Cyber Security Minute

Announcement Center

Organizations Must Brace for Privacy Impacts This Year

January 26, 2023 3:00 pm

Advertisement In 2022, we saw broad support behind federal privacy legislation in the US Congress. While the American Data Privacy Protection Act (ADPPA) did not see the president’s pen prior to the midterms, the fact that such a bill saw a committee vote in the House — approved 53–2, with bipartisan support — and both...

Attackers Crafted Custom Malware for Fortinet Zero-Day

January 19, 2023 9:30 pm

Advertisement Researchers analyzing data associated with a recently disclosed zero-day vulnerability in Fortinet’s FortiOS SSL-VPN technology have identified a sophisticated new backdoor specifically designed to run on Fortinet’s FortiGate firewalls. The malware appears to be the work of a China-based threat actor engaged in cyber-espionage operations targeting government organizations and those working with these organizations....

LockBit Tries to Distance Itself From Royal Mail Attack

January 13, 2023 10:12 pm

Advertisement What’s the term for when a ransomware group blames a geopolitically awkward attack it appears to have carried out on someone – anyone – else, just not them? Let’s call it getting “Colonial Pipelined,” after the DarkSide group’s disastrous hit on that oil pipeline system led the crime group to kill its brand. Is...

API management (APIM): What It Is and Where It’s Going

Issued by: Security Affairs

So, where does this leave businesses that want to leverage the power of APIs? For starters, they need to invest in an API security strategy that covers all their bases. A robust strategy will be held up by a number of different tools and methodologies,...

6 Examples of the Evolution of a Scam Site

Issued by: Dark Reading

Fraudsters are getting more sophisticated about how they set up and make adjustments to brand impersonation scam sites — not just for phishing, but for all kinds of consumer fraud. A recent analysis by security researchers at Allure Security illustrates how brand impersonation sites are...

Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyberattacks

Issued by: Dark Reading

Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is. In a Feb. 1 blog post, Crane Hassold, director...

CISA to Open Supply Chain Risk Management Office

Issued by: Dark Reading

The US Cybersecurity and Infrastructure Security Agency (CISA) plans to open an office focused on helping the public and private sectors protect their software and IT supply chains. The new office will help organizations implement recently issued CISA policies and guidance related to managing cybersecurity...

Pro-Russia Killnet group hit Dutch and European hospitals

Issued by: Security Affairs

The Dutch National Cyber Security Centre (NCSC) reported that the websites of several hospital in the Netherlands and Europe were hit by DDoS attacks carried out by pro-Russia hacking group Killnet. The group of hackers launched the offensive against the hospitals in the European countries...

Ransomware Hit on ION Group Delays EU Derivatives Trades

Issued by: DataBreach Today

Attackers this week locked up the business of London-based ION Cleared Derivatives, a software firm that supports derivatives trading, forcing major European banks to process trades manually and prompting a major futures exchange to delay the settlement of trades for two hours. ION Cleared Derivatives,...

Cyber Security Minute

QNAP addresses a critical flaw impacting its NAS devices

Hacker accused of having stolen personal data of all Austrians and more

Chinese threat actor DragonSpark targets East Asian businesses

Apple backported patches for CVE-2022-42856 zero-day on older iPhones, iPads

ISMG Editors: Why Is LockBit Ransomware Group So Prolific?

Ransomware Remains Top Cyber Threat, Former NCSC Chief Says

Announcement Center