Twitter Mentions More Effective Than CVSS at Reducing Exploitability Monitoring Twitter mentions of vulnerabilities may be twice as effective as CVSS scores at helping organizations prioritize which bugs to patch first, according to new research. Kenna Security’s latest report, Prioritization to Prediction, Volume 8: Measuring and Minimizing Exploitability, was compiled with help from the Cyentia Institute. It…

Read More

Eleven Arrested in Bust of Prolific Nigerian BEC Gang Nigerian police have arrested 11 more suspected members of a prolific business email compromise (BEC) gang that may have targeted hundreds of thousands of organizations. Interpol coordinated Operation Falcon II with the Nigerian Police Force (NPF) over 10 days in December 2021, having sought input from other…

Read More

Over the last few months, there has been an uptick of espionage revelations concerning Iran and its interest in collecting information against regional adversaries as well as Iranian ex-pats whose views are divergent to those of the current regime. It is important for CISOs to understand the human side to the Iranian offensive efforts to…

Read More

In January 2022, the FBI issued a public warning over a USB attack campaign in which numerous USB drives, laced with malicious software, were sent to employees at organizations in the transportation, defense, and insurance sectors between August and November 2021. The USBs came with fake letters impersonating the Department of Health and Human Services…

Read More

Red Cross: Supply Chain Data Breach Hit 500K People The International Committee of the Red Cross (ICRC) has revealed a major data breach that compromised the personal details of over 515,000 “highly vulnerable” victims. It was stolen from a Swiss contractor that stores the data on behalf of the global humanitarian organization headquartered in Geneva. The…

Read More

INTERPOL and the Nigerian Federal Police today announced the arrests of 11 business email compromise (BEC) actors in Nigeria as part of an international operation to disrupt and tackle sophisticated BEC cybercrime. Many of the suspects are thought to be members of SilverTerrier, a network known for BEC scams that have impacted thousands of companies…

Read More

Researchers Hack Olympic Games App Cybersecurity researchers in Canada have found a “devastating flaw” in the MY2022 app, designed for use by attendees of this year’s Winter Olympic Games in Beijing. The vulnerability was discovered by the Citizen Lab – an academic research laboratory based at the Munk School of Global Affairs at the University of Toronto. In findings published Tuesday,…

Read More

Ransomware Attack on Moncler Cyber-criminals have stolen data from Italian luxury fashion brand Moncler and published it on the dark web. The maker of down jackets confirmed Tuesday that it had suffered a data breach after being attacked by the AlphV/BlackCat ransomware operation in December.  Attackers hit Moncler in the final week of 2021, causing a temporary outage of…

Read More

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification service that…

Read More