CyberSecurity Updates

20 Nov

USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards.  USDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure…

Read More
20 Nov

CISA and Partners Release Update to BianLian Ransomware Cybersecurity Advisory

Attacks, Insights, Malware

Today, CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released updates to #StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures (TTPs) and indicators of compromise attributed to data extortion group, BianLian. The advisory, originally published May 2023, has been updated with additional TTPs obtained through FBI and ASD’s ACSC investigations and industry threat intelligence as of June 2024. BianLian is likely based in…

Read More
20 Nov

2024 CWE Top 25 Most Dangerous Software Weaknesses

Attacks, Insights, Malware

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services. Organizations are strongly encouraged to review this list and use it to inform their software security strategies. Prioritizing these weaknesses…

Read More
19 Nov

Fintech Giant Finastra Investigating Data Breach

Data Breaches, Information, Insights

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. London-based Finastra has offices in 42 countries and reported $1.9 billion in revenues last year. The company…

Read More
18 Nov

Unlocking Cybersecurity Talent: The Power of Apprenticeships

Insights

Cybersecurity is a fast-growing field, with a constant need for skilled professionals. But unlike other professions — like medicine or aviation — there’s no clear-cut pathway to qualifying for cybersecurity positions. For employers and job seekers alike, this can make the journey to building a team (or entering a successful cybersecurity career) feel uncertain. Enter the registered apprenticeship program — a proven method for developing skilled talent in cybersecurity that benefits both the employer and…

Read More
15 Nov

ESET APT Activity Report Q2 2024–Q3 2024: Key findings

Information

Video ESET Chief Security Evangelist Tony Anscombe highlights some of the most intriguing insights revealed in the latest ESET APT Activity Report 14 Nov 2024 What were some of the world’s most notorious advanced persistent threat (APT) groups up to from April to September 2024? Who did they target, and how did their tactics evolve compared to earlier campaigns? ESET researchers recently released a new issue of their APT Activity Report that answers exactly these…

Read More
14 Nov

An Interview With the Target & Home Depot Hacker

Data Breaches, Information, Insights

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes. Mikhail “Mike” Shefel’s former Facebook profile. Shefel has since…

Read More
14 Nov

ESET Research Podcast: Gamaredon

Information

ESET Research ESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocation ESET Research 13 Nov 2024  •  , 1 min. read When describing state-backed threat actors, one would probably expect a super sophisticated, stealthy group capable of avoiding all alarms and defenses with surgical precision. With Gamaredon, most of that goes out the window as this…

Read More
13 Nov

Beyond the checkbox: Demystifying cybersecurity compliance

Information

What is the most common pain point facing businesses these days? Is it supply chain fragility? Fierce competition? Tight cashflows? Or is it the rising and relentless tide of cyberattacks? Evidence and analysts suggest it’s often the latter. As cyberthreats show no signs of slowing down, both small and large organizations increasingly recognize that cybersecurity is no longer optional. What’s more, governments and regulatory agencies have also caught onto its importance, especially when it concerns…

Read More
13 Nov

Beats by bot: The AI remix revolution

Information

We Live Progress Artificial intelligence is reshaping the music landscape, turning listeners into creators and sparking new debates over creativity, copyright, and the future of sound Imogen Byers 12 Nov 2024  •  , 4 min. read Artificial Intelligence (AI) and Machine Learning (ML) algorithms have the power to write and send messages responding to your online retail queries, suggest what films you might like based on your watching history, summarize a 100-page report in two…

Read More