Breaking News

Cyber Threat Detection Concept

Mozilla Firefox browser hacked in 8 seconds

May 23 -- Last week, Tesla was hacked. This week, Mozilla Firefox. Firefox vulnerabilities In 8 seconds, at the PWN2OWN event in Vancouver, the talented cyber security hacker by the name of Manfred Paul managed to identify a double Firefox exploit. The event came to an end on Friday May 20th. Paul's Mozilla Firefox findings earned him $100,000 in a...
Global Cyber Attack Campaign

Ransomware attackers threaten to overthrow government

May 17 -- In April, the Conti ransomware group claimed responsibility for a series of attacks against Costa Rica's government. As of May 7th, the Conti ransomware group allegedly leaked 97% of the stolen data that they had grabbed from government agencies. Previously, Conti had demanded $10 million in ransom from the Ministry of Finance for the safe...
Cyber security concept

Malware-as-a-Service gaining traction

May 16 -- Cyber criminals are pushing a new modular Malware-as-a-Service offering that enables potential cyber criminals to select off-the-shelf threat tools via a Telegram channel. More than 500 individuals are subscribed to the channel. With this malware service, known as the Eternity Project, cyber criminals can target victims with a customized threat offering based on modules that...
Cyber Attack

5 years after the first WannaCry attack

May 12 -- A full five years have passed since WannaCry first started to spread across corporate networks; jumping from one Windows system to the next. As the ransomware took hold of computers, files were held hostage, and users were instructed to provide Bitcoin payments in exchange for their safe return. Why were hundreds of thousands of devices...
Cyber security concept abstract

Costa Rica declares emergency after attacks

May 09 - In Costa Rica, President Rodrigo Chaves has declared a national emergency in the wake of cyber attacks conducted by the Conti ransomware group. The attackers managed to disrupt several government bodies, hampering everyday operations. Continuing operational and technical challenges were cited as the reason for the declaration. Further, the government intends to leverage the declaration...
Cyber Talk, cyber security resources

AvosLocker ransomware evades detection

May 06 -- In recent weeks, the US Federal Bureau of Investigation released an advisory pertaining to the AvosLocker ransomware. A new variant of the AvosLocker ransomware takes advantage of unpatched security flaws to sleuth into systems. Once on a network, this version of AvosLocker disables antivirus solutions in order to evade detection. AvosLocker ransomware According to the advisory,...
Twitter concept art

Twitter’s unexpected REvil emergency

May 02 -- A person whom the US government believes is affiliated with REvil also appears to be connected to a strange situation involving Twitter. Details are still emerging, and this story will be updated accordingly, but we know that it all started with an urgent request... Twitter provides information to enforcement agencies Twitter's policies mandate the provision of...
Fileless Malware Concept

Costa Rica: 6 public institutions contend with cyber attacks

April 22 – In Costa Rica, a series of recent cyber attacks directed towards state computer systems are perceived as attempts to destabilize the country as it transitions to a new government. This past week, six public institutions experienced significant cyber disruptions. The cyber crime group known as Conti claimed responsibility. Attackers demanded $10 million in exchange for...
Cyber security concept

LinkedIn becomes ‘most impersonated brand’

April 20 – By a significant margin, LinkedIn has recently become the most impersonated brand when it comes to phishing attacks, according to new information from Check Point Research (CPR). The researchers' 2022 Q1 Brand Phishing report revealed that phishing attacks impersonating the social networking site comprised over 50% of all phishing attempts globally within the first quarter...
Urgent update for Chrome users

Urgent security update for Chrome users

April 18 – As part of an emergency update last week, Google fixed two vulnerabilities in its Chrome web browser, one of which was listed as ‘high severity.’ The latter is a Type Confusion vulnerability in V8 engine. When run, the Type Confusion vulnerability can lead Chrome to crash or may allow arbitrary code to be executed. Google...
Power facility substation

‘Swiss Army Knife’ of malware discovered

April 15-- Known as “Pipedream,” this newly uncovered piece of code can crack industrial control systems, such as those within power grids, factories, water utilities and oil refineries. The US government warns that this piece of code can harm not just one industry – but all of them. Critical infrastructure owners worldwide should take note. "It’s no surprise...
Security lock, concept

US warns of critical infrastructure concerns

April 14— On Wednesday, multiple US government agencies published a joint alert pertaining to the discovery of malicious cyber tools crafted by unspecified cyber threat actors. The tools are allegedly capable of granting hackers “full system access” to several American industrial control systems. What we know Alerts from the Energy and Homeland Security departments, the FBI, and the NSA...
Cyber security lock concept

UK’s new privacy regulator has overhaul plans

April 11-- The UK's new privacy regulator, John Edwards, intends to roll out reforms related to privacy, GDPR, and the pursuit of legal justice. In a recent interview, John Edwards, who started his government role as the UK's Information Commissioner, explained that his teams could provide feedback to organizations before they invest in specific products or technologies, resulting...
Futuristic cyber security concept (Data Privacy Day image)

Nearly 20% of firms battling Spring4Shell

April 6— Within days of its discovery, cyber security researchers have witnessed tens of thousands of attempts to exploit the new Spring4Shell or SpringShell vulnerability. Check Point Research has purportedly identified 37,000 such attempts within the first four days of observation. The researchers have calculated that roughly 16% of global organizations were affected. Statistics also show that vulnerable versions...
Nation state threat actors

New security bureau in US State Department

April 04-- On Monday, the US State Department launched a new cyber security outfit that will respond to the growing volume of nation-state backed cyber attacks. Dubbed the Bureau of Cyberspace and Digital Policy (CDP), the group will oversee new efforts to make digital protection a key component of US foreign policy. This development reverses an effort made...
Security concept

Spring4Shell vulnerability management insights

April 1--  In the past week, a series of vulnerabilities have been identified as affecting the popular Java Spring Framework and related software components, which are commonly referred to as Spring4Shell. Patches are now available, and security teams are continuing to assess the potential for the vulnerabilities’ exploit. Read on to learn more about vulnerability assessment, severity and...
Abstract image conveying digital security

25% of workers lost jobs after compromises

Mar 31— In business, employee mistakes on the job can cost employers time, attention and resources. When it comes to company security, a simple phishing mistake can lead to data compromise and large-scale financial repercussions. A new survey of 2,000 working professionals across the US and the UK indicates that one in four employees lost their job in...
Breaking news concept

US cyber attack warnings: More details available

 March 23-- Earlier this week, the Biden administration warned US enterprises about imminent cyber attacks. The latest reports indicate that nation-state hackers have been conducting “abnormal scanning” of the networks belonging to five prominent US energy companies in what may be a possible prelude to larger cyber compromises. In addition, at least 18 US companies across other industry sectors...
Ransomware and lock concept

Lapsus$ group hits authentication firm with breach

March 22 -  The Lapsus$ threat actor group has recently been linked to cyber attacks on high-profile targets, including the authentication firm known as Okta. With a $25 billion market cap, Okta manages login information for more than 100 million internet users across organizations and governments. In the Okta breach, cyber criminals are believed to have accessed corporate...
Green abstract, hacking, binary code

New BitB attack makes phishing undetectable

March 21- A newly emerging phishing technique can replicate a browser window within the browser and thereby spoof a legitimate domain. In so doing, hackers can conduct increasingly successful phishing attacks. According to the security researcher who first identified this attack type, the method involves nefarious use of single sign-on (SSO) options that are embedded in websites. When a person...
Green abstract, hacking, binary code

CISA warns of threats to satellite networks

March 18 -- CISA and the FBI have warned of threats to satellite communication (SATCOM) networks and are advising network providers to improve their security posture. Their advisory contains recommendations to help network providers and customers curtail potential consequences. CISA and the FBI released the advisory after an outage affected Viasat's internet service for customers in Ukraine. This...
Alert concept art

