Source: securityboulevard.com – Author: Jeffrey Burt It took two brothers who went to MIT months to plan how they were going to steal, launder and hide millions of dollars in cryptocurrency — and only 12 seconds to actually pull off the heist. The brothers, Anton Peraire-Bueno and James Pepaire-Bueno, were indicted by federal prosecutors this […]

La entrada Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Richi Jennings Pictured: Several successful American IT professionals. The U.S. Justice Department says N. Korean hackers are getting remote IT jobs, posing as Americans. They’re funneling their pay into Pyongyang’s nuclear weapons program and likely leaving behind remote-access Trojans. Two have been arrested so far, with more suspects sought. In today’s SB Blogwatch, […]

La entrada North Korea IT Worker Scam Brings Malware and Funds Nukes – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

It took two brothers who went to MIT months to plan how they were going to steal, launder and hide millions of dollars in cryptocurrency -- and only 12 seconds to actually pull off the heist.

The post Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds appeared first on Security Boulevard.

WTH? DPRK IT WFH: Justice Department says N. Korean hackers are getting remote IT jobs, posing as Americans.

The post North Korea IT Worker Scam Brings Malware and Funds Nukes appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Nathan Eddy Ransomware claims surged by 64% year-over-year, particularly among mid-market and emerging businesses. There was a sharp rise in “indirect” ransomware incidents, which grew by more than 415% compared to 2022. These were among the key findings from At-Bay’s investigation into the anatomy of ransomware attacks in the U.S. in […]

La entrada Ransomware Attacks Evolve as Average Ransom Demand Tops $1.26 Million – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It's opt-in by default.

The post User Outcry as Slack Scrapes Customer Data for AI Model Training appeared first on SecurityWeek.

Overall ransomware frequency grew by 64% in 2023, with increases in both direct and indirect ransomware. Victims paid $282,000 in ransom on average, a 77% drop in price, and half the companies avoided paying a ransom completely.

The post Ransomware Attacks Evolve as Average Ransom Demand Tops $1.26 Million appeared first on Security Boulevard.

The Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment.

The post Microsoft Quick Assist Tool Abused for Ransomware Delivery appeared first on SecurityWeek.

Hackers can find templates for DocuSign and other companies for their phishing campaigns on dark web marketplaces for as little as $10.

The post Hackers Use Fake DocuSign Templates to Scam Organizations appeared first on Security Boulevard.

VFCFinder analyzes commit histories to pinpoint the most likely commits associated with vulnerability fixes.

The post VFCFinder Highlights Security Patches in Open Source Software appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Jeffrey Burt The operators behind the Ebury server-side malware botnet have been doing business since at least 2009 and, according to the threat researchers who have been tracking it for the last decade, are stronger and more active than ever. The malware has compromised at least 400,000 Linux servers over the […]

La entrada 15-Year-Old Ebury Botnet Compromised 400,000 Linux Servers – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Palo Alto Networks is acquiring the QRadar SaaS offerings from IBM, and then will migrate users to its Cortex XSIAM SOC delivered as a cloud service.

The post Palo Alto Networks and IBM Align Cybersecurity Strategies appeared first on Security Boulevard.

Palo Alto Networks and IBM announced a significant partnership to jointly provide cybersecurity solutions.

The post Palo Alto Networks Announces Major Cybersecurity Partnership With IBM, Acquires QRadar SaaS Assets  appeared first on SecurityWeek.

Source: news.sophos.com – Author: Angela Gunn The deluge of patches in April dried up substantially in May, as Microsoft on Tuesday released 59 patches touching 11 product families. Windows as usual takes the lion’s share of patches with 48, with the rest spread among .NET, 365 Apps for Enterprise, Azure, Bing Search for iOS, Dynamics […]

La entrada No mayday call necessary for the year’s fifth Patch Tuesday – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The operators behind the Ebury server-side malware botnet have been doing business since at least 2009 and, according to the threat researchers who have been tracking it for the last decade, are stronger and more active than ever. The malware has compromised at least 400,000 Linux servers over the past 15 years, with about 100,000..

The post 15-Year-Old Ebury Botnet Compromised 400,000 Linux Servers appeared first on Security Boulevard.

Phish Ahoy! Hacker took advantage of Dell’s lack of anti-scraping defense.

The post Dell Hell Redux — More Personal Info Stolen by ‘Menelik’ appeared first on Security Boulevard.

Intel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities. 

The post Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities  appeared first on SecurityWeek.

Source: news.sophos.com – Author: Sally Adam Click above to read this as a PDF instead In the early years of ransomware, many (if not, most) victims were reluctant to admit publicly that they had been hit for fear of exacerbating the business impact of the attack. Concerns about negative press and customer attrition led many […]

La entrada The role of law enforcement in remediating ransomware attacks – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: news.sophos.com – Author: Sally Adam PRODUCTS & SERVICES I am delighted to announce that the Sophos Incident Response service has been awarded U.K.’s National Cyber Security Centre (NCSC) Cyber Incident Response (CIR) Level 2 status by CREST. This assurance confirms that amid the sophisticated cybersecurity threat landscape, Sophos has the experience and capabilities to […]

La entrada Sophos Incident Response achieves NCSC Certified Incident Response (CIR) Level 2 status – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Patch Tuesday: Microsoft documents 60 security flaws in multiple software products and flags an actively exploited Windows zero-day for urgent attention.

The post Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities appeared first on SecurityWeek.

The Biden Administration is moving to cybersecurity standards for hospitals, but the AHA is pushing back, saying voluntary models are enough.

The post UnitedHealth, Ascension Attacks Feed Debate Over Health Care Security appeared first on Security Boulevard.

New account passwords, often used during onboarding, are vulnerable to sophisticated attacks from malicious actors.

Good idea to check: What’s your company using?

The post Easily Guessed Passwords for New Accounts Include “User”, “Temp”, “Welcome” appeared first on Security Boulevard.

Dubai, United Arab Emirates, May 14th, 2024 - DigiGlass by Redington, Managed Security Services Distributor (MSSD), and Sectrio, a global leader in OT/ICS and IoT cybersecurity solutions, cyber threat intelligence, and managed security services today inaugurated the first Industrial Control System/Operational Technology Security Operations Center (SOC) with a device testing lab in Dubai. View All Solutions […]

The post Sectrio and DigiGlass inaugurate State-of-the-Art OT/ICS SOC with Device Testing Lab in the UAE appeared first on Security Boulevard.

Zscaler has completed its investigation into the recent hacking claims and found that only an isolated test environment was compromised.

The post Zscaler Confirms Only Isolated Test Server Was Hacked appeared first on SecurityWeek.

It was probably inevitable. Threat researchers detected bad actors using stolen credentials to target LLMs, with the eventual goal of selling the access to other hackers.

The post Novel LLMjacking Attacks Target Cloud-Based AI Models appeared first on Security Boulevard.

Будет! Russian ransomware rascals riled a Roman Catholic healthcare organization.

The post FBI/CISA Warning: ‘Black Basta’ Ransomware Gang vs. Ascension Health appeared first on Security Boulevard.

Weakening liberal democracies and weakening the NATO alliance are conjoined in the hybrid war that Russia is conducting against Ukraine.

The post NATO Draws a Cyber Red Line in Tensions With Russia appeared first on SecurityWeek.

Modern CISOs have a new task cut out for them: determining how to navigate AI as both challenge and opportunity.

The post CISOs Reconsider Their Roles in Response to GenAI Integration appeared first on Security Boulevard.

The Chinese hacking contest Matrix Cup is offering big rewards for exploits targeting OSs, smartphones, enterprise software, browsers, and security products.

The post $2.5 Million Offered at Upcoming ‘Matrix Cup’ Chinese Hacking Contest  appeared first on SecurityWeek.

Bad actors are always ready to exploit political strife to their own ends. Right now, they’re doing so with the conflict in the Middle East. A holistic defense against influence networks requires collaboration between government, technology companies and security research organizations.

The post Emerald Divide Uses GenAI to Exploit Social, Political Divisions in Israel Using Disinformation appeared first on Security Boulevard.

The tech giant says the information stolen doesn't represent a significant risk to users, but cybersecurity experts disagree.

The post Dell Data Breach Could Affect 49 Million Customers appeared first on Security Boulevard.

