Under Pressure to Secure Your Enterprise? Predict More to Prevent More

In addition to the expansion of the attack surface due to the shift to remote work, cyber-criminals evolved their attacks to feed on people’s fears around the pandemic. DNS traffic analysis by Cisco Umbrella revealed some startling findings for the first nine months of 2020.


 

Bad Apple: App Store Rife with Fraud, Fleeceware

 

It is estimated that an organization will fall victim to ransomware every 14 seconds in 2021. The last quarter of 2020 witnessed a 50 percent increase in DDoS attacks, and cryptojacking is an unseen threat that is rapidly evolving in real-time.


 

4 Ways For Employees To Distinguish Phishing Attacks

Many movies and other media may have a bit of a warped idea of what hackers do, exactly. But one show that got it right is Mr. Robot, which shows that a company’s weakest spot is usually its people. The “human factor” they call it.


 

Vulnerability Spotlight: Code execution vulnerability in Google Web Audio API
 

Cisco Talos recently discovered two use-after-free vulnerabilities in Google’s Web Audio API that an adversary could exploit to execute remote code on the victim machine. Web Audio API is a high-level JavaScript API for processing and synthesizing audio in web applications. These vulnerabilities specifically exist in the Google Chrome web browser’s instance of this API.


 

$7 Million Digital Advertising Scam: Russian Man Convicted
 

Self-Professed 'King of Fraud' Aleksandr Zhukov Ran Ads on Fake Sites

Cybersecurity startup Exabeam raises $200 mln, valued at $2.4 bln


 

Exabeam, a Silicon Valley startup that helps companies automate the analysis and monitoring of their cybersecurity data, on Tuesday said it raised $200 million in its latest round of funding which valued the company at $2.4 billion.
 

8 secrets of successful AI projects
 

Artificial intelligence holds great business promise, but it takes more than a working model to create scalable, transformative change

5 tips for leading IT through crisis

 

IT leaders from Signet Jewelers, Workday, Turtle & Hughes, and One Call share lessons learned for effective leadership during the COVID-19 pandemic.

Best browser for privacy 2021: Secure your web

 

Browsing If you’re like most people, you’re probably using Google Chrome as your default browser. It’s hard to fault Google’s record on security and patching but privacy is another matter for the online ad giant.
 

Various ways to overcome cybersecurity threats in digital marketing

 

Cyberattacks are always expensive to handle, and no one can predict cybersecurity threats accurately.

Adding Data Security in the Age of Ransomware Attacks

News of ransomware attacks has become all too common in this modern age of cyberattacks. Some say it’s not a question of if you’ll be hit by a ransomware attack, but when.

‘Privateer’ Threat Actors Emerge from Cybercrime Swamp

Privateers’ aren’t necessarily state-sponsored, but they have some form of government protection while promoting their own financially-motivated criminal agenda, according to Cisco Talos.
 

Cisco Plans to Acquire Kenna Security, Boost Security Offerings
 

Cisco Systems (CSCO) plans to acquire privately-held California-based Kenna Security in a bid to enhance its security offerings. The technology company develops and sells networking hardware, software, telecommunications equipment, and other high-technology services and products.
 

Payment App Scammers: Stay Aware And Learn To Avoid Them
 

As technology rises, fewer people are carrying cash and are opting instead for debit cards, credit cards, and smartphone payment apps. While it is convenient and becoming more popular to use virtual wallets like Venmo, PayPal, and Cash App, there is a risk of potentially being scammed by someone who doesn’t appear to be who they say they are.
 

Scammers Impersonating Windows Defender to Push Malicious Windows Apps

Browser push notifications can highly resemble Windows system notifications.  As recently discussed, scammers are abusing push notifications to trick users into taking action.  This recent example demonstrates the social engineering tactics used to trick users into installing a fake Windows Defender update.  A toaster popup in the tray informs the user of a Windows Defender Update.

11 dark secrets of multicloud

In many situations, multicloud architectures make the most sense.But playing the field, baking in agility, and avoiding lock-in can expose your enterprise to hidden costs and issues.

Global cybersecurity market is poised to reach nearly $420 billion by 2028

Enterprises of all sizes and industries face a dilemma. How do they justify an increased need for cybersecurity spending in the face of historic business disruption and revenue losses?

