SMBs Need to Balance Cybersecurity Needs and Resources

October 26, 2023 at 07:57PM Small and midsize businesses (SMBs) face significant challenges in managing cyber threats, including employee mistakes, third-party compliance needs, data privacy laws, the hybrid workforce, targeted attacks, and a changing threat landscape. A study from Sage revealed that almost half of SMBs have experienced a cybersecurity incident in the past year. … Read more

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A and M-Series CPUs

October 26, 2023 at 02:06PM A group of academics has discovered a new side-channel attack called iLeakage that targets Apple’s A- and M-series CPUs on iOS, iPadOS, and macOS devices. By exploiting a weakness in Safari, sensitive information can be extracted. The attack could be used to retrieve Gmail inbox content and autofilled passwords from … Read more

What Would a Government Shutdown Mean for Cybersecurity?

October 26, 2023 at 10:08AM Congress passed a bipartisan bill to fund the federal government for another 45 days, averting a shutdown. The Office of Management and Budget advised agencies to prepare for a potential shutdown in mid-November. A shutdown could increase insider threats, motivate nation-state actors to attack, hinder regulatory requirements, and affect understaffed … Read more

FBI: Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program

October 19, 2023 at 11:30AM IT workers contracted with U.S. companies have been secretly sending millions of dollars in wages to North Korea for its ballistic missile program, according to the FBI and the Department of Justice. The workers used false identities and their earnings were funneled to the North Korean weapons program. The investigation … Read more

Data Security and Collaboration in the Modern Enterprise

October 18, 2023 at 08:55AM Modern enterprises face the challenge of balancing the need for data collaboration and expanded access with the increased risk of cybersecurity threats. Traditional data security measures are insufficient for the data needs of modern enterprises. The CISO Survival Guide emphasizes the importance of data access control and the intersection of … Read more

Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure

October 17, 2023 at 12:15PM Nation-state hacking groups are using Discord’s content delivery network (CDN) to target critical infrastructure. While Discord is currently mainly used by information stealers, a cybersecurity firm has found evidence of an artifact targeting Ukrainian critical infrastructure, indicating a potential emergence of APT malware campaigns on the platform. This introduces a … Read more

Discord still a hotbed of malware activity — Now APTs join the fun

October 16, 2023 at 05:37PM Discord is increasingly being used by hackers and advanced persistent threat (APT) groups to distribute malware, steal data, and target critical infrastructure. Trellix’s report highlights how Discord’s content delivery network (CDN) is utilized for delivering malicious payloads, while webhooks are abused for data theft. The report also notes that APT … Read more