DUDE! You’re Getting Phished.

Dell customer data from the past six (or more?) years was stolen. It looks like someone sold scads of personal information to the highest bidder.

The post Dell Hell: 49 Million Customers’ Information Leaked appeared first on Security Boulevard.

A Chrome 124 update patches the second Chrome zero-day that has been found to be exploited in malicious attacks in 2024.

The post Exploited Chrome Zero-Day Patched by Google appeared first on SecurityWeek.

A GAO review of NASA projects found that, while some cybersecurity challenges have been addressed, many security policies and standards remain optional.

The post NASA Must Improve Spacecraft Cybersecurity, GAO Report Finds appeared first on Security Boulevard.

Chinese crooks are running a global network of more than 75,000 fake online shops to steal credit card data and process fraudulent payments.

The post Massive Online Shopping Scam Racks Up 850,000 Victims appeared first on Security Boulevard.

Stagnating security budgets and mounting job pressures are weighing on CISOs, a quarter of whom expressed discontent with their salary and overall compensation.

Show me the money: The average total compensation for tech CISOs stands at $710,000.

The post One in Four Tech CISOs Unhappy with Compensation appeared first on Security Boulevard.

Zscaler says its customer, production and corporate environments are not impacted after a notorious hacker offers to sell access.

The post Zscaler Investigates Hacking Claims After Data Offered for Sale appeared first on SecurityWeek.

In the ever-evolving world of ransomware, it’s getting easier for threat groups to launch attacks – as evidence by the growing number of incidents – but more difficult to make a profit. Organizations’ cyber-defenses are getting more resilient, decryptors that enable victims to regain control of their data, and law enforcement crackdowns on high-profile cybercrime..

The post Ransomware Attacks are Up, but Profits are Down: Chainalysis appeared first on Security Boulevard.

Least privilege. It’s like a love-hate relationship. Everyone knows it’s a best practice, but no one is achieving it at scale.  Why? Because it’s hard to do. The market is constantly trying to sell you least privilege, but no solution is making it easier, attainable, or sustainable. TL;DR: We’re going to tell you about a […]

The post There’s a New Way To Do Least Privilege appeared first on Security Boulevard.

PAFACA SueTok: U.S. Courts “likely” to rule whether new law is constitutional—or even practical.

The post TikTok Ban — ByteDance Sues US to Kill Bill appeared first on Security Boulevard.

The new Google Threat Intelligence cloud service draws from Mandiant, VirusTotal, and its own insights and combines them with generative AI.

The post Google Continues Mixing Generative AI into Cybersecurity appeared first on Security Boulevard.

Google is encouraging the adoption of multi-factor authentication to protect against phishing and other cyberattacks. It hopes 2-Step Verification (2SV) can help.

The post Google Makes Implementing 2FA Simpler appeared first on Security Boulevard.

Charges and sanctions announced against Dimitry Yuryevich Khoroshev, the alleged developer and operator of LockBit ransomware.

The post LockBit Ransomware Mastermind Unmasked, Charged appeared first on SecurityWeek.

Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.

The post RSA Conference 2024 – Announcements Summary (Day 1) appeared first on SecurityWeek.

AI is rapidly increasing the pace of API creation within organizations, leading to API security becoming as significant as traditional application security.

Here’s what you can learn from the top five API breaches of the last quarter.

The post API Vulnerabilities Found Across AI Infrastructure Projects at NVIDIA, Mercedes appeared first on Security Boulevard.

No degree? No problem. The federal government and private industry leaders are coordinating to prioritize skills-based hiring to shore up the nation's cybersecurity workforce.

The post White House Cybersecurity Workforce Initiative Backed by Tech Titans appeared first on Security Boulevard.

MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities.

The post MITRE Hack: China-Linked Group Breached Systems in December 2023 appeared first on SecurityWeek.

It takes 4.76 days between public disclosure of a vulnerability and its first exploitations to appear.

The post Fortinet Report Sees Faster Exploitations of New Vulnerabilities appeared first on Security Boulevard.

The wireless communications provider announced the new company at RSA, promising that Level Blue will include managed security services and consulting services.

The post AT&T Spins Out Its Cybersecurity Business to Create LevelBlue appeared first on Security Boulevard.