Mobile users lose life savings to new scams

March 16 -- Do you use an iPhone or an Android? If you do, beware of this new romance scam which could empty your bank account. This phishing technique is also revolutionary in how it gives its victims a "win" before stealing much more money down the line. Romance scams have been around for decades. From chat rooms...
Communications and technology concept

New social engineering scam discovered

March 14 — There’s a new social engineering technique that’s spreading malware, and many people are falling for it. Here’s how it works and how you can avoid it. Many people in the cyber security industry know that e-mail is one of the most popular attack vectors used by criminals. However, threat actors are now using website contact...
Daunting cyber security statistics to know for 2022

Over 40% of Log4j downloads are still vulnerable

March 11 — It has been nearly three months since the Apache Foundation revealed the Log4j vulnerability and provided a fix for it. However, the vulnerable versions of Log4j are still being downloaded 41% of the time. This data comes from Sonatype, the administrator of the Maven Central Java package repository where developers can download Log4j. Why are...
World Map Concept

2022 Interactive Security Report

March 7 -- Get the latest cyber security insights from Check Point's interactive 2022 Cyber Security Report. High-quality information about threat trends can help you better understand your risks, your attack surface, and risk management opportunities. As 2022 unfolds, security is expected to morph into an increasingly prominent issue. There's no one better to help you address new...
cityscape

“Ice phishing” and blockchain security

Feb. 28 -- The global evolution of blockchain has occurred at a breakneck pace. In the business setting, blockchain is seeing increased adoption due to its utility in digital identity verification, and the secure transfer of both information and funds through smart contracts. Smart contracts have business applications within the food services, financial, healthcare, government and manufacturing sectors,...
Software,Developer,Programming,Code.,Abstract,Computer,Script,Code.,Programming,Code

US says that Russia breached defense contractors…

Feb 22-- According to the US, state-sponsored Russian hackers have illicitly obtained detailed information about the development and deployment of US weapons vis-a-vis a breach of American defense contractors. Although the information acquired is not of a classified nature, it does provide "significant insight" into US weapons platforms, development and deployment timelines. State-backed hackers This blatant show of bravado reveals...
Security concept

New FBI crypto crime unit, starting now

Feb 18 -- The Federal Bureau of Investigation (FBI) is opening a new unit dedicated to tracking and seizing stolen cryptocurrencies. In addition to protecting the general public, this move represents part of a broader shift in tactics for taking down international crime networks. According to Deputy Attorney General, Lisa Monaco, the new team will be known as...
Cyber security concept, danger sign

San Francisco 49ers hit by ransomware

Feb 15 -- According to San Francisco 49ers spokespersons, the team recently suffered a network security incident. Confirmation of the attack emerged as their data began to appear on the dark web. The attack did not appear to affect computer systems involved in the team's stadium operations, or those related to ticket processing. Upon discovery of the incident,...
Cyber security concept

Morley Companies’ data breach details…

Feb 14 -- In early August, a ransomware attack on Morley Companies disrupted the firm's operations, rendering certain data temporarily unavailable. New information pertaining to the attack has recently emerged, leading to an announcement from Michigan's attorney general, and a law suit. The law suit contends that the personal information (social security numbers...etc) of more than half a...
Lock concept

IRS revamps plan to use facial recognition

Feb 07—In the United States, the Internal Revenue Service (IRS) is backing down from a transition to the use of facial recognition software. In a public statement, the agency expressed that it will “transition away from using a third-party service for facial recognition to help authenticate people creating new online accounts.” The ID.me contract In the past few years, due...
Cyber attack image

This media outlet was just hacked…

Feb 4 – News Corp., one of the largest media outlets in the US, recently disclosed that it has fallen victim to a cyber attack, which may have exposed sensitive data belonging to journalists. Expert investigators believe that the attack may have been the work of foreign adversaries. What is News Corp.? News Corp. owns a series of major...
Cloud computing image concept

