Wednesday, October 27, 2021

Free Tool Helps Security Teams Measure Their API Attack Surface

Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.

North Korea's Lazarus Group Turns to Supply Chain Attacks

State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.

Ready to Play? Squid Game Becomes an Attractive Lure to Spread Cyberthreats

Following demand from viewers, cybercriminals are not shy in taking advantage of fans’ eagerness to watch the show, with well-known fraud schemes hitting the web.

IBM Announces Advances and New Collaborations in AI-Powered Automation, 5G Connectivity and Security at Mobile World Congress Los Angeles

IBM collaborates with Boston Dynamics, Cisco, Palo Alto Networks and Turnium Technology Group to help equip businesses in next phase of digital transformation.

CISA Announces Appointment of Washington Secretary of State Kim Wyman as Senior Election Security Lead

As an expert on elections, her appointment speaks to the Agency’s dedication to working with election officials throughout the nation in a non-partisan manner to ensure the security and resilience of our election infrastructure.

Gas Stations in Iran Downed by Cyberattack

Unknown attackers hijacked gasoline pump machines and defaced them with a message that reportedly included a phone number for Supreme Leader Ayatollah Ali Khamenei's office.

Cybersecurity Talent Gap Narrows as Workforce Grows

Job satisfaction and salaries have both increased for cybersecurity professionals, as younger workers seek specific training to prepare for a cybersecurity career.

DoJ & Europol Arrest 150 in Disruption of DarkNet Drug Operation

Operation Dark HunTor targeted opioid traffickers on the DarkNet, leading to the seizure of weapons, drugs, and $31 million.

Are Baby Boomers More Vulnerable Online Than Younger Generations? You Might Be Surprised

Growing up with computers and the Internet doesn't necessarily convey all the advantages often attributed to younger users.

Pulling Back the Curtain on Bug Bounties

It's critical that infosec professionals and consumers understand threats and vulnerabilities, but they are being kept in the dark.

Wardrivers Can Still Easily Crack 70% of WiFi Passwords

Weaknesses in the current WiFi standard and poorly chosen passwords allowed one wardriver to recover 70% of wireless network passwords.

OpenText Strengthens Ransomware Resilience

New detection and alert functions within Carbonite Server increase data protection against ransomware.

Forcepoint Completes Acquisition of Bitglass

The acquisition of Bitglass will be the third technology acquisition for Forcepoint this year.

Jumio Launches End-to-end Orchestration for its KYX Platform

Platform combines digital identity proofing, compliance verification and anti-money laundering checks.

SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat

Microsoft says the group has attacked more than 140 service providers, and compromised 14 of them, between May and October of this year.

Industrial Goods & Services Tops Ransomware Targets in 2021

While the industrial goods and services sector saw a decline in attacks during the third quarter, it remains the most targeted sector for ransomware this year.

Who's In Your Wallet? Exploring Mobile Wallet Security

Security flaws in contactless payments for transportation systems could lead to fraud for stolen devices, researchers find.

5 Ways CMMC Security Requirements May Impact Universities

The Cybersecurity Maturity Model Certification puts research universities in a position where they must validate the effectiveness of their security controls before applying for a grant or bidding on a government contract.

How We Can Narrow the Talent Shortage in Cybersecurity

Filling crucial roles in cybersecurity and addressing the talent shortage requires rethinking who qualifies as a "cybersecurity professional" and rewriting traditional job descriptions.

Ransomware Rise Pushes Organizations to Prepare for Attack

Ransomware attacks continue to grow in number and severity, data shows, but organizations are stepping up to prepare for the threat.
The Register

China Telecom booted out of USA as Feds worry it could disrupt or spy on local networks

FCC urges more action against Huawei and DJI, too The US Federal Communications Commission (FCC) has terminated China Telecom's authority to provide communications services in the USA.…
SecurityWeek

150 People Arrested in US-Europe Darknet Drug Probe

Law enforcement officials in the U.S. and Europe have arrested 150 people and seized more than $31 million in an international drug trafficking investigation stemming from sales on the darknet, the Justice Department said Tuesday. read more

Free Tool Helps Security Teams Measure Their API Attack Surface

Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike

Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.

North Korea's Lazarus Group Turns to Supply Chain Attacks

State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.