As DDoS attackers become more sophisticated and the attack surface grows exponentially, businesses must expand beyond an ideology of prevention to include a focus on early detection and response.

The post Adaptive DDoS Defense’s Value in the Security Ecosystem appeared first on Security Boulevard.

The group behind the RedTail malware is exploiting a new vulnerability in Palo Alto Network's PAN-OS software to run a sophisticated cryptomining campaign that is likely backed by North Korea.

The post RedTail Malware Abuses Palo Alto Flaw in Latest Cryptomining Campaign appeared first on Security Boulevard.

We are in an age when cybercriminals routinely steal credentials, and with so few organizations limiting privileges cloud security issues are rife.

The post Analysis Uncovers Raft of Identity Issues in the Cloud appeared first on Security Boulevard.

People who fall for the scheme are told to pay the shipping fee before the piano is sent. If they do, that's the last they hear from the bad actors.

The post Scammers Build Fraud Campaigns Around Free Piano Offers appeared first on Security Boulevard.

Scammers impersonating Microsoft, Publishers Clearing House, Amazon and Apple are at the top of the FTC’s “who’s who” list. Based on consumer reports and complaints to the agency, hundreds of millions of dollars were stolen by bad actors pretending to be brands.

The post ‘Microsoft’ Scammers Steal the Most, the FTC Says appeared first on Security Boulevard.

As threats increase in sophistication—in many cases powered by GenAI itself—GenAI will play a growing role in combatting them.

The post The Rise of Generative AI is Transforming Threat Intelligence – Five Trends to Watch appeared first on Security Boulevard.

Cyber attack tactics are evolving, according to a new report, from advanced campaigns to exploiting weaknesses, and cybersecurity teams should be optimally employed.

The post HP Report Surfaces Shifts in Cyber Attack Tactics appeared first on Security Boulevard.

The post Brand impersonation attacks: How to take responsibility for your customers appeared first on Click Armor.

The post Brand impersonation attacks: How to take responsibility for your customers appeared first on Security Boulevard.

Inglorious Basta(rds): 16 days on, huge hospital system continues to be paralyzed by ransomware—and patient safety is at risk.

The post Black Basta Ascension Attack Redux — can Patients Die of Ransomware? appeared first on Security Boulevard.

Privacy FAIL: Apple location service returns far more data than it should, to people who have no business knowing it, without your permission.

The post Apple API Allows Wi-Fi AP Location Tracking appeared first on Security Boulevard.

The 2024 Proofpoint “Voice of the CISO” report is a useful barometer for understanding the current cybersecurity landscape, providing valuable insights from 1,600 CISOs globally. This year’s findings reveal a complex picture where heightened concerns coexist with a growing sense […]

The post Human Error and AI Emerge as Key Challenges in Survey of CISOs appeared first on TechSpective.

The post Human Error and AI Emerge as Key Challenges in Survey of CISOs appeared first on Security Boulevard.

Deepfake Zoom of Doom: Construction giant Arup Group revealed as victim of January theft—10% of net profit lost.

The post CFO Deepfake Redux — Arup Lost $26M via Video appeared first on Security Boulevard.

According to a global Arctic Wolf survey of over 1,000 senior IT and cybersecurity decision-makers, seven in 10 organizations were targeted by BEC attacks in the past year.

The post Ransomware, BEC, GenAI Raise Security Challenges appeared first on Security Boulevard.

The post FUD: How Fear, Uncertainty, and Doubt can ruin your security program appeared first on Click Armor.

The post FUD: How Fear, Uncertainty, and Doubt can ruin your security program appeared first on Security Boulevard.

Legacy systems are attractive targets to bad actors because outdated components often mean that security vulnerabilities remain unpatched, offering exploitable footholds. “End of life” does not mean “end of vulnerability.”

The post Legacy Systems: Learning From Past Mistakes appeared first on Security Boulevard.

Criminals are successfully using email to scam, infiltrate networks, and unleash malicious payloads. We’re continuing to witness bad actors relentlessly exploit human vulnerabilities and software flaws, circumventing email gateways and security measures with alarming precision. Robust email and endpoint defenses […]

The post Challenging Times Remain Among the Ever-Evolving Email Landscape appeared first on TechSpective.

The post Challenging Times Remain Among the Ever-Evolving Email Landscape appeared first on Security Boulevard.

Web application development and usage are at an all-time high, but businesses aren’t sure which APIs to monitor or how to protect them.

The post Shifting the Security Mindset: From Network to Application Defense appeared first on Security Boulevard.

London Drugs cyber attack: What businesses can learn from its week-long shutdown The London Drugs cyber attack has been making headlines throughout the country. What makes this breach unique, is the impact it has had on operations and customer access. Following the attack, all 79 London Drug stores shut down for over a week. Leaving […]

The post London Drugs cyber attack: What businesses can learn from its week-long shutdown appeared first on Click Armor.

The post London Drugs cyber attack: What businesses can learn from its week-long shutdown appeared first on Security Boulevard.

By Riyaz Tambe, Senior Director, Sales Engineering, India, Zscaler In today’s landscape, saying that cyberattacks are rising exponentially in number and sophistication is like saying that the earth revolves around the sun. While this is an obvious statement, it is still the reality that most IT security teams have to contend with day-in, day-out. According to ThreatLabz State of Encrypted Attacks 2023 report, APAC alone saw a 46 percent rise in encrypted attack hits – with India observing 27 percent increase from the previous year.    While ransomware and malwares often grab headlines, Remote Access Trojans (RATs) have been quietly lurking in the background, proving to be a significant threat to organizations globally and in India. In contrast to ransomware, which primarily aims for financial gains by encrypting systems and extorting a ransom, RATs grant attackers full authority over compromised devices. This grants them access to retrieve sensitive data like user credentials, passwords, and financial information.   Additionally, these malicious tools empower attackers to monitor online activities, collect browsing histories, intercept emails and chat records, and even commandeer webcams for invasive surveillance. This covert infiltration poses a substantial risk to individuals, organizations, and national security, necessitating urgent attention. 

Releasing Remote Access Trojans (RATs) into the Wild 

Remote Access Trojans or RAT attacks often involve the deception of users through the distribution of malicious software disguised as legitimate applications. A recent example of this tactic was observed by ThreatLabz in December 2023. In this case, threat actors created fraudulent websites that mimicked well-known video conferencing platforms like Skype, Google Meet, and Zoom, aiming to distribute Remote Access Trojans to unsuspecting users. These websites, hosted on the same IP address and designed in Russian, were specifically crafted to trick users into downloading malicious files.  The attackers constructed fake websites that closely resembled legitimate platforms, complete with URLs that closely resembled authentic meeting links. When users visited these fraudulent sites, they were prompted to download files, such as APKs for Android or BATs for Windows. Once these files were downloaded or opened, they initiated the installation of malicious files disguised as legitimate applications, thereby setting up Remote Access Trojan software.  By utilizing these RATs, attackers gain complete control over compromised devices, enabling them to access sensitive information, monitor activities, and potentially engage in malicious actions such as data theft and keystroke logging.  India has been a prime target for RAT campaigns, with instances like the notorious APT36 group, which specifically targets individuals associated with military or political affiliations in India and Pakistan, utilizing RATs extensively. Another notable example is CapraRAT, a modified version of the open-source RAT called AndroRAT. This malware possesses various data exfiltration capabilities, enabling it to gather sensitive information such as the victims' locations, phone call history, and contact details. 

Pest Control: Getting Rid of Remote Access Trojans (RATs) 

With the adoption of hybrid work models in India, the increased reliance on online meeting platforms has created an ideal environment for cybercriminals utilizing Remote Access Trojans. It is crucial to comprehend the nature of these malicious tools, as they provide attackers with unfettered control over compromised devices, facilitating the theft of sensitive data such as credentials, financial information, and the ability to monitor online activities.  As the reliance on online meeting platforms in India is increasing, here are some steps individuals and organizations can take to stay safe: 

