Monday, January 24, 2022

The Case for Backing Up Source Code

As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.

Ransomware Operators Are Feeling the Heat

Ransomware has maintained its dominance the past few years; however, increased law enforcement attention may result in changes to how it looks in the future.

Are You Prepared to Defend Against a USB Attack?

Recent "BadUSB" attacks serve as a reminder of the big damage that small devices can cause.

A Level-Set on Russia-Borne Cyber Threats

As hostilities mount between Russia and Ukraine, new and more dangerous cyberattacks are likely to develop. Pinpointing sources and motives will remain elusive, but enterprises should prepare for an escalation in cyberspace.

IT Leaders Consider Security Tech a Part of Business Transformation

Security makes the top 10 list of technologies changing how organizations operate, an indicator of how information security is increasingly viewed as a strategic business initiative.

Fraud Is On the Rise, and It's Going to Get Worse

The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud.

REvil Ransomware Gang Arrests Trigger Uncertainty, Concern in Cybercrime Forums

Threat actors from Eastern Europe seen expressing some concern about Russia being a safe place for them to continue operating, researchers say.

Looking Beyond Biden's Binding Security Directive

Implementing these and other security procedures will greatly improve the security posture of the United States and its private partners.

Biden Broadens NSA Oversight of National Security Systems

New Cybersecurity National Security Memorandum will let the spy agency "identify vulnerabilities, detect malicious threat activity and drive mitigations," agency cybersecurity director says.

(ISC)² Appoints Jon France, CISSP, as Chief Information Security Officer

Accomplished cybersecurity leader will advocate globally for best practices in risk management and head up association security operations.

Researchers Discover Dangerous Firmware-Level Rootkit

MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI).

Automating Response Is a Marathon, Not a Sprint

Organizations should balance process automation and human interaction to meet their unique security requirements.

Red Cross Hit via Third-Party Cyberattack

The incident compromised the personal data and confidential information of more than 515,000 "highly vulnerable people," the Red Cross reports.

Enterprises Are Sailing Into a Perfect Storm of Cloud Risk

Policy as code and other techniques can help enterprises steer clear of the dangers that have befallen otherwise sophisticated cloud customers.

4 Ways to Develop Your Team's Cyber Skills

Organizations need to invest in professional development — and then actually make time for it.

Cisco's Kenna Security Research Shows the Relative Likelihood of an Organization Being Exploited

A record-breaking 20,130 vulnerabilities were reported in 2021. However, only 4% pose a high risk to organizations.

FireEye & McAfee Enterprise Renamed as Trellix

Symphony Technology Group announces a name for the newly merged company, which aims to become a leader in extended detection and response (XDR).

Nigerian Police Arrest 11 Individuals in BEC Crackdown

More than 50,000 targets around the world have been affected by the business email compromise scams, Interpol reports.

What Happens to My Organization If APIs Are Compromised?

Once attackers have obtained access, they can compromise other systems or pivot within your networks.

Revamped Community-Based DDoS Defense Tool Improves Filtering

Team Cymru updates its Unwanted Traffic Removal Service (UTRS), adding more granular controls and greater ranges of both IPv4 and IPv6 addresses.

MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.

The Case for Backing Up Source Code

As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.

Surge in Malicious QR Codes Sparks FBI Alert

QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.

Dark Souls 3 Servers Shut Down Due to Critical RCE Bug

The bug can allow attackers to remotely execute code on gamers’ computers. The devs temporarily deactivated PvP servers across multiple affected versions.

REvil gang member arrests strike fear among cybercriminals on the Dark Web

Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals.