Digital Shadows – Page 2 – WindowsTechs.com

Organizations at growing risk from initial access brokers – a fast growing class of cybercriminal who breach firms and then charge others to do the ‘dirty work’

Posted on February 23, 2021 by Deb Schalm

Thriving on disruption to business process and remote working caused by pandemic as listings for RDP and VPNs increase with an average price of $7,100 London and San Francisco, February 23, 2021 – Digital Shadows, the leader in digital risk protectio… Continue reading Organizations at growing risk from initial access brokers – a fast growing class of cybercriminal who breach firms and then charge others to do the ‘dirty work’→

Investigators suggest hackers exploited weak password security to breach Florida water facility

Posted on February 12, 2021 by Tim Starks

A clearer picture of poor security practices in Oldsmar, Florida prior to the dangerous hack of its water treatment plant is beginning to emerge, even as an investigation into the matter continues one week after the incident. Three federal agencies teamed up with an organization that shares threat information between states to issue an alert late Thursday explaining how the breach, in which a hacker allegedly tried to raise sodium hydroxide levels to amounts that are harmful to humans, might have unfolded. Initial clues suggest the incident, which was detected before it amounted to a threat to public drinking water, was made possible by lax data protection strategies and exploitation of a software tool. “The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system,” reads the alert from the FBI, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, Environmental […]

The post Investigators suggest hackers exploited weak password security to breach Florida water facility appeared first on CyberScoop.

Continue reading Investigators suggest hackers exploited weak password security to breach Florida water facility→

Digital Shadows integrates with Microsoft Azure AD enabling rapid response to exposed company credentials

Posted on January 19, 2021 by Deb Schalm

Leverages data set of 8 billion authentications daily to only alert organizations against ‘at risk’ username and password combinations London and San Francisco, January 19, 2021 – Digital Shadows, the leader in digital risk protection, today an… Continue reading Digital Shadows integrates with Microsoft Azure AD enabling rapid response to exposed company credentials→

What’s Next for Ransomware in 2021?

Posted on December 31, 2020 by Becky Bracken

Ransomware response demands a whole-of-business plan before the next attack, according to our roundtable of experts. Continue reading What’s Next for Ransomware in 2021?→

A ‘coordinated police’ action against the Joker’s Stash took a small domain offline

Posted on December 17, 2020 by Jeff Stone

An ongoing law enforcement operation has disrupted aspects of a leading website where internet scammers frequently buy and sell stolen data, according to the site’s administrators and multiple sources with visibility into the site. A message posted Thursday on a forum at the Joker’s Stash, a marketplace where members have previously listed millions of payment cards stolen from U.S. restaurant chains, notifies members that “these bastards busted” an “external proxy server” connected to a section of the site. Other aspects of Joker’s Stash remained functioning normally at press time Thursday, though one researcher suggested the action represented a kind of warning to the site that has facilitated fraud since at least 2015. “This relates to a coordinated police operational activity that is ongoing, and at this time we are not in a position to comment,” Interpol, the inter-governmental law enforcement organization based in France, said in an email. The affected […]

The post A ‘coordinated police’ action against the Joker’s Stash took a small domain offline appeared first on CyberScoop.

Continue reading A ‘coordinated police’ action against the Joker’s Stash took a small domain offline→

Digital Shadows Launches Sensitive Document Alerts With Added Context

Posted on November 23, 2020 by Deb Schalm

New capabilities within SearchLight™ to detect exposed sensitive but not protectively-marked technical and commercial documents, including product designs and payroll data London and San Francisco, November 23, 2020 – Digital Shadows, the leade… Continue reading Digital Shadows Launches Sensitive Document Alerts With Added Context→

As COVID-19 travel restrictions eased, scammers pounced

Posted on October 27, 2020 by Sean Lyngaas

You can add travel-booking scams to the ways that cybercriminals have adapted to the pandemic-era economy. After slashing prices on the hacking tools sold on underground forums and targeting software used for remote work, crooks have been monitoring the fluctuations in travel restrictions around the world for an opportunity to hawk illicit travel schemes, according to research published Tuesday by the threat intelligence firm Gemini Advisory. The analysts found an uptick in travel-related chatter on over a dozen cybercriminal forums since July, not long after countries in Europe began loosening travel controls. Mentions of travel-related issues on the forums went from roughly 100 per day in early June to more than 600 per day in early September, Gemini Advisory analysts said. “Numerous dark web forum members and Telegram channels have resumed advertising travel services after being dormant during the peak of COVID-19 pandemic,” Gemini Advisory said in a blog post. “One prominent […]

The post As COVID-19 travel restrictions eased, scammers pounced appeared first on CyberScoop.

Continue reading As COVID-19 travel restrictions eased, scammers pounced→

How middlemen are giving ransomware gangs more attack options

Posted on October 12, 2020 by Sean Lyngaas

The last six months have seen damaging ransomware attacks on two multibillion-dollar IT firms, Conduent and Cognizant, with clients all over the world. The incidents locked computers across the companies, cut into revenue and required days, if not weeks, of clean up. A report published Monday by consulting giant Accenture warns that the kind of criminal groups behind those attacks have more options than ever for accessing corporate networks thanks to a thriving market for outsourced hacking. Accenture researchers are tracking more the 25 regular “network access sellers,” or people who specialize in breaching an organization’s networks and handing off that access to the highest bidder. The access sellers have frequented the same underground forums as the people involved with prolific strains of ransomware like NetWalker and Maze, the latter which was used against Cognizant. “Network access selling has progressed from a niche underground offering throughout 2017 to a central pillar of criminal underground […]

The post How middlemen are giving ransomware gangs more attack options appeared first on CyberScoop.

Continue reading How middlemen are giving ransomware gangs more attack options→

Digital Shadows launches access key alerts – to mitigate the growing problem of credentials exposed during software development

Posted on October 7, 2020 by Deb Schalm

Threat actors actively scouring code repositories such as GitHub for easy way to infiltrate organizations London and San Francisco, October 07, 2020 – Digital Shadows, the leader in digital risk protection, has today announced the ability to dete… Continue reading Digital Shadows launches access key alerts – to mitigate the growing problem of credentials exposed during software development→

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

Posted on September 11, 2020 by Tara Seals

Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws. Continue reading It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure→