Our goal this year was to make the most difficult Flare-On challenge we’ve ever produced to celebrate a full decade of contests. At the time of this writing, there were 219 Flare-On finishers out of 4,767 registered users, which makes…
Tag: EN
Authorities Took Down Massive Phishing-as-a-service Provider BulletProftLink
A notorious phishing service that supplied cybercriminals with phishing kits, scam pages, and stolen credentials has been disrupted by a joint operation involving Malaysian, Australian, and U.S. authorities. BulletProftLink, also known as a phishing-as-a-service (PhaaS) platform, had been operating for…
Security Is a Process, Not a Tool
Process failures are the root cause of most serious cybersecurity incidents. We need to treat security as a process issue, not try to solve it with a collection of tools. This article has been indexed from Dark Reading Read the…
SaaS Vendor Risk Assessment in 3 Steps
SaaS applications are the new supply chain and, practically speaking, SaaS is the modern vendor. Here are three straightforward steps to manage this new vendor risk. This article has been indexed from Dark Reading Read the original article: SaaS Vendor…
A week in security (November 06 – November 12)
A list of topics we covered in the week of November 06 to November 12 of 2023 This article has been indexed from Malwarebytes Read the original article: A week in security (November 06 – November 12)
Domain Control Validation (DCV) Methods & How to Choose
You can trust digital certificates issued by reputable Certificate Authorities (CAs) because they go through a domain control validation (DCV) process, which verifies the legitimacy of the entity requesting the SSL/TLS certificate and the domain ownership for which the certificate…
Cyber risk is business risk: Qualys Enterprise TruRisk Platform sets new industry standard
In this Help Net Security interview, Sumedh Thakar, President and CEO of Qualys explores the vision behind the Qualys Enterprise TruRisk Platform, a strategic move aimed at redefining how enterprises measure, communicate, and eliminate cyber risk. We delve into how…
Royal Mail cyber security still a mess, say infosec researchers
ALSO: most Mainers are MOVEit victims, NY radiology firm fined for not updating kit, and some critical vulnerabilities Infosec in brief After spending almost a year cleaning up after various security snafus, the UK’s Royal Mail has left an open…
SEC vs. SolarWinds CISO, Classiscam Scam-as-a-Service
In this episode, we discuss the SEC’s charges against SolarWinds’ CISO for misleading investors about a major cyberattack. Plus don’t miss our discussion about the shady world of “Classiscam Scam-as-a-Service,” a very popular cyber criminal service that creates fake user…
Success eludes the International Counter Ransomware Initiative
A swing and a miss by the 50 member countries of the International Counter Ransomware Initiative (CRI), headlined by the US, who have confirmed a commitment to collectively address ransomware. Ransomware, as predicted, is growing at tremendous rates and focusing…
Signal is testing usernames so you don’t have to share your phone number
The Signal messaging service is testing support for usernames as a replacement for phone numbers to serve as user identities This article has been indexed from Malwarebytes Read the original article: Signal is testing usernames so you don’t have to…
CISOs vs. developers: A battle over security priorities
A majority of both developers and CISOs view software supply chain security as a top priority in their roles (70% and 52% respectively), according to Chainguard. However, there is a clear disconnect and even some distrust between CISOs and developers…
The real cost of healthcare cybersecurity breaches
With each step towards digitalization, from cloud computing to electronic records, the healthcare sector faces mounting risks that threaten not just the privacy but the very wellbeing of patients. In this Help Net Security interview, Taylor Lehmann, Director, Office of…
Major Phishing-as-a-Service Syndicate ‘BulletProofLink’ Dismantled by Malaysian Authorities
Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service (PhaaS) operation called BulletProofLink. The Royal Malaysian Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on…
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations
Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. “This activity is believed to be part of a long-term espionage campaign,” Palo Alto Networks Unit…
Imperial Kitten Attacking Tech Firms with SQLi & Scanning Tools
Researchers detected IMPERIAL KITTEN, an adversary with ties to Iran, conducting strategic web compromise (SWC) operations with a focus on transportation, logistics, and technology firms. The adversary, who has been operating since at least 2017, has been reported to have…
DP World Cyber Attack puts Australia on High Alert
Over the recent weekend, DP World Australia, a prominent maritime freight operator, fell victim to a sophisticated digital attack, prompting swift action from authorities. In response to the breach, access to the corporate network was temporarily halted, and operations at…
Enhancing Ransomware Defense through Micro-Segmentation of Networks
In an era where cyber threats continue to evolve in sophistication, organizations are increasingly turning to advanced security measures to protect their digital assets. One such strategy gaining prominence is micro-segmentation of networks, a powerful approach that proves invaluable in…
Building resilience to shield your digital transformation from cyber threats
Digital transformation projects are top of mind for enterprises. 91% of businesses are currently engaged in some form of digital initiative. Yet, the average cost of a failed, delayed, or scaled-back digital transformation project is more than $4 million dollars.…
Infostealers and the high value of stolen data
The risk of personal and professional data being stolen by nefarious actors looms larger than ever, according to Trend Micro. Understanding the risks associated with data theft, which include identity theft, financial loss, reputational harm, and the potential misuse of…