Cybersecurity News
Paying Ransomware Paints Bigger Bullseye on Target’s Back
Ransomware attackers often strike targets twice, regardless of whether the ransom was paid.
Black Basta Ransomware Teams Up with Malware Stalwart Qbot
The novel cybercriminal group tapped the ever-evolving info-stealing trojan to move laterally on a network in a recent attack, researchers have found.
RSA – Spot the real fake
How erring on the side of privacy might ultimately save you from chasing down a virtual rendition of you doing the bidding of a scammer
The post RSA – Spot the real fake appeared first on WeLiveSecurity
Apple's Safety Check combats domestic abuse but timing its use is critical
The feature is useful but has its limitations in fighting domestic and intimate partner violence.KrebsOnSecurity in New Netflix Series on Cybercrime
Netflix has a new documentary series airing next week -- "Web of Make Believe: Death, Lies & the Internet" -- in which Yours Truly apparently has a decent amount of screen time. The debut episode explores the far-too-common harassment tactic of "swatting" -- wherein fake bomb threats or hostage situations are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.Cyber Risk Retainers: Not Another Insurance Policy
The costs associated with a cyberattack can be significant, especially if a company does not have an Incident Response plan that addresses risk.
Conducting Modern Insider Risk Investigations
Insider Risk Management requires a different approach than to those from external threats. IRM is unique from other domains of security in that the data sources which serve as inputs are as often people as they are tools. Shifting the analyst‘s mindset when handling risks presented by insiders requires us to move through the stages of inquiry, investigation, and determining outcomes.
Follina Exploited by State-Sponsored Hackers
A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.
Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw
The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario.
Cybersecurity awareness training: What is it and what works best?
Give employees the knowledge needed to spot the warning signs of a cyberattack and to understand when they may be putting sensitive data at risk
The post Cybersecurity awareness training: What is it and what works best? appeared first on WeLiveSecurity
IBM acquires Randori to streamline threat detection, bolster XDR offerings
The tech giant's latest purchase builds on the acquisition of ReaQta.Ransomware attacks have dropped. And gangs are attacking each other's victims
Research indicates victim numbers are dropping but the finance sector is experiencing more than its fair share of attacks.Sheryl Sandberg’s influence reaches all of us. But it’s a troubling legacy | Stephanie Hare
From epic data mining to shocking failures of content moderation, Meta’s COO passes on a vast clean-up jobIf you are reading this, odds are that you are one of the 2.87 billion daily users of the products offered by Meta, the parent company of Facebook, Instagram, Facebook Messenger and WhatsApp. If you are not using any of these products, you are connected to people who do use them. And this connects you to Sheryl Sandberg, who resigned last week from her role as Meta’s chief operating officer.
Even if you have never met her, interacted directly with her or read her books on corporate feminism or bereavement, Sandberg has had an impact on your life. She’s not the only reason that our data is tracked online, whether we use Meta’s products or not. Many others have helped to create and exploit an entire industry that profits from our data. What’s more, lawmakers and regulators worldwide have done little to stop this, in no small part because companies like the ones Sandberg helped run spend millions of dollars every year lobbying to prevent or water down any attempts at regulation.
Continue reading...What Counts as “Good Faith Security Research?”
The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. But legal experts continue to advise researchers to proceed with caution, noting the new guidelines can’t be used as a defense in court, nor are they any kind of shield against civil prosecution.Key insights from ESET’s latest Threat Report – Week in security with Tony Anscombe
A review of the key trends that defined the threatscape in the first four months of 2022 and what these developments mean for your cyber-defenses
The post Key insights from ESET’s latest Threat Report – Week in security with Tony Anscombe appeared first on WeLiveSecurity
100 days of war in Ukraine: How the conflict is playing out in cyberspace
It’s been 100 days since Russia invaded Ukraine, and we look back at various cyberattacks connected to the conflict
The post 100 days of war in Ukraine: How the conflict is playing out in cyberspace appeared first on WeLiveSecurity
Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again
Deja-Vu data from this year's DBIR report feels like we are stuck in the movie 'Groundhog Day.'
Evil Corp Pivots LockBit to Dodge U.S. Sanctions
The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity.
Cybersecurity in the future: Security 'by PlayStation' and IoT asbestos
WithSecure's Mikko Hyppönen shares his predictions for cybersecurity, cybercrime, and how our devices will be protected.Cybercriminals Expand Attack Radius and Ransomware Pain Points
Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of "triple extortion" ransomware attacks.