Skip to content

Risk

Security and Technology news from various third party sources. All attribution remains the property of the original authors

203 Topics 203 Posts
  • 0 Votes
    1 Posts
    51 Views
    CerberusC

    The Cybercrime Group Posted Job Advertisements on Russian Job Portals
    Threat group FIN7 has set up a website posing as a security company to recruit talent, according to fraud intelligence company Gemini Advisory. The aim of the scam was to lure security researchers who could help the group with penetration testing-related activities to enable ransomware attacks.

    https://www.inforisktoday.co.uk/fin7-sets-up-fake-pentesting-company-site-to-recruit-talent-a-17783

  • 0 Votes
    1 Posts
    41 Views
    CerberusC

    Co-Sponsor of Bipartisan Proposal Calls Bill ‘Common-Sense Legislation’
    Two Senate leaders on Thursday introduced legislation that would form a working group charged with monitoring the security of AI data obtained by federal contractors. This body would also ensure that the data adequately protects national security and recognizes privacy rights, the lawmakers say.

    https://www.inforisktoday.co.uk/new-bill-would-secure-government-contractors-use-ai-a-17786

  • 0 Votes
    1 Posts
    32 Views
    CerberusC

    Sonatype: Cryptominers Launched in Windows, macOS, Linux Devices
    Researchers at open-source software firm Sonatype have uncovered multiple malicious packages that disguise themselves as legitimate JavaScript libraries on npm registries to launch cryptominers on Windows, macOS and Linux machines.

    https://www.inforisktoday.co.uk/malicious-packages-disguised-as-javascript-libraries-found-a-17782

  • 0 Votes
    1 Posts
    34 Views
    CerberusC

    Forrester Analyst Allie Mellen on Navigating the XDR Market
    The current state of the XDR market is a “chaotic jumble of different features,” according to Forrester analyst Allie Mellon, who has authored a new study to identify the top XDR providers in the industry: The Forrester New Wave: Extended Detection And Response (XDR) Providers, Q4 2021.

    https://www.inforisktoday.co.uk/forrester-report-key-questions-to-ask-xdr-vendors-a-17781

  • 0 Votes
    1 Posts
    37 Views
    CerberusC

    FBI, US Secret Service and US Cyber Command Target Ransomware Gangs, Reuters Reports
    The outages of the notorious REvil - aka Sodinokibi - ransomware operation have been due to a coordinated law enforcement effort involving the U.S. and foreign partners, aimed at disrupting the group’s attack capabilities, Reuters reports.

    https://www.inforisktoday.co.uk/revil-revelations-law-enforcement-behind-disruptions-a-17779

  • 0 Votes
    1 Posts
    47 Views
    CerberusC

    Discussion Also Addresses the Return to In-Person Events
    In the latest weekly update, four ISMG editors discuss: a federal judge imposing the maximum sentences on a hacker who pleaded guilty to conspiracy and aggravated identity theft, regulators getting tougher on cryptocurrency lending platforms and the return to in-person roundtables.

    https://www.inforisktoday.co.uk/ismg-editors-panel-regulators-get-tough-on-crypto-firms-a-17780

  • 0 Votes
    1 Posts
    59 Views
    CerberusC

    Multiple Breach Reports for Phishing Incident Reflect Notification Complexities
    The Professional Dental Alliance is notifying more than 170,000 individuals in about a dozen states of a phishing breach involving an affiliated vendor that provides nonclinical management services to dental practices owned by PDA. Why is breach notification so complicated?

    https://www.inforisktoday.co.uk/dental-alliance-reports-vendor-breach-affecting-170000-a-17775

  • 0 Votes
    1 Posts
    46 Views
    CerberusC

    Tools Used for Personal Surveillance, Malicious Activities Must Be Licensed
    The U.S. Bureau of Industry and Security has issued an interim final rule to curb and control the export, reexport, or in-country transfer of certain offensive cyber tools that are used in surveillance of private citizens and other malicious activities that undermine the nation’s security.

    https://www.inforisktoday.co.uk/us-cracks-down-on-sale-offensive-cybersecurity-tools-a-17776

  • 0 Votes
    1 Posts
    33 Views
    CerberusC

    Legislation Targets DHS SBOM, Further Chinese Telecom Restrictions
    In a busy congressional day for cybersecurity legislation, the U.S. House of Representatives passed several bills on Wednesday, targeting both software supply chain and telecommunication system security. One observer describes them as “a win-win for the government and U.S. citizens.”

    https://www.inforisktoday.co.uk/house-passes-bills-on-both-supply-chain-telecom-security-a-17777

  • 0 Votes
    1 Posts
    39 Views
    CerberusC

    The Group Updated Its Malware Arsenal With New Capabilities
    Researchers at Kaspersky report that Lyceum group, known for targeting organizations in the energy and telecommunications sectors across the Middle East, has attacked two entities in Tunisia with an updated malware arsenal.

    https://www.inforisktoday.co.uk/lyceum-group-targets-two-tunisia-based-entities-a-17774

  • 0 Votes
    1 Posts
    45 Views
    CerberusC

    Big Game Hunting Is Out and ‘Mid Game Hunting’ Is In, Coveware Warns
    When a business, government agency or other organization hit by ransomware opted to pay a ransom to its attacker in Q3, the average payment was $140,000, reports ransomware incident response firm Coveware. It says the attack landscape has seen some notable shifts since the Colonial Pipeline attack.

    https://www.inforisktoday.co.uk/ransomware-average-ransom-payment-stays-steady-at-140000-a-17773

  • 0 Votes
    1 Posts
    42 Views
    CerberusC

    Multiple Breach Reports for Phishing Incident Reflect Notification Complexities
    The Professional Dental Alliance is notifying more than 170,000 individuals in about a dozen states of a phishing breach involving an affiliated vendor that provides nonclinical management services to dental practices owned by PDA. Why is breach notification so complicated?

    https://www.inforisktoday.co.uk/dental-alliance-reports-vendor-breach-affecting-170k-a-17775

  • 0 Votes
    1 Posts
    39 Views
    CerberusC

    (ISC)2 Report: Fixing Underrepresentation of People of Color and Women in Cyber
    In a report published earlier this week, (ISC)² - the international non-profit association that certifies cybersecurity professionals - says minority security practitioners, including people of color and women, are underrepresented in the field and offers practical steps to address the issues.

    https://www.inforisktoday.co.uk/diversity-equity-inclusion-challenges-in-cybersecurity-a-17771

  • 0 Votes
    1 Posts
    39 Views
    CerberusC

    Bulletproof Hosting Service Supported Zeus, SpyEye and Citadel Malware, Says FBI
    Four extradited Eastern European men have pleaded guilty in U.S. court to one count of conspiring to serve as administrators of a bulletproof hosting service that facilitated online attacks using the Zeus, SpyEye and Citadel Trojans and the Blackhole exploit kit, says the U.S. Department of Justice.

    https://www.inforisktoday.co.uk/4-bulletproof-hosting-provider-admins-getting-sentenced-a-17772

  • 0 Votes
    1 Posts
    37 Views
    CerberusC

    Threat Actors Use Scanning Tools for Malicious Activities
    Researchers at Uptycs Threat Research have uncovered a campaign in which the cloud-focused cryptojacking group TeamTNT is deploying malicious container images hosted on Docker Hub with an embedded script to download testing tools used for banner grabbing and port scanning.

    https://www.inforisktoday.co.uk/teamtnt-deploys-malicious-docker-image-on-docker-hub-a-17766

  • 0 Votes
    1 Posts
    44 Views
    CerberusC

    @AnibalLeaks Says Entire Database for Sale on Hacking Forum
    A cybercriminal known as cfk on popular hacking forums and @AnibalLeaks on Twitter claims to have stolen a database consisting of 45 million records of Argentina’s National Registry of Persons, or ReNaPer. The government denies that there has been unauthorized entry into its systems.

    https://www.inforisktoday.co.uk/hacker-claims-details-45-million-argentinians-stolen-a-17769

  • 0 Votes
    1 Posts
    34 Views
    CerberusC

    Federal Judge Imposes 7-Year Prison Time in Human Resources Database Hack Case
    A federal judge has imposed the maximum sentences - a total of seven years in prison - on a hacker who earlier pleaded guilty in a conspiracy case involving the hacking of University of Pittsburgh Medical Center human resources databases and the theft of personal information of 65,000 employees - some which was sold on the dark web and used for federal tax fraud.

    https://www.inforisktoday.co.uk/hacker-in-upmc-data-theft-fraud-case-gets-maximum-sentences-a-17770

  • 0 Votes
    1 Posts
    49 Views
    CerberusC

    Executive Director Wales Cites Colonial Pipeline’s Rapid Notification to Customers
    A top leader of the U.S. Cybersecurity and Infrastructure Security Agency has voiced support for a 24-hour timeline for cyber incident reporting involving critical infrastructure, signaling a push by the Biden administration to implement a rapid mechanism for federal response.

    https://www.inforisktoday.co.uk/cisa-leader-backs-24-hour-timeline-for-incident-reporting-a-17767

  • 0 Votes
    1 Posts
    34 Views
    CerberusC

    Attorney General Tells 3 Others to Provide Information in Latest Enforcement Effort
    New York State AG Letitia James served cease and desist letters to two cryptocurrency lending platforms that her office says engage in “unregistered and unlawful activities.” Three other platforms were told by the OAG to “immediately provide information about their activities and products.”

    https://www.inforisktoday.co.uk/new-york-tells-2-cryptocurrency-firms-to-cease-desist-a-17764

  • 0 Votes
    1 Posts
    42 Views
    CerberusC

    System Infection Can be Prevented Using Flaws in Malware
    Researchers at Zscaler say that malware is often prone to bugs and coding errors which can cause it to crash or serve as a backdoor for defenders to undo the damage it might have caused. They suggest defenders proactively use malware bugs to stop them from spreading and infecting the system.

    https://www.inforisktoday.co.uk/bugs-in-malware-serve-as-backdoor-to-undo-damage-a-17763