Cybersecurity News
Cybersecurity awareness training: What is it and what works best?
Give employees the knowledge needed to spot the warning signs of a cyberattack and to understand when they may be putting sensitive data at risk
The post Cybersecurity awareness training: What is it and what works best? appeared first on WeLiveSecurity
IBM acquires Randori to streamline threat detection, bolster XDR offerings
The tech giant's latest purchase builds on the acquisition of ReaQta.Ransomware attacks have dropped. And gangs are attacking each other's victims
Research indicates victim numbers are dropping but the finance sector is experiencing more than its fair share of attacks.Sheryl Sandberg’s influence reaches all of us. But it’s a troubling legacy | Stephanie Hare
From epic data mining to shocking failures of content moderation, Meta’s COO passes on a vast clean-up jobIf you are reading this, odds are that you are one of the 2.87 billion daily users of the products offered by Meta, the parent company of Facebook, Instagram, Facebook Messenger and WhatsApp. If you are not using any of these products, you are connected to people who do use them. And this connects you to Sheryl Sandberg, who resigned last week from her role as Meta’s chief operating officer.
Even if you have never met her, interacted directly with her or read her books on corporate feminism or bereavement, Sandberg has had an impact on your life. She’s not the only reason that our data is tracked online, whether we use Meta’s products or not. Many others have helped to create and exploit an entire industry that profits from our data. What’s more, lawmakers and regulators worldwide have done little to stop this, in no small part because companies like the ones Sandberg helped run spend millions of dollars every year lobbying to prevent or water down any attempts at regulation.
Continue reading...What Counts as “Good Faith Security Research?”
The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. But legal experts continue to advise researchers to proceed with caution, noting the new guidelines can’t be used as a defense in court, nor are they any kind of shield against civil prosecution.Key insights from ESET’s latest Threat Report – Week in security with Tony Anscombe
A review of the key trends that defined the threatscape in the first four months of 2022 and what these developments mean for your cyber-defenses
The post Key insights from ESET’s latest Threat Report – Week in security with Tony Anscombe appeared first on WeLiveSecurity
100 days of war in Ukraine: How the conflict is playing out in cyberspace
It’s been 100 days since Russia invaded Ukraine, and we look back at various cyberattacks connected to the conflict
The post 100 days of war in Ukraine: How the conflict is playing out in cyberspace appeared first on WeLiveSecurity
Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again
Deja-Vu data from this year's DBIR report feels like we are stuck in the movie 'Groundhog Day.'
Evil Corp Pivots LockBit to Dodge U.S. Sanctions
The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity.
Cybersecurity in the future: Security 'by PlayStation' and IoT asbestos
WithSecure's Mikko Hyppönen shares his predictions for cybersecurity, cybercrime, and how our devices will be protected.Cybercriminals Expand Attack Radius and Ransomware Pain Points
Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of "triple extortion" ransomware attacks.
ESET Threat Report T 1 2022
A view of the T 1 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
The post ESET Threat Report T 1 2022 appeared first on WeLiveSecurity
Scammers Target NFT Discord Channel
Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.
International Authorities Take Down Flubot Malware Network
The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.
Being prepared for adversarial attacks
There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, Fortinet’s […]
Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.
Talking to children about the internet: A kid’s perspective
A 14-year-old shares his thoughts about technology and the potential privacy and security implications of the internet
The post Talking to children about the internet: A kid’s perspective appeared first on WeLiveSecurity
Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions
Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sanctions targeting extortion payouts to cybercriminals operating in Russia.EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.
ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.