SecureWorld News https://www.secureworld.io/industry-news SecureWorld News is your trusted source for the valuable cybersecurity information you depend on. Our coverage spans the InfoSec industry, with content ranging from breaking news and original articles to exclusive research and expert interviews. en-us Wed, 07 Dec 2022 23:09:51 GMT 2022-12-07T23:09:51Z en-us 5 Trends to Watch for Cybersecurity in 2023 https://www.secureworld.io/industry-news/5-trends-cybersecurity-2023 <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/5-trends-cybersecurity-2023" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/cyberspace_digital_data_shutterstock_1235033737.jpg" alt="digital-walls-light" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <div> <div> <div> <div> <div> <p>As the world becomes increasingly reliant on technology, cybersecurity remains a top priority for individuals, businesses, and governments alike.</p> <p>From advancements in artificial intelligence (AI) to the continued evolution of ransomware and cyberattacks,&nbsp;<span>the coming year is sure to bring significant developments in the world of cybersecurity. I</span><span>t will be crucial for <em>everyone </em>to stay informed and prepared.</span></p> <p><span>Let's take a look at what the experts are saying should be on everyone's mind as we enter a new year.</span></p> <h2><strong>Artificial Intelligence will be crucial</strong></h2> <p>People have been saying that the evolution of AI will be key for cybersecurity, and everything else, for years now. But 2023 might be the year it all comes to fruition.</p> <p>AI can be used to analyze vast amounts of data quickly and accurately, making it a valuable tool for detecting and preventing cyberattacks. In 2023, experts predict we will see even more widespread adoption of AI in cybersecurity.</p> <p>One of the key ways that AI will be used is through the development of Machine Learning (ML) algorithms. These algorithms will be able to learn and adapt to changing patterns in cyber threats, allowing them to detect and respond to attacks in real time.&nbsp;</p> <p>In addition to improving the ability to detect and prevent cyber attacks, AI will also play a key role in automating many of the tedious and time-consuming tasks associated with cybersecurity. This will allow security professionals to focus on more important tasks, helping to improve the overall efficiency of cybersecurity operations.</p> <p>If you have not already heard, <a href="https://chat.openai.com/chat">OpenAI recently launched a new chatbot</a>, called ChatGPT, that has tremendous potential to ease workloads for everyone. The bot can be used for almost anything, from answering simple questions to writing music or reports—even detecting vulnerabilities in code and helping write software.&nbsp;</p> <p>Many end-users have already gone to Twitter to share the capabilities they are discovering.</p> <div class="hs-embed-wrapper" style="position: relative; overflow: hidden; width: 100%; height: auto; padding: 0px; max-width: 540px; min-width: 256px; display: block; margin: auto;"> <div class="hs-embed-content-wrapper"> <blockquote class="twitter-tweet"> <p>ChatGPT by <a href="https://twitter.com/OpenAI?ref_src=twsrc%5Etfw">@OpenAI</a> does really well with coding questions. Here I ask how to build a 3-column footer with Tailwind. I then follow-up and ask for a React version, more realistic copy, and mobile responsiveness. It nails it perfectly. <a href="https://t.co/lhhH9FHpld">pic.twitter.com/lhhH9FHpld</a></p>— Gabe 🎣 (@gabe_ragland) <a href="https://twitter.com/gabe_ragland/status/1598068207994429441?ref_src=twsrc%5Etfw">November 30, 2022</a> </blockquote> </div> </div> </div> </div> </div> </div> </div> <div> <div> <div> <div> <div> <p>As the world becomes increasingly reliant on technology, cybersecurity remains a top priority for individuals, businesses, and governments alike.</p> <p>From advancements in artificial intelligence (AI) to the continued evolution of ransomware and cyberattacks,&nbsp;<span>the coming year is sure to bring significant developments in the world of cybersecurity. I</span><span>t will be crucial for <em>everyone </em>to stay informed and prepared.</span></p> <p><span>Let's take a look at what the experts are saying should be on everyone's mind as we enter a new year.</span></p> <h2><strong>Artificial Intelligence will be crucial</strong></h2> <p>People have been saying that the evolution of AI will be key for cybersecurity, and everything else, for years now. But 2023 might be the year it all comes to fruition.</p> <p>AI can be used to analyze vast amounts of data quickly and accurately, making it a valuable tool for detecting and preventing cyberattacks. In 2023, experts predict we will see even more widespread adoption of AI in cybersecurity.</p> <p>One of the key ways that AI will be used is through the development of Machine Learning (ML) algorithms. These algorithms will be able to learn and adapt to changing patterns in cyber threats, allowing them to detect and respond to attacks in real time.&nbsp;</p> <p>In addition to improving the ability to detect and prevent cyber attacks, AI will also play a key role in automating many of the tedious and time-consuming tasks associated with cybersecurity. This will allow security professionals to focus on more important tasks, helping to improve the overall efficiency of cybersecurity operations.</p> <p>If you have not already heard, <a href="https://chat.openai.com/chat">OpenAI recently launched a new chatbot</a>, called ChatGPT, that has tremendous potential to ease workloads for everyone. The bot can be used for almost anything, from answering simple questions to writing music or reports—even detecting vulnerabilities in code and helping write software.&nbsp;</p> <p>Many end-users have already gone to Twitter to share the capabilities they are discovering.</p> <div class="hs-embed-wrapper" style="position: relative; overflow: hidden; width: 100%; height: auto; padding: 0px; max-width: 540px; min-width: 256px; display: block; margin: auto;"> <div class="hs-embed-content-wrapper"> <blockquote class="twitter-tweet"> <p>ChatGPT by <a href="https://twitter.com/OpenAI?ref_src=twsrc%5Etfw">@OpenAI</a> does really well with coding questions. Here I ask how to build a 3-column footer with Tailwind. I then follow-up and ask for a React version, more realistic copy, and mobile responsiveness. It nails it perfectly. <a href="https://t.co/lhhH9FHpld">pic.twitter.com/lhhH9FHpld</a></p>— Gabe 🎣 (@gabe_ragland) <a href="https://twitter.com/gabe_ragland/status/1598068207994429441?ref_src=twsrc%5Etfw">November 30, 2022</a> </blockquote> </div> </div> </div> </div> </div> </div> </div> <p>Though, the development of AI is sort of a double-edged sword. As cyber professionals continue to adopt the technology, so will malicious threat actors. It will be crucial to watch this development, as hackers continue to successfully use AI in cyberattacks. Scott Register, VP of Security Solutions at Keysight Technologies, discusses this trend:</p> <p style="padding-left: 40px;">"Deepfake technology to date has resulted in political confusion, internet chatter, and some amusing mashup videos, but expect this to change in the near term. Security experts have warned for years about the possibility of social engineering attacks with deepfakes, and the technology has matured enough for 2023 to see hackers successfully leverage it.</p> <p style="padding-left: 40px;">We will see an increase in image generation, generated audio, and conversations that appear realistic, designed to trick recipients into sharing personal data or other sensitive information. The deepfake threat isn't relegated solely to consumers; we'll likely see threat actors spoof a Fortune 100 CEO in an attempt to defraud or otherwise damage the organization."</p> <h3><strong>Cybersecurity skills shortage will continue</strong></h3> <p>One of the biggest challenges facing the cybersecurity industry is a skills and labor shortage. There is a high demand for qualified cybersecurity professionals, but there is a limited supply of people with the necessary skills and expertise.</p> <p><a href="https://www.isc2.org/News-and-Events/Press-Room/Posts/2022/10/20/ISC2-Research-Reveals-the-Cybersecurity-Profession-Must-Grow-by-3-4-Mil-to-Close-Workforce-Gap">(ISC)2 reported earlier this year </a>that there is a shortage of about 3.4 million cybersecurity jobs worldwide. This has led to a competitive job market and has made it difficult for businesses to find, hire, and retain the talent they need to protect themselves from cyberattacks.</p> <p>In 2023, we can expect this skills and labor shortage to continue. As the need for effective cybersecurity measures grows, the demand for qualified professionals is likely to increase, as well. This will put even more pressure on businesses to find and hire the talent they need to protect themselves from cyber threats.</p> <p><a href="https://www.isaca.org/go/state-of-cybersecurity-2022">A recent ISACA survey</a> found that approximately 60% of organizations <span>experienced difficulties in retaining qualified cybersecurity professionals and more than 50% felt they were either somewhat or significantly understaffed.</span></p> <p>To address this skills and labor shortage, many businesses are turning to training and development programs to help develop the next generation of cybersecurity professionals. By investing in employee training, businesses can help to build the necessary skills and expertise within their own organizations, rather than having to compete for outside talent in the job market.</p> <h4><strong>Asymmetric cyberattacks will continue to rise</strong></h4> <p>Asymmetric cyberattacks are a growing threat in the world of cybersecurity. Unlike traditional cyberattacks, which are typically carried out by large groups or organizations, asymmetric attacks are typically carried out by individuals or small groups. These attackers use a wide range of tactics, techniques, and procedures (TTPs), making it difficult for traditional security measures to defend against them.</p> <p>One of the key characteristics of asymmetric attacks is that they often target smaller, less well-protected organizations. These attacks are designed to exploit vulnerabilities in these organizations' security systems, allowing the attackers to gain access to sensitive information or disrupt operations.</p> <p>Casey Ellis, Founder and CTO at Bugcrowd, discusses the rising threat of asymmetric cyberattacks:</p> <p style="padding-left: 40px;"><span style="color: #1d1c1d;">"Cybercriminals are motivated by money, while nation-states are motivated by national interests. So, while neither of these adversaries play by the rules, both of their actions are somewhat predictable. The most dangerous aspect, in my opinion, is that most security organizations have spent the last five-plus years developing symmetric defensive strategies based on such threat actors with reasonably well-defined goals. However, when a chaotic threat actor is introduced into the mix, the game tilts and becomes asymmetric.</span></p> <p style="padding-left: 40px;"><span style="color: #1d1c1d;">For example, consider the attacks we saw earlier this year by the extortion group Lapsus$, which were focused on opportunistic data thefts and subsequent threats to publicly release the stolen data. My main concern about Lapsus$ and other similar actors is that defenders haven't really been preparing for this type of threat for quite some time. Lapsus$ relies heavily on social engineering to gain an initial foothold, so assessing your organization’s readiness for social engineering threats, both on the human training and technical control levels, is a prudent precaution to take here. </span></p> <p style="padding-left: 40px;"><span style="color: #1d1c1d;">While the stated goals of Lapsus$ and Anonymous/Antisec/Lulzsec are very different, I believe they will behave similarly as threat actors in the future. The evolution of Anonymous in the early 2010s saw various sub-groups and actors rise to prominence, then fade away, to be replaced by others who replicated and doubled down on successful techniques. Perhaps Lapsus$ has vanished completely and forever, but as a defender, I wouldn't rely on this as my primary defensive strategy against this type of chaotic threat."</span></p> <p>To defend against asymmetric attacks, businesses and individuals will need to adopt a comprehensive approach to cybersecurity. This will involve implementing robust security systems, training employees to recognize and respond to potential threats, and regularly monitoring and updating security measures to stay ahead of evolving threats. By taking these steps, businesses and individuals can protect themselves from the growing threat of asymmetric cyberattacks.</p> <h5><strong>Cyber insurance trends in 2023</strong></h5> <p>As the three previous trends discussed how certain aspects of the cybersecurity industry will continue to grow in 2023, expect the same from the cyber insurance market.</p> <p>If cyberattacks continue to rise, then the <span>cyber insurance market will continue to evolve and change in order to meet the needs of policyholders.</span></p> <p>One key change that may occur is the development of new and more specialized policies. As the threat landscape continues to evolve, it is likely that insurers will begin to offer policies that are tailored to specific industries and types of businesses in order to provide more targeted coverage.</p> <p>Another change that may occur in the cyber insurance market in 2023 is the adoption of new technologies and risk management strategies by insurers. As the use of technology in the insurance industry grows, it is likely that insurers will begin to use AI, ML, and other advanced technologies to assess and manage cyber risk more effectively.</p> <p>Scott Register, again, discusses with SecureWorld:</p> <p style="padding-left: 40px;">"Historically, cyber insurers have embraced a yes/no approach to coverage based on the company's maturity level and the types of threats facing the organization. Expect this to evolve in 2023, with insurance companies declining to cover more enterprises and also introducing risk-based pricing in response to the dynamic threat environment. I believe we'll see more exemption clauses denying coverage for ransomware and other specific attack types."</p> <h6><strong>Fostering workforce security education at all levels reduces risk</strong></h6> <p>Over the last couple of years, it has become evident that a priority for organizations has been educating its own workforce on security to better protect against all types of cyber threats and risks.</p> <p><span> In order to build a security-aware culture within an organization, it is imperative for employees to be educated on a wide range of topics, including best practices for password management, identifying phishing attacks, and protecting sensitive information.</span></p> <p><span>Organizations will need to invest in comprehensive training programs that are designed to educate employees on the latest threats and how to protect against them.</span></p> <p>In order to stay ahead of the latest threats, employees need to be regularly updated on new risks and how to protect against them. Things like in-person training sessions, online courses, and regular reminders and updates from security teams will be key.</p> <p>Another important aspect of building a security-aware culture is the need to engage employees at all levels of the organization. To effectively protect an organization from cyber threats, it is important for everyone from senior executives to entry-level employees be actively involved in the process.&nbsp;</p> <p style="font-weight: normal;">Lance Spitzner, a senior instructor with SANS Institute, shared his thoughts on how workforce education can reduce cyber risks:</p> <p style="padding-left: 40px;">"Managing risk is no longer just a technological challenge, it is also a people challenge. Security leaders will start integrating human risk management into their overall security strategy.&nbsp;</p> <p style="padding-left: 40px;">As such, we expect to see leaders elevating their security awareness teams to be far more integrated and playing a more strategic role within cybersecurity, focusing not on compliance but truly enabling and securing their workforce."</p> <p>What do you think of these trends as we head into 2023? Let us know in the comments below.</p> <p>And for an in-depth look at the evolving threat landscape, particularly for email attack vectors, join our eSummit event on December 13, 2022. Attendees can earn 6 CPE credits by participating in <a href="https://www.secureworld.io/resources/2023-cyber-threats"><em>Vision 2023: Looking Ahead at Cyber Threats</em></a>, which will be available on-demand following the live date.</p> <p>Follow <em>SecureWorld News</em> for more stories related to cybersecurity.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2F5-trends-cybersecurity-2023&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Cybersecurity Predictions Original Content Wed, 07 Dec 2022 23:09:51 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/5-trends-cybersecurity-2023 2022-12-07T23:09:51Z NATO Exercise Brings Together 1,000 Cyber Defenders https://www.secureworld.io/industry-news/nato-cyber-defense-exercise <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/nato-cyber-defense-exercise" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/NATO_flags_military_shutterstock_344966537_crop.jpeg" alt="NATO flags and soldiers" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>More than 1,000 cybersecurity professionals took part in Cyber Coalition 2022 with the goal of testing and training cyber defenders in their ability to defend NATO and national networks.</p> <p>More than 1,000 cybersecurity professionals took part in Cyber Coalition 2022 with the goal of testing and training cyber defenders in their ability to defend NATO and national networks.</p> <p>NATO's largest annual cyber defense exercise took place Nov. 28 to Dec. 2 in Tallinn, Estonia, and remotely and involved cybersecurity pros from 26 NATO allies, Finland, Sweden, Georgia, Ireland, Japan, Switzerland, the European Union, and private industry and academia representatives.</p> <p>The exercise was led by NATO's Allied Command Transformation.</p> <p>"<span>Cyber Coalition 2022 is a perfect venue for experimentation, driving cyberspace warfare and capability development," according to <a href="https://www.act.nato.int/articles/exercise-cyber-coalition-2022-concludes-estonia">a NATO blog post</a>. "It is used&nbsp;</span><em>inter alia</em><span>&nbsp;to test and validate concepts, capture requirements or explore Emerging and Disruptive Technologies, in support of military operators and commanders. Cyber Coalition 2022 experimentation campaign included experiments on the use of Artificial Intelligence to help counter cyber threats, on the standardization of cyber messages to foster information sharing, and on the exploitation of Cyber Threat Intelligence to inform Cyberspace Situational Awareness."</span></p> <p><span><a href="https://www.politico.com/news/2022/12/03/nato-future-cyber-war-00072060">A <em>Politico</em> article</a> broke down the exercise, noting:</span></p> <p style="padding-left: 40px;"><span>"The world has never experienced an all-out cyberwar in which cyberattacks are used to the same devastating effect as physical strikes—such as shutting off critical services like power and water and preventing their restoration. The situation in Ukraine, however, is teetering on the brink.</span></p> <p style="padding-left: 40px;"><span>The war in Ukraine has injected new urgency into questions about how<strong>&nbsp;</strong>NATO would respond to a cyberattack on a member state large enough to invoke Article 5, which labels an attack against any member state as an attack against all."</span></p> <p><span>[RELATED: <a href="https://www.secureworld.io/industry-news/nato-cyberattacks-military-attacks">NATO Says Cyberattacks to Be Treated as Military Attacks</a>]</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fnato-cyber-defense-exercise&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Cyber Warfare Original Content Military Cyber Defense Russia-Ukraine War Tue, 06 Dec 2022 17:28:17 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/nato-cyber-defense-exercise 2022-12-06T17:28:17Z New 'CryWiper' Looks Like Ransomware, Targets Russian Courts https://www.secureworld.io/industry-news/crywiper-data-ransomware-russia <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/crywiper-data-ransomware-russia" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/malware_network_servers_shutterstock_2028196871.jpg" alt="malware-detected-server-closet" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Data-wiping cyberattacks have grown in popularity in recent years, as some threat actors have found motivations for attacks outside of financial incentives.</p> <p>Data-wiping cyberattacks have grown in popularity in recent years, as some threat actors have found motivations for attacks outside of financial incentives.</p> <p>Security researchers from Kaspersky have discovered a previously unidentified data wiper, which they have named CryWiper, that was used to attack Russian government agencies, including mayors' offices and courts.</p> <p>A report from Kaspersky says that CryWiper disguises itself as ransomware so that it can extort money from the victim for decrypting the data, but in reality, it intentionally destroys data in the affected systems. Analysis of the wiper's code shows that this was not a mistake but the developer's original intent.</p> <p>Kaspersky provides some technical details of CryWiper:</p> <p style="padding-left: 40px;"><span>"The CryWiper sample that came to us is a 64-bit executable file for Windows OS.&nbsp;The malware was developed in C++ and compiled using the MinGW-w64 toolkit and the GCC compiler.&nbsp;This is not the most common approach among C/C++ malware developers for Windows - the Microsoft Visual Studio development environment is more often used for such purposes.&nbsp;</span></p> <p style="padding-left: 40px;"><span>Building with MinGW is advisable either when developing a cross-platform application for different operating systems (for example, under Windows, Linux and / or FreeBSD), or if the developer himself uses something other than Windows as the main OS. Note that in the case of CryWiper, the first option is unlikely, since the Trojan uses many calls to WinAPI functions."</span></p> <p><span>After starting the wiper, it creates scheduled tasks to run every five minutes:</span></p> <p><span><img src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/58/2022/11/18163543/CryWiper_01.png" alt="Create a task in the scheduler"></span></p> <p><span>It then contacts the command and control (C2) server with the name of the compromised device as a parameter. The C2 then responds with a "run" or "do not run," determining if the wiper will activate.</span></p> <p><span>Researchers note that the execution is delayed by four days (345,600 seconds), though the code "is written in such a way that the malware will under no circumstances wait for the specified time and will simply terminate execution if it has not received the run command."</span></p> <p style="font-weight: normal;">Once it does receive a "run" response, CryWiper will stop processes related to the operation of MySQL and MS SQL database servers, MS Exchange mail server, and MS Active Directory web services. Doing so ensures the wiper will have access to files that would be occupied by these processes if they were normal.</p> <p style="font-weight: normal;">Here is the code that shows the stopping process and then deleting shadow copies:</p> <p><span><img src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/58/2022/11/18163852/CryWiper_04-1024x199.png" alt="Stopping processes and deleting shadow copies"></span></p> <p><span>The report also says that CryWiper modifies the Windows Registry to prevent remote desktop protocol (RDP) connections in an effort to make it difficult for security and IT specialists responding to the incident.</span></p> <p><span>When actually destroying the data, the wiper "generates a sequence of data using the well-known pseudo-random number generator 'Mersenne Vortex' and writes this data instead of the original file content."</span></p> <p><span>CryWiper will destroy all files, except for those with extensions &nbsp;".exe", ".dll", "lnk", ".sys", ".msi", and ".CRY", which is its own extension. It will also ignore Windows, System, and Boot directories so that the victim's computer still works to an extent.</span></p> <p><span>It then generates this ransom note, which asks for payment of 0.5 Bitcoin, (approximately $8,400 USD):</span></p> <p><span><img src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/58/2022/11/18164131/CryWiper_08-1024x453.png" alt="Text of CryWiper requirements"></span></p> <p>Kaspersky<span> researchers make it clear that CryWiper is a new malware not related to existing families of wipers.</span></p> <p><span>Read the original report, </span><a href="https://securelist.ru/novyj-troyanec-crywiper/106114/">New Trojan CryWiper pretends to be a ransomware</a>, for more information.</p> <p>And follow <em>SecureWorld News</em> for more stories related to cybersecurity.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fcrywiper-data-ransomware-russia&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Ransomware Russia Original Content Malware Cybercrime / Threats Tue, 06 Dec 2022 11:21:00 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/crywiper-data-ransomware-russia 2022-12-06T11:21:00Z Survey Seeks Input from Healthcare Cybersecurity Professionals https://www.secureworld.io/industry-news/healthcare-cybersecurity-survey <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/healthcare-cybersecurity-survey" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/healthcare_medical_data_shutterstock_1279492897.jpg" alt="healthcare-nurse-tech-cyber" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Attention, cybersecurity professionals in the healthcare industry. Your opinion is needed for a survey being conducted by the Healthcare Information and Management Systems Society (HIMSS).</p> <p>Attention, cybersecurity professionals in the healthcare industry. Your opinion is needed for a survey being conducted by the Healthcare Information and Management Systems Society (HIMSS).</p> <p>Cybersecurity professionals focused on protecting healthcare companies and infrastructure are invited to complete the <a href="https://surveys.himss.org/checkbox/371fcec6-be1f-4db2-8c11-d49f0683a33a">2022 Cybersecurity Survey</a>, with responses due by December 21. 2022.</p> <p><span style="font-size: 11px;">Since 2008, HIMSS has conducted this annual survey to track trends in healthcare cybersecurity, record cybersecurity threats, and develop best practices to keep data secure within the healthcare ecosystem. Results of this year's survey will be available in early 2023.</span></p> <p><span style="font-size: 11px;"> Lee Kim, HIMSS senior principal of cybersecurity and privacy, and chair of the Cyber Health Working Group, drafted the survey. </span></p> <p><span style="font-size: 11px;">Kim will be presenting at the SecureWorld Healthcare virtual conference on April 12, 2023. The full agenda and event details will be available in mid-December.</span></p> <p><span style="font-size: 11px;">Healthcare cybersecurity professionals are encouraged to complete the survey at the link above so as much data as possible can be collected, distilled, and reported back to the healthcare cybersecurity community and beyond.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhealthcare-cybersecurity-survey&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Cybersecurity Healthcare Original Content Survey Mon, 05 Dec 2022 13:42:00 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/healthcare-cybersecurity-survey 2022-12-05T13:42:00Z Elon Musk Wants to Make Your Twitter DMs Encrypted https://www.secureworld.io/industry-news/elon-musk-twitter-direct-messages-encrypted <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/elon-musk-twitter-direct-messages-encrypted" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/Elon_Musk_Twitter_shutterstock_2150468715.jpg" alt="Elon Musk's Twitter account on phone" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Twitter's new CEO Elon Musk has been very vocal about how he wants to revolutionize the social media platform, saying he aims to make it the "voice of the people." But it's been a bit of a rough start so far.</p> <p>Twitter's new CEO Elon Musk has been very vocal about how he wants to revolutionize the social media platform, saying he aims to make it the "voice of the people." But it's been a bit of a rough start so far.</p> <p>After laying off more than half of its staff, there have been some difficulties rolling out products, such as the new verification process that allows users to pay $8 per month for premium features.</p> <p>But Musk is not one to be swayed by rough waters, as he has a grand vision for what Twitter could become.</p> <p>One of the new features he hopes to add to Twitter, sooner rather than later, is end-to-end encryption for direct messages (DMs). In a recent meeting with the remaining employees, Musk laid out his plans for "Twitter 2.0," which include that the company will work to encrypt DMs and eventually add encryption for <span>video and voice calling between accounts, according to <a href="https://www.theverge.com/2022/11/21/23472174/twitter-dms-encrypted-elon-musk-voice-video-calling"><em>The Verge</em></a>.</span></p> <p><span>Musk said:</span></p> <div> <p style="padding-left: 40px;">"We want to enable users to be able to communicate without being concerned about their privacy, without being concerned about a data breach at Twitter causing all of their DMs to hit the web, or think that maybe someone at Twitter could be spying on their DMs. That's obviously not going to be cool and it has happened a few times before."</p> </div> There is certainly merit to what Musk is saying. Earlier this year, a former Twitter employee was charged by the U.S. government for <span><span>improperly accessing user data on behalf of Saudi Arabia. He continued on to say:</span></span> <div> <div> <p style="padding-left: 40px;">"It should be the case that I can't look at anyone's DMs if somebody has put a gun to my head."</p> </div> </div> <p>[RELATED: <a href="https://www.secureworld.io/industry-news/insider-threat-case-twitter-saudi-arabia">Insider Threat Case: Twitter Employees Bribed by Saudis</a>]</p> <p>During the meeting, Musk also mentioned Signal, the encrypted chat app that is run as a non-profit. He says he spoke with the company's creator, <span>Moxie Marlinspike, who is "potentially willing to help out."&nbsp;</span></p> <p><span>For years, privacy advocates have pushed for social media platforms to embrace end-to-end encryption for DMs, and it seems like Musk is ready to do so. But actually rolling out the technology might prove more difficult than the new CEO anticipates.</span></p> <p><span>Engineers at Meta have been trying to tackle this issue for over five years, so it seems reasonable that some experts would be skeptical about Musk being able to pull this off in such a short time.</span></p> <p>The problems that Meta has been dealing with include challenging topics such as<span> how to address the spread of child sexual abuse material and how to deal with abuse and harassment.</span></p> <p><span>For all organizations, not just social media platforms, there is a constant debate about balancing privacy and fighting any sort of abuse.</span></p> <p><span>It will be intriguing to see how Elon Musk, the "free speech absolutist," will approach this issue.</span></p> <p><span>Follow <em>SecureWorld News</em> for more stories related to cybersecurity and privacy.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Felon-musk-twitter-direct-messages-encrypted&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Original Content Twitter Social Media Encryption / DLP Thu, 01 Dec 2022 23:49:48 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/elon-musk-twitter-direct-messages-encrypted 2022-12-01T23:49:48Z The CPRA: What You Should Know as an InfoSec Professional https://www.secureworld.io/industry-news/cpra-what-infosec-professionals-should-know <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/cpra-what-infosec-professionals-should-know" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/data_privacy_shutterstock_439417594.jpg" alt="data-privacy-business" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <h1 style="font-weight: normal; font-size: 18px;">The California Privacy Rights Act&nbsp; (CPRA)—a more stringent update of the California Privacy Protection Act (CCPA)—goes into effect January 1, 2023, adding in employee data and business-to-business data under its scope of privacy protection.</h1> <h1 style="font-weight: normal; font-size: 18px;">A panel of practitioner experts breaks it all down in our recent <span style="font-style: italic;">Remote Sessions</span> webcast, "Countdown to CPRA: What Information Security Professionals Need to Know Now," now <a href="https://www.secureworld.io/resources/countdown-to-cpra">available on-demand</a>.</h1> <p>A few other key notes: the CCPA remains in place and updates to its regulations go live January or February 2023; and on July 1, 2023, civil and administrative enforcement will begin, including the period from Jan. 1 on.</p> <h1 style="font-weight: normal; font-size: 18px;">The California Privacy Rights Act&nbsp; (CPRA)—a more stringent update of the California Privacy Protection Act (CCPA)—goes into effect January 1, 2023, adding in employee data and business-to-business data under its scope of privacy protection.</h1> <h1 style="font-weight: normal; font-size: 18px;">A panel of practitioner experts breaks it all down in our recent <span style="font-style: italic;">Remote Sessions</span> webcast, "Countdown to CPRA: What Information Security Professionals Need to Know Now," now <a href="https://www.secureworld.io/resources/countdown-to-cpra">available on-demand</a>.</h1> <p>A few other key notes: the CCPA remains in place and updates to its regulations go live January or February 2023; and on July 1, 2023, civil and administrative enforcement will begin, including the period from Jan. 1 on.</p> <div> Scott Giordano, General Counsel and <span>VP of Corporate Privacy </span> <span>at </span> <span>Spirion, leads the discussion, which includes:</span> </div> <ul> <li><span>A comparison of the CCPA and CPRA with other state privacy protection regulations, including the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Protection Act, and Utah Consumer Privacy Act</span></li> <li><span>Describing the dual-enforcement aspect of the CPRA and CCPA, with the California Attorney General and California Consumer Protection Agency having oversight and enforcement power</span></li> <li><span>How penalties are assessed and how much each penalty assessment is</span></li> </ul> <div> <span>Tim Moran, CIO/CTO and Founder of Media, Entertainment &amp; Technology, provides great insight into what cybersecurity professionals can and should be doing to meet the requirements of the old and new legislation, including:</span> </div> <ul> <li><span>Multi-factor authentication (MFA): N</span><span>etwork Software as a Service Messaging, </span><span>Cloud, </span><span>VPN and any administration access, single sign-on</span></li> <li><span>Training for employees (awareness)</span></li> <li><span>Privacy training, specifically</span></li> <li><span>Well documented policies and standards for employees (data handling)</span></li> <li><span>Enterprise endpoint protection and remediation (anti-malware, anti-virus software)</span></li> <li><span>Endpoint encryption for all laptops</span></li> <li><span>Intrusion detection and response</span></li> <li><span>Cyber insurance (critical)</span></li> <li><span>And more (listen in for the full list)</span></li> </ul> <p><span>"I think the real problem here, the big challenge for businesses, is going to be around data governance," Moran says.</span></p> <p><span>He described a common scenario in which a consumer goes to a company website and provides personal information for a purchase or inquiry for more information. That data then goes through marketing and other avenues within the business, so how does the business track all the movement of that data, and when it comes to deleting that data (especially if the customer requests them to do so), how does the business ensure complete deletion of that data occurs?</span></p> <p>Veronica Torres, <span>Worldwide Privacy and Regulatory Counsel at</span><span>&nbsp;</span><span>Jumio Corporation, says retention of data is an important aspect to consider and one businesses can often forget. There is no reason for a business to keep consumer data for 25 years, so it must think about what is reasonable and "where you don't need it anymore, delete it," she adds.</span></p> <p><span></span><span>Torres also reviews access and deletion requests, which includes a consumer's "right to know" what is being done with their data, and the introduction under CPRA/CCPA of a new right to "data deletion."</span></p> <p><span><span>Also joining the webcast panel is </span></span>Orson Lucas, Principal at&nbsp;KPMG, who underscores some key areas businesses should focus on and prioritize with the looming deadline for the CPRA:</p> <ul> <li> <p>Focus on clear visibility into your data environment, which includes data mapping and data discovery.</p> </li> <li> <p>Deploy technologies and tools that help you scale data management in a manageable way.&nbsp;</p> </li> <li> <p>Pay attention, as Torres said, on data retention schedules to determining what data you are retaining, why, and for how long.</p> </li> </ul> <p><a href="https://www.secureworld.io/resources/countdown-to-cpra">Watch the webcast </a>for the complete list and more details, as well as to earn CPE credit for taking in the entire session.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fcpra-what-infosec-professionals-should-know&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> GRC Regulations Privacy Data Security Original Content California Thu, 01 Dec 2022 21:25:57 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/cpra-what-infosec-professionals-should-know 2022-12-01T21:25:57Z Looking to Adopt Detection-as-Code? Follow these 5 Steps https://www.secureworld.io/industry-news/adopt-detection-as-code-5-steps <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/adopt-detection-as-code-5-steps" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/cyber_threats_code_shutterstock_1304697985.jpg" alt="cyber-threats-code" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p><span style="font-size: 12px;">As a security leader, you want the best tools for your team that will actually help them do their work, not hinder them. You want processes that are streamlined and just make sense. And you want an approach to threat detection that is ever-evolving and scalable with today's demands.</span></p> <p><span style="font-size: 12px;">As a security leader, you want the best tools for your team that will actually help them do their work, not hinder them. You want processes that are streamlined and just make sense. And you want an approach to threat detection that is ever-evolving and scalable with today's demands.</span></p> <p><span style="font-size: 12px;">Have you adopted detection-as-code yet?</span></p> <p><span style="font-size: 12px;">Detection-as-code is the way to evolve your team into a modern detection team, one preparing for rising data, expanding cloud environments, and increasingly sophisticated threats. If you haven't yet adopted detection-as-code, here are a few tips for how to implement it and why.</span></p> <h2><strong>Why adopt detection-as-code?</strong></h2> <p><span style="font-size: 12px;">Evolve your threat detection by turning to detection-as-code, an approach to security that combines the benefits of software engineering with the functionality of detecting behaviors that could result in a breach. By creating detection in a universal coding language, and taking an engineering approach of testing and constant iteration, security teams can create custom detections tailored for their organizational needs that can improve response time, cut down on false positive alerts, and increase the impact of the team overall.</span></p> <p><span style="font-size: 12px;">Why should a security team adopt detection-as-code? First is the fact that the scale of the internet will never stop expanding either, and is expected to </span><span style="text-decoration: underline;"><span style="color: #00cccc; font-weight: normal;"><a href="https://qz.com/472292/data-is-expected-to-double-every-two-years-for-the-next-decade#:~:text=Thanks%20to%20advancements%20in%20technology,hitting%2045%2C000%20exabytes%20in%202020." style="color: #00cccc;"><span style="font-size: 12px;">double every two years</span></a></span></span><span style="font-size: 12px;">. As teams think about their security approaches, they'll need repeatability and predictability to allow for that expansion, and detection-as-code can provide that.</span></p> <p><span style="font-size: 12px;">Finally, a detection-as-code approach means that you're (obviously) writing code, which makes you more creative and a better problem-solver. Knowing how to code is probably one of the most important skills anyone can possess, as it unlocks a new way of thinking about security more broadly. Expressing detection through code means getting into the mind of an attacker, which will inherently increase your prevention.</span></p> <h3><strong>Five steps to detection-as-code framework</strong></h3> <p><span style="font-size: 12px;">There are a number of reasons to adopt detection-as-code, and a number of benefits it can bring to your organization. Here are five steps to take if you're looking to develop your own detection-as-code framework, or want to strengthen what you already have in place.</span></p> <p><strong><span style="font-size: 12px;">Step 1: Build a Threat Model</span></strong></p> <p><span style="font-size: 12px;">To start, establish where you are today and create an updated Threat Model to your organization, including the detections you currently have in place. During this process, you will re-establish where your most protected assets are and can work backward to determine ways attackers could access them. Find your visibility gaps during this process and make efforts to close them.</span></p> <p><span style="font-size: 12px;">As you develop your Threat Model, avoid brushing over large parts of your infrastructure that may be too complex. Be comprehensive! Don't forget third-party access to your environment as well, as supply-chain attacks are often an easier way in for malicious actors.</span></p> <p><strong><span style="font-size: 12px;">Step 2: Setup Version Control</span></strong></p> <p><span style="font-size: 12px;">One of the benefits of detection-as-code is that you can utilize version control to help in your detection evolution. As you begin to create detections, you'll need a place for the code to live, so make sure you carve out a repository in your VCS (like GitHub or Gitlab) with the proper privileges, continuous integration checks, and settings. Avoid using a local VCS. Make sure to check everything into a cloud-based service that you trust, and that there are backups of the repository so you can have a previous version to revert to.</span></p> <p><strong><span style="font-size: 12px;">Step 3: Automate with CI/CD</span></strong></p> <p><span style="font-size: 12px;">Next, work with your detection team to agree on a code lifecycle for detections. This could include requiring tests, CI checks, code reviews, deployment staging, and much more as you navigate the switch. Avoid shipping to production too fast without assurance that your new detection will work as expected. This can cause teams to either miss important behaviors or cause outages in production.</span></p> <p><strong><span style="font-size: 12px;">Step 4: Migrate!</span></strong></p> <p><span style="font-size: 12px;">Begin converting your legacy detections into code, ordered by severity and category. For example, you may be able to consolidate multiple network-based detections or even eliminate certain ones that can be easier or more efficiently expressed in code. </span></p> <p><span style="font-size: 12px;">Of course, avoid migrating without testing! Always make sure you've done your due diligence. Be sure to add positive (alert is expected) and negative (no alert is expected) testing as well. Tests also protect against regressions as detections evolve, so don't forget the intention. Be sure to also write down why you created this detection and ensure there's a proper owner associated.</span></p> <p><strong><span style="font-size: 12px;">Step 5: Tune and Augment</span></strong></p> <p><span style="font-size: 12px;">The final step is to tune detections which generate false positives and ensure that you improve efficacy more over time, and monitor alerting metrics to ensure your team isn't getting overwhelmed. Over time, you want to see more log volume but not more alert volume. Finally, avoid ignoring bad rules for too long. Either turn them off or accept the risk!</span></p> <h4><span style="font-size: 12px;"><strong>Detection-as-code today</strong></span></h4> <p><span style="font-size: 12px;">As a security leader, you want the best for your team, and want to provide them ways to do their excellent work. Detection-as-code will not only give them better ways to approach threat detection today, it will prepare them for the future of threat detection as well.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fadopt-detection-as-code-5-steps&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Author Threat Intel Incident Response / SIEM DevOps Thu, 01 Dec 2022 18:27:26 GMT https://www.secureworld.io/industry-news/adopt-detection-as-code-5-steps 2022-12-01T18:27:26Z Jack Naglieri Meta Fined €265M for Data Leak Involving 530M Users https://www.secureworld.io/industry-news/meta-fined-ireland-gdpr-data-leak <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/meta-fined-ireland-gdpr-data-leak" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Imported%20sitepage%20images/meta-6754393_1280.jpg" alt="Meta-hacker-hoodie" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p><span>Ireland's Data Protection Commission (DPC) has announced that Facebook's parent company, Meta, will be fined €265 million ($273 million USD) for a 2021 data leak involving approximately 533 million users' information. Meta will also have to implement a "range of corrective measures" following the DPC's decision.</span></p> <p><span>Ireland's Data Protection Commission (DPC) has announced that Facebook's parent company, Meta, will be fined €265 million ($273 million USD) for a 2021 data leak involving approximately 533 million users' information. Meta will also have to implement a "range of corrective measures" following the DPC's decision.</span></p> <p>This announcement marks the conclusion of an inquiry that began on April 14, 2021, after media reports surfaced that threat actors leaked a Facebook personal dataset on the Dark Web. The information included names, genders, locations, dates of birth, relationship status, phone numbers, and email addresses.</p> <p>The <a href="https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-announces-decision-in-facebook-data-scraping-inquiry">DPC discussed the inquiry</a>:</p> <p style="padding-left: 40px; font-weight: normal;">"The scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms Ireland Limited ('MPIL') during the period between 25 May 2018 and September 2019. The material issues in this inquiry concerned questions of compliance with the GDPR obligation for&nbsp;Data Protection by Design and Default."</p> <p style="font-weight: normal;">The DPC says it also recorded findings of infringement <span>of <a href="https://gdpr-info.eu/art-25-gdpr/">Articles 25(1) and 25(2) of the GDPR</a>, which are summarized below:</span><span></span></p> <ol> <li style="font-weight: normal;">The controller shall implement appropriate technical and organizational&nbsp;measures which are designed to implement data-protection principles &nbsp;in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.</li> <li>The controller shall implement appropriate technical and organizational measures for ensuring that only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons.</li> </ol> <p style="font-weight: normal;">This is now the third time that Meta has been fined by the DPC in 2022. The first one was in March, when the company was fined $18.6 million for mishandling information related to a 2018 data breach that involved the personal information of 30 million users. The second fine came in September, totaling $402 million after an investigation found that Instagram mishandled data of teenage users.</p> <p style="font-weight: normal;">The three fines make it nearly $700 million that Meta has been fined by the DPC in 2022. How much money do you think they need to be fined before any changes are made?</p> <p style="font-weight: normal;">Follow <em>SecureWorld News</em> for more stories related to cybersecurity.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fmeta-fined-ireland-gdpr-data-leak&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Facebook GRC Data Security Original Content GDPR Data Breach Thu, 01 Dec 2022 00:03:40 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/meta-fined-ireland-gdpr-data-leak 2022-12-01T00:03:40Z Hackers Spread Malware Thanks to TikTok's 'Invisible Challenge' Trend https://www.secureworld.io/industry-news/hackers-malware-tiktok-invisible-challenge <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/hackers-malware-tiktok-invisible-challenge" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/TikTok_user_phone_shutterstock_2163292377.jpg" alt="TikTok user with phone" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Oh, TikTok, you either love it or you hate it. But seriously, there is almost no middle ground on people's feelings for the short-form video sharing platform.</p> <p>Oh, TikTok, you either love it or you hate it. But seriously, there is almost no middle ground on people's feelings for the short-form video sharing platform.</p> <p>Many people enjoy it for its algorithm that spits out fun little videos that are (disturbingly) perfect for you to watch, whereas some people don't like it for this exact reason. Others are more concerned with the direction of the company as a whole and the data privacy and security issues of the platform.</p> <p>[RELATED: <a href="https://www.secureworld.io/industry-news/is-tik-tok-a-security-threat">Is Tik Tok a Security Threat?</a>]</p> <p>Today's story involves a new TikTok trend called the "Invisible Challenge," where the person in the video uses a filter that blurs out their body, making them appear to be invisible. The challenge part involves putting the invisibility feature to the test by posting a video with little or no clothes on.</p> <p>Of course, it didn't take long for malicious threat actors to take notice of the trend and come up with their own scheme to capitalize on the situation. According to a new report from Checkmarx, threat actors posted TikToks with links to a fake software named "unfilter," which claimed to be able to remove the invisible filter.</p> <p>The report says:</p> <p style="padding-left: 40px;">"The TikTok users<span>&nbsp;</span>@learncyber<span> </span>and<span>&nbsp;</span>@kodibtc<span>&nbsp;</span>posted videos on TikTok (over 1,000,000 views combined) to promote a software app able to 'remove filter invisible body' with an invite link to join a Discord server 'discord.gg/unfilter' to get it."</p> <p>It also included these screenshots:</p> <p><img src="https://checkmarx.com/wp-content/uploads/2022/11/image_01-1024x550.png"></p> <p>After following the link and joining the Discord server "Space Unfilter," the user will find NSFW videos uploaded by the threat actor claiming to be the result of the software but ultimately tricking the user to installing malware.</p> <p>Along with the videos, a bot account named "Nadeko" <span>automatically sends a private message with a request to star the GitHub repository </span><a href="https://github.com/420World69/Tiktok-Unfilter-Api">420World69/Tiktok-Unfilter-Api.&nbsp;</a></p> <p>The repository <span>represents itself as an "open-source tool that can remove the invisible body effect trending on TikTok," Checkmarx says. Thanks to the nature of the scheme, it quickly became a "trending GitHub project."</span></p> <p><span><img src="https://checkmarx.com/wp-content/uploads/2022/11/image_04-1024x566.png"></span></p> <p><span>At the time of the report, o</span>ver 30,000 members had joined the Discord server, and this number continues to increase as this attack is ongoing.</p> <p><span>The project's file includes a .bat script that installs a malicious Python package listed in the requirements.txt file.&nbsp;</span></p> <p><span>The threat actor used a "pyshftuler," which is a malicious package, but it was quickly reported and removed by PyPi. The attacker pivoted and uploaded a new package under a different name, "pyiopcs," but it was also quickly removed.</span></p> <p><span>The report continues:</span></p> <p style="padding-left: 40px;">"At first glance, the attackers used the<span>&nbsp;</span><a href="https://checkmarx.com/blog/starjacking-making-your-new-open-source-package-popular-in-a-snap/">StarJacking</a><span>&nbsp;</span>technique as the malicious package falsely stated the associated GitHub repository is 'https://github.com/psf/requests'. However, this belongs to the Python package 'requests'. Doing this makes the package appear popular to the naked eye."</p> <p><img src="https://checkmarx.com/wp-content/uploads/2022/11/image_06-1024x1024.png" style="margin-left: auto; margin-right: auto; display: block;"></p> <p>The threat actor also modified the real package's description, and the code inside those packages seems to be stolen from the popular Python package "requests".</p> <p>Checkmarx found a suspicious modification to the original file as a one-liner related to<span>&nbsp;</span><a href="https://medium.com/checkmarx-security/wasp-attack-on-python-polymorphic-malware-shipping-wasp-stealer-infecting-hundreds-of-victims-10e92439d192">WASP's infection code </a>under "./&lt;package&gt;/models.py".&nbsp;</p> <p><img src="https://checkmarx.com/wp-content/uploads/2022/11/image_07-1024x666.png" style="margin-left: auto; margin-right: auto; display: block;"></p> <p>Ultimately, this story should serve as a case study for security researchers to learn how it was possible for the threat actor to gain popularity in such a short amount of time. It is certainly concerning to look at the high number of users who joined the Discord server and potentially installed the malware.</p> <p>Checkmarx points out in the conclusion of its report that the "<span>level of manipulation used by software supply chain attackers is increasing as attackers become increasingly clever." It believes attackers have now focused their attention on the open-source package ecosystem and that this trend will accelerate in 2023.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhackers-malware-tiktok-invisible-challenge&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Hackers Original Content Malware Social Media Open Source Wed, 30 Nov 2022 00:04:42 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/hackers-malware-tiktok-invisible-challenge 2022-11-30T00:04:42Z New York Financial Services Firms to Face More Cybersecurity Oversight https://www.secureworld.io/industry-news/new-york-financial-services-cybersecurity-oversight <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/new-york-financial-services-cybersecurity-oversight" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/financial_dollars_locks_shutterstock_390077977.jpg" alt="dollars-locks-cyber" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>The New York State Department of Financial Services (NYDFS) is proposing an amendment to its regulations that will require financial services companies to up their cybersecurity game.</p> <p>The New York State Department of Financial Services (NYDFS) is proposing an amendment to its regulations that will require financial services companies to up their cybersecurity game.</p> <p>Under the <a href="https://www.dfs.ny.gov/system/files/documents/2022/10/rp23a2_text_20221109_0.pdf">proposed amendment</a>, the onus is placed upon corporate boards and executive leadership to:</p> <ul> <li>Implement and maintain a written cybersecurity policy—approved annually—to protect information systems and nonpublic information stored on those systems</li> <li>Designate a qualified individual (CISO or equivalent) responsible or overseeing and implementing a cybersecurity program and enforcing its cybersecurity policy</li> <li>Require the CISO to provide a written report at least annually to the board or equivalent governing body</li> <li>Require the CISO to report, in a timely manner, to the board on material cybersecurity issues, including updates to a company's risk assessment or major cybersecurity events</li> <li>Develop and implement, as part of the cybersecurity program, written policies and procedures for vulnerability management assessing the effectiveness of the program</li> </ul> <p>Cybersecurity programs shall limit user access privileges to information systems, limit the number of privileged accounts, at a minimum annually review all user access privileges, disable or securely configure all protocols that permit remote control of devices, and promptly terminate access following departures.</p> <p><span>"These requirements are a great example of how cyber risk isn't purely a bits and bytes issue to be 'handled by the security team,'" Jamil </span>Farshchi, EVP and CISO at Equifax, said in a LinkedIn post today about the NYDFS proposal. "<span>It's a core responsibility of the board and management team."</span></p> <p><span>In a comment to Farshchi's LinkedIn post, Becky Gaylord, a cybersecurity and data privacy consultant, had this to say:</span></p> <p style="padding-left: 40px;"><span>"The NYDFS proposal validates communication as the linchpin between IT and C-suite/board of directors. Senior 'cyber deciphers' are now vital ~&gt; Professional, experienced strategic communicators who also...<br>* Know crisis and issue management.<br>* Have Infosec certifications and passion for #cyber and #dataprivacy.<br>* Create strong content across channels.<br>* Smoothly translate technical information to any audience, from top executives to new employees.<br>These folks exist!"</span></p> <p><span>The NYDFS proposed amendment is open for comment until January 9, 2023.