Breaking News

Cyber security concept art

500M WhatsApp users’ data leaked

Nov 29 – The data of 500 million users has been leaked on the Dark Web. An ad appearing on November 16 on a hacking forum claimed to be selling 487 million WhatsApp user mobile phone numbers. The threat actor claimed the dataset contains information from 84 countries, including Egypt (45 million), Italy (35 million), the U.S....
Twitter Concept Art

5.4M Twitter users’ data breached

Nov 28 – Via a vulnerability known as an API (application programming interface) attack, the data belonging to over 5.4 million people made its way into hackers’ hands, eventually appearing on the internet. The private phone numbers and email addresses of celebrities and private companies may have been exposed, along with those belonging to private citizens. Worse yet,...
Electrical engineers and power grid

Power grid vulnerability found, says Microsoft

Nov 23 – According to Microsoft, cyber criminals are exploiting a discontinued web server found in popular Internet of Things (IoT) devices, and are using it in order to target energy sector organizations. Microsoft’s analysis On Tuesday, Microsoft researchers stated that they had discovered a vulnerable open-source element in the Boa web server. This server is still widely used...
Twitter concept art

The latest on Twitter’s transformation

Nov 21 – Twitter was created by Jack Dorsey, Noah Glass, Biz Stone and Evan Williams in March of 2006, launching in July of that year. In the first few months, the company started to see 20,000 tweets per day. The social media platform quickly became a hit. By the following year, the number of tweets had...
Tech concept art

Big Tech, Twitter & Jobs

Nov 18 – In Big Tech, job cuts and revenue loss announcements give the impression that the sky is falling. However, the doom and gloom fail to give a sense of the full picture. What is really happening here? Twitter purchase After purchasing Twitter at the price of $44 billion, Elon Musk began layoffs that cut its 7,500 person...

Australia wants to ‘hack back’

Nov 16 – According to the Washington Post, Australia’s Cybersecurity Minister Clare O’Neil has promised to “hack the hackers,” following two massive cyber attacks that negatively affected companies and consumers. Australia's Taskforce On November 12th, Minister O’Neil announced the development of a taskforce that will identify and stop the cyber criminals who catalyzed recent data breaches. The taskforce will...
Abstract cityscape

EU rethinks spyware regulations

Nov 11 – On Tuesday, a draft report from European Union lawmakers announced that a Europe-wide moratorium on surveillance software, such as NSO Group’s products, is needed. The report was composed by Dutch member of the European Parliament, Sophie in ‘t Veld, who chairs a committee that has spent time investigating the use of spyware across 27 EU...

Zoom helps repurpose movie theaters. Here’s why:

Nov 9 – If you’ve ever participated in a Zoom meeting from home or the office and wished that you could instead participate via a movie theater mega-screen, that may be possible in the near future. Zoom Video Communications is partnering with AMC Theaters to transform select movie theaters into enormous video conference rooms. Starting in 2023, the...
Concept art, drone

Attackers can see through walls with this security loophole…

Nov 7-- A new type of device, developed by researchers from the University of Waterloo, can ‘see through walls’, or more precisely, detect the location of connected and smart devices from significant distances. The implications are unparalleled… Location-revealing privacy attacks The device, nicknamed “Wi-Peep”, is really a creepy, repurposed drone. When flying near a building, the drone can engage...

Twitter’s new cyber security challenges

Nov 4 -- As world's highest net-worth individual and Tesla founder Elon Musk appointed himself to Twitter’s CEO role, he announced upcoming changes to the platform’s verification systems. The changes include an $8 monthly fee for account verification and 'Twitter Blue,' a digital verification symbol. After the announcement, Twitter users started to receive related phishing emails. The emails...
EV charging station concept

Are we overlooking EV charging security?

Nov 2 – Around the world, governments are pushing for greener technologies in order to combat climate change and reduce reliance on hydrocarbons. Norway has built a network of 17,000 electric vehicle (EV) charging points, while the US Department of Transportation recently announced a $5B plan to create a new network of EV charging stations. However, while automotive companies...
Business people in an office

The leading cyber security employer, says Forbes…

Oct 28 – For the third year in a row, Forbes has named Check Point Software Technologies LTD to its list of World’s Best Employers. With over 6,000 employees globally, Check Point continues to be recognized as the world’s number one cyber security employer and praised for its strong company culture, gender equality and corporate social responsibility. “Our...
Apple concept art

Apple transitions to USB-C, but isn’t happy…

Oct 26 -- Now that the European Union is mandating that every phone sold in its member countries use a certain type of connector if they have a physical charger, Apple has no choice but to add a USB-C port to the iPhone. At present, the law states that "all mobile phones and tablets" will be required to...
Cyber criminals are impersonating these brands

Cyber criminals are impersonating these brands…

Oct 24th -- The latest Brand Phishing Report from Check Point Software highlights which brands were most frequently imitated by cyber criminals during July, August and September of 2022. The report indicates that the shipping company known as DHL was imitated with the greatest frequency during the specified time period. DHL shipping attacks According to researchers, shipping is one...
Person using phone

U.S. rolls out IoT device labeling program

Oct 20th -- In October of 2020, the Cyber Security Agency of Singapore (CSA), launched the Cybersecurity Labeling Scheme (CLS) for smart devices, which aimed to improve IoT security, advance cyber hygiene levels and provide greater security in cyber space. This week, U.S. deputy national security advisor for cyber and emerging technology, Anne Neuberger, stated that Singapore...
IoT concept, connected devices

FBI issues warning, unpatched & outdated IoT

Oct 17 -- The US Federal Bureau of Investigation (FBI) recently issued an industry notification pertaining to unpatched and outdated devices, warning the public that cyber criminals are continuing to target internet-connected devices in order to leverage device weaknesses for nefarious gains. IoT devices are known to retain many vulnerabilities. The number of vulnerabilities within medical devices is...
Traveler in an airport

US airports experience DDoS website defacement

Oct 11 -- In the last 48 hours, websites belonging to 14 US airports, including those in Atlanta, Chicago, New York and Los Angeles, were temporarily taken offline due to cyber attacks. The attacks have not impacted flight operations. Airport management teams notified the FBI and the Transportation Security Administration (TSA) about the attacks. In a statement, the...
Digital abstract, cyber security

Hacktivists threaten US government groups

Oct 5 -- A computer “Hacktivist” group known as Killnet announced that it intends to launch a series of cyber attacks on a number of US government websites. Experts state that the actions are in response to escalating geopolitical tensions. In Telegram post, the hacktivists listed several US government websites that it aims to target across the next...
Abstract cyber security concept art

How hackers weaponize security cameras

Oct 5 -- Internet-connected security cameras are everywhere these days – public spaces, business settings, and affixed to the doors of private homes. The value of the market was estimated to hover around $50B in 2021 and is rapidly growing. Everyday, hundreds of thousands of security cameras are installed and connected worldwide. These products are being developed by...
Cyber security lock and key concept

High-severity Exchange 0-day bugs

Oct 3 -- Microsoft is working to role out a patch for a high-severity set of 0-day vulnerabilities, which threaten 220,000 servers. These security flaws have been under active exploit for more than a month, when a security expert discovered that an organization's networks were infected with malicious webshells, and that the initial point of entry was an...
Cyber security concept art

The new era of Hacktivism

Sept 30 -- Up until last year, hacktivism was primarily associated with groups like Anonymous – decentralized and unstructured collectives composed of private individuals with assorted agendas. Based on the preferences and wishes of its members, Anonymous has launched multiple campaigns directed at range of targets. Evidence shows that group members did not necessarily have any mutual ideological...
Components of Cyber Security Concept

Hackers use social media to assist protesters

Sept 28 – In Iran, multiple hacker groups are using Telegram, Signal and dark web tools to assist anti-government protestors in bypassing regime restrictions. The news comes from security experts at Check Point Research (CPR), weeks after the death of Mahsa Amini, a protestor who was arrested for violating laws mandating that women wear headscarfs. Amini died in...
Zoom concept art

6 fake websites fool Zoom users

Sep 26 -- If you land on a Zoom website that looks unfamiliar, it may be one of six fake Zoom sites created by a cyber criminal gang. The fake pages attempt to persuade people to download malware that can steal banking data, IP addresses and other information. This appears to be part of a wider hacker-led info-stealing...
Phone data in large metropolitan area

A 7-year mobile surveillance campaign

Sept 23 – Check Point Researchers recently observed a new wave of a long-standing malware campaign targeting the Uyghur community, a Turkic ethnic group originating in Central Asia and one of the largest minority ethnic groups in China. The malicious activity by a threat actor known as Scarlet Mimic was first documented in 2016, after a campaign that...
Ride Hail Concept

Lapsus$ blamed for Uber breach

Sep 21 – Last week, Uber Technologies Inc. experienced a cyber attack that forced the company to temporarily shut down some internal systems. The attack perpetrators managed to gain access after obtaining a contractor’s account credentials. Uber blames Lapsus$ Uber believes that the hacking group Lapsus$ was behind the attack. Lapsus$ has been described as a “loosely” held collective...
Cyber security threat concept

New Microsoft 365 credential harvesting campaign

EXECUTIVE SUMMARY: Thousands of Microsoft 365 credentials were recently discovered on phishing servers. The credentials were stored in plaintext, making them easily readable. This finding appears to be a part of a larger credential harvesting campaign that targets real estate professionals, whose wire transfers are monetarily valuable. The attacks showcase the growing, evolving risk that standard username-password combinations present....
Mobile malware attack concept

The mobile malware landscape in 2022

Sept 16 – Across the past 10 years, mobile device usage has increased exponentially. Over 5.3 billion people rely on mobile phones worldwide and over 90% of those individuals rely on smart or internet-enabled phones. What does this really mean? As smartphone usage has skyrocketed, so has the probability of experiencing a phone-based cyber attack. For many, phones...
Twitter image

Elon Musk tries to back out of Twitter deal

Sep 15 – In a new court filing, billionaire Elon Musk accused Twitter of fraud, alleging that flaws in the company’s social media data security should entitle him to end his $44 billion Twitter purchasing deal. Musk, who is world’s richest individual, revised his previously filed lawsuit by incorporating allegations by a Twitter whistleblower, who provided congressional testimony...
US federal guidelines image concept

White House releases cyber security guidelines

Sept 14 -- In the US, the White House is releasing new guidelines pertaining to how federal agencies and government contractors can comply with President Biden's executive order requiring common cyber security standards. Prior to the executive order, the only criteria determining the quality of software was whether or not it functioned as advertised. Why this is important The new...
Bank Supply Chain concept art

Financial institutions targeted in Western Africa

Sept 12 -- For the last two years, a malicious campaign known as DangerousSavanna has disrupted financial services groups in Western, French-speaking Africa. In the last few months, the campaign has heavily focused on the Ivory Coast, delivering malicious attachments and emails via diverse file types, including Word, PDFs, ZIP and ISO files. DangerousSavanna The DangrousSavanna campaign leverages common...
Portugues government affected by cyber attack

NATO documents leaked after gov’t attack

Sep 9 – In Portugal, hundreds of classified NATO documents were accidentally leaked after a cyber attack affecting the Portuguese government’s Department of Defence (DoD). US intelligence officials identified the documents as for sale on online forums. Portuguese General Staff of the Armed Forces (EMGFA) representatives, who work within the nation’s Department of Defence, stated “We do not...
Laptop and book vector illustration

Vice Society ransomware attacks on schools

Sep 7 – Last year, the Vice Society ransomware gang started to deploy ransomware attacks within the education sector, according to the US Federal Bureau of Investigation, the Cybersecurity and Infrastructure agency, and the MS-ISAC, a cyber threat sharing body. Due to the sensitive nature of student data stored on school systems and/or via third-party systems, cyber criminals...
TikTok app image twitter

TikTok and WeChat data breach: Real or fake?

Sept 6 -- On Friday, cyber criminal operators created a new discussion on a hacking forum, where they claimed to have breached both TikTok and WeChat, which maintain billions of monthly users across the globe and own what is perhaps a frighteningly large quantity of data. The hack The cyber criminal operators claim to have obtained more than 2...
Business person with iPhone

New iOS and iPad updates to fix bugs

Sept 1 – Apple announced the release of a rare security update for older iPhones and iPads stuck on iOS 12, an operating system that received its last security update almost a year ago. The new iOS 12.5.6 update patches a single bug that hackers could exploit to enact arbitrary code execution through ‘maliciously crafted web content’. The...
App concept

Malicious version of Google Translate

Aug 30 -- Cyber criminals are deploying cryptocurrency-mining malware disguised as legitimate-looking application, such as Google Translate, on free software download sites and via Google searches. The cryptomining Trojan, called Nitrokod, is usually disguised as a clean Windows app and works as the user expects for days or weeks ahead of executing hidden Moner-crafting code. Experts say that the...
Cyber security programmers

One creative cyber security talent shortage solution

Aug 26 -- Demand for cyber security professionals is high. Earlier this year, the United States released figures showing that there are nearly 600,000 unfilled cyber security positions, and that number is expected to grow. Over 80% of cyber security teams are affected by or will be affected by the talent shortage, with a significant number already...
Cyber security concept art

Vulnerability management challenges and best practices

Aug 24 -- IT administrators and security professionals who apply security patches report that determining the impact of the patches is becoming increasingly difficult. Worsening the problem is the fact that it is patch quality seems to be declining. Experts report seeing re-patches for bugs that weren't fixed correctly the first time. Vulnerability management problems CVSS is an industry...
Healthcare concept

Hackers demand $10M to end Paris area hospital attack

Aug 22 -- Southeast of Paris, the CHSF Hospital Centre in Corbeil-Essonnes revealed that it has been a victim of a cyber attack. The attack began on Saturday night, and has thus far led to a hacker demand for $10 million. The attempted extortion and the breach of the hospital's computer systems are both under investigation by the...
SOVA malware concept art

SOVA malware upgrades capabilities with ransomware

Aug 19 -- A new variant of the SOVA malware has been evolved to target Android devices, according to cyber security researchers. Experts have analyzed the latest version of the popular banking trojan and discovered a series of new features, including the capacity to encrypt locally stored files. The 5.0 version adds a ransomware module. SOVA capabilities  At present,...
Age of the revenue generating CIO

Xiaomi phone bug, payment forgery

Aug 17 – The smartphone maker known as Xiaomi, the world’s third-largest smartphone builder, which trails just behind Apple and Samsung, reported that it has patched a high-severity flaw in its ‘trusted environment’ which is used to store payment data. Last week, researchers at Check Point revealed that the Xiaomi smartphone flaw could have enabled attackers to hijack...
Person holding phone

Vulnerabilities on Xiaomi’s mobile payment mechanism

Aug 12 -- Around the world, mobile payment represents a very popular means of completing a purchasing transaction. However, mobile payment comes with risk, and the corresponding cyber security threats have become a growing concern as an increasing number of people are turning towards these payment systems. Mobile payment popularity Last year, more than $4 billion worth of goods...
Components of Cyber Security Concept

SMS phishing attacks affect Twilio and Cloudflare

Aug 10 -- The communications platform known as Twilio recently disclosed that a sophisticated threat actor gained unauthorized access to private data via an SMS-based phishing campaign. Twilio described the attack as "well organized" and "methodical." What is Twilio? Twilio is an American firm that provides programmable communications tools for making and receiving phone calls, sending and receiving text...
Hacker claims to have stolen a billion citizen records

New phishing campaign uses open redirect flaw

Aug 8 -- Separate phishing campaigns targeting thousands of victims are impersonating well known brands, like FedEx and Microsoft, among others, to deceive victims. At present, attackers are exploiting a well-known open redirect flaw to phish people's credentials and personally identifiable information (PII) using American Express and Snapchat domains, according to cyber security researchers. Open redirect is a security...
International malware takedown pre-empts nation-state strikes, image

Critical flaws in Emergency Alert System

Aug 5 -- In the US, the Department of Homeland Security (DHS) has issued a warning concerning critical security vulnerabilities in unpatched Emergency Alert System (EAS) encoder/decoder devices. Systems may be able to distribute fake emergency alerts via TV and radio networks. Critical flaws: Emergency Alert System "We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that,...
Internet security concept

Alleged GitHub hack, a security teaching tool?

Aug 3 – Yesterday evening, an ominous Twitter post indicated that a widespread malware attack on GitHub may have been in-progress. However, upon further investigation, researchers found something a bit different from the expected. It appears that thousands of GitHub repositories were copied, and that the clones were altered to include malware. Original GitHub projects (all 35,000 of...
Communications and technology concept

Digital attacks, Taiwanese websites, air-raid shelters

Aug 3 -- In Taiwan, a series of cyber attacks temporarily interrupted access to Taiwanese government websites. Access to the website of Taiwan's presidential office was unavailable for roughly 20 minutes.  Two other portals were temporarily taken offline in order to allow experts to assess possible damage. DDoS attacks In a statement, the Taiwanese officials said that websites had...
Green abstract, hacking, binary code

How Phishing-as-a-Service increases cyber crime

Jul 29 – A new Phishing-as-a-Service (PhaaS) platform, known by the name of “Robin Banks” is providing cyber criminals with ready-made phishing tools that can trick consumers of reputable financial institutions and who use online financial services applications. The Robin Banks platform Robin Banks represents a new hacking initiative that has been operational since at least March of 2022....
Ransomware concept art

Toronto Symphony Orchestra, cyber threat

Jul 27 -- Earlier this month, one of Canada's biggest orchestras experienced the fallout from a ransomware attack. The attack occurred on WordFly, a digital communications and marketing platform frequently deployed by arts, entertainment, culture and sports firms. WordFly environment On Monday, the Toronto Symphony Orchestra, which relies on WordFly for email provisioning services, notified community members of the...
Abstract cyber security concept - lock and binary code

Zero Trust Network Architecture in the New Normal

July 25 – Modernize your enterprise with Zero Trust Network Access (ZTNA). Zero Trust Network Architecture is now considered a foundational element of a strong cyber security strategy and it can also serve as a component within an overarching business strategy framework. New work models Among a distributed workforce, ZTNA can offer unprecedented scalability, agility and stability. As hybrid...
cryptocurrency cyber threats

Investment-fraud affecting crypto, FBI warns

July 21 – According to the FBI, cyber attackers are launching malicious apps that imitate those of legitimate companies. Consumers unwittingly download the look-alike apps, leading to phone-based malware infections and financial theft. The FBI is highlighting this issue to help prevent cyber security risks and fraud, as US citizens have lost millions due to these scams. The...

Twitter tests new ‘Co-Tweet’ feature that…

July 7 -- Twitter is testing out a new 'Co-Tweet' feature that allows users to co-author tweets, according to the company. Twitter intends to test the feature for a limited length of time to assess how users utilize the feature, and whether or not it increases collaboration and productive online conversations. Twitter's new feature In addition to helping individual...
Green abstract, hacking, binary code

New malware affects Microsoft Exchange servers

July 5 -- A newly discovered malware has been used to infiltrate Microsoft Exchange servers. In this case, the servers belong to government and military organizations in Europe, the Middle East, Asia and Africa. The malware, dubbed SessionManager, is a malicious native-code module for Microsoft’s Internet Information Services (IIS) web server software. SessionManager has seen use ‘in the...
Cyber security concept art

Norway hit with cyber attack

June 30 – In Norway, public and private sector websites were temporarily suspended following a cyber attack on the country’s national data network. Online services were suspended for several hours. Head of the Norwegian National Security Authority (NSM), said a criminal pro-Russian group appeared to be behind the attacks, adding that the attacks “give the impression that we...
Cyber security concept art

FBI warns employers to beware of fake job applications

June 29 -- In a new public service announcement, the FBI has warned employers not to fall for fraudulent job applications on behalf of remote jobs. According to the FBI, voice spoofing and stolen personal information have been used to deceive managers into moving applications through the hiring pipeline. Deepfakes and job applications Deepfakes have even been used in job...
Phishing concept

Monkeypox phishing scams seeing sharp rise

June 24-- Across the globe, epidemiologists are tracking and investigating the Monkeypox outbreak. In the course of epidemiological investigations, "disease detectives" are known to reach out to individuals by phone or email, but cyber scammers are taking advantage of the trend in order to phish consumers. Monkeypox phishing emails Attackers have been observed sending Monkeypox-related phishing emails to employees....
Malware and map of world

Surveillanceware with 25 different functions

June 23-- In April, after nation-wide protests against government policies were suppressed in Kazakhstan, researchers uncovered enterprise-grade Android surveillanceware in-use by the Kazakhstan government. A government entity ostensibly used brand impersonation to deceive victims into downloading the surveillanceware. Surveillanceware analysis Researchers believe that the surveillanceware, dubbed "Hermit," was likely developed by an Italian spyware vendor and a telecommunications solutions...
NASA taps these three firms for nuclear power plant designs

Nuclear power plants on the moon? NASA taps these 3 firms for designs

June 21-- NASA announced the winning bids for a concept design award on behalf of nuclear fission energy systems that will reside on the surface of the moon. Winning bids for this award were submitted by Lockheed Martin, Westinghouse and IX (a joint venture from Intuitive Machines and X-energy). Nuclear plants on the moon In case you missed it,...
World Cup Soccer Concept

Apple signs 10 year streaming deal with soccer teams

June 17-- Apple has inked a broadcasting rights deal with Major League Soccer (MLS) that will allow Apple to stream every MLS match for 10 years starting in 2023. The deal is worth $2.5 billion, according to the Financial Times. Commissioner of Major League Soccer, Dan Garber, believes that the deal will help the league appeal to a...
Cat in businesss attire

BlackCat ransomware group takes extortion to new level

June 15 -- The BlackCat ransomware group has created a dedicated domain that allows victims of its ransomware attacks to check on whether or not their data was stolen. Learn more about how it works, the rationale, and why this matters... How it works A recent BlackCat data heist involved theft of information from a hotel and spa in...
Cyber security concept

Kaiser Permanente Breach, 70K affected

June 13 -- Earlier today, the US healthcare conglomerate known as Kaiser Permanente disclosed a data breach that affects as many as 69,589 individuals. According to information on the group's website, an unauthorized entity had obtained access to internal emails on April 5th of this year. Investigation Kaiser Permanente reportedly terminated access "within hours," launching an investigation immediately thereafter....
Computer code

New Linux malware nearly impossible to detect

June 9 -- A collaborative cyber security research initiative has led to the discovery of Symbiote, a new Linux malware type that's almost impossible to detect. Researchers believe that it may have been developed for the purpose of targeting financial institutions in Latin America. It was first observed several months ago. Symbiote malware The Symbiote malware acquired its name...

Elevated cyber threats, new normal in US

June 7 -- The Biden administration's assessment of the nation's cyber preparedness has grown increasingly stark. According to the Biden administration's top officials, more frequent cyber attacks are now part of the 'new normal' for US companies and for individuals. Significant messaging shift After more than a year of ransomware attacks pummeling US enterprises, schools, hospitals and governments and...
Globe concept, digital abstract

Malware strikes City of Palermo

June 6 -- In Italy, the City of Palermo has suffered a cyber attack. Media outlets report that affected systems include public video surveillance management, the municipal police operations center, and the entirety of the city's municipal services. Citizens cannot communicate or request any service that depends on digitally connected systems. All citizens have been instructed to use...
Cyber security, attack surface concept

Vulnerability could neutralize Android communication

June 2 -- A team of cyber security researchers has identified a vulnerability in UNISOC's baseband chipset that, if exploited, could deny and block communication of mobile phones. The researchers have since disclosed the information to appropriate company representatives, who have acknowledged the vulnerability, assigned a CVE and rolled out a patch with which to resolve it. UNISOC's...
Abstract security concept

Zero day vulnerability in Microsoft Office

May 31 -- Microsoft recently released mitigation information for a zero day vulnerability within the Microsoft Office suite. If exploited, the bug can enable remote code execution on a victim's machine. The vulnerability, dubbed "Follina," relies on a word document using a remote template feature to retrieve an HTML File from a remote server, and through the use...
Agriculture and Internet of Things concept

Cyber security: Global food supply chain risk

May 28 -- A new risk analysis indicates that modern "smart" farm machinery could come under threat by malicious cyber hackers, placing the global food supply chain at risk. The analysis, published in the journal Nature Machine Intelligence, describes how hackers could leverage flaws in agricultural hardware, especially those associated with autonomous machines. Next generation agriculture Some contend that intelligent,...
Breaking news concept

GoodWill ransomware demands donations

May 25 -- A new type of ransomware built to help the less-fortunate? Rather than extorting victims for personal financial gains, this group sends multi-paged ransom notes that request for victims to perform three socially driven activities in order to download the decryption key. GoodWill ransomware The operators of this ransomware are interested in promoting social justice. The ransomware...
Cyber Threat Detection Concept

Mozilla Firefox browser hacked in 8 seconds

May 23 -- Last week, Tesla was hacked. This week, Mozilla Firefox. Firefox vulnerabilities In 8 seconds, at the PWN2OWN event in Vancouver, the talented cyber security hacker by the name of Manfred Paul managed to identify a double Firefox exploit. The event came to an end on Friday May 20th. Paul's Mozilla Firefox findings earned him $100,000 in a...
Global Cyber Attack Campaign

Ransomware attackers threaten to overthrow government

May 17 -- In April, the Conti ransomware group claimed responsibility for a series of attacks against Costa Rica's government. As of May 7th, the Conti ransomware group allegedly leaked 97% of the stolen data that they had grabbed from government agencies. Previously, Conti had demanded $10 million in ransom from the Ministry of Finance for the safe...
Cyber security concept

Malware-as-a-Service gaining traction

May 16 -- Cyber criminals are pushing a new modular Malware-as-a-Service offering that enables potential cyber criminals to select off-the-shelf threat tools via a Telegram channel. More than 500 individuals are subscribed to the channel. With this malware service, known as the Eternity Project, cyber criminals can target victims with a customized threat offering based on modules that...
Cyber Attack

5 years after the first WannaCry attack

May 12 -- A full five years have passed since WannaCry first started to spread across corporate networks; jumping from one Windows system to the next. As the ransomware took hold of computers, files were held hostage, and users were instructed to provide Bitcoin payments in exchange for their safe return. Why were hundreds of thousands of devices...
Cyber security concept abstract

Costa Rica declares emergency after attacks

May 09 - In Costa Rica, President Rodrigo Chaves has declared a national emergency in the wake of cyber attacks conducted by the Conti ransomware group. The attackers managed to disrupt several government bodies, hampering everyday operations. Continuing operational and technical challenges were cited as the reason for the declaration. Further, the government intends to leverage the declaration...
Cyber Talk, cyber security resources

AvosLocker ransomware evades detection

May 06 -- In recent weeks, the US Federal Bureau of Investigation released an advisory pertaining to the AvosLocker ransomware. A new variant of the AvosLocker ransomware takes advantage of unpatched security flaws to sleuth into systems. Once on a network, this version of AvosLocker disables antivirus solutions in order to evade detection. AvosLocker ransomware According to the advisory,...

Twitter’s unexpected REvil emergency

May 02 -- A person whom the US government believes is affiliated with REvil also appears to be connected to a strange situation involving Twitter. Details are still emerging, and this story will be updated accordingly, but we know that it all started with an urgent request... Twitter provides information to enforcement agencies Twitter's policies mandate the provision of...
Fileless Malware Concept

Costa Rica: 6 public institutions contend with cyber attacks

April 22 – In Costa Rica, a series of recent cyber attacks directed towards state computer systems are perceived as attempts to destabilize the country as it transitions to a new government. This past week, six public institutions experienced significant cyber disruptions. The cyber crime group known as Conti claimed responsibility. Attackers demanded $10 million in exchange for...
Cyber security concept

LinkedIn becomes ‘most impersonated brand’

April 20 – By a significant margin, LinkedIn has recently become the most impersonated brand when it comes to phishing attacks, according to new information from Check Point Research (CPR). The researchers' 2022 Q1 Brand Phishing report revealed that phishing attacks impersonating the social networking site comprised over 50% of all phishing attempts globally within the first quarter...
Urgent update for Chrome users

Urgent security update for Chrome users

April 18 – As part of an emergency update last week, Google fixed two vulnerabilities in its Chrome web browser, one of which was listed as ‘high severity.’ The latter is a Type Confusion vulnerability in V8 engine. When run, the Type Confusion vulnerability can lead Chrome to crash or may allow arbitrary code to be executed. Google...
Power facility substation

‘Swiss Army Knife’ of malware discovered

April 15-- Known as “Pipedream,” this newly uncovered piece of code can crack industrial control systems, such as those within power grids, factories, water utilities and oil refineries. The US government warns that this piece of code can harm not just one industry – but all of them. Critical infrastructure owners worldwide should take note. "It’s no surprise...
Security lock, concept

US warns of critical infrastructure concerns

April 14— On Wednesday, multiple US government agencies published a joint alert pertaining to the discovery of malicious cyber tools crafted by unspecified cyber threat actors. The tools are allegedly capable of granting hackers “full system access” to several American industrial control systems. What we know Alerts from the Energy and Homeland Security departments, the FBI, and the NSA...
Cyber security lock concept

UK’s new privacy regulator has overhaul plans

April 11-- The UK's new privacy regulator, John Edwards, intends to roll out reforms related to privacy, GDPR, and the pursuit of legal justice. In a recent interview, John Edwards, who started his government role as the UK's Information Commissioner, explained that his teams could provide feedback to organizations before they invest in specific products or technologies, resulting...
Futuristic cyber security concept (Data Privacy Day image)

Nearly 20% of firms battling Spring4Shell

April 6— Within days of its discovery, cyber security researchers have witnessed tens of thousands of attempts to exploit the new Spring4Shell or SpringShell vulnerability. Check Point Research has purportedly identified 37,000 such attempts within the first four days of observation. The researchers have calculated that roughly 16% of global organizations were affected. Statistics also show that vulnerable versions...
Nation state threat actors

New security bureau in US State Department

April 04-- On Monday, the US State Department launched a new cyber security outfit that will respond to the growing volume of nation-state backed cyber attacks. Dubbed the Bureau of Cyberspace and Digital Policy (CDP), the group will oversee new efforts to make digital protection a key component of US foreign policy. This development reverses an effort made...
Security concept

Spring4Shell vulnerability management insights

April 1--  In the past week, a series of vulnerabilities have been identified as affecting the popular Java Spring Framework and related software components, which are commonly referred to as Spring4Shell. Patches are now available, and security teams are continuing to assess the potential for the vulnerabilities’ exploit. Read on to learn more about vulnerability assessment, severity and...
Abstract image conveying digital security

25% of workers lost jobs after compromises

Mar 31— In business, employee mistakes on the job can cost employers time, attention and resources. When it comes to company security, a simple phishing mistake can lead to data compromise and large-scale financial repercussions. A new survey of 2,000 working professionals across the US and the UK indicates that one in four employees lost their job in...
Breaking news concept

US cyber attack warnings: More details available

 March 23-- Earlier this week, the Biden administration warned US enterprises about imminent cyber attacks. The latest reports indicate that nation-state hackers have been conducting “abnormal scanning” of the networks belonging to five prominent US energy companies in what may be a possible prelude to larger cyber compromises. In addition, at least 18 US companies across other industry sectors...
Ransomware and lock concept

Lapsus$ group hits authentication firm with breach

March 22 -  The Lapsus$ threat actor group has recently been linked to cyber attacks on high-profile targets, including the authentication firm known as Okta. With a $25 billion market cap, Okta manages login information for more than 100 million internet users across organizations and governments. In the Okta breach, cyber criminals are believed to have accessed corporate...
Green abstract, hacking, binary code

New BitB attack makes phishing undetectable

March 21- A newly emerging phishing technique can replicate a browser window within the browser and thereby spoof a legitimate domain. In so doing, hackers can conduct increasingly successful phishing attacks. According to the security researcher who first identified this attack type, the method involves nefarious use of single sign-on (SSO) options that are embedded in websites. When a person...
Green abstract, hacking, binary code

CISA warns of threats to satellite networks

March 18 -- CISA and the FBI have warned of threats to satellite communication (SATCOM) networks and are advising network providers to improve their security posture. Their advisory contains recommendations to help network providers and customers curtail potential consequences. CISA and the FBI released the advisory after an outage affected Viasat's internet service for customers in Ukraine. This...
Alert concept art

Mobile users lose life savings to new scams

March 16 -- Do you use an iPhone or an Android? If you do, beware of this new romance scam which could empty your bank account. This phishing technique is also revolutionary in how it gives its victims a "win" before stealing much more money down the line. Romance scams have been around for decades. From chat rooms...
Communications and technology concept

New social engineering scam discovered

March 14 — There’s a new social engineering technique that’s spreading malware, and many people are falling for it. Here’s how it works and how you can avoid it. Many people in the cyber security industry know that e-mail is one of the most popular attack vectors used by criminals. However, threat actors are now using website contact...
Daunting cyber security statistics to know for 2022

Over 40% of Log4j downloads are still vulnerable

March 11 — It has been nearly three months since the Apache Foundation revealed the Log4j vulnerability and provided a fix for it. However, the vulnerable versions of Log4j are still being downloaded 41% of the time. This data comes from Sonatype, the administrator of the Maven Central Java package repository where developers can download Log4j. Why are...
World Map Concept

2022 Interactive Security Report

March 7 -- Get the latest cyber security insights from Check Point's interactive 2022 Cyber Security Report. High-quality information about threat trends can help you better understand your risks, your attack surface, and risk management opportunities. As 2022 unfolds, security is expected to morph into an increasingly prominent issue. There's no one better to help you address new...
cityscape

“Ice phishing” and blockchain security

Feb. 28 -- The global evolution of blockchain has occurred at a breakneck pace. In the business setting, blockchain is seeing increased adoption due to its utility in digital identity verification, and the secure transfer of both information and funds through smart contracts. Smart contracts have business applications within the food services, financial, healthcare, government and manufacturing sectors,...
Software code concept

US says that Russia breached defense contractors…

Feb 22-- According to the US, state-sponsored Russian hackers have illicitly obtained detailed information about the development and deployment of US weapons vis-a-vis a breach of American defense contractors. Although the information acquired is not of a classified nature, it does provide "significant insight" into US weapons platforms, development and deployment timelines. State-backed hackers This blatant show of bravado reveals...
Cyber security concept, danger sign

San Francisco 49ers hit by ransomware

Feb 15 -- According to San Francisco 49ers spokespersons, the team recently suffered a network security incident. Confirmation of the attack emerged as their data began to appear on the dark web. The attack did not appear to affect computer systems involved in the team's stadium operations, or those related to ticket processing. Upon discovery of the incident,...
Cyber attack image

This media outlet was just hacked…

Feb 4 – News Corp., one of the largest media outlets in the US, recently disclosed that it has fallen victim to a cyber attack, which may have exposed sensitive data belonging to journalists. Expert investigators believe that the attack may have been the work of foreign adversaries. What is News Corp.? News Corp. owns a series of major...
Cloud computing image concept

CEO says cloud and blockchain next…

Feb 02 – In an earnings call on Tuesday, CEO of Google and its parent company Alphabet, Sundar Pichai, acknowledged the role that cloud, cloud security, and blockchain will play in the tech giant’s future growth. Cloud, blockchain and Web3 Have you heard about Web3? The term represents a vision for an upgraded internet that would be based on...
Cyber security concept

You deserve the best: CPX 360 2022

Jan 25 -- In the past 12 months, 66% of organizations have experienced a cyber attack. Of survey respondents, nearly 70% assert that attacks have become increasingly targeted, meaning that they’re tougher to detect, prevent and defend against. And data breaches are worsening, but most organizations aren’t doing enough to handle the heat. On an individual level, over...
Coronavirus concept

More than 500% spike in coronavirus-related phishing attacks

Jan 24—Cyber security researchers have found that phishing threats have increased by more than 500% amidst the latest coronavirus surge. Why it matters Cyber criminals commonly leverage themes found in the news cycle in order craft timely and relevant phishing campaigns. From February to March of last year, a 667% month-over-month surge in coronavirus-related phishing threats manifested. Although threats have...
Digital abstract concept

C-levels as cyber attack targets…

Jan 10 –Sixty percent of IT leaders are worried about the prospect of targeted cyber threats reaching the c-suite. A growing list of mobile security threats, dangerous public wi-fi hotspots, and a constant fast-paced modus operandi contribute to the reasons for concern. C-level executives are highly visible, travel often, and often need to make split-second decisions. With 100...
×

Subscribe to CyberTalk.org Weekly Digest for the most current news and insights.