IBM X-Force Report: Grandoreiro Malware Targets More Than 1,500 Banks in 60 Countries

IBM X-Force Report: Grandoreiro Malware Targets More Than 1,500 Banks in 60 Countries

A new report from IBM X-Force exposes changes in the Grandoreiro malware landscape. The banking trojan is now capable of targeting more than 1,500 global banks in more than 60 countries, and it has been updated with new features. Also, Grandoreiro’s targeting has become wider, as it initially only targeted Spanish-speaking countries, while recent attack campaigns targeted countries in Europe, Asia and Africa. In addition, the malware is now sending phishing emails directly from the…

Read More

How Can Businesses Defend Themselves Against Cyberthreats?

How Can Businesses Defend Themselves Against Cyberthreats?

Today, all businesses are at risk of cyberattack, and that risk is constantly growing. Digital transformations are resulting in more sensitive and valuable data being moved onto online systems capable of exploitation, thus increasing the profitability of a successful breach. Furthermore, launching a cyberattack is becoming more accessible. Exploit kits and malware-as-a-service offerings are getting cheaper, while open-source AI tools are making masquerading as a trusted executive and exploiting vulnerabilities easier. TechRepublic consolidated expert advice…

Read More

Verizon 2024 Data Breach Report shows the risk of the human element

Verizon 2024 Data Breach Report shows the risk of the human element

Verizon Business released its 17th-annual Data Breach Investigations Report (DBIR), highlighting the role that the human element plays in cyber threats. This report examined 30,458 security incidents as well as 10,626 verified breaches in 2023, representing a two-fold increase from 2022. Out of the breaches analyzed, more than two-thirds (68%) included a non-malicious human element — in other words, these incidents involved insider errors or people falling for social engineering schemes. This percentage remains consistent…

Read More

The art of information gathering.

The art of information gathering.

Greg Lesnewich, senior threat researcher at Proofpoint, sits down to discuss “From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering.” Since 2023, TA427 has directly solicited foreign policy experts for their opinions on nuclear disarmament, US-ROK policies, and sanction topics via benign conversation starting emails.  The research states “While our researchers have consistently observed TA427 rely on social engineering tactics and regularly rotating its email infrastructure, in December 2023 the threat actor began to abuse…

Read More

XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor

XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor

A threat actor quietly spent the last two years integrating themself in the core team of maintainers of XZ Utils, a free software command-line data compressor widely used in Linux systems. The attacker slowly managed to integrate a backdoor in the software that was designed to interfere with SSHD and allow remote code execution via an SSH login certificate. The backdoor was discovered a few days before being released on several Linux systems worldwide. The…

Read More

Navigating the identity security landscape

Navigating the identity security landscape

In this episode of The Security Podcasts featuring Jeff Reich, Executive Director of the Identity Defined Security Alliance, we discuss the challenges security professionals are facing in the evolving landscape of identity security threats. “Something we see often is when we were asking the question, ‘how long do account stay active or in your system after someone leaves your organization?’ And certainly there are a number of organizations that say within two days it’s been…

Read More

UK's NCSC Issues Warning as SVR Hackers Target Cloud Services

UK's NCSC Issues Warning as SVR Hackers Target Cloud Services

Russian state hackers are adapting their techniques to target organizations moving to the cloud, an advisory from the UK National Cyber Security Centre and international security agencies has warned. The advisory details how cyber espionage group APT29 is directly targeting weaknesses in cloud services used by victim organizations to gain initial access to their systems. APT29 is also expanding the scope of its attacks beyond governments, think tanks, healthcare and energy providers to include victims…

Read More

CrowdStrike 2024 Global Threat Report: 6 Key Takeaways

CrowdStrike 2024 Global Threat Report: 6 Key Takeaways

Highlights from CrowdStrike’s 2024 report: Identity-based and social engineering attacks still take center stage. Cloud-environment intrusions have increased by 75% from 2022 to 2023. Third-party relationships exploitation makes it easier for attackers to hit hundreds of targets. CrowdStrike added 34 new threat actors in 2023. Attackers are compromising networks at a faster rate. Attackers are targeting periphery networks. CrowdStrike’s new 2024 Global Threat report exposed the latest trends in cyberattacks, and we’re highlighting the main…

Read More

ISC2 Research: Most Cybersecurity Professionals Expect AI to Impact Their Jobs

ISC2 Research: Most Cybersecurity Professionals Expect AI to Impact Their Jobs

Most cybersecurity professionals (88%) believe AI will significantly impact their jobs, according to a new survey by the International Information System Security Certification Consortium; with only 35% of the respondents having already witnessed AI’s effects on their jobs (Figure A). The impact is not necessarily a positive or negative impact, but rather an indicator that cybersecurity pros expect their jobs to change. In addition, concerns have arisen about deepfakes, misinformation and social engineering attacks. The…

Read More

Diversifying the security workforce

Diversifying the security workforce

In this episode of The Security Podcasts featuring Larry Whiteside, Jr., CISO at RegScale and Co-Founder and President at Cyversity, we discusses the importance of diversity within the security workforce, the challenges security leaders face during the hiring process and how critical mentorship is when it comes developing talent. “The reality is threat actors and our adversaries that are out there, and they don’t care about what someone looks like. They don’t care about what…

Read More
1 2 3 4 6