 

Ransomware is now a national security risk. This group thinks it knows how to defeat it
 

Recommendations ranging from additional support for victims to regulating Bitcoin to prevent it being used to extort payment aim to help protect society as a whole from being plagued by ransomware attacks.

Scammers imitate Windows logo with HTML tables to slip through email gateways
 

A recently discovered phishing scam that convincingly impersonates the Microsoft Windows logo with an HTML table serves as a new reminder of how social engineers can abuse various elements in emails to fool both human recipients and certain security solutions.
 

A Ransomware Gang is Now Shorting Stock Price of its Victims

Darkside ransomware operators have changed their extortion tactics and are now targeting organizations listed on NASDAQ or other stock markets. They believe that the negative impact of having a traded organization’s name listed on their website would cause its stock price to fall, and the attackers are trying to make a profit out of this.

Továbbra is célkeresztben a banki adataink

Nem a Fedex nevével visszaélő SMS csalás az egyetlen, amely a felhasználók banki adatainak ellopására pályázik. Igaz, az ilyen visszaélések döntő többsége külföldön, zömmel angol nyelvterületen zajlik, de immár egyre többször fordul elő nálunk Magyarországon is.
 

COVID-19, WFH prompts spike in cyberattacks against banks, insurers

Research suggests “open and insecure gaps” are being exploited in financial organizations’ networks.
 

Az egyik COVID-19, a másik egy híján 20

Az oltóanyagok létfontosságú lépést jelentenek a világ koronavírus-járvány elleni küzdelmében, ugyanakkor mindez visszaélésekre is lehetőséget ad a csalók és álhírterjesztők számára. Emiatt most éppen a Bitcoinnal fizethető hamis koronavírus-oltásokra épülő csalásra figyelmeztetnek a nemzetközi hatóságok. A cikk összefoglalja a leggyakoribb, vakcinával kapcsolatos tipikus átveréseket, amelyekkel megpróbálnak hozzáférni a személyes adatainkhoz vagy a pénztárcánkhoz.

Experts demonstrated how to hack a utility and take over a smart meter

Over the years, the number of attacks against ICS/SCADA systems used by industrial organizations worldwide has rapidly increased. Many security firms highlighted the risks related to attacks targeting OT networks used in utilities


 

11 Resources to Help You Get Started in the Cybersecurity Industry

The cybersecurity industry is hiring. In November 2018, The New York Times reported that a total of 3.5 million cybersecurity jobs would be available but go unfilled by 2021. This employment gap increased in the year that followed. (ISC)2 estimated at the end of 2019 that it would take 4.07 million trained professionals to fill all available cybersecurity positions—a 62% increase of the global cybersecurity workforce. Things improved in 2020 when (ISC)2 learned that 700,000 professionals had joined the industry. Even so, 3.12 million cybersecurity positions remained open at the end of last year.

 

A hacker claims to be selling sensitive data from OTP generating firm

A hacker appears to be selling sensitive data they claim to have stolen from an OTP-generating company. This particular company has some of the most popular tech and business giants on its list of customers including Google, Facebook, Amazon, Emirates, Apple, Microsoft, Signal, Telegram, and Twitter accounts, etc.

India seeks US help as China-backed hacks threaten military

We have to seriously look at catching up with China on technology. We may not be able to fully catch up with China therefore we are trying to develop a relationship with Western nations to see how best we can get support from them during peace time, at least, to overcome these deficiencies,” General Bipin Rawat said.
 

Cisco invests in Securiti to help customers address multicloud and edge security
 

Securiti announced participation from Cisco Investments in its latest round of funding. The company plans to work with Cisco and help their customers solve the challenge of multicloud and edge security, privacy and compliance.

Criminals spread malware using website contact forms with Google URLs

Microsoft is warning businesses to beware of cyber criminals using company website contact forms to deliver the IcedID info-stealing banking trojan in email with Google URLs to employees

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
 

The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade.

Cybersecurity guide for the hospitality industry

A practical cybersecurity guide from the National Institute of Standards and Technology (NIST) can help hotel owners reduce the risks to a highly vulnerable and attractive target for hackers: the hotel property management system (PMS), which stores guests’ personal information and credit card data.
 

With more than 400,000 crypto scams created in 2020, increase of 75% predicted for 2021
 

The findings of a Bolster report, along with real life examples, clearly correlate the rise in crypto scams to the value and popularity of cryptocurrencies as well as the increase in individuals seeking financial assistance during the COVID-19 pandemic.

Smart buildings: is BACnet a secure protocol?

 

If you don’t already work in a “smart building,” chances are that you will soon. By 2025, more than 75% of new construction will fit this category—and that’s not counting existing buildings.

Coca-Cola trade secret theft underscores importance of insider threat early detection

 

A research engineer used basic exfiltration techniques to steal trade secrets from Coca-Cola, but wasn't caught until she attempted to steal similar data from another company.
 

With more than 400,000 crypto scams created in 2020, increase of 75% predicted for 2021
 

The findings of a Bolster report, along with real life examples, clearly correlate the rise in crypto scams to the value and popularity of cryptocurrencies as well as the increase in individuals seeking financial assistance during the COVID-19 pandemic.

A Successful Security Platform Requires the Strongest Partner Ecosystem

What’s in a name? When it comes to the term ‘security platform,’ quite a lot, going by its overuse in the industry. This moniker is increasingly being deployed in the marketplace to describe varying types of solutions.
 

Email Verifiers and Data Breaches. What You Need to Know.

As hackers find ways to unlock your phone with your face while you sleep or using a photo from social media to do the same, researchers have developed a way to strengthen security by adding facial features such as smiles and winks to the mix.

After oil giant Shell hit by Clop ransomware gang, workers' visas dumped online as part of extortion attempt

A hackers find ways to unlock your phone with your face while you sleep or using a photo from social media to do the same, researchers have developed a way to strengthen security by adding facial features such as smiles and winks to the mix.

Smiles, winks in face recognition could increase phone security

As hackers find ways to unlock your phone with your face while you sleep or using a photo from social media to do the same, researchers have developed a way to strengthen security by adding facial features such as smiles and winks to the mix.

RDP Attacks Persist Near Record Levels in 2021

A wave of attacks targeting Remote Desktop Protocol has continued throughout the pandemic as more employees continue to work from home.
 

Cisco SD-WAN Cloud Hub with Google Cloud Delivers Enterprise Connectivity Over Global Cloud Network

Multicloud deployment is here to stay! According to Gartner, “the average enterprise now connects to more than 20 public cloud services, and these public cloud services frequently support performance-sensitive and business-critical applications like ERP and unified communications

Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies

In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed Operation Diànxùn.

Manufacturers, it’s time to reboot network security

Even before the drastic changes we saw as a result of 2020, manufacturers were under pressure to improve operational efficiency through digital transformation.
 

Half of Orgs Concerned Remote Working Puts Them at Greater Risk of Cyber-Attacks

Half of organizations are concerned that the shift to remote work is putting them a greater risk of cyber-attacks, according to a new study by LogMeIn in collaboration with IDG.

Half of Orgs Concerned Remote Working Puts Them at Greater Risk of Cyber-Attacks

Half of organizations are concerned that the shift to remote work is putting them a greater risk of cyber-attacks, according to a new study by LogMeIn in collaboration with IDG.

Scientists have built this ultrafast laser-powered random number generator

Using a single laser, scientists have built a new system that generates random numbers fast and at scale.

Warning: Google Alerts abused to push fake Adobe Flash updater

Threat actors are using Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on unsuspecting users' computers.

Stolen Employee Credentials Put Leading Gaming Companies at Risk of Severe Cyber Attacks

Israeli-based cybersecurity firm Kela says more than 500,000 leaked credentials belonging to more than two dozen leading gaming companies were on sale on the dark web. 

Spam and phishing in 2020

Phishing and spam-based cyberattacks were prominent during 2020, with an added factor of the COVID-19 pandemic.
 

Cred-stealing trojan harvests logins from Chromium browsers, Outlook and more, warns Cisco Talos
 

Masslogger evolution rears its ugly head, $30 gets you three month license to cause carnage

How to Avoid Phishing Emails and Scams
 

It's a bigger threat than ever, but don’t worry. There are plenty of ways to defend yourself.

Phishers tricking users via fake LinkedIn Private Shared Document
 

Phishers are trying to trick users into opening a “LinkedIn Private Shared Document” and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns.

 

Modern románc, holdfény és tánc
 

A tavalyi esztendőben a társkereséssel kapcsolatos csalások száma jelentős növekedést mutatott.

 

New research reveals who’s targeted by email attacks

 

Every day, we stop more than 100 million harmful emails from reaching Gmail users. Last year, during the peak of the pandemic crisis we saw 18 million daily malware and phishing emails related to COVID-19.
 

North Korean attacks on crypto exchanges reportedly netted $316m in two years

 

North Korean attacks on crypto exchanges reportedly netted an estimated $316m in cryptocurrency in 2019 and 2020, according to a report by Japan’s Nikkei.
 

Barcode Scanner app on  infects 10 million users with one update

 

Late last December we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere.
 

Visualize, validate policy and increase remote worker telemetry with Network Analytics Release 7.3.1

We have heard it before. Securing your organization isn’t getting any easier. The remote workforce is expanding the attack surface. We need context from users and endpoints to control proper access, and IT teams need to ensure our data stores are resilient and always available to gain the telemetry they need to reduce risk.

Is your boss spying on you as you work from home? One in five firms admit using secret software
 

 A surge in secret software used to spy on staff working from home during the pandemic has led to calls for new laws to be brought in against unscrupulous bosses.

Miért nem másolja egyszerűen vissza őket?

A Skót Környezetvédelmi Ügynökségtől (SEPA) 4000 dokumentumot loptak el zsarolóvírust terjesztő bűnözők. Itt is a ma már trendnek számító módszer zajlott, miszerint ha a megzsarolt áldozat nem fizet az elkódolt adatok visszaszerzéséért, akkor fizessen azért, hogy az elkövetők ne töltsék fel a lopott fájlokat publikus weboldalakra.

Italy CERT Warns of a New Credential Stealing Android Malware

Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video.

 

Social Media Oversharing Exposes 80% of Office Workers

Over 80% of British and American employees overshare on social media, potentially exposing themselves and their organization to online fraud, phishing and other cyber-threats, according to Tessian.

 

Cisco DNA Center Bug Opens Enterprises to Remote Attack

The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks.

Cybersecurity investments will increase up to 10% in 2021
 

A Canalys forecast predicts cybersecurity investments will increase 10% worldwide in the best-case scenario in 2021. Information security will remain a high priority this year, as the range of threats broadens and new vulnerabilities emerge, while the frequency of attacks is unlikely to subside.

Cryptomining Malware Takes Center Stage Again
 

According to a recent report by Avira, the use of cryptomining malware has increased by 53% quarter-on-quarter in the final three months of 2020. The reason behind this increase could be the soaring value of Bitcoin.

Cisco fixed multiple flaws in Cisco SD-WAN products and Smart Software Manager Satellite Web UI

Cisco fixed multiple flaws in Cisco SD-WAN products that could allow an unauthenticated, remote attacker to execute attacks against its devices.

Scammers Are Sending Fake Job Offers on LinkedIn

 

Fraudsters are impersonating real HR employees in fictitious job offers sent on LinkedIn, in a dubious scheme to get targets to share banking data.

 

Awareness isn’t enough -- it’s time for security leaders to change behaviors

 

Learn what you need to do to move beyond perfunctory awareness and training programs to change behavior and instill a security culture (the ABC of security).

Top Penetration Testing Toolkits Abused by Cybercriminals
 

Malware authors have been widely adopting open source security tools for cybercrime operations. Recently, Recorded Future released a report on the use of malicious C&C infrastructure throughout 2020 by tracking more than 10,000 C&C servers across more than 80 malware strains.
 

Cybersecurity teams are struggling with burnout, but the attacks keep coming
 

Coronavirus has obliged many organisations to force security teams to work remotely - and that's making the job of securing whole businesses against threats much harder.
 

Biometric security technology could see growth in 2021


 

Enterprise use of biometrics for security may see an uptick by organizations looking to defend themselves from attacks, but they must weigh the concerns against the benefits.


 

Microsoft, Google, Cisco, Dell join legal battle against hacking company NSO

 

Tech giants including Microsoft and Google on Monday joined Facebook’s legal battle against hacking company NSO, filing an amicus brief in federal court that warned that the Israeli firm’s tools were “powerful, and dangerous.”

 

Cybercriminals use psychology--cybersecurity pros should, too

 

Most successful cybercrimes leverage known human weaknesses. Isn't it time we stop getting psyched by the bad guys? Here are five steps cybersecurity pros can take now.
 

After Juspay, ClickIndia, ChqBook and WedMeGood have been reportedly hacked — data of over 10 million users up for sale on the dark web

After hacking masked credit and debit card data of crores of Juspay users, the same hacker possibly known as 'ShinyHunters' is now selling databases belonging to three more Indian companies on Dark Web, independent cyber security researcher Rajshekhar Rajaharia claimed on Wednesday.
 

Exfiltrating Data from Air-Gapped Computers via Wi-Fi Signals (Without Wi-Fi Hardware)
 

A security researcher has demonstrated that sensitive data could be exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel—surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems.  

Google Cloud Hires Goldman Sachs Man as First CISO

Google has hired the first security boss for its cloud business in the form of British-born Phil Venables. A 25+ year veteran of the industry with experience in CISO roles in some of the world’s biggest banks, Venables officially joined Google Cloud this month, according to his LinkedIn profile.

How COVID-19 has impacted the security threat landscape

A WatchGuard report reveals how COVID-19 has impacted the security threat landscape, with evidence that attackers continue to target corporate networks despite the shift to remote work, and a rise in pandemic-related malicious domains and phishing campaigns.

Cisco re-patches wormable Jabber RCE flaw

In September 2020, Cisco patched four Jabber vulnerabilities (including one wormable RCE flaw), but as it turns out, three of four have not been sufficiently mitigated.

Cyberattacks on the Rise for Digital Media and Entertainment Organizations

Cybercriminals are continuously attempting new and innovative ways to defeat security measures and controls to pilfer sensitive data.

A Broken Piece of Internet Backbone Might Finally Get Fixed

Efforts to secure the Border Gateway Protocol have picked up critical moments, including a big assist from Google.

IT-biztonság: felkészült munkavállaló, kisebb kockázat

As the Covid pandemic has brought about a sea change in the operations of most companies with work from home becoming the trend over the past 8-10 months, cyber security experts are of the view that several companies still need to be more proactive in terms of strengthening their systems against cyber attacks.

Researchers suggest 25 countries are using a kind of mobile spyware that monitors texts, location

A private surveillance firm that exploits mobile network vulnerabilities to spy on calls, texts and location data is doing business with at least 25 governments around the globe, including some with histories of human rights abuses, concludes a report released Tuesday.
 

Kibertámadások ostroma alatt a vállalati informatika

A koronavírussal érkező krízishelyzetben az üzletmenet folytonossága és a kiberbiztonság is forró téma lett szinte minden iparágban, a sürgető elvárásoknak pedig szinte lehetetlen megfelelni 

CISOs say a distributed workforce has critically increased security concerns

73% of security and IT executives are concerned about new vulnerabilities and risks introduced by the distributed workforce, Skybox Security reveals.

TikTok Awards Nearly $4,000 for Account Takeover Vulnerabilities

Vulnerabilities Could Have Allowed Hackers to Change Passwords of TikTok Accounts
 

How the pandemic has accelerated existing risk trends

COVID-19 has reorganized the risk landscape for chief audit executives (CAEs), as CAEs have listed IT governance as the top risk for 2021, according to Gartner. Analysts said the pandemic is giving rise to new sets of risks while exacerbating long-standing vulnerabilities.
 

Researcher Discloses Critical RCE Flaws In Cisco Security Manager
 

Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager (CSM) the networking equipment maker quietly released patches with version 4.22 of the platform.

Targeted Spear-Phishing on the Rise

The COVID-19-related phishing attempts targeting employees working from home.

Windows 10: Using Cisco's Webex Meetings for remote work? Patch now, warns Cisco

Cisco has fixes for high-severity security flaws in Cisco Webex Meetings for Windows and its recording playback apps.