</span></p> <p><span>The amendment comes weeks after </span>the State of New York announced it will be the <a href="https://www.secureworld.io/industry-news/new-york-attorneys-cybersecurity-privacy">first U.S. jurisdiction to require attorneys</a> to complete one credit hour of cybersecurity, privacy, and data protection training as part of their biennial Continuing Legal Education (CLE).</p> <p>The new accreditation requirement will go into effect July 1, 2023, and attorneys can begin earning credit as early as January 2023. Here are <a href="https://www.nycourts.gov/LegacyPDFS/attorneys/cle/CLE-and-AP-News-Cybersecurity.pdf">details on the new requirement</a><span>&nbsp;</span>from the New York State Unified Court System.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fnew-york-financial-services-cybersecurity-oversight&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Cybersecurity Original Content Financial Sector New York Mon, 28 Nov 2022 18:27:19 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/new-york-financial-services-cybersecurity-oversight 2022-11-28T18:27:19Z DoD Releases Enterprise-Wide Zero Trust Strategy https://www.secureworld.io/industry-news/dod-zero-trust-strategy <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/dod-zero-trust-strategy" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/pentagon.jpg" alt="The Pentagon" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Earlier this month the U.S. Department of Defense released its DoD Zero Trust Strategy, which outlines an "enhanced cybersecurity framework built upon Zero Trust principles that must be adopted across the Department, enterprise-wide, as quickly as possible as described within this document."</p> <p>Earlier this month the U.S. Department of Defense released its DoD Zero Trust Strategy, which outlines an "enhanced cybersecurity framework built upon Zero Trust principles that must be adopted across the Department, enterprise-wide, as quickly as possible as described within this document."</p> <p>The <a href="https://federalnewsnetwork.com/wp-content/uploads/2022/11/DoD_Zero_Trust_Strategy_v1.0_Final_508-date-cover_20221116.pdf">37-page document</a> was finalized October 21st and released for public consumption on November 7th.</p> <p>The DoD's CIO, John B. Sherman, says in the document's foreword:</p> <p style="padding-left: 40px;">"This 'never trust, always verify' mindset requires us to take responsibility for the security of our devices, applications, assets, and services; users are granted access to only the data they need and when needed. "We all must play a role in combating our adversaries by acting quickly and correctly to address security threats wherever and whenever they arise."</p> <p>The document outlines how the Pentagon will incorporate Zero Trust principles across five cybersecurity functions—Identify, Protect, Detect, Respond, and Recover—to create a successful and holistic cybersecurity program.</p> <p>The DoD specifically calls out the People's Republic of China as its strongest threat, but is mindful of other state-sponsored adversaries motivated to breach systems within and outside of the Department's defensive perimeter.</p> <p>"Zero Trust uses continuous multi-factor authentication, micro segmentation, advanced encryption, endpoint security, analytics, and robust auditing, among other capabilities, to fortify data, applications, assets, and services to deliver cyber resiliency," the strategy document says. "The Department is evolving to become a more agile, more mobile, cloud-supported workforce, collaborating with the entirety of DoD enterprise, including federal and non-federal organizations and mission partners working on a variety of missions."</p> <p>The <a href="https://federalnewsnetwork.com/wp-content/uploads/2022/11/DoD_Zero_Trust_Strategy_v1.0_Final_508-date-cover_20221116.pdf">full report</a> breaks down the DoD's vision for a Zero Trust strategy, its approach, flow charts, principles and pillars, measurement and metrics, a detailed road map, and milestones.</p> <p>This action comes on the heels of the White House's Office of Management and Budget<a href="https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf"> announcement in January 2022</a> to enact a Federal Zero Trust architecture (ZTA) strategy, requiring agencies to meet specific cybersecurity standards and objectives by the end of Fiscal Year 2024.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fdod-zero-trust-strategy&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Original Content Pentagon Zero Trust Department of Defense Wed, 23 Nov 2022 17:44:50 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/dod-zero-trust-strategy 2022-11-23T17:44:50Z Cyberattacks Ramp Up in Arab Countries for World Cup https://www.secureworld.io/industry-news/cyberattacks-world-cup <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/cyberattacks-world-cup" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/pexels-riccardo-41257.jpg" alt="soccer stadium" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>While a lot of the world's collective eyes are on the pitch in Qatar for the FIFA World Cup 2022, security professionals are keeping their eyes on an uptick in cyberattacks against organizations in Arab countries.</p> <p>While a lot of the world's collective eyes are on the pitch in Qatar for the FIFA World Cup 2022, security professionals are keeping their eyes on an uptick in cyberattacks against organizations in Arab countries.</p> <p>Just as cybercriminals use holidays as an avenue to catch shoppers and companies off guard, bad actors are using soccer's biggest every-four-year event as a time to catch enterprises too far off their back touch line to net harmful results.</p> <p>According to <a href="https://www.trellix.com/en-us/about/newsroom/stories/research/email-cyberattacks-on-arab-countries-rise.html">a summary of data</a> gathered by the Trellix Advanced Research Center, October saw a 100% increase in malicious emails.</p> <p>With Qatar and other Arab nations ramping up to host the primetime edition of the beautiful game, "<span>attackers take advantage of employee's busy schedule which increases the chances of human error and victim interacting with the attack vector," a report said. "The aim of such attacks can be variable like financial fraud, credential harvesting, data exfiltration, surveillance, or damage to the country's/organization's reputation."</span></p> <p><span>The report lists examples of malicious emails that use the soccer event as the initial attack vector. Tournament-themed phishing campaigns were also identified with bad URLs spoofing real pages, obfuscated post URLs, and credentials posted to a PHP script hosted on the server managed by attackers.</span></p> <p><span>And don't forget a plethora of malware methods targeting Arab countries, including the Top 5: Qakbot, Emotet, Formbook, Remcos, and QuadAgent. For more on each, see the report.</span></p> <p><span>While the tournament comes to a close in early December, experts expect attacks related to the World Cup to continue through January of 2023, and for those attacks to broaden far beyond Arab countries, hitting rabid soccer fans and companies shorthanded due to watch parties.</span></p> <p>UPDATE: World Cup top current and past players' names are <a href="https://www.digit.fyi/qatar-world-cup-top-players-among-most-breached-passwords/">most used and abused passwords</a>, so another heads-up on password management (and using common sense).</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fcyberattacks-world-cup&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Email Security Cyber Attacks Original Content Malware World Cup 2022 Tue, 22 Nov 2022 17:17:12 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/cyberattacks-world-cup 2022-11-22T17:17:12Z Oil & Gas Industry Must Urgently Address Cybersecurity Risks, GAO Says https://www.secureworld.io/industry-news/oil-gas-industry-address-cybersec-risks <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/oil-gas-industry-address-cybersec-risks" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/oil-106913_1280.jpg" alt="Crude oil well" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>The U.S. Government Accountability Office (GAO) is recommending the Department of the Interior's Bureau of Safety and Environmental Enforcement (BSEE) immediately develop and implement a strategy to address offshore oil and gas infrastructure risks.</p> <p>The U.S. Government Accountability Office (GAO) is recommending the Department of the Interior's Bureau of Safety and Environmental Enforcement (BSEE) immediately develop and implement a strategy to address offshore oil and gas infrastructure risks.</p> <p>A cyberattack on the network of more than 1,600 facilities that produce much of U.S. domestic oil and gas "<span>could cause physical, environmental, and economic harm," according to<a href="https://www.gao.gov/products/gao-23-105789"> the report</a>. "And disruptions to oil and gas production and transmission could affect supplies and markets."</span></p> <p><span>The GAO identified risks, vulnerabilities, and threats, including:</span></p> <ul> <li><span><strong>Threat actors:</strong> State actors, cybercriminals and others who could initiate cyberattacks against offshore oil and gas infrastructure.</span></li> <li><span><strong>Vulnerabilities:</strong> New production methods and modern exploration technologies have lead to more remotely connected operations; that remoteness leads to additional risk. Aging infrastructure, additionally, also puts operations at risk.</span></li> <li><span><strong>Potential impacts:</strong> The report identifies potential harm from an attack on oil and gas infrastructure, adding "the effects of a cyberattack could resemble those that occurred in the 2010&nbsp;Deepwater Horizon disaster"; a catastrophic fire to the offshore drilling operation.</span><br><span></span></li> </ul> <p><span>According to the report: "GAO interviewed officials from agencies with offshore and cybersecurity responsibilities. It also obtained the perspectives of nonfederal stakeholders representing the offshore oil and gas industry."</span></p> <p><span>As a specific vulnerability example, an earlier <span style="font-style: italic;">SecureWorld News</span> <a href="https://www.secureworld.io/industry-news/oil-gas-vulnerability-threat-infrastructure">article reported</a> on a separate and previous study identifying vulnerabilities in the oil and gas industry, specifically to flow computers that regulate and calculate volume and flow rates of substances such as natural gas, crude oils, and other hydrocarbon fluids.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Foil-gas-industry-address-cybersec-risks&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Critical Infrastructure Original Content Cyber Defense Mon, 21 Nov 2022 19:48:51 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/oil-gas-industry-address-cybersec-risks 2022-11-21T19:48:51Z Iranian Hackers Target U.S. Government Agency with Log4Shell Exploit https://www.secureworld.io/industry-news/iranian-hackers-target-usa-log4shell <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/iranian-hackers-target-usa-log4shell" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/Iran_flag_code_shutterstock_1198192819.jpg" alt="cyber-Iran-flag" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) <a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-320a">released a joint cybersecurity advisory</a> detailing how state-sponsored Iranian threat actors compromised a federal agency's network by exploiting the infamous Log4Shell vulnerability.</p> <p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) <a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-320a">released a joint cybersecurity advisory</a> detailing how state-sponsored Iranian threat actors compromised a federal agency's network by exploiting the infamous Log4Shell vulnerability.</p> <p>The advisory states that from mid-June through mid-July of this year, CISA conducted an incident response engagement <span>at a Federal Civilian Executive Branch (FCEB) organization where it observed suspected advanced persistent threat (APT) actor activity. </span></p> <p><span>CISA discovered that threat actors had "exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence."</span></p> <p><span>Log4Shell, tracked as <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-44228">CVE-2021-44228</a>, is a remote code execution vulnerability affecting the Apache Log4j library that was discovered in December 2021. The exploit allows threat actors to submit a request to a vulnerable system and execute arbitrary code; this request allows the threat actor to take control of the affected system.</span><span></span></p> <p><span>In June, CISA released an advisory detailing how malicious cyber actors were <a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-174a">continuing to exploit </a></span><a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-174a">Log4Shell</a> in VMware Horizon Systems, coincidentally the same time CISA was investigating the suspected Iranian APT's activity.</p> <p>[RELATED: <a href="https://www.secureworld.io/industry-news/cyber-safety-review-board-log4j">Cyber Safety Review Board's First Report: Log4j Here to Stay</a>]</p> <p>What some might find interesting in this incident is the decision to install cryptomining software. Mike Parkin, a senior technical engineer at Vulcan Cyber, discusses this decision and the Log4Shell exploit:</p> <p style="padding-left: 40px;">"The real question here, with deploying crypto mining malware on their targets, is why wouldn't they? State and State Sponsored threat actors acting like common cybercriminal groups isn't uncommon. It helps obfuscate the source of the threat, and, simultaneously, can make them some extra cash from the criminal activity.</p> <p style="padding-left: 40px;">One of the expected challenges with Log4Shell was the 'long tail' effect. While most vulnerable systems were patched quickly, there is always a 'long tail' of stragglers that don't get remediated in a timely manner. That means we're likely to see these things for a lot longer than we'd like as people get around to remediating the ones they missed. Unfortunately, that can take months, or even years."</p> <p>This recent advisory aims to provide organizations and end-users with knowledge of the APT's <span>tactics, techniques, and procedures (TTPs), as well as indicators of compromise (IOCs) to help defend against related compromises.</span></p> <p><span>CISA and the FBI encourage all organizations with affected VMware systems that did not immediately apply patches to assume they have already been compromised and initiate threat hunting activities. The agencies also urge organizations to apply the recommended mitigations.</span></p> <h2><strong>Incident response and mitigations for Log4Shell</strong></h2> <p>CISA provides an abundance of information in its advisory, including incident response steps, mitigations, and steps to validate security controls.</p> <p>For incident response, it says if your organization suspects initial access or compromise is detected, you should assume lateral movement by threat actors and investigate connected systems. It recommends applying four steps <em>before</em> applying any mitigations:</p> <ol> <li>"Immediately isolate affected systems."</li> <li>"Collect and review relevant logs, data, and artifacts. Take a memory capture of the device(s) and a forensic image capture for detailed analysis."</li> <li>"Consider soliciting support from a third-party incident response organization that can provide subject matter expertise to ensure the actor is eradicated from the network and to avoid residual issues that could enable follow-on exploitation."</li> <li>"Report incidents to CISA via CISA's 24/7 Operations Center (<a href="mailto:report@cisa.gov">report@cisa.gov</a><span>&nbsp;</span>or 888-282-0870) or<span>&nbsp;</span><a href="https://www.cisa.gov/uscert/ncas/alerts/www.fbi.gov/contact-us/field">your local FBI field office</a>, or FBI's 24/7 Cyber Watch (CyWatch) at 855-292-3937 or by email at<span>&nbsp;</span><a href="mailto:CyWatch@fbi.gov">CyWatch@fbi.gov</a>."</li> </ol> <p>CISA also provides seven mitigations that will "<span>improve your organization's cybersecurity posture on the basis of threat actor behaviors." The mitigations are:</span><span></span></p> <ul> <li style="font-weight: normal;">"Install updated builds to ensure affected VMware Horizon and UAG systems are updated to the latest version."</li> <li><span style="font-weight: normal;">"Keep all software up to date&nbsp;and prioritize patching&nbsp;</span><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" style="font-weight: normal;">known exploited vulnerabilities (KEVs)</a><span style="font-weight: normal;">."</span></li> <li style="font-weight: normal;"> <p>"Minimize the internet-facing attack surface."</p> </li> <li style="font-weight: normal;"> <p style="font-weight: normal;">"Use best practices for identity and access management (IAM)."</p> </li> <li style="font-weight: normal;"> <p>"Audit domain controllers to log&nbsp;successful Kerberos Ticket Granting Service (TGS) requests and ensure the events are monitored for anomalous activity."</p> </li> <li> <p>"Create a deny list of known compromised credentials&nbsp;and prevent users from using known-compromised passwords."</p> </li> <li style="font-weight: normal;"> <p>"Secure credentials by restricting where accounts and credentials can be used&nbsp;and by using local device credential protection features."&nbsp;</p> </li> </ul> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Firanian-hackers-target-usa-log4shell&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Exploits APT Original Content Iran U.S. Government CISA Thu, 17 Nov 2022 21:36:22 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/iranian-hackers-target-usa-log4shell 2022-11-17T21:36:22Z Army Cyber Defense Review: 'The Only Constant Is Change' https://www.secureworld.io/industry-news/army-cyber-defense-review-change <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/army-cyber-defense-review-change" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/military_datacenter_shutterstock_725365696.jpg" alt="military-data-center" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Brigadier General Martin White highlights t<span>he fall issue of <em>The Cyber Defense Review</em> from the Army Cyber Institute at West Point with his take on "Tactics and Technicalities Undermining Strategy: Cyber Security is Distracting National Security Communities."</span></p> <p>Brigadier General Martin White highlights t<span>he fall issue of <em>The Cyber Defense Review</em> from the Army Cyber Institute at West Point with his take on "Tactics and Technicalities Undermining Strategy: Cyber Security is Distracting National Security Communities."</span></p> <p><span><a href="https://cyberdefensereview.army.mil/Portals/6/Documents/2022_fall/CDR_V7N4_Fall_2022.pdf">The 280-page publication</a> provides senior leader perspectives, professional commentaries, and research articles around all things cybersecurity and defense. Col. Jeffery M. Ericksen, in the introduction, said this quote from Greek philosopher Heraclitus is apropos: "The only constant is change."&nbsp;</span></p> <p><span>He called out four articles and their authors which specifically focus on the topic of change:</span></p> <ul> <li><span>LTC Andrew Farina's: "The Impending Data Literacy Crisis Among Military Leaders." Col. Ericksen said the article "captures key points<br>about leaders struggling to achieve data literacy in understanding new technologies and paradigm shifts, in this case related to data literacy."<br></span></li> <li><span>LCDR Michael McLaughlin: "Seventh Service" for the United States with authorities more akin to the Coast Guard and National Guard.<br></span></li> <li><span> In "Tactics and Technicalities Undermining Strategy," Australian Brig. Gen. Martin White argues that the downfall of our current approaches is the focus on analyzing too much information, resulting in an overall weaker posture.</span></li> <li><span>LTC Ryan Tate and Col. Chad Bates argue for increased deterrence by being more transparent with operations in their article, "Deterrence Thru Transparent Offensive Cyber Persistence."</span></li> </ul> <p><span>[RELATED: <a href="https://www.secureworld.io/industry-news/cyber-war-vs-traditional-war">Cyber War vs. Traditional War: The Difference Is Fading</a>]</span></p> <p><span>Some other notable quotes taken from the journal:</span></p> <ul> <li><span>"Responsible requires that humans exercise judgment in developing, deploying, using, and arriving at outcomes," said Daniel M. Gerstein, a 1980 West Point graduate, who served as the Department of Homeland Security Undersecretary (acting) and Deputy Undersecretary in the Science and Technology Directorate from 2011-2014, in his "Better Anticipating and Managing Today's Growing Cyber Risks" article. "Accomplishing this requires humans to embed structures and processes that directly account for and retain human control in the algorithms that enable the functionality of the cyber domain. It also requires keen human judgments in decision-making, a point important to consider more deeply."</span></li> <li><span>In Dr. Herbert Lin's article, "Russian Cyber Operations in the Invasion of Ukraine," he said: "As for warfighting potential, the U.S. Department of Defense (DoD) asserts a rather broad utility for offensive cyber operations. For example, Joint Publication 3-12 characterizes cyberattacks as a form of fires, similar in principle to artillery or machine-gun fire, that degrades, disrupts, destroys, or manipulates adversary information or information systems. DoD doctrine also acknowledges the value of cyber operations for exploitation, including military intelligence activities, maneuver, information collection, and other enabling actions required to prepare for future military operations."</span></li> <li><span>The abstract from Brig. Gen. Martin White's article on "Tactics and Technicalities Undermining Strategies: Cyber Security is Distracting National Security Communities" gives a great overview: "National security communities cannot protect all their information. Yet the exigencies of cyber security and identified network vulnerabilities are trumping more strategic consideration of information protection, and national security communities have found it difficult to adhere to clear and defensible information protection principles."</span><br><br><span>"A more strategic approach would focus on identifying and prioritizing the most important organizational information; a defense that aligns information security resources to the most important information, with a clear view of the actions needed to protect against the intelligence capabilities of strategic competitors; and, established mechanisms for situations when preventive security measures will so often fall short, which include standing deception plans and well-coordinated reparative measures. Without defensible principles, the immense cyber security investments being made will not have the desired information security effect."</span></li> </ul> <p><span>Again, find the full <a href="https://cyberdefensereview.army.mil/Portals/6/Documents/2022_fall/CDR_V7N4_Fall_2022.pdf">publication here</a>, which includes a review of Martin C. Libicki's book, "Cyberspace in Peace and War, 2nd Edition."</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Farmy-cyber-defense-review-change&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Cyber Warfare Original Content U.S. Army Cyber Defense Thu, 17 Nov 2022 19:31:42 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/army-cyber-defense-review-change 2022-11-17T19:31:42Z Cyber Leaders on Defending Against Holiday Scam Vulnerabilities https://www.secureworld.io/industry-news/webcast-defending-holiday-scam-vulnerabilities <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/webcast-defending-holiday-scam-vulnerabilities" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/cyber_crime_shutterstock_661977379.jpg" alt="cyber-crime-tape-laptop" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>The holidays are a time when people unknowingly let their guard down, and cybercriminals know it. They take advantage of folks at home who are in a good mood, excitedly awaiting packages that are gifts for family or friends; and they also know employee counts are low as staff take vacation time and someone not used to a certain role might be covering for another employee.</p> <p>The holidays are a time when people unknowingly let their guard down, and cybercriminals know it. They take advantage of folks at home who are in a good mood, excitedly awaiting packages that are gifts for family or friends; and they also know employee counts are low as staff take vacation time and someone not used to a certain role might be covering for another employee.</p> <p>It's a holiday recipe for potential disaster. But have no fear, we have an <a href="https://www.secureworld.io/resources/stay-resilient-against-holiday-scams">on-demand webcast</a> available now on "How to Stay Resilient Against Holiday Scams this Season."</p> <p>The discussion includes Matthew O'Neil, <span>Global Investigative Operations Center, Cyber Intelligence Section,</span><span>&nbsp;</span><span>U.S. Secret Service; </span>Cathy Click, <span>Phishing Defense and Education,</span><span>&nbsp;</span><span>FedEx; and </span>Fabiola Fernandez, <span>Product Marketing Manager, Security Awareness Training,</span><span>&nbsp;</span><span>Proofpoint.</span></p> <p><span>Watch as these cybersecurity leaders interact and share:</span></p> <ul> <li><span>The methods and techniques scammers use during the holiday season</span></li> <li>Examples of common holiday scams your end-users will face</li> <li>Successful ways security awareness programs help end-users build positive security habits to stay vigilant against attacks&nbsp;&nbsp;</li> </ul> <p>"According to the FBI, they reported that last year Americans experienced $6.9 billion in losses from holiday scams and this included $337 million just from online shopping and non-delivery scams alone," Fernandez said. "That's a lot of money, and we're always shopping online. I know I am almost every other day."</p> <p>For FedEx, Click said the company deals not only with external issues with customers affected by bad actors trying to scam package recipients, but also attacks on internal issues with hackers claiming to be customers looking for retribution for a failed package delivery.</p> <p>"We ask external customers to send to abuse@fedex.com," Click said. "If you ever do get one of those, we have an entire setup where they do takedowns of those malicious characters that are sending out those emails. And they do tend to ramp them up at Christmas time, knowing darn good and well that you have ordered all these gifts.</p> <p>"Internally, they'll tend to attack our customer internal team members by going after them saying they're a customer that has lost something, for example."</p> <p>[RELATED: <a href="https://www.secureworld.io/industry-news/cybersecurity-lessons-learned-2018-hacking">The Holiday Hacker Case Study</a>]</p> <p>O'Neil said that a lot of fraud investigations involve following the money—with the main motivator being financial gain for cybercriminals; and it's why reporting incidents no matter if it's thousands of dollars are a few hundred or less is important.</p> <p>"Statistics show that within 24 hours of a wire transfer, especially overseas, being reported to law enforcement, we can recover all or a portion of the money somewhere in the neighborhood of 55% or 56% of the time," O'Neil said. "After 72 hours, it's about 1%."</p> <p>Thanks to Proofpoint for sponsoring the webcast, which is <a href="https://www.secureworld.io/resources/stay-resilient-against-holiday-scams">available on demand</a>, and to Cathy Click and Matthew O'Neil for offering their wisdom on the subject of preventing and reporting holiday scams.</p> <p>Also, check out our <a href="https://www.secureworld.io/industry-news/cyber-threats-holiday-retail-hospitality">recent post </a>on "Holiday Season Cyber Threat Trends for Retail, Hospitality Industries."</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fwebcast-defending-holiday-scam-vulnerabilities&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Security Awareness Original Content Cybercrime / Threats Holiday Scams Thu, 17 Nov 2022 18:01:21 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/webcast-defending-holiday-scam-vulnerabilities 2022-11-17T18:01:21Z D.C. Think Tank Launches Cybersecurity Working Group https://www.secureworld.io/industry-news/think-tank-cybersecurity-working-group <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/think-tank-cybersecurity-working-group" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/brain_learning_science.jpg" alt="brain-cyber-technology" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>A Washington, D.C., think tank focused on bipartisan solutions promoting health, security, and opportunity for all Americans has launched a working group with the aim of identifying the most pressing risks in cybersecurity.</p> <p>A Washington, D.C., think tank focused on bipartisan solutions promoting health, security, and opportunity for all Americans has launched a working group with the aim of identifying the most pressing risks in cybersecurity.</p> <p>The Bipartisan Policy Center has named Tom Romanoff, Director of the Technology Project for the BPC, and Jamil Farshchi, EVP and CISO of Equifax and a strategic engagement advisor to the FBI, as co-chairs of the newly formed group.