CyberSecurity Updates

22 Jun

The long-tail costs of a data breach – Week in security with Tony Anscombe

Information

Video Understanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidents 21 Jun 2024 A successful cyberattack can affect an organization in many ways, but the way the organization handles the incident extends far beyond the immediate aftermath. Indeed, the long-term impact can significantly add to the financial burden and may involve regulatory fines years after the breach occurred. This has…

Read More
21 Jun

My health information has been stolen. Now what?

Information

Digital Security As health data continues to be a prized target for hackers, here’s how to minimize the fallout from a breach impacting your own health records Phil Muncaster 20 Jun 2024  •  , 5 min. read Digital transformation is helping healthcare providers across the globe to become more cost-efficient, while improving standards of patient care. But digitizing healthcare records also comes with some major cyber risks. Once your data is stored on IT systems…

Read More
20 Jun

KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO

Information, Insights

On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted. Meanwhile, their attorney has admitted that the person Radaris named as the CEO from…

Read More
20 Jun

Hacktivism is evolving – and that could be bad news for organizations everywhere

Information

Business Security, Critical Infrastructure Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat Phil Muncaster 19 Jun 2024  •  , 5 min. read Hacktivism surged back into mainstream consciousness with Russia’s invasion of Ukraine in February 2022. Less than two years later, politically-motivated groups and individuals were out in force again, this time ostensibly to make their point amid the Israel-Hamas conflict. Worryingly,…

Read More
20 Jun

CISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs)

Attacks, Insights, Malware

Today, CISA released Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities, a detailed report exploring challenges to SSO adoption by small and medium-sized businesses (SMBs). The report also identifies potential ways to overcome these challenges and improve an SMB’s level of security.  CISA also released a related blog post, Why SMBs Don’t Deploy Single Sign-On (SSO), urging software manufacturers to consider how their business practices may inadvertently reduce…

Read More
18 Jun

CISA and Partners Release Guidance for Modern Approaches to Network Access Security

Attacks, Insights, Malware

Today, CISA, in partnership with the Federal Bureau of Investigation (FBI), released guidance, Modern Approaches to Network Access Security, along with the following organizations:  New Zealand’s Government Communications Security Bureau (GCSB);  New Zealand’s Computer Emergency Response Team (CERT-NZ); and  The Canadian Centre for Cyber Security (CCCS). The guidance urges business owners of all sizes to move toward more robust security solutions—such as Zero Trust, Secure Service Edge (SSE), and Secure Access Service Edge (SASE)—that provide…

Read More
18 Jun

Preventative defense tactics in the real world

Information

Business Security Don’t get hacked in the first place – it costs far less than dealing with the aftermath of a successful attack Cameron Camp 17 Jun 2024  •  , 3 min. read We watch real life attacks in horror, where companies simply try to defend against attackers stomping on their networks in real time, blunting the damage and scouring for backups in a bid to avoid the crippling cost of ransom payments. It’s a…

Read More
15 Jun

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Data Breaches, Information, Insights

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today reports the suspect was wanted by the FBI and arrested in Palma de Mallorca as he tried to board a flight to Italy. A still frame from a video released…

Read More
15 Jun

ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024

Information

ESET Research The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023 ESET Research 14 Jun 2024  •  , 2 min. read In this episode of the ESET Research Podcast, we dissect the most interesting findings of the Q4 2023–Q1 2024 ESET APT Activity Report, uncovering the activity of multiple advanced persistent threat (APT) groups around…

Read More
15 Jun

How Arid Viper spies on Android users in the Middle East – Week in security with Tony Anscombe

Information

Video The spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry app 14 Jun 2024 This week, ESET researchers released their findings about five campaigns that used trojanized apps to target Android users in Egypt and Palestine. Initiated in 2022, the campaigns were likely orchestrated by the Arid Viper APT group, with three of them remaining active to this day.…

Read More