)

Information

Video, Kids Online “Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online and even be the start of a predatory relationship 16 Oct 2024 “Hey, wanna chat?” What sounds like a casual and innocent phrase between adults can take a sinister turn when it comes from an adult to a child online – and even be the start of a predatory relationship.…

Read More
16 Oct

CISA and FBI Release Joint Guidance on Product Security Bad Practices for Public Comment

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released joint guidance on Product Security Bad Practices, a part of CISA’s Secure by Design initiative. This joint guidance supplies an overview of exceptionally risky product security bad practices for software manufacturers who produce software in support of critical infrastructure or national critical functions.  The bad practices presented in this guidance are organized into three categories: product properties, security features,…

Read More
16 Oct

CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force

Attacks, Insights, Malware

Today, CISA—with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and international partners—released joint Cybersecurity Advisory Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical Infrastructure. This advisory provides known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by Iranian actors to impact organizations across multiple critical infrastructure sectors. Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain…

Read More
16 Oct

Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships

Information

In a day and age where everything is digital, a data breach or cyberattack can cost any organization dearly, affecting it financially, operationally, legally and reputationally – to the point of possibly jeopardizing its very existence. What’s more, successful attacks on providers of critical services such as healthcare and energy supplies can cause large-scale disruptions, putting people’s lives at risk and leading to widespread chaos. Worryingly, the global demand for security professionals continues to outpace…

Read More
15 Oct

Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

Attacks, Insights, Malware

Today, CISA published the Framing Software Component Transparency, created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to advance and refine SBOM and ultimately promote adoption. This resource serves as the detailed foundation of SBOM, defining SBOM concepts and related terms and offering an updated baseline of how software components are to be represented. This…

Read More
13 Oct

GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe

Information

Video ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities 11 Oct 2024 This week, ESET researchers published the results of their probe into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities, including those based in Europe. The toolsets were deployed by a little-known APT group called GoldenJackal and allowed it…

Read More
12 Oct

Telekopye transitions to targeting tourists via hotel booking scam

Information

The growing popularity of online marketplaces has attracted fraudsters preying on unsuspecting buyers and sellers, looking to score payment card information rather than to strike a bargain. ESET researchers have found that one such organized scammer network – which uses Telekopye, a toolkit discovered by ESET Research in 2023 – has expanded its operations to target users of popular accommodation booking platforms. Last year, we published a two-part blogpost series on Telekopye, a Telegram-based toolkit…

Read More
10 Oct

Best Practices to Configure BIG-IP LTM Systems to Encrypt HTTP Persistence Cookies

Attacks, Insights, Malware

CISA has observed cyber threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to enumerate other non-internet facing devices on the network. F5 BIG-IP is a suite of hardware and software solutions designed to manage and secure network traffic. A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network.…

Read More
10 Oct

Cyber insurance, human risk, and the potential for cyber-ratings

Information

Business Security Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility? Tony Anscombe 08 Oct 2024  •  , 5 min. read It’s undeniable that cyber insurance and cybersecurity are intrinsically linked. One requires the other, and they are a perfect pairing, even if they may deny the relationship. Looking ahead, however, we probably need to add a third party into the relationship: the business. Now…

Read More
09 Oct

Lamborghini Carjackers Lured by $243M Cyberheist

Information, Insights

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom. Image: ABC7NY.  youtube.com/watch?v=xoiaGzwrunY Late in the afternoon of Aug. 25, 2024 in…

Read More