The vast majority of companies struggle with data loss from insider events despite dedicated insider risk management (IRM) programs, according to a data impact report commissioned by Code 42. The study, conducted by Vanson Bourne, an independent research firm for technology companies, interviewed 700 US cybersecurity professionals, managers and leaders between January and February. “Insider … Read more
March 28, 2023Ravi LakshmanaEnhanced persistent threat The Advanced Persistent Threat Team (APT), which has experience targeting India and Afghanistan, has been linked to a new phishing campaign powered by the Action RAT. According to Cyble, who credited the operation SideCopy:The cluster of activities is intended to target the Defense Research and Development Organization (DRDO), the … Read more
March 28, 2023Ravi LakshmanaRansomware / Endpoint Security Multiple threats have been observed using two new versions of the IcedID malware in the wild, with more limited functionality that removes functionality related to online banking fraud. IcedID, also known as BokBot, began operating as a banking trojan in 2017. It is also capable of delivering additional … Read more
March 28, 2023Ravi LakshmanaMalware attack / hacking attack A new phishing campaign aims to distribute the Remcos RAT and Formbook to European organizations via a malware loader called. DBatLoader:. “Malware payloads are distributed through WordPress sites that have authorized SSL certificates, a common tactic used by threat actors to evade detection engines,” Zscaler researchers Megraj … Read more
When the Office of the Director of National Intelligence (ODNI) highlights a threat in its declassified assessment and states that there is strong supporting evidence, one should not sit back and let the data points sit idle, and we are not. ODNI didn’t mince words when they addressed China, Russia, North Korea, and Iran as … Read more
As the CISO role continues to grow and gain more responsibility, many cybersecurity practitioners may wonder if they have what it takes to be successful in the role. Technical expertise and experience are obviously huge assets. An effective CISO can evaluate and select security technology, communicate with technical staff, and make critical decisions about security … Read more
March 28, 2023Ravi LakshmanaSpyware / Cyber Security US President Joe Biden on Monday signed an executive order limiting the use of commercial spyware by federal government agencies. The order states that the spyware ecosystem “poses significant counterintelligence or security risks to the United States government or significant risks of improper use by a foreign government … Read more
Advisory and professional services giant PwC UK has partnered with security firm ReversingLabs to develop a third-party risk management (TPRM) platform to help businesses address software supply chain security risks. Together with ReversingLabs, the company aims to help customers modernize traditional TPRM programs to better match the modern software supply chain by operationalizing threat detection … Read more
March 28, 2023Ravi LakshmanaMobile security On Monday, Apple released fixes for a security flaw that was actively exploited for older iPhone and iPad models. Issue tracked as: CVE-2023-23529refers to a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was initially patched by the tech giant with improved … Read more
Purchasing databases from data brokers can pose a challenge for enterprise security managers. While there are tools for scanning files for malware, there is no automated way to ensure that the data contained in the database is accurate and, more importantly, obtained with the appropriate consent. Without that assurance, those files can pose a threat … Read more