Source: www.bitdefender.com – Author: Graham Cluley Nissan North America has revealed that extortionists who demanded a ransom after breaking into its external VPN and disrupted systems last year also stole the social security numbers of over 53,000 staff. The security breach occurred on November 7, 2023. Upon initial investigation, Nissan and external experts brought in […]

La entrada Nissan reveals ransomware attack exposed 53,000 workers’ social security numbers – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The concept of a Zero Trust Architecture (ZTA) is pretty simple – trust no one, verify everyone. No user or device should be trusted automatically, even if they are connected to a permissioned environment or were previously verified. But modern multi-cloud networks are continuously evolving collections of users, applications, data, and workloads, which don’t lend themselves to ZTA.

The post Enabling Continuous Zero Trust in Multi-Cloud Environments with Netography Fusion appeared first on Netography.

The post Enabling Continuous Zero Trust in Multi-Cloud Environments with Netography Fusion appeared first on Security Boulevard.

The post Votiro Keeps Up the Momentum in 2024 appeared first on Votiro.

The post Votiro Keeps Up the Momentum in 2024 appeared first on Security Boulevard.

Existing Regulations As part of its guidance to agencies in the AI Risk Management (AI RMF), the National Institute of Standards and Technology (NIST) recommends that an organization must have an inventory of its AI systems and models. An inventory is necessary from the perspective of risk identification and assessment, monitoring and auditing, and governance […]

The post An Analysis of AI usage in Federal Agencies appeared first on Security Boulevard.

• HYAS Protect protective DNS includes a user-friendly interface and four core deployment methods. The decision engine works out of the box as an immediate first-line defense against a network breach.
• Organizations of any size can monitor traffic with HYAS Protect’s cloud-based DNS resolver. HYAS Protect also offers third-party integrations with common platforms including SentinelOne and Microsoft Defender for Endpoint.
• DNS data from HYAS Protect allows organizations to identify their riskiest users and prioritize proactive security measures.

Today’s cybersecurity is about operational resiliency. Network breaches will inevitably happen, so organizations need systems that neutralize threats before they cause damage.

HYAS Protect is an intelligent, cloud-based protective DNS solution that proactively detects and blocks communication with command and control (C2) infrastructure used in malware attacks. HYAS Protect also blocks communication with a host of other malicious sites, including those related to phishing, malware, ransomware, botnets and data exfiltration. HYAS Protect is simple to use and vastly more effective than legacy filtering systems. If you’re considering HYAS Protect for your organization, here’s everything you need to get started.

Advantages of HYAS Protect

HYAS Protect combines years of historical domain data with real-time telemetry analysis to detect threat actor infrastructure before they can activate an attack. Built on a machine-learning decision engine, the service runs complex algorithms to correlate domain-based data and identify malicious infrastructure with high fidelity so you can mitigate network breaches without wasting your time on false positives.

Because HYAS Protect monitors DNS traffic, it doesn’t matter how the network breach occurred—whether through ransomware, phishing, supply chain attacks, or other methods. The system effectively mitigates a wide range of cyber threats by identifying suspicious DNS activities.

Users can fine-tune the protective DNS engine through list management, content filtering policy and advanced rule sets. For example, you can block or allow specific domains as part of a company-wide use policy. From a management perspective, HYAS Protect is really lightweight, but you have the ability, if the use cases require you, to gain a lot more out of the solution.

Initial Setup

HYAS Protect works right out of the box. It’s a cloud-native software-as-a-service that takes only minutes to install. The HYAS team will help you access your DNS settings to enable the protective system, and then the engine runs in the background, 24/7. As for data analysis, the intuitive user interface clearly displays query results so you can see which requests were blocked.

No matter how you use HYAS Protect, the DNS resolver sends all traffic analysis to the HYAS cloud. This API-driven solution means you can include any device inside the protective infrastructure and connect with existing security components such as endpoints, firewalls or automation and response.

Additionally, an agent version of HYAS Protect compatible on macOS and Windows devices and external integrations with SentinelOne and Microsoft Defender for Endpoint (MDE) is available. HYAS’s transparent, cost-effective pricing is based on the number of users in your organization, regardless of how many devices you have.

Deployment Modes

HYAS Protect offers two main deployment modes: blocking and inspection. Blocking is the default mode and the setting you’ll generally want for a protective DNS system. Any DNS requests that are flagged as potentially malicious by the decision engine or a policy you’ve enabled will redirect to an alternate page that will notify users the original query was blocked.

