CyberSecurity Updates

16 Mar

Threat intelligence explained | Unlocked 403: A cybersecurity podcast

Information

Video We break down the fundamentals of threat intelligence and its role in anticipating and countering emerging threats Alžbeta Kovaľová 14 Mar 2024 The threat landscape is becoming ever more complex and perilous by the day. Adversaries, ranging from state-aligned advanced persistent threats (APTs) to opportunistic cybercriminals, are well-funded, adaptable and relentless, targeting various chinks in organizations’ cyber armors and often catching organizations off guard. Against this backdrop, cyber treat intelligence is becoming increasingly more…

Read More
14 Mar

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

Information, Insights

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years. Onerep’s “Protect” service starts at $8.33 per month for individuals and $15/mo for families, and promises to remove your personal information…

Read More
14 Mar

How to share sensitive files securely online

Information

How To Here are a few tips for secure file transfers and what else to consider when sharing sensitive documents so that your data remains safe Phil Muncaster 13 Mar 2024  •  , 4 min. read Our lives are increasingly lived in the digital world. And while this comes with a host of benefits, it also exposes us to the threat of data theft. Whether it’s sensitive personal, medical or financial information, anything the bad…

Read More
14 Mar

Cisco Releases Security Updates for IOS XR Software

Attacks, Insights, Malware

Cisco released security updates to address vulnerabilities in Cisco IOS XR software. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device.  CISA encourages users and administrators to review the following advisories and apply the necessary updates:  Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability  Cisco IOS XR Software SSH Privilege Escalation Vulnerability Cisco IOS XR Software Layer 2 Services…

Read More
13 Mar

Election cybersecurity: Protecting the ballot box and building trust in election integrity

Information

Critical Infrastructure What cyberthreats could wreak havoc on elections this year and how worried should we as voters be about the integrity of our voting systems? Phil Muncaster 12 Mar 2024  •  , 4 min. read This year, billions of people will go to the polls to decide their next political leaders. From India to the US, the outcomes of these and other elections could shape geopolitics for the coming years. With so much at…

Read More
12 Mar

Patch Tuesday, March 2024 Edition

Information, Insights

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest updates for iOS fixes two zero-day flaws. Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being…

Read More
12 Mar

CISA Publishes SCuBA Hybrid Identity Solutions Guidance

Attacks, Insights, Malware

CISA has published Secure Cloud Business Applications (SCuBA) Hybrid Identity Solutions Guidance (HISG) to help users better understand identity management capabilities and securely integrate their traditional on-premises enterprise networks with cloud-based solutions. This initial publication reflects feedback gathered during its 2023 draft public comment period. CISA encourages users to review and implement this solutions guidance as appropriate for their individual organizations. HISG is the latest resource released by CISA’s SCuBA project. In accordance with Executive Order…

Read More
11 Mar

Incognito Darknet Market Mass-Extorts Buyers, Sellers

Information, Insights

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.…

Read More
10 Mar

APT attacks taking aim at Tibetans – Week in security with Tony Anscombe

Information

Video Evasive Panda has been spotted targeting Tibetans in several countries and territories with payloads that included a previously undocumented backdoor ESET has named Nightdoor 08 Mar 2024 This week, ESET researchers released their analysis of how an Advanced Persistent Threat (APT) group targeted Tibetans via watering hole and supply-chain attacks. The cyberespionage campaign – which ESET attributed with high confidence to the China-aligned Evasive Panda group – leveraged a religious gathering known as the…

Read More
09 Mar

Evasive Panda leverages Monlam Festival to target Tibetans

Information

ESET researchers discovered a cyberespionage campaign that, since at least September 2023, has been victimizing Tibetans through a targeted watering hole (also known as a strategic web compromise), and a supply-chain compromise to deliver trojanized installers of Tibetan language translation software. The attackers aimed to deploy malicious downloaders for Windows and macOS to compromise website visitors with MgBot and a backdoor that, to the best of our knowledge, has not been publicly documented yet; we…

Read More