CyberSecurity Updates

02 Oct

Why system resilience should mainly be the job of the OS, not just third-party applications

Information

Business Security Building efficient recovery options will drive ecosystem resilience Tony Anscombe 01 Oct 2024  •  , 4 min. read Last week, a US congressional hearing regarding the CrowdStrike incident in July saw one of the company’s executives answer questions from policy makers. One point that caught my interest during the ensuing debate was the suggestion that future incidents of this magnitude could be avoided by some form of automated system recovery. Without getting into…

Read More
01 Oct

ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations

Attacks, Insights, Malware

Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)—in partnership with CISA, U.S. government and international partners—released the guide Principles of Operational Technology Cybersecurity. This guidance provides critical information on how to create and maintain a safe, secure operational technology (OT) environment. The six principles outlined in this guide are intended to aid organizations in identifying how business decisions may adversely impact the cybersecurity of OT and the specific risks associated with those…

Read More
01 Oct

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024

Insights

This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month, called ‘Staff Stories Spotlight.’ Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity.  Credit: NIST This year’s Cybersecurity Awareness Month theme is ‘Secure our World.’ How does this theme resonate with you,…

Read More
30 Sep

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Information, Insights

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, a new indictment charges. KrebsOnSecurity has learned that many of the man’s alleged targets were members of UGNazi, a hacker group behind multiple high-profile breaches and cyberattacks back in 2012. A photo released by…

Read More
30 Sep

CISA’s VDP Platform 2023 Annual Report Showcases Success

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its Vulnerability Disclosure Policy (VDP) Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout 2023, CISA focused on advocating for the increased agency adoption of the VDP Platform, supporting federal civilian executive branch (FCEB) agencies in identifying vulnerabilities in their systems, and engaging the public security researcher community. Public security researchers play a vital role in securing our…

Read More
28 Sep

Gamaredon’s operations under the microscope – Week in security with Tony Anscombe

Information

Video ESET research examines the group’s malicious wares as used to spy on targets in Ukraine in the past two years 27 Sep 2024 This week, ESET researchers published an extensive analysis of the tools and techniques of Gamaredon, a Russia-aligned threat actor that is currently the most active APT group in Ukraine. Their research examines the group’s malicious wares as used to conduct its cyberespionage activities in 2022 and 2023 and answers questions such…

Read More
27 Sep

Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023

Information

ESET Research ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine Zoltán Rusnák 26 Sep 2024  •  , 5 min. read The war in Ukraine, which started in February 2014 and intensified with Russia’s invasion of the country on February 24th, 2022, exemplifies a multifaceted war, rife with disinformation campaigns and cyberwarfare. Throughout these years, ESET Research has revealed several high-profile cyberattacks conducted by…

Read More
26 Sep

Time to engage: How parents can help keep their children safe on Snapchat

Information

Kids Online Here’s what parents should know about Snapchat and why you should take some time to ensure your children can stay safe when using the app Phil Muncaster 24 Sep 2024  •  , 5 min. read Snapchat may only be the 10th most popular social media platform in the world, but it estimates monthly active users at over 750 million. The platform is all the rage particularly among children and teens, and its features…

Read More
26 Sep

Don’t panic and other tips for staying safe from scareware

Information

Digital Security Keep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tactics Phil Muncaster 25 Sep 2024  •  , 5 min. read We live in fast-paced and often worrying times, and fraudsters are primed to take advantage. Fear can be a powerful weapon and scammers know how to instill it in people and coerce them into taking specific and hasty actions. In cyberspace, one common way…

Read More
26 Sep

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Information, Insights

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon, whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks. A 2016 screen shot of the Joker’s Stash…

Read More