Security - POKIKA

Data loss from insider events increases despite IRM programs; Report

The vast majority of companies struggle with data loss from insider events despite dedicated insider risk management (IRM) programs, according to a data impact report commissioned by Code 42. The study, conducted by Vanson Bourne, an independent research firm for technology companies, interviewed 700 US cybersecurity professionals, managers and leaders between January and February. “Insider … Read more

A Pakistani-origin spinoff is linked to a new cyber attack on India’s Defense Ministry

March 28, 2023Ravi LakshmanaEnhanced persistent threat The Advanced Persistent Threat Team (APT), which has experience targeting India and Afghanistan, has been linked to a new phishing campaign powered by the Action RAT. According to Cyble, who credited the operation SideCopy:The cluster of activities is intended to target the Defense Research and Development Organization (DRDO), the … Read more

The IcedID malware shifts the focus from banking fraud to ransomware delivery

March 28, 2023Ravi LakshmanaRansomware / Endpoint Security Multiple threats have been observed using two new versions of the IcedID malware in the wild, with more limited functionality that removes functionality related to online banking fraud. IcedID, also known as BokBot, began operating as a banking trojan in 2017. It is also capable of delivering additional … Read more

Stealthy DBatLoader malware loader spreads Remcos RAT and Formbook in Europe

March 28, 2023Ravi LakshmanaMalware attack / hacking attack A new phishing campaign aims to distribute the Remcos RAT and Formbook to European organizations via a malware loader called. DBatLoader:. “Malware payloads are distributed through WordPress sites that have authorized SSL certificates, a common tactic used by threat actors to evade detection engines,” Zscaler researchers Megraj … Read more

The Office of the Director of National Intelligence prioritizes cyber threats in its 2023 Intelligence Threat Assessment

When the Office of the Director of National Intelligence (ODNI) highlights a threat in its declassified assessment and states that there is strong supporting evidence, one should not sit back and let the data points sit idle, and we are not. ODNI didn’t mince words when they addressed China, Russia, North Korea, and Iran as … Read more

5 Ways to Tell You’re Not CISO Material

As the CISO role continues to grow and gain more responsibility, many cybersecurity practitioners may wonder if they have what it takes to be successful in the role. Technical expertise and experience are obviously huge assets. An effective CISO can evaluate and select security technology, communicate with technical staff, and make critical decisions about security … Read more

President Biden signs executive order restricting use of commercial spyware

March 28, 2023Ravi LakshmanaSpyware / Cyber ​​Security US President Joe Biden on Monday signed an executive order limiting the use of commercial spyware by federal government agencies. The order states that the spyware ecosystem “poses significant counterintelligence or security risks to the United States government or significant risks of improper use by a foreign government … Read more

PwC UK partners with ReversingLabs to manage third-party risk in software supply chain security

Advisory and professional services giant PwC UK has partnered with security firm ReversingLabs to develop a third-party risk management (TPRM) platform to help businesses address software supply chain security risks. Together with ReversingLabs, the company aims to help customers modernize traditional TPRM programs to better match the modern software supply chain by operationalizing threat detection … Read more

Apple is releasing an urgent security update for older iOS and iPadOS models

March 28, 2023Ravi LakshmanaMobile security On Monday, Apple released fixes for a security flaw that was actively exploited for older iPhone and iPad models. Issue tracked as: CVE-2023-23529refers to a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was initially patched by the tech giant with improved … Read more

How CISOs can reduce the risk of using data brokers

Purchasing databases from data brokers can pose a challenge for enterprise security managers. While there are tools for scanning files for malware, there is no automated way to ensure that the data contained in the database is accurate and, more importantly, obtained with the appropriate consent. Without that assurance, those files can pose a threat … Read more