Cybercriminals See Allure in BEC Attacks Over Ransomware
While published trends in ransomware attacks have been contradictory — with some firms tracking more incidents and other fewer — business email compromise (BEC) attacks continue to have proven success against organizations. BEC cases, as a share of all incident-response cases, more than doubled in the second quarter of the year, to 34% from 17%…
Organizations Finding the Need for New Approaches on the Cybersecurity Front, CompTIA research reveals
Fortifying cybersecurity defenses remains a work in progress for many organizations, who acknowledge their shortcomings but have yet to commit the necessary resources to the effort, new research from CompTIA, the nonprofit association for the information technology (IT) industry and workforce, reveals. “Risk mitigation is the key, the filter through which everything should be viewed.”…
Cybercriminals Apparently Involved in Russia-Linked Attack on Montenegro Government
The country’s Agency for National Security announced last week that government servers had been targeted in an ongoing attack that was described as massive and coordinated. The attack targeted government systems and other critical infrastructure, and managed to cause some disruptions. The US embassy warned citizens residing in the country that the attack could disrupt…
FBI Warns of Surge in Attacks Targeting DeFi Platforms
According to the agency, miscreants are taking advantage of the increased interest in cryptocurrency and the complex functionality and the open source nature of DeFi platforms to perform nefarious activities. Cybercriminals are exploiting security flaws in the smart contracts governing DeFi platforms to steal virtual currency and cause investors to lose money, the FBI says….
Iranian Government Hackers Exploit Log4Shell in SysAid Apps for Initial Access
The Log4Shell vulnerability affecting the Apache Log4j logging utility came to light in December 2021. The flaw, identified as CVE-2021-44228, can be exploited for remote code execution and it has been leveraged by both profit-driven cybercriminals and state-sponsored cyberspies. Log4Shell impacts the products of several major companies that use Log4j, but in many attacks the…
Ransomware is not going anywhere: Attacks are up 24%
Avast released a report revealing a significant increase in global ransomware attacks, up 24% from Q1/2022. Researchers also uncovered a new zero-day exploit in Chrome, as well as signals how cybercriminals are preparing to move away from macros as an infection vector. Ransomware attacks increase After months of decline, global ransomware attacks increased significantly in…
Transport Layer Security (TLS): Issues & Protocol
Transport layer security (TLS) is the modern version of the now-deprecated secure socket layer (SSL) protocol. Due to multiple vulnerabilities within SSL, organizations require a more robust protocol to coincide with the increasing number of web-based technologies. For example, unlike SSL, TSL allows you to negotiate encryption on regular ports and protocols such as IMAP…
Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion
Titaniam, Inc., the industry’s most advanced data security platform, announced today the ‘State of Data Exfiltration & Extortion Report.’ The survey revealed that while over 70% of organizations have an existing set of prevention, detection, and backup solutions, nearly 40% of organizations have been hit with ransomware attacks in the last year, and more than…
The price of stolen info: Everything on sale on the dark web
What is the price for personal information, including credit cards and bank accounts, on the dark web? Privacy Affairs researchers concluded criminals using the dark web need only spend $1,115 for a complete set of a person’s account details, enabling them to create fake IDs and forge private documents, such as passports and driver’s licenses….
Customer Passwords are a Target for Cybercriminals: How to Address the Threat
Companies face various cyber risks, ranging from ransomware to data theft. Cyber threat actors gain access to an organization’s systems in various ways. However, cybercriminals commonly take the path of least resistance, and organizations’ reliance on password-based authentication provides numerous avenues of attack. Passwords are known to be a weak form of authentication, and the…
