RSS_Virtulization

By Garret Grajek, CEO, YouAttest During the first half of 2020 alone, over 36 billion records were exposed through various data breaches, with the FBI reporting an increase of 300% in reports since the onset of the COVID-19 pandemic. With threats, both internal and external, facing organizations at an all-time high, cybersecurity should be a critical focus for 2021, especially as remote working is a trend that will continue far into the future. Hackers look…

Elite cybercrime forum Maza aka MFclub has been taken over by hackers, according to new research by risk intelligence company Flashpoint. The Russian-language forum, which was originally known as Mazafaka, has served thousands of cyber-criminals since its launch in 2003.  “Little is known at this time about the attackers who successfully compromised Maza,” wrote Flashpoint researchers. But thanks to the data allegedly leaked in the attack, quite a lot has come to light about the site’s users. …

The United States Justice Department has warned that cyber-criminals are impersonating state workforce agencies (SWAs) to steal Americans’ personal data. In a press release issued March 5, the department said it had received reports that bad actors are creating fake websites that mimic sites genuinely belonging to SWAs.  “The fake websites are designed to trick consumers into thinking they are applying for unemployment benefits and disclosing personally identifiable information and other sensitive data,” said the department.  “That…

An American mortgage lender has shelled out $1.5m to resolve allegations that it violated the New York Department of Financial Services (NYDFS) Cybersecurity Regulation.  Residential Mortgage Services, Inc. (RMS), which is headquartered in South Portland, Maine, was accused of failing to report a data breach that occurred in 2019.  The breach was uncovered during an investigation of RMS carried out in July 2020 by the NYDFS. The department found evidence that “a substantial amount of sensitive personal data” had…

President Trump’s cybersecurity order made the National Institute of Standards and Technology’s framework federal policy. Here’s what you need to know about the NIST’s Cybersecurity Framework. The tech world has a problem: security fragmentation. There’s no standard set of rules–or even language–used to address the growing threats of hackers, ransomware, and stolen data, and the threat only continues to grow. President Obama recognized the threat in 2013, which led to his cybersecurity executive order that…

Security researchers are warning of a resurgent campaign to hijack developer resources for cryptocurrency mining. A team from Aqua Security explained that over the period of just four days, attackers set up 92 malicious Docker Hub registries and 92 Bitbucket repositories to abuse these resources. “The adversaries create a continuous integration process that every hour initiates multiple auto-build processes, and on each build, a Monero cryptominer is executed,” said Aqua Security’s lead data analyst, Assaf…

Cyber-criminals are actively sharing tips and advice on how to bypass the 3D Secure (3DS) protocol to commit payment fraud, according to researchers. A team at threat intelligence firm Gemini Advisory found the discussions on multiple dark web forums, claiming that phishing and social engineering tactics stood a good chance of success in certain situations. Although version two of the protocol, designed for smartphone users, allows individuals to authenticate payments with hard-to-spoof or steal biometric…

A major aviation IT company has been breached in what appears to be a coordinated supply chain attack affecting multiple airlines and hundreds of thousands of passengers. SITA provides IT and telecoms services to around 400 members in the industry, claiming to serve around 90% of the global airline business. It revealed yesterday that attackers had compromised passenger data stored on its SITA Passenger Service System servers in the US. It said these servers operate…