CEO says cloud and blockchain next…

Feb 02 – In an earnings call on Tuesday, CEO of Google and its parent company Alphabet, Sundar Pichai, acknowledged the role that cloud, cloud security, and blockchain will play in the tech giant’s future growth. Cloud, blockchain and Web3 Have you heard about Web3? The term represents a vision for an upgraded internet that would be based on...
New bug discovered

Apple pays $100.5K bug bounty for Mac webcam hack 2022

Jan 31 -- Via a shared iCloud document, one researcher discovered the ability to "hack every website you've ever visited" on your iPhone.  The researcher showed Apple how its webcams can be hijacked via a universal cross-site scripting bug. In return for the valuable insights, Apple has awarded the individual a record $100.5K bug bounty. In theory, the...
Protecting your data, thumbprint

Strategies for protecting your data

Jan 28— How does your organization stack up when it comes to data privacy protections? Get your data under control. Develop a data security strategy that can help you protect people, and prepare for threats. Critical pieces of data that businesses often have on-hand include employee records, payroll information, customer data, vendor data, and partner data. The loss...
Cyber security concept

You deserve the best: CPX 360 2022

Jan 25 -- In the past 12 months, 66% of organizations have experienced a cyber attack. Of survey respondents, nearly 70% assert that attacks have become increasingly targeted, meaning that they’re tougher to detect, prevent and defend against. And data breaches are worsening, but most organizations aren’t doing enough to handle the heat. On an individual level, over...
Coronavirus concept

More than 500% spike in coronavirus-related phishing attacks

Jan 24—Cyber security researchers have found that phishing threats have increased by more than 500% amidst the latest coronavirus surge. Why it matters Cyber criminals commonly leverage themes found in the news cycle in order craft timely and relevant phishing campaigns. From February to March of last year, a 667% month-over-month surge in coronavirus-related phishing threats manifested. Although threats have...
Firewall concept art

A new standard in Firewall performance

Jan 20 – Purveyor of cyber security solutions Check Point Software has recently extended the Check Point Quantum portfolio with Quantum Lightspeed Firewalls; the biggest network security revolution of the past decade. The emergence of distributed SaaS applications and the need to provide stronger security support for remote workers mean that the modern data center is rapidly evolving...
Abstract, futuristic binary code

REvil ransomware attackers arrested…

Jan 18 -- On Friday, Russian authorities announced their interference with the REvil ransomware gang's activities. Fourteen of the groups members were arrested, and the groups overall operations could not continue. The takedown occurred at the behest of the US government, which aimed to prevent repeats of past, large-scale cyber security issues caused by REvil. According to Russia's Federal...
In 2022, will Web3 take off

A new iteration of the internet? Web3

Jan 12-- Is Web3 is more than “Silicon Valley’s latest identity crisis,” as NBC news describes it? This article delves into the definition of Web3, why it matters, what's ahead, all with an eye towards helping you shape your perspectives on the subject. Definition of Web3 Web3 is intended as a new configuration for the world wide web. The...
Digital abstract concept

C-levels as cyber attack targets…

Jan 10 –Sixty percent of IT leaders are worried about the prospect of targeted cyber threats reaching the c-suite. A growing list of mobile security threats, dangerous public wi-fi hotspots, and a constant fast-paced modus operandi contribute to the reasons for concern. C-level executives are highly visible, travel often, and often need to make split-second decisions. With 100...
Zepto ransomware concept art

Network security in the new normal…

Jan 4— In the past year, cyber criminals have been hard at work trying to break into networks. Many have zeroed in on the vulnerabilities associated with remote work, attempting to hack clouds, edge technologies, IoT devices, and more. In 2022, organizations will need to pay close attention to emerging network security threats and enhance security accordingly...
Digital transformation concept