</p> <p><span>"Today's cybersecurity challenges know no boundaries. It impacts every level of society, which is why we've brought these diverse leaders together," <span style="font-weight: normal;">Romanoff </span>said in <a href="https://bipartisanpolicy.org/press-release/bipartisan-policy-center-launches-cybersecurity-working-group/">a press release</a> today</span><span>. "This group understands what it takes in order to drive action in the boardroom, the halls of Congress, state capitals, and beyond."</span></p> <p><span>The group has already begun debating and identifying what cybersecurity risks that business, government, and society face, with the goal of publicly reporting its initial findings in January 2023.</span></p> <p><span>The members of the working group are:</span></p> <ul> <li><strong><span>Christopher Painter</span></strong><span>, former cybersecurity leader at the U.S. Department of State, Department of Justice, and the White House</span></li> <li><strong><span>Craig Froelich</span></strong><span>, CISO, Bank of America</span></li> <li><strong><span>Hon. Jim Langevin</span></strong><span>, member of the U.S. House of Representatives and chair of the Subcommittee on Cyber, Innovative Technologies, and Information Systems</span></li> <li><strong><span>Hon. Mark Brnovich</span></strong><span>, Attorney General of the State of Arizona</span></li> <li><strong><span>Hon. Sean Reyes</span></strong><span>, Attorney General of the State of Utah</span></li> <li><strong><span>Jeremy Grant</span></strong><span>, coordinator of the Better Identity Coalition and former senior executive advisor for NIST</span></li> <li><strong><span>Jerry Davis</span></strong><span>, VP, Senior Security Advisor, PG&amp;E, and board member, Cybersecurity Safety Review Board (CSRB), CISA</span></li> <li><strong><span>Jules Polonetsky</span></strong><span>, CEO, Future of Privacy Forum</span></li> <li><strong><span>Noopur Davis</span></strong><span>, EVP and Chief Information Security and Product Privacy Officer, Comcast</span></li> <li><strong><span>Phil Venables</span></strong><span>, CISO, Google Cloud</span></li> <li><strong><span>Rear Admiral (Ret) Mark Montgomery</span></strong><span>, Executive Director, Cyberspace Solarium Commission 2.0.</span></li> </ul> <p><span>The <a href="https://bipartisanpolicy.org/">Bipartisan Policy Center </a>offers solutions that are the product of informed deliberations by former elected and appointed officials, business and labor leaders, and academics and advocates who represent both sides of the political spectrum, according to its About Us page.</span></p> <p><span>Cybersecurity is a new focus for the Center's core areas, which are:</span></p> <p style="padding-left: 40px;">•&nbsp; Digital democracy<br>•&nbsp; Democracy<br>•&nbsp; Housing<br>•&nbsp; Business<br>•&nbsp; Higher education<br>•&nbsp; Technology<br>•&nbsp; Early childhood<br>•&nbsp; Elections<br>•&nbsp; Health<br>•&nbsp; Campus free expression<br>•&nbsp; Energy<br>•&nbsp; Immigration<br>•&nbsp; Infrastructure<br>•&nbsp; Economy</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fthink-tank-cybersecurity-working-group&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Information Sharing Cybersecurity Original Content U.S. Government Tue, 15 Nov 2022 19:49:50 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/think-tank-cybersecurity-working-group 2022-11-15T19:49:50Z Hackers Hit WordPress Sites with Malware Redirects https://www.secureworld.io/industry-news/wordpress-malware-redirects <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/wordpress-malware-redirects" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/wordpress-588494_1280.jpg" alt="WordPress logo in water" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p><span>In an effort to increase their Google search rankings and drive more traffic to fake sites, bad actors are employing a black hat SEO trick that is redirecting users via WordPress websites.</span></p> <p><span>In an effort to increase their Google search rankings and drive more traffic to fake sites, bad actors are employing a black hat SEO trick that is redirecting users via WordPress websites.</span></p> <p><span>Visitors to the more than 15,000 websites are being redirected to low-quality bogus Q&amp;A sites thanks to malware infecting the WordPress sites.</span></p> <p><span>"The attackers' spam sites are populated with various random questions and answers found to be scraped from other Q&amp;A sites," Sucuri reported in a <a href="https://blog.sucuri.net/2022/11/massive-ois-is-black-hat-redirect-malware-campaign.html">blog post</a>. "Many of them have cryptocurrency and financial themes."</span></p> <p><span>Check out the blog for details on commonly affected files (infected malicious .php files), evasive techniques, redirect scripts (including redirects to logo.png files), a list of redirect destinations, and more.</span></p> <p><span>"This black hat SEO theory is also backed by the fact that the second level domains of the Q&amp;A sites seem to belong to the same people," the post continues. "The hosted websites use similar templates and pretty low quality content (mostly in Arabic language) that is either scraped from some other sites or created for search engines rather than real humans."</span></p> <p><span>Authors of the malware campaigns are aiming to boost traffic to their phony sites and therefore increase clicks on their own Google ads, as well as increase their own sites' authority rankings, which in turn could bring legitimate organic traffic by users not knowing they are being directed to the fake content.</span></p> <p><span>The key takeaway? Users must enable multi-factor authentication (MFA) and ensure that all software is up-to-date. The Sucuri post also provides advice for affected users to clean up the infection and mitigate future exploits.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fwordpress-malware-redirects&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Cybersecurity Original Content Malware Mon, 14 Nov 2022 20:22:38 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/wordpress-malware-redirects 2022-11-14T20:22:38Z U.S. CISA Issues Guidance on Vulnerability Management https://www.secureworld.io/industry-news/cisa-guidance-vulnerability-management <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/cisa-guidance-vulnerability-management" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/bug_vulnerability_magnifying_glass_shutterstock_2116770566.jpg" alt="bug-vulnerability-magnifying-glass" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is offering guidance for advancing the vulnerability&nbsp; management ecosystem.</p> <p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is offering guidance for advancing the vulnerability&nbsp; management ecosystem.</p> <p>In a November 10th blog post, Eric Goldstein, CISA Executive Assistant Director for Cybersecurity, outlines a three-step approach that organizations of any size can take to continue to make progress in efforts to thwart adversaries. They are:</p> <p style="padding-left: 40px;">1. Achieving automation<br>Publish machine-readable security advisories based on the Common Security Advisory Framework (CSAF).</p> <p style="padding-left: 40px;">2. Clarifying impact<br>Use Vulnerability Exploitability eXchange (VEX) to communicate whether a product is affected by a vulnerability and enable prioritized vulnerability response.</p> <p style="padding-left: 40px;">3. Prioritized based on organizational attributes<br>Use vulnerability management frameworks, such as Stakeholder-Specific Vulnerability Categorization (SSVC), which utilize exploitation status and other vulnerability data to help prioritize remediation efforts.</p> <p><a href="https://www.cisa.gov/blog/2022/11/10/transforming-vulnerability-management-landscape">See the full blog post</a> for more details on each critical step.&nbsp;</p> <p>"<span>CISA encourages every organization to use a vulnerability management framework that considers a vulnerability's exploitation status, such as SSVC," Goldstein wrote.</span></p> <p><span>To further assist, CISA released new website features related to using SSVC that organizations can access :</span></p> <p>• An<span>&nbsp;</span><a href="https://www.cisa.gov/ssvc">SSVC webpage</a><span>&nbsp;</span>introducing CISA's SSVC decision tree</p> <p>• The<span>&nbsp;</span><a href="https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf">CISA SSVC Guide</a><span>&nbsp;</span>instructing how to use the scoring decision tree</p> <p>• The<span>&nbsp;</span><a href="https://www.cisa.gov/ssvc-calculator">CISA SSVC Calculator</a><span>&nbsp;</span>for evaluating how to prioritize vulnerability responses in an organization's respective environment</p> <p>"The SSVC is more guidance to focus decision making, whereas the CVE values will still play an important role into the process," said <strong><span style="font-size: 14px;">Andrew Barratt, Vice President at </span></strong><span style="font-size: 11px;"><a href="https://www.coalfire.com/"><strong><span style="font-size: 14px;">Coalfire. </span></strong></a></span>"The decision tree really helps with categorizing and then prioritizing action, and will allow for multiple vulnerability impacts on each other to be considered as part of an attack chain."</p> <p>"The guidance gives an organizational framework that should help with priorities, particular during intense commercial periods such as the holidays when only a finite number of things can be done. This can help prioritize the most dangerous vulnerabilities when considering how they may be leveraged and serve as a tool to organize the information, such that it is easily revisited. I can imagine vendors in the vulnerability management space adopting this alongside the MITRE ATT&amp;CK so that management tools can help."</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fcisa-guidance-vulnerability-management&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Risk Management Vulnerabilities Original Content Automation CISA Fri, 11 Nov 2022 12:33:00 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/cisa-guidance-vulnerability-management 2022-11-11T12:33:00Z Oil & Gas Industry Vulnerability Typifies Threat to Key Infrastructure https://www.secureworld.io/industry-news/oil-gas-vulnerability-threat-infrastructure <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/oil-gas-vulnerability-threat-infrastructure" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/pipeline_oil_refinery_shutterstock_590235038.jpg" alt="oil-pipeline-refinery" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>A new research report has exposed vulnerabilities in the oil and gas industry, specifically to flow computers that regulate and calculate volume and flow rates<span> of substances such as natural gas, crude oils, and other hydrocarbon fluids.</span></p> <p>A new research report has exposed vulnerabilities in the oil and gas industry, specifically to flow computers that regulate and calculate volume and flow rates<span> of substances such as natural gas, crude oils, and other hydrocarbon fluids.</span></p> <p><span>The report was issued by Team82, the research arm of Claroty, an industrial security company. While the threat is pretty specific to "a path-traversal vulnerability in ABB TotalFlow flow computers and controllers," it is an example of ways hackers can disrupt critical infrastructure systems.</span></p> <p><span>Disruptions can affect safety by throwing off input amounts; triggering alarms in error; throwing off logs, reports, and configurations; and affecting utility billing, the report says, citing a recent ransomware attack.</span></p> <p><span>"The most noteworthy and related security incident was the&nbsp;<a href="https://claroty.com/blog/lessons-from-the-colonial-pipeline-attack">ransomware attack against Colonial Pipeline</a>, which impacted enterprise systems, and forced the company to shut down production because it could not bill customers. Disrupting the operation of flow computers is a subtle attack vector that could similarly impact not only IT, but also OT systems; this led us to research the security of these machines."</span></p> <p><span>In July of this year, ABB, a Swedish-Swiss industrial automation firm whose flow computers and controllers were found vulnerable, issued a <a href="https://library.e.abb.com/public/b17396142a3d4d14ae29e351ccc974ec/Cyber%20Security%20Advisory%20CVE-2022-0902%20-%20Path%20Traversal%20Vulnerability%20in%20Totalflow%20TCP%20protocol.pdf">security advisory</a>. The advisory lists seven ABB devices and provides fixed flash part numbers for customers.</span></p> <p><span>"Mitigation can be accomplished by proper network segmentation," the company advised. "ABB recommends that customers apply the flash update at the earliest convenience."</span></p> <p><span>It further added: "To mitigate this vulnerability, the ABB device should only be connected to a network segment that restricts access to authorized users. The vulnerability is only exposed when the attacker has access to the network where the ABB device is running Totalflow TCP protocol."</span></p> <p><span>See the <a href="https://claroty.com/team82/research/an-oil-and-gas-weak-spot-flow-computers">Claroty Team 82 report</a> for diagrams of how a flow computer measures gas flow.&nbsp;</span></p> <p><span>Attackers take over control of the flow computers to remotely disrupt the system's ability to accurately measure oil and gas flow. The result can be disruption of services and unsafe flow conditions.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Foil-gas-vulnerability-threat-infrastructure&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Critical Infrastructure Vulnerabilities Cyber Attacks Original Content Thu, 10 Nov 2022 17:37:59 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/oil-gas-vulnerability-threat-infrastructure 2022-11-10T17:37:59Z CTO of Center for Internet Security Expounds on Transforming InfoSec https://www.secureworld.io/industry-news/cto-center-internet-security-transformation <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/cto-center-internet-security-transformation" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/digital_transformation_shutterstock_604231253.jpg" alt="digital-transformation-compass" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Kathleen Moriarty's opening line for her presentations at two upcoming SecureWorld virtual conferences&nbsp;tee up nicely the deep insights she will provide:</p> <p>Kathleen Moriarty's opening line for her presentations at two upcoming SecureWorld virtual conferences&nbsp;tee up nicely the deep insights she will provide:</p> <p><img src="https://www.secureworld.io/hs-fs/hubfs/speakers/Kathleen_Moriarty.png?width=140&amp;height=140&amp;name=Kathleen_Moriarty.png" alt="Kathleen_Moriarty" width="140" height="140" style="height: auto; max-width: 100%; width: 140px; float: right;">"T<span style="font-size: 11px;">he topic of transforming information security is a big one, but we are at a unique period of time for security," said Moriarty, Chief Technology Officer at the Center for Internet Security, based in <span>East Greenbush, New York</span>. "We have so much change happening and we can drive it to happen in a more positive way to reduce the resource needs for organizations and actually scale security for businesses of all sizes."</span></p> <p><span style="font-size: 11px;">Here are a few other snippets from her presentation, but you'll have to register and join to hear her full insightful talk and take in the rest of both days' great speaker lineup.</span></p> <ul> <li><span style="font-size: 11px;">"We are facing threats that include Zero-Day exploits and Day-One exploits crafted to your organization or to a broader pool that narrows down on more interesting targets. At the same time, we also have changes at every layer of the protocol stack and this is driven by an increased push for encryption—not just encryption, strong encryption."</span></li> <li> <p>"We're responsible for the CIS benchmarks and the CIS controls. These are consensus driven by teams of experts to help you first with the CIS benchmarks, configure systems securely to a set of agreed upon standards that have the biggest impact for a particular set of products. This is pretty powerful because now we all know how to secure systems and it's been validated by a third party that's a nonprofit and trusted. On top of that, there are a number of cases where you can actually buy your system already configured to a set of the benchmarks at a level that you choose for that particular benchmark. This is powerful and reduces the work that's needed for a particular organization."</p> </li> <li> <p>"So I'm curious to know how many of you have begun to explore Zero Trust and which areas of Zero Trust are you going after first? And have you thought about verification? Can you do more in that space? Or is that just too much of a reach? If you are inspired by any of this and want to learn more about architectural patterns at scale, so you could start to develop some of your own and think how can we transform information security, my book (<span><a href="https://www.amazon.com/Kathleen-M-Moriarty/e/B08FCWTDGR%3Fref=dbs_a_mng_rwt_scns_share" style="font-style: italic;">Transforming Information Security: Optimizing Five Concurrent Trends to Reduce Resource Drain</a>) </span>may help with that in terms of inspiring your thinking and getting you to innovate in ways that better scale so that we can reduce the resource burden that we've placed on organizations."</p> </li> </ul> <p>Don't miss Kathleen Moriarty's complete presentation, "Transforming Information Security for Businesses of All Sizes,"&nbsp;as well as those of other cybersecurity leaders, at our upcoming digital events. Attendance is free and can earn <span style="font-size: 11px;">5 CPE credits. See more and register at the links below:&nbsp;</span></p> <p><a href="https://events.secureworld.io/details/texas-2022/">Texas virtual conference</a> on Thursday, Nov. 17</p> <p><a href="https://events.secureworld.io/details/west-coast-2022/">West Coast virtual conference</a> on Thursday, Dec. 8<br><br></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fcto-center-internet-security-transformation&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Cybersecurity SecureWorld Original Content Cybersecurity Conference Digital Transformation Wed, 09 Nov 2022 22:57:15 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/cto-center-internet-security-transformation 2022-11-09T22:57:15Z U.K. Government, Industry Form New National Cyber Advisory Board https://www.secureworld.io/industry-news/uk-national-cyber-advisory-board <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/uk-national-cyber-advisory-board" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/United_Kingdom_flag_cyber_shutterstock_2217947681.jpg" alt="United Kingdom flag code" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>With the United Kingdom moving up to third in the most targeted nations for cyberattacks—behind the United States and Ukraine—industry and government in the U.K. have come together to form the new National Cyber Advisory Board.</p> <p>With the United Kingdom moving up to third in the most targeted nations for cyberattacks—behind the United States and Ukraine—industry and government in the U.K. have come together to form the new National Cyber Advisory Board.</p> <p>The board is co-chaired by the Chancellor of the Duchy of Lancaster, Oliver Dowden, and Lloyds Banking Group CIO, Sharon Barber. The first gathering of the board was November 8th.</p> <p>According to <a href="https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/articles/natureoffraudandcomputermisuseinenglandandwales/yearendingmarch2022">a press release</a> from the Office for National Statistics, fraud and computer misuse offenses increased substantially from March 2020 to March 2022. Physical crime, due to the pandemic lockdown, actually decreased, while cybercrimes climbed 25% to 4.5 million attacks in England and Wales.</p> <p>A few more stats from the release:</p> <ul> <li>Cyber-related fraud incidents increased from 53% to 61% from March 2020 to March 2022.</li> <li>Computer misuse increased by 89% to 1.6 million attacks.</li> <li>Police said fraud reports climbed 17% over March 2021 with nearly 1 million offenses, up 25% over March 2020.</li> <li>The public-facing national fraud and cybercrime reporting center, known as Action Fraud, reported fraud offenses were actually <em>down</em> 11%—from record levels of nearly 400,000 in March 2021 to&nbsp; just over 350,000 in March of this year.</li> </ul> <p>Thus, the new&nbsp; National Cyber Advisory Board has been formed with the goal of championing a "whole of society" approach to building the U.K.'s cyber future in coordination with the country's National Cyber Strategy. The U.K. hopes to be a leading democratic cyber power by 2030.</p> <p>[RELATED: <a href="https://www.secureworld.io/industry-news/top-30-national-cyber-power-index">U.S. Remains atop Updated National Cyber Power Index</a>]</p> <p><span>Sharon Barber said:</span></p> <p style="padding-left: 40px;"><span>"The digital world is ever changing and businesses and the Government must continue to adapt, innovate, and invest in order to protect ourselves, the public, and our data. That's why we need everyone around the table through the Board working together to help keep individuals and businesses safe online."</span></p> <p><span>The board will work closely with the U.K.'s National Cyber Security Centre, which is working to train businesses, government, and consumers to become cyber resilient.</span></p> <p><span>Oliver Dowden said:</span></p> <p style="padding-left: 40px;">"Protecting and promoting the UK's interests in cyberspace cannot be achieved in isolation, it must be a shared endeavor between government and all parts of the economy and society. We have seen how cyber attacks are increasing, putting the U.K. and our businesses and services on the frontline of global threats.</p> <p style="padding-left: 40px;">That's why this new National Cyber Advisory Board is so important, bringing leaders from across industry, the third sector, and academia to share information and expertise on how to build and protect our digital economy and services."</p> <p><span>The National Cyber Advisory Board will meet every quarter, with the next meeting expected to take place in the first quarter of 2023.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fuk-national-cyber-advisory-board&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> United Kingdom Original Content Cybercrime / Threats Wed, 09 Nov 2022 19:10:59 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/uk-national-cyber-advisory-board 2022-11-09T19:10:59Z New York to Require Attorneys Receive Data Privacy, Security Training https://www.secureworld.io/industry-news/new-york-attorneys-cybersecurity-privacy <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/new-york-attorneys-cybersecurity-privacy" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/privacy_law_shutterstock_605520746.jpg" alt="privacy-law-books" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>With the risk of data breaches growing—and a quarter of law firms reporting in a 2021 survey that they experienced their own breaches—attorneys barred in New York must now formally brush up on their cybersecurity training.</p> <p>With the risk of data breaches growing—and a quarter of law firms reporting in a 2021 survey that they experienced their own breaches—attorneys barred in New York must now formally brush up on their cybersecurity training.</p> <p><span style="font-style: italic;">Bloomberg</span> is <a href="https://news.bloomberglaw.com/bloomberg-law-analysis/analysis-ny-is-first-to-require-cle-on-cybersecurity-privacy">reporting </a>that the State of New York is the first U.S. jurisdiction to require attorneys to complete one credit hour of cybersecurity, privacy, and data protection training as part of their biennial Continuing Legal Education (CLE).</p> <p>The new requirement will go into effect July 1, 2023.&nbsp;Here are <a href="https://www.nycourts.gov/LegacyPDFS/attorneys/cle/CLE-and-AP-News-Cybersecurity.pdf">details on the new requirement</a> from the New York State Unified Court System.</p> <p>Courses focused on privacy and data protection with a bent toward cybersecurity are commonplace; New York attorneys can begin earning their new CLE credit as soon as January 1, 2023.</p> <p>With recent headlines revealing breaches discovered when attorneys mistakenly sent sensitive data (e.g., the Alex Jones trial and Donald Trump's lawyers' release of emails via Dropbox link related to Jan. 6 Committee proceedings), attorneys need to learn how to prevent and/or respond to internal mishaps and external cyberattacks.&nbsp;</p> <p>Kara Hilburger, Esq., <span>has been </span>a licensed attorney in New York State since 2008. She is Managing Director and Partner at Octillo Law, <span>a technology law firm and one of the few firms in the United States with a recognized focus solely on data security and privacy compliance, incident response, and litigation.</span></p> <p>Hilburger told <em>SecureWorld News:</em></p> <p style="padding-left: 40px;">"As attorneys, we have an important ethical and professional duty to safeguard and protect the confidentiality of client information, including electronic information. Part of this obligation is to stay up to date with the fast-moving threat landscape, regardless of the area of law we practice or the size of our law firm. Failing to prioritize data security can lead to significant consequences for attorneys, including business interruption, data and financial loss, and reputational damage.</p> <p style="padding-left: 40px;">The current landscape requires lawyers to stay up to speed with changes in technology used to practice law and understand the need to protect and safeguard this information from threat actors. New York's new CLE requirement is undoubtedly an important milestone in the industry."</p> <p>At K&amp;L Gates LLP, members of its Data Protection, Privacy, and Security practice group had this to say:</p> <p><span style="color: #1f497d;">"While New York is the first state to do so, we expect to start seeing more states adopt similar requirements," said <span style="font-size: 11px; color: #1f497d;">Jane Petoskey, Esq., Associate Attorney.</span> "New York's requirement aligns with ABA Formal Opinion 477R (2017), 483 (2018), and 498 (2021), which set forth formal guidance on attorneys' obligations related to cybersecurity responsibilities, as well as those arising from an electronic data breach or cyberattack."</span></p> <p><span style="color: #1f497d;">Jake Bernstein, Esq., Partner, added, "</span><span style="color: #1f497d;">Both the American Bar Association (ABA) and states' model rules of professional conduct already require attorneys to be aware of the risks that come with the benefits of the use of technology (see Model Rules 1.1, 1.6, 5.1, and 5.3), so as technology advances and security inherently becomes a greater issue, we expect more states to enforce more training related to attorneys' cybersecurity and privacy practices."</span></p> <p><a href="https://www.nycourts.gov/LegacyPDFS/attorneys/cle/17a-Rules-1500-2h-Cybersecurity-Definition.pdf">Here's more </a>on the new CLE program rules related to the cybersecurity, privacy, and data protection requirement.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fnew-york-attorneys-cybersecurity-privacy&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Privacy Data Security Original Content Cyber Law New York Tue, 08 Nov 2022 19:14:45 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/new-york-attorneys-cybersecurity-privacy 2022-11-08T19:14:45Z Microsoft Report: Scope and Scale of Cyber Threats Enormous, Global https://www.secureworld.io/industry-news/microsoft-scope-scale-cyber-threats <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/microsoft-scope-scale-cyber-threats" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/global_map_digital_binary_shutterstock_709775137.jpg" alt="global-map-code" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Microsoft recently released its <a href="https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bUvv?culture=en-us&amp;country=us" style="font-style: italic;">Digital Defense Report 2022</a>, examining the current threat landscape, touching on the first "hybrid war" that is the Ukraine-Russia conflict, reviewing the current state of cybercrime, and identifying the characteristics needed to successfully defend against future threats.</p> <p>Microsoft recently released its <a href="https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bUvv?culture=en-us&amp;country=us" style="font-style: italic;">Digital Defense Report 2022</a>, examining the current threat landscape, touching on the first "hybrid war" that is the Ukraine-Russia conflict, reviewing the current state of cybercrime, and identifying the characteristics needed to successfully defend against future threats.</p> <p>The key takeaway? The scope and scale of digital threats is enormous, affecting all points of the globe. But there is hope, as vendors, governments, and the good guys in the security realm push to promote solid cyber defense practices to reduce the risk of cyberattacks.&nbsp;</p> <p><a href="https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bcRe?culture=en-us&amp;country=us">Click here </a>for the 11-page executive summary of the comprehensive, 114-page report. Microsoft shared some stats from the massive amount of data points it reviewed between July 2021 and the end of June 2022:</p> <ul> <li><strong>43 trillion</strong> signals were synthesized daily, using sophisticated data analytics and AI algorithms</li> <li><strong>More than 8,500</strong> engineers, researchers, data scientists, cybersecurity experts, threat hunters, geopolitical analysts, investigators, and frontline responders were involved across 77 countries</li> <li><strong>More than 15,000</strong> partners in Microsoft's security ecosystem aided in increasing cyber resilience</li> <li><strong>37 billion</strong> email threats were blocked</li> <li><strong>34.7 billion</strong> identity threats were blocked</li> <li><strong>2.5 billion</strong> endpoint signals were analyzed daily</li> </ul> <p>Unfortunately, for every email and identity threat that was blocked, there were those that made it through, causing disruption and monetary loss. And bad actors are getting more sophisticated in their approaches, or as Timothy Morris, Chief Security Advisor at Tanium, said, "adversaries will skate to where the puck is."</p> <p>"Up until recently, stolen credentials were the leading attack vector entry—exploited vulnerabilities just surpassed stolen creds," Morris said. "It is unclear if better password policies, implementations of one-time passwords (OTP) or multi-factor authentication (MFA), reduced the quality of stolen creds, or if the increased quantity of exploitable vulnerabilities caused the shift."</p> <p>Some key quotes from the executive summary:</p> <ul style="list-style-type: circle;"> <li>"Cybercriminals continue to act as sophisticated profit enterprises. Attackers are adapting and finding new ways to implement their techniques, increasing the complexity of how and where they host campaign operation infrastructure. At the same time, cybercriminals are becoming more frugal. To lower their overhead and boost the appearance of legitimacy, attackers are compromising business networks and devices to host phishing campaigns, malware, or even use their computing power to mine cryptocurrency."</li> <li>"The most effective defense against ransomware includes multifactor authentication, frequent security patches, and Zero Trust principles across network architecture."</li> <li>"Nation state actors are launching increasingly sophisticated cyberattacks to evade detection and further their strategic priorities. The advent of cyberweapon deployment in the hybrid war in Ukraine is the dawn of a new age of conflict."</li> <li>"Malware as a service has moved into large scale operations against exposed IoT and OT in infrastructure and utilities as well as corporate networks."</li> <li>"Attacks against remote management devices are on the rise, with more than 100 million attacks observed in May of 2022—a five-fold increase in the past year."</li> <li>"Nation states are increasingly using sophisticated influence operations to distribute propaganda and impact public opinion both domestically and internationally. These campaigns erode trust, increase polarization, and threaten democratic processes."</li> <li>"Russia, Iran, and China employed propaganda and influence campaigns throughout the COVID-19 pandemic often as a strategic device to achieve broader political objectives."</li> </ul> <p>The report urges resiliency by cybersecurity professionals, which requires modernizing systems and architecture, particularly in today's hyper-connected world. Sadly, most cyberattacks could be prevented by employing basic security hygiene, the report states.</p> <p>In addition, Microsoft points out that collaboration and cooperation are major factors in thwarting cyberattacks, and success will be due to a holistic, adaptive approach to protecting core services and infrastructure.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fmicrosoft-scope-scale-cyber-threats&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Cyber Attacks Cyber Warfare Original Content Microsoft Cyber Defense Tue, 08 Nov 2022 17:34:55 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/microsoft-scope-scale-cyber-threats 2022-11-08T17:34:55Z Holiday Season Cyber Threat Trends for Retail, Hospitality Industries https://www.secureworld.io/industry-news/cyber-threats-holiday-retail-hospitality <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/cyber-threats-holiday-retail-hospitality" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/holiday-shopping-1921658_1280.jpg" alt="mobile-shopping-Christmas-lights" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Every holiday season, malicious threat actors ramp up their activities as consumers spend their days at home cuddled up on the couch, surfing for gifts for their loved ones. This holiday season figures to be no different.</p> <p>Every holiday season, malicious threat actors ramp up their activities as consumers spend their days at home cuddled up on the couch, surfing for gifts for their loved ones. This holiday season figures to be no different.</p> <p><span>The </span>Retail &amp; Hospitality Information Sharing and Analysis Center<span> (RH-ISAC) released its&nbsp;</span><em>2022 Holiday Season Cyber Threat Trends</em><span> report, detailing the threat landscape the retail and hospitality industries face during the holiday season.</span></p> <p><span>The report found that QakBot, Emotet, Agent Tesla, and Dridex are likely to be the most used malware tools by threat actors, while phishing and fraud remain "critical concerns," with return and gift card fraud increasing significantly.&nbsp;</span></p> <p><span>Perhaps more importantly, the report includes "perspectives from key subject matter experts at leading consumer-facing organizations who provided insights into their organization's holiday season cybersecurity measures." Those experts provide analysis of threat trends for this upcoming holiday season, while taking a look back at other historical trends.</span></p> <h2><strong>Holiday cyber threats and analysis</strong></h2> <p>The RH-ISAC spoke with several key member analysts that have specific expertise in fraud prevention who are currently implementing their organization's holiday season security measures.</p> <p>When asked what their primary threat focuses for this holiday season were, five things popped up consistently:</p> <p style="padding-left: 40px;">•&nbsp; Phishing and credential harvesting<br>•&nbsp; Account takeover (ATO)<br>•&nbsp; Bots (scalpers and resellers)<br>•&nbsp; Gift and loyalty card fraud<br>•&nbsp; Return fraud</p> <p>As for what defensive measures cyber teams should be focusing on, the report says:</p> <p style="padding-left: 40px;">"Members reported focusing on understanding very specific tactics<br>fraudsters and threat actors are using across kill chains to enhance<br>detection and mitigation efforts. Understanding broad trends<br>across the threat landscape and how they work within member<br>environments has enabled analysts to create more effective alerting,<br>detection, and mitigation efforts."</p> <p>It also discusses things like working closely with customer service departments and providing them with "refund-as-a-service training material," as well as stressing the importance of change freezes, staffing<br>adjustments, and operational changes in preparation for increased<br>threats during the holiday season.</p> <p>Experts specifically noted that an "increased emphasis on improved Endpoint Detection and Red Team operations helped validate threat concerns and highlight areas for improvement."</p> <h3><strong>Holiday season </strong><strong>threat landscape </strong><strong>and&nbsp;</strong><strong>attack trends&nbsp;</strong></h3> <p>The two graphs below display the total instances of threat indicators reported by RH-ISAC members during the 2020 and 2021 holiday seasons.</p> <p><img src="https://www.secureworld.io/hubfs/image-png-Nov-07-2022-10-58-42-7775-PM.png"></p> <p>From these trends, the RH-ISAC report was able to come up with six key consistent trends:</p> <ul> <li>"Qakbot indicators are down significantly from 34% of total reported threats in 2020 to 5% in 2021."</li> <li>"Emotet indicators are also down significantly from 20% in 2020 to 3% in 2021."</li> <li>"Credential Harvesting indicators are up slightly from 13% in 2020 to 17% in 2021. Credential harvesting shares are consistently at a much higher prevalence than any other threat."</li> <li>"Phishing activity sharing is down slightly from 18% in 2020 to 16% in 2021. While significantly less prevalent than credential harvesting, phishing activity is consistently among the most prevalent trends in shared intelligence."</li> <li>"Agent Tesla sharing is up slightly from 15% in 2020 to 16% in 2021."</li> <li>"Dridex indicators are relatively stable at 3% for both periods."</li> </ul> <p>See the report from the RH-ISAC, <a href="https://rhisac.org/wp-content/uploads/Holiday-Trends-Report-2022_White.pdf"><em>2022 Holiday Season Cyber Threat Trends</em></a>, for more information.&nbsp;</p> <p>How is your team preparing for the increase in cyber threats this holiday season?</p> <p>Follow <em>SecureWorld News</em> for more information.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fcyber-threats-holiday-retail-hospitality&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Cyber Fraud Original Content Phishing Retail Cybercrime / Threats Tue, 08 Nov 2022 00:03:55 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/cyber-threats-holiday-retail-hospitality 2022-11-08T00:03:55Z Healthcare Industry Is Most Breached, Delaying Patient Care and Costing Millions https://www.secureworld.io/industry-news/healthcare-most-breached-industry <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/healthcare-most-breached-industry" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/data_breach_shutterstock_706365808.jpg" alt="data-breach-letters-circuits" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>The healthcare industry suffers the most costly breaches at more than $10 million per incident, and is the most breached sector, according to two reports issued within the past year.</p> <p>The healthcare industry suffers the most costly breaches at more than $10 million per incident, and is the most breached sector, according to two reports issued within the past year.</p> <p>IBM Security's "Cost of a Data Breach 2022" report (<a href="https://www.ibm.com/account/reg/us-en/signup?formid=urx-51643">download here</a>) found that healthcare was the highest cost industry for the twelfth year in a row. The average total cost of a breach in healthcare increased from $9.23 million in 2021 to $10.10 million in 2022, an increase of 9.4%.</p> <p>"Healthcare is one of the more highly regulated industries and is considered critical infrastructure by the U.S. government," according to the report.</p> <p>Cyderes cites the Q4 2021 "Healthcare Cybersecurity Report," (<a href="https://www.herjavecgroup.com/cybersecurity-healthcare-report-2021/">download here</a>) completed by the Herjavec Group of which Robert Herjavec serves as Cyderes CEO. The report expands on findings that "<span>70% of surveyed</span><span> organizations reported that healthcare ransomware attacks have resulted in longer lengths of stays in hospital and delays in procedures and tests that have resulted in poor outcomes including an increase in patient mortality."</span></p> <p><span>So not only are cyberattacks on healthcare organizations costly in terms of dollars, breaches to systems are—more importantly—putting the lives of patients at risk.</span></p> <p><span>From 2019 to 2021, the Herjavec report found the healthcare industry saw an increase in breaches and leaks of more than 50%. This resulted in:</span></p> <ul> <li><span>A 65% increase in the number of patients being diverted to other facilities</span></li> <li><span>Reported 70% longer lengths of stays in hospitals, delays in procedures and tests, and an increase in patient mortality</span></li> <li><span>Large amounts of Protected Healthcare Information (PHI) and other sensitive data being stolen and published</span></li> <li><span>Electronic Health Records (EHRs) being rendered temporarily inaccessible and, in some cases, permanently lost</span></li> <li><span>Overworked healthcare staff left mentally and emotionally drained</span></li> <li><span>Legacy and unpatched IT systems and applications</span><span></span></li> <li><span>Understaffed IT and cybersecurity departments</span></li> <li><span>Unsecured third-party partners</span><span></span></li> </ul> <p><span>According to the IBM report, the top five most affected industries remained the same from 2021 to 2022, with healthcare inauspiciously leading the way. The other most-affected industries are, in order: </span>financial, pharmaceuticals, technology, and energy.</p> <ul> <li><span>The financial industry saw an increase from $5.72 million to $5.97 million in 2022 (up 4.4%).</span></li> <li><span>The industrial industry, comprised of chemical, engineering, and manufacturing organizations, saw an increase from $4.24 million to $4.47 million &nbsp;(5.4%).</span></li> <li><span>The average total cost decreased slightly in four industries: pharmaceuticals, transportation, media, and hospitality.</span></li> </ul> <p><span>Cyderes notes that healthcare cybersecurity is a particularly complex and difficult task. From the report:</span></p> <p><span>"With the ultimate goal of keeping patients safe while simultaneously protecting their critical and private data, it presents a challenging balancing act for cybersecurity professionals. Pile on the vast amount of IoT devices, intricate system of privileged access requirements and end-users, regulatory compliance such as HIPAA, GDPR, and NIS, and the unprecedented challenges of a worldwide pandemic and maintaining a strong cybersecurity posture can seem like an overwhelming and almost impossible undertaking."</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhealthcare-most-breached-industry&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Healthcare Original Content Health Records Data Breach Mon, 07 Nov 2022 19:39:35 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/healthcare-most-breached-industry 2022-11-07T19:39:35Z TikTok Says Chinese Staff Can Access European Users' Data https://www.secureworld.io/industry-news/tiktok-access-european-users-data <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/tiktok-access-european-users-data" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/Tik_Tok_China_shutterstock_1541594798.jpg" alt="TikTok-app-China-flag" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>A new TikTok privacy policy confirms that employees located outside of Europe, including those in China, can access European users' data, at a time when the short-form video sharing app has been scrutinized over regulatory concerns about China's access to user information, according to <a href="https://www.theguardian.com/technology/2022/nov/02/tiktok-tells-european-users-its-staff-in-china-get-access-to-their-data"><em>The Guardian</em></a>.</p> <p>A new TikTok privacy policy confirms that employees located outside of Europe, including those in China, can access European users' data, at a time when the short-form video sharing app has been scrutinized over regulatory concerns about China's access to user information, according to <a href="https://www.theguardian.com/technology/2022/nov/02/tiktok-tells-european-users-its-staff-in-china-get-access-to-their-data"><em>The Guardian</em></a>.</p> <p>In the last few years, politicians and security professionals alike have shared their thoughts about potential privacy issues related to TikTok and its parent company ByteDance, which is headquartered in Beijing. Chinese-based companies are required to share information with the government, should they come knocking, so it's understandable when people raise questions about the data that TikTok collects.</p> <p>Though it appears this new <a href="https://www.tiktok.com/legal/new-privacy-policy?lang=en">TikTok privacy policy</a> is actually aiming to be more transparent about the data it collects, rather than hiding that information as a lot of other tech companies do. Elaine Fox, TikTok's Head of Privacy in Europe, discusses:&nbsp;</p> <p style="padding-left: 40px;">"Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols, and by way of methods that are recognized under the GDPR [the EU's <a href="https://www.theguardian.com/technology/2018/may/21/what-is-gdpr-and-how-will-it-affect-you">general data protection regulation</a>], we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the United States, remote access to TikTok European user data."</p> <p>This new policy should help clarify how many employees have this level of access <span>and exactly what information from TikTok users is being observed.</span></p> <p><span>The privacy policy update applies to users located in the U.K., the European Economic Area (EEA), and Switzerland, and goes into effect on December 2, 2022.</span></p> <p>Claude Mandy, Chief Evangelist of Data Security at Symmetry Systems, shared his thoughts on the new policy:</p> <p style="padding-left: 40px;">"The changes to their privacy policy by TikTok to reflect their actual engineering and fraudulent account practices should be commended; although will generate alarm bells primarily to the geographic spread of their employees with this level of access.&nbsp;</p> <p style="padding-left: 40px;">A lot of the parents, like myself, would be comforted to see more ongoing and somewhat radical transparency from tech companies like TikTok with details on the number of employees with this level of access, and how much information from how many TikTok users were viewed in accordance with the different lawful uses outlined in the policy.</p> <p style="padding-left: 40px;">It is only with modern data security practices that monitor actual operations in accordance with their privacy against personal information that TikTok will be able to provide sufficient transparency like this to privacy regulators, users, and governments that they are truly privacy conscious."</p> <p>While this will almost certainly not be the last we hear of TikTok's privacy policies, it is good that the company is at least trying to be more transparent about the data it collects. What are your thoughts on this policy?</p> <p>Follow <em>SecureWorld News</em> for more stories related to cybersecurity.&nbsp;&nbsp;</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Ftiktok-access-european-users-data&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Privacy Data Security Original Content China Fri, 04 Nov 2022 21:23:10 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/tiktok-access-european-users-data 2022-11-04T21:23:10Z Newspapers Hit by Malware After Parent Media Org Suffers Attack https://www.secureworld.io/industry-news/newspapers-malware-media-attack <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/newspapers-malware-media-attack" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/newspapers_world_business_2651346.jpg" alt="Newspapers" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>An undisclosed media organization serving Boston, New York, Chicago, Miami, and other major cities has been hit by cybercriminals who are deploying malware on more than 250 newspaper websites, Proofpoint Threat Research reported on Twitter.</p> <p>An undisclosed media organization serving Boston, New York, Chicago, Miami, and other major cities has been hit by cybercriminals who are deploying malware on more than 250 newspaper websites, Proofpoint Threat Research reported on Twitter.</p> <div class="hs-embed-wrapper" style="position: relative; overflow: hidden; width: 100%; height: auto; padding: 0px; max-width: 540px; min-width: 256px; display: block; margin: auto;"> <div class="hs-embed-content-wrapper"> <blockquote class="twitter-tweet"> <p>Proofpoint Threat Research has observed intermittent injections on a media company that serves many major news outlets. This media company serves content via <a href="https://twitter.com/hashtag/Javascript?src=hash&amp;ref_src=twsrc%5Etfw">#Javascript</a> to its partners. By modifying the codebase of this otherwise benign JS, it is now used to deploy <a href="https://twitter.com/hashtag/SocGholish?src=hash&amp;ref_src=twsrc%5Etfw">#SocGholish</a>.</p>— Threat Insight (@threatinsight) <a href="https://twitter.com/threatinsight/status/1587865920130752515?ref_src=twsrc%5Etfw">November 2, 2022</a> </blockquote> </div> </div> <p>Proofpoint has identified the bad actor as TA569. The attack vector injects malicious code into a benign JavaScript file that in turn is picked up and installed to the websites of affected news outlets.&nbsp;</p> <p>The affected file then installs SocGholish, and anyone who visits the attacked websites will encounter fake browser updates filled with hidden malware payloads.</p> <p>The media company in question supplies video content and advertising to major news outlets via JavaScript.</p> <p>For more information on SocGholish, also known as FakeUpdates, and other malware attacks, Proofpoint offered this <a href="https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware">threat insight</a> in June 2021.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fnewspapers-malware-media-attack&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Cyber Attacks Original Content Malware Fri, 04 Nov 2022 10:47:00 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/newspapers-malware-media-attack 2022-11-04T10:47:00Z Dropbox Discloses Phishing Incident, 130 GitHub Repositories Stolen https://www.secureworld.io/industry-news/dropbox-phishing-incident-github <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/dropbox-phishing-incident-github" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/phishing_hooks_shutterstock_291785258.jpg" alt="phishing-fishing-hooks-email" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Dropbox recently announced it had been the target of a phishing attack that resulted in the threat actor(s) accessing some code the company had stored on GitHub.</p> <p>Dropbox recently announced it had been the target of a phishing attack that resulted in the threat actor(s) accessing some code the company had stored on GitHub.</p> <p>The file hosting service was alerted by GitHub of some suspicious activity on October 14th and immediately began an investigation into the incident. Dropbox learned that a threat actor <span>impersonating CircleCI, a code integration and delivery platform, had accessed one of its GitHub accounts. Dropbox says:</span></p> <p style="padding-left: 40px;"><span>"At no point did this threat actor have access to the contents of anyone’s Dropbox account, their password, or their payment information. To date, our investigation has found that the code accessed by this threat actor contained some credentials—primarily, API keys—used by Dropbox developers.</span></p> <p style="padding-left: 40px;"><span>The code and the data around it also included<i>&nbsp;</i>a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors (for context, Dropbox has more than 700 million registered users)."</span></p> <p><span>It also noted that its core apps and infrastructure were unaffected and that it believes risks to customers are minimal.</span></p> <h2><strong>What happened in the Dropbox phishing attack?</strong></h2> <p><span>In the beginning of October, many Dropbox users received phishing emails made to look like they originated from CircleCI, with the purpose&nbsp;of targeting GitHub accounts. Dropbox uses GitHub to host public and private repositories, and uses CircleCI for some internal deployments.&nbsp;</span></p> <p><span>Though Dropbox's security systems blocked a majority of the emails, some still made their way into employees' inboxes. The phishing emails contained fraudulent links to a fake CircleCI login page that asked for a GitHub username and password, as well as a hardware authentication key to pass a One Time Password (OTP) to the malicious site.</span></p> <p><span>Like many persistent phishing campaigns, this eventually worked, and the threat actor copied 130 Dropbox code repositories. Dropbox discusses:</span></p> <p style="padding-left: 40px;">"These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team. Importantly, they did not include code for our core apps or infrastructure. Access to those repositories is even more limited and strictly controlled."</p> <h3><strong>How is Dropbox responding to this phishing incident?</strong></h3> <p>Everyone acknowledges the inherent flaws that humans have when it comes to cybersecurity. Nobody is perfect, and eventually even the most savvy professionals can be fooled by sophisticated threat actors.</p> <p>This is something that <a href="https://dropbox.tech/security/a-recent-phishing-campaign-targeting-dropbox">Dropbox pointed out in its statement regarding the phishing incident</a>, but it also apologized to anyone who may have been affected. Dropbox says one thing it is doing to prevent incidents like this in the future is accelerating its adoption of WebAuthn, noting that it is currently the "gold standard" in multi-factor authentication (MFA).</p> <p>But what else can organizations do to protect themselves? Nick Rago, Field CTO at Salt Security, shares his thoughts with <em>SecureWorld News</em>:</p> <p style="margin-top: 3pt; margin-right: 0in; margin-bottom: 3pt; padding-left: 40px;">"As social engineering attack techniques become more and more sophisticated, organizations must adopt a Zero Trust mentality with code artifacts as much as possible to stay ahead of threats that can arise when an outsider gains access to code repositories.</p> <p style="margin-top: 3pt; margin-right: 0in; margin-bottom: 3pt; padding-left: 40px;">The Dropbox breach serves as a good reminder for organizations to scan their source code repositories to look for any credentials stored in plain text (API keys, passwords, etc.) that a threat actor could potentially use if they were to gain access to the repository. Additionally, this type of threat illustrates why organizations require runtime API security, which can detect and prevent API abuse if an API key was compromised and used in an API attack."</p> <p style="margin-top: 3pt; margin-right: 0in; margin-bottom: 3pt; padding-left: 40px; line-height: 1;">&nbsp;</p> <p style="margin-top: 3pt; margin-right: 0in; margin-bottom: 3pt;">Craig Lurey, CTO and Co-Founder of Keeper Security, also discussed the Dropbox incident:</p> <p style="padding-left: 40px;">"This incident is the latest example of why managing IT secrets is a pain point for many companies, although it does not have to be. Hardcoded credentials—user IDs and passwords written directly into source code—are notoriously insecure, yet maddeningly common. They're seen in industrial control systems used to run manufacturing lines, utilities, and critical infrastructure, as well as major software companies and all manner of IoT devices.</p> <p style="padding-left: 40px;">To protect against this type of attack, organizations must implement a full security suite to manage passwords, credentials, files, and shared secrets—on all devices. A secrets manager must be zero-knowledge and encrypted to the endpoint, so credentials and other secrets are never exposed in plaintext format."</p> <p>Follow <em>SecureWorld News</em> for more stories related to cybersecurity.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fdropbox-phishing-incident-github&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Original Content Phishing Incident Response / SIEM Data Breach Thu, 03 Nov 2022 17:06:10 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/dropbox-phishing-incident-github 2022-11-03T17:06:10Z Report: SMEs Are Prime Targets and Must Plan for Disaster Recovery https://www.secureworld.io/industry-news/smes-targets-plan-disaster-recovery <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/smes-targets-plan-disaster-recovery" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/incident_response_shutterstock_652587538.jpg" alt="incident-response-binary-code" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Here's an alarming stat from Accenture: <span>more than one-third of cyberattacks are aimed at small businesses, but only 14% of them are prepared to defend themselves.</span></p> <p>Here's an alarming stat from Accenture: <span>more than one-third of cyberattacks are aimed at small businesses, but only 14% of them are prepared to defend themselves.</span></p> <p>Small and midsize enterprises (SMEs) often do not have the resources to protect themselves from cybercriminals with bad intentions, leaving them vulnerable to <span>financial and productivity losses, operation disruptions, extortion payments, settlement costs, and regulatory fines.</span></p> <p><span>This is the gist of a new report titled "<a href="https://go.us.ovhcloud.com/mit-report.html">A New Age of Disaster Recovery Planning for SMEs</a>" (download required) produced by MIT Technology Review Insights and sponsored by OVHcloud.</span></p> <p><span>Here are some of the highlights and key findings from the 19-page report.</span></p> <h2><span><span style="font-size: 18px;"><strong>SMEs are becoming more frequent targets of cyberattacks</strong></span></span></h2> <p><span>The pandemic, geopolitical factors, and the new hybrid/work-from-home landscape put midsize companies at 500% more risk of being targeted in 2021.</span></p> <h3><strong>A disaster-recovery plan is no longer an option for SMEs; it's a must-have</strong></h3> <p>To protect business continuity, a solid plan that focuses on maintaining IT infrastructure, data, and applications is crucial for protecting against and responding to malware and ransomware attacks. The key is to minimize any damage.</p> <h4><strong>Back up all data</strong></h4> <p>Part of any disaster recovery plans include backing up data in multiple formats, across different systems, and using cloud services. Having an offline copy only a few key people know about is a solid option, as well. Cybercriminals can spend as long as 200 days within an enterprise's systems before being detected or taking action.</p> <h5><strong>Practice makes perfect</strong></h5> <p>No disaster recovery plan is worth much if stakeholders from top to bottom are not involved in practice runs. Practice helps identify issues before they happen. Plans should be regularly updated and adjusted, especially as a company scales in growth.</p> <p><span>Other valuable information in the report includes the average cost of data breaches by industry in the U.S., data on ransomware attacks from 2018-2021, ransomware attacks by industry, suggestions for data backup and replication, information on 3-2-1 and 3-3-2 backup strategies, data protection preferences, and more.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fsmes-targets-plan-disaster-recovery&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Cyber Attacks Original Content Incident Response / SIEM Business Continuity Plan Thu, 03 Nov 2022 11:18:00 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/smes-targets-plan-disaster-recovery 2022-11-03T11:18:00Z Spotlight on Cybersecurity Leaders: Kip Boyle https://www.secureworld.io/industry-news/spotlight-cybersecurity-leaders-kip-boyle <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/spotlight-cybersecurity-leaders-kip-boyle" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/Spotlight_Series_Q%26A.png" alt="spotlight-series-questions-answers" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&amp;A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes.</p> <p>In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&amp;A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes.</p> <img src="https://www.secureworld.io/hs-fs/hubfs/Kip_Boyle_22.png?width=150&amp;height=150&amp;name=Kip_Boyle_22.png" alt="Kip_Boyle_22" width="150" height="150" style="height: auto; max-width: 100%; width: 150px; float: right;"> <p>Kip Boyle is the virtual Chief Information Security Officer (vCISO) for several companies. He helps senior decision makers overcome cybersecurity sales objections and manages unlimited cyber risks through rigorous prioritization.</p> <p>He's served as a captain with the F-22 program in the U.S. Air Force. In the private sector, he was a CISO for an insurance company, credit card processor, bank, credit union, and IT Managed Service Provider. He has also succeeded in other IT risk management roles in the financial services, technology, telecom, and logistics industries. He lives in Seattle with his wife and six kids.</p> <h2><strong>Get to know Kip Boyle</strong></h2> <p><span style="font-weight: bold;">Q</span>: <span style="font-size: 12px;">Why did you decide to pursue cybersecurity as a career path?<br></span><span style="font-weight: bold;">A</span>: I backed into it! <span style="font-size: 12px;">When I was on active duty in the Air Force, I was doing IT work for highly classified projects. </span><span style="font-size: 12px;">Once I learned how to do system and data protection, I was hooked. <span style="font-size: 12px; color: #0070c0;">I did a podcast episode on my cyber path: <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.yourcyberpath.com%2F2&amp;data=05%7C01%7CKip%40cyberriskopportunities.com%7Cc68f198841054ec4019708dab8532393%7C11c878bdebaa42ec940902af6a84a28f%7C1%7C0%7C638024964531031481%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=q6X2EDWlnQM4d6DefX8HNAeGV3DCQcs22bRd3rEZd5c%3D&amp;reserved=0">https://www.YourCyberPath.com/2</a></span>.</span></p> <p><span style="font-weight: bold;">Q</span>: <span style="font-size: 12px;">How would you describe your feelings about cybersecurity in one word?<br></span><span style="font-weight: bold;">A</span>: Enabler</p> <p><span style="font-weight: bold;">Q</span>: <span style="font-size: 12px;">What has been your most memorable moment thus far working in cybersecurity?<br></span><span style="font-weight: bold;">A</span>: <span style="font-size: 12px;">I just got back from a trip to the capital of Kazakhstan where I f</span><span style="font-size: 12px;">acilitated a roundtable discussion between government and industry leaders at their annual Digital Bridge Forum. Another highlight was creating and supervising </span><span style="font-size: 12px;">a 24-hour Hackathon.</span></p> <p><span style="font-size: 12px;"><span style="font-weight: bold;">Q</span>: What encouraged you to join your current organization (employer)?<br><span style="font-weight: bold;">A</span>: I own a small business called Cyber Risk Opportunities LLC. I founded it in 2015 after realizing I could have a much bigger impact as a CISO for multiple companies instead of just one.</span></p> <p><span style="font-size: 12px;"><span style="font-weight: bold;">Q</span>: </span><span style="font-size: 12px;">What do you wish more people knew about your organization?<br></span><span style="font-size: 12px;"><span style="font-weight: bold;">A</span>: </span><span style="font-size: 12px;">We help remove all kinds of cybersecurity blockers for business leaders so they can enjoy the benefits of a thriving company!</span></p> <p><span style="font-weight: bold;">Q</span>: <span style="font-size: 12px;">If you had to choose, what's the one cybersecurity practice people can adopt that would have the greatest impact?<br></span><span style="font-weight: bold;">A</span>: <span style="font-size: 12px;">Application control so we can run computers using "allow lists" which would block all software that was not authorized, especially malware.</span></p> <p><span style="font-size: 12px;"><span style="font-weight: bold;">Q</span>: </span><span style="font-size: 12px;">What is an industry-wide change you would like to see happen in 2023?<br></span><span style="font-size: 12px;"><span style="font-weight: bold;">A</span>: </span><span style="font-size: 12px;">Our profession should put a higher priority on implementing the controls required by cyber insurance carriers, because they're starting to figure out what really reduces the risk of a major incident.</span></p> <p><span style="font-size: 12px;"><span style="font-weight: bold;">Q</span>: </span><span style="font-size: 12px;">If you could pass or change one regulation/law in cybersecurity and data protection, what would it be and why?<br></span><span style="font-size: 12px;"><span style="font-weight: bold;">A</span>: </span><span style="font-size: 12px;">We may need a new federal agency to make the internet less dangerous, similar to how the Environmental Protection Agency protects our waterways.</span></p> <p><span style="font-size: 12px;"><span style="font-weight: bold;">Q</span>: </span><span style="font-size: 12px;">What are you most looking forward to at SecureWorld this year?<br></span><span style="font-size: 12px;"><span style="font-weight: bold;">A</span>: </span><span style="font-size: 12px;">Meeting up with smart people that I already know and a few that I don't know yet.</span><span style="font-size: 12px;"></span></p> <p>To connect with Kip and other cybersecurity leaders from Washington state, attend the 21st annual SecureWorld Seattle conference on November 9-10, 2022. Kip will present a session on "Cyber Insurance for IT Professionals.<span>"</span><span>&nbsp;</span><a href="https://events.secureworld.io/details/seattle-wa-2022/">See the conference agenda and register here</a>.</p> <p>Continue to follow our Spotlight Series for more highlights from industry experts.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fspotlight-cybersecurity-leaders-kip-boyle&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> SecureWorld Security Leadership Original Content Spotlight Series Wed, 02 Nov 2022 18:38:22 GMT karlyt@secureworld.io (Karly Tarsia) https://www.secureworld.io/industry-news/spotlight-cybersecurity-leaders-kip-boyle 2022-11-02T18:38:22Z British Cyber Spies Help Ukraine in War Efforts Against Russia https://www.secureworld.io/industry-news/british-cyber-spies-help-ukraine <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/british-cyber-spies-help-ukraine" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/british-espionage.jpg" alt="British-Parliament-Big Ben" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>The British are coming! The British are coming... to help Ukraine with its cyberwar efforts against Russia.</p> <p>The British are coming! The British are coming... to help Ukraine with its cyberwar efforts against Russia.</p> <p><a href="https://news.sky.com/story/ukraine-war-british-spies-playing-key-role-in-defending-kyiv-from-russian-cyber-attacks-12735419"><em>Sky News</em> reports</a> that cyber spies from the United Kingdom are adding their expertise to help Ukraine defend itself against the myriad of cyberattacks being lobbed its way.</p> <p>Britain's assistance is being credited with significantly limiting the effectiveness of attacks by Russian hackers.&nbsp;</p> <p>In the process, the U.K. has improved its own cyber defense profile, particularly when it comes to defending against Russian threats. Britain's leadership previously had not made its cyber support for Ukraine public, but it appears the Kremlin was aware, so there was no point in not letting the cat out of the bag.</p> <p>Britain's cyber experts are among more than 120,000 cyber professionals assisting Ukraine with its cyber warfare efforts against Russia, as reported in this <a href="https://www.secureworld.io/industry-news/first-hybrid-war-ukraine-cyber-lessons">previous article</a> in which <span>Colonel Cedric Leighton, CNN Military Analyst and U.S. Air Force (Retired), </span>calls the Ukraine-Russia conflict the world's first hybrid war.&nbsp;</p> <p><span>"A failure to deliver any major blow in cyber space was not because Russian hackers did not try but instead is believed to be thanks to Ukraine's cyber defenders, backed by experts from the cyber industry and foreign governments, including from the UK, defeating or limiting the impact of their efforts," <em>Sky News</em> reported.</span></p> <p><span>Helping the British with its support of Ukraine is the National Cyber Security Centre, part of GCHQ.</span></p> <p><span>The U.K. is helping with physical assets, as well, providing needed hardware and software to Ukraine in an effort to protect against DDoS attacks and ensure officials and citizens continue to have access to vital information and services.</span></p> <p><span>The British also have contributed forensic services to help identify attack vectors—namely where, when, and how they happened—to improve defenses in the future.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fbritish-cyber-spies-help-ukraine&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Cyber Warfare Original Content Cyber Defense Russia-Ukraine War Wed, 02 Nov 2022 17:11:00 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/british-cyber-spies-help-ukraine 2022-11-02T17:11:00Z Government Employees at High Risk for Mobile Phishing https://www.secureworld.io/industry-news/government-high-risk-mobile-attacks <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/government-high-risk-mobile-attacks" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/mobile_phone_held_code_shutterstock_1452139706.jpg" alt="mobile-phone-data" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>New research from Lookout reveals the most common mobile threats aimed at federal, state, and local government agencies and their employees—all of which have increased since 2021.</p> <p>New research from Lookout reveals the most common mobile threats aimed at federal, state, and local government agencies and their employees—all of which have increased since 2021.</p> <p><a href="https://www.lookout.com/form/threats-government-threat-report-lp">The U.S. government threat report</a>, released this morning and titled "Rise in Mobile Phishing Credential Theft Targeting Public Sector," includes these key findings:&nbsp;</p> <ul> <li>Nearly 50% of state and local government employees are running outdated Android operating systems, exposing them to hundreds of device vulnerabilities.</li> <li>One in eight government employees were exposed to phishing threats.</li> <li>Almost 50% of all phishing attacks in 2021 sought to steal credentials of government personnel, up from 30% in 2020.</li> <li>Federal, state, and local governments increased their reliance on unmanaged mobile devices at a rate of 55% from 2020 to 2021, indicating a move toward bring your own device (BYOD) to support telework.</li> </ul> <p>The report from Lookout, an endpoint to cloud security company, used the Lookout Security Graph to analyze data specific to government agencies at all levels. Telemetry data from more than 200 million devices and 175 million apps was analyzed to determine which mobile threats agencies most often face.</p> <p>Some other revelations in the report:</p> <ul> <li>With hybrid, teleworking, and work-from-home environments becoming common, personal mobile devices used for work are at more risk than ever of becoming phishing campaign targets. The number of unmanaged devices—tablets, smart phones, and laptops—required BYOD policies be updated, but "personal mobile devices represent the new frontier of shadow IT."</li> <li>Mobile phishing attacks come in two varieties: credential harvesting and malware delivery. The first tricks victims into revealing their login credentials to bad actors; the latter dupes employees into installing malicious apps to devices, including new spyware such as Predator and Alien.</li> <li>Awareness and training campaigns that help employees identify and report phishing campaigns are helping to thwart hacks. Providing security tips and alerting employees to how cyber attackers operate (including citing actual attack cases) are putting a dent in the actions of cybercriminals.</li> <li>State and local employees are generally more at risk to app threats than federal workers. Why? Federal workers have more restrictions on BYOD devices.</li> </ul> <p>Per a release about the report: "<span style="color: black;">Government organizations store and transmit a variety of sensitive data, the security of which is essential to the wellbeing of hundreds of millions of people. In the case of government organizations, the potential fallout from a breach that results in leaked data, stolen credentials or a forced halt to operations due to ransomware can have a disproportionate impact compared to a typical cybersecurity incident."</span></p> <p><span style="color: black;">You can <a href="https://www.lookout.com/form/threats-government-threat-report-lp">view the full report here</a>.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fgovernment-high-risk-mobile-attacks&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Government Original Content Malware Phishing BYOD Endpoint / Mobile Security Wed, 02 Nov 2022 11:03:00 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/government-high-risk-mobile-attacks 2022-11-02T11:03:00Z Scammers Exploiting New Twitter Verification Process in Phishing Attacks https://www.secureworld.io/industry-news/scammers-twitter-verification-phishing <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/scammers-twitter-verification-phishing" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/Twitter_identity_lock_shutterstock_1078800944.jpg" alt="Twitter-bird-locks-fingerprints" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Halloween may have just passed, but things are getting spooky for Twitter users that are being scammed by cybercriminals taking advantage of Elon Musk's purchase of the social media behemoth.</p> <p>Halloween may have just passed, but things are getting spooky for Twitter users that are being scammed by cybercriminals taking advantage of Elon Musk's purchase of the social media behemoth.</p> <p>With all of the changes—namely, increasing the cost of the Twitter Blue subscription service from $4.99 to $20 per month—hackers are taking advantage of the verification process being revamped under the new Musk-led version of the company.</p> <p>Phishing emails are being sent to verified Twitter Blue users telling them they don't have to pay for that "blue check mark" if they simply state they are a well-known person. The goal? Getting users to turn over their Twitter credentials.</p> <div class="hs-embed-wrapper" style="position: relative; overflow: hidden; width: 100%; height: auto; padding: 0px; max-width: 540px; min-width: 256px; display: block; margin: auto;"> <div class="hs-embed-content-wrapper"> <blockquote class="twitter-tweet"> <p>Twitter's ongoing verification chaos is now a cybersecurity problem. It looks like some people (including in our newsroom) are getting crude phishing emails trying to trick people into turning over their Twitter credentials. <a href="https://t.co/Nig4nhoXWF">pic.twitter.com/Nig4nhoXWF</a></p>— Zack Whittaker (@zackwhittaker) <a href="https://twitter.com/zackwhittaker/status/1587188619000922112?ref_src=twsrc%5Etfw">October 31, 2022</a> </blockquote> </div> </div> <p>Signs that the campaign is a phishing scam:</p> <ul> <li>Poor grammar and writing that no business would publish (a hallmark of phishing scams)</li> <li>Email comes from a Gmail address (Twittercontactcenter@gmail), not an official Twitter domain</li> <li>Once the "provide information" button is clicked, users are taken to a Google Docs page. A link in that document goes to a Google site, where the page has an embedded form area (on another site) for people to submit their Twitter account username, password, and (yes) phone number.</li> </ul> <p>Google has since taken down the site. Accounts that do not use multi-factor authentication (MFA) are most affected.</p> <p>Clearly, scammers are taking advantage of Twitter users who are looking to avoid having to pay the increased monthly cost of keeping that blue check mark and verified badges (premium features).</p> <p>"I've been getting spearphished by credential theft spam posing as a verified user change since last Friday," said Casey Ellis, Founder and CTO at Bugcrowd. "Attackers capitalize on high profile, chaotic events and changes to drive pretext for lures likes this. This campaign is a reminder that it doesn't need to be a hurricane, a pandemic, or other kind of calamity to trigger this kind of attacker behavior."</p> <p>Some users blame the lack of transparency and clear direction on future verification processes from Twitter since it went private under Musk's ownership.</p> <p><span style="background-color: #ffffff;">"Every internet disruption always results in cybercriminals looking for ways to take advantage, and the Twitter blue tick is the perfect storm," said <strong><span style="font-size: 14px;">Joseph Carson, Chief Security Scientist at </span></strong><span style="font-size: 11px;"><a href="https://delinea.com/"><strong><span style="font-size: 14px;">Delinea.</span></strong></a></span></span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fscammers-twitter-verification-phishing&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Cybersecurity Original Content Twitter Online Scams Phishing Tue, 01 Nov 2022 17:12:18 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/scammers-twitter-verification-phishing 2022-11-01T17:12:18Z U.S. Agencies Release Guidelines for DDoS Attacks https://www.secureworld.io/industry-news/agencies-guidelines-ddos-attacks <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/agencies-guidelines-ddos-attacks" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/DDoS_hacker_shutterstock_529392616_crop.jpeg" alt="hoodie-hacker-DDoS-attack" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Distributed denial-of-service (DDoS) attacks aim to overwhelm a target's application or website, exhausting the system's resources and making the target inaccessible to legitimate users.</p> <p>Distributed denial-of-service (DDoS) attacks aim to overwhelm a target's application or website, exhausting the system's resources and making the target inaccessible to legitimate users.</p> <p>While DDoS attacks are relatively simple to execute, they are frequently used by threat actors and can be a real thorn in the side of an organization. Which is why some U.S. government agencies have come together to provide some guidelines in protecting against these attacks.</p> <p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing &amp; Analysis Center (MS-ISAC) have released a joint guide to provide organizations with steps to take before, during, and after experiencing a DDoS attack.</p> <p>The advisory discusses:</p> <p style="padding-left: 40px;">"The more traffic a DDoS attack produces, the more difficulty an organization will have responding and recovering from the attack. The increase in traffic also increases the difficulty of attribution because it makes the true source of the attack harder to identify. Although the impact of DDoS attacks may often be negligible—depending on the scale of the attack—it could be severe and include loss or degradation of critical services, loss of productivity, extensive remediation costs, and acute reputational damage. Organizations should include steps to address these potential effects in their incident response and continuity of operations playbooks.</p> <p style="padding-left: 40px;">Although a DDoS attack is unlikely to impact the confidentiality or integrity of a system and associated data, it does affect availability by interfering with the legitimate use of that system. Because a cyber threat actor may use a DDoS attack to divert attention away from more malicious acts they are carrying out—e.g., malware insertion or data exfiltration—victims should stay on guard to other possible compromises throughout a DDoS response. Victims should not become so focused on defending against a DDoS attack that they ignore other security monitoring."</p> <p>The advisory also notes that in a post-pandemic world, where everything is more remotely connected, maintaining the necessary resources to respond to incidents like DDoS attacks has become increasingly difficult. However, it does provide some proactive steps organizations can take to to reduce the effects of an attack on the availability of their resources.</p> <p>Those steps are:</p> <p style="padding-left: 40px;">•&nbsp; Understand your critical assets and services<br>•&nbsp; Understand how your users connect to your network<br>•&nbsp; Enroll in a DDoS protection service<br>•&nbsp; Understand service provider defenses<br>•&nbsp; Understand your dedicated edge network defenses<br>•&nbsp; Design and review (High-Availability/Load-Balancing/Colocation) designs<br>•&nbsp; Develop an organization DDoS response plan<br>•&nbsp; Develop an organization DDoS business continuity plan<br>•&nbsp; Consider how a DDoS attack will impact physical backups for your network<br>•&nbsp; Conduct a DDoS tabletop exercise and/or regularly test your DDoS response plan</p> <p>The advisory also includes detailed information on what your organization should do if you believe you are experiencing a DDoS attack, as well what to do after an attack. And as always, CISA and the FBI <em>strongly</em> encourage you to promptly report any incidents to your local FBI field office or to CISA at <a href="mailto:report@cisa.gov">report@cisa.gov</a>.</p> <p>See the original advisory, <a href="https://www.cisa.gov/sites/default/files/publications/understanding-and-responding-to-ddos-attacks_508c.pdf"><em>Understanding and Responding to Distributed Denial-of-Service Attacks</em></a>, for more information.</p> <p>Follow <em>SecureWorld News</em> for more stories related to cybersecurity.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fagencies-guidelines-ddos-attacks&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured FBI DDoS Attack Original Content CISA Tue, 01 Nov 2022 15:58:50 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/agencies-guidelines-ddos-attacks 2022-11-01T15:58:50Z Report Details Cyber Threats to Canada, Canadians in 2023-24 https://www.secureworld.io/industry-news/cyber-threats-canada-canadians <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/cyber-threats-canada-canadians" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/social-suggested-images/canada-1606851_1280.jpg" alt="Canada flag in sky" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Persistent ransomware threats, increasing risk to critical infrastructure, state-sponsored activity, more bad actors, and new, disruptive technologies are the five cyber threat narratives noted in the <a href="https://cyber.gc.ca/en/guidance/national-cyber-threat-assessment-2023-2024">National Cyber Threat Assessment 2023-2024</a> recently released by the Canadian Centre for Cyber Security.<br><br>According to Anita Anand, Canada's Minister of National Defense, "The Cyber Centre has provided an overview of the cyber threat landscape that is both thorough and accessible. The NCTA is especially helpful for Canadian decision-makers as the focus is on cyber threats most relevant to Canada."</p> <p>Persistent ransomware threats, increasing risk to critical infrastructure, state-sponsored activity, more bad actors, and new, disruptive technologies are the five cyber threat narratives noted in the <a href="https://cyber.gc.ca/en/guidance/national-cyber-threat-assessment-2023-2024">National Cyber Threat Assessment 2023-2024</a> recently released by the Canadian Centre for Cyber Security.<br><br>According to Anita Anand, Canada's Minister of National Defense, "The Cyber Centre has provided an overview of the cyber threat landscape that is both thorough and accessible. The NCTA is especially helpful for Canadian decision-makers as the focus is on cyber threats most relevant to Canada."</p> <p>The forward-looking report breaks down the threat landscape for Canada and Canadians into the five main categories listed above.</p> <h2><strong>Ransomware</strong></h2> <p>Cited as the most disruptive form of cybercrime facing Canadians, ransomware is being deployed by cybercriminals at an alarming pace and growing in sophistication.</p> <h3><strong>Critical infrastructure at risk</strong></h3> <p>In an effort to collect information through espionage, pre-position in case of future hostilities, and to project power and intimidation, state-sponsored actors are targeting critical infrastructure. On a positive note, if bad actors do not perceive direct hostilities, they likely will lay off such attacks, according to the report.</p> <h4><strong>State-sponsored cyber threat activity is increasing</strong></h4> <p>The cyber programs of China, Russia, Iran, and North Korea—all state-sponsored—"pose the greatest strategic cyber threats to Canada." Canadian organizations, intellectual property, and individuals themselves are at risk as cybercriminals seek to achieve financial gain.</p> <h5><strong>Degrading trust through misinformation</strong></h5> <p>Misinformation, Disinformation, and Malinformation (MDM), helped by machine-learning-enabled technologies, are making it easier for bad actors to create fake content and for cyber defenders to detect and combat. It's only going to get worse over the next two years.</p> <h6><strong>New threats/opportunities from disruptive technologies</strong></h6> <p>With machine learning becoming the norm in consumer service and data analytics, cryptocurrencies and decentralized financing are prime targets for cyber threat actors.</p> <p>"Quantum computing has the potential to threaten our current systems of maintaining trust and confidentiality online. Encrypted information stolen by threat actors today can be held and decrypted when quantum computers become available."<br><br>The report examines the impact of COVID-19 on the cyber threat landscape; the effect of the hybrid work and work-from-anywhere landscape on cyber threat risks; the increase of internet-connected technology by Canadians; risk to supply chain and internet infrastructure; geopolitical issues; and more.</p> <p>Here's a <a href="https://cyber.gc.ca/sites/default/files/ncta-2023-24-web.pdf">PDF version</a> of the complete National Cyber Threat Assessment.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fcyber-threats-canada-canadians&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Original Content Threat Intel Cybercrime / Threats Canada Mon, 31 Oct 2022 18:25:21 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/cyber-threats-canada-canadians 2022-10-31T18:25:21Z LinkedIn Rolls Out New Features to Boost Security https://www.secureworld.io/industry-news/linkedin-new-features-boost-security <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/linkedin-new-features-boost-security" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/LinkedIn_Office_Sign_-_Labeled_for_Reuse.jpg" alt="LinkedIn sign on building" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>LinkedIn has announced a new set of security features that will help verify user identity, remove fraudulent accounts, and boost authenticity, according to an <a href="https://blog.linkedin.com/2022/october/25/new-linkedin-profile-features-help-verify-identity--detect-and-r">official blog post from the company</a>.</p> <p>LinkedIn has announced a new set of security features that will help verify user identity, remove fraudulent accounts, and boost authenticity, according to an <a href="https://blog.linkedin.com/2022/october/25/new-linkedin-profile-features-help-verify-identity--detect-and-r">official blog post from the company</a>.</p> <p>LinkedIn has experienced a few security incidents in the last couple years, as threat actors frequently target the social media site to execute malicious cyber campaigns.</p> <p>Most recently, <em>Krebs On Security</em> reported on a scheme in which a large number of <a href="https://www.secureworld.io/industry-news/fake-linkedin-ciso-profiles">fake profiles representing Chief Information Security Officers</a> (CISO) at some of the world's largest organizations were created, confusing LinkedIn users and search engines alike.</p> <p>To combat these threat actors, LinkedIn has announced three new features. The first is an "About this profile" feature, which will show users when a profile was created, last updated, and if they have <span>verified a phone number and/or work email associated with their account. LinkedIn says:</span></p> <div> <div> <div> <p style="padding-left: 40px;">"Starting this week, you can find the 'About this profile' feature on each LinkedIn member's profile page, and soon you'll see it in more places over the coming weeks, including when viewing invitations and messages. For work emails, our plan is to start with a limited number of companies, but you can expect to see this expand as we add additional companies over time."</p> <p>The company also included this screenshot to show what it will look like:</p> <p><img src="https://blog.linkedin.com/content/dam/blog/en-us/corporate/blog/2022/september/image1.png" alt="Mockup of &quot;about this profile&quot; feature"></p> <p>The second feature announced aims to combat fake profiles by checking to see if the profile photo was AI-generated, a technique threat actors frequently use to make a profile appear more legitimate.</p> <p>LinkedIn's new "<span>deep-learning-based model proactively checks profile photo uploads" with new technology to determine if the image is AI-generated. It says this model will help remove fake accounts before they have a chance to connect with legitimate users.</span></p> <p><span>The third feature in this security rollout involves adding alerts to messages that may be suspicious:</span><span></span></p> <p style="padding-left: 40px;"><span>"We may warn you about messages that ask you to take the conversation to another platform because that can be a sign of a scam. These warnings will also give you the choice to report the content without letting the sender know."</span></p> <p><span>And it provides an example of what that will look like:</span></p> <p><span><img src="https://blog.linkedin.com/content/dam/blog/en-us/corporate/blog/2022/september/image2.png" alt="Mockup of LinkedIn conversation"></span></p> <p><span>These security updates should have a positive impact on users' experience on the platform, limiting malicious cyber activity.</span></p> <p><span>Follow <em>SecureWorld News</em> for more stories related to cybersecurity.</span></p> </div> </div> </div> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Flinkedin-new-features-boost-security&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> LinkedIn Original Content Security Updates Fri, 28 Oct 2022 21:15:11 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/linkedin-new-features-boost-security 2022-10-28T21:15:11Z New York Post Hacked by Employee, Offensive Headlines Published https://www.secureworld.io/industry-news/new-york-post-hacked-offensive-headlines <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/new-york-post-hacked-offensive-headlines" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/system_hacked_alert_shutterstock_1916985977.jpg" alt="system hacked cyber alert" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>For as much as cybersecurity professionals talk about insider threats, you still never expect it to actually impact your organization.&nbsp;</p> <p>For as much as cybersecurity professionals talk about insider threats, you still never expect it to actually impact your organization.&nbsp;</p> <p>Earlier today, <em>The New York Post</em> announced it had been hacked by an employee who posted incredibly offensive headlines to its website and Twitter page. <em>The Post</em> immediately removed everything that was online, fired the employee, and shared this tweet:</p> <div class="hs-embed-wrapper" style="position: relative; overflow: hidden; width: 100%; height: auto; padding: 0px; max-width: 540px; min-width: 256px; display: block; margin: auto;"> <div class="hs-embed-content-wrapper"> <blockquote class="twitter-tweet"> <p>The New York Post has been hacked. We are currently investigating the cause.</p>— New York Post (@nypost) <a href="https://twitter.com/nypost/status/1585629621521100801?ref_src=twsrc%5Etfw">October 27, 2022</a> </blockquote> </div> </div> <p>If you're wondering how bad the headlines were, the answer is that they were <em>very</em> bad. The headlines included racist, violent, and sexually explicit comments targeting well-known politicians, such as Rep. Alexandria Ocasio-Cortez, <span>NYC Mayor Eric Adams, </span>New York Governor Kathy Hochul, Texas Governor Gregg Abbot, and President Joe Biden.</p> <p>The words were certainly too vulgar to print in this article, but if you are really curious, the internet is a large and dark space.</p> <p>While an investigation is still underway to determine how an employee was able to access and deface the platforms, a spokesperson for <em>The Post</em> did share this statement:</p> <p style="padding-left: 40px;">"The New York Post's investigation indicates that the unauthorized conduct was committed by an employee, and the employee has been terminated. This morning, we immediately removed the vile and reprehensible content from our website and social media accounts."</p> <p>This hack of the newspaper is similar to an incident that occurred approximately one month ago, where American business magazine <em>Fast Company</em> was forced to shut down its website for two weeks after a threat actor gained unauthorized access and sent racist push notifications to Apple News users.</p> <p>Back in February of this year, News Corp, the parent company of <span style="font-style: italic;">The Post</span>, announced it <span>fell victim to a <a href="https://www.secureworld.io/industry-news/china-hacks-email-news-corp">cyberattack targeting employee email accounts</a>. The company said the attack affected a limited number of people and that it believed the incident was an espionage operation backed by China, describing it as a "persistent nation-state attack."</span></p> <p><span>Though, it is unlikely the February hack and the incident today are related.</span></p> <p><span>Follow <em>SecureWorld News</em> for more updates on this incident, as well coverage of the cybersecurity industry.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fnew-york-post-hacked-offensive-headlines&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Hacking Insider Threats Original Content Thu, 27 Oct 2022 23:07:16 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/new-york-post-hacked-offensive-headlines 2022-10-27T23:07:16Z PayPal Adds Passkeys for Apple Products https://www.secureworld.io/industry-news/paypal-passkeys-apple-products <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/paypal-passkeys-apple-products" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Paypal-Announcement.jpg" alt="PayPal-logo-office" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p><a href="https://newsroom.paypal-corp.com/2022-10-24-PayPal-Introduces-More-Secure-Payments-with-Passkeys">PayPal announced this week</a> it will be adding passkeys for user accounts, though the feature will only be available to <span>iPhone, iPad, and Mac users at first.&nbsp;</span></p> <p><a href="https://newsroom.paypal-corp.com/2022-10-24-PayPal-Introduces-More-Secure-Payments-with-Passkeys">PayPal announced this week</a> it will be adding passkeys for user accounts, though the feature will only be available to <span>iPhone, iPad, and Mac users at first.&nbsp;</span></p> <p><span>Passkeys are a new industry standard created by the Fast IDentity Online (FIDO) Alliance and the World Wide Web Consortium as part of an effort to replace passwords. <a href="https://www.secureworld.io/industry-news/apple-google-microsoft-fido-passwordless">Apple, Google, and Microsoft</a> announced plans earlier this year to support passkeys on their platforms.</span></p> <p><span>Going passwordless will allow organizations to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms. FIDO elaborates on the benefits:</span></p> <p style="padding-left: 40px;">"The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS."</p> <p><span>Passkeys aim to address one of the biggest problems in security, which is the weakness of password authentication. A majority of data breaches and hacks can be traced back to password stealing and guessing, as many consumers (and end-users) reuse the same password across multiple online accounts.</span></p> <p><span>For PayPal, passkeys will help consumers complete their purchases by never requiring a password. According to a recent survey of U.S. consumers, 44% of consumers have abandoned an online purchase because they forgot a password.</span></p> <p><span>Doug Bland, SVP and GM, Head of Consumer, at PayPal, discusses:</span></p> <p style="padding-left: 40px;"><span>"Launching passkeys for PayPal is foundational to our commitment to offering our customers safe, secure and easy ways to access and manage their daily financial lives. We are excited to provide our customers a more seamless checkout experience that eliminates the risks of weak and reused credentials and removes the frustration of remembering a password. We are making it easier for customers to shop online."<br></span></p> <p><span>So, how are customers going to set up their passkey with PayPal?&nbsp;</span></p> <p><span>It's as simple as logging on to your account and finding the option that says "Create a passkey." They will then be prompted to authenticate with Apple Face ID or Touch ID, and the passkey is automatically created. The customers who do this will never need to remember their password again.</span></p> <p><span>Once the passkey is created, it's synched with iCloud Keychain, "ensuring a strong, private relationship between a customer and their device."</span></p> <p><span>The PayPal passkey is available for users in the U.S. with devices running iOS 16, iPadOS 16.1, or macOS Ventura.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fpaypal-passkeys-apple-products&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> PayPal Original Content Identity / Access Mgmt Passkeys Thu, 27 Oct 2022 12:06:00 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/paypal-passkeys-apple-products 2022-10-27T12:06:00Z World's First Hybrid War in Ukraine Holds Important Cyber Lessons https://www.secureworld.io/industry-news/first-hybrid-war-ukraine-cyber-lessons <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/first-hybrid-war-ukraine-cyber-lessons" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/tank_war_cyberwar_shutterstock_432191593.jpg" alt="cyber-war-tank-code" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p><span style="font-size: 11px;">The Ukraine-Russia war will go down as a first, a true hybrid of kinetic and cyber warfare, which will be studied for a long time and is having and will have earthshaking consequences.</span></p> <p><span style="font-size: 11px;">The Ukraine-Russia war will go down as a first, a true hybrid of kinetic and cyber warfare, which will be studied for a long time and is having and will have earthshaking consequences.</span></p> <p><span style="font-size: 11px;">"</span>What we have today is a hybrid war that is beginning to show its influence not only on the battlefield but throughout the entire world," says <span style="font-size: 11px;">Colonel Cedric Leighton, U.S. Air Force (Retired), CNN Military Analyst, and Chairman of Cedric Leighton Associates. "It's a conflict that really is frankly quite astounding in the way that it's played out."</span></p> <p><img src="https://www.secureworld.io/hs-fs/hubfs/speakers/cedric_leighton_0.png?width=140&amp;height=140&amp;name=cedric_leighton_0.png" alt="cedric_leighton_0" width="140" height="140" style="height: auto; max-width: 100%; width: 140px; float: right;">Col. Leighton will present a deep dive on this topic during the <span style="font-size: 11px;"><a href="https://events.secureworld.io/details/midwest-2022/">SecureWorld Midwest virtual conference</a> on November 3, 2022. His closing keynote </span><span style="font-size: 11px;">provides eye-opening details about the cyber war between Ukraine and Russia now that it's eight months in.</span></p> <p><span style="font-size: 11px;">He details the war aims of Russia, including destroying the Ukrainian government, society, population, and the country as a whole. Interestingly enough, Leighton points out that Russian President Vladimir Putin idolizes Peter the Great, who conquered a lot of territory, including much of which is present day Ukraine. He says he </span><span style="font-size: 11px;">believes Putin misread history and is trying to apply an 18th Century solution to a 21st Century situation.</span></p> <p>Col. Leighton has some real admiration for the Ukraine government and the host of supporters across the world—including 200,000 InfoSec practitioners aiding in Ukraine's cyber efforts—for not just battling Russia, but winning in many instances.</p> <p>"They are really doing some things that are quite unique, because one of the things they've been able to exploit is the fact the Russian cyberattacks are not tied to kinetic operations," he said. "The fact they haven't been tied to kinetic operations has made it possible for Ukraine to do things like this (shows picture of a bombed-out Russian tank) where they go after pieces of Russian military equipment, individual Russian networks, and they've been able to cause some damage."</p> <p>What's next? Col. Leighton believes Russia will continue <span style="font-size: 11px;">attempts to destabilize critical Ukrainian IT infrastructure; Ukraine will further exploit Russian cyber vulnerabilities; and better integration of cyber and kinetic operations by both sides will occur.</span></p> <p><span style="font-size: 11px;">To watch the full presentation, check out the <a href="https://events.secureworld.io/agenda/midwest-2022/">event's agenda</a> and register today. Attendees can earn 5 CPE credits.</span></p> <p><span style="font-size: 11px;">Some of the other presentation highlights include:</span></p> <ul> <li><span style="font-size: 11px;">Stephen Dougherty, Financial Fraud Investigator, Global Investigative Operations Center, U.S. Secret Service, speaking on "BEC Attacks, Crypto, and the Investigative Powers of the Secret Service"</span></li> <li><span style="font-size: 11px;">Kathleen Moriarty, CTO, Center for Internet Security, talking about "Transforming Information Security for Businesses of All Sizes"</span></li> <li><span style="font-size: 11px;">A fireside chat on "Things I Wish I Had Known About Cybersecurity Before I Got into a Leadership Role," featuring Britney Kennedy Hommertzheim, BISO, Cardinal Health; Sherry Callahan, CISO, Dairy Farmers of America; Sam Masiello, CISO, The Anschutz Corporation; and Glenn Kapetansky, CSO, Trexin Consulting.</span></li> <li><span style="font-size: 11px;">And 9 more informative sessions</span></li> </ul> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Ffirst-hybrid-war-ukraine-cyber-lessons&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Cybersecurity Cyber Warfare Original Content Security Education Russia-Ukraine War Wed, 26 Oct 2022 10:54:00 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/first-hybrid-war-ukraine-cyber-lessons 2022-10-26T10:54:00Z Apple Patches New Actively Exploited Zero-Day Vulnerability https://www.secureworld.io/industry-news/apple-patches-exploited-zero-day <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/apple-patches-exploited-zero-day" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/apple-971117_1280.jpg" alt="apple laptop and coffee mug" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Apple recently released a security update to fix the ninth Zero-Day vulnerability that has been used in cyberattacks targeting iPhones and iPads since the beginning of the year.</p> <p>Apple recently released a security update to fix the ninth Zero-Day vulnerability that has been used in cyberattacks targeting iPhones and iPads since the beginning of the year.</p> <p>An anonymous security researcher submitted the vulnerability to Apple, which is now tracked as <a href="https://support.apple.com/en-us/HT213489">CVE-2022-42827</a> and described as an <a href="https://cwe.mitre.org/data/definitions/787.html">out-of-bounds write issue</a> in the Kernel. Apple also shared in an advisory that the vulnerability might have been "actively exploited."</p> <p>Exploitation of an out-of-bounds write, which occurs when t<span>he software writes data past the end or before the beginning of the intended buffer,</span>&nbsp;<span>can result in corruption of data, a crash, or code execution.&nbsp;</span></p> <p>As is usually the case with actively exploited Zero-Day flaws, Apple refrained from sharing more specifics about the shortcoming other than acknowledging that it's "aware of a report that this issue may have been actively exploited."</p> <p>By not releasing any additional information about the vulnerability, Apple is allowing users to patch their devices before threat actors develop additional exploits.</p> <p>The security update is available for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.</p> <p>Mike Parkin, Senior Technical Engineer at Vulcan Cyber, discussed the Apple patch with <em>SecureWorld News</em>:</p> <p style="padding-left: 40px;">"Apple's fixed a number of potentially troublesome vulnerabilities with this update. Anything that could potentially allow remote code execution with kernel privileges is problematic, and several of the identified vulnerabilities had that potential," Parkin said. "With people relying so heavily on their mobile devices for their work and personal lives, and with how much crossover there can be, it's good that Apple addressed these faults."</p> <p>Michael Covington, VP of Portfolio Strategy at Jamf, said he believes that organizations should use this security update from Apple as an opportunity to stay up to date on all patches, no matter how big or small:</p> <p style="padding-left: 40px;">"The latest security fixes from Apple are a good reminder that even the most recent software releases can contain bugs; it is critical for organizations to maintain an active patch management and update process for both operating systems and applications.</p> <p style="padding-left: 40px;">Details on the vulnerabilities are still emerging, but we know that eight of the issues fixed were being actively exploited, including one that allowed rogue applications to write data to a location it should not have been allowed to access, resulting in data corruption data or unauthorized code execution. We are urging all of our customers to update their devices and reduce their organizations exposure to attack."</p> <h2><strong>Zero-Day vulnerabilities patched by Apple this year</strong></h2> <p>With this recent security update, Apple has fixed nine Zero-Day bugs in 2022, which include:</p> <ul> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22587">CVE-2022-22587</a>:&nbsp;<span>A malicious application may be able to execute arbitrary code with kernel privileges.</span></li> <li> <p style="font-weight: normal;"><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22594">CVE-2022-22594</a>:&nbsp;<span>A website may be able to track sensitive user information.</span></p> </li> <li> <p><span><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22620">CVE-2022-22620</a>: Processing maliciously crafted web content may lead to arbitrary code execution.</span></p> </li> <li> <p style="font-weight: normal;"><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22674">CVE-2022-22674</a>: <span>A local user may be able to read kernel memory.</span></p> </li> <li> <p style="font-weight: normal;"><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22675">CVE-2022-22675</a>: An application may be able to execute arbitrary code with kernel privileges.</p> </li> <li> <p style="font-weight: normal;"><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-32893">CVE-2022-32893</a>: Processing maliciously crafted web content may lead to arbitrary code execution.</p> </li> <li> <p style="font-weight: normal;"><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-32894">CVE-2022-32894</a>: An application may be able to execute arbitrary code with kernel privileges.</p> </li> <li style="font-weight: normal;"><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-32917">CVE-2022-32917</a>:&nbsp;An application may be able to execute arbitrary code with kernel privileges</li> </ul> <p>Follow <em>SecureWorld News</em> for more stories related to cybersecurity.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fapple-patches-exploited-zero-day&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Apple Zero-Day Original Content Security Updates Tue, 25 Oct 2022 23:14:16 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/apple-patches-exploited-zero-day 2022-10-25T23:14:16Z Spotlight on Cybersecurity Leaders: William Lidster https://www.secureworld.io/industry-news/spotlight-leaders-william-lidster <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/spotlight-leaders-william-lidster" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/Spotlight_Series_Q%26A.png" alt="questions-answers-spotlight-series" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&amp;A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes.</p> <p>In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&amp;A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes.</p> <img src="https://www.secureworld.io/hs-fs/hubfs/speakers/William_Lidster_2022.png?width=140&amp;height=140&amp;name=William_Lidster_2022.png" alt="William_Lidster_2022" width="140" height="140" style="height: auto; max-width: 100%; width: 140px; float: right;"> <span style="color: black;"></span> <p><span style="color: black;">W</span><span style="color: black;">illiam Lidster has been with AAA Washington since August of 2017, serving as the leader of its information </span><span style="color: black;">security an</span><span style="color: black;">d</span><span style="color: black;"> compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.</span></p> <div> <p>In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington, The Penn State University, and UNLV.</p> <p>William completed his Bachelor's in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Master's in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.</p> <p>Prior to AAA Washington, William served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he served as the regional Chief Information Security Officer for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.</p> <p>William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran of Operation Desert Storm.</p> <h2><strong>Get to know William Lidster</strong></h2> <p><span style="font-weight: bold;">Question</span>: Why did you decide to pursue cybersecurity as a career path?<br><span style="font-weight: bold;">Answer</span>: <span style="color: red;">Cybersecurity became front-and-center for most organizations globally in 2001, and I was already dabbling in it as an additional consideration with my IT management duties. I felt that cybersecurity was going to be a far more interesting and challenging field, so I pursued my first certification and then started pursuing opportunities that were solely focused on cybersecurity.</span></p> <p><span style="color: red;"><span style="font-weight: bold;">Q</span>: </span>How would you describe your feelings about cybersecurity in one word?<br><span style="font-weight: bold;">A</span>: Challenging.</p> <p><span style="font-weight: bold;">Q</span>: What has been your most memorable moment thus far working in cybersecurity?<br><span style="font-weight: bold;">A</span>: <span style="color: red;">The opportunities that I have had to help others find their career path and grow in the field.</span></p> <p><span style="color: red;"><span style="font-weight: bold;">Q</span>: What led you to join your current organization (employer)?<br><span style="font-weight: bold;">A</span>: My organization has a culture of care and kindness and service to its members. Anyone who does not embrace that probably won't be successful there. With that culture comes an environment of great teamwork. I have, undoubtedly, one of the best jobs ever.</span></p> <p><span style="color: red;"><span style="font-weight: bold;">Q</span>: </span>If you had to choose, what's the one cybersecurity practice people can adopt that would have the greatest impact?<br><span style="font-weight: bold;">A</span>: <span style="color: red;">Outside of training and awareness, full-on MFA (multi-factor authentication). It is a great way to prevent lateral movement and elevation of privileges which are key to a successful breach.</span></p> <p><span style="font-weight: bold;">Q</span>: What is an industry-wide change you would like to see happen in 2023?<br><span style="font-weight: bold;">A</span>: <span style="color: red;">Far more focus on technologies and capabilities to detect and stop intrusion. We have an imbalance of effort on just prevention, and we are still limited in our capabilities to detect/respond when prevention fails.</span></p> <p><span style="color: red;"><span style="font-weight: bold;">Q</span>: </span>What are you most looking forward to at SecureWorld this year?<br><span style="font-weight: bold;">A</span>: <span style="color: red;">Hoping to see new thoughts and conversations that break out of the older mold and into really creative topics and approaches for solutioning to our challenges.</span></p> <p>To connect with William and other cybersecurity leaders from Washington state, attend the 21st annual SecureWorld Seattle regional conference on November 9-10, 2022. William will present a session on "Data vs. Systems Protection: The New Cybersecurity School of Thought.<span>"</span><span>&nbsp;</span><a href="https://events.secureworld.io/details/seattle-wa-2022/">See the conference agenda and register here</a>.</p> <p>Continue to follow our Spotlight Series for more highlights from industry experts.</p> </div> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fspotlight-leaders-william-lidster&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> SecureWorld Security Leadership Original Content Spotlight Series Tue, 25 Oct 2022 17:07:13 GMT karlyt@secureworld.io (Karly Tarsia) https://www.secureworld.io/industry-news/spotlight-leaders-william-lidster 2022-10-25T17:07:13Z 'Black Reward' Hacktivist Group Targets Iranian Atomic Energy Org https://www.secureworld.io/industry-news/hacktivist-targets-iranian-atomic-energy <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/hacktivist-targets-iranian-atomic-energy" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Iranian%20flag.jpg" alt="Iran flag" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>The Iranian Atomic Energy Organization (AEOI) recently announced that one of its subsidiaries' email servers were breached by the hacktivist group "Black Reward," which published the stolen data on the Dark Web.</p> <p>The Iranian Atomic Energy Organization (AEOI) recently announced that one of its subsidiaries' email servers were breached by the hacktivist group "Black Reward," which published the stolen data on the Dark Web.</p> <p>The AEOI says it received a report from the IT team of the subsidiary, which described "<span style="font-size: 11px;">unauthorized access from a specific foreign country to the company's e-mail system." Iran claims that the stolen data only included technical messages and common daily exchanges, but Black Reward would characterize the dataset a little differently.</span></p> <p><span style="font-size: 11px;">The hacktivist group posted 27 GB of data that included approximately 85,000 emails characterized as "perfect for researchers," <a href="https://www.bleepingcomputer.com/news/security/iran-s-atomic-energy-agency-confirms-hack-after-stolen-data-leaked-online/">according to <em>Bleeping Computer.</em></a> Here are some screenshots of the links posted to Telegram:</span></p> <p><span style="font-size: 11px;"><img src="https://www.bleepstatic.com/images/news/u/1220909/Forum%20and%20Marketplace%20Posts/telegram(4).png" alt="Links to download the stolen emails posted on Telegram"></span></p> <p><em>Bleeping Computer</em> also shared that Black Reward claims to have scrubbed the dataset, removing any and all nonrelevant information before publication.</p> <p>The data also allegedly include <span>passports and visas of Iranian and Russians working with the agency, power plant status and performance reports, contracts, and technical reports.&nbsp;</span></p> <p><span>This recent hack comes on the heels of multiple security incidents in Iran, all of which have come following the death of Mehsa Amini, the 22-year-old woman who died in police custody after being arrested for wearing "unsuitable attire."</span></p> <p><span><span style="font-style: italic;">SecureWorld News</span> reported on a story in which <a href="https://www.secureworld.io/industry-news/hacktivists-assist-protestors-iran">s</a></span><a href="https://www.secureworld.io/industry-news/hacktivists-assist-protestors-iran">everal hacktivist groups were utilizing resources</a> such as Telegram, Signal, and the Dark Web to help protestors in Iran who were fighting back against the government's violent response to protests across the country.</p> <p><span>But it's not just hacktivists utilizing cybersecurity tools. Just last week, a new version of the <a href="https://www.secureworld.io/industry-news/furball-android-malware-spy-iran">Android malware "FurBall"</a> was discovered to be used by the Iranian government in a campaign targeting citizens in a mobile surveillance operation.</span></p> <p><span>For the recent hack of the AEOI, Iran says that "i</span>t is obvious that the purpose of such illegal efforts, which are carried out of desperation, is to attract public attention, create media atmospheres, and psychological operations, and lack any other value."</p> <p>But is that really how the authoritarian regime in Iran feels about its atomic organization being hacked?</p> <p>Black Reward hacktivists signed a message, "<span>For women, life, freedom."&nbsp;</span></p> <p><span>Follow <em>SecureWorld News</em> for more updates on the situation in Iran, as well as other stories related to cybersecurity.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhacktivist-targets-iranian-atomic-energy&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Hacking Original Content Iran Tue, 25 Oct 2022 10:21:00 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/hacktivist-targets-iranian-atomic-energy 2022-10-25T10:21:00Z Health Orgs Are Target of Daixin Team Ransomware https://www.secureworld.io/industry-news/health-orgs-daixin-ransomware <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/health-orgs-daixin-ransomware" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/ransomware_locked_files_hacker_shutterstock_693828238.jpg" alt="hacker-locked -files" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>The FBI, U.S. Department of Health and Human Services, and U.S. Cybersecurity Infrastructure Security Agency (CISA) have issued <a href="https://www.ic3.gov/Media/News/2022/221021.pdf">a joint cybersecurity advisory</a> with information about "Daixin Team," a cybercrime group actively targeting U.S. businesses with ransomware and data extortion operations.</p> <p>The FBI, U.S. Department of Health and Human Services, and U.S. Cybersecurity Infrastructure Security Agency (CISA) have issued <a href="https://www.ic3.gov/Media/News/2022/221021.pdf">a joint cybersecurity advisory</a> with information about "Daixin Team," a cybercrime group actively targeting U.S. businesses with ransomware and data extortion operations.</p> <p>The biggest target is the Healthcare and Public Health (HPH) sector, according to the advisory. "As of October 2022, per FBI Internet Crime Complaint Center (IC3) data, specifically victim reports across all 16 critical infrastructure sectors, the HPH Sector accounts for 25 percent of ransomware complaints."</p> <p>The report continues:</p> <p>Daixin Team is a ransomware and data extortion group that has targeted the HPH sector with ransomware and data extortion operations since at least June 2022. Since then, Daixin Team cybercrime actors have caused ransomware incidents at multiple HPH sector organizations where<br>they have:</p> <ul> <li>Deployed ransomware to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services; and/or</li> <li>Exfiltrated personal identifiable information (PII) and patient health information (PHI) and threatened to release the information if a ransom is not paid</li> </ul> <p>Virtual private networks (VPN) servers are the gateway for Daixin actors, who have exploited unpatched vulnerabilities in organizations' VPN servers, or, in one case, previously compromised credentials were used to access a legacy VPN server without multifactor authentication (MFA) enabled.</p> <p>Once in, Daixin Team threat actors use Secure Shell and Remote Desktop Protocol (RDP) to move laterally through systems, gaining privileged account access and resetting passwords on servers. The advisory credits third-party providers for identifying Babuk Locker as the source code for&nbsp; the Daixin actors' ransomware.</p> <p style="text-align: center;"><img src="https://www.secureworld.io/hs-fs/hubfs/Blog%20Images/Daixin%20ransomware%20note.jpg?width=482&amp;height=301&amp;name=Daixin%20ransomware%20note.jpg" alt="Daixin ransomware note" width="482" height="301" style="height: auto; max-width: 100%; width: 482px; margin-left: auto; margin-right: auto; display: block;"><em>Ransomware note from Daixin Team&nbsp;</em></p> <p><a href="https://www.ic3.gov/Media/News/2022/221021.pdf">See the advisory</a> for a complete list of techniques and use cases, including reconnaissance, initial access, persistence, credential access, lateral movement, exfiltration, and impact.</p> <p>Additional details from the advisory:</p> <p>"In addition to deploying ransomware, Daixin actors have exfiltrated data from victim systems. In one confirmed compromise, the actors used Rclone—an open-source program to manage files on cloud storage—to exfiltrate data to a dedicated virtual private server (VPS). In another compromise, the actors used Ngrok—a reverse proxy tool for proxying an internal service out onto an Ngrok domain—for data exfiltration."</p> <p>The FBI is seeking any additional information from victims of attacks, including logs showing communications to and from foreign IP addresses, sample ransom notes, communications from Daixin Group actors, Bitcoin wallet information, decryptor files, and/or a benign sample of an encrypted file.</p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fhealth-orgs-daixin-ransomware&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Ransomware Healthcare Security Alerts Original Content Health Records Mon, 24 Oct 2022 17:07:33 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/health-orgs-daixin-ransomware 2022-10-24T17:07:33Z A New-ish Mobile Attack: Zero-Click Spyware https://www.secureworld.io/industry-news/mobile-attack-zero-click-spyware <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/mobile-attack-zero-click-spyware" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/spyware_shutterstock_1338959522.jpg" alt="spyware-word-digital " class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p><em>Bloomberg</em> is reporting that in July 2020, an Azerbaijani journalist was the victim of a zero-click attack, commonly used by governments to target political opponents.</p> <p><em>Bloomberg</em> is reporting that in July 2020, an Azerbaijani journalist was the victim of a zero-click attack, commonly used by governments to target political opponents.</p> <p>The journalist's iPhone received a command to open the Apple Music app without the victim's knowledge or even touching the phone. The app then connected to a malicious server and downloaded spyware to the phone, listening in on calls and viewing text messages for nearly a year and a half.</p> <p>Behind the attack is spyware manufacturer NSO Group, which sells technology to governments and law enforcement agencies, <em>Bloomberg</em> reported. Based in Israel, NSO Group claims its software is typically used for good—stopping terrorism and curbing violent crime.</p> <p>But some governments have used Pegasus—the name of the spyware—for nefarious purposes, including attacking critics in more than a dozen countries.</p> <p>[RELATED: <a href="https://www.secureworld.io/industry-news/apple-sues-nso-group-details">Apple Sues 'Abusive State-Actor' NSO Group</a>]</p> <p>While Apple devices are the main target of these attacks that expose security vulnerabilities, NSO Group also has designed zero-click spyware aimed at Android phones. Typically, messaging services—iMessage for Apple, WhatsApp for Android—are the vehicle used to transfer malicious code onto devices.</p> <p>Read the full <a href="https://www.bloomberg.com/news/newsletters/2022-10-13/-zero-click-spyware-emerges-as-a-menacing-mobile-threat"><em>Bloomberg</em> article.</a></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fmobile-attack-zero-click-spyware&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Spyware Cyber Attacks Original Content Endpoint / Mobile Security Mon, 24 Oct 2022 16:22:10 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/mobile-attack-zero-click-spyware 2022-10-24T16:22:10Z New FurBall Android Malware Used to Spy on Iranian Citizens https://www.secureworld.io/industry-news/furball-android-malware-spy-iran <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/furball-android-malware-spy-iran" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/Spyware%20-%20Labeled%20for%20Reuse.jpg" alt="spyware-code-balls" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>A new version of the Android malware "FurBall" has been discovered to be used by the threat actor(s) known as Domestic Kitten in a campaign targeting Iranian citizens in a mobile surveillance operation.</p> <p>A new version of the Android malware "FurBall" has been discovered to be used by the threat actor(s) known as Domestic Kitten in a campaign targeting Iranian citizens in a mobile surveillance operation.</p> <p>Domestic Kitten, also known as <span>the APT-C-50 group, has been spying on Iranian citizens since 2016 with various campaigns targeting anti-government protestors throughout the Middle East. FurBall has been used since June 2021 to distribute a fraudulent translation app that mimics an Iranian website which provides translated articles, journals, and books. </span></p> <p><span>However, this recent version of FurBall that was discovered is slightly different from what Domestic Kitten has used in the past, according to <a href="https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware/">ESET malware researcher Lukas Stefanko</a>.&nbsp;</span></p> <p>This version has similar spyware functionality as before, except "<span>the threat actors slightly obfuscated class and method names, strings, logs, and server URIs." Stefanko believes the main purpose of this update was to try to avoid detection from security software, which has not worked out too well for the threat actors.</span></p> <p><span>The fake app was uploaded to VirusTotal, triggering an investigation from ESET, which detected the threat as Android/Spy.Agent.BWS.</span></p> <p><span>You can see the difference between the real and fake websites in the screenshot below, with the fake on the left and real on the right:</span></p> <p><span><img src="https://www.welivesecurity.com/wp-content/uploads/2022/10/Figure-1.-Fake-website-left-vs-the-legitimate-one-right.png"></span></p> <p><span>The fake website has a button to click which says "Download the application" in Persian. Though it has the Google Play logo, the app is not available in the Google Play store and downloads directly from Domestic Kitten's server.</span></p> <p><span>The sample analyzed by ESET researchers is not fully working malware; it only requests one intrusive permission, to access contacts, even though previous versions had fully functioning spyware.&nbsp;</span></p> <p><span>Researchers believe the purpose of this could be to set up a larger spearphishing attack conducted via text messages. In its limited </span>functionality, the app can exfiltrate contacts, get accessible files from external storage, list installed apps, obtain basic information about the device, and g<span>et device accounts (list of user accounts synced with device).</span></p> <p><span>Though, Domestic Kitten could expand the app permissions, allowing it to access all sorts of things, including:</span></p> <p style="padding-left: 40px;">•&nbsp; text from clipboard<br>•&nbsp; device location<br>•&nbsp; SMS messages<br>•&nbsp; contacts<br>•&nbsp; call logs<br>•&nbsp; recorded phone calls<br>•&nbsp; text of all notifications from other apps<br>•&nbsp; device accounts<br>•&nbsp; list of files on device<br>•&nbsp; running apps<br>•&nbsp; list of installed apps<br>•&nbsp; device info</p> <p>See the story from <a href="https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware/">ESET's Lukas Stefanko</a> for more information on FurBall and Domestic Kitten.</p> <h2><strong>Iranian cyber actors draw international attention</strong></h2> <p>Albania announced in September it would be <a href="https://www.secureworld.io/industry-news/cyberattack-albania-iran">severing all diplomatic relations with Iran</a> after a cyberattack in July targeted the government's digital infrastructure and public services.</p> <p>Prime Minister Edi Rama<span>&nbsp;</span><a href="https://www.kryeministria.al/en/newsroom/videomesazh-i-kryeministrit-edi-rama/">shared in a video message</a><span>&nbsp;</span>that the "heavy cyberattack" aimed to destroy critical systems, but the attack failed in its purpose. The damages were considered minimal compared to what could have been achieved by the state-sponsored threat actor.</p> <p>This led the United States government, along with Australia, Canada, and the U.K., to <a href="https://www.secureworld.io/industry-news/usa-sanctions-iranian-ransomware">sanction 10 individuals</a> and two entities associated with<span>&nbsp;</span><span>Iran's Islamic Revolutionary Guard Corps (IRGC) for their participation in malicious cyber activity.&nbsp;</span></p> <p><span>Follow <em>SecureWorld News</em> for more stories related to cybersecurity.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Ffurball-android-malware-spy-iran&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Spyware Original Content Iran Malware Fri, 21 Oct 2022 11:16:00 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/furball-android-malware-spy-iran 2022-10-21T11:16:00Z (ISC)2 Study: Cybersecurity Industry Facing 3.4 Million Shortfall in Workers https://www.secureworld.io/industry-news/isc2-cybersecurity-industry-workforce-shortage <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/isc2-cybersecurity-industry-workforce-shortage" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/team_business_network_shutterstock_1470825071.jpg" alt="cyber-professionals-workers" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>A new study by <span>(ISC)</span><sup>2 </sup>released October 20th estimates the current global cybersecurity workforce at 4.7 million people—the highest ever—but the real takeaway is the worldwide talent gap in the security industry of 3.4 million workers.</p> <p>A new study by <span>(ISC)</span><sup>2 </sup>released October 20th estimates the current global cybersecurity workforce at 4.7 million people—the highest ever—but the real takeaway is the worldwide talent gap in the security industry of 3.4 million workers.</p> <p><span><a href="https://www.isc2.org/-/media/ISC2/Research/2022-WorkForce-Study/ISC2-Cybersecurity-Workforce-Study.ashx">The 2022 (ISC)<sup>2</sup> Cybersecurity Workforce Study</a> is an update to the organization's first cybersecurity workforce estimate conducted in 2019. This proprietary methodology integrated a wide array of primary and secondary data sources to extrapolate the number of workers responsible for securing their organizations, according to the study summary.</span></p> <p><span>Despite adding 464,000 workers over the past year, the gap in the security workforce has widened by more than 26%. The alarm bells are ringing for enterprises looking to combat increasing attacks from a growing cybercriminal network.</span></p> <p><span>Nearly 70% of the InfoSec workforce say their organizations' cybersecurity teams are understaffed.</span></p> <p><span>"The shortage is particularly severe in aerospace, government,<br>education, insurance and transportation," the study cites. "A cybersecurity workforce gap jeopardizes the most foundational functions of the profession like risk assessment, oversight and critical systems patching. More than half of employees at organizations with workforce shortages feel that staff deficits put their organization at a 'moderate' or 'extreme' risk of cyberattack. And that risk increases substantially when organizations have a significant staffing shortage."</span></p> <p><span>Staff shortages and competition for competent, capable workers has increased even more since the pandemic, according to the study.&nbsp;</span></p> <p><span>"People are seeking out work cultures that fit their lifestyles the best, and this has led to increased turnover," the study reveals. "21% of respondents from North America have switched organizations in the last 12 months; this is up from 13% in the previous year."</span></p> <p><span>The study also examines:</span></p> <ul> <li><span>Job satisfaction</span></li> <li><span>Top factors influencing employee experience</span></li> <li><span>Flexible work options, including remote work (Pre-pandemic remote work was at 23%; post-pandemic levels are at 55%.)</span></li> <li><span>Combatting burnout</span></li> <li><span>The generational divide</span></li> <li><span>Diversity, equity, and inclusion (Younger workers place a higher value on DEI initiatives.)</span></li> <li><span>Career pathways</span></li> <li><span>Career progression</span></li> <li><span>Evolving certifications</span></li> <li><span>Salaries (The median salary for North America cybersecurity workers is $134,800.)</span></li> <li><span>Data breaches, war, and modern threats (Attacks often increase workload, particularly in the financial services, aerospace, government, and military industries.)</span></li> <li><span>The future of cybersecurity work</span></li> </ul> <p><span>As part of the study's conclusion, it offers hope and a warning:</span></p> <p><span>"Our research suggests that the cybersecurity workforce is driven by a passion for what they do; and they have the best experience when they are able to chart their path and progression in the field. However, this experience is diluted when employees do not feel supported by the groups they work for. Individual employees need to be supported by their collective teams and organizations. Staff retention continues to be an issue, and although there is optimism about hiring/recruiting in the future, companies need to take more action to inspire loyalty and mitigate attrition. Showing employees that they are valued and listened to will improve their experience within the workplace (whether it’s remote or on-site)."</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fisc2-cybersecurity-industry-workforce-shortage&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Cybersecurity Skills Gap Security Culture InfoSec Workforce Original Content Thu, 20 Oct 2022 19:28:04 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/isc2-cybersecurity-industry-workforce-shortage 2022-10-20T19:28:04Z Google Play Removes 16 Apps Tied to Clicker Malware https://www.secureworld.io/industry-news/google-play-apps-clicker-malware <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/google-play-apps-clicker-malware" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/apps_pathum_danthanarayana_t8TOMKe6xZU_unsplash.jpg" alt="apps on phone screen" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Google Play has removed 16 apps from its app store after the McAfee Mobile Research Team <a href="https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-malicious-clicker-found-in-apps-installed-by-20m-users/">alerted the company</a> to Clicker malware associated with the apps, affecting 20 million people who installed the apps.</p> <p>Google Play has removed 16 apps from its app store after the McAfee Mobile Research Team <a href="https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-malicious-clicker-found-in-apps-installed-by-20m-users/">alerted the company</a> to Clicker malware associated with the apps, affecting 20 million people who installed the apps.</p> <p>The apps have already been removed from Google Play's app offerings.</p> <p>Like so many mobile malware schemes, the apps profess to be helpful to users, providing a handy tool or time-saving utility. But they are simply pushing ads in the background that crawl and collect illegal advertising revenue.</p> <p>Utility applications such as Flashlight (Torch), QR readers, Camera, unit converters, and task managers were among app categories affected. Here's the full list of apps affected and since removed:</p> <ul> <li>BusanBus (com.kmshack.BusanBus)</li> <li>Currency Converter (com.smartwho.SmartCurrencyConverter)&nbsp;</li> <li>EzDica (com.joysoft.ezdica)</li> <li>Ez Notes (com.meek.tingboard)&nbsp;</li> <li>Flashlight+ (com.candlencom.candleprotest)</li> <li>Flashlight+ (kr.caramel.flash_plus)</li> <li>Flashlight+ (com.dev.imagevault)</li> <li>High-Speed Camera (com.hantor.CozyCamera)</li> <li>Instagram Profile Downloader (com.schedulezero.instapp)&nbsp;</li> <li>Joycode (com.joysoft.barcode)&nbsp;</li> <li>K-Dictionary (com.joysoft.wordBook)</li> <li>Quick Note (com.movinapp.quicknote)&nbsp;</li> <li>Smart Task Manager (com.james.SmartTaskManager)</li> <li>손전등 (com.candlencom.flashlite)</li> <li>계산기 (com.doubleline.calcul)</li> <li>달력메모장 (com.smh.memocalendar)</li> </ul> <p>According to the McAfee news item: "<span>Clicker malware targets illicit advertising revenue and can disrupt the mobile advertising ecosystem. Malicious behavior is cleverly hidden from detection. Malicious actions such as retrieving crawl URL information via FCM messages start in the background after a certain period of time and are not visible to the user."</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fgoogle-play-apps-clicker-malware&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Cybersecurity Application Security Original Content Malware Endpoint / Mobile Security Thu, 20 Oct 2022 15:57:49 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/google-play-apps-clicker-malware 2022-10-20T15:57:49Z Europol Arrests 31 Hackers for Car Theft https://www.secureworld.io/industry-news/europol-arrests-hackers-car-theft <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/europol-arrests-hackers-car-theft" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/Cars_-_Labeled_for_Reuse_0.jpg" alt="cars parked on street" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>Cybersecurity in the automotive industry has become increasingly important in the last few years, as manufacturers implement myriad new technologies that are connected to the internet. The goal of all that innovation is to make the driver's experience more enjoyable, but that isn't always the case.</p> <p>Cybersecurity in the automotive industry has become increasingly important in the last few years, as manufacturers implement myriad new technologies that are connected to the internet. The goal of all that innovation is to make the driver's experience more enjoyable, but that isn't always the case.</p> <p>Europol recently announced the success of an operation which took down a group of hackers who <span>used fraudulent software to steal vehicles without the physical key fob typically needed to unlock cars.</span></p> <p><span>Authorities from France, Spain, and Latvia coordinated with Europol to search 22 locations, leading to the arrests of 31 suspects and the seizure of approximately $1,073,640 in criminal assets.</span></p> <p><a href="https://www.europol.europa.eu/media-press/newsroom/news/31-arrested-for-stealing-cars-hacking-keyless-tech">Europol discusses</a> the operation:</p> <p style="padding-left: 40px;">"The criminals targeted keyless vehicles from two French car manufacturers. A fraudulent tool, marketed as an automotive diagnostic solution, was used to replace the original software of the vehicles, allowing the doors to be opened and the ignition to be started without the actual key fob.&nbsp;</p> <p style="padding-left: 40px;">Among those arrested feature the software developers, its resellers and the car thieves who used this tool to steal vehicles."</p> <p><span>The French Gendarmerie's Cybercrime Centre (C3N) began the investigation earlier this year, which has been supported by Interpol since March, with "extensive analysis and the dissemination of intelligence packages to all the countries affected by this crime."&nbsp;</span></p> <p><span>Europol also shared this image of a domain seizure notice, which could indicate the fraudulent software tool was being sold to third parties on the Dark Web:</span></p> <p><span><img src="https://www.europol.europa.eu/cms/sites/default/files/styles/900x/public/images/024-2022_Pop-UP-Saisie-service%20-%202.png?itok=_ZuZvlj5" alt="024-2022_Pop-UP-Saisie-service - 2.png"></span>While this could be the first documented case where cybercriminals have hacked and stolen cars, this isn't the first security related incident for the auto industry.</p> <p>SecureWorld previously reported on an incident in which <span>David Colombo, a 19-year-old security specialist from Germany, discovered a <a href="https://www.secureworld.io/industry-news/teen-vulnerability-annoy-tesla">vulnerability in dozens of Teslas</a> around the world, allowing him to gain remote access to the vehicles. He found he could mess around with all kinds of settings and even view a car's location and where it had traveled.</span></p> <p><span>As the world transitions to more electric vehicles, and eventually autonomous vehicles, securing all aspects of a car's technology will mean life or death for the driver and passengers.</span></p> <p><span>Follow <em>SecureWorld News</em> for more stories related to cybersecurity.</span></p> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Feuropol-arrests-hackers-car-theft&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Automotive Industry Hacking Original Content Cybercrime / Threats Wed, 19 Oct 2022 22:49:29 GMT drewt@secureworldexpo.com (Drew Todd) https://www.secureworld.io/industry-news/europol-arrests-hackers-car-theft 2022-10-19T22:49:29Z Gen Z, Millennials Pose More Cybersecurity Risk than Older Employees, Survey Shows https://www.secureworld.io/industry-news/gen-z-millennials-employees-cybersecurity-risk <div class="hs-featured-image-wrapper"> <a href="https://www.secureworld.io/industry-news/gen-z-millennials-employees-cybersecurity-risk" title="" class="hs-featured-image-link"> <img src="https://www.secureworld.io/hubfs/Blog%20Images/people_business_risk_lock_shutterstock_434409007.jpg" alt="People at work and cyber lock" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>A new survey from EY reveals it is not the assumed tech-challenged Gen X and Baby Boomers who put organizations at greater risk when it comes to cybersecurity; it's Gen Z and Millennial employees who take it less seriously.</p> <p>A new survey from EY reveals it is not the assumed tech-challenged Gen X and Baby Boomers who put organizations at greater risk when it comes to cybersecurity; it's Gen Z and Millennial employees who take it less seriously.</p> <p>In an October 18th <a href="https://www.prnewswire.com/news-releases/gen-z-and-millennials-less-serious-about-cybersecurity-on-work-issued-devices-than-personal-according-to-new-ey-consulting-survey-301649378.html">news release</a>, EY shared the results of its 2022 Human Risk in Cybersecurity Survey, in which it asked 1,000 Americans about their cybersecurity and awareness practices.</p> <p>The two key bullets that lead off the release might surprise some:</p> <ul type="disc"> <li>Roughly half of Gen Z (48%) and about one-third of Millennial employees (39%) admit to taking cybersecurity protection on their personal devices more seriously than on their work devices, potentially putting companies at risk.</li> <li>Gen Z and Millennial workers are significantly more likely than older generations to use the same password for both a professional account and personal account and to disregard mandatory IT updates.</li> </ul> <p>The survey's timing comes in the middle of Cybersecurity Awareness Month and, and as one EY cybersecurity consulting leader says, the revelation "should be a wake-up call for security leaders, CEOs and boards."</p> <p>Some other interesting statistics from the study:</p> <ul> <li>76% of workers across generations consider themselves knowledgeable about cybersecurity; but 58% of Gen Z and 42% of Millennials are significantly more likely to disregard mandatory IT updates (vs. 31% for Gen X and 15% for Baby Boomers)</li> <li>30% of Gen Z and 31% of Millennials are more likely to use the same password for professional and personal accounts (vs. 22% and 15% for Gen X and Baby Boomers, respectively)</li> <li>48% of Gen Z and 43% of Millennials are more likely to accept web browser cookies on their work-issued devices all the time or often (vs. 32% for Gen X and 18% for Baby Boomers)</li> </ul> <p>EY recommends the following approaches for educating employees about being cybersecurity aware:</p> <ul> <li>Use carrots, not sticks</li> <li>Provide cybersecurity education and make it personal</li> <li>Understand and interrupt human behaviors</li> </ul> <img src="https://track.hubspot.com/__ptq.gif?a=2221756&amp;k=14&amp;r=https%3A%2F%2Fwww.secureworld.io%2Findustry-news%2Fgen-z-millennials-employees-cybersecurity-risk&amp;bu=https%253A%252F%252Fwww.secureworld.io%252Findustry-news&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Featured Risk Management Security Awareness Passwords Original Content Wed, 19 Oct 2022 16:48:16 GMT CamS@secureworld.io (Cam Sivesind) https://www.secureworld.io/industry-news/gen-z-millennials-employees-cybersecurity-risk 2022-10-19T16:48:16Z