Tag: cyber
-
Threat Actors Exploit Messaging Services as Lucrative Cybercrime Platforms
by
in SecurityNewsThreat actors are exploiting weaknesses in SMS verification systems to generate massive, fraudulent message traffic, costing businesses millions. This type of fraud involves artificially triggering SMS verification requests by creating numerous synthetic identities or using automated bots, thereby inflating the SMS traffic to exploit billing systems. Mechanics of SMS Pumping Fraudsters initiate this scam by…
-
Scattered Spider Launches Sophisticated Attacks to Steal Login Credentials and MFA Tokens
by
in SecurityNewsThe cyber threat landscape has witnessed remarkable adaptation from the notorious hacker collective known as Scattered Spider. Active since at least 2022, this group has been consistently refining its strategies for system compromise, data exfiltration, and identity theft. Silent Push analysts have tracked the evolution of Scattered Spider’s tactics, techniques, and procedures (TTPs) through early…
-
Making Compliance a Strategic Business Driver With AI
by
in SecurityNews
Tags: ai, awareness, business, compliance, cyber, cybersecurity, risk, risk-management, strategy, toolUNSW’s Pranit Anand on Personalizing Cyber Awareness Programs. Compliance programs can be more than tick-box exercises. When aligned with business strategy, cybersecurity awareness efforts become tools for improving continuity, profitability and risk management, said Pranit Anand, chief investigator at UNSW Business School. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/making-compliance-strategic-business-driver-ai-a-27959
-
Neue Mitarbeiter: Vom Sicherheitsrisiko zum Verfechter der betrieblichen Cyber-Sicherheitsstrategie
by
in SecurityNews
Tags: cyberFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/mitarbeiter-unternehmen-sicherheitsrisiko-verfechter-cyber-sicherheitsstrategie
-
The Database Kill Chain
Modern attacks targeting sensitive data have become complex. An organization with many assets might be lost when trying to assess its overall risk, understand the pain points and prioritize the tasks required to secure its information systems. Cyber threat modeling frameworks were introduced to help solve this issue. By identifying the different parts of the……
-
Why CISOs are doubling down on cyber crisis simulations
by
in SecurityNewsCyber threats aren’t going away, and CISOs know prevention isn’t enough. Being ready to respond is just as important. Cyber crisis simulations offer a way to test that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/09/ciso-cyber-crisis-simulations/
-
MIWIC25: Michelle Corrigan, Director of Digital Care Hub
by
in SecurityNews
Tags: cyberOrganised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are…
-
CISA Alerts on Active Exploitation of CentreStack Hard-Coded Key Vulnerability
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert highlighting a critical vulnerability in Gladinet CentreStack, a cloud-based enterprise file-sharing platform. The issue, tracked as CVE-2025-30406, involves the use of a hard-coded cryptographic key that could enable attackers to execute remote code on compromised systems, posing a major security risk to organizations relying on…
-
Ransomware Groups Target Organizations to Exfiltrate Data and Blackmail via Leak Site Posts
by
in SecurityNewsRansomware attacks have continued their relentless assault on organizations worldwide, with a focus on data exfiltration and subsequent blackmail through leak site posts. Rapid7 Labs’ analysis of internal and public data provides insights into the evolving landscape of ransomware threats. Evolving Tactics in Ransomware Operations The ransomware ecosystem has seen a shift where established and…
-
Is HR running your employee security training? Here’s why that’s not always the best idea
by
in SecurityNews
Tags: attack, awareness, best-practice, breach, business, ciso, communications, compliance, cyber, cybersecurity, data, finance, guide, healthcare, privacy, resilience, risk, security-incident, service, threat, training, vulnerabilityHR doesn’t have specialized security knowledge: Another limitation is that an organization’s security training can be a component in maintaining certain certifications, compliance, contractual agreements, and customer expectations, according to Hughes.”If that’s important to your organization, then security, IT, and compliance teams will know the subjects to cover and help guide in the importance of…
-
Cyber Monday: 12 Tipps, um sicher zu shoppen
by
in SecurityNewsDer sogenannte Cyber Monday steht kurz bevor und leitet den Start des Weihnachtsverkaufs im Internet ein. Auch für Schnäppchenjäger und Anbieter in Deutschland gewinnt der Cyber Monday zunehmend an Popularität, doch leider wittern auch Kriminelle immer öfter an diesem Tag die große Beute. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2014/11/28/cyber-monday-12-tipps-um-sicher-zu-shoppen/
-
Gcore Super Transit Brings Advanced DDoS Protection and Acceleration for Superior Enterprise Security and Speed
by
in SecurityNewsGcore, the global edge AI, cloud, network, and security solutions provider, has launched Super Transit, a cutting-edge DDoS protection and acceleration feature, designed to safeguard enterprise infrastructure while delivering lightning-fast connectivity. This comes as organizations face a 56% year-on-year increase in high-volume, complex DDoS attacks that disrupt operations, increase latency, and compromise network security. Traditional solutions often…
-
Adobe Security Update: Patches Released for Multiple Product Vulnerabilities
by
in SecurityNewsAdobe has announced critical security updates for several of its popular software products, addressing vulnerabilities that could potentially be exploited by attackers. The Product Security Incident Response Team (PSIRT) has urged all users to apply these updates immediately to protect their systems and data. These updates are part of Adobe’s ongoing commitment to ensuring the…
-
Cyber-Resilienz statt bloße Cyber-Resistenz: 5 Tipps für mehr Widerstandsfähigkeit gegenüber -angriffen
by
in SecurityNewsFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/cyber-resilienz-statt-resistenz-5-tipps-widerstandsfaehigkeit-angriffe
-
New Double-Edged Email Attack Steals Office 365 Credentials and Delivers Malware
by
in SecurityNewsCybersecurity experts have uncovered a sophisticated phishing campaign that employs a double-edged tactic to compromise Office 365 credentials and deliver malware, posing significant risks to organizations worldwide. The campaign, identified by the Cofense Phishing Defense Center (PDC), uses a file deletion reminder as a pretext to trick victims into engaging with what appears to be…
-
Europäischer Cyber Security Monat: Statistiken, Events und Tipps für Ihre Sicherheit
by
in SecurityNews
Tags: cyberIm Oktober 2012 ging der Europäische Cyber Security Monat (European Cyber Security Month ECSM) als Pilotprojekt europaweit an den Start. Die jährlich stattfindende Aktion zum Thema Cyber-Sicherheit wurde nach dem Vorbild erfolgreicher Aufklärungskampagnen rund um den Globus entwickelt. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2014/10/15/europaischer-cyber-security-monats-statistiken-events-und-tipps-fur-ihre-sicherheit/
-
New Mirai Botnet Variant Exploits TVT DVRs to Gain Admin Control
by
in SecurityNewsGreyNoise has noted a sharp escalation in hacking attempts targeting TVT NVMS9000 Digital Video Recorders (DVRs). The surge in malicious activity, peaking on April 3, 2025, with over 2,500 unique IP addresses, suggests a new variant of the notorious Mirai botnet is at play, exploiting an information disclosure vulnerability to seize administrative control over these…
-
HP-Bericht: Alte Schwachstellen sind eine große Gefahr
by
in SecurityNewsAus dem Cyber Risk Report 2015 von HP geht hervor, dass 44 Prozent der in 2014 bekanntgewordenen Datenlücken auf Schwachstellen zurückzuführen sind, die zwei bis vier Jahre alt sind. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/02/25/hp-bericht-alte-schwachstellen-sind-eine-grose-gefahr/
-
Windows Kerberos Vulnerability Enables Security Feature Bypass
by
in SecurityNewsMicrosoft has disclosed a new security vulnerability in Windows operating systems, tracked as CVE-2025-29809. This flaw, classified withImportantseverity, impacts the Kerberos authentication protocol, potentially enabling attackers to bypass critical security features. The vulnerability stems from weaknesses described underCWE-922: Insecure Storage of Sensitive Information, making it a pressing concern for organizations relying on Kerberos for secure authentication.…
-
US banking regulator reports on ‘major’ cyber incident involving senior officials’ emails
The U.S. Office of the Comptroller of the Currency told Congress that a breach of its email systems reported in February involved “highly sensitive information” in the accounts of high-ranking officials. First seen on therecord.media Jump to article: therecord.media/office-comptroller-currency-email-hack-report
-
Hellcat Ransomware Upgrades Arsenal to Target Government, Education, and Energy Sectors
by
in SecurityNews
Tags: attack, cyber, cybersecurity, exploit, government, group, phishing, ransomware, service, spear-phishing, tactics, vulnerability, zero-dayThe cybersecurity community has raised alarms over the rapid evolution of the Hellcat ransomware group, which has escalated its tactics to target critical sectors. Hellcat, which emerged in mid-2024, now employs a sophisticated blend of psychological manipulation, zero-day vulnerabilities, and Ransomware-as-a-Service (RaaS) to expand its influence. Spear Phishing and Zero-day Exploits Hellcat operators initiate attacks…
-
NCSC shares technical details of spyware targeting Uyghur, Tibetan and Taiwanese groups
by
in SecurityNewsThe U.K.’s National Cyber Security Centre and international cybersecurity and intelligence agencies on Wednesday said hackers are deploying two forms of previously identified spyware to snoop on Uyghur, Tibetan and Taiwanese individuals and civil society organizations. First seen on therecord.media Jump to article: therecord.media/ncsc-shares-details-on-spyware-targeting-uyghur-tiben-taiwanese-groups
-
Was ist eine Cyber-Versicherung?
by
in SecurityNewsEine Cyber-Versicherung kann ein hilfreiches Tool sein, das im Falle eines digitalen Sicherheitsvorfalls ermöglicht, das Risiko zu übertragen – allerdings nur bei richtiger Anwendung. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/06/05/ist-eine-cyber-versicherung/
-
Cyber-Resilient-Storage als wirksame Verteidigung gegen Bedrohungen
by
in SecurityNewsDigitale Umgebungen sind stetig Cyberbedrohungen ausgesetzt. Diese sind für die Betriebskontinuität eine kontinuierliche Herausforderung. Dies gilt nicht nur für große Unternehmen, sondern insbesondere auch für kleine und mittelständische Firmen (KMU): 82 Prozent der Ransomware-Angriffe im letzten Jahr betrafen Unternehmen mit weniger als 1000 Mitarbeitern. Besonders heikel: über 90 Prozent der Ransomware-Angriffe zielen auch auf die…
-
Pharmacist accused of using webcams to spy on women in intimate moments at work, home
by
in SecurityNewsLawsuit claims sick cyber-voyeurism went undetected for years, using hundreds of PCs, due to lax infosec First seen on theregister.com Jump to article: www.theregister.com/2025/04/09/pharmacist_accused_of_cyber_voyeurism/
-
Compliance Needs Financial Metrics, Not Just Dashboards
by
in SecurityNewsElliott of Zurich Insurance on Why Business Leaders Need Quantifiable Cyber Risks. Many compliance programs rely on vague risk scores and dashboards. These don’t always help business leaders make decisions. Dan Elliott, head of cyber resiliency, Zurich Resilience Solutions, ANZ, at Zurich Insurance, said organizations should frame compliance through financial metrics. First seen on govinfosecurity.com…