Cyber security: What the future holds…

Dec 30— As we look ahead to 2022, we observe a series of trends that will reshape the cyber security landscape. Cyber security leadership teams can expect new challenges, as indicated within a recent report produced by Check Point Software. Report findings Experts expect that supply chain attacks will continue to proliferate. In turn, this may lead to...
Phishing concept

Holiday cyber security breaches

Dec. 28-- Over the Christmas holiday weekend, the digital photography site known as Shutterstock reported a cyber security incident to the public. According to experts, the attack took place several weeks before, and a combination of law enforcement and cyber security teams are working to address the issue. Holiday havoc Christmas is often considered a peak time for hackers...
Log4j vulnerabilities

Continued concern over Log4j vulnerabilities

Dec 20-- New Log4j vulnerabilities leave organizations with greater uncertainty than before. An alternative attack vector appears to rely on a simple Javascript WebSocket connection, which can trigger remote code-execution (RCE) on servers locally. The catalyst is a drive-by compromise. An exploit could impact services operating as localhost in internal systems not exposed to the network, according to...
Protecting your organization from dynamic threats

Log4j: Protecting your organization from dynamic threats

EXECUTIVE SUMMARY: “Is the internet on fire?” asked one anonymous cyber security expert, upon hearing of the Log4j vulnerability. In the ensuing days, many shared the sentiment. In case the Log4j vulnerability breezed by you, this article contains an overview of what the vulnerability is, why it matters and how to safeguard your organization, as to avoid a holiday...
Software concept, dark web

American officials warn of holiday hacks

Dec 17-- American officials warn that hackers have a habit of striking during holiday breaks. As stated in a White House letter, decision-makers must implement new layers of security now in order to reduce holiday cyber risk. Agencies also note that recent events highlight the fragility of digital infrastructure, and on this account, organizations must take more precautions...
abstract cybersecurity and fire concept

Security meltdown: Log4j vulnerability

Dec 13- A new security vulnerability affects digital systems across the internet, and across the globe. Hackers have begun to exploit the bug, and software developers are racing to fix it. Researchers state that the bug could lead to serious repercussions worldwide. The vulnerability The issues has to do with Log4j, a ubiquitous, if obscure, open-source Apache logging framework...
Coronavirus concept

Omicron variant sparks new phishing campaigns

Dec 10--The Omicron strain of the coronavirus provides hackers with further cover as they launch new phishing campaigns. Researchers have identified a fresh phishing threat that leverages concern over the spread of the Omicron variant to steal credentials, which are then used to gain illicit access into systems. Thus far, hackers have managed to use this trick in order...
Abstract cyber concept

Spyware found on US State Department phones

Dec 3-- Apple Inc recently notified a small group of US State Department employees about their phones as subjects of surveillance operations conducted by unknown perpetrators. For its part, Apple recently filed a lawsuit against the makers of the surveillance tool in use, which was designed to compromise the security of its phones, among others. At least nine US...
Cyber security abstract concept

Fighting misinformation and media manipulation

Dec 1—On Friday of last week, American news executives joined an off-the-record Zoom meeting designed to help everyone develop stronger foundational practices for fighting misinformation and media manipulation. The Zoom meetings were facilitated by Harvard academics at the Harvard University’s Shorenstein Center on the Media, Politics and Public Policy. Professionals presented case studies and raised important issues facing...
Malware families

Google Ads used for stealing cryptocurrency

Nov. 10— After observing the disappearance of hundreds of thousands of dollars’ worth of cryptocurrency from victims, researchers are warning of Google Ads scams used to steal crypto wallets. Google Ads scams In recent weeks, scammers have placed Google Ads at the top of Google Search, which mimicked popular crypto wallets and platforms; from Phantom App to Pancake Swap....
Digital clock interface, risk management concept

New cyber security order, Biden administration

Nov. 3– In the US, the Biden administration has ordered federal agencies to fix more than 200 cyber security flaws. Some of these flaws were first identified more than a decade ago. Previously, agencies have skirted cyber security issues due to lack of cyber security skill, budget, and differing perceptions around the importance of cyber security. The new...
Abstract concept