• Promoting security awareness and training: Organizations should prioritize conducting cybersecurity awareness programs to educate employees and users on the risks associated with downloading unfamiliar applications or files. This includes raising awareness about the dangers of phishing scams and social engineering tactics. 
• Adopting the Zero Trust security model: Embracing the Zero Trust model can strengthen an organization's resilience against RAT attacks. This approach emphasizes identity verification, reduces the attack surface, and enhances incident response capabilities. 
• Implementing network security measures: Deploying robust network security measures, such as endpoint protection and web filtering, can effectively detect and block malicious activities. 
• Developing incident response plans: Organizations should establish comprehensive incident response plans to promptly address and mitigate the impact of potential security incidents. 
• Maintaining software updates: Regularly updating operating systems, applications, and security software is crucial to address vulnerabilities and patch security holes. 

By comprehending the risks associated with Remote Access Trojans and implementing a multi-layered approach that incorporates technical safeguards, individuals and organizations can bolster their cybersecurity defenses. This is essential in protecting digital assets, organizational interests, and national security from significant breaches.  In conclusion, maintaining vigilance and exercising caution while online, particularly when encountering unfamiliar websites or download prompts, is of utmost importance. Always verify the URL before clicking on any download buttons and refrain from downloading software from untrusted sources. These practices can help safeguard against falling victim to RAT attacks.  Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

WTH? DPRK IT WFH: Justice Department says N. Korean hackers are getting remote IT jobs, posing as Americans.

The post North Korea IT Worker Scam Brings Malware and Funds Nukes appeared first on Security Boulevard.

Hackers can find templates for DocuSign and other companies for their phishing campaigns on dark web marketplaces for as little as $10.

The post Hackers Use Fake DocuSign Templates to Scam Organizations appeared first on Security Boulevard.

One in three office workers who use GenAI admit to sharing customer info, employee details and financial data with the platforms. Are you worried yet?

The post Risks of GenAI Rising as Employees Remain Divided About its Use in the Workplace appeared first on Security Boulevard.

Palo Alto Networks is acquiring the QRadar SaaS offerings from IBM, and then will migrate users to its Cortex XSIAM SOC delivered as a cloud service.

The post Palo Alto Networks and IBM Align Cybersecurity Strategies appeared first on Security Boulevard.

Phish Ahoy! Hacker took advantage of Dell’s lack of anti-scraping defense.

The post Dell Hell Redux — More Personal Info Stolen by ‘Menelik’ appeared first on Security Boulevard.

Будет! Russian ransomware rascals riled a Roman Catholic healthcare organization.

The post FBI/CISA Warning: ‘Black Basta’ Ransomware Gang vs. Ascension Health appeared first on Security Boulevard.

Educational institutions may face a range of cyberthreats in 2024, but our 2024 State of Malware in Education report identifies the six most critical ones.

Ransomware, for example, stands out as a key threat for schools and universities. The report covers how last year, we witnessed a 92% increase in ransomware attacks in K-12 schools and a 70% increase in Higher Education. The trend appears set to continue, partly due to specialized ransomware groups like Rhysida (formerly Vice Society) targeting educational sectors.  

Another major threat our 2024 State of Malware in Education covers is the reduction of conventional malware in favor of Living off The Land (LOTL) attacks. LOTL attacks exploit legitimate system tools to remain undetected while conducting harmful activities.

Our report suggests that educational institutions must employ expert staff to manually identify LOTL activities, which traditional malware detection tools miss. For example, we recently wrote how one K-12 district used MDR to uncover malicious PowerShell activity and stop an ongoing infection.

Some other trends and threats educational institutions can expect in the report to cover include:

• Why targeting Macs has become an easy choice for criminals 
• How CL0P is rewriting the ransomware playbook and why Big Game ransomware remains the most serious threat.
• How cybercriminals use ‘malvertising’ to target educational institutions with malicious ads for popular for remote learning such as Zoom. 

As we progress into 2024, the reality is that educational institutions’ success in pairing state of the art security software with skilled security staff will be a deciding factor in their ability to take down the most serious cyberthreats. 

To understand the complete list of threats facing educational institutions in 2024 and how to tackle them, get the full 2024 State of Malware in Education report—tailored to either K-12 or Higher Ed—below.

---