Collaborate Disseminate
In this interview with Help Net Security, Max Shuftan, Director of Mission Programs & Partnerships at SANS Institute, talks about how companies and the cybersecurity industry should try to recruit hobbyists and DIYers – as well as individual… Continue reading How to recruit cybersecurity talent from atypical backgrounds
A threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID (BokBot) trojan without triggering email security solutions. “The payload has also moved away from using office docum… Continue reading IceID trojan delivered via hijacked email threads, compromised MS Exchange servers
A critical vulnerability (CVE-2022-1040) in Sophos Firewall in being exploited in the wild to target “a small set of specific organizations primarily in the South Asia region,” Sophos has warned. About CVE-2022-1040 CVE-2022-1040 is an auth… Continue reading Attackers are exploiting recently patched RCE in Sophos Firewall (CVE-2022-1040)
April 18 marks the end of the 2022 US tax season and those individuals who are yet to file their taxes should get a move on. But they should not throw caution to the wind, as scammers, fraudsters, phishers and malware peddlers are working hard to explo… Continue reading Beware of old and new tax-themed scams and schemes
Okta has released additional details about the security incident caused by the Lapsus$ gang, and has named the contractor involved: Sitel. What happened? “Like many SaaS providers, Okta uses several companies (‘sub-processors’) to exp… Continue reading Okta names contractor involved in Lapsus$ gang’s attack
Business email compromise/email account compromise scams still have the highest financial toll on victims, but investment fraud has also lead to massive losses last year, FBI’s 2021 Internet Crime Report has revealed. Tech support scammers have l… Continue reading Internet crime in 2021: Investment fraud losses soar
Recent claims by the cyber extortion gang have been validated by Okta and Microsoft: Lapsus$ have managed to get their hands on some of Microsoft’s source code and have gained access to the laptop of a support engineer working for a third-party c… Continue reading Microsoft and Okta comfirm, detail impact of Lapsus$ gang’s attacks
US President Joe Biden has urged companies in critical infrastructure sectors to shore up their defenses against potential cyberattacks. The warning “Most of America’s critical infrastructure is owned and operated by the private sector and critic… Continue reading US critical infrastructure operators should prepare for retaliatory cyberattacks
After breaching NVIDIA and Samsung and stealing and leaking those companies’ propertary data, the Lapsus$ cyber extortion gang has announced that they have popped Microsoft and Okta. Lapsus$ gang’s claims If Lapsus$’s assertions prove… Continue reading Lapsus$ gang says it has breached Okta and Microsoft
An advanced threat actor has been spotted using distinctive, novel methods to backdoor French entities in the construction, real estate, and government industries. How the attack unfolds The attack starts with a well-known technique – emails cont… Continue reading Attackers employ novel methods to backdoor French organizations