Audio deep fake tech, financial firm loses $35M

Oct 20-- Audio voice cloning may emerge as a pressing business security problem. Fraudsters are using voice-shaping tools to infiltrate enterprises and to carry out cyber attacks. Will detection technology be able to keep pace? In early 2020, a bank manager in Dubai believed himself to be speaking with the director of a partner group, who he had...
Software concept, dark web

228,000 subscribers, data on the dark web

Oct 15— Last year, more than 228,000 pieces of data belonging to the 3D printing site Thingiverse made their way onto the dark web. Since then, hackers have widely circulated the information, which includes real names, home addresses and website authentication credentials. Precisely how hackers are using or intend to use this data remains unclear. Nonetheless, the...
Cyber security concept

Army CDO says greater interoperability needed

Oct 8-- The US Army's Chief Data Officer (CDO) states that achieving zero-trust will be easiest if software and other tech infrastructures are interoperable. This represents a departure from traditional, competitive business practices that can result in "vendor lock-in." CDO David Markowitz advocates for the industry to be interoperable with itself. To enable greater interoperability, the army is...
cyber security concept

Central bank digital currency, costs and risks

Sept 24--In the US, the Federal Reserve is expected to release new research that weighs the costs, benefits and risks associated with the development of a central bank digital currency (CBDC). Experts want to fully analyze how a national digital currency could affect domestic financial stability and the financial system as a whole. Questions abound regarding how...
digital technology concept

FBI withheld Kaseya decryption key

Sept 22--New reports indicate that the US Federal Bureau of Investigation (FBI) withheld information pertaining to the Kaseya decryption key for nearly three weeks. This critical information could have enabled the IT group to unlock their network, and possibly those of clients in a timely manner. The decision not to provide Kaseya with the key appears to have...
Email security best practices concept

Why your inbox might be a growing risk

Sept 20--Over time, our inboxes become our repositories for the records, receipts and the revolving door of other documents that make up our lives; both business and personal. In the past year, more of our lives have migrated onto the internet than ever before. As a result, our inboxes are piling up with content, much of which...
Lateral network movement, abstract concept

Notorious Ragnarok ransomware gang shuts down

Sept 1—The Ragnarok ransomware gang, which began operations in 2019, formally announced its decision to wind down operations. Last week, Ragnarok provided all 12 of the victims listed on its dark web platform with instructions regarding file decryption. The group also offered victims a decryptor that includes a master decryption key. Ragnarok’s claims to fame The Ragnarok group gained...
Abstract security and news concept

Breaking News: $50M Ransom Demand on Saudi Aramco

Contributed by Justice Anyai, Office of the CTO, Check Point Software The Financial Times reported on July 21st that Saudi Aramco, the largest oil producer in the world, is currently faced with a ransomware payment situation. The cyber extortionist behind this attack has demanded a payment of $50M to an undisclosed cryptocurrency wallet or else troves of data...
Breaking News Image

Breaking News: Cyber Attack on US Critical Infrastructure Causes Shut Down!

Contributed by Edwin Doyle, Global Security Strategist.  May 10--A fifth generation cyber attack shut down the US fuel pipeline belonging to Colonial Pipeline Inc., which is responsible for pumping over 100 million gallons of gasoline 5,500 miles from Houston to New York Harbor. Was the attack intended to cause a catastrophic oil spill or to lead to a ransomware...
Chip shortage, semiconductors, driving in the slow lane

Breaking News: CNA Financial Breach

Contributed by Edwin Doyle, Global Security Strategist, Check Point Software.  March 29--Multi-billion dollar insurance conglomerate, CNA Financial, suffered a massive cyber breach that forced them to disconnect all systems from their network. CNA's website displayed the explanation, “The attack caused a network disruption and impacted certain CNA systems, including corporate email”. Why is this breach significant? CNA is listed...
×

Subscribe to CyberTalk.org Weekly Digest for the most current news and insights.