All Articles (2242)

Sort by

12309104701?profile=RESIZE_400xThe UK’s Sellafield nuclear facility has denied reports that its IT networks have been attacked by cyber groups linked to Russia and China.  The Guardian said an investigation into the nuclear site in Cumbria found security breaches, dating back to 2015, which it says were not reported to regulators for “several years.”

The year-long investigation, named ‘Nuclear Leaks,’ said sleeper malware which can be used to spy on or attack systems had been embedded in the networks and could still be there.

12309964467?profile=RESIZE_400xOne of the cybercrime underground’s more active sellers of Social Security numbers, background, and credit reports has been pulling data from hacked accounts at the US consumer data broker USinfoSearch. 

Since at least February 2023, a service advertised on Telegram called USiSLookups has operated an automated bot that allows anyone to look up the SSN or background report on virtually any American.  For prices ranging from $8 to $40 and payable via virtual currency, the bot will automatically re

12308638261?profile=RESIZE_400xA ransomware group behind some of the biggest cyberattacks in 2023 has taken credit for an incident involving a multibillion-dollar player in the real estate industry.

Fidelity National Financial, a Fortune 500 provider of title insurance for property sales, acknowledged an attack in regulatory documents submitted 21 November to the US Securities and Exchange Commission.[1]

On 22 November, the AlphV/Black Cat ransomware gang took credit for the intrusion, publishing a lengthy screed against the

12306240255?profile=RESIZE_400xImproving social media governance is crucial for organizations to effectively manage their online presence, protect their reputation, and ensure compliance with relevant regulations.  Yet, many organizations struggle to do this because an ever-evolving social media and technology landscape makes it challenging to adapt their strategies and policies.  New platforms, features, and trends emerge regularly, making it challenging for organizations to keep up and evolve accordingly.

Social Media Threa

12306209278?profile=RESIZE_400xOur friends at SentinelLabs report that Hack-for-Hire threat actors go by many names, such as surveillance-for-hire, mercenaries, private-sector-offensive-actors (PSOAs), and nonstate offensive threat actors.  Such groups represent an exciting challenge for security researchers and network defenders. They should be considered a severe threat to all organizations, worthy of proactive tracking in ongoing intrusions and analysis of historical cases to understand their significant impacts.  Many pub

12305748873?profile=RESIZE_400x

Amid the steady onslaught of costly ransomware and other attacks, cyber insurance is more important than ever for businesses.  A company can implement proper security controls and meet regulatory mandates, but breaches still happen and when they do, cyber insurance can be a vital tool to help a business recover quickly.  However, it's also becoming more expensive, complicated and challenging to get.

According to Fitch Ratings, cyber insurance is the fastest-growing segment of the US property/ca

12304372460?profile=RESIZE_400xWith an estimated damage of US$10.5 trillion annually from cyberattacks projected by 2025, a significant surge from 2015 levels, the demand for stronger cybersecurity methods has never been more pressing.  According to Geoff Schomburgk, the Regional Vice President, Asia Pacific & Japan (APJ) at Yubico, a leading provider of phishing-resistant authentication hardware solutions, this escalating threat is prompting the need to steer away from traditional, insecure password mechanisms.  "Passwords,

12304219682?profile=RESIZE_400xThe ransomware strain known as Play is now being offered to other threat actors "as a service."  The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the Ransomware-as-a-Service (RaaS) and are following step-by-step instructions from playbooks delivered with it.

Cybercriminals are increasingly finding it just as lucrative to hire their toolkits out to other crooks so they can launch attacks of their own.  Investigator

12304767697?profile=RESIZE_400xA water authority in Pennsylvania reportedly suffered a cyberattack, prompting officials to reassure people in the area that drinking water has not been affected by the incident.

The Municipal Water Authority of Aliquippa, which serves thousands of customers in communities northwest of Pittsburgh, did not respond to requests for comment but told local news outlet that computer screens at a facility were plastered with a message from hacking group Cyber Av3ngers. The facility, which contains a co

12304214882?profile=RESIZE_400xAccording to researchers, despite industries best efforts, 67% of businesses say they need to improve security and compliance measures with 24% rating their organization’s security and compliance strategy as reactive.  The expansion of attack surfaces in a post-pandemic hybrid world, combined with shrinking teams and budgets and the rapid rise of generative AI, are fueling an urgent need for companies to improve and prove their security posture.

For companies of all sizes, limited risk visibilit

12300553057?profile=RESIZE_400xRobots can perform surgery, shampoo someone’s hair, read a mammogram and drive a car. A chatbot could probably write this article.  Now that machines can do nearly everything humans do, the question is what effect they have on human motivation. Do they make our lives easier and more efficient, or will they make us lazy?

A study published in October 2023 in the journal Frontiers in Robotics and AI has an answer: A person who works alongside a robot is less likely to focus on details than when he

Views: 74
Comments: 0

12300552652?profile=RESIZE_400xChina is ready to work with Argentina to keep relations on a "steady" course, a foreign ministry spokesperson said on Tuesday, after the presidential election victory of a right-wing libertarian who said he will not deal with communists. Argentinian president-elect Javier Milei has criticized China and Brazil, which are among his country's most important trading partners. A few months ago, Milei even likened the Chinese government to an "assassin" and said the people of China were "not free".

Mi

Views: 32
Comments: 0

12300551895?profile=RESIZE_400xRisk assessment should be a rational and objective undertaking.  As humans, with our emotions, can sometimes be irrational and subjective. As security professionals, this would seem to put us at odds with our duty to objectively assess, manage, and mitigate risk. Unfortunately, subjectivity introduces bias, which skews risk assessment. When too much subjectivity is mixed into risk assessment, it can produce a risk picture that is not an accurate representation of reality. 

See:  https://redskyal

Views: 45
Comments: 0

12299288673?profile=RESIZE_400xRecently, it was announced that the Clorox company’s CISO has stepped down from her position.  Her departure comes as the company is still recovering from a devastating cyberattack that paralyzed its order fulfillment facilities for more than a month, leading to a 20% decline in net revenue in the first quarter of the fiscal year.

The reasons behind her departure have not been publicly disclosed. Still, her decision to step down during such a critical time for Clorox's cybersecurity efforts has

12296561270?profile=RESIZE_400xA cyberattack that caused port operations to grind to a halt at four container terminals should be subject to a federal probe as a union pushes for DP World to reveal what it knew about the risks.  The Dubai-controlled stevedore, which handles 40% of the nation's international freight, closed its Sydney, Melbourne, Brisbane and Fremantle port operations after detecting a breach on November 10.  Trucks were left idling at port gates and the transfer of 30,000 containers was delayed, with the back

12296625485?profile=RESIZE_400xArkose Labs https://www.arkoselabs.com has analyzed and reported on tens of billions of bot attacks from January through September 2023, collected via the Arkose Labs Global Intelligence Network. Bots are automated processes acting out over the internet. Some perform useful purposes, such as indexing the internet, but most are Bad Bots designed for malicious ends. Bad Bots are increasing dramatically, and Arkose estimates that 73% of all internet traffic currently (Q3, 2023) comprises Bad Bots a

12299284455?profile=RESIZE_400xThe Arid Viper group has a long history of using mobile malware, including at least four Android spyware families and one short-lived iOS implant, Phenakite.  The SpyC23 Android malware family has existed since at least 2019, though shared code between the Arid Viper spyware families dates back to 2017. It was first reported in 2020 by ESET in a campaign where the actor used a third-party app store to distribute weaponized Android packages (APK).  That campaign featured several apps that mimic T

12296267053?profile=RESIZE_400xSix Group counts its profit in millions, but the financial pipework it controls moves billions.  Its operations, which include the Spanish and Swiss stock exchanges, count as critical national infrastructure and this gives it a close relationship with governments and regulators in Madrid and Zurich.  Those relationships are critical in an age where digital warfare makes financial infrastructure a prime target for hackers linked to hostile states.  Jos Dijsselhof, the Dutch chief executive of the

12296623101?profile=RESIZE_400xThe US Federal Communications Commission (FCC) is adopting new rules that aim to protect consumers from cell phone account scams that make it possible for malicious actors to orchestrate SIM-swapping attacks and port-out fraud,  "The rules will help protect consumers from scammers who target data and personal information by covertly swapping SIM cards to a new device or porting phone numbers to a new carrier without ever gaining physical control of a consumer's phone," FCC reported on 17 Novembe

Views: 43
Comments: 0

12296666098?profile=RESIZE_400xRed Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated