July 2024 - Page 2 of 4 - Cyber Security Minute

Is GhostEmperor Back? Sygnia Finds Clues in Recent Cyber Incident

Issued by: SecurityWeek

GhostEmperor is a threat group first discovered and described by Kaspersky in 2021. It has not been recognized since. In a late 2023 compromise investigation, Sygnia discovered what it believes to be a variant of the GhostEmperor infection chain leading to the Demodex rootkit – which was first seen and described by Kaspersky in 2021….

Malware & Threats

Breach Roundup: North Korean Hackers Target macOS Users

Issued by: DataBreach Today

North Korean Hackers Target macOS Users North Korean state-sponsored hackers are targeting macOS users with a new variant of their BeaverTail malware, spreading it through a malicious version of the video-calling service Microtalk. Cybersecurity researcher Patrick Wardle revealed that the attackers trick victims into downloading the infected software by posing as recruiters offering job interviews….

A critical flaw in Cisco SSM On-Prem allows attackers to change any user’s password

Issued by: Security Affairs

Cisco has addressed a critical vulnerability, tracked as CVE-2024-20419 (CVSS score of 10.0), in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers that allows attackers to change any user’s password. The issue is due to an improper implementation in the password-change process. Threat actors can trigger the vulnerability by sending specially crafted HTTP…

Cloud Security, Software Security

Beware the tools that can bring risk to a Windows network

Issued by: CSO Online

There are a few essential questions that anyone maintaining security on a Windows network needs to ask right now to avoid engaging in some very risky behavior, but there’s one that may be the most important of all — are you aware of tools in your network that may be bringing more risk? Many of…

Software Security

Top 5 Mistakes Businesses Make When Implementing Zero Trust

Issued by: Dark Reading

As organizations continue to fortify their cybersecurity strategies in response to an ever-evolving threat landscape, many are turning to Zero Trust architectures to safeguard their data. However, implementing Zero Trust is not without its challenges. According to a new strategy guide from the SANS Institute, “Navigating the Path to a State of Zero Trust in…

Malware & Threats

The State of Ransomware in Critical Infrastructure 2024

Issued by: Naked Security

The latest annual Sophos study of the real-world ransomware experiences of energy, oil/gas and utilities sector – a core element of the critical infrastructure supporting businesses – explores the full victim journey, from attack rate and root cause to operational impact and business outcomes. This year’s report sheds light on new areas of study for…

News

Australian Spycatchers Snatch Pair of Married Russian Operatives

Issued by: Dark Reading

A 40-year-old Australian Defence Force (ADF) army private and her 62-year-old husband have been arrested and charged with spying for Russia, as part of a sting operation named BURGAZADA. The pair, Kira and Igor Korolev, have lived in Australia for more than a decade and were arrested at home in Brisbane on July 11. Each…

Malware & Threats

Cisco Talos analyzes attack chains, network ransomware tactics

Issued by: CSO Online

As ransomware continues to be the scourge of enterprise security teams, Cisco’s Talos security intelligence group recently analyzed ransomware groups to identify common techniques and offer recommendations to help security team better protect their businesses. Cisco Talos reviewed 14 prominent ransomware groups between 2023 and 2024 and studied volume of attacks, impact on customers, and…

Malware & Threats

Akira Ransomware: Lightning-Fast Data Exfiltration in 2-Ish Hours

Issued by: Dark Reading

Akira ransomware actors are now capable of squirreling away data from victims in just over two hours, marking a significant shift in the average time it takes for a cybercriminal to move from initial access to information exfiltration. That’s the word from the BlackBerry Threat Research and Intelligence Team, which today released a breakdown of…

News

Evolve data breach impacted upward of 7.64 million consumers

Issued by: CSO Online

The number of persons affected by a recent data breach at Evolve Bank & Trust exceeds 7.64 million, a document submitted to the Office of the Maine Attorney General this week by the law firm representing the financial services organization reveals. According to the document, the breach occurred on February 9, but was not discovered…