SpiceJet planes have been stranded following a ransomware attack on Tuesday
Category Archives: News
Ransomware demands acts of kindness to get your files back
The great thing about working in the world of cybersecurity is that there’s always something new. You may think you’ve seen it all, and then something comes along that completely surprises you.
And that’s certainly true of the GoodWill ransomware…
Read more in my article on the Tripwire State of Security blog.
Using 2FA phone numbers for targeted advertising. One of the dumbest ways ever for a company to abuse its users’ trust. Take a bow, Twitter. And have a $150 million fine too.
Twitter has been fined $150 million for using phone numbers submitted by users to boost their security… for targeted advertising.
Malware-Infested Smart Card Reader
Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them.
But by all accounts, the potential attack surface here is enormous, as many federal employees clearly will purchase these readers from a myriad of online vendors when the need arises. Saicoo’s product listings, for example, are replete with comments from customers who self-state that they work at a federal agency (and several who reported problems installing drivers).
18 Oil and Gas Companies Take Cyber Resilience Pledge
Energy corporations agree to cooperate on cybersecurity amid surging attacks on the sector
Mastercard expands cybersecurity, risk services with new attack simulation and assessment platform
Financial services giant Mastercard has announced the launch of a new attack simulation and assessment platform designed to help businesses and governments enhance their cybersecurity operational resilience. Cyber Front, enabled by a strategic minority investment in cybersecurity vendor Picus Security, reveals organizations’ security gaps and provides real-time mitigation insights so they can improve upon cybersecurity investments with continuous validation, Mastercard stated. The launch comes as Mastercard continues to invest in cybersecurity and risk management capabilities.
Cyber Front leverages more than 3,500 real-world threat scenarios
In a press release, Mastercard said that Cyber Front, built as an always-on platform, supports customers in strengthening digital ecosystems by validating the effectiveness of their cybersecurity controls to prevent and detect threats, leveraging a continuously updated library of more than 3,500 real-world threat scenarios. Its ultimate goal is to aid businesses in understanding if their systems are effective and identifying areas of exposure to ensure greater protection in both the immediate and long term, it continued.
Multi-Continental Operation Leads to Arrest of Cybercrime Gang Leader
The 37-year-old man is alleged to have spearheaded major phishing campaigns and business email compromise schemes
Three-quarters of Security Pros Believe Current Cybersecurity Strategies Will Shortly Be Obsolete
New research shows companies are falling behind when it comes to developing strategies to protect themselves against cyber-attacks
Remote bricking of Ukrainian tractors raises agriculture security concerns
Against the backdrop of horrific reports from Russia’s Ukraine invasion, an encouraging story emerged earlier this month when unidentified Ukrainians remotely disabled tractors worth $5 million that Russian soldiers in the occupied city of Melitopol stole from Agrotek-Invest, an authorized John Deere dealer. The soldiers stole 27 pieces of farm machinery and shipped them primarily to Chechnya, 700 miles away, only to discover they had been rendered inoperable due to a “kill switch.”
7 top privileged access management tools
One of the main objectives of the bad guys is to escalate to privileged account access wherever possible. The more unfettered access they can gain to administrative, superuser and infrastructure accounts, the freer rein they have to tap into sensitive data stores, tamper with critical systems, quietly gain carte blanche to do whatever they’d care to with a victim organization’s IT infrastructure and to do it all without being detected.
As a result, organizations recognize that they need to take special care with the way that they manage and grant access to the most powerful privileged accounts in their environments. This is accomplished with privileged access management (PAM) tooling. PAM is used to manage privileged credentials, delegate access to them, track privileged sessions to monitor for abuse and report on usage patterns for both the risk team and auditors and generally control the elevation of commands.