Inspection mode, meanwhile, gives you the same analytics and telemetry data without actually blocking the request. This is a passive or “test case” deployment to show you how the decision engine is evaluating certain queries. Many organizations find it helpful to test common business resources before enabling the blocking mode so there’s no disruption to normal operations.

Establishing a baseline of what HYAS would deem malicious is definitely a good idea before enabling a blocking mode, just to ensure that there are no third-party providers that you use that may actually be hosted on some suspicious infrastructure.

Viewing the DNS Data

Beyond providing industry-leading DNS protection, HYAS also gives you strategic insights into your business. HYAS Protect uses DNS to stop an attack regardless of how the network breach occurred, but from an organizational standpoint, it’s helpful to have context around your biggest security risks.

For instance, a breach might happen when a user clicks on a phishing link in a suspicious email or when hackers exploit an unpatched vulnerability in an IoT device on your network. HYAS Protect gives you an aggregate log view to help you spot trends and identify your riskiest users.

Especially as organizations become more decentralized in the work-from-home era, it’s useful to isolate which devices are generating the most blocked queries so you can determine possible mitigation measures.

Final Thoughts

No cybersecurity solution can guarantee total protection from bad actors. HYAS Protect assumes that a network compromise will happen and stops breaches before they progress. Legacy systems rely on predetermined lists of malicious domains, but HYAS Protect uses a complex, real-time pattern analysis of domain infrastructure to flag malware concerns before an attack begins.

If you’d like to discover more about the role of protective DNS in elevating your security stance and see a live product demonstration, please reach out to our team today. You’ll see how quickly HYAS Protect could deploy in your business and start working within minutes.

Additional Reading

HYAS Protect and Microsoft Defender for Endpoints (MDE)

Connect HYAS Protect with Microsoft Defender for Endpoint in 5 Easy Steps

How to Stop Phishing Attacks with Protective DNS

SentinelOne Deploys HYAS Protect for Proactive Security and Control in an Ever-Changing Environment

How to Select a Protective DNS Solution

The post How To Deploy HYAS Protect appeared first on Security Boulevard.

Source: www.tripwire.com – Author: Graham Cluley Law enforcement agencies worldwide have coordinated to take down one of the world’s largest hacker forums, scoring a victory against cybercrime. BreachForums, a notorious marketplace for stolen data, was seized by the authorities on Wednesday, according to a message on its website. BREACHFORUMS IS UNDER THE CONTROL OF THE […]

La entrada BreachForums seized! One of the world’s largest hacking forums is taken down by the FBI… again – Source: www.tripwire.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

As the United States approaches the 2024 presidential election, the integrity of our electoral process remains a critical issue. Despite persistent claims and efforts to undermine public confidence, there is no credible evidence of widespread election fraud in the 2020 […]

The post Ensuring Election Security and Integrity appeared first on TechSpective.

The post Ensuring Election Security and Integrity appeared first on Security Boulevard.

The landscape of VPN technology is rapidly changing, signaling potential obsolescence as new threats specifically target these technologies. In recent research by Veriti, we’ve observed a significant increase in attacks on VPN infrastructures, with a focus on exploiting vulnerabilities that have been prevalent but not always prioritized for remediation.  In the past few weeks alone, […]

The post Is the VPN Era Ending? Insights for Security Leaders  appeared first on VERITI.

The post Is the VPN Era Ending? Insights for Security Leaders  appeared first on Security Boulevard.

Bank breaches and the banking world are now a front line in cybersecurity, where hidden networks thrive in the shadows of the dark web and encrypted chats. As technology advances, the dangers of bank hacks grow, transforming old-school bank robbers into modern cyber thieves who operate from behind screens worldwide. Social media, especially platforms like …

The post Unveiling the Underworld of Bank Breaches: Navigating the Digital Frontlines of Financial Cybersecurity appeared first on Security Boulevard.

In Microsoft’s May 2024 Patch Tuesday, the company reported significant updates aimed at enhancing the security of various systems by addressing a total of 61 vulnerabilities. This update is crucial, as it includes patches for one critical vulnerability and three zero-day vulnerabilities, with two of these zero-days actively exploited in the wild. The updates also encompass earlier fixes for six ... Read More

The post Microsoft’s May 2024 Patch Tuesday Addresses 3 Zero-Days, 61 Vulnerabilities appeared first on Nuspire.

The post Microsoft’s May 2024 Patch Tuesday Addresses 3 Zero-Days, 61 Vulnerabilities appeared first on Security Boulevard.

This blog will provide you with a clear roadmap of must-haves for compliance so you can make informed decisions when evaluating solutions.

The post 5 Must-Haves to Get (and Stay) Compliant With Privacy and Security Frameworks appeared first on Scytale.

The post 5 Must-Haves to Get (and Stay) Compliant With Privacy and Security Frameworks appeared first on Security Boulevard.

Source: www.exponential-e.com – Author: Graham Cluley Security agencies in the United States have issued a new warning about the Black Basta ransomware group, in the wake of a high-profile attack against the healthcare giant Ascension. The cyber attack last week forced the Ascension computer systems offline, and caused some hospital emergency departments to turn away […]

La entrada Black Basta ransomware group’s techniques evolve, as FBI issues new warning in wake of hospital attack – Source: www.exponential-e.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The ongoing need for financial institution fraud prevention presents continuous challenges that can have far-reaching impacts on trust and financial stability. Open-Source Intelligence (OSINT) is increasingly recognized as a crucial element in the strategic toolkit for fraud prevention within financial institutions. In fact, Fraud scams and bank fraud schemes resulted in $485.6 billion in losses …

The post Leveraging Deep OSINT to Enhance Financial Institution Fraud Prevention appeared first on Security Boulevard.

With the digital transformation of the financial industry and the prevalence of online business, financial institutions inevitably face various cybersecurity threats, among which DDoS attacks are the most common and threatening. With the rise of Internet finance, banks, insurance companies, securities firms, and other financial institutions are gradually migrating their businesses to the cloud. This […]

The post How Financial Institutions Can Protect Themselves from Modern DDoS Attacks appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post How Financial Institutions Can Protect Themselves from Modern DDoS Attacks appeared first on Security Boulevard.

F5, a multi-cloud security and application delivery vendor, has recently patched two high-risk vulnerabilities in its BIG-IP Next Central Manager. Get the details below.   Tell me more about F5’s BIG-IP Next Central Manager vulnerabilities   This system is crucial for managing BIG-IP Next load balancers and application security instances, whether they are deployed on-premises or in the cloud. The vulnerabilities identified ... Read More

The post Two F5 BIG-IP Next Central Manager Flaws Allow Device Takeover appeared first on Nuspire.

The post Two F5 BIG-IP Next Central Manager Flaws Allow Device Takeover appeared first on Security Boulevard.

During National Small Business Week in April, small businesses were urged to use the free...

The post Four Simple Cybersecurity Tips for Small Businesses appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Votiro It’s been less than three months since the launch of our unified content and data security platform and we’re already being recognized as a trailblazer within the data security market. Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine, recently named Votiro as Market Leader in Data Security […]

La entrada Votiro Named Market Leader in Data Security by the 2024 CDM Awards – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Veriti As enterprises continue to shift towards cloud-based infrastructures, the complexity of managing and securing these environments grows. Recognizing this, Veriti is proud to announce the extension of our Exposure Assessment & Remediation solutions into the cloud. This leap forward is not just a move towards adaptation; it’s an evolution, reshaping […]

La entrada Veriti Extends Exposure Assessment & Remediation to the Cloud  – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The post Votiro Named Market Leader in Data Security by the 2024 CDM Awards appeared first on Votiro.

The post Votiro Named Market Leader in Data Security by the 2024 CDM Awards appeared first on Security Boulevard.

As enterprises continue to shift towards cloud-based infrastructures, the complexity of managing and securing these environments grows. Recognizing this, Veriti is proud to announce the extension of our Exposure Assessment & Remediation solutions into the cloud. This leap forward is not just a move towards adaptation; it’s an evolution, reshaping how organizations approach cloud security.  […]

The post Veriti Extends Exposure Assessment & Remediation to the Cloud  appeared first on VERITI.

The post Veriti Extends Exposure Assessment & Remediation to the Cloud  appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Kevin Smith Maybe you’ve heard there’s an interplanetary-sized gap in the amount of cybersecurity professionals available and the roles needed to be filled.  According to the recent Cybersecurity Workforce Study by the non-profit ISC2, the cybersecurity workforce shortage has hit a record high of nearly 4 million. The disparity between the […]

La entrada Cybersecurity Salary: How Much Can You Earn? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Maybe you’ve heard there’s an interplanetary-sized gap in the amount of cybersecurity professionals available and...

The post Cybersecurity Salary: How Much Can You Earn? appeared first on Security Boulevard.

Source: www.bitdefender.com – Author: Graham Cluley Boeing has confirmed that it received a demand for a massive $200 million after a ransomware attack by the notorious LockBit hacking group in October 2023. The company confirmed its link to the indictment of Dmitry Yuryevich Khoroshev, who was identified this week by the US Department of Justice […]

La entrada Boeing refused to pay $200 million LockBit ransomware demand – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.exponential-e.com – Author: Graham Cluley Do you know Dmitry Yuryevich Khoroshev? If you do, there’s a chance that you might well on the way to receiving a reward of up to $10 million. Law enforcement agencies across the US, UK, and Australia have named Dmitry Yuryevich Khoroshev as the mastermind behind the notorious LockBit […]

La entrada $10 million reward offer for apprehension of unmasked LockBit ransomware leader – Source: www.exponential-e.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.tripwire.com – Author: Graham Cluley The FBI has issued a warning to US retailers about a financially-motivated malicious hacking ring that has been targeting employees with phishing attacks in an attempt to create fraudulent gift cards. Staff at the corporate offices of US retail companies have been the target of highly-sophisticated email phishing and […]

La entrada FBI warns US retailers that hackers are targeting their gift card systems – Source: www.tripwire.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

To get the visibility and insights they need into their cyber estate, security teams must have the most up-to-date asset information, as well as a simple way to discover new assets that exist on networks and in different cloud accounts. To simplify this process for our customers, Noetic has developed a new integration with Lansweeper, […]

The post Empowering Cyber Asset Management with IT Asset Discovery: Noetic Cyber™ Teams Up with Lansweeper appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Alberto Casares In recent times, Israel and Iran have been caught up in a series of conflicts and tensions, both on the geopolitical stage and in cyberspace posing significant challenges to regional stability but have also made both nations targets for cybersecurity vulnerabilities. As tensions intensify, so does the risk of […]

La entrada Recent Breaches in Israel and Iran: A Closer Look at Cybersecurity Vulnerabilities – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

In recent times, Israel and Iran have been caught up in a series of conflicts and tensions, both on the geopolitical stage and in cyberspace posing significant challenges to regional stability but have also made both nations targets for cybersecurity vulnerabilities. As tensions intensify, so does the risk of cyberattacks aimed at critical infrastructure, government …

The post Recent Breaches in Israel and Iran: A Closer Look at Cybersecurity Vulnerabilities appeared first on Security Boulevard.

Cybersecurity is a battlefield where innovation is paramount. Artificial intelligence (AI) has emerged as a potential game-changer, promising to revolutionize threat detection and response. Vendors have made bold claims, promising their AI-powered solutions will provide unparalleled capabilities, eliminate false positives, and autonomously defend against even the most sophisticated attacks.

The post Whitepaper: The False Promises of AI in Cybersecurity appeared first on Security Boulevard.

The financial industry is experiencing a gold rush of sorts with the integration of Artificial Intelligence (AI) technologies. With huge data volumes processed by the financial services sector, AI holds much promise for the industry. But much like the historic California gold rush, some made profits selling gold, others profited from supplying tools like picks, […]

The post AI Regulation in Finance: Steering the Future with Consumer Protection at the Helm appeared first on Centraleyes.

The post AI Regulation in Finance: Steering the Future with Consumer Protection at the Helm appeared first on Security Boulevard.

When the school year is winding down, vacations are very front of mind. And yet,...

The post 10 Ways K12 School Districts Can Boost Cybersecurity for the 2024-2025 School Year appeared first on Security Boulevard.

RSA Conference delivers in terms of interesting dialogues with other cybersecurity professionals, and this year while there is not much on the conference agenda related to IoT security there is a lot of discussion about it.  Whether it’s the UK’s Product Security law going into effect at the end of April, the growing focus by […]

The post RSAC 2024 Day 2: IoT Security Questions (and Answers) appeared first on Viakoo, Inc.

The post RSAC 2024 Day 2: IoT Security Questions (and Answers) appeared first on Security Boulevard.

With 2024 being the year that people and organizations are realizing that they will never be able to prevent every breach, and they need to ensure the implementation and deployment of appropriate proactive cyber resiliency solutions, zero-trust is rapidly becoming more popular. CISA published their zero trust maturity model and the NSA released their guidance on zero trust principles.

The US Government issued an executive order which included zero trust models, and zero trust is gaining ground internationally as well, from the Middle East and Europe to Asia and Australia. However, the question that needs to be asked is – are people thinking about zero-trust broadly enough, and is your implementation really going to help move forward cyber resiliency and reduce digital risk across your organization?

Let’s put aside the fact that Gartner indicates that most organizations won’t actually be able to rapidly deploy zero-trust for a variety of reasons. It still begs the question – how do you think about a complete zero-trust model?

Most people think of zero-trust as a model inside the organization to force a strict control of “who am I talking to, why am I talking to them, and should I be talking to them.” More specifically, Wikipedia provides a succinct definition of zero-trust:

"Zero trust is an approach to cybersecurity that emphasizes strict access control and verification of users and devices, regardless of their location or previous verification status. It involves never trusting users or devices by default and always verifying them before granting access to resources."

So, if you are implementing zero-trust, what about when the access goes outside of your environment? Are you similarly asking the same questions — for each connection that originates inside your network and tries to talk to a remote piece of Internet infrastructure outside your network, why are we talking to it, who is it really, and should we be talking to it? I find that this is often a forgotten or deprioritized aspect of zero-trust but should be one of the most critical.

Everyone will unfortunately be breached at some point, and often the first step in the attack after a successful breach is communicating with their command-and-control infrastructure for instructions – lateral motion, privilege escalation, and exploration of the organization. Even if it isn’t the very first step, it’s still required for data exfiltration and other aspects of a successful attack.

For each attempted communication leaving your organization, the best way to ensure cyber resiliency and protect the organization from ensuing data leaks and damage is to understand:

(i) Where is this connection going?

(ii) Should this connection be allowed?

(iii) Why or why not?

The principle of zero trust – assume nothing and validate everything – will render attacks inert because when they try and communicate with command-and-control to advance their attacks, the communication will be blocked, and they won’t be able to advance the attack.

CISA and the NSA call this Protective DNS and recommend it as part of the Shields Up initiative. It’s being implemented on a national level both in the United States and Internationally. It’s a recommended part of a SASE framework. It’s becoming part of standards like CMMC. Even cyber insurance carriers are starting to ask if the organization employs Protective DNS in their questionnaires and required attestations.

It should also be considered a critical and necessary part of a zero-trust implementation. Without Protective DNS, a zero-trust implementation is only providing partial protection; it can’t detect or block the beaconing behavior that malware and attacks generate, and thus cannot stop these attacks or render them inert. Given that Protective DNS solutions can be implemented in minutes, can be tailored to each organization’s architecture and configured for each organization’s level of desired risk, and add to the efficacy of the overall solution stack, those implementing zero-trust models should not only consider implementing Protective DNS as part of their project plan but should consider implementing it as the first part in that plan.

Given how much an organization relies on the Cloud and broader set of Internet services, and given how much communication flows between an organization and resources on the greater Internet, it shouldn’t even be possible to talk about zero-trust without incorporating an organization’s outgoing traffic. That’s the role of Protective DNS. And if you check out the testing that third-party organizations like AV-TEST do, it can really be very effective and drive a considerable ROI in terms of improving cyber resiliency and reducing risk.

Additional Reading

Why HYAS: The Secret to Cybersecurity Lies In Interrupting and Updating Causation Chains

Attacker Infrastructure: How Hackers Build It and How to Use It Against Them

Cyber Adversary Infrastructure Explained

Critical Infrastructure Attacks: New Rules, New Game

Want to get the upper hand on adversary infrastructure? Contact us to get a complimentary security assessment and learn how to make the switch from reactive to proactive defense.

The post Implementing Zero Trust: Beyond Internal Network Models appeared first on Security Boulevard.

Our ongoing research has identified remotely exploitable vulnerabilities in F5’s Next Central Manager that can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next Central Manager. These attacker-controlled accounts would not be visible from the Next Central Manager itself, enabling ongoing […]

The post Big Vulnerabilities in Next-Gen BIG-IP appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Big Vulnerabilities in Next-Gen BIG-IP appeared first on Security Boulevard.

The Cyber Essentials Plus Certification focuses on 5 fundamental security controls. Here's a checklist to make sure you're on the right track.

The post Cyber Essentials Plus Checklist for 2024 appeared first on Scytale.

The post Cyber Essentials Plus Checklist for 2024 appeared first on Security Boulevard.

San Francisco, May 7, 2024 – NSFOCUS, a global leader in cybersecurity, is thrilled to announce our double victory at the prestigious RSAC 2024. We have been honored with two awards from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine: NSFOCUS’s awards highlight our dedication to cybersecurity innovation and excellence. The Continuous Threat […]

The post NSFOCUS Secures Top Honors at RSA Conference 2024 appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post NSFOCUS Secures Top Honors at RSA Conference 2024 appeared first on Security Boulevard.

Understanding a country's cybersecurity readiness is vital in today's environment. Using data analytics and machine learning, we can assess each nation's cybersecurity strengths, weaknesses, and areas needing improvement. Exploring the cybersecurity rankings of different countries can help us make informed decisions, encourage global cooperation, and work towards a safer digital world for everyone.

The post Global Cybercrime Report 2024: Which Countries Face the Highest Risk? appeared first on Security Boulevard.

The 2024 RSA Conference is underway, and Viakoo is out in force.  During the conference as we meet with customers, prospects, media, and analysts I will try to cherry pick some of the more interesting questions related to IoT Security.  Over the past year the number of IoT security breaches and incidents has continued to […]

The post RSAC 2024: IoT Security Questions (and Answers) appeared first on Viakoo, Inc.

The post RSAC 2024: IoT Security Questions (and Answers) appeared first on Security Boulevard.

Today, at RSA Conference 2024, we’re announcing new capabilities to help secure the fundamental layers of the GenAI tech stack. First, we’re adding continuous monitoring support for NVIDIA hardware used in training, fine-tuning, and leveraging GenAI models, such as the NVIDIA H100 Tensor Core GPU. Second, we have added integrity verification for GenAI foundation models […]

The post Securing Supply Chains for GenAI Hardware and Models appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Securing Supply Chains for GenAI Hardware and Models appeared first on Security Boulevard.

Nisos
Tracking Illegal Pharmaceutical Sales on Social Media

Nisos continuously monitors mainstream and alternative social media platforms as well as other online...

The post Tracking Illegal Pharmaceutical Sales on Social Media appeared first on Nisos by Nisos

The post Tracking Illegal Pharmaceutical Sales on Social Media appeared first on Security Boulevard.

Here's everything you need to know about Cyber Essentials and whether or not this may be a tailor-made fit for your company.

The post What are Cyber Essentials? Requirements, Preparation Process & Certification appeared first on Scytale.

The post What are Cyber Essentials? Requirements, Preparation Process & Certification appeared first on Security Boulevard.

The Innovative Use of AI in Cybersecurity Wins the Day at the Prestigious Innovation Sandbox Contest. San Francisco, May 7, 2024 — The prestigious RSA Conference (RSAC) 2024 has kicked off with a resounding victory for Reality Defender in the much-coveted Innovation Sandbox Contest. The company’s pioneering use of artificial intelligence (AI) in cybersecurity has […]

The post Reality Defender Triumphs at RSAC 2024 with AI at the Forefront appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Reality Defender Triumphs at RSAC 2024 with AI at the Forefront appeared first on Security Boulevard.

Announcement of Nuspire’s New Dark Web Monitoring Service   Even though I’m a CEO today, I’m a security leader at heart. One of the biggest challenges I faced in the past, and I’m sure you’re faced with today, is knowing what I don’t know. When I started my career in cybersecurity, I had the naivety to ask a peer, “When are ... Read More

The post A CEO’s Insight: Proactive Cybersecurity in the Age of the Dark Web appeared first on Nuspire.

The post A CEO’s Insight: Proactive Cybersecurity in the Age of the Dark Web appeared first on Security Boulevard.

The post Compliance Check: Is Your Credit Union Meeting FFIEC Standards? appeared first on Votiro.

The post Compliance Check: Is Your Credit Union Meeting FFIEC Standards? appeared first on Security Boulevard.

Scytale now supports Cyber Essentials Plus, the UK government's enhanced cybersecurity framework that goes above core requirements.

The post Got Your Eyes on Cyber Essentials Plus? We’ve Got You Covered! appeared first on Scytale.

The post Got Your Eyes on Cyber Essentials Plus? We’ve Got You Covered! appeared first on Security Boulevard.

FIDO2 is a modern authentication group term for passwordless authentication. The Fast Identity Online (FIDO) Alliance developed it to replace the use of legacy known passwords and provide a secure method to authenticate using a physical or embedded key.   FIDO2 is mostly known to protect people from man-in-the-middle (MITM), phishing and session hijacking attacks.   In this...

The post Using MITM to bypass FIDO2 phishing-resistant protection appeared first on Silverfort.

The post Using MITM to bypass FIDO2 phishing-resistant protection appeared first on Security Boulevard.

CRIL Researchers observed a new android banking trojan 'Brokewell,' being distributed through a phishing site disguised as the official Chrome update page. The malicious Android Banking Trojan comes equipped with various functionalities such as screen recording, keylogging and over 50 different remote commands. Upon further investigation, researchers were able to trace the trojan back to its developer, who described the trojan as capable of bypassing permission restrictions on the latest versions of the Android operating system.

Developer Behind Android Banking Trojan Found Distributing Other Spyware Tools

CRIL researchers identified the trojan being distributed through the domain “hxxp://makingitorut[.]com” which disguises itself as the official Chrome update website and bears several striking similarities. [caption id="attachment_65312" align="alignnone" width="1557"] Source: Cyble[/caption] The site deceives the user into thinking that an update is required, describing it as being necessary "to secure your browser and fix important vulnerabilities. A download button on the site leads users to download the malicious APK file “Chrome.apk” on to their systems. Upon examination, the downloaded APK file was discovered to be a new android banking trojan, incorporated with over 50 different remote commands such as collecting telephony data, collecting call history, waking the device screen, location gathering, call management, screen and audio recording. The trojan communicated through a remote command and control (C&C) server operating through the “mi6[.]operationanonrecoil[.]ru” domain and hosted on the IP address “91.92.247[.]182”. [caption id="attachment_65315" align="alignnone" width="1354"] Source: Cyble[/caption] The malware was further linked to a git repository, where it was described as being capable of circumventing permission-based restrictions on Android versions 13, 14, and 15. The git repository contained links to profiles on underground forums, a Tor page, and a Telegram channel. The Tor page directed to the malware developers’s personal page, where they took steps to introduce themselves and linked to a site listing various other projects they had developed such as checkers, validators, stealers, and ransomware. Since CRIL researchers did not observe any mentions of the android banking trojan on the site, it is assumed that the trojan is a very recent development which might be listed within the upcoming days.

Technical Capabilities of Android Banking Trojan "Brokewell"

[caption id="attachment_65324" align="alignnone" width="1501"] Source: Shutterstock[/caption] Researchers note that the Brokewll Banking Trojan is likely in its initial stages of development and thus possesses limited functionalities for the time period. The current attack techniques primarily involves the screen overlay attack, screen/audio capturing or keylogging techniques. However, researchers warn that future versions of the android banking trojan may incorporate additional features. The malware is observed conducting a pre-emptive check to determine whether the host system has been rooted. This stage involves checking for package names of a root check application, network traffic analysis tool and an .apk parsing tool. Once the device is detected to not be rooted, it proceeds with normal execution, first prompting the victim for accessibility permissions. The accessibility service is then abused to grant the application other permissions such as “Display over other apps” “Installation from unknown sources”. [caption id="attachment_65319" align="alignnone" width="385"] Source: Cyble[/caption] After obtaining permissions, the application prompts the user to enter the device pin through a fake PIN screen with German localization. The PIN is then stored to a text file for subsequent usage. The German localization along with several samples of the malware being uploaded to VirusTotal from the German region lead researchers to believe that it is primarily targeting Germany. In addition to German, several strings in Chinese, French, Finnish, Arabic, Indonesian, Swedish, Portuguese, and English were also spotted. These strings suggest that the malware could expand its targets with the emergence of subsequent iterations incorporating additional features. Researchers anticipate increased promotion of the tool on underground forums and through the malware developer’s product portal, underscoring the progressive stage of banking trojans and the need for continuous monitoring over such developments. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.