Recent Security News
-
Every “Thing” Everywhere All at Once
December 19, 2023 at 07:51AM “In Everything Everywhere All at Once, Evelyn Wang battles multidimensional challenges to protect her family. Similarly, modern enterprises face complex, interconnected IT environments, amplifying security risks. CISOs struggle to monitor and secure an average 2.7 million IT assets. With IoT devices further complicating the landscape, real-time asset inventory and granular…
-
2022 Election Not Impacted by Chinese, Russian Cyber Activity: DOJ, DHS
December 19, 2023 at 07:51AM A joint report by the Justice Department and Department of Homeland Security confirms cyberattacks during the 2022 US mid-term election, including activities linked to Russia and China. Despite these efforts, there is no evidence of significant impact on election integrity or security. A separate report by the ODNI examines foreign…
-
Unsung GitHub Features Anchor Novel Hacker C2 Infrastructure
December 19, 2023 at 07:35AM Cybersecurity research uncovers an individual, “Yeremy,” misusing GitHub to host stage-two malware by exploiting “gists” and commits, evading detection. Hackers are increasingly leveraging public service platforms, like GitHub, for their illicit activities due to their access, lack of scrutiny, and minimal effort required. This tactic offers a stealth advantage over…
-
Are We Ready to Give Up on Security Awareness Training?
December 19, 2023 at 07:15AM Organizations are prioritizing security awareness training despite its low effectiveness. Employees express the need for practical experiences and time allocation for training. Moonlock’s Cybersecuritoons offers short-form cybersecurity content to fit into busy schedules. Feedback transforms and shapes the delivery of training, promoting a security culture and active participation. This evolving…
-
Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa
December 19, 2023 at 07:15AM MuddyWater, an Iranian cyber espionage group affiliated with Iran’s Ministry of Intelligence and Security (MOIS), has used a new command-and-control framework called MuddyC2Go in attacks on telecommunications sectors in Egypt, Sudan, and Tanzania. Symantec’s Threat Hunter Team, tracking the group as Seedworm, has observed the group’s use of various tools…