News
-
Twitter Mentions More Effective Than CVSS at Reducing Exploitability
Twitter Mentions More Effective Than CVSS at Reducing Exploitability Monitoring Twitter mentions of vulnerabilities may be twice as effective as CVSS scores at helping organizations prioritize which bugs to patch first, according to new research. Kenna Security’s latest report, Prioritization to Prediction, Volume 8: Measuring and Minimizing Exploitability, was compiled with help from the Cyentia Institute. It…
-
NFTs – Protecting the investment
This blog was written by an independent guest blogger. Non-fungible tokens (NFTs) are the new player in the financial investment market. They’ve seen tremendous interest from a wide range of parties, whether that be institutional investors or retail hobbyists looking to find an angle. As with anything involving money, malicious actors are already starting to…
-
Eleven Arrested in Bust of Prolific Nigerian BEC Gang
Eleven Arrested in Bust of Prolific Nigerian BEC Gang Nigerian police have arrested 11 more suspected members of a prolific business email compromise (BEC) gang that may have targeted hundreds of thousands of organizations. Interpol coordinated Operation Falcon II with the Nigerian Police Force (NPF) over 10 days in December 2021, having sought input from other…
-
What CISOs can learn about insider threats from Iran’s human espionage tactics
Over the last few months, there has been an uptick of espionage revelations concerning Iran and its interest in collecting information against regional adversaries as well as Iranian ex-pats whose views are divergent to those of the current regime. It is important for CISOs to understand the human side to the Iranian offensive efforts to…
-
BadUSB explained: How rogue USBs threaten your organization
In January 2022, the FBI issued a public warning over a USB attack campaign in which numerous USB drives, laced with malicious software, were sent to employees at organizations in the transportation, defense, and insurance sectors between August and November 2021. The USBs came with fake letters impersonating the Department of Health and Human Services…
-
Red Cross: Supply Chain Data Breach Hit 500K People
Red Cross: Supply Chain Data Breach Hit 500K People The International Committee of the Red Cross (ICRC) has revealed a major data breach that compromised the personal details of over 515,000 “highly vulnerable” victims. It was stolen from a Swiss contractor that stores the data on behalf of the global humanitarian organization headquartered in Geneva. The…
-
INTERPOL and Nigerian Police bust business email compromise ring, arrest 11
INTERPOL and the Nigerian Federal Police today announced the arrests of 11 business email compromise (BEC) actors in Nigeria as part of an international operation to disrupt and tackle sophisticated BEC cybercrime. Many of the suspects are thought to be members of SilverTerrier, a network known for BEC scams that have impacted thousands of companies…
-
Researchers Hack Olympic Games App
Researchers Hack Olympic Games App Cybersecurity researchers in Canada have found a “devastating flaw” in the MY2022 app, designed for use by attendees of this year’s Winter Olympic Games in Beijing. The vulnerability was discovered by the Citizen Lab – an academic research laboratory based at the Munk School of Global Affairs at the University of Toronto. In findings published Tuesday,…
-
Ransomware Attack on Moncler
Ransomware Attack on Moncler Cyber-criminals have stolen data from Italian luxury fashion brand Moncler and published it on the dark web. The maker of down jackets confirmed Tuesday that it had suffered a data breach after being attacked by the AlphV/BlackCat ransomware operation in December. Attackers hit Moncler in the final week of 2021, causing a temporary outage of…
-
IRS Will Soon Require Selfies for Online Access
If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification service that…