How to Prevent Ransomware as a Service (RaaS) Attacks

October 11, 2023 at 09:44PM Ransomware as a Service (RaaS) attacks are on the rise, with a significant increase in the number of victim organizations. RaaS operators recruit affiliates to carry out the attacks, split the ransom amounts, and provide sophisticated tools and interfaces. To prevent ransomware attacks, companies should leverage cybersecurity frameworks, use a … Read more

BianLian extortion group claims recent Air Canada breach

October 11, 2023 at 05:08PM The BianLian extortion group claims to have stolen 210GB of data from Air Canada, including technical and operational information, employee personal data, vendor and supplier information, and confidential documents. The group has shared screenshots of the stolen data as proof. Air Canada has acknowledged the threats but has not confirmed … Read more

Curl Bug Hype Fizzles After Patching Reveal

October 11, 2023 at 04:24PM The cybersecurity community anxiously awaited the disclosure of two security flaws in the open source proxy resolution tool, Curl. However, after patches and bug details were unveiled, neither vulnerability lived up to the hype. The first flaw could allow data corruption or remote code execution, but it only affects a … Read more

Adobe Acrobat Reader Vuln Now Under Attack

October 11, 2023 at 02:20PM The Cybersecurity Infrastructure & Security Agency (CISA) has added an Adobe Acrobat Reader bug to its list of exploited vulnerabilities. The bug (CVE-2023-21608) exists in multiple versions of Adobe Acrobat and Reader and allows remote execution of malicious code. CISA advises users to update their software, which was patched in … Read more

Gaza Conflict: How Israeli Cybersecurity Will Respond

October 11, 2023 at 02:06PM Israeli cybersecurity companies are expected to play a crucial role in the war effort against Hamas, given their expertise and capabilities. As the Gaza crisis intensifies, hacktivists have already launched cyberattacks, including DDoS attacks, with experts predicting more sophisticated attacks targeting infrastructure, civilians, and military targets. The Israeli military has … Read more

CISOs’ salary growth slows – with pay gap widening

October 11, 2023 at 10:43AM According to a survey of 600 US-based CISOs, the pay gap between top-earning and bottom-earning CISOs is widening, with the highest-paid executives seeing their salaries increase at three times the rate of those in lower positions. The majority of CISOs earn either below $400,000 or above $700,000 annually. Overall, CISO … Read more

Microsoft: State hackers exploiting Confluence zero-day since September

October 11, 2023 at 10:35AM A Chinese-backed threat group, known as Storm-0062 or DarkShadow, has been exploiting a zero-day vulnerability in Atlassian Confluence Data Center and Server since September 2023. Microsoft has shared more information about the group’s involvement and identified four offending IP addresses. The vulnerability allows the group to create arbitrary administrator accounts. … Read more

Reassessing the Impacts of Risk Management With NIST Framework 2.0

October 11, 2023 at 10:08AM Global cyberattacks have risen by 38% in 2022, as reported by Check Point. The cost of a data breach is also increasing, averaging $9.44 million in the US and $4.25 million globally in 2022. To combat this, the National Institute of Standards and Technology (NIST) has updated its Cybersecurity Framework … Read more

US Government Releases Security Guidance for Open Source Software in OT, ICS

October 11, 2023 at 10:07AM Several US government agencies, including CISA, the FBI, the NSA, and the US Department of Treasury, have released new cybersecurity guidance for using open source software (OSS) in operational technology (OT). The guidance aims to promote understanding and best practices for implementing OSS in industrial control systems and other OT … Read more

Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords

October 11, 2023 at 08:54AM Password reuse is a significant security risk for organizations, as it makes it easier for cybercriminals to access sensitive data and deploy ransomware. Many organizations lack a comprehensive system to prevent password reuse, relying on multi-factor authentication which can still be bypassed. Specops Password Policy offers a solution by enforcing … Read more