SpiceJet planes have been stranded following a ransomware attack on Tuesday

Read More

The great thing about working in the world of cybersecurity is that there’s always something new. You may think you’ve seen it all, and then something comes along that completely surprises you.

And that’s certainly true of the GoodWill ransomware…

Read more in my article on the Tripwire State of Security blog.

Read More

Twitter has been fined $150 million for using phone numbers submitted by users to boost their security… for targeted advertising.

Read More

Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them.

But by all accounts, the potential attack surface here is enormous, as many federal employees clearly will purchase these readers from a myriad of online vendors when the need arises. Saicoo’s product listings, for example, are replete with comments from customers who self-state that they work at a federal agency (and several who reported problems installing drivers).

Read More

Energy corporations agree to cooperate on cybersecurity amid surging attacks on the sector

Read More

Financial services giant Mastercard has announced the launch of a new attack simulation and assessment platform designed to help businesses and governments enhance their cybersecurity operational resilience. Cyber Front, enabled by a strategic minority investment in cybersecurity vendor Picus Security, reveals organizations’ security gaps and provides real-time mitigation insights so they can improve upon cybersecurity investments with continuous validation, Mastercard stated. The launch comes as Mastercard continues to invest in cybersecurity and risk management capabilities.

Cyber Front leverages more than 3,500 real-world threat scenarios

In a press release, Mastercard said that Cyber Front, built as an always-on platform, supports customers in strengthening digital ecosystems by validating the effectiveness of their cybersecurity controls to prevent and detect threats, leveraging a continuously updated library of more than 3,500 real-world threat scenarios. Its ultimate goal is to aid businesses in understanding if their systems are effective and identifying areas of exposure to ensure greater protection in both the immediate and long term, it continued.

To read this article in full, please click here

Read More

The 37-year-old man is alleged to have spearheaded major phishing campaigns and business email compromise schemes

Read More

New research shows companies are falling behind when it comes to developing strategies to protect themselves against cyber-attacks

Read More

Against the backdrop of horrific reports from Russia’s Ukraine invasion, an encouraging story emerged earlier this month when unidentified Ukrainians remotely disabled tractors worth $5 million that Russian soldiers in the occupied city of Melitopol stole from Agrotek-Invest, an authorized John Deere dealer. The soldiers stole 27 pieces of farm machinery and shipped them primarily to Chechnya, 700 miles away, only to discover they had been rendered inoperable due to a “kill switch.”

To read this article in full, please click here

Read More

One of the main objectives of the bad guys is to escalate to privileged account access wherever possible. The more unfettered access they can gain to administrative, superuser and infrastructure accounts, the freer rein they have to tap into sensitive data stores, tamper with critical systems, quietly gain carte blanche to do whatever they’d care to with a victim organization’s IT infrastructure and to do it all without being detected.

As a result, organizations recognize that they need to take special care with the way that they manage and grant access to the most powerful privileged accounts in their environments. This is accomplished with privileged access management (PAM) tooling. PAM is used to manage privileged credentials, delegate access to them, track privileged sessions to monitor for abuse and report on usage patterns for both the risk team and auditors and generally control the elevation of commands.

To read this article in full, please click here

Read More