Cybersecurity News


How Does One Get Hired by a Top Cybercrime Gang?

The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot, a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how did a self-employed web site designer and mother of two come to work for one of the world’s most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her involvement with the gang? This post explores answers to those questions, as well as some of the ways Trickbot and other organized cybercrime gangs gradually recruit, groom and trust new programmers.
15 June 2021

Insider Risks In the Work-From-Home World

Insider Risks In the Work-From-Home World Forcepoint’s Michael Crouse talks about risk-adaptive data-protection approaches and how to develop a behavior-based approach to insider threats and risk, particularly with pandemic-expanded network perimeters.
15 June 2021

SASE & Zero Trust: The Dream Team

SASE & Zero Trust: The Dream Team Forcepoint’s Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust real.
15 June 2021

How Does the Government Buy Its Cybersecurity?

The federal government is emphasizing cybersecurity regulation, education, and defense strategies this year.
15 June 2021

Critical remote code execution flaw in thousands of VMWare vCenter servers remains unpatched

Close to a month on, internet-facing servers remain vulnerable to attack.
15 June 2021

Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data

Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoft’s business networking platform to forbid the company from harvesting public info from user profiles.
15 June 2021

Apple Hurries Patches for Safari Bugs Under Active Attack

Apple Hurries Patches for Safari Bugs Under Active Attack Apple patched two bugs impacting its Safari browser WebKit engine that it said are actively being exploited.
15 June 2021

Pandemic prompts digital ‘boom’ in account creation - as well as password fatigue

Lockdown forced many of us online and this hasn't helped our security postures.
15 June 2021

VPN Attacks Surged in First Quarter

But volume of malware, botnet, and other exploit activity declined because of the Emotet botnet takedown.
14 June 2021

Cyber Analytics Database Exposed 5 Billion Records Online

In an ironic twist, Cognyte's data alerts customers to third-party data exposures.
14 June 2021

Utilities ‘Concerningly’ at Risk from Active Exploits

Utilities ‘Concerningly’ at Risk from Active Exploits Utilities’ vulnerability to application exploits goes from bad to worse in just weeks.  
14 June 2021

Microsoft Teams: Very Bad Tabs Could Have Led to BEC

Microsoft Teams: Very Bad Tabs Could Have Led to BEC Attackers could have used the bug to get read/write privileges for a victim user’s email, Teams chats, OneDrive, Sharepoint and loads of other services.
14 June 2021

Google Workspace Adds Client-Side Encryption

Users given control over encryption keys, Google says.
14 June 2021

New Top 20 Secure-Coding List Positions PLCs as Plant 'Bodyguards'

New Top 20 Secure-Coding List Positions PLCs as Plant 'Bodyguards' Best practices guide encompasses integrity, hardening, resilience, and monitoring of PLCs in industrial networks.
14 June 2021

Moobot Milks Tenda Router Bugs for Propagation

Moobot Milks Tenda Router Bugs for Propagation An analysis of the campaign revealed Cyberium, an active Mirai-variant malware hosting site.
14 June 2021

Volkswagen Vendor Exposed Data of 3.3m Drivers

Volkswagen Vendor Exposed Data of 3.3m Drivers Nearly all of the leaked data was for owners or wannabe owners of the automaker’s luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.
14 June 2021

Know Thy Enemy: Fighting Half-Blind Against Ransomware Won't Work

We lack reliable, representative, actionable data about ransomware's actual scope, scale, and impact. The Ransom Incident Response Network could change that.
14 June 2021

Name That Toon: Sight Unseen

Name That Toon: Sight Unseen Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
14 June 2021

Colonial Pipeline Cyberattack Proves a Single Password Isn't Enough

Since the attack, it's been revealed that it was down to a single password. Yes, ransomware needs to be on your radar -- but a focus on credentials is vital.
14 June 2021

Dentist charged by SEC for digital token project fraud, pump-and-dump AI stock scheme

The “adviser” was allegedly responsible for three securities frauds